From b6713399fc768f882b85647db659dcefcb96d07b Mon Sep 17 00:00:00 2001 From: Andrew Kroh Date: Mon, 3 Aug 2020 11:20:54 -0400 Subject: [PATCH] Update Suricata dashboards (#20394) This is a followup to #20220 to get the correct dashboard files into place. --- ... => filebeat-suricata-alert-overview.json} | 203 ++++++---- ... => filebeat-suricata-event-overview.json} | 371 +++++++++++++----- x-pack/filebeat/module/suricata/module.yml | 4 +- 3 files changed, 414 insertions(+), 164 deletions(-) rename x-pack/filebeat/module/suricata/_meta/kibana/7/dashboard/{Filebeat-Suricata-Alert-Overview.json => filebeat-suricata-alert-overview.json} (71%) rename x-pack/filebeat/module/suricata/_meta/kibana/7/dashboard/{Filebeat-Suricata-Event-Overview.json => filebeat-suricata-event-overview.json} (66%) diff --git a/x-pack/filebeat/module/suricata/_meta/kibana/7/dashboard/Filebeat-Suricata-Alert-Overview.json b/x-pack/filebeat/module/suricata/_meta/kibana/7/dashboard/filebeat-suricata-alert-overview.json similarity index 71% rename from x-pack/filebeat/module/suricata/_meta/kibana/7/dashboard/Filebeat-Suricata-Alert-Overview.json rename to x-pack/filebeat/module/suricata/_meta/kibana/7/dashboard/filebeat-suricata-alert-overview.json index 0c26bebbc79..bf71ad88838 100644 --- a/x-pack/filebeat/module/suricata/_meta/kibana/7/dashboard/Filebeat-Suricata-Alert-Overview.json +++ b/x-pack/filebeat/module/suricata/_meta/kibana/7/dashboard/filebeat-suricata-alert-overview.json @@ -28,16 +28,16 @@ "i": "1", "w": 23, "x": 0, - "y": 0 + "y": 4 }, "panelIndex": "1", "panelRefName": "panel_0", - "version": "7.3.0" + "version": "7.9.0-SNAPSHOT" }, { "embeddableConfig": {}, "gridData": { - "h": 22, + "h": 26, "i": "2", "w": 25, "x": 23, @@ -45,7 +45,7 @@ }, "panelIndex": "2", "panelRefName": "panel_1", - "version": "7.3.0" + "version": "7.9.0-SNAPSHOT" }, { "embeddableConfig": {}, @@ -54,11 +54,11 @@ "i": "3", "w": 48, "x": 0, - "y": 37 + "y": 41 }, "panelIndex": "3", "panelRefName": "panel_2", - "version": "7.3.0" + "version": "7.9.0-SNAPSHOT" }, { "embeddableConfig": { @@ -73,11 +73,11 @@ "i": "4", "w": 23, "x": 0, - "y": 22 + "y": 26 }, "panelIndex": "4", "panelRefName": "panel_3", - "version": "7.3.0" + "version": "7.9.0-SNAPSHOT" }, { "embeddableConfig": { @@ -92,11 +92,11 @@ "i": "5", "w": 25, "x": 23, - "y": 22 + "y": 26 }, "panelIndex": "5", "panelRefName": "panel_4", - "version": "7.3.0" + "version": "7.9.0-SNAPSHOT" }, { "embeddableConfig": {}, @@ -105,11 +105,11 @@ "i": "7", "w": 12, "x": 11, - "y": 10 + "y": 14 }, "panelIndex": "7", "panelRefName": "panel_5", - "version": "7.3.0" + "version": "7.9.0-SNAPSHOT" }, { "embeddableConfig": {}, @@ -118,15 +118,28 @@ "i": "8", "w": 11, "x": 0, - "y": 10 + "y": 14 }, "panelIndex": "8", "panelRefName": "panel_6", - "version": "7.3.0" + "version": "7.9.0-SNAPSHOT" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 4, + "i": "e86b7f30-96da-4f52-9ff0-cefcaadcc914", + "w": 23, + "x": 0, + "y": 0 + }, + "panelIndex": "e86b7f30-96da-4f52-9ff0-cefcaadcc914", + "panelRefName": "panel_7", + "version": "7.9.0-SNAPSHOT" } ], "timeRestore": false, - "title": "[Filebeat Suricata] Alert Overview ECS", + "title": "[Filebeat Suricata] Alert Overview", "version": 1 }, "id": "05268ee0-86d1-11e8-b59d-21efb914e65c-ecs", @@ -171,11 +184,16 @@ "id": "c7b8b8f0-86d8-11e8-b59d-21efb914e65c-ecs", "name": "panel_6", "type": "visualization" + }, + { + "id": "908e8c90-d296-11ea-90e3-8767fe7ccf14", + "name": "panel_7", + "type": "visualization" } ], "type": "dashboard", - "updated_at": "2020-07-23T17:51:12.641Z", - "version": "WzY2MCwxXQ==" + "updated_at": "2020-07-30T19:13:51.743Z", + "version": "WzEwMTUsMV0=" }, { "attributes": { @@ -190,7 +208,7 @@ } }, "savedSearchRefName": "search_0", - "title": "Top Alerting Hosts [Filebeat Suricata] ECS", + "title": "Top Alerting Hosts [Filebeat Suricata]", "uiStateJSON": {}, "version": 1, "visState": { @@ -206,10 +224,17 @@ "enabled": true, "id": "2", "params": { + "drop_partials": false, "extended_bounds": {}, "field": "@timestamp", "interval": "auto", - "min_doc_count": 1 + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "now-6y", + "to": "now" + }, + "useNormalizedEsInterval": true }, "schema": "segment", "type": "date_histogram" @@ -258,6 +283,9 @@ "color": "#eee" } }, + "labels": { + "show": false + }, "legendPosition": "right", "seriesParams": [ { @@ -273,6 +301,13 @@ "valueAxis": "ValueAxis-1" } ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, "times": [], "type": "histogram", "valueAxes": [ @@ -299,7 +334,7 @@ } ] }, - "title": "Top Alerting Hosts [Filebeat Suricata] ECS", + "title": "Top Alerting Hosts [Filebeat Suricata]", "type": "histogram" } }, @@ -318,8 +353,8 @@ } ], "type": "visualization", - "updated_at": "2020-07-23T17:51:12.641Z", - "version": "WzY1MywxXQ==" + "updated_at": "2020-07-30T19:09:55.677Z", + "version": "WzkwNCwxXQ==" }, { "attributes": { @@ -334,7 +369,7 @@ } }, "savedSearchRefName": "search_0", - "title": "Top Alert Signatures [Filebeat Suricata] ECS", + "title": "Top Alert Signatures [Filebeat Suricata]", "uiStateJSON": { "vis": { "params": { @@ -360,14 +395,14 @@ "id": "2", "params": { "customLabel": "Alert Signature", - "field": "suricata.eve.alert.signature", + "field": "rule.name", "missingBucket": false, "missingBucketLabel": "Missing", "order": "desc", "orderBy": "1", "otherBucket": false, "otherBucketLabel": "Other", - "size": 10 + "size": 15 }, "schema": "bucket", "type": "terms" @@ -377,7 +412,7 @@ "id": "3", "params": { "customLabel": "Alert Category", - "field": "suricata.eve.alert.category", + "field": "rule.category", "missingBucket": false, "missingBucketLabel": "Missing", "order": "desc", @@ -392,6 +427,7 @@ ], "params": { "perPage": 10, + "percentageCol": "", "showMetricsAtAllLevels": false, "showPartialRows": false, "showTotal": false, @@ -401,7 +437,7 @@ }, "totalFunc": "sum" }, - "title": "Top Alert Signatures [Filebeat Suricata] ECS", + "title": "Top Alert Signatures [Filebeat Suricata]", "type": "table" } }, @@ -420,8 +456,8 @@ } ], "type": "visualization", - "updated_at": "2020-07-23T17:51:12.641Z", - "version": "WzY1NCwxXQ==" + "updated_at": "2020-07-30T19:11:35.746Z", + "version": "Wzk0MywxXQ==" }, { "attributes": { @@ -448,21 +484,16 @@ "alias": null, "disabled": false, "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "suricata.eve.event_type", + "key": "event.kind", "negate": false, "params": { - "query": "alert", - "type": "phrase" + "query": "alert" }, - "type": "phrase", - "value": "alert" + "type": "phrase" }, "query": { - "match": { - "suricata.eve.event_type": { - "query": "alert", - "type": "phrase" - } + "match_phrase": { + "event.kind": "alert" } } }, @@ -477,11 +508,9 @@ "key": "event.module", "negate": false, "params": { - "query": "suricata", - "type": "phrase" + "query": "suricata" }, - "type": "phrase", - "value": "suricata" + "type": "phrase" }, "query": { "match": { @@ -508,7 +537,7 @@ "desc" ] ], - "title": "Alerts [Filebeat Suricata] ECS", + "title": "Alerts [Filebeat Suricata]", "version": 1 }, "id": "1c2bcec0-86d1-11e8-b59d-21efb914e65c-ecs", @@ -536,8 +565,8 @@ } ], "type": "search", - "updated_at": "2020-07-23T17:51:12.641Z", - "version": "WzY1NSwxXQ==" + "updated_at": "2020-07-30T18:46:18.887Z", + "version": "WzYyNiwxXQ==" }, { "attributes": { @@ -552,7 +581,7 @@ } }, "savedSearchRefName": "search_0", - "title": "Alert - Source Location [Filebeat Suricata] ECS", + "title": "Alert - Source Location [Filebeat Suricata]", "uiStateJSON": {}, "version": 1, "visState": { @@ -571,11 +600,6 @@ "autoPrecision": true, "field": "source.geo.location", "isFilteredByCollar": true, - "mapCenter": [ - 0, - 0 - ], - "mapZoom": 2, "precision": 2, "useGeocentroid": true }, @@ -622,7 +646,7 @@ ] } }, - "title": "Alert - Source Location [Filebeat Suricata] ECS", + "title": "Alert - Source Location [Filebeat Suricata]", "type": "tile_map" } }, @@ -641,8 +665,8 @@ } ], "type": "visualization", - "updated_at": "2020-07-23T17:51:12.641Z", - "version": "WzY1NiwxXQ==" + "updated_at": "2020-07-30T19:13:13.311Z", + "version": "Wzk5MCwxXQ==" }, { "attributes": { @@ -657,7 +681,7 @@ } }, "savedSearchRefName": "search_0", - "title": "Alert - Destination Location [Filebeat Suricata] ECS", + "title": "Alert - Destination Location [Filebeat Suricata]", "uiStateJSON": {}, "version": 1, "visState": { @@ -676,11 +700,6 @@ "autoPrecision": true, "field": "destination.geo.location", "isFilteredByCollar": true, - "mapCenter": [ - 0, - 0 - ], - "mapZoom": 2, "precision": 2, "useGeocentroid": true }, @@ -727,7 +746,7 @@ ] } }, - "title": "Alert - Destination Location [Filebeat Suricata] ECS", + "title": "Alert - Destination Location [Filebeat Suricata]", "type": "tile_map" } }, @@ -746,8 +765,8 @@ } ], "type": "visualization", - "updated_at": "2020-07-23T17:51:12.641Z", - "version": "WzY1NywxXQ==" + "updated_at": "2020-07-30T19:13:34.582Z", + "version": "WzEwMDQsMV0=" }, { "attributes": { @@ -762,7 +781,7 @@ } }, "savedSearchRefName": "search_0", - "title": "Alerts - Top Destination Countries [Filebeat Suricata] ECS", + "title": "Alerts - Top Destination Countries [Filebeat Suricata]", "uiStateJSON": { "vis": { "params": { @@ -803,6 +822,7 @@ ], "params": { "perPage": 5, + "percentageCol": "", "showMetricsAtAllLevels": false, "showPartialRows": false, "showTotal": false, @@ -812,7 +832,7 @@ }, "totalFunc": "sum" }, - "title": "Alerts - Top Destination Countries [Filebeat Suricata] ECS", + "title": "Alerts - Top Destination Countries [Filebeat Suricata]", "type": "table" } }, @@ -831,8 +851,8 @@ } ], "type": "visualization", - "updated_at": "2020-07-23T17:51:12.641Z", - "version": "WzY1OCwxXQ==" + "updated_at": "2020-07-30T19:12:34.381Z", + "version": "Wzk2OSwxXQ==" }, { "attributes": { @@ -847,7 +867,7 @@ } }, "savedSearchRefName": "search_0", - "title": "Alerts - Top Source Countries [Filebeat Suricata] ECS", + "title": "Alerts - Top Source Countries [Filebeat Suricata]", "uiStateJSON": { "vis": { "params": { @@ -888,6 +908,7 @@ ], "params": { "perPage": 5, + "percentageCol": "", "showMetricsAtAllLevels": false, "showPartialRows": false, "showTotal": false, @@ -897,7 +918,7 @@ }, "totalFunc": "sum" }, - "title": "Alerts - Top Source Countries [Filebeat Suricata] ECS", + "title": "Alerts - Top Source Countries [Filebeat Suricata]", "type": "table" } }, @@ -916,8 +937,46 @@ } ], "type": "visualization", - "updated_at": "2020-07-23T17:51:12.641Z", - "version": "WzY1OSwxXQ==" + "updated_at": "2020-07-30T19:12:12.735Z", + "version": "Wzk1NCwxXQ==" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Navigation [Filebeat Suricata]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "fontSize": 18, + "markdown": "![Hello World](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAADwAAAAyCAYAAAAA9rgCAAAABGdBTUEAALGPC/xhBQAAACBjSFJNAAB6JgAAgIQAAPoAAACA6AAAdTAAAOpgAAA6mAAAF3CculE8AAAACXBIWXMAAJ17AACdewE8n3fEAAABWWlUWHRYTUw6Y29tLmFkb2JlLnhtcAAAAAAAPHg6eG1wbWV0YSB4bWxuczp4PSJhZG9iZTpuczptZXRhLyIgeDp4bXB0az0iWE1QIENvcmUgNS40LjAiPgogICA8cmRmOlJERiB4bWxuczpyZGY9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkvMDIvMjItcmRmLXN5bnRheC1ucyMiPgogICAgICA8cmRmOkRlc2NyaXB0aW9uIHJkZjphYm91dD0iIgogICAgICAgICAgICB4bWxuczp0aWZmPSJodHRwOi8vbnMuYWRvYmUuY29tL3RpZmYvMS4wLyI+CiAgICAgICAgIDx0aWZmOk9yaWVudGF0aW9uPjE8L3RpZmY6T3JpZW50YXRpb24+CiAgICAgIDwvcmRmOkRlc2NyaXB0aW9uPgogICA8L3JkZjpSREY+CjwveDp4bXBtZXRhPgpMwidZAAAN5UlEQVRoBe1ZeXCU5Rn/7b25s9nEHJAQAhggCIKCThFpFRXFa+yhTtVSndaZUvWPVjqt1bGHY6cdrVNq66C21UpbT7wwxqMjAh4oBCGQC8KRY7Ob3WQ3e9/9Pe/uh2ukrePM7h/oM2S/73ve87l+z/O+6NIkfIFI/wWSVYn6pcAnu8W/tPCXFj7JNPClS59kBv2UOF84Cxs/pYJ8M1jYHS/udIBOV1idF1ZgqWJ1Ov6jpFlKp1PqrVCCF07grLDJeBT+oX5Ex52wVk9DxYy5muwFeRbGn7LCphIx9G26A933noZ0KoFEyAvHe1uUAgoiLRcpiMCMWiVPYGQAvg/vg7lhFpLRIGL+cQxsuBTO95/PyCuKyTMVxqVFDoZtPBSAjivqjJUY/OfXYWlciXl370bVnMUZMXNiO19yF0bg7O6jXicgGJWKw1y3CG3rNsNcZlOonQtk+RJW5i2MwFnLBYcOQGeSZVNIx4eRSiblo6CU/xhmXIr1ktEwQke2Qm+lfPoixMcnEHQMZIQtQOxqWs27wBoMxYKTFHILLdwMmhdSb4RdR7V9FOyZd4G1EsNosUJfvATppI+opVe4HXFnBS4AWGkazbvAUlkJGYvLYKlZhnR0AqnIXpS2fgeRsV5Ibs4AluYL2tby88y/wLJvFcd6GIpsMNpWwFx9BUzl05Dw9SPgOCI9WIicRAJrohiLK5COuVA0/UyEht7m8xwMvvIA3TxBLxfdaz2VDvLyUxALazk2HvAQuHqRDPtgrVvKdBxFMngMrn3blXCFsHLeBdaOglGfB6HDj9Gl52Dyo9+w2rLSsnEYy5sI2uG8WPNEk+ZdYIlfId+RLlrXRUHLVS6OjOyEscSORGBUAdeJNpcPXt4F1tzZ270NejNFSEUodDOSoR7+uVExbw0q5yxVsun0WhLLh6iZOfNbWop1mZbiLDqCBzczD5cTjUMEqDLEJ/ahePpizLhwbVY68YT8C/yxhbk5FW/KBXPQUr4VL7sveUzlad/aM4u2WvwGRg4h5tpNC7dwbIzDo6qmrllykZo0LTW1WiZnXW05bU55apTLy33PRflP8LWB2cODXLPIFcsn9SsLkHOiKmgqb+o3R2pXN7KUt/f9zMlbXecYlFvrLWQZ+E7SaU/1NeXnBHOfcE9Thv23PkaxlgibjEV4IJ+guxlgKa/iJtjE/Jhg0S+KM1gs0BvNPOEk1EEgw2O5aDQhEQnRVeXkIwqiFq3Fak55jwUmMLFnIwxl4s5+SmmhkfthqroUxqJStU0ZG/W61VhzuZ2K+DjSZLzK0+SZSyvVGmo98YocZYiCDSYzDGY5nfDsHfRlqjjKY+I47c7MKIPGmAeH23/BnPgRuxphbbgM827agAg30f3HFUiFBzDz+u2oXrAcQecg+jZeSOw5iJa178M+dxkOv/QgvJ3rmWJWUVEmVlGNsC26HA1nr4G3fw9io50w10odPcn5TUhFAWv9UqWYycE+HHvpXsTcO5Dw96P+4ifQeN63Zc9UZBDdD11LdO+AseIctN3yCkwsUQeevx/+nk1E+wbOGYLeVMGqrQN1qzdj+ooraZQ4+p74McJHH2Ho6NB2mwPWqlraNg3jeH8nDm5YAWM1PU2MGaN2PBtZFNxHA+mQCg2wUCBfWZC74KBU6KDicWa1sVQ8osamjHsRG3MhVsw09MFGRFx/gKmsCpVn3QH/gXuoDHpK0VJ6ElC14DzlUT33t2bPyPSGY0B0YkjNKT/RSQ9jvwP60oWcdzuiPrcSOObpReRgDywto9yhAQkWMuEuKmjFuBobD/gQGWmHztKGhGc/wuOjSmDZu9657XEY6CmG4jPQdM0WzPkhrbbilxxIPxYPpXfJX677yLVBLk/cX7qbbOdg5k2voXjO92CZ1gxn+62I+VwoaVyI6CCFXPoAXXkB21pR3XY2jr3+VxlGS1Wj9sLHMfv2DpQ2LVKblp+IxyFZjBasQoqGCHtGVFv9+bei5dZ2mCrPZbsHRTO+jzl3vQ7b/OWqXYqcpH+YIFmlvsNj1GSWjOGRfyurVi66EfVnXaLY9nnL1DPq92a6qatj2VqW5FX701hxbsxcjrozL0B583wc+P3DKu+aK+pQVNOE4tb5mH7+Dej7++1ovbkDcl3r2/eg0mPF6T9F06rrtdmVNwmWhJxHxCikpOgeYX6DYWWfm8nbnt3PMgwYHjWzUHfGKumoSBTDWyTukR5Irwo5+hVfagK9zlCiXCrqOaKY6RSvX/iX+eBqstJnIfaTvaUScRTZ6mCpv0G5vfq216Fs/ncJfPR1HhJKamcg5B5h3A1AlrK1natWkL5CGsCEHb1KaWkpVli0hB09ql1iMckwkpCSMElnxwmgCoVGD8mRW5HcsEQcexXwiXb1pXOuUA3+fb/D0LZnM6eWjFozIz7LL/vLEJV3Oam6lqUPEtRpnBjMFXakQ2N0MzeqWldi4MUN8O7fCpHfWsI/IrOQCg1RG+eQg0XEsRu6IqC0hZ7Hu7Dw6B6VNcRSmlKUlvktpNdL7KU5rluFXMms1cSM0xB1PosYUVv1qT/namqK2GxbhqGnvgF31ztcmGr7H5QRLmNRNQlLQhPXMhv1KqUEHUcQHP4Xgoy7dHE1TEVl0M2+EFtumw437Kg5cw2cww70HAQOyUWmiVJlSdO1hFPE+QIsZSsYmyupnFlITbyMOO+yFYmC+SJ/x4lyy1VwxLlTeURl6woYSlpY1QWY9sZUN31pXTMar25HzLGTqeMsDPxtOfzDh1RjbvFwfFK+GKkPMzWulb7BaApDo0D3oXG8tflpPPbzW9D+KvDiw0DJnAweHOjqw9NPAE/+6GKUNbQg0bwczz8J7PigHrHkx3GjVWeOESee+y2wzzUNxpoWDPtnQK7Agh5qSBFTDDeg7SHLVMge92wnCC9ESf1MClyrMkh4bEh14eVSGvXLVqPuskeYjt4nYhpw+On1qlFHF5HMIx6T9RqlUV+AwjGcvJGMfrtGUtjyFLCt413846pv4dieHaD3Yu32t1FT36DmMpkMqOBb1YIraRa6VCwMG79LSnj4133CTqr/6NAgBGpitlNha5iB/lgrHtsE9PQdUe1yQTIeSCPGsFd3B4orSO5AglhrqlqisMJinymYRwA8rHrotaWaV9+EiiU/Y3AnEex7Dp7eXZCLNzOtGScWRDN4ggDd9KVngI4tnCTLE2WIU1a3tGLWNZfAoPOjYv4CnHr64uw2KCMVy3WRYEUn2rOWlCjlxdxjiEdZiQixj3a6Gh3oRzlZRVYTxp0jKCu1giGP4f4+6cmxOuw8mMLmjQwLlyYFFeQ6DBO9z2gtZ/5lGuNaggPh0W41Si8LaOjWdPE6ImkdzKxzIyO9iCWS2NcLvPAg4A5lJqVtYCDyMXUf/48puZ6h0VF/+nKsXrcekT2A640uHOraS26GpIgRUk9OVV5lFxxCiGYM+DKAkqSyZT/JRAJDXZ2wzwC6Nj+MXzdMw+G3noN9NgXu2qXaDQY9TPoUaEx4gh8L/FHnfjhCnHfoTfTePw2B/RtgtFcRyHYwvv3QS5xqtWtxdT30lSvRd4BaGw0hntLhg210HU6qXb9I6kgMkEEyWTN1q7xLFoiFgphJy1ZfuVJZ78C726XpOMm2JL+mGCf22jqUssYQBR7a26n6GMU0pMCkF67OdmJKDWLOYzA20gBDR2GqaYTrvWeoIK86eIiCZIQhGxLRcAi7dnyIN7cCr7yyH4QNTHqHacAapCd3IsKCRD/42qMY+7ADvtFB7Hj5eXS078BLr1GAyjrYaIVTzlgCKfG7dmxFJBhAV1YIK0OjsvoU2R+tolf/ZxPx+5Tl5p5/ubJnz6tPwj+RQVVRrNhYHTbicY6twcyLboGFgb3tT3eic9tbGDjQhd49uzHpGYfvPaIqq4obn9qJOzvduH7TVsRdgwjQMydYvoqvyJyiRA3oJicmEOp9DUbixyW/fRNr/uxGw9pd2NWdwAR5MQ+rr/Ej+/Didatx36omPHnZVXBsH0IjXantjKUqPS3+5s3KbXpefBS/+moN3nnobgS5yPwb1qOGriakeYiG6nPP+ooSzt2xG0f7iG6kFFFGvEBnJBBmC5vzrrsJXnqznNQ2XfM1/KTtNHS9s42bc4FeifJZ52LmvDaU2eyY2bYQRU3zIKXF2MgwfzOKljm1VDbucsK/n3m9zYbZCxbCZrejed4CONKL8PRfBPCOQj9WvgQ7Gac+7otpFPVrVuEHHd2wnVKrJr3g2htw/j13wfvuILwfRjDx7hAWrluLq25dr9rlJ84jJCs8SNEuq89onYcK4pXwOt9oly6q0pFIjU44lUcIb/Zpi7DurTeQjmRypHhSma0KQ33d8PC9vKEJJgEUkrWoCOWNpyrlD3bzpECSI6Ccv+S4KDR8sA9i+7KmxbAWC8Qx7Jg/G2Y1q3773mGNQXdIe6lRn9tNdzOirpGLEJ01N9FQc+hQP/xeL4qIro2zT4WBfaWPtIuLRUMhVlZm2OvqFc8z6kA8FmM/Az1hOibHPQj6/URQE6rYR0+g08b7vRNwO0a4OTNOmd6I4OQkIsQDa3EJbDWZsJHNjztHEY1EYCmykl8LWSPBNSwUTvp5ifhhhp2Z2GKvrZchioQv8xl4yFECaw3aU2rpzMV4Jj40obV2eWqbzeV9nvfctT7PeG3MZ92PElg6U4LMWMlb/JtK6lBBpmqZ0uf4+Bz+VN7U79z5j7cJU1tb9pMznzQd75fl/79vGSOU2+8/QDU5FFmyNvEAAAAASUVORK5CYII=) [Events](/app/dashboards#/view/78289c40-86da-11e8-b59d-21efb914e65c-ecs) | [Alerts](/app/dashboards#/view/05268ee0-86d1-11e8-b59d-21efb914e65c-ecs)", + "openLinksInNewTab": false + }, + "title": "Navigation [Filebeat Suricata]", + "type": "markdown" + } + }, + "id": "908e8c90-d296-11ea-90e3-8767fe7ccf14", + "migrationVersion": { + "visualization": "7.8.0" + }, + "namespaces": [ + "default" + ], + "references": [], + "type": "visualization", + "updated_at": "2020-07-30T18:57:50.040Z", + "version": "Wzc1MywxXQ==" } ], "version": "7.9.0-SNAPSHOT" diff --git a/x-pack/filebeat/module/suricata/_meta/kibana/7/dashboard/Filebeat-Suricata-Event-Overview.json b/x-pack/filebeat/module/suricata/_meta/kibana/7/dashboard/filebeat-suricata-event-overview.json similarity index 66% rename from x-pack/filebeat/module/suricata/_meta/kibana/7/dashboard/Filebeat-Suricata-Event-Overview.json rename to x-pack/filebeat/module/suricata/_meta/kibana/7/dashboard/filebeat-suricata-event-overview.json index d263bd7e617..908f98394cb 100644 --- a/x-pack/filebeat/module/suricata/_meta/kibana/7/dashboard/Filebeat-Suricata-Event-Overview.json +++ b/x-pack/filebeat/module/suricata/_meta/kibana/7/dashboard/filebeat-suricata-event-overview.json @@ -28,11 +28,11 @@ "i": "1", "w": 48, "x": 0, - "y": 0 + "y": 4 }, "panelIndex": "1", "panelRefName": "panel_0", - "version": "7.3.0" + "version": "7.9.0-SNAPSHOT" }, { "embeddableConfig": {}, @@ -41,11 +41,11 @@ "i": "2", "w": 9, "x": 0, - "y": 20 + "y": 24 }, "panelIndex": "2", "panelRefName": "panel_1", - "version": "7.3.0" + "version": "7.9.0-SNAPSHOT" }, { "embeddableConfig": {}, @@ -54,11 +54,11 @@ "i": "3", "w": 11, "x": 19, - "y": 20 + "y": 24 }, "panelIndex": "3", "panelRefName": "panel_2", - "version": "7.3.0" + "version": "7.9.0-SNAPSHOT" }, { "embeddableConfig": {}, @@ -67,11 +67,11 @@ "i": "4", "w": 48, "x": 0, - "y": 10 + "y": 14 }, "panelIndex": "4", "panelRefName": "panel_3", - "version": "7.3.0" + "version": "7.9.0-SNAPSHOT" }, { "embeddableConfig": {}, @@ -80,11 +80,11 @@ "i": "5", "w": 48, "x": 0, - "y": 34 + "y": 38 }, "panelIndex": "5", "panelRefName": "panel_4", - "version": "7.3.0" + "version": "7.9.0-SNAPSHOT" }, { "embeddableConfig": {}, @@ -93,11 +93,11 @@ "i": "6", "w": 9, "x": 30, - "y": 20 + "y": 24 }, "panelIndex": "6", "panelRefName": "panel_5", - "version": "7.3.0" + "version": "7.9.0-SNAPSHOT" }, { "embeddableConfig": {}, @@ -106,11 +106,11 @@ "i": "7", "w": 9, "x": 39, - "y": 20 + "y": 24 }, "panelIndex": "7", "panelRefName": "panel_6", - "version": "7.3.0" + "version": "7.9.0-SNAPSHOT" }, { "embeddableConfig": {}, @@ -119,11 +119,11 @@ "i": "8", "w": 10, "x": 9, - "y": 20 + "y": 24 }, "panelIndex": "8", "panelRefName": "panel_7", - "version": "7.3.0" + "version": "7.9.0-SNAPSHOT" }, { "embeddableConfig": {}, @@ -132,15 +132,43 @@ "i": "9", "w": 48, "x": 0, - "y": 53 + "y": 57 }, "panelIndex": "9", "panelRefName": "panel_8", - "version": "7.3.0" + "version": "7.9.0-SNAPSHOT" + }, + { + "embeddableConfig": { + "title": "" + }, + "gridData": { + "h": 4, + "i": "78f64fb8-a6ed-4960-a73b-a8c42c40f799", + "w": 24, + "x": 0, + "y": 0 + }, + "panelIndex": "78f64fb8-a6ed-4960-a73b-a8c42c40f799", + "panelRefName": "panel_9", + "version": "7.9.0-SNAPSHOT" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 4, + "i": "63e14057-b48b-48fe-b3e2-84f7690d60e8", + "w": 24, + "x": 24, + "y": 0 + }, + "panelIndex": "63e14057-b48b-48fe-b3e2-84f7690d60e8", + "panelRefName": "panel_10", + "version": "7.9.0-SNAPSHOT" } ], "timeRestore": false, - "title": "[Filebeat Suricata] Events Overview ECS", + "title": "[Filebeat Suricata] Events Overview", "version": 1 }, "id": "78289c40-86da-11e8-b59d-21efb914e65c-ecs", @@ -195,11 +223,21 @@ "id": "d57a2db0-86ca-11e8-b59d-21efb914e65c-ecs", "name": "panel_8", "type": "search" + }, + { + "id": "908e8c90-d296-11ea-90e3-8767fe7ccf14", + "name": "panel_9", + "type": "visualization" + }, + { + "id": "169c0600-d297-11ea-90e3-8767fe7ccf14", + "name": "panel_10", + "type": "visualization" } ], "type": "dashboard", - "updated_at": "2020-07-23T17:51:13.671Z", - "version": "WzY3MCwxXQ==" + "updated_at": "2020-07-30T19:08:06.676Z", + "version": "Wzg3MiwxXQ==" }, { "attributes": { @@ -214,7 +252,7 @@ } }, "savedSearchRefName": "search_0", - "title": "Activity Types over Time [Filebeat Suricata] ECS", + "title": "Activity Types over Time [Filebeat Suricata]", "uiStateJSON": {}, "version": 1, "visState": { @@ -230,10 +268,17 @@ "enabled": true, "id": "2", "params": { + "drop_partials": false, "extended_bounds": {}, "field": "@timestamp", "interval": "auto", - "min_doc_count": 1 + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "now-6y", + "to": "now" + }, + "useNormalizedEsInterval": true }, "schema": "segment", "type": "date_histogram" @@ -282,6 +327,9 @@ "color": "#eee" } }, + "labels": { + "show": false + }, "legendPosition": "right", "seriesParams": [ { @@ -297,6 +345,13 @@ "valueAxis": "ValueAxis-1" } ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, "times": [], "type": "histogram", "valueAxes": [ @@ -323,7 +378,7 @@ } ] }, - "title": "Activity Types over Time [Filebeat Suricata] ECS", + "title": "Activity Types over Time [Filebeat Suricata]", "type": "histogram" } }, @@ -342,8 +397,8 @@ } ], "type": "visualization", - "updated_at": "2020-07-23T17:51:13.671Z", - "version": "WzY2MSwxXQ==" + "updated_at": "2020-07-30T18:59:25.617Z", + "version": "Wzc2OCwxXQ==" }, { "attributes": { @@ -358,7 +413,7 @@ } }, "savedSearchRefName": "search_0", - "title": "Event Types [Filebeat Suricata] ECS", + "title": "Event Types [Filebeat Suricata]", "uiStateJSON": {}, "version": 1, "visState": { @@ -374,7 +429,8 @@ "enabled": true, "id": "2", "params": { - "field": "suricata.eve.event_type", + "customLabel": "ECS Event Type", + "field": "event.type", "missingBucket": false, "missingBucketLabel": "Missing", "order": "desc", @@ -385,6 +441,23 @@ }, "schema": "segment", "type": "terms" + }, + { + "enabled": true, + "id": "3", + "params": { + "customLabel": "Suricata Event Type", + "field": "suricata.eve.event_type", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "segment", + "type": "terms" } ], "params": { @@ -400,7 +473,7 @@ "legendPosition": "bottom", "type": "pie" }, - "title": "Event Types [Filebeat Suricata] ECS", + "title": "Event Types [Filebeat Suricata]", "type": "pie" } }, @@ -419,8 +492,8 @@ } ], "type": "visualization", - "updated_at": "2020-07-23T17:51:13.671Z", - "version": "WzY2MiwxXQ==" + "updated_at": "2020-07-30T19:06:59.207Z", + "version": "Wzg1OCwxXQ==" }, { "attributes": { @@ -435,7 +508,7 @@ } }, "savedSearchRefName": "search_0", - "title": "Top Application Protocols [Filebeat Suricata] ECS", + "title": "Top Network Protocols [Filebeat Suricata]", "uiStateJSON": {}, "version": 1, "visState": { @@ -477,7 +550,7 @@ "legendPosition": "bottom", "type": "pie" }, - "title": "Top Application Protocols [Filebeat Suricata] ECS", + "title": "Top Network Protocols [Filebeat Suricata]", "type": "pie" } }, @@ -496,8 +569,8 @@ } ], "type": "visualization", - "updated_at": "2020-07-23T17:51:13.671Z", - "version": "WzY2MywxXQ==" + "updated_at": "2020-07-30T18:49:07.711Z", + "version": "WzY3NSwxXQ==" }, { "attributes": { @@ -512,7 +585,7 @@ } }, "savedSearchRefName": "search_0", - "title": "Top Hosts Generating Events [Filebeat Suricata] ECS", + "title": "Top Hosts Generating Events [Filebeat Suricata]", "uiStateJSON": {}, "version": 1, "visState": { @@ -528,10 +601,17 @@ "enabled": true, "id": "2", "params": { + "drop_partials": false, "extended_bounds": {}, "field": "@timestamp", "interval": "auto", - "min_doc_count": 1 + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "now-6y", + "to": "now" + }, + "useNormalizedEsInterval": true }, "schema": "segment", "type": "date_histogram" @@ -580,6 +660,9 @@ "color": "#eee" } }, + "labels": { + "show": false + }, "legendPosition": "right", "seriesParams": [ { @@ -595,6 +678,13 @@ "valueAxis": "ValueAxis-1" } ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, "times": [], "type": "histogram", "valueAxes": [ @@ -621,7 +711,7 @@ } ] }, - "title": "Top Hosts Generating Events [Filebeat Suricata] ECS", + "title": "Top Hosts Generating Events [Filebeat Suricata]", "type": "histogram" } }, @@ -640,14 +730,13 @@ } ], "type": "visualization", - "updated_at": "2020-07-23T17:51:13.671Z", - "version": "WzY2NCwxXQ==" + "updated_at": "2020-07-30T18:59:45.518Z", + "version": "Wzc4MCwxXQ==" }, { "attributes": { "columns": [ "host.name", - "suricata.eve.event_type", "suricata.eve.flow_id", "network.transport", "source.ip", @@ -670,21 +759,16 @@ "alias": null, "disabled": false, "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "suricata.eve.event_type", - "negate": true, + "key": "event.kind", + "negate": false, "params": { - "query": "stats", - "type": "phrase" + "query": "event" }, - "type": "phrase", - "value": "stats" + "type": "phrase" }, "query": { - "match": { - "suricata.eve.event_type": { - "query": "stats", - "type": "phrase" - } + "match_phrase": { + "event.kind": "event" } } }, @@ -699,11 +783,9 @@ "key": "event.module", "negate": false, "params": { - "query": "suricata", - "type": "phrase" + "query": "suricata" }, - "type": "phrase", - "value": "suricata" + "type": "phrase" }, "query": { "match": { @@ -730,7 +812,7 @@ "desc" ] ], - "title": "Events [Filebeat Suricata] ECS", + "title": "Events [Filebeat Suricata]", "version": 1 }, "id": "13dd22f0-86cc-11e8-b59d-21efb914e65c-ecs", @@ -758,8 +840,8 @@ } ], "type": "search", - "updated_at": "2020-07-23T17:51:13.671Z", - "version": "WzY2NSwxXQ==" + "updated_at": "2020-07-30T18:45:13.363Z", + "version": "WzYyMCwxXQ==" }, { "attributes": { @@ -774,7 +856,7 @@ } }, "savedSearchRefName": "search_0", - "title": "Top Connection Source Countries [Filebeat Suricata] ECS", + "title": "Top Connection Source Countries [Filebeat Suricata]", "uiStateJSON": {}, "version": 1, "visState": { @@ -809,9 +891,9 @@ "minFontSize": 18, "orientation": "single", "scale": "linear", - "showLabel": true + "showLabel": false }, - "title": "Top Connection Source Countries [Filebeat Suricata] ECS", + "title": "Top Connection Source Countries [Filebeat Suricata]", "type": "tagcloud" } }, @@ -830,8 +912,8 @@ } ], "type": "visualization", - "updated_at": "2020-07-23T17:51:13.671Z", - "version": "WzY2NiwxXQ==" + "updated_at": "2020-07-30T18:49:36.842Z", + "version": "WzY4OCwxXQ==" }, { "attributes": { @@ -846,7 +928,7 @@ } }, "savedSearchRefName": "search_0", - "title": "Top Connection Destination Countries [Filebeat Suricata] ECS", + "title": "Top Connection Destination Countries [Filebeat Suricata]", "uiStateJSON": {}, "version": 1, "visState": { @@ -881,9 +963,9 @@ "minFontSize": 18, "orientation": "single", "scale": "linear", - "showLabel": true + "showLabel": false }, - "title": "Top Connection Destination Countries [Filebeat Suricata] ECS", + "title": "Top Connection Destination Countries [Filebeat Suricata]", "type": "tagcloud" } }, @@ -902,8 +984,8 @@ } ], "type": "visualization", - "updated_at": "2020-07-23T17:51:13.671Z", - "version": "WzY2NywxXQ==" + "updated_at": "2020-07-30T18:50:04.448Z", + "version": "WzcwNSwxXQ==" }, { "attributes": { @@ -918,7 +1000,7 @@ } }, "savedSearchRefName": "search_0", - "title": "Top Network Protocols [Filebeat Suricata] ECS", + "title": "Top Transport Protocols [Filebeat Suricata]", "uiStateJSON": {}, "version": 1, "visState": { @@ -960,7 +1042,7 @@ "legendPosition": "bottom", "type": "pie" }, - "title": "Top Network Protocols [Filebeat Suricata] ECS", + "title": "Top Transport Protocols [Filebeat Suricata]", "type": "pie" } }, @@ -979,8 +1061,8 @@ } ], "type": "visualization", - "updated_at": "2020-07-23T17:51:13.671Z", - "version": "WzY2OCwxXQ==" + "updated_at": "2020-07-30T18:48:19.957Z", + "version": "WzY0NiwxXQ==" }, { "attributes": { @@ -1006,21 +1088,16 @@ "alias": null, "disabled": false, "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "suricata.eve.event_type", + "key": "event.kind", "negate": false, "params": { - "query": "stats", - "type": "phrase" + "query": "metric" }, - "type": "phrase", - "value": "stats" + "type": "phrase" }, "query": { - "match": { - "suricata.eve.event_type": { - "query": "stats", - "type": "phrase" - } + "match_phrase": { + "event.kind": "metric" } } }, @@ -1035,11 +1112,9 @@ "key": "event.module", "negate": false, "params": { - "query": "suricata", - "type": "phrase" + "query": "suricata" }, - "type": "phrase", - "value": "suricata" + "type": "phrase" }, "query": { "match": { @@ -1066,7 +1141,7 @@ "desc" ] ], - "title": "Host Stats [Filebeat Suricata] ECS", + "title": "Host Stats [Filebeat Suricata]", "version": 1 }, "id": "d57a2db0-86ca-11e8-b59d-21efb914e65c-ecs", @@ -1094,8 +1169,124 @@ } ], "type": "search", - "updated_at": "2020-07-23T17:51:13.671Z", - "version": "WzY2OSwxXQ==" + "updated_at": "2020-07-30T18:45:50.678Z", + "version": "WzYyMywxXQ==" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Navigation [Filebeat Suricata]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "fontSize": 18, + "markdown": "![Hello World](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAADwAAAAyCAYAAAAA9rgCAAAABGdBTUEAALGPC/xhBQAAACBjSFJNAAB6JgAAgIQAAPoAAACA6AAAdTAAAOpgAAA6mAAAF3CculE8AAAACXBIWXMAAJ17AACdewE8n3fEAAABWWlUWHRYTUw6Y29tLmFkb2JlLnhtcAAAAAAAPHg6eG1wbWV0YSB4bWxuczp4PSJhZG9iZTpuczptZXRhLyIgeDp4bXB0az0iWE1QIENvcmUgNS40LjAiPgogICA8cmRmOlJERiB4bWxuczpyZGY9Imh0dHA6Ly93d3cudzMub3JnLzE5OTkvMDIvMjItcmRmLXN5bnRheC1ucyMiPgogICAgICA8cmRmOkRlc2NyaXB0aW9uIHJkZjphYm91dD0iIgogICAgICAgICAgICB4bWxuczp0aWZmPSJodHRwOi8vbnMuYWRvYmUuY29tL3RpZmYvMS4wLyI+CiAgICAgICAgIDx0aWZmOk9yaWVudGF0aW9uPjE8L3RpZmY6T3JpZW50YXRpb24+CiAgICAgIDwvcmRmOkRlc2NyaXB0aW9uPgogICA8L3JkZjpSREY+CjwveDp4bXBtZXRhPgpMwidZAAAN5UlEQVRoBe1ZeXCU5Rn/7b25s9nEHJAQAhggCIKCThFpFRXFa+yhTtVSndaZUvWPVjqt1bGHY6cdrVNq66C21UpbT7wwxqMjAh4oBCGQC8KRY7Ob3WQ3e9/9Pe/uh2ukrePM7h/oM2S/73ve87l+z/O+6NIkfIFI/wWSVYn6pcAnu8W/tPCXFj7JNPClS59kBv2UOF84Cxs/pYJ8M1jYHS/udIBOV1idF1ZgqWJ1Ov6jpFlKp1PqrVCCF07grLDJeBT+oX5Ex52wVk9DxYy5muwFeRbGn7LCphIx9G26A933noZ0KoFEyAvHe1uUAgoiLRcpiMCMWiVPYGQAvg/vg7lhFpLRIGL+cQxsuBTO95/PyCuKyTMVxqVFDoZtPBSAjivqjJUY/OfXYWlciXl370bVnMUZMXNiO19yF0bg7O6jXicgGJWKw1y3CG3rNsNcZlOonQtk+RJW5i2MwFnLBYcOQGeSZVNIx4eRSiblo6CU/xhmXIr1ktEwQke2Qm+lfPoixMcnEHQMZIQtQOxqWs27wBoMxYKTFHILLdwMmhdSb4RdR7V9FOyZd4G1EsNosUJfvATppI+opVe4HXFnBS4AWGkazbvAUlkJGYvLYKlZhnR0AqnIXpS2fgeRsV5Ibs4AluYL2tby88y/wLJvFcd6GIpsMNpWwFx9BUzl05Dw9SPgOCI9WIicRAJrohiLK5COuVA0/UyEht7m8xwMvvIA3TxBLxfdaz2VDvLyUxALazk2HvAQuHqRDPtgrVvKdBxFMngMrn3blXCFsHLeBdaOglGfB6HDj9Gl52Dyo9+w2rLSsnEYy5sI2uG8WPNEk+ZdYIlfId+RLlrXRUHLVS6OjOyEscSORGBUAdeJNpcPXt4F1tzZ270NejNFSEUodDOSoR7+uVExbw0q5yxVsun0WhLLh6iZOfNbWop1mZbiLDqCBzczD5cTjUMEqDLEJ/ahePpizLhwbVY68YT8C/yxhbk5FW/KBXPQUr4VL7sveUzlad/aM4u2WvwGRg4h5tpNC7dwbIzDo6qmrllykZo0LTW1WiZnXW05bU55apTLy33PRflP8LWB2cODXLPIFcsn9SsLkHOiKmgqb+o3R2pXN7KUt/f9zMlbXecYlFvrLWQZ+E7SaU/1NeXnBHOfcE9Thv23PkaxlgibjEV4IJ+guxlgKa/iJtjE/Jhg0S+KM1gs0BvNPOEk1EEgw2O5aDQhEQnRVeXkIwqiFq3Fak55jwUmMLFnIwxl4s5+SmmhkfthqroUxqJStU0ZG/W61VhzuZ2K+DjSZLzK0+SZSyvVGmo98YocZYiCDSYzDGY5nfDsHfRlqjjKY+I47c7MKIPGmAeH23/BnPgRuxphbbgM827agAg30f3HFUiFBzDz+u2oXrAcQecg+jZeSOw5iJa178M+dxkOv/QgvJ3rmWJWUVEmVlGNsC26HA1nr4G3fw9io50w10odPcn5TUhFAWv9UqWYycE+HHvpXsTcO5Dw96P+4ifQeN63Zc9UZBDdD11LdO+AseIctN3yCkwsUQeevx/+nk1E+wbOGYLeVMGqrQN1qzdj+ooraZQ4+p74McJHH2Ho6NB2mwPWqlraNg3jeH8nDm5YAWM1PU2MGaN2PBtZFNxHA+mQCg2wUCBfWZC74KBU6KDicWa1sVQ8osamjHsRG3MhVsw09MFGRFx/gKmsCpVn3QH/gXuoDHpK0VJ6ElC14DzlUT33t2bPyPSGY0B0YkjNKT/RSQ9jvwP60oWcdzuiPrcSOObpReRgDywto9yhAQkWMuEuKmjFuBobD/gQGWmHztKGhGc/wuOjSmDZu9657XEY6CmG4jPQdM0WzPkhrbbilxxIPxYPpXfJX677yLVBLk/cX7qbbOdg5k2voXjO92CZ1gxn+62I+VwoaVyI6CCFXPoAXXkB21pR3XY2jr3+VxlGS1Wj9sLHMfv2DpQ2LVKblp+IxyFZjBasQoqGCHtGVFv9+bei5dZ2mCrPZbsHRTO+jzl3vQ7b/OWqXYqcpH+YIFmlvsNj1GSWjOGRfyurVi66EfVnXaLY9nnL1DPq92a6qatj2VqW5FX701hxbsxcjrozL0B583wc+P3DKu+aK+pQVNOE4tb5mH7+Dej7++1ovbkDcl3r2/eg0mPF6T9F06rrtdmVNwmWhJxHxCikpOgeYX6DYWWfm8nbnt3PMgwYHjWzUHfGKumoSBTDWyTukR5Irwo5+hVfagK9zlCiXCrqOaKY6RSvX/iX+eBqstJnIfaTvaUScRTZ6mCpv0G5vfq216Fs/ncJfPR1HhJKamcg5B5h3A1AlrK1natWkL5CGsCEHb1KaWkpVli0hB09ql1iMckwkpCSMElnxwmgCoVGD8mRW5HcsEQcexXwiXb1pXOuUA3+fb/D0LZnM6eWjFozIz7LL/vLEJV3Oam6lqUPEtRpnBjMFXakQ2N0MzeqWldi4MUN8O7fCpHfWsI/IrOQCg1RG+eQg0XEsRu6IqC0hZ7Hu7Dw6B6VNcRSmlKUlvktpNdL7KU5rluFXMms1cSM0xB1PosYUVv1qT/namqK2GxbhqGnvgF31ztcmGr7H5QRLmNRNQlLQhPXMhv1KqUEHUcQHP4Xgoy7dHE1TEVl0M2+EFtumw437Kg5cw2cww70HAQOyUWmiVJlSdO1hFPE+QIsZSsYmyupnFlITbyMOO+yFYmC+SJ/x4lyy1VwxLlTeURl6woYSlpY1QWY9sZUN31pXTMar25HzLGTqeMsDPxtOfzDh1RjbvFwfFK+GKkPMzWulb7BaApDo0D3oXG8tflpPPbzW9D+KvDiw0DJnAweHOjqw9NPAE/+6GKUNbQg0bwczz8J7PigHrHkx3GjVWeOESee+y2wzzUNxpoWDPtnQK7Agh5qSBFTDDeg7SHLVMge92wnCC9ESf1MClyrMkh4bEh14eVSGvXLVqPuskeYjt4nYhpw+On1qlFHF5HMIx6T9RqlUV+AwjGcvJGMfrtGUtjyFLCt413846pv4dieHaD3Yu32t1FT36DmMpkMqOBb1YIraRa6VCwMG79LSnj4133CTqr/6NAgBGpitlNha5iB/lgrHtsE9PQdUe1yQTIeSCPGsFd3B4orSO5AglhrqlqisMJinymYRwA8rHrotaWaV9+EiiU/Y3AnEex7Dp7eXZCLNzOtGScWRDN4ggDd9KVngI4tnCTLE2WIU1a3tGLWNZfAoPOjYv4CnHr64uw2KCMVy3WRYEUn2rOWlCjlxdxjiEdZiQixj3a6Gh3oRzlZRVYTxp0jKCu1giGP4f4+6cmxOuw8mMLmjQwLlyYFFeQ6DBO9z2gtZ/5lGuNaggPh0W41Si8LaOjWdPE6ImkdzKxzIyO9iCWS2NcLvPAg4A5lJqVtYCDyMXUf/48puZ6h0VF/+nKsXrcekT2A640uHOraS26GpIgRUk9OVV5lFxxCiGYM+DKAkqSyZT/JRAJDXZ2wzwC6Nj+MXzdMw+G3noN9NgXu2qXaDQY9TPoUaEx4gh8L/FHnfjhCnHfoTfTePw2B/RtgtFcRyHYwvv3QS5xqtWtxdT30lSvRd4BaGw0hntLhg210HU6qXb9I6kgMkEEyWTN1q7xLFoiFgphJy1ZfuVJZ78C726XpOMm2JL+mGCf22jqUssYQBR7a26n6GMU0pMCkF67OdmJKDWLOYzA20gBDR2GqaYTrvWeoIK86eIiCZIQhGxLRcAi7dnyIN7cCr7yyH4QNTHqHacAapCd3IsKCRD/42qMY+7ADvtFB7Hj5eXS078BLr1GAyjrYaIVTzlgCKfG7dmxFJBhAV1YIK0OjsvoU2R+tolf/ZxPx+5Tl5p5/ubJnz6tPwj+RQVVRrNhYHTbicY6twcyLboGFgb3tT3eic9tbGDjQhd49uzHpGYfvPaIqq4obn9qJOzvduH7TVsRdgwjQMydYvoqvyJyiRA3oJicmEOp9DUbixyW/fRNr/uxGw9pd2NWdwAR5MQ+rr/Ej+/Didatx36omPHnZVXBsH0IjXantjKUqPS3+5s3KbXpefBS/+moN3nnobgS5yPwb1qOGriakeYiG6nPP+ooSzt2xG0f7iG6kFFFGvEBnJBBmC5vzrrsJXnqznNQ2XfM1/KTtNHS9s42bc4FeifJZ52LmvDaU2eyY2bYQRU3zIKXF2MgwfzOKljm1VDbucsK/n3m9zYbZCxbCZrejed4CONKL8PRfBPCOQj9WvgQ7Gac+7otpFPVrVuEHHd2wnVKrJr3g2htw/j13wfvuILwfRjDx7hAWrluLq25dr9rlJ84jJCs8SNEuq89onYcK4pXwOt9oly6q0pFIjU44lUcIb/Zpi7DurTeQjmRypHhSma0KQ33d8PC9vKEJJgEUkrWoCOWNpyrlD3bzpECSI6Ccv+S4KDR8sA9i+7KmxbAWC8Qx7Jg/G2Y1q3773mGNQXdIe6lRn9tNdzOirpGLEJ01N9FQc+hQP/xeL4qIro2zT4WBfaWPtIuLRUMhVlZm2OvqFc8z6kA8FmM/Az1hOibHPQj6/URQE6rYR0+g08b7vRNwO0a4OTNOmd6I4OQkIsQDa3EJbDWZsJHNjztHEY1EYCmykl8LWSPBNSwUTvp5ifhhhp2Z2GKvrZchioQv8xl4yFECaw3aU2rpzMV4Jj40obV2eWqbzeV9nvfctT7PeG3MZ92PElg6U4LMWMlb/JtK6lBBpmqZ0uf4+Bz+VN7U79z5j7cJU1tb9pMznzQd75fl/79vGSOU2+8/QDU5FFmyNvEAAAAASUVORK5CYII=) [Events](/app/dashboards#/view/78289c40-86da-11e8-b59d-21efb914e65c-ecs) | [Alerts](/app/dashboards#/view/05268ee0-86d1-11e8-b59d-21efb914e65c-ecs)", + "openLinksInNewTab": false + }, + "title": "Navigation [Filebeat Suricata]", + "type": "markdown" + } + }, + "id": "908e8c90-d296-11ea-90e3-8767fe7ccf14", + "migrationVersion": { + "visualization": "7.8.0" + }, + "namespaces": [ + "default" + ], + "references": [], + "type": "visualization", + "updated_at": "2020-07-30T18:57:50.040Z", + "version": "Wzc1MywxXQ==" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Event Count [Filebeat Suricata]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": { + "customLabel": "Events" + }, + "schema": "metric", + "type": "count" + } + ], + "params": { + "addLegend": false, + "addTooltip": true, + "metric": { + "colorSchema": "Green to Red", + "colorsRange": [ + { + "from": 0, + "to": 10000 + } + ], + "invertColors": false, + "labels": { + "show": true + }, + "metricColorMode": "None", + "percentageMode": false, + "style": { + "bgColor": false, + "bgFill": "#000", + "fontSize": 30, + "labelColor": false, + "subText": "" + }, + "useRanges": false + }, + "type": "metric" + }, + "title": "Event Count [Filebeat Suricata]", + "type": "metric" + } + }, + "id": "169c0600-d297-11ea-90e3-8767fe7ccf14", + "migrationVersion": { + "visualization": "7.8.0" + }, + "namespaces": [ + "default" + ], + "references": [ + { + "id": "13dd22f0-86cc-11e8-b59d-21efb914e65c-ecs", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization", + "updated_at": "2020-07-30T19:02:39.133Z", + "version": "WzgyNCwxXQ==" } ], "version": "7.9.0-SNAPSHOT" diff --git a/x-pack/filebeat/module/suricata/module.yml b/x-pack/filebeat/module/suricata/module.yml index 9975054c9c1..d3747be1f4d 100644 --- a/x-pack/filebeat/module/suricata/module.yml +++ b/x-pack/filebeat/module/suricata/module.yml @@ -1,5 +1,5 @@ dashboards: - id: 78289c40-86da-11e8-b59d-21efb914e65c-ecs - file: Filebeat-Suricata-Overview.json + file: filebeat-suricata-event-overview.json - id: 05268ee0-86d1-11e8-b59d-21efb914e65c-ecs - file: Filebeat-Suricata-Alert-Overview.json + file: filebeat-suricata-alert-overview.json