diff --git a/x-pack/filebeat/filebeat.reference.yml b/x-pack/filebeat/filebeat.reference.yml index dd3d9a864e0b..cd879f6ef28f 100644 --- a/x-pack/filebeat/filebeat.reference.yml +++ b/x-pack/filebeat/filebeat.reference.yml @@ -547,7 +547,7 @@ filebeat.modules: #------------------------------- Coredns Module ------------------------------- - module: coredns # Fileset for native deployment - log: + log: enabled: true # Set custom paths for the log files. If left empty, @@ -556,7 +556,7 @@ filebeat.modules: #----------------------------- Crowdstrike Module ----------------------------- - module: crowdstrike - + falcon: enabled: true @@ -643,7 +643,7 @@ filebeat.modules: #------------------------------ Envoyproxy Module ------------------------------ - module: envoyproxy # Fileset for native deployment - log: + log: enabled: true # Set custom paths for the log files. If left empty, @@ -1119,6 +1119,19 @@ filebeat.modules: # Oauth Client Secret #var.oauth2.client.secret: "" + # Oauth Token URL, should include the tenant ID + #var.oauth2.token_url: "https://login.microsoftonline.com/TENANT-ID/oauth2/token" + m365_defender: + enabled: true + # How often the API should be polled + #var.interval: 5m + + # Oauth Client ID + #var.oauth2.client.id: "" + + # Oauth Client Secret + #var.oauth2.client.secret: "" + # Oauth Token URL, should include the tenant ID #var.oauth2.token_url: "https://login.microsoftonline.com/TENANT-ID/oauth2/token" dhcp: @@ -1152,7 +1165,7 @@ filebeat.modules: # URL of the MISP REST API #var.url - + # You can also pass SSL options. For example: #var.ssl: |- # { @@ -1665,7 +1678,7 @@ filebeat.modules: http: enabled: true intel: - enabled: true + enabled: true irc: enabled: true kerberos: diff --git a/x-pack/filebeat/module/virustotal/_meta/kibana/7/dashboard/livehunt-overview.json b/x-pack/filebeat/module/virustotal/_meta/kibana/7/dashboard/livehunt-overview.json new file mode 100644 index 000000000000..5f1b10524117 --- /dev/null +++ b/x-pack/filebeat/module/virustotal/_meta/kibana/7/dashboard/livehunt-overview.json @@ -0,0 +1,846 @@ +{ + "objects": [ + { + "attributes": { + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "optionsJSON": { + "hidePanelTitles": false, + "useMargins": true + }, + "panelsJSON": [ + { + "embeddableConfig": {}, + "gridData": { + "h": 15, + "i": "ec36b04f-b714-401a-a4c6-3212ca615592", + "w": 23, + "x": 0, + "y": 0 + }, + "panelIndex": "ec36b04f-b714-401a-a4c6-3212ca615592", + "panelRefName": "panel_0", + "version": "7.9.2" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 15, + "i": "37af54a7-99cb-41da-b00e-b5aebcd93e8b", + "w": 25, + "x": 23, + "y": 0 + }, + "panelIndex": "37af54a7-99cb-41da-b00e-b5aebcd93e8b", + "panelRefName": "panel_1", + "version": "7.9.2" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 18, + "i": "e83917f5-d17a-4e09-a553-c996a57b4739", + "w": 17, + "x": 0, + "y": 15 + }, + "panelIndex": "e83917f5-d17a-4e09-a553-c996a57b4739", + "panelRefName": "panel_2", + "version": "7.9.2" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 18, + "i": "46e12b30-e4dd-462f-b59f-48c88300a89e", + "w": 12, + "x": 17, + "y": 15 + }, + "panelIndex": "46e12b30-e4dd-462f-b59f-48c88300a89e", + "panelRefName": "panel_3", + "version": "7.9.2" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 18, + "i": "1096fbd8-383b-4d8d-9582-dac41270475f", + "w": 19, + "x": 29, + "y": 15 + }, + "panelIndex": "1096fbd8-383b-4d8d-9582-dac41270475f", + "panelRefName": "panel_4", + "version": "7.9.2" + }, + { + "embeddableConfig": { + "hiddenLayers": [], + "isLayerTOCOpen": false, + "mapCenter": { + "lat": 20.2912, + "lon": 14.61228, + "zoom": 1.32 + }, + "openTOCDetails": [] + }, + "gridData": { + "h": 17, + "i": "c2fafd37-cbb9-48fd-ad21-76f2c57a4a0c", + "w": 31, + "x": 0, + "y": 33 + }, + "panelIndex": "c2fafd37-cbb9-48fd-ad21-76f2c57a4a0c", + "panelRefName": "panel_5", + "version": "7.9.2" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 17, + "i": "4130c0b5-c2af-4ded-9406-0b7d477c202d", + "w": 17, + "x": 31, + "y": 33 + }, + "panelIndex": "4130c0b5-c2af-4ded-9406-0b7d477c202d", + "panelRefName": "panel_6", + "version": "7.9.2" + }, + { + "embeddableConfig": {}, + "gridData": { + "h": 15, + "i": "70185726-7b35-4f2d-ab07-60c719705373", + "w": 48, + "x": 0, + "y": 50 + }, + "panelIndex": "70185726-7b35-4f2d-ab07-60c719705373", + "panelRefName": "panel_7", + "version": "7.9.2" + } + ], + "timeRestore": false, + "title": "[VirusTotal] Livehunt Overview", + "version": 1 + }, + "id": "bd059c90-0e56-11eb-9aef-8b55a4ae31c5", + "migrationVersion": { + "dashboard": "7.3.0" + }, + "namespaces": [ + "default" + ], + "references": [ + { + "id": "8901bc70-0fe2-11eb-9aef-8b55a4ae31c5", + "name": "panel_0", + "type": "visualization" + }, + { + "id": "502946c0-0fe2-11eb-9aef-8b55a4ae31c5", + "name": "panel_1", + "type": "visualization" + }, + { + "id": "32ad8fe0-0e50-11eb-9aef-8b55a4ae31c5", + "name": "panel_2", + "type": "visualization" + }, + { + "id": "a3cfa7a0-0fe3-11eb-9aef-8b55a4ae31c5", + "name": "panel_3", + "type": "visualization" + }, + { + "id": "1fed6b80-0cd6-11eb-9aef-8b55a4ae31c5", + "name": "panel_4", + "type": "visualization" + }, + { + "id": "506466e0-0d64-11eb-9aef-8b55a4ae31c5", + "name": "panel_5", + "type": "map" + }, + { + "id": "3429d920-0caf-11eb-9aef-8b55a4ae31c5", + "name": "panel_6", + "type": "visualization" + }, + { + "id": "e906a5b0-0fe0-11eb-9aef-8b55a4ae31c5", + "name": "panel_7", + "type": "search" + } + ], + "type": "dashboard", + "updated_at": "2020-10-19T18:41:36.890Z", + "version": "WzE3NjYxLDFd" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Livehunt notifications by ruleset over time [Virustotal Filebeat]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "now-2w", + "to": "now" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "rule.ruleset", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": true, + "otherBucketLabel": "Other", + "size": 9 + }, + "schema": "group", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTimeMarker": true, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "grid": { + "categoryLines": false + }, + "labels": { + "show": false + }, + "legendPosition": "right", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "title": "Livehunt notifications by ruleset over time [Virustotal Filebeat]", + "type": "histogram" + } + }, + "id": "8901bc70-0fe2-11eb-9aef-8b55a4ae31c5", + "migrationVersion": { + "visualization": "7.8.0" + }, + "namespaces": [ + "default" + ], + "references": [ + { + "id": "e906a5b0-0fe0-11eb-9aef-8b55a4ae31c5", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization", + "updated_at": "2020-10-16T19:10:21.402Z", + "version": "WzE2OTg1LDFd" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Livehunt notifications by type tag over time [Virustotal Filebeat]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "drop_partials": false, + "extended_bounds": {}, + "field": "@timestamp", + "interval": "auto", + "min_doc_count": 1, + "scaleMetricValues": false, + "timeRange": { + "from": "now-2w", + "to": "now" + }, + "useNormalizedEsInterval": true + }, + "schema": "segment", + "type": "date_histogram" + }, + { + "enabled": true, + "id": "3", + "params": { + "field": "virustotal.type_tag", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": true, + "otherBucketLabel": "Other", + "size": 5 + }, + "schema": "group", + "type": "terms" + } + ], + "params": { + "addLegend": true, + "addTimeMarker": true, + "addTooltip": true, + "categoryAxes": [ + { + "id": "CategoryAxis-1", + "labels": { + "filter": true, + "show": true, + "truncate": 100 + }, + "position": "bottom", + "scale": { + "type": "linear" + }, + "show": true, + "style": {}, + "title": {}, + "type": "category" + } + ], + "grid": { + "categoryLines": false + }, + "labels": { + "show": false + }, + "legendPosition": "right", + "seriesParams": [ + { + "data": { + "id": "1", + "label": "Count" + }, + "drawLinesBetweenPoints": true, + "interpolate": "linear", + "lineWidth": 2, + "mode": "stacked", + "show": true, + "showCircles": true, + "type": "histogram", + "valueAxis": "ValueAxis-1" + } + ], + "thresholdLine": { + "color": "#E7664C", + "show": false, + "style": "full", + "value": 10, + "width": 1 + }, + "times": [], + "type": "histogram", + "valueAxes": [ + { + "id": "ValueAxis-1", + "labels": { + "filter": false, + "rotate": 0, + "show": true, + "truncate": 100 + }, + "name": "LeftAxis-1", + "position": "left", + "scale": { + "mode": "normal", + "type": "linear" + }, + "show": true, + "style": {}, + "title": { + "text": "Count" + }, + "type": "value" + } + ] + }, + "title": "Livehunt notifications by type tag over time [Virustotal Filebeat]", + "type": "histogram" + } + }, + "id": "502946c0-0fe2-11eb-9aef-8b55a4ae31c5", + "migrationVersion": { + "visualization": "7.8.0" + }, + "namespaces": [ + "default" + ], + "references": [ + { + "id": "e906a5b0-0fe0-11eb-9aef-8b55a4ae31c5", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization", + "updated_at": "2020-10-16T19:09:35.807Z", + "version": "WzE2OTgwLDFd" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Analysis Results Wordcloud [Virustotal Filebeat] ", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "spec": "{\n $schema: \"https://vega.github.io/schema/vega/v5.json\"\n data: [\n {\n name: engines\n url: {\n %context%: true\n %timefield%: @timestamp\n index: \"filebeat-*\"\n body: {\n aggs: {\n engines: {\n nested: {\n path: \"virustotal.analysis.results\"\n },\n aggs: {\n values: {\n terms: {\n size: 100\n field: \"virustotal.analysis.results.result\" \n }\n }\n }\n }\n }\n size: 0\n }\n }\n format: { property: \"aggregations.engines.values.buckets\" }\n transform: [\n {\n \"type\": \"formula\", \"as\": \"angle\",\n \"expr\": \"0\"\n },\n {\n \"type\": \"formula\", \"as\": \"weight\",\n \"expr\": \"datum.doc_count\"\n }\n ]\n }\n ]\n \n \"signals\": [\n {\n \"name\": \"wordclick\",\n \"value\": \"\",\n \"on\": [\n {\n \"events\": \"text:click\",\n \"update\": '''\n kibanaAddFilter({\"nested\": {\"path\": \"virustotal.analysis.results\", \"query\": {\"bool\": {\"must\": [{ \"match\": { \"virustotal.analysis.results.result\": event.item.text } }]}}}})\n '''\n }\n ]\n }\n ]\n\n scales: [\n {\n name: \"color\"\n type: \"ordinal\"\n domain: { data: \"engines\", field: \"key\" }\n range: {\"scheme\": \"elastic\"}\n }\n ]\n\n marks: [\n {\n name: cloud\n type: text\n from: {data: \"engines\"}\n encode: {\n enter: {\n text: {field: \"key\"}\n align: {value: \"center\"}\n baseline: {value: \"alphabetic\"}\n fill: {scale: \"color\", field: \"key\"}\n },\n update: {\n fillOpacity: {value: 1}\n },\n hover: {\n fillOpacity: {value: 0.5}\n }\n\n }\n transform: [\n {\n type: wordcloud\n text: {field: \"datum.key\"}\n size: [{signal: \"width\"}, {signal: \"height\"}],\n rotate: {field: \"datum.angle\"}\n font: \"Helvetica Neue, Arial\"\n fontSize: {field: \"datum.doc_count\"}\n fontWeight: {field: \"datum.weight\"}\n fontSizeRange: [8, 72]\n padding: 4\n }\n ]\n }\n\n ]\n}" + }, + "title": "Analysis Results Wordcloud [Virustotal Filebeat] ", + "type": "vega" + } + }, + "id": "32ad8fe0-0e50-11eb-9aef-8b55a4ae31c5", + "migrationVersion": { + "visualization": "7.8.0" + }, + "namespaces": [ + "default" + ], + "references": [], + "type": "visualization", + "updated_at": "2020-10-16T21:39:56.735Z", + "version": "WzE3Mjk4LDFd" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "savedSearchRefName": "search_0", + "title": "Livehunt notifications by mime-type [Virustotal FIlebeat]", + "uiStateJSON": { + "vis": { + "params": { + "sort": { + "columnIndex": null, + "direction": null + } + } + } + }, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "customLabel": "MIME Type", + "field": "file.mime_type", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": true, + "otherBucketLabel": "Other", + "size": 9 + }, + "schema": "bucket", + "type": "terms" + } + ], + "params": { + "perPage": 10, + "percentageCol": "", + "showMetricsAtAllLevels": false, + "showPartialRows": false, + "showTotal": false, + "sort": { + "columnIndex": null, + "direction": null + }, + "totalFunc": "sum" + }, + "title": "Livehunt notifications by mime-type [Virustotal FIlebeat]", + "type": "table" + } + }, + "id": "a3cfa7a0-0fe3-11eb-9aef-8b55a4ae31c5", + "migrationVersion": { + "visualization": "7.8.0" + }, + "namespaces": [ + "default" + ], + "references": [ + { + "id": "e906a5b0-0fe0-11eb-9aef-8b55a4ae31c5", + "name": "search_0", + "type": "search" + } + ], + "type": "visualization", + "updated_at": "2020-10-16T19:13:14.522Z", + "version": "WzE2OTk2LDFd" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "File Capabilities Word Cloud [Virustotal Filebeat]", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [ + { + "enabled": true, + "id": "1", + "params": {}, + "schema": "metric", + "type": "count" + }, + { + "enabled": true, + "id": "2", + "params": { + "field": "virustotal.capabilities", + "missingBucket": false, + "missingBucketLabel": "Missing", + "order": "desc", + "orderBy": "1", + "otherBucket": false, + "otherBucketLabel": "Other", + "size": 100 + }, + "schema": "segment", + "type": "terms" + } + ], + "params": { + "maxFontSize": 72, + "minFontSize": 18, + "orientation": "single", + "scale": "linear", + "showLabel": true + }, + "title": "File Capabilities Word Cloud [Virustotal Filebeat]", + "type": "tagcloud" + } + }, + "id": "1fed6b80-0cd6-11eb-9aef-8b55a4ae31c5", + "migrationVersion": { + "visualization": "7.8.0" + }, + "namespaces": [ + "default" + ], + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + } + ], + "type": "visualization", + "updated_at": "2020-10-16T19:06:05.296Z", + "version": "WzE2OTY2LDFd" + }, + { + "attributes": { + "description": "", + "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"id\":\"road_map_desaturated\",\"isAutoSelect\":false},\"id\":\"6a988e7a-8078-4986-a10d-11f388582582\",\"label\":\"Base Map\",\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"type\":\"VECTOR_TILE\"},{\"sourceDescriptor\":{\"type\":\"EMS_FILE\",\"id\":\"world_countries\",\"tooltipProperties\":[\"name\"]},\"id\":\"45ea51fa-2c06-4a28-91df-7c393a9186e9\",\"label\":\"Submission Country\",\"minZoom\":0,\"maxZoom\":24,\"alpha\":0.49,\"visible\":true,\"style\":{\"type\":\"VECTOR\",\"properties\":{\"icon\":{\"type\":\"STATIC\",\"options\":{\"value\":\"marker\"}},\"fillColor\":{\"type\":\"DYNAMIC\",\"options\":{\"color\":\"Blues\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"__kbnjoin__count__b0962d51-63b7-46a2-9be3-5b5de3db8eff\",\"origin\":\"join\"},\"fieldMetaOptions\":{\"isEnabled\":true,\"sigma\":3},\"type\":\"ORDINAL\",\"useCustomColorRamp\":false}},\"lineColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#000\"}},\"lineWidth\":{\"type\":\"STATIC\",\"options\":{\"size\":1}},\"iconSize\":{\"type\":\"STATIC\",\"options\":{\"size\":6}},\"iconOrientation\":{\"type\":\"STATIC\",\"options\":{\"orientation\":0}},\"labelText\":{\"type\":\"STATIC\",\"options\":{\"value\":\"\"}},\"labelColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#000000\"}},\"labelSize\":{\"type\":\"STATIC\",\"options\":{\"size\":14}},\"labelBorderColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#FFFFFF\"}},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}}},\"isTimeAware\":true},\"type\":\"VECTOR\",\"joins\":[{\"leftField\":\"iso2\",\"right\":{\"id\":\"b0962d51-63b7-46a2-9be3-5b5de3db8eff\",\"indexPatternTitle\":\"filebeat-*\",\"term\":\"virustotal.submission.source.geo.country_iso_code\",\"indexPatternRefName\":\"layer_1_join_0_index_pattern\"}}]}]", + "mapStateJSON": "{\"zoom\":1.77,\"center\":{\"lon\":0,\"lat\":0},\"timeFilters\":{\"from\":\"now-14d\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[{\"meta\":{\"index\":\"filebeat-*\",\"alias\":null,\"negate\":false,\"disabled\":false,\"type\":\"exists\",\"key\":\"virustotal.id\",\"value\":\"exists\"},\"exists\":{\"field\":\"virustotal.id\"},\"$state\":{\"store\":\"appState\"}}],\"settings\":{\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showSpatialFilters\":true,\"spatialFiltersAlpa\":0.88,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}", + "title": "[Virustotal] Submission Country", + "uiStateJSON": { + "isLayerTOCOpen": false, + "openTOCDetails": [] + } + }, + "id": "506466e0-0d64-11eb-9aef-8b55a4ae31c5", + "migrationVersion": { + "map": "7.9.0" + }, + "namespaces": [ + "default" + ], + "references": [ + { + "id": "filebeat-*", + "name": "layer_1_join_0_index_pattern", + "type": "index-pattern" + } + ], + "type": "map", + "updated_at": "2020-10-14T19:16:25.908Z", + "version": "WzE2NTEzLDFd" + }, + { + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "title": "Detection Counts By Engine [VirusTotal Filebeat] ", + "uiStateJSON": {}, + "version": 1, + "visState": { + "aggs": [], + "params": { + "spec": "{\n $schema: https://vega.github.io/schema/vega-lite/v4.json\n title: Event counts from all indexes\n // Define the data source\n data: {\n url: {\n // Apply dashboard context filters when set\n %context%: true\n // Filter the time picker (upper right corner) with this field\n %timefield%: @timestamp\n\n // Which index to search\n index: filebeat-8.0.0\n body: {\n size: 0\n aggs: {\n \"results\": {\n \"nested\": {\n \"path\": \"virustotal.analysis.results\"\n },\n \"aggs\": {\n \"table\": {\n \"composite\": {\n \"size\": 1000,\n \"sources\": [\n {\"engine_name\": {\"terms\": {\"field\": \"virustotal.analysis.results.engine_name\"}}},\n {\"category\": {\"terms\": {\"field\": \"virustotal.analysis.results.category\"}}}\n ]\n }\n }\n }\n }\n }\n }\n }\n name: kibana\n\n // From the result, take just the data we are interested in\n format: {\n property: aggregations.results.table.buckets\n }\n // Convert key.stk1 -\u003e stk1 for simpler access below\n transform: [\n {\n type: formula\n expr: datum.key.engine_name\n as: engine_name\n }\n {\n type: formula\n expr: datum.key.category\n as: category\n }\n {\n type: formula\n expr: datum.doc_count\n as: count\n }\n ]\n }\n\n // \"mark\" is the graphics element used to show our data. Other mark values are: area, bar, circle, line, point, rect, rule, square, text, and tick. See https://vega.github.io/vega-lite/docs/mark.html\n mark: text\n\n // \"encoding\" tells the \"mark\" what data to use and in what way. See https://vega.github.io/vega-lite/docs/encoding.html\n encoding: {\n x: {\n // The \"key\" value is the timestamp in milliseconds. Use it for X axis.\n field: key.category\n type: ordinal\n axis: {\n title: Category\n } // Customize X axis format\n }\n y: {\n // The \"doc_count\" is the count per bucket. Use it for Y axis.\n field: key.engine_name\n type: ordinal\n axis: {\n title: Engine Name\n }\n }\n }\n layer: [\n {\n \"mark\": \"rect\",\n \"encoding\": {\n \"color\": {\n \"field\": \"doc_count\",\n \"type\": \"quantitative\",\n \"title\": \"Count of Records\",\n \"legend\": {\"direction\": \"horizontal\", \"gradientLength\": 120}\n }\n }\n },\n {\n mark: text\n encoding: {\n text: {\n field: doc_count\n type: quantitative\n }\n \"color\": {\n \"condition\": {\"test\": \"datum['doc_count'] \u003c 40\", \"value\": \"black\"},\n \"value\": \"white\"\n }\n }\n }\n ]\n config: {\n axis: {\n grid: true\n tickBand: extent\n }\n }\n}" + }, + "title": "Detection Counts By Engine [VirusTotal Filebeat] ", + "type": "vega" + } + }, + "id": "3429d920-0caf-11eb-9aef-8b55a4ae31c5", + "migrationVersion": { + "visualization": "7.8.0" + }, + "namespaces": [ + "default" + ], + "references": [], + "type": "visualization", + "updated_at": "2020-10-16T18:55:10.043Z", + "version": "WzE2ODk5LDFd" + }, + { + "attributes": { + "columns": [ + "file.hash.sha1", + "file.name", + "file.size", + "file.mime_type", + "rule.ruleset", + "rule.name", + "rule.tags", + "virustotal.capabilities", + "virustotal.type_description" + ], + "description": "", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "exists": { + "field": "virustotal.id" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "virustotal.id", + "negate": false, + "type": "exists", + "value": "exists" + } + } + ], + "highlightAll": true, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.index", + "query": { + "language": "kuery", + "query": "" + }, + "version": true + } + }, + "sort": [], + "title": "Virustotal LiveHunt Files", + "version": 1 + }, + "id": "e906a5b0-0fe0-11eb-9aef-8b55a4ae31c5", + "migrationVersion": { + "search": "7.4.0" + }, + "namespaces": [ + "default" + ], + "references": [ + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.index", + "type": "index-pattern" + }, + { + "id": "filebeat-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + } + ], + "type": "search", + "updated_at": "2020-10-16T18:53:42.155Z", + "version": "WzE2ODkwLDFd" + } + ], + "version": "7.9.2" +} \ No newline at end of file diff --git a/x-pack/filebeat/module/virustotal/fields.go b/x-pack/filebeat/module/virustotal/fields.go index 5f8ed86edac9..7f5aced26c43 100644 --- a/x-pack/filebeat/module/virustotal/fields.go +++ b/x-pack/filebeat/module/virustotal/fields.go @@ -19,5 +19,5 @@ func init() { // AssetVirustotal returns asset data. // This is the base64 encoded gzipped contents of module/virustotal. func AssetVirustotal() string { - return "eJzsXV+T3LiNf/enQDkP9lbNzt2lKi9+uKqJx3s7FXvt2nE2uSeFLaFbvJFIhaSmp/3pr/hPUqtJ/Z/xpir9sF53m9APIAgCIAj9QVZYFGmO6QOKd5BRSXYFvvoRHvD0Dh6pqKXiihSvABRVBb6D3/R3X913GcpU0EpRzt7Bf78CAPjEs7pA2HMBOWFZQdkBVI6dcXDz5Q4YV3RPU6KHylcAe4pFJt+9MjT05w8QhuZ//xEYKbGH0X8CuPznJ/Mg2Ate9nEV/CCvz6jsSV2oxGB7B3tSSOz8LLBAIvEd7FCRzvfqVOE7OAheV51vPYNdLJ4HwkhxklSe/TjIhf7cuFFA2Z6L0ogSyI7XyjAmSVkVeH1Bc5CnIb7ivMX46/KYEdV/0AQe9eeWKATCMlC09GzBkUgrtm+Ywe7UmcY+xy3sKIRRkbRsCJR1ofozNZGT95wpQpkEJGkOyA6U4RvpaOqFkhFF3BRaPqO8MJQKs8DPsXnoMlGiynlo8EQ+9OeToQG17MvfLH2v0aHJaJl4wNORizAQjzUlCg9cnNahfe+oAN8PLI756OzUrcP2q6HhkXUEuZ0Qraol+i/rsP5CSvRILVGrAdvOuYP7iEJSztYh/s0SeTHQdRUxMzMwfyRSgSW0DncQigcsFYkYsgn2cBIv93VZknbROdtpTVRgwNDGA4ObD0w0fHtCi1rEZsfSp0zhAcW6GWR1uUOhGb/5zc2dBJUTZSDAMUfmp9D4R/oHGjT3LfiaZagwDZv9Z8MvsOJCSZDk1EClcgxMY70521NRYvaj3rx5HTOVG0L/JSp6YbZdAg7KslnIiSgLlKGFszEjo3MwCKXZ60lBU8rr3wPgYSyNXapl9buBPALGY34x7W4Bu0fKSzWmEv7668f/GFVlDevHmsm60qy/rFnpr82MszcKHBT7lX6u/qdnfITjJ6UE3dUK+5Nkoe8LohSyCwaH9psJm+AIzy7QFKhqwS6cZMMhEagDYTihgpJUFWZazByI3ptZRkQGMs2xJMPsp7wsa0ZV30eO75fPy/l7j0cHGqQT08Q977Ho0QT4ySO/nOJhRseYncjwBKbPGTdIR7ke4hy+y55jldMt00av9Cr0GCxrYbfzO+w5ccANiBjiNoaramWyJwu93JQLhJQUaV0Qpf1zwUsgReG0oOI6VNfrvxffxdYtdCwXJ5ebSgO8Dhr4CZD/9+bXGyiJSnOUJpzQyCL7xXqve33YaaFmhuMhctOjtc6DN4Q2TtUiVPgU9hXaFaTSPKEskfUuuo9PxnjMUeVoZ9lQNukzyvRGY+kDF3onGgS947xAEmasq5ISVUJXZpfaVfJGeqJwd7s+X2NJbTflHXib6KXAPQpk6coZ95gkr0WUVhxVs3I7WfrN3YSzOU4504vi7ImgyOHCbv/estNfqc2IFfQRIa/ZOQvPm4yWjFZVUJsnAB8XvyMf3OwH7Fjjs5FD3Fkb0jpZ70oqA6m/Ea4+9b1NE79FaD2PHtn1dn1Afp3ymilxSqjkScqzhep1d/8ZHCXQVLSq2YeY/4txNyzoAOIHDHkhEwD+ldF/1gg0Q6ZVx0Z3myLcUyFVYgipcJQ69RDJRMre1TF7oKENEpHp7fDsbDMMdotlW5D1/HziUoHAFJkymM7Zci6n4i/FUjvNidHWZUz9cpbckJ3ICXIiYaenqZHbRO5iUUabVdX6m1iNXXiu59aAo2Fj+5w8Yhdsy8py3M1uxY+s4CQ7OxCfhParsYkWB9UBqsWzw4amj1/iB6pxb/BMwUueaXvQ1+8RgOfrlO/+D1MFVEks9kazNWnwpMPIAvo8qsvtSXwm+KEmF+Zovbtzn/Nj6Kz+Rj+SZnDz5S9XcPvh7+ao++bvnz6a5SyvAJ+UIKlWoiNVuZHLTQMTFOd9JXqerY2kij5SRZcukubwWzNAquqN9CRP5gnTfYUoxPiB4QR8Rqb/Y2Tq6JjTtvWoiJ3ghFRVEfalJyJ0hKyZN9lRyrydAKtWk83JHLQJCsFDeZoJmP/Whp7CV22AoQeV4ClK6QuEOg+MR6Nh2zOLGb0CV2hIX/4CrR02EwBvX5Pq4fUVvM7wSf9Bnsri9Q/b6ZDTzBUOpWfC67imdGW4aGuiSsLoHmV8AhbjjsTIC3BrSs+Hu6A7QcRiW/fRDHd2zR7aU+a1fD26klCWeOO50H8klJ3b3+cTZkkZLesykdnDQE3HFNCWEDQnViCzhwGrPxNnRdIHclion1/s4GcWZSX4I81QLNTLL354U7e1mU7qWIQ+Lkb2qx/+DMiofEgoy/QGsHQbSxvn5cj1k+U7MJYe3kol6lTVAn8wjtvrCkX5Gt7qP2xAJH8wCKBBEHd0Lg8q4wEXike6OGC5d6O3F7ZUgrKDTDp+7kqJa89FoDT1kY467HnNtjWpiogDqvUmqr9NOYBt/KpM4ab2Fjbwd1XiN9jlXo2RLyNFA9lVa/VijLbS8+uA/naPq6KwUxQuy7jQ1mqBdohAhorQQl7D+xzTB7i//wjvOz+7KFJxeGD8CCUX6GIvqiQ0C3iLZamFyXSUWKjFpjC9DJQsWYiTnQ20tU+Jk94ysLd2cOeo2yIW+M+aCsw6D5LX8Bc8SVP10H7rfCRtOx9JUaP9PaOpfqpxwbxAfKCw50XBj/pvNmRdKo62wrgiO1qEQtsRAXykUrnaIYESmSKKPqJJfOsgnLgslU/NvZFnzwpnL4YS47uTwhwFD632oVzqWFLo8+3nySmEptz1ie4DuYf1eZIPjvCsaw3Pk/JIc2IyLyIJnxlOWB8NNw0tCNOalgvX0Voi6beFhrNFwzOECJ2pSMqKsNOKiK4DxpCKHaBOw4PmsKXidGnyuYFjKEGM0tQziwKT4WqAOZBMxmGY3Axc+4IcZFIS+bAFLEMNItRmoOILd6BzNEEqM1BssLYMjlVryyKpd/pfbwImSmoGnq3AbIMkwSeFbLmffokJhijOQLcqfDiHNTezMYQnsTVyG8KCKMVp6GhJDluJy9BaLS+LyEit2a6pVDRda5r8XQnokdXOIz5hWqvAUd4M3IwqSgr6DbMkI4psYcU6NO21xFUWzQeZW7gLTcC6yl8oCDvUerqXp9IbRJ4WRGhNRIQHUiQpr06CHvK1XoyhBkPUJqKi7AHFRsvUElu9TktabrIfaTrr9qOSpDll24CxpNbh4XKjmeJy9SzZtEuylfPgsjjrfQgu6IFqW2SQbWCQPEGLbZVVqjYRVbVSQpXgWZ2qLWTjSK2UisOzjWp7SGv1u4dqGwerB26tjyXrnTxJheVKWEN0ZiLZaBYbeqvn0dSaKVKGThHmIBqiMw1JzZ7DkzujuoEvlwokCpPlJdNt4sdQihUgzkCz9FjvHMmMI5kIiiSQEV0IJVTYNR1PxtO6RBa5iDErdHGUIEhpsg+JRGj1W+8/xglN9Nh4RvenLbTXUlqnvVW232pXy/brdzQbDy2u323B2GAoTGjO7rrRfrpiB30qK7OqH+haoTyVFcQpTbQzVZ0QkeZUYezMcpatqWoYITcd1+6kMOEiWz1nGpUmBjFi0zFtocwazjpd1kg2cOs1kFV+vcaxTVpZQ1mbVfbxYRG+J7QkNoyQGj9ZzYnMrx/1f1/1UWx6za0SvBIUFREn2Nffvp3Mkyk79IaNn2cOcXOxVc+B2LnJ428Gh89cx3GU5EDTeVBu4FCjlL4IpYn2r2BHJGbAGRCoeFUXREBFhC0fNqlpwUvt6z7NhlmR9OGyrCJ+bDyxKsCSdblfUwvEeWErHVSOVLh+SPNbIfA1adSmg1dT06O4w+gR62/jd/7GlvV6aI0GZg7RW/nDPDxN0EkPJUki7RWHm4OM9rhwRTptSxN/Ldg81N7AteoDu5OtNMJHFFSdrvSCQiCyhy8Jd+Ta1QpkVVCl6YQuMIe5DVJbrNRntzcGeb6y5G2xWJftuYqeCqpouuJqV04PfXM+fXCJGa3j6Y6x4QU/zho7cGl2WRFS2xMHSJpykVlDGb96Nr6alAhsLGu3x6/i7tZcRYNa0YKqkx5AD8waJmcKTu1G0LZupQJ2lOmdVP97ov1XeQ13CkpygoOWgdE8UrQmWF5dPN/4mFZZtb6gDrz17KG5oLKz1Von34fIXbNpTFT4lvfzVCNNTqTftfZzfba8I4RlVv1LR4qmcyFUXFKjo+dSDIy20jbViikOOOCXfVK6Pa4GCnHGbiOan3fuKmpMmBNWjkahSN/LG1sato7QLeum/HEWiq7yXBsvV8oMsat7I2t4AORPjQd75q/Vximzz+kujeGGydGq5zMWsNhvAv3Dx58AH5Ep2b/uCndMYVHQA7IU4aPW059rpnz3yi5D/BHFUVBlbGONFyz1V3lMAEO9oU060JTpLrjWOqpinbulOTK9MiU1l9n81RVXt+obeV3Dnb3GgK7vHFVwJCGfhRYKuGnJVNECM2OYU8KAFNLcN96TB2t1S1IciUCf94yUxV5w32zySC6TBOsF87Mhe1aD6lRca45RxRcx+mlBgn2/Jhhex4KhMAYepmeWSaSJ2pQWDARMoUsXjZ2/5XjcsfkySJ/cmXs3B7YlOC4TsqMLo6EPH27h62e4uQ21PZp4tLU40+OUR7kejNvozqpMd6+R8xbTQ3Z0IPs+TGMp5pvONec/W/dVbzhiT1KEtzd/vguEumc1zrHCZO8r2TtSUX4KHvxxukq0IMYVo5fqe1ZZv/7Pp/96bTzMph7DA+vsKcE9xMazSSX4QZAysWo1Mwxre5fop36xpJzMInvaxVT08EgbtGyB596loJbhcUAuEazuieFgffdtdk0SuiNeE4sbWt8jf3aBRJNaDqTKT5KmpEj4fr/8/ksfkyW2HJVfFCsOMfqQNKkVgJZXaPSBaFLBHrHOtO9OQ/1vg5a92XqpUDUpEpJlItxJdglgRxUc1SHsc7el9p6Z6cs9z674nJgdjBlggaaIob1saHJJL2Jb1ifEGzbkqdwtqAqZ2cxr+dL66tzFFwDc1uyv0A87+F9ePxo2/lX04wUAN+Y5JwKzJNbQZaKiWCptW5hO4wQqjV20Lm5QKQYzg1jsg8fOg7D8KJt70z5vwNWdCiF+Ara6Bb6nvE26DZ6vbSceTLVcQYNNWiZuja4KwREDTSzuVlxK/SzPWY1nE4eyhkteebBcfBnu6nBQuVVn/Vv9hG6YcAV0Dy4zPkPGfeTWEMXnfSv83o6QomiN375mwbhqDgOR0Gxb9Led19K552lmfG7XH8N9+bCCEYG2feZgO4pJDI09cRLLdzYK/fKhbcfhEcorkLxEo41tY4LLo+ILzvw1se/N2y09oFXHBlHbUafh0nTrACrb221viXRuvOl1FKRteniYlxPxI5SEnVqCrgcgEQg5eWxesnNG3h2NX3bMuxBmyD/7foL0sKzb2Iju7Ou+/KysgoTH5GdyJESBrDCle5q29EcFGC52emnJNUfU0gOyHhVn8DfKMn6UeukZh0Z7Wf4gv62guvkt8g6SpsWMKXAKNpe5qC+SV7DjKvftpcKEJSL8w+3N127cP4zvVaI4GOewW/cl29eAGNR9ovGzw7HYd8g1nurOGrdbtnHa7sx6B8H8+yBy+CCS1CrXejXfm7/pjPTpT6f98715x2cSu400WudlhreXmSYBOhNKENZQjeUiVf50vuj0Omtu2fsVuDu1689WNcJ9dxU3RqxZzyMHBabxJk05uw7M8uLaup+JzNH2Aih3mGWaA3d+oJ811xkPQJsAAsKNoGBCLD78gq1GdtmfFsX544e4t39qalAEORqZxY6px/taufVjToO61zs3VN0LMbedKtM8qdAd+CRRHdv2qfHOSWOdutpGSSNWYjAJPJIAHrhiP2YiOjfqV9tVvV8XpF8DN4Lgsx0UOt+KAHmuRmb0j8sW1/uc/nEGfBgoyYOezvFqYUXhBzv4GWDpscuzmz+50ZPBjNa2BE3mBCRe77qmcRNEa44CP5uxHgqfvTRg2knX8vO4e/ptytxtcBo3bugnQv65M7mWWHNpZ/ZcN+DOXyu4vMby3kWnxrXRoSzfSRSPKLQ/Tg7IlLslYWLZAzIURCGQAsV54ne4cHROXjT6froRWd+dVSp338KboyE6f0OZX+n/lRy0yxt4qeoyBCMvGRxBs/SlghaXf4XD/wcAAP//IKfo6g==" + return "eJzsXV+T3LiNf/enQDkP9lbNzt2lKi9+uKqJx3s7FXvt2nE2uSeFLaFbvJFIhaSmp/3pr/hPUqtJ/Z/xpir9sF53m9APIAgCIAj9QVZYFGmO6QOKd5BRSXYFvvoRHvD0Dh6pqKXiihSvABRVBb6D3/R3X913GcpU0EpRzt7Bf78CAPjEs7pA2HMBOWFZQdkBVI6dcXDz5Q4YV3RPU6KHylcAe4pFJt+9MjT05w8QhuZ//xEYKbGH0X8CuPznJ/Mg2Ate9nEV/CCvz6jsSV2oxGB7B3tSSOz8LLBAIvEd7FCRzvfqVOE7OAheV51vPYNdLJ4HwkhxklSe/TjIhf7cuFFA2Z6L0ogSyI7XyjAmSVkVeH1Bc5CnIb7ivMX46/KYEdV/0AQe9eeWKATCMlC09GzBkUgrtm+Ywe7UmcY+xy3sKIRRkbRsCJR1ofozNZGT95wpQpkEJGkOyA6U4RvpaOqFkhFF3BRaPqO8MJQKs8DPsXnoMlGiynlo8EQ+9OeToQG17MvfLH2v0aHJaJl4wNORizAQjzUlCg9cnNahfe+oAN8PLI756OzUrcP2q6HhkXUEuZ0Qraol+i/rsP5CSvRILVGrAdvOuYP7iEJSztYh/s0SeTHQdRUxMzMwfyRSgSW0DncQigcsFYkYsgn2cBIv93VZknbROdtpTVRgwNDGA4ObD0w0fHtCi1rEZsfSp0zhAcW6GWR1uUOhGb/5zc2dBJUTZSDAMUfmp9D4R/oHGjT3LfiaZagwDZv9Z8MvsOJCSZDk1EClcgxMY70521NRYvaj3rx5HTOVG0L/JSp6YbZdAg5KZxa+TZ+FnIiyQBlaOBszMjoHg1CavZ4UNKW8/j0AHsbS2KVaVr8byCNgPOYX0+4WsHukvFRjKuGvv378j1FV1rB+rJmsK836y5qV/trMOHujwEGxX+nn6n96xkc4flJK0F2tsD9JFvq+IEohu2BwaL+ZsAmO8OwCTYGqFuzCSTYcEoE6EIYTKihJVWGmxcyB6L2ZZURkINMcSzLMfsrLsmZU9X3k+H75vJy/93h0oEE6MU3c8x6LHk2AnzzyyykeZnSM2YkMT2D6nHGDdJTrIc7hu+w5VjndMm30Sq9Cj8GyFnY7v8OeEwfcgIghbmO4qlYme7LQy025QEhJkdYFUdo/F7wEUhROCyquQ3W9/nvxXWzdQsdycXK5qTTA66CBnwD5f29+vYGSqDRHacIJjSyyX6z3uteHnRZqZjgeIjc9Wus8eENo41QtQoVPYV+hXUEqzRPKElnvovv4ZIzHHFWOdpYNZZM+o0xvNJY+cKF3okHQO84LJGHGuiopUSV0ZXapXSVvpCcKd7fr8zWW1HZT3oG3iV4K3KNAlq6ccY9J8lpEacVRNSu3k6Xf3E04m+OUM70ozp4Iihwu7PbvLTv9ldqMWEEfEfKanbPwvMloyWhVBbV5AvBx8Tvywc1+wI41Phs5xJ21Ia2T9a6kMpD6G+HqU9/bNPFbhNbz6JFdb9cH5Ncpr5kSp4RKnqQ8W6hed/efwVECTUWrmn2I+b8Yd8OCDiB+wJAXMgHgXxn9Z41AM2RadWx0tynCPRVSJYaQCkepUw+RTKTsXR2zBxraIBGZ3g7PzjbDYLdYtgVZz88nLhUITJEpg+mcLedyKv5SLLXTnBhtXcbUL2fJDdmJnCAnEnZ6mhq5TeQuFmW0WVWtv4nV2IXnem4NOBo2ts/JI3bBtqwsx93sVvzICk6yswPxSWi/GptocVAdoFo8O2xo+vglfqAa9wbPFLzkmbYHff0eAXi+Tvnu/zBVQJXEYm80W5MGTzqMLKDPo7rcnsRngh9qcmGO1rs79zk/hs7qb/QjaQY3X/5yBbcf/m6Oum/+/umjWc7yCvBJCZJqJTpSlRu53DQwQXHeV6Ln2dpIqugjVXTpImkOvzUDpKreSE/yZJ4w3VeIQowfGE7AZ2T6P0amjo45bVuPitgJTkhVFWFfeiJCR8iaeZMdpczbCbBqNdmczEGboBA8lKeZgPlvbegpfNUGGHpQCZ6ilL5AqPPAeDQatj2zmNErcIWG9OUv0NphMwHw9jWpHl5fwesMn/Qf5KksXv+wnQ45zVzhUHomvI5rSleGi7YmqiSM7lHGJ2Ax7kiMvAC3pvR8uAu6E0QstnUfzXBn1+yhPWVey9ejKwlliTeeC/1HQtm5/X0+YZaU0bIuE5k9DNR0TAFtCUFzYgUyexiw+jNxViR9IIeF+vnFDn5mUVaCP9IMxUK9/OKHN3Vbm+mkjkXo42Jkv/rhz4CMyoeEskxvAEu3sbRxXo5cP1m+A2Pp4a1Uok5VLfAH47i9rlCUr+Gt/sMGRPIHgwAaBHFH5/KgMh5woXikiwOWezd6e2FLJSg7yKTj566UuPZcBEpTH+mow57XbFuTqog4oFpvovrblAPYxq/KFG5qb2EDf1clfoNd7tUY+TJSNJBdtVYvxmgrPb8O6G/3uCoKO0XhsowLba0WaIcIZKgILeQ1vM8xfYD7+4/wvvOziyIVhwfGj1BygS72okpCs4C3WJZamExHiYVabArTy0DJkoU42dlAW/uUOOktA3trB3eOui1igf+sqcCs8yB5DX/BkzRVD+23zkfStvORFDXa3zOa6qcaF8wLxAcKe14U/Kj/ZkPWpeJoK4wrsqNFKLQdEcBHKpWrHRIokSmi6COaxLcOwonLUvnU3Bt59qxw9mIoMb47KcxR8NBqH8qljiWFPt9+npxCaMpdn+g+kHtYnyf54AjPutbwPCmPNCcm8yKS8JnhhPXRcNPQgjCtablwHa0lkn5baDhbNDxDiNCZiqSsCDutiOg6YAyp2AHqNDxoDlsqTpcmnxs4hhLEKE09sygwGa4GmAPJZByGyc3AtS/IQSYlkQ9bwDLUIEJtBiq+cAc6RxOkMgPFBmvL4Fi1tiySeqf/9SZgoqRm4NkKzDZIEnxSyJb76ZeYYIjiDHSrwodzWHMzG0N4ElsjtyEsiFKcho6W5LCVuAyt1fKyiIzUmu2aSkXTtabJ35WAHlntPOITprUKHOXNwM2ooqSg3zBLMqLIFlasQ9NeS1xl0XyQuYW70ASsq/yFgrBDrad7eSq9QeRpQYTWRER4IEWS8uok6CFf68UYajBEbSIqyh5QbLRMLbHV67Sk5Sb7kaazbj8qSZpTtg0YS2odHi43mikuV8+STbskWzkPLouz3ofggh6otkUG2QYGyRO02FZZpWoTUVUrJVQJntWp2kI2jtRKqTg826i2h7RWv3uotnGweuDW+liy3smTVFiuhDVEZyaSjWaxobd6Hk2tmSJl6BRhDqIhOtOQ1Ow5PLkzqhv4cqlAojBZXjLdJn4MpVgB4gw0S4/1zpHMOJKJoEgCGdGFUEKFXdPxZDytS2SRixizQhdHCYKUJvuQSIRWv/X+Y5zQRI+NZ3R/2kJ7LaV12ltl+612tWy/fkez8dDi+t0WjA2GwoTm7K4b7acrdtCnsjKr+oGuFcpTWUGc0kQ7U9UJEWlOFcbOLGfZmqqGEXLTce1OChMustVzplFpYhAjNh3TFsqs4azTZY1kA7deA1nl12sc26SVNZS1WWUfHxbhe0JLYsMIqfGT1ZzI/PpR//dVH8Wm19wqwStBURFxgn397dvJPJmyQ2/Y+HnmEDcXW/UciJ2bPP5mcPjMdRxHSQ40nQflBg41SumLUJpo/wp2RGIGnAGBild1QQRURNjyYZOaFrzUvu7TbJgVSR8uyyrix8YTqwIsWZf7NbVAnBe20kHlSIXrhzS/FQJfk0ZtOng1NT2KO4wesf42fudvbFmvh9ZoYOYQvZU/zMPTBJ30UJIk0l5xuDnIaI8LV6TTtjTx14LNQ+0NXKs+sDvZSiN8REHV6UovKAQie/iScEeuXa1AVgVVmk7oAnOY2yC1xUp9dntjkOcrS94Wi3XZnqvoqaCKpiuuduX00Dfn0weXmNE6nu4YG17w46yxA5dmlxUhtT1xgKQpF5k1lPGrZ+OrSYnAxrJ2e/wq7m7NVTSoFS2oOukB9MCsYXKm4NRuBG3rVipgR5neSfW/J9p/lddwp6AkJzhoGRjNI0VrguXVxfONj2mVVesL6sBbzx6aCyo7W6118n2I3DWbxkSFb3k/TzXS5ET6XWs/12fLO0JYZtW/dKRoOhdCxSU1OnouxcBoK21TrZjigAN+2Sel2+NqoBBn7Dai+XnnrqLGhDlh5WgUivS9vLGlYesI3bJuyh9noegqz7XxcqXMELu6N7KGB0D+1HiwZ/5abZwy+5zu0hhumBytej5jAYv9JtA/fPwJ8BGZkv3rrnDHFBYFPSBLET5qPf25Zsp3r+wyxB9RHAVVxjbWeMFSf5XHBDDUG9qkA02Z7oJrraMq1rlbmiPTK1NSc5nNX11xdau+kdc13NlrDOj6zlEFRxLyWWihgJuWTBUtMDOGOSUMSCHNfeM9ebBWtyTFkQj0ec9IWewF980mj+QySbBeMD8bsmc1qE7FteYYVXwRo58WJNj3a4LhdSwYCmPgYXpmmUSaqE1pwUDAFLp00dj5W47HHZsvg/TJnbl3c2BbguMyITu6MBr68OEWvn6Gm9tQ26OJR1uLMz1OeZTrwbiN7qzKdPcaOW8xPWRHB7LvwzSWYr7pXHP+s3Vf9YYj9iRFeHvz57tAqHtW4xwrTPa+kr0jFeWn4MEfp6tEC2JcMXqpvmeV9ev/fPqv18bDbOoxPLDOnhLcQ2w8m1SCHwQpE6tWM8OwtneJfuoXS8rJLLKnXUxFD4+0QcsWeO5dCmoZHgfkEsHqnhgO1nffZtckoTviNbG4ofU98mcXSDSp5UCq/CRpSoqE7/fL77/0MVliy1H5RbHiEKMPSZNaAWh5hUYfiCYV7BHrTPvuNNT/NmjZm62XClWTIiFZJsKdZJcAdlTBUR3CPndbau+Zmb7c8+yKz4nZwZgBFmiKGNrLhiaX9CK2ZX1CvGFDnsrdgqqQmc28li+tr85dfAHAbc3+Cv2wg//l9aNh419FP14AcGOecyIwS2INXSYqiqXStoXpNE6g0thF6+IGlWIwM4jFPnjsPAjLj7K5N+3zBlzdqRDiJ2CrW+B7ytuk2+D52nbiwVTLFTTYpGXi1uiqEBwx0MTibsWl1M/ynNV4NnEoa7jklQfLxZfhrg4HlVt11r/VT+iGCVdA9+Ay4zNk3EduDVF83rfC7+0IKYrW+O1rFoyr5jAQCc22RX/beS2de55mxud2/THclw8rGBFo22cOtqOYxNDYEyexfGej0C8f2nYcHqG8AslLNNrYNia4PCq+4MxfE/vevN3SA1p1bBC1HXUaLk23DqCyvd32lkjnxpteR0HapoeHeTkRP0JJ2Kkl6HoAEoGQk8fmJTtn5N3R+GXHvAthhvyz7ydID8u6jY3ozr7uy8/KKkh4TH4mR0IUyApTuqdpS39UgOFip5eWXHNELT0g61FxBn+jLONHqZeecWi0l+UP8tsKqpvfIu8gaVrMmAKnYHOZi/oieQU7rnLfXipMWCLCP9zefO3G/cP4XiWKg3EOu3Vfsn0NiEHdJxo/OxyLfYdc46nurHG7ZRun7c6sdxDMvw8ihw8iSa1yrVfzvfmbzkif/nTaP9+bd3wmsdtIo3VeZnh7mWkSoDOhBGEN1VguUuVP54tOr7Pmlr1fgbtTu/5sVSPcd1dxY8Sa9TxyUGAab9KUs+vALC+urfuZyBxtL4Byh1mmOXDnB/pZc53xALQJICDcCAomxOLDL9hqZJf9aVGcP36Ie/unpgZFkKORWeyYeryvlVs/5jSoe71zQ9W9EHPbqTLNkwrdgU8S1bFtnxrvnDTWqattlDRiJQaTwCMJ4IEr9mMmonOjfrVd1ft1Qfo1cCMIPttBofOtCJDnamRG/7hscb3P6R9nwIeBkjzo6RyvFlYUfrCDnwGWHrs8u/mTGz0ZzGhtS9BkTkDi9a5rGjdBtOYo8LMZ66Hw2UsDpp10LT+Pu6ffpszdBqdx44Z+IuSfO5NriTWXdmbPdQPu/LWCy2ss7110alwbHcrynUTxiEL74+SATLlbEiaWPSBDQRQCKVCcJ36HC0fn5EWj76cbkfXdWaVy9y28ORqi8zeU+ZX+X8lBu7yBl6ouQzDyksERNEtfKmhx+Vc4/H8AAAD//8486Pg=" } diff --git a/x-pack/filebeat/module/virustotal/livehunt/_meta/kibana/7/dashboard/filebeat-virustotal-livehunt.ndjson b/x-pack/filebeat/module/virustotal/livehunt/_meta/kibana/7/dashboard/filebeat-virustotal-livehunt.ndjson deleted file mode 100644 index 0559b8069911..000000000000 --- a/x-pack/filebeat/module/virustotal/livehunt/_meta/kibana/7/dashboard/filebeat-virustotal-livehunt.ndjson +++ /dev/null @@ -1,10 +0,0 @@ -{"attributes":{"columns":["file.hash.sha1","file.name","file.size","file.mime_type","rule.ruleset","rule.name","rule.tags","virustotal.capabilities","virustotal.type_description"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"meta\":{\"alias\":null,\"negate\":false,\"disabled\":false,\"type\":\"exists\",\"key\":\"virustotal.id\",\"value\":\"exists\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"exists\":{\"field\":\"virustotal.id\"},\"$state\":{\"store\":\"appState\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[],"title":"Virustotal LiveHunt Files","version":1},"id":"e906a5b0-0fe0-11eb-9aef-8b55a4ae31c5","migrationVersion":{"search":"7.4.0"},"references":[{"id":"filebeat-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"filebeat-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"type":"search","updated_at":"2020-10-16T18:53:42.155Z","version":"WzE2ODkwLDFd"} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Livehunt notifications by ruleset over time [Virustotal Filebeat]","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Livehunt notifications by ruleset over time [Virustotal Filebeat]\",\"type\":\"histogram\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"params\":{\"field\":\"@timestamp\",\"timeRange\":{\"from\":\"now-2w\",\"to\":\"now\"},\"useNormalizedEsInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}},\"schema\":\"segment\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"rule.ruleset\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":9,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"},\"schema\":\"group\"}],\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"showCircles\":true,\"interpolate\":\"linear\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":true,\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}}}"},"id":"8901bc70-0fe2-11eb-9aef-8b55a4ae31c5","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"e906a5b0-0fe0-11eb-9aef-8b55a4ae31c5","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-10-16T19:10:21.402Z","version":"WzE2OTg1LDFd"} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Livehunt notifications by type tag over time [Virustotal Filebeat]","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Livehunt notifications by type tag over time [Virustotal Filebeat]\",\"type\":\"histogram\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"params\":{\"field\":\"@timestamp\",\"timeRange\":{\"from\":\"now-2w\",\"to\":\"now\"},\"useNormalizedEsInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}},\"schema\":\"segment\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"virustotal.type_tag\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"},\"schema\":\"group\"}],\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"showCircles\":true,\"interpolate\":\"linear\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":true,\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"}}}"},"id":"502946c0-0fe2-11eb-9aef-8b55a4ae31c5","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"e906a5b0-0fe0-11eb-9aef-8b55a4ae31c5","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-10-16T19:09:35.807Z","version":"WzE2OTgwLDFd"} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"Analysis Results Wordcloud [Virustotal Filebeat] ","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Analysis Results Wordcloud [Virustotal Filebeat] \",\"type\":\"vega\",\"aggs\":[],\"params\":{\"spec\":\"{\\n $schema: \\\"https://vega.github.io/schema/vega/v5.json\\\"\\n data: [\\n {\\n name: engines\\n url: {\\n %context%: true\\n %timefield%: @timestamp\\n index: \\\"filebeat-*\\\"\\n body: {\\n aggs: {\\n engines: {\\n nested: {\\n path: \\\"virustotal.analysis.results\\\"\\n },\\n aggs: {\\n values: {\\n terms: {\\n size: 100\\n field: \\\"virustotal.analysis.results.result\\\" \\n }\\n }\\n }\\n }\\n }\\n size: 0\\n }\\n }\\n format: { property: \\\"aggregations.engines.values.buckets\\\" }\\n transform: [\\n {\\n \\\"type\\\": \\\"formula\\\", \\\"as\\\": \\\"angle\\\",\\n \\\"expr\\\": \\\"0\\\"\\n },\\n {\\n \\\"type\\\": \\\"formula\\\", \\\"as\\\": \\\"weight\\\",\\n \\\"expr\\\": \\\"datum.doc_count\\\"\\n }\\n ]\\n }\\n ]\\n \\n \\\"signals\\\": [\\n {\\n \\\"name\\\": \\\"wordclick\\\",\\n \\\"value\\\": \\\"\\\",\\n \\\"on\\\": [\\n {\\n \\\"events\\\": \\\"text:click\\\",\\n \\\"update\\\": '''\\n kibanaAddFilter({\\\"nested\\\": {\\\"path\\\": \\\"virustotal.analysis.results\\\", \\\"query\\\": {\\\"bool\\\": {\\\"must\\\": [{ \\\"match\\\": { \\\"virustotal.analysis.results.result\\\": event.item.text } }]}}}})\\n '''\\n }\\n ]\\n }\\n ]\\n\\n scales: [\\n {\\n name: \\\"color\\\"\\n type: \\\"ordinal\\\"\\n domain: { data: \\\"engines\\\", field: \\\"key\\\" }\\n range: {\\\"scheme\\\": \\\"elastic\\\"}\\n }\\n ]\\n\\n marks: [\\n {\\n name: cloud\\n type: text\\n from: {data: \\\"engines\\\"}\\n encode: {\\n enter: {\\n text: {field: \\\"key\\\"}\\n align: {value: \\\"center\\\"}\\n baseline: {value: \\\"alphabetic\\\"}\\n fill: {scale: \\\"color\\\", field: \\\"key\\\"}\\n },\\n update: {\\n fillOpacity: {value: 1}\\n },\\n hover: {\\n fillOpacity: {value: 0.5}\\n }\\n\\n }\\n transform: [\\n {\\n type: wordcloud\\n text: {field: \\\"datum.key\\\"}\\n size: [{signal: \\\"width\\\"}, {signal: \\\"height\\\"}],\\n rotate: {field: \\\"datum.angle\\\"}\\n font: \\\"Helvetica Neue, Arial\\\"\\n fontSize: {field: \\\"datum.doc_count\\\"}\\n fontWeight: {field: \\\"datum.weight\\\"}\\n fontSizeRange: [8, 72]\\n padding: 4\\n }\\n ]\\n }\\n\\n ]\\n}\"}}"},"id":"32ad8fe0-0e50-11eb-9aef-8b55a4ae31c5","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-10-16T21:39:56.735Z","version":"WzE3Mjk4LDFd"} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Livehunt notifications by mime-type [Virustotal FIlebeat]","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"Livehunt notifications by mime-type [Virustotal FIlebeat]\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"file.mime_type\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":9,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"MIME Type\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"}}"},"id":"a3cfa7a0-0fe3-11eb-9aef-8b55a4ae31c5","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"e906a5b0-0fe0-11eb-9aef-8b55a4ae31c5","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2020-10-16T19:13:14.522Z","version":"WzE2OTk2LDFd"} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"File Capabilities Word Cloud [Virustotal Filebeat]","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"File Capabilities Word Cloud [Virustotal Filebeat]\",\"type\":\"tagcloud\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"virustotal.capabilities\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"},\"schema\":\"segment\"}],\"params\":{\"maxFontSize\":72,\"minFontSize\":18,\"orientation\":\"single\",\"scale\":\"linear\",\"showLabel\":true}}"},"id":"1fed6b80-0cd6-11eb-9aef-8b55a4ae31c5","migrationVersion":{"visualization":"7.8.0"},"references":[{"id":"filebeat-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2020-10-16T19:06:05.296Z","version":"WzE2OTY2LDFd"} -{"attributes":{"description":"","layerListJSON":"[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"id\":\"road_map_desaturated\",\"isAutoSelect\":false},\"id\":\"6a988e7a-8078-4986-a10d-11f388582582\",\"label\":\"Base Map\",\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"type\":\"VECTOR_TILE\"},{\"sourceDescriptor\":{\"type\":\"EMS_FILE\",\"id\":\"world_countries\",\"tooltipProperties\":[\"name\"]},\"id\":\"45ea51fa-2c06-4a28-91df-7c393a9186e9\",\"label\":\"Submission Country\",\"minZoom\":0,\"maxZoom\":24,\"alpha\":0.49,\"visible\":true,\"style\":{\"type\":\"VECTOR\",\"properties\":{\"icon\":{\"type\":\"STATIC\",\"options\":{\"value\":\"marker\"}},\"fillColor\":{\"type\":\"DYNAMIC\",\"options\":{\"color\":\"Blues\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"__kbnjoin__count__b0962d51-63b7-46a2-9be3-5b5de3db8eff\",\"origin\":\"join\"},\"fieldMetaOptions\":{\"isEnabled\":true,\"sigma\":3},\"type\":\"ORDINAL\",\"useCustomColorRamp\":false}},\"lineColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#000\"}},\"lineWidth\":{\"type\":\"STATIC\",\"options\":{\"size\":1}},\"iconSize\":{\"type\":\"STATIC\",\"options\":{\"size\":6}},\"iconOrientation\":{\"type\":\"STATIC\",\"options\":{\"orientation\":0}},\"labelText\":{\"type\":\"STATIC\",\"options\":{\"value\":\"\"}},\"labelColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#000000\"}},\"labelSize\":{\"type\":\"STATIC\",\"options\":{\"size\":14}},\"labelBorderColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#FFFFFF\"}},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}}},\"isTimeAware\":true},\"type\":\"VECTOR\",\"joins\":[{\"leftField\":\"iso2\",\"right\":{\"id\":\"b0962d51-63b7-46a2-9be3-5b5de3db8eff\",\"indexPatternTitle\":\"filebeat-*\",\"term\":\"virustotal.submission.source.geo.country_iso_code\",\"indexPatternRefName\":\"layer_1_join_0_index_pattern\"}}]}]","mapStateJSON":"{\"zoom\":1.77,\"center\":{\"lon\":0,\"lat\":0},\"timeFilters\":{\"from\":\"now-14d\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[{\"meta\":{\"index\":\"filebeat-*\",\"alias\":null,\"negate\":false,\"disabled\":false,\"type\":\"exists\",\"key\":\"virustotal.id\",\"value\":\"exists\"},\"exists\":{\"field\":\"virustotal.id\"},\"$state\":{\"store\":\"appState\"}}],\"settings\":{\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showSpatialFilters\":true,\"spatialFiltersAlpa\":0.88,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}","title":"[Virustotal] Submission Country","uiStateJSON":"{\"isLayerTOCOpen\":false,\"openTOCDetails\":[]}"},"id":"506466e0-0d64-11eb-9aef-8b55a4ae31c5","migrationVersion":{"map":"7.9.0"},"references":[{"id":"filebeat-*","name":"layer_1_join_0_index_pattern","type":"index-pattern"}],"type":"map","updated_at":"2020-10-14T19:16:25.908Z","version":"WzE2NTEzLDFd"} -{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"Detection Counts By Engine [VirusTotal Filebeat] ","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Detection Counts By Engine [VirusTotal Filebeat] \",\"type\":\"vega\",\"aggs\":[],\"params\":{\"spec\":\"{\\n $schema: https://vega.github.io/schema/vega-lite/v4.json\\n title: Event counts from all indexes\\n // Define the data source\\n data: {\\n url: {\\n // Apply dashboard context filters when set\\n %context%: true\\n // Filter the time picker (upper right corner) with this field\\n %timefield%: @timestamp\\n\\n // Which index to search\\n index: filebeat-8.0.0\\n body: {\\n size: 0\\n aggs: {\\n \\\"results\\\": {\\n \\\"nested\\\": {\\n \\\"path\\\": \\\"virustotal.analysis.results\\\"\\n },\\n \\\"aggs\\\": {\\n \\\"table\\\": {\\n \\\"composite\\\": {\\n \\\"size\\\": 1000,\\n \\\"sources\\\": [\\n {\\\"engine_name\\\": {\\\"terms\\\": {\\\"field\\\": \\\"virustotal.analysis.results.engine_name\\\"}}},\\n {\\\"category\\\": {\\\"terms\\\": {\\\"field\\\": \\\"virustotal.analysis.results.category\\\"}}}\\n ]\\n }\\n }\\n }\\n }\\n }\\n }\\n }\\n name: kibana\\n\\n // From the result, take just the data we are interested in\\n format: {\\n property: aggregations.results.table.buckets\\n }\\n // Convert key.stk1 -> stk1 for simpler access below\\n transform: [\\n {\\n type: formula\\n expr: datum.key.engine_name\\n as: engine_name\\n }\\n {\\n type: formula\\n expr: datum.key.category\\n as: category\\n }\\n {\\n type: formula\\n expr: datum.doc_count\\n as: count\\n }\\n ]\\n }\\n\\n // \\\"mark\\\" is the graphics element used to show our data. Other mark values are: area, bar, circle, line, point, rect, rule, square, text, and tick. See https://vega.github.io/vega-lite/docs/mark.html\\n mark: text\\n\\n // \\\"encoding\\\" tells the \\\"mark\\\" what data to use and in what way. See https://vega.github.io/vega-lite/docs/encoding.html\\n encoding: {\\n x: {\\n // The \\\"key\\\" value is the timestamp in milliseconds. Use it for X axis.\\n field: key.category\\n type: ordinal\\n axis: {\\n title: Category\\n } // Customize X axis format\\n }\\n y: {\\n // The \\\"doc_count\\\" is the count per bucket. Use it for Y axis.\\n field: key.engine_name\\n type: ordinal\\n axis: {\\n title: Engine Name\\n }\\n }\\n }\\n layer: [\\n {\\n \\\"mark\\\": \\\"rect\\\",\\n \\\"encoding\\\": {\\n \\\"color\\\": {\\n \\\"field\\\": \\\"doc_count\\\",\\n \\\"type\\\": \\\"quantitative\\\",\\n \\\"title\\\": \\\"Count of Records\\\",\\n \\\"legend\\\": {\\\"direction\\\": \\\"horizontal\\\", \\\"gradientLength\\\": 120}\\n }\\n }\\n },\\n {\\n mark: text\\n encoding: {\\n text: {\\n field: doc_count\\n type: quantitative\\n }\\n \\\"color\\\": {\\n \\\"condition\\\": {\\\"test\\\": \\\"datum['doc_count'] < 40\\\", \\\"value\\\": \\\"black\\\"},\\n \\\"value\\\": \\\"white\\\"\\n }\\n }\\n }\\n ]\\n config: {\\n axis: {\\n grid: true\\n tickBand: extent\\n }\\n }\\n}\"}}"},"id":"3429d920-0caf-11eb-9aef-8b55a4ae31c5","migrationVersion":{"visualization":"7.8.0"},"references":[],"type":"visualization","updated_at":"2020-10-16T18:55:10.043Z","version":"WzE2ODk5LDFd"} -{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"hidePanelTitles\":false}","panelsJSON":"[{\"version\":\"7.9.2\",\"gridData\":{\"x\":0,\"y\":0,\"w\":23,\"h\":15,\"i\":\"ec36b04f-b714-401a-a4c6-3212ca615592\"},\"panelIndex\":\"ec36b04f-b714-401a-a4c6-3212ca615592\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":23,\"y\":0,\"w\":25,\"h\":15,\"i\":\"37af54a7-99cb-41da-b00e-b5aebcd93e8b\"},\"panelIndex\":\"37af54a7-99cb-41da-b00e-b5aebcd93e8b\",\"embeddableConfig\":{},\"panelRefName\":\"panel_1\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":0,\"y\":15,\"w\":17,\"h\":18,\"i\":\"e83917f5-d17a-4e09-a553-c996a57b4739\"},\"panelIndex\":\"e83917f5-d17a-4e09-a553-c996a57b4739\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":17,\"y\":15,\"w\":12,\"h\":18,\"i\":\"46e12b30-e4dd-462f-b59f-48c88300a89e\"},\"panelIndex\":\"46e12b30-e4dd-462f-b59f-48c88300a89e\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":29,\"y\":15,\"w\":19,\"h\":18,\"i\":\"1096fbd8-383b-4d8d-9582-dac41270475f\"},\"panelIndex\":\"1096fbd8-383b-4d8d-9582-dac41270475f\",\"embeddableConfig\":{},\"panelRefName\":\"panel_4\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":0,\"y\":33,\"w\":31,\"h\":17,\"i\":\"c2fafd37-cbb9-48fd-ad21-76f2c57a4a0c\"},\"panelIndex\":\"c2fafd37-cbb9-48fd-ad21-76f2c57a4a0c\",\"embeddableConfig\":{\"hiddenLayers\":[],\"isLayerTOCOpen\":false,\"mapCenter\":{\"lat\":20.2912,\"lon\":14.61228,\"zoom\":1.32},\"openTOCDetails\":[]},\"panelRefName\":\"panel_5\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":31,\"y\":33,\"w\":17,\"h\":17,\"i\":\"4130c0b5-c2af-4ded-9406-0b7d477c202d\"},\"panelIndex\":\"4130c0b5-c2af-4ded-9406-0b7d477c202d\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"},{\"version\":\"7.9.2\",\"gridData\":{\"x\":0,\"y\":50,\"w\":48,\"h\":15,\"i\":\"70185726-7b35-4f2d-ab07-60c719705373\"},\"panelIndex\":\"70185726-7b35-4f2d-ab07-60c719705373\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"}]","timeRestore":false,"title":"VirusTotal Livehunt Dashboard","version":1},"id":"bd059c90-0e56-11eb-9aef-8b55a4ae31c5","migrationVersion":{"dashboard":"7.3.0"},"references":[{"id":"8901bc70-0fe2-11eb-9aef-8b55a4ae31c5","name":"panel_0","type":"visualization"},{"id":"502946c0-0fe2-11eb-9aef-8b55a4ae31c5","name":"panel_1","type":"visualization"},{"id":"32ad8fe0-0e50-11eb-9aef-8b55a4ae31c5","name":"panel_2","type":"visualization"},{"id":"a3cfa7a0-0fe3-11eb-9aef-8b55a4ae31c5","name":"panel_3","type":"visualization"},{"id":"1fed6b80-0cd6-11eb-9aef-8b55a4ae31c5","name":"panel_4","type":"visualization"},{"id":"506466e0-0d64-11eb-9aef-8b55a4ae31c5","name":"panel_5","type":"map"},{"id":"3429d920-0caf-11eb-9aef-8b55a4ae31c5","name":"panel_6","type":"visualization"},{"id":"e906a5b0-0fe0-11eb-9aef-8b55a4ae31c5","name":"panel_7","type":"search"}],"type":"dashboard","updated_at":"2020-10-16T19:23:57.806Z","version":"WzE3MDUyLDFd"} -{"exportedCount":10,"missingRefCount":0,"missingReferences":[]} diff --git a/x-pack/filebeat/module/virustotal/module.yml b/x-pack/filebeat/module/virustotal/module.yml index ea9adeef4c12..df475bac7af5 100644 --- a/x-pack/filebeat/module/virustotal/module.yml +++ b/x-pack/filebeat/module/virustotal/module.yml @@ -1,3 +1,3 @@ dashboards: -- id: Filebeat-virustotal-livehunt-Dashboard - file: livehunt/_meta/kibana/7/dashboard/filebeat-virustotal-livehunt.ndjson +- id: bd059c90-0e56-11eb-9aef-8b55a4ae31c5 + file: livehunt-overview.json