From 3e15a1d13ae5a6224bc6ef09fbefa2cc01a7d01f Mon Sep 17 00:00:00 2001 From: Tom Myers <106530686+tommyers-elastic@users.noreply.github.com> Date: Mon, 16 Oct 2023 09:59:39 +0100 Subject: [PATCH] Update `azure` package to format_version 3.0.0 (#8050) * run 'elastic-package format' on azure package * Fixes to mappings in 'azure' package to enable migration to package-spec v3. The changes here primarily consist of: 1. Removing duplicate fields 2. Clarifying type of 'array' fields. 3. Moving root-level 'geo' fields out of external ECS definitions. This one is a little weird - ECS mandates that 'geo' fields should be nested. We get validation errors if we have them as 'external' at root level, but we need to keep them for backwards compatibility. So we add their definitions into the custom mappings files. * update azure manifest for format_version 3.0.0 * update changelog PR link * add 'validation.yml' to pass latest package spec validations * fix mappings for complex array types --- packages/azure/changelog.yml | 5 + .../data_stream/activitylogs/fields/agent.yml | 2 - .../data_stream/activitylogs/fields/ecs.yml | 18 - .../activitylogs/fields/fields.yml | 36 + .../data_stream/activitylogs/manifest.yml | 2 +- ...-application-gateway-raw.log-expected.json | 8 +- .../application_gateway/manifest.yml | 1 + .../data_stream/auditlogs/fields/agent.yml | 2 - .../data_stream/auditlogs/fields/ecs.yml | 14 - .../data_stream/auditlogs/fields/fields.yml | 24 +- .../azure/data_stream/auditlogs/manifest.yml | 3 +- .../data_stream/eventhub/fields/agent.yml | 2 - .../azure/data_stream/eventhub/fields/ecs.yml | 12 - .../data_stream/eventhub/fields/fields.yml | 22 + .../azure/data_stream/eventhub/manifest.yml | 5 +- .../test-networkrules-raw.log-expected.json | 4 +- .../data_stream/firewall_logs/fields/ecs.yml | 16 - .../firewall_logs/fields/fields.yml | 36 + .../data_stream/firewall_logs/manifest.yml | 3 +- .../identity_protection/fields/agent.yml | 2 - .../identity_protection/fields/ecs.yml | 18 - .../identity_protection/fields/fields.yml | 36 + .../identity_protection/manifest.yml | 3 +- .../data_stream/platformlogs/fields/agent.yml | 2 - .../data_stream/platformlogs/fields/ecs.yml | 14 - .../platformlogs/fields/fields.yml | 30 + .../data_stream/platformlogs/manifest.yml | 3 +- .../data_stream/provisioning/fields/agent.yml | 2 - .../data_stream/provisioning/fields/ecs.yml | 18 - .../provisioning/fields/fields.yml | 36 + .../data_stream/provisioning/manifest.yml | 3 +- .../data_stream/signinlogs/fields/agent.yml | 2 - .../data_stream/signinlogs/fields/ecs.yml | 12 - .../data_stream/signinlogs/fields/fields.yml | 28 +- .../azure/data_stream/signinlogs/manifest.yml | 4 +- .../springcloudlogs/fields/agent.yml | 2 - .../springcloudlogs/fields/ecs.yml | 14 - .../springcloudlogs/fields/fields.yml | 30 + .../data_stream/springcloudlogs/manifest.yml | 3 +- packages/azure/docs/adlogs.md | 7 +- ...-1e5c9b50-f24a-11ec-a5a8-bf965bcd5646.json | 3016 ++++++++--------- ...-280493a0-f1a1-11ec-a5a8-bf965bcd5646.json | 2240 ++++++------ ...-8731b980-f1aa-11ec-a5a8-bf965bcd5646.json | 2840 ++++++++-------- ...-91224490-f1a6-11ec-a5a8-bf965bcd5646.json | 2858 ++++++++-------- ...-cad82b40-f251-11ec-a5a8-bf965bcd5646.json | 2051 +++++------ packages/azure/manifest.yml | 12 +- packages/azure/validation.yml | 4 + 47 files changed, 6861 insertions(+), 6644 deletions(-) create mode 100644 packages/azure/validation.yml diff --git a/packages/azure/changelog.yml b/packages/azure/changelog.yml index 1ea3b94d72d..b7d3ab7c066 100644 --- a/packages/azure/changelog.yml +++ b/packages/azure/changelog.yml @@ -1,3 +1,8 @@ +- version: "1.6.0" + changes: + - description: Update the package format_version to 3.0.0. + type: enhancement + link: https://github.com/elastic/integrations/pull/8050 - version: "1.5.33" changes: - description: Handle `json.properties.clientIp` as an alias of `json.properties.clientIP` in application gateway logs diff --git a/packages/azure/data_stream/activitylogs/fields/agent.yml b/packages/azure/data_stream/activitylogs/fields/agent.yml index bca66ea4ae0..85704f4c1d4 100644 --- a/packages/azure/data_stream/activitylogs/fields/agent.yml +++ b/packages/azure/data_stream/activitylogs/fields/agent.yml @@ -33,8 +33,6 @@ external: ecs - name: host.id external: ecs -- name: host.ip - external: ecs - name: host.mac external: ecs - name: host.name diff --git a/packages/azure/data_stream/activitylogs/fields/ecs.yml b/packages/azure/data_stream/activitylogs/fields/ecs.yml index ec50849691a..8451f266e58 100644 --- a/packages/azure/data_stream/activitylogs/fields/ecs.yml +++ b/packages/azure/data_stream/activitylogs/fields/ecs.yml @@ -64,22 +64,6 @@ external: ecs - name: source.as.organization.name external: ecs -- name: geo.continent_name - external: ecs -- name: geo.country_iso_code - external: ecs -- name: geo.country_name - external: ecs -- name: geo.location - external: ecs -- name: geo.city_name - external: ecs -- name: geo.region_name - external: ecs -- name: geo.name - external: ecs -- name: geo.region_iso_code - external: ecs - name: log.level external: ecs - name: source.geo.city_name @@ -108,7 +92,5 @@ external: ecs - name: user.id external: ecs -- name: user.name - external: ecs - name: tags external: ecs diff --git a/packages/azure/data_stream/activitylogs/fields/fields.yml b/packages/azure/data_stream/activitylogs/fields/fields.yml index 30b48ec56d7..916ebcffc55 100644 --- a/packages/azure/data_stream/activitylogs/fields/fields.yml +++ b/packages/azure/data_stream/activitylogs/fields/fields.yml @@ -111,3 +111,39 @@ type: flattened description: | Event properties +# the following `geo` mappings are not allowed at root level in ECS, and are defined here for backward compatibility. +- name: geo + type: group + description: 'Geo fields can carry data about a specific location related to an event. + + This geolocation information can be derived from techniques such as Geo IP, or be user-supplied.' + fields: + - name: continent_name + type: keyword + description: Name of the continent. + - name: country_iso_code + type: keyword + description: Country ISO code. + - name: country_name + type: keyword + description: Country name. + - name: location + type: geo_point + description: Longitude and latitude. + - name: city_name + type: keyword + description: City name. + - name: region_name + type: keyword + description: Region name. + - name: region_iso_code + type: keyword + description: Region ISO code. + - name: name + type: keyword + description: 'User-defined description of a location, at the level of granularity they care about. + + Could be the name of their data centers, the floor number, if this describes a local physical entity, city names. + + Not typically used in automated geolocation.' + level: extended diff --git a/packages/azure/data_stream/activitylogs/manifest.yml b/packages/azure/data_stream/activitylogs/manifest.yml index de4d3fd5d9d..c4d70900255 100644 --- a/packages/azure/data_stream/activitylogs/manifest.yml +++ b/packages/azure/data_stream/activitylogs/manifest.yml @@ -56,4 +56,4 @@ streams: description: Replaces single quotes with double quotes (single quotes inside double quotes are omitted) in logs to ensure proper formatting of JSON data and avoid parsing issues during processing. type: bool multi: false - default: false \ No newline at end of file + default: false diff --git a/packages/azure/data_stream/application_gateway/_dev/test/pipeline/test-application-gateway-raw.log-expected.json b/packages/azure/data_stream/application_gateway/_dev/test/pipeline/test-application-gateway-raw.log-expected.json index 619d41fc21e..f504a7d5d41 100644 --- a/packages/azure/data_stream/application_gateway/_dev/test/pipeline/test-application-gateway-raw.log-expected.json +++ b/packages/azure/data_stream/application_gateway/_dev/test/pipeline/test-application-gateway-raw.log-expected.json @@ -239,9 +239,9 @@ "vendor": "Azure" }, "related": { - "ip": [ - "67.43.156.7" - ] + "ip": [ + "67.43.156.7" + ] }, "rule": { "category": "OWASP", @@ -362,4 +362,4 @@ } } ] -} +} \ No newline at end of file diff --git a/packages/azure/data_stream/application_gateway/manifest.yml b/packages/azure/data_stream/application_gateway/manifest.yml index 9d500a6cb86..b88dca3dc72 100644 --- a/packages/azure/data_stream/application_gateway/manifest.yml +++ b/packages/azure/data_stream/application_gateway/manifest.yml @@ -24,6 +24,7 @@ streams: show_user: false description: > The storage account container where the integration stores the checkpoint data for the consumer group. It is an advanced option to use with extreme care. You MUST use a dedicated storage account container for each Azure log type (activity, sign-in, audit logs, and others). DO NOT REUSE the same container name for more than one Azure log type. See [Container Names](https://docs.microsoft.com/en-us/rest/api/storageservices/naming-and-referencing-containers--blobs--and-metadata#container-names) for details on naming rules from Microsoft. The integration generates a default container name if not specified. + - name: tags type: text title: Tags diff --git a/packages/azure/data_stream/auditlogs/fields/agent.yml b/packages/azure/data_stream/auditlogs/fields/agent.yml index bca66ea4ae0..85704f4c1d4 100644 --- a/packages/azure/data_stream/auditlogs/fields/agent.yml +++ b/packages/azure/data_stream/auditlogs/fields/agent.yml @@ -33,8 +33,6 @@ external: ecs - name: host.id external: ecs -- name: host.ip - external: ecs - name: host.mac external: ecs - name: host.name diff --git a/packages/azure/data_stream/auditlogs/fields/ecs.yml b/packages/azure/data_stream/auditlogs/fields/ecs.yml index e57ea63a5ea..8451f266e58 100644 --- a/packages/azure/data_stream/auditlogs/fields/ecs.yml +++ b/packages/azure/data_stream/auditlogs/fields/ecs.yml @@ -64,16 +64,6 @@ external: ecs - name: source.as.organization.name external: ecs -- name: geo.continent_name - external: ecs -- name: geo.country_iso_code - external: ecs -- name: geo.country_name - external: ecs -- name: geo.location - external: ecs -- name: geo.city_name - external: ecs - name: log.level external: ecs - name: source.geo.city_name @@ -94,8 +84,6 @@ external: ecs - name: source.ip external: ecs -- name: client.ip - external: ecs - name: user.full_name external: ecs - name: user.domain @@ -104,7 +92,5 @@ external: ecs - name: user.id external: ecs -- name: user.name - external: ecs - name: tags external: ecs diff --git a/packages/azure/data_stream/auditlogs/fields/fields.yml b/packages/azure/data_stream/auditlogs/fields/fields.yml index 01ff78727da..9541945724e 100644 --- a/packages/azure/data_stream/auditlogs/fields/fields.yml +++ b/packages/azure/data_stream/auditlogs/fields/fields.yml @@ -148,10 +148,32 @@ ip Address - name: additional_details type: group - field: + fields: - name: user_agent type: keyword description: User agent name. - name: authentication_protocol type: keyword description: Authentication protocol type. +# the following `geo` mappings are not allowed at root level in ECS, and are defined here for backward compatibility. +- name: geo + type: group + description: 'Geo fields can carry data about a specific location related to an event. + + This geolocation information can be derived from techniques such as Geo IP, or be user-supplied.' + fields: + - name: continent_name + type: keyword + description: Name of the continent. + - name: country_iso_code + type: keyword + description: Country ISO code. + - name: country_name + type: keyword + description: Country name. + - name: location + type: geo_point + description: Longitude and latitude. + - name: city_name + type: keyword + description: City name. diff --git a/packages/azure/data_stream/auditlogs/manifest.yml b/packages/azure/data_stream/auditlogs/manifest.yml index c8dff573400..2bfddad3262 100644 --- a/packages/azure/data_stream/auditlogs/manifest.yml +++ b/packages/azure/data_stream/auditlogs/manifest.yml @@ -41,6 +41,7 @@ streams: show_user: false description: > Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata. This executes in the agent before the logs are parsed. See [Processors](https://www.elastic.co/guide/en/beats/filebeat/current/filtering-and-enhancing-data.html) for details. + - name: sanitize_newlines type: bool title: Sanitizes New Lines @@ -56,4 +57,4 @@ streams: description: Replaces single quotes with double quotes (single quotes inside double quotes are omitted) in logs to ensure proper formatting of JSON data and avoid parsing issues during processing. type: bool multi: false - default: false \ No newline at end of file + default: false diff --git a/packages/azure/data_stream/eventhub/fields/agent.yml b/packages/azure/data_stream/eventhub/fields/agent.yml index bef5d2f6429..f78c40ec1b0 100644 --- a/packages/azure/data_stream/eventhub/fields/agent.yml +++ b/packages/azure/data_stream/eventhub/fields/agent.yml @@ -33,8 +33,6 @@ external: ecs - name: host.id external: ecs -- name: host.ip - external: ecs - name: host.mac external: ecs - name: host.name diff --git a/packages/azure/data_stream/eventhub/fields/ecs.yml b/packages/azure/data_stream/eventhub/fields/ecs.yml index 58be539b413..de00d49d7d7 100644 --- a/packages/azure/data_stream/eventhub/fields/ecs.yml +++ b/packages/azure/data_stream/eventhub/fields/ecs.yml @@ -62,16 +62,6 @@ external: ecs - name: source.as.organization.name external: ecs -- name: geo.continent_name - external: ecs -- name: geo.country_iso_code - external: ecs -- name: geo.country_name - external: ecs -- name: geo.location - external: ecs -- name: geo.city_name - external: ecs - name: log.level external: ecs - name: source.geo.city_name @@ -102,7 +92,5 @@ external: ecs - name: user.id external: ecs -- name: user.name - external: ecs - name: tags external: ecs diff --git a/packages/azure/data_stream/eventhub/fields/fields.yml b/packages/azure/data_stream/eventhub/fields/fields.yml index cdca8c97c8c..0e5afe9b399 100644 --- a/packages/azure/data_stream/eventhub/fields/fields.yml +++ b/packages/azure/data_stream/eventhub/fields/fields.yml @@ -25,3 +25,25 @@ type: long description: |- Sequence number +# the following `geo` mappings are not allowed at root level in ECS, and are defined here for backward compatibility. +- name: geo + type: group + description: 'Geo fields can carry data about a specific location related to an event. + + This geolocation information can be derived from techniques such as Geo IP, or be user-supplied.' + fields: + - name: continent_name + type: keyword + description: Name of the continent. + - name: country_iso_code + type: keyword + description: Country ISO code. + - name: country_name + type: keyword + description: Country name. + - name: location + type: geo_point + description: Longitude and latitude. + - name: city_name + type: keyword + description: City name. diff --git a/packages/azure/data_stream/eventhub/manifest.yml b/packages/azure/data_stream/eventhub/manifest.yml index cef21846949..89ffb312cd0 100644 --- a/packages/azure/data_stream/eventhub/manifest.yml +++ b/packages/azure/data_stream/eventhub/manifest.yml @@ -29,6 +29,7 @@ streams: title: Dataset name description: > Set the name for your dataset. Changing the dataset will send the data to a different index. You can't use `-` in the name of a dataset and only valid characters for [Elasticsearch index names](https://www.elastic.co/guide/en/elasticsearch/reference/current/docs-index_.html). + type: text - name: storage_account_container type: text @@ -38,6 +39,7 @@ streams: show_user: false description: > The storage account container where the integration stores the checkpoint data for the consumer group. It is an advanced option to use with extreme care. You MUST use a dedicated storage account container for each Azure log type (activity, sign-in, audit logs, and others). DO NOT REUSE the same container name for more than one Azure log type. See [Container Names](https://docs.microsoft.com/en-us/rest/api/storageservices/naming-and-referencing-containers--blobs--and-metadata#container-names) for details on naming rules from Microsoft. The integration generates a default container name if not specified. + - name: tags type: text title: Tags @@ -55,6 +57,7 @@ streams: show_user: false description: > Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata. This executes in the agent before the logs are parsed. See [Processors](https://www.elastic.co/guide/en/beats/filebeat/current/filtering-and-enhancing-data.html) for details. + - name: sanitize_newlines type: bool title: Sanitizes New Lines @@ -70,4 +73,4 @@ streams: description: Replaces single quotes with double quotes (single quotes inside double quotes are omitted) in logs to ensure proper formatting of JSON data and avoid parsing issues during processing. type: bool multi: false - default: false \ No newline at end of file + default: false diff --git a/packages/azure/data_stream/firewall_logs/_dev/test/pipeline/test-networkrules-raw.log-expected.json b/packages/azure/data_stream/firewall_logs/_dev/test/pipeline/test-networkrules-raw.log-expected.json index 36b1da28fdb..cdedaab8057 100644 --- a/packages/azure/data_stream/firewall_logs/_dev/test/pipeline/test-networkrules-raw.log-expected.json +++ b/packages/azure/data_stream/firewall_logs/_dev/test/pipeline/test-networkrules-raw.log-expected.json @@ -424,7 +424,7 @@ "rule": { "name": "rule", "ruleset": "DNAT" - }, + }, "source": { "address": "192.168.0.2", "ip": "192.168.0.2", @@ -754,4 +754,4 @@ ] } ] -} +} \ No newline at end of file diff --git a/packages/azure/data_stream/firewall_logs/fields/ecs.yml b/packages/azure/data_stream/firewall_logs/fields/ecs.yml index 7cf456cbc90..89c1e6a5af4 100644 --- a/packages/azure/data_stream/firewall_logs/fields/ecs.yml +++ b/packages/azure/data_stream/firewall_logs/fields/ecs.yml @@ -95,22 +95,6 @@ external: ecs - name: source.port external: ecs -- name: geo.continent_name - external: ecs -- name: geo.country_iso_code - external: ecs -- name: geo.country_name - external: ecs -- name: geo.location - external: ecs -- name: geo.city_name - external: ecs -- name: geo.region_name - external: ecs -- name: geo.name - external: ecs -- name: geo.region_iso_code - external: ecs - name: log.level external: ecs - name: rule.id diff --git a/packages/azure/data_stream/firewall_logs/fields/fields.yml b/packages/azure/data_stream/firewall_logs/fields/fields.yml index 00bb1181163..dd284a7a77c 100644 --- a/packages/azure/data_stream/firewall_logs/fields/fields.yml +++ b/packages/azure/data_stream/firewall_logs/fields/fields.yml @@ -50,3 +50,39 @@ type: keyword description: | Operation name +# the following `geo` mappings are not allowed at root level in ECS, and are defined here for backward compatibility. +- name: geo + type: group + description: 'Geo fields can carry data about a specific location related to an event. + + This geolocation information can be derived from techniques such as Geo IP, or be user-supplied.' + fields: + - name: continent_name + type: keyword + description: Name of the continent. + - name: country_iso_code + type: keyword + description: Country ISO code. + - name: country_name + type: keyword + description: Country name. + - name: location + type: geo_point + description: Longitude and latitude. + - name: city_name + type: keyword + description: City name. + - name: region_name + type: keyword + description: Region name. + - name: region_iso_code + type: keyword + description: Region ISO code. + - name: name + type: keyword + description: 'User-defined description of a location, at the level of granularity they care about. + + Could be the name of their data centers, the floor number, if this describes a local physical entity, city names. + + Not typically used in automated geolocation.' + level: extended diff --git a/packages/azure/data_stream/firewall_logs/manifest.yml b/packages/azure/data_stream/firewall_logs/manifest.yml index f2767919648..cae1fcca559 100644 --- a/packages/azure/data_stream/firewall_logs/manifest.yml +++ b/packages/azure/data_stream/firewall_logs/manifest.yml @@ -23,6 +23,7 @@ streams: show_user: false description: > The storage account container where the integration stores the checkpoint data for the consumer group. It is an advanced option to use with extreme care. You MUST use a dedicated storage account container for each Azure log type (activity, sign-in, audit logs, and others). DO NOT REUSE the same container name for more than one Azure log type. See [Container Names](https://docs.microsoft.com/en-us/rest/api/storageservices/naming-and-referencing-containers--blobs--and-metadata#container-names) for details on naming rules from Microsoft. The integration generates a default container name if not specified. + - name: tags type: text title: Tags @@ -55,4 +56,4 @@ streams: description: Replaces single quotes with double quotes (single quotes inside double quotes are omitted) in logs to ensure proper formatting of JSON data and avoid parsing issues during processing. type: bool multi: false - default: false \ No newline at end of file + default: false diff --git a/packages/azure/data_stream/identity_protection/fields/agent.yml b/packages/azure/data_stream/identity_protection/fields/agent.yml index bca66ea4ae0..85704f4c1d4 100644 --- a/packages/azure/data_stream/identity_protection/fields/agent.yml +++ b/packages/azure/data_stream/identity_protection/fields/agent.yml @@ -33,8 +33,6 @@ external: ecs - name: host.id external: ecs -- name: host.ip - external: ecs - name: host.mac external: ecs - name: host.name diff --git a/packages/azure/data_stream/identity_protection/fields/ecs.yml b/packages/azure/data_stream/identity_protection/fields/ecs.yml index ec50849691a..8451f266e58 100644 --- a/packages/azure/data_stream/identity_protection/fields/ecs.yml +++ b/packages/azure/data_stream/identity_protection/fields/ecs.yml @@ -64,22 +64,6 @@ external: ecs - name: source.as.organization.name external: ecs -- name: geo.continent_name - external: ecs -- name: geo.country_iso_code - external: ecs -- name: geo.country_name - external: ecs -- name: geo.location - external: ecs -- name: geo.city_name - external: ecs -- name: geo.region_name - external: ecs -- name: geo.name - external: ecs -- name: geo.region_iso_code - external: ecs - name: log.level external: ecs - name: source.geo.city_name @@ -108,7 +92,5 @@ external: ecs - name: user.id external: ecs -- name: user.name - external: ecs - name: tags external: ecs diff --git a/packages/azure/data_stream/identity_protection/fields/fields.yml b/packages/azure/data_stream/identity_protection/fields/fields.yml index 66813e03ba4..545d2ac20d6 100644 --- a/packages/azure/data_stream/identity_protection/fields/fields.yml +++ b/packages/azure/data_stream/identity_protection/fields/fields.yml @@ -135,3 +135,39 @@ type: keyword - name: resource_tenant_id type: keyword +# the following `geo` mappings are not allowed at root level in ECS, and are defined here for backward compatibility. +- name: geo + type: group + description: 'Geo fields can carry data about a specific location related to an event. + + This geolocation information can be derived from techniques such as Geo IP, or be user-supplied.' + fields: + - name: continent_name + type: keyword + description: Name of the continent. + - name: country_iso_code + type: keyword + description: Country ISO code. + - name: country_name + type: keyword + description: Country name. + - name: location + type: geo_point + description: Longitude and latitude. + - name: city_name + type: keyword + description: City name. + - name: region_name + type: keyword + description: Region name. + - name: region_iso_code + type: keyword + description: Region ISO code. + - name: name + type: keyword + description: 'User-defined description of a location, at the level of granularity they care about. + + Could be the name of their data centers, the floor number, if this describes a local physical entity, city names. + + Not typically used in automated geolocation.' + level: extended diff --git a/packages/azure/data_stream/identity_protection/manifest.yml b/packages/azure/data_stream/identity_protection/manifest.yml index 1b15409fc2f..13f62caa784 100644 --- a/packages/azure/data_stream/identity_protection/manifest.yml +++ b/packages/azure/data_stream/identity_protection/manifest.yml @@ -24,6 +24,7 @@ streams: show_user: false description: > The storage account container where the integration stores the checkpoint data for the consumer group. It is an advanced option to use with extreme care. You MUST use a dedicated storage account container for each Azure log type (activity, sign-in, audit logs, and others). DO NOT REUSE the same container name for more than one Azure log type. See [Container Names](https://docs.microsoft.com/en-us/rest/api/storageservices/naming-and-referencing-containers--blobs--and-metadata#container-names) for details on naming rules from Microsoft. The integration generates a default container name if not specified. + - name: tags type: text title: Tags @@ -56,4 +57,4 @@ streams: description: Replaces single quotes with double quotes (single quotes inside double quotes are omitted) in logs to ensure proper formatting of JSON data and avoid parsing issues during processing. type: bool multi: false - default: false \ No newline at end of file + default: false diff --git a/packages/azure/data_stream/platformlogs/fields/agent.yml b/packages/azure/data_stream/platformlogs/fields/agent.yml index bca66ea4ae0..85704f4c1d4 100644 --- a/packages/azure/data_stream/platformlogs/fields/agent.yml +++ b/packages/azure/data_stream/platformlogs/fields/agent.yml @@ -33,8 +33,6 @@ external: ecs - name: host.id external: ecs -- name: host.ip - external: ecs - name: host.mac external: ecs - name: host.name diff --git a/packages/azure/data_stream/platformlogs/fields/ecs.yml b/packages/azure/data_stream/platformlogs/fields/ecs.yml index 0c09fd21a80..a2b068950f1 100644 --- a/packages/azure/data_stream/platformlogs/fields/ecs.yml +++ b/packages/azure/data_stream/platformlogs/fields/ecs.yml @@ -62,18 +62,6 @@ external: ecs - name: source.as.organization.name external: ecs -- name: geo.name - external: ecs -- name: geo.continent_name - external: ecs -- name: geo.country_iso_code - external: ecs -- name: geo.country_name - external: ecs -- name: geo.location - external: ecs -- name: geo.city_name - external: ecs - name: log.level external: ecs - name: source.geo.city_name @@ -102,8 +90,6 @@ external: ecs - name: user.id external: ecs -- name: user.name - external: ecs - name: tags external: ecs - name: client.ip diff --git a/packages/azure/data_stream/platformlogs/fields/fields.yml b/packages/azure/data_stream/platformlogs/fields/fields.yml index ce7005ad1d6..bd70dc4427c 100644 --- a/packages/azure/data_stream/platformlogs/fields/fields.yml +++ b/packages/azure/data_stream/platformlogs/fields/fields.yml @@ -79,3 +79,33 @@ description: > Result description +# the following `geo` mappings are not allowed at root level in ECS, and are defined here for backward compatibility. +- name: geo + type: group + description: 'Geo fields can carry data about a specific location related to an event. + + This geolocation information can be derived from techniques such as Geo IP, or be user-supplied.' + fields: + - name: continent_name + type: keyword + description: Name of the continent. + - name: country_iso_code + type: keyword + description: Country ISO code. + - name: country_name + type: keyword + description: Country name. + - name: location + type: geo_point + description: Longitude and latitude. + - name: city_name + type: keyword + description: City name. + - name: name + type: keyword + description: 'User-defined description of a location, at the level of granularity they care about. + + Could be the name of their data centers, the floor number, if this describes a local physical entity, city names. + + Not typically used in automated geolocation.' + level: extended diff --git a/packages/azure/data_stream/platformlogs/manifest.yml b/packages/azure/data_stream/platformlogs/manifest.yml index f96b20476eb..11e08919c96 100644 --- a/packages/azure/data_stream/platformlogs/manifest.yml +++ b/packages/azure/data_stream/platformlogs/manifest.yml @@ -23,6 +23,7 @@ streams: show_user: false description: > The storage account container where the integration stores the checkpoint data for the consumer group. It is an advanced option to use with extreme care. You MUST use a dedicated storage account container for each Azure log type (activity, sign-in, audit logs, and others). DO NOT REUSE the same container name for more than one Azure log type. See [Container Names](https://docs.microsoft.com/en-us/rest/api/storageservices/naming-and-referencing-containers--blobs--and-metadata#container-names) for details on naming rules from Microsoft. The integration generates a default container name if not specified. + - name: tags type: text title: Tags @@ -55,4 +56,4 @@ streams: description: Replaces single quotes with double quotes (single quotes inside double quotes are omitted) in logs to ensure proper formatting of JSON data and avoid parsing issues during processing. type: bool multi: false - default: false \ No newline at end of file + default: false diff --git a/packages/azure/data_stream/provisioning/fields/agent.yml b/packages/azure/data_stream/provisioning/fields/agent.yml index bca66ea4ae0..85704f4c1d4 100644 --- a/packages/azure/data_stream/provisioning/fields/agent.yml +++ b/packages/azure/data_stream/provisioning/fields/agent.yml @@ -33,8 +33,6 @@ external: ecs - name: host.id external: ecs -- name: host.ip - external: ecs - name: host.mac external: ecs - name: host.name diff --git a/packages/azure/data_stream/provisioning/fields/ecs.yml b/packages/azure/data_stream/provisioning/fields/ecs.yml index ec50849691a..8451f266e58 100644 --- a/packages/azure/data_stream/provisioning/fields/ecs.yml +++ b/packages/azure/data_stream/provisioning/fields/ecs.yml @@ -64,22 +64,6 @@ external: ecs - name: source.as.organization.name external: ecs -- name: geo.continent_name - external: ecs -- name: geo.country_iso_code - external: ecs -- name: geo.country_name - external: ecs -- name: geo.location - external: ecs -- name: geo.city_name - external: ecs -- name: geo.region_name - external: ecs -- name: geo.name - external: ecs -- name: geo.region_iso_code - external: ecs - name: log.level external: ecs - name: source.geo.city_name @@ -108,7 +92,5 @@ external: ecs - name: user.id external: ecs -- name: user.name - external: ecs - name: tags external: ecs diff --git a/packages/azure/data_stream/provisioning/fields/fields.yml b/packages/azure/data_stream/provisioning/fields/fields.yml index baf4e3f26c3..eaecc9e1dc2 100644 --- a/packages/azure/data_stream/provisioning/fields/fields.yml +++ b/packages/azure/data_stream/provisioning/fields/fields.yml @@ -237,3 +237,39 @@ type: keyword - name: dervice_principal_display_name type: keyword +# the following `geo` mappings are not allowed at root level in ECS, and are defined here for backward compatibility. +- name: geo + type: group + description: 'Geo fields can carry data about a specific location related to an event. + + This geolocation information can be derived from techniques such as Geo IP, or be user-supplied.' + fields: + - name: continent_name + type: keyword + description: Name of the continent. + - name: country_iso_code + type: keyword + description: Country ISO code. + - name: country_name + type: keyword + description: Country name. + - name: location + type: geo_point + description: Longitude and latitude. + - name: city_name + type: keyword + description: City name. + - name: region_name + type: keyword + description: Region name. + - name: region_iso_code + type: keyword + description: Region ISO code. + - name: name + type: keyword + description: 'User-defined description of a location, at the level of granularity they care about. + + Could be the name of their data centers, the floor number, if this describes a local physical entity, city names. + + Not typically used in automated geolocation.' + level: extended diff --git a/packages/azure/data_stream/provisioning/manifest.yml b/packages/azure/data_stream/provisioning/manifest.yml index 45eb1e9f5d0..a7a87f04431 100644 --- a/packages/azure/data_stream/provisioning/manifest.yml +++ b/packages/azure/data_stream/provisioning/manifest.yml @@ -24,6 +24,7 @@ streams: show_user: false description: > The storage account container where the integration stores the checkpoint data for the consumer group. It is an advanced option to use with extreme care. You MUST use a dedicated storage account container for each Azure log type (activity, sign-in, audit logs, and others). DO NOT REUSE the same container name for more than one Azure log type. See [Container Names](https://docs.microsoft.com/en-us/rest/api/storageservices/naming-and-referencing-containers--blobs--and-metadata#container-names) for details on naming rules from Microsoft. The integration generates a default container name if not specified. + - name: tags type: text title: Tags @@ -56,4 +57,4 @@ streams: description: Replaces single quotes with double quotes (single quotes inside double quotes are omitted) in logs to ensure proper formatting of JSON data and avoid parsing issues during processing. type: bool multi: false - default: false \ No newline at end of file + default: false diff --git a/packages/azure/data_stream/signinlogs/fields/agent.yml b/packages/azure/data_stream/signinlogs/fields/agent.yml index bca66ea4ae0..85704f4c1d4 100644 --- a/packages/azure/data_stream/signinlogs/fields/agent.yml +++ b/packages/azure/data_stream/signinlogs/fields/agent.yml @@ -33,8 +33,6 @@ external: ecs - name: host.id external: ecs -- name: host.ip - external: ecs - name: host.mac external: ecs - name: host.name diff --git a/packages/azure/data_stream/signinlogs/fields/ecs.yml b/packages/azure/data_stream/signinlogs/fields/ecs.yml index 0dc61a920f7..c24550048cc 100644 --- a/packages/azure/data_stream/signinlogs/fields/ecs.yml +++ b/packages/azure/data_stream/signinlogs/fields/ecs.yml @@ -64,16 +64,6 @@ external: ecs - name: source.as.organization.name external: ecs -- name: geo.continent_name - external: ecs -- name: geo.country_iso_code - external: ecs -- name: geo.country_name - external: ecs -- name: geo.location - external: ecs -- name: geo.city_name - external: ecs - name: log.level external: ecs - name: source.geo.city_name @@ -104,8 +94,6 @@ external: ecs - name: user.id external: ecs -- name: user.name - external: ecs - name: user_agent.device.name external: ecs - name: user_agent.name diff --git a/packages/azure/data_stream/signinlogs/fields/fields.yml b/packages/azure/data_stream/signinlogs/fields/fields.yml index af2f924aa64..b6092bdcc09 100644 --- a/packages/azure/data_stream/signinlogs/fields/fields.yml +++ b/packages/azure/data_stream/signinlogs/fields/fields.yml @@ -159,11 +159,11 @@ description: | If the device is managed - name: applied_conditional_access_policies - type: array + type: flattened description: | A list of conditional access policies that are triggered by the corresponding sign-in activity. - name: authentication_details - type: array + type: flattened description: | The result of the authentication attempt and additional details on the authentication method. - name: authentication_processing_details @@ -183,7 +183,7 @@ - name: home_tenant_id type: keyword - name: network_location_details - type: array + type: flattened description: The network location details including the type of network used and its names. - name: resource_id type: keyword @@ -226,3 +226,25 @@ - name: service_principal_credential_key_id type: keyword description: Key id of the service principal that initiated the sign-in. +# the following `geo` mappings are not allowed at root level in ECS, and are defined here for backward compatibility. +- name: geo + type: group + description: 'Geo fields can carry data about a specific location related to an event. + + This geolocation information can be derived from techniques such as Geo IP, or be user-supplied.' + fields: + - name: continent_name + type: keyword + description: Name of the continent. + - name: country_iso_code + type: keyword + description: Country ISO code. + - name: country_name + type: keyword + description: Country name. + - name: location + type: geo_point + description: Longitude and latitude. + - name: city_name + type: keyword + description: City name. diff --git a/packages/azure/data_stream/signinlogs/manifest.yml b/packages/azure/data_stream/signinlogs/manifest.yml index d717e33f663..ba574effdbf 100644 --- a/packages/azure/data_stream/signinlogs/manifest.yml +++ b/packages/azure/data_stream/signinlogs/manifest.yml @@ -15,6 +15,7 @@ streams: show_user: false description: > The storage account container where the integration stores the checkpoint data for the consumer group. It is an advanced option to use with extreme care. You MUST use a dedicated storage account container for each Azure log type (activity, sign-in, audit logs, and others). DO NOT REUSE the same container name for more than one Azure log type. See [Container Names](https://docs.microsoft.com/en-us/rest/api/storageservices/naming-and-referencing-containers--blobs--and-metadata#container-names) for details on naming rules from Microsoft. The integration generates a default container name if not specified. + - name: tags type: text title: Tags @@ -40,6 +41,7 @@ streams: show_user: false description: > Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata. This executes in the agent before the logs are parsed. See [Processors](https://www.elastic.co/guide/en/beats/filebeat/current/filtering-and-enhancing-data.html) for details. + - name: sanitize_newlines type: bool title: Sanitizes New Lines @@ -55,4 +57,4 @@ streams: description: Replaces single quotes with double quotes (single quotes inside double quotes are omitted) in logs to ensure proper formatting of JSON data and avoid parsing issues during processing. type: bool multi: false - default: false \ No newline at end of file + default: false diff --git a/packages/azure/data_stream/springcloudlogs/fields/agent.yml b/packages/azure/data_stream/springcloudlogs/fields/agent.yml index bca66ea4ae0..85704f4c1d4 100644 --- a/packages/azure/data_stream/springcloudlogs/fields/agent.yml +++ b/packages/azure/data_stream/springcloudlogs/fields/agent.yml @@ -33,8 +33,6 @@ external: ecs - name: host.id external: ecs -- name: host.ip - external: ecs - name: host.mac external: ecs - name: host.name diff --git a/packages/azure/data_stream/springcloudlogs/fields/ecs.yml b/packages/azure/data_stream/springcloudlogs/fields/ecs.yml index 332af0ca978..8451f266e58 100644 --- a/packages/azure/data_stream/springcloudlogs/fields/ecs.yml +++ b/packages/azure/data_stream/springcloudlogs/fields/ecs.yml @@ -64,16 +64,6 @@ external: ecs - name: source.as.organization.name external: ecs -- name: geo.continent_name - external: ecs -- name: geo.country_iso_code - external: ecs -- name: geo.country_name - external: ecs -- name: geo.location - external: ecs -- name: geo.city_name - external: ecs - name: log.level external: ecs - name: source.geo.city_name @@ -102,9 +92,5 @@ external: ecs - name: user.id external: ecs -- name: user.name - external: ecs - name: tags external: ecs -- name: geo.name - external: ecs diff --git a/packages/azure/data_stream/springcloudlogs/fields/fields.yml b/packages/azure/data_stream/springcloudlogs/fields/fields.yml index 3dfbad49030..e64d7c30b91 100644 --- a/packages/azure/data_stream/springcloudlogs/fields/fields.yml +++ b/packages/azure/data_stream/springcloudlogs/fields/fields.yml @@ -80,3 +80,33 @@ type: keyword description: >- Type +# the following `geo` mappings are not allowed at root level in ECS, and are defined here for backward compatibility. +- name: geo + type: group + description: 'Geo fields can carry data about a specific location related to an event. + + This geolocation information can be derived from techniques such as Geo IP, or be user-supplied.' + fields: + - name: continent_name + type: keyword + description: Name of the continent. + - name: country_iso_code + type: keyword + description: Country ISO code. + - name: country_name + type: keyword + description: Country name. + - name: location + type: geo_point + description: Longitude and latitude. + - name: city_name + type: keyword + description: City name. + - name: name + type: keyword + description: 'User-defined description of a location, at the level of granularity they care about. + + Could be the name of their data centers, the floor number, if this describes a local physical entity, city names. + + Not typically used in automated geolocation.' + level: extended diff --git a/packages/azure/data_stream/springcloudlogs/manifest.yml b/packages/azure/data_stream/springcloudlogs/manifest.yml index 42cd491ba62..f2b8c868f7d 100644 --- a/packages/azure/data_stream/springcloudlogs/manifest.yml +++ b/packages/azure/data_stream/springcloudlogs/manifest.yml @@ -23,6 +23,7 @@ streams: show_user: false description: > The storage account container where the integration stores the checkpoint data for the consumer group. It is an advanced option to use with extreme care. You MUST use a dedicated storage account container for each Azure log type (activity, sign-in, audit logs, and others). DO NOT REUSE the same container name for more than one Azure log type. See [Container Names](https://docs.microsoft.com/en-us/rest/api/storageservices/naming-and-referencing-containers--blobs--and-metadata#container-names) for details on naming rules from Microsoft. The integration generates a default container name if not specified. + - name: tags type: text title: Tags @@ -55,4 +56,4 @@ streams: description: Replaces single quotes with double quotes (single quotes inside double quotes are omitted) in logs to ensure proper formatting of JSON data and avoid parsing issues during processing. type: bool multi: false - default: false \ No newline at end of file + default: false diff --git a/packages/azure/docs/adlogs.md b/packages/azure/docs/adlogs.md index 07851d4e8ab..69374be6dcd 100644 --- a/packages/azure/docs/adlogs.md +++ b/packages/azure/docs/adlogs.md @@ -227,8 +227,8 @@ An example event for `signinlogs` looks as following: | azure.signinlogs.operation_version | The operation version | keyword | | azure.signinlogs.properties.app_display_name | App display name | keyword | | azure.signinlogs.properties.app_id | App ID | keyword | -| azure.signinlogs.properties.applied_conditional_access_policies | A list of conditional access policies that are triggered by the corresponding sign-in activity. | array | -| azure.signinlogs.properties.authentication_details | The result of the authentication attempt and additional details on the authentication method. | array | +| azure.signinlogs.properties.applied_conditional_access_policies | A list of conditional access policies that are triggered by the corresponding sign-in activity. | flattened | +| azure.signinlogs.properties.authentication_details | The result of the authentication attempt and additional details on the authentication method. | flattened | | azure.signinlogs.properties.authentication_processing_details | Additional authentication processing details, such as the agent name in case of PTA/PHS or Server/farm name in case of federated authentication. | flattened | | azure.signinlogs.properties.authentication_protocol | Authentication protocol type. | keyword | | azure.signinlogs.properties.authentication_requirement | This holds the highest level of authentication needed through all the sign-in steps, for sign-in to succeed. | keyword | @@ -252,7 +252,7 @@ An example event for `signinlogs` looks as following: | azure.signinlogs.properties.incoming_token_type | Incoming token type. | keyword | | azure.signinlogs.properties.is_interactive | Is interactive | boolean | | azure.signinlogs.properties.is_tenant_restricted | | boolean | -| azure.signinlogs.properties.network_location_details | The network location details including the type of network used and its names. | array | +| azure.signinlogs.properties.network_location_details | The network location details including the type of network used and its names. | flattened | | azure.signinlogs.properties.original_request_id | Original request ID | keyword | | azure.signinlogs.properties.processing_time_ms | Processing time in milliseconds | float | | azure.signinlogs.properties.resource_display_name | Resource display name | keyword | @@ -998,6 +998,7 @@ An example event for `auditlogs` looks as following: | azure.auditlogs.operation_version | The operation version | keyword | | azure.auditlogs.properties.activity_datetime | Activity timestamp | date | | azure.auditlogs.properties.activity_display_name | Activity display name | keyword | +| azure.auditlogs.properties.additional_details.user_agent | User agent name. | keyword | | azure.auditlogs.properties.authentication_protocol | Authentication protocol type. | keyword | | azure.auditlogs.properties.category | category | keyword | | azure.auditlogs.properties.correlation_id | Correlation ID | keyword | diff --git a/packages/azure/kibana/dashboard/azure-1e5c9b50-f24a-11ec-a5a8-bf965bcd5646.json b/packages/azure/kibana/dashboard/azure-1e5c9b50-f24a-11ec-a5a8-bf965bcd5646.json index 2d96f804c6b..f671f04845d 100644 --- a/packages/azure/kibana/dashboard/azure-1e5c9b50-f24a-11ec-a5a8-bf965bcd5646.json +++ b/packages/azure/kibana/dashboard/azure-1e5c9b50-f24a-11ec-a5a8-bf965bcd5646.json @@ -1,1555 +1,1555 @@ { - "id": "azure-1e5c9b50-f24a-11ec-a5a8-bf965bcd5646", - "type": "dashboard", - "namespaces": [ - "default" - ], - "updated_at": "2023-03-07T09:38:25.166Z", - "created_at": "2023-03-07T09:38:25.166Z", - "version": "WzExMjc2LDFd", - "attributes": { - "controlGroupInput": { - "chainingSystem": "HIERARCHICAL", - "controlStyle": "oneLine", - "ignoreParentSettingsJSON": "{\"ignoreFilters\":false,\"ignoreQuery\":false,\"ignoreTimerange\":false,\"ignoreValidations\":false}", - "panelsJSON": "{\"7cbe886c-4cc4-4fec-beff-7336b0965067\":{\"order\":0,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"cloud.account.id\",\"title\":\"Subscription\",\"id\":\"7cbe886c-4cc4-4fec-beff-7336b0965067\",\"enhancements\":{}}},\"3ae71a2b-35ee-4659-b6b5-c2ea9e1ab609\":{\"order\":1,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"observer.name\",\"title\":\"Firewall \",\"id\":\"3ae71a2b-35ee-4659-b6b5-c2ea9e1ab609\",\"enhancements\":{}}}}" - }, - "description": "Dashboard providing statistics about alerts ingested from the Azure Firewall Application Rule Log events.", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "azure.firewall_logs" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "azure.firewall_logs" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "key": "azure.firewall.operation_name", - "negate": false, - "params": { - "query": "AzureFirewallApplicationRuleLog" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "azure.firewall.operation_name": "AzureFirewallApplicationRuleLog" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": false, - "useMargins": true - }, - "panelsJSON": [ - { - "version": "8.6.0", - "type": "visualization", - "gridData": { - "h": 14, - "i": "258f7245-5011-4f03-bcd3-cada0180dc7a", - "w": 24, - "x": 0, - "y": 0 - }, - "panelIndex": "258f7245-5011-4f03-bcd3-cada0180dc7a", - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "data": { - "aggs": [], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "description": "", - "id": "", - "params": { - "fontSize": 12, - "markdown": "**Navigation**\n\n[Overview](/app/dashboards#/view/auzre-280493a0-f1a1-11ec-a5a8-bf965bcd5646) \n[Network Rule Logs](/app/dashboards#/view/azure-91224490-f1a6-11ec-a5a8-bf965bcd5646) \n[Network NAT Rule Logs](/app/dashboards#/view/azure-8731b980-f1aa-11ec-a5a8-bf965bcd5646) \n**[Application Rule Logs (This Page)](/app/dashboards#/view/azure-1e5c9b50-f24a-11ec-a5a8-bf965bcd5646)** \n[DNS Proxy Logs](/app/dashboards#/view/azure-cad82b40-f251-11ec-a5a8-bf965bcd5646)\n\n[Integrations Page](/app/integrations/detail/azure/overview?integration=firewall_logs) \n\n**Overview**\n\nThis dashboard provides an overall view of Azure Firewall Application Rule Log events.", - "openLinksInNewTab": false - }, - "title": "", - "type": "markdown", - "uiState": {} - }, - "type": "visualization" - } - }, - { - "version": "8.6.0", - "type": "lens", - "gridData": { - "h": 7, - "i": "dfcf4383-4ce2-42a2-b0a9-a48dbf39db64", - "w": 8, - "x": 24, - "y": 0 + "id": "azure-1e5c9b50-f24a-11ec-a5a8-bf965bcd5646", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2023-03-07T09:38:25.166Z", + "created_at": "2023-03-07T09:38:25.166Z", + "version": "WzExMjc2LDFd", + "attributes": { + "controlGroupInput": { + "chainingSystem": "HIERARCHICAL", + "controlStyle": "oneLine", + "ignoreParentSettingsJSON": "{\"ignoreFilters\":false,\"ignoreQuery\":false,\"ignoreTimerange\":false,\"ignoreValidations\":false}", + "panelsJSON": "{\"7cbe886c-4cc4-4fec-beff-7336b0965067\":{\"order\":0,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"cloud.account.id\",\"title\":\"Subscription\",\"id\":\"7cbe886c-4cc4-4fec-beff-7336b0965067\",\"enhancements\":{}}},\"3ae71a2b-35ee-4659-b6b5-c2ea9e1ab609\":{\"order\":1,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"observer.name\",\"title\":\"Firewall \",\"id\":\"3ae71a2b-35ee-4659-b6b5-c2ea9e1ab609\",\"enhancements\":{}}}}" }, - "panelIndex": "dfcf4383-4ce2-42a2-b0a9-a48dbf39db64", - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "formBased": { - "layers": { - "454630b2-cff5-45ab-9cfc-ec19c5aeb97a": { - "columnOrder": [ - "fe432a5c-5813-4a13-948e-ea6d83ec8c40", - "fe432a5c-5813-4a13-948e-ea6d83ec8c40X0" - ], - "columns": { - "fe432a5c-5813-4a13-948e-ea6d83ec8c40": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Unique Source IPs", - "operationType": "formula", - "params": { - "formula": "unique_count(source.ip)", - "isFormulaBroken": false - }, - "references": [ - "fe432a5c-5813-4a13-948e-ea6d83ec8c40X0" - ], - "scale": "ratio" + "description": "Dashboard providing statistics about alerts ingested from the Azure Firewall Application Rule Log events.", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "azure.firewall_logs" + }, + "type": "phrase" }, - "fe432a5c-5813-4a13-948e-ea6d83ec8c40X0": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Part of unique_count(source.ip)", - "operationType": "unique_count", - "scale": "ratio", - "sourceField": "source.ip" + "query": { + "match_phrase": { + "data_stream.dataset": "azure.firewall_logs" + } } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "accessor": "fe432a5c-5813-4a13-948e-ea6d83ec8c40", - "layerId": "454630b2-cff5-45ab-9cfc-ec19c5aeb97a", - "layerType": "data", - "textAlign": "center", - "titlePosition": "bottom", - "size": "xl" - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsLegacyMetric" - }, - "enhancements": {}, - "hidePanelTitles": false, - "type": "lens" - }, - "title": "Unique Source IPs" - }, - { - "version": "8.6.0", - "type": "lens", - "gridData": { - "h": 7, - "i": "4c85d573-baea-49ca-bb9e-4013a0373da7", - "w": 8, - "x": 32, - "y": 0 - }, - "panelIndex": "4c85d573-baea-49ca-bb9e-4013a0373da7", - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "formBased": { - "layers": { - "454630b2-cff5-45ab-9cfc-ec19c5aeb97a": { - "columnOrder": [ - "fe432a5c-5813-4a13-948e-ea6d83ec8c40", - "fe432a5c-5813-4a13-948e-ea6d83ec8c40X0" - ], - "columns": { - "fe432a5c-5813-4a13-948e-ea6d83ec8c40": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Unique Destination IPs", - "operationType": "formula", - "params": { - "formula": "unique_count(destination.ip)", - "isFormulaBroken": false - }, - "references": [ - "fe432a5c-5813-4a13-948e-ea6d83ec8c40X0" - ], - "scale": "ratio" + }, + { + "$state": { + "store": "appState" }, - "fe432a5c-5813-4a13-948e-ea6d83ec8c40X0": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Part of Unique Source IPs", - "operationType": "unique_count", - "scale": "ratio", - "sourceField": "destination.ip" + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "azure.firewall.operation_name", + "negate": false, + "params": { + "query": "AzureFirewallApplicationRuleLog" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "azure.firewall.operation_name": "AzureFirewallApplicationRuleLog" + } } - }, - "incompleteColumns": {} } - } + ], + "query": { + "language": "kuery", + "query": "" } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "accessor": "fe432a5c-5813-4a13-948e-ea6d83ec8c40", - "layerId": "454630b2-cff5-45ab-9cfc-ec19c5aeb97a", - "layerType": "data", - "textAlign": "center", - "titlePosition": "bottom", - "size": "xl" - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsLegacyMetric" - }, - "enhancements": {}, - "hidePanelTitles": false, - "type": "lens" + } }, - "title": "Unique Destination IPs" - }, - { - "version": "8.6.0", - "type": "lens", - "gridData": { - "h": 7, - "i": "b0b8c30c-2096-49ee-95b3-9adbf27808e5", - "w": 8, - "x": 24, - "y": 7 + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "useMargins": true }, - "panelIndex": "b0b8c30c-2096-49ee-95b3-9adbf27808e5", - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "formBased": { - "layers": { - "454630b2-cff5-45ab-9cfc-ec19c5aeb97a": { - "columnOrder": [ - "fe432a5c-5813-4a13-948e-ea6d83ec8c40", - "fe432a5c-5813-4a13-948e-ea6d83ec8c40X0" - ], - "columns": { - "fe432a5c-5813-4a13-948e-ea6d83ec8c40": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Unique Source Countries", - "operationType": "formula", - "params": { - "formula": "unique_count(source.geo.country_name)", - "isFormulaBroken": false - }, - "references": [ - "fe432a5c-5813-4a13-948e-ea6d83ec8c40X0" - ], - "scale": "ratio" + "panelsJSON": [ + { + "version": "8.6.0", + "type": "visualization", + "gridData": { + "h": 14, + "i": "258f7245-5011-4f03-bcd3-cada0180dc7a", + "w": 24, + "x": 0, + "y": 0 + }, + "panelIndex": "258f7245-5011-4f03-bcd3-cada0180dc7a", + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } }, - "fe432a5c-5813-4a13-948e-ea6d83ec8c40X0": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Part of Unique Source IPs", - "operationType": "unique_count", - "scale": "ratio", - "sourceField": "source.geo.country_name" - } - }, - "incompleteColumns": {} - } - } + "description": "", + "id": "", + "params": { + "fontSize": 12, + "markdown": "**Navigation**\n\n[Overview](/app/dashboards#/view/auzre-280493a0-f1a1-11ec-a5a8-bf965bcd5646) \n[Network Rule Logs](/app/dashboards#/view/azure-91224490-f1a6-11ec-a5a8-bf965bcd5646) \n[Network NAT Rule Logs](/app/dashboards#/view/azure-8731b980-f1aa-11ec-a5a8-bf965bcd5646) \n**[Application Rule Logs (This Page)](/app/dashboards#/view/azure-1e5c9b50-f24a-11ec-a5a8-bf965bcd5646)** \n[DNS Proxy Logs](/app/dashboards#/view/azure-cad82b40-f251-11ec-a5a8-bf965bcd5646)\n\n[Integrations Page](/app/integrations/detail/azure/overview?integration=firewall_logs) \n\n**Overview**\n\nThis dashboard provides an overall view of Azure Firewall Application Rule Log events.", + "openLinksInNewTab": false + }, + "title": "", + "type": "markdown", + "uiState": {} + }, + "type": "visualization" } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "accessor": "fe432a5c-5813-4a13-948e-ea6d83ec8c40", - "layerId": "454630b2-cff5-45ab-9cfc-ec19c5aeb97a", - "layerType": "data", - "textAlign": "center", - "titlePosition": "bottom", - "size": "xl" - } }, - "title": "", - "type": "lens", - "visualizationType": "lnsLegacyMetric" - }, - "enhancements": {}, - "hidePanelTitles": false, - "type": "lens" - }, - "title": "Unique Source Countries" - }, - { - "version": "8.6.0", - "type": "lens", - "gridData": { - "h": 7, - "i": "e0be3094-1544-4c59-858c-05320b57c3a7", - "w": 8, - "x": 32, - "y": 7 - }, - "panelIndex": "e0be3094-1544-4c59-858c-05320b57c3a7", - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "formBased": { - "layers": { - "454630b2-cff5-45ab-9cfc-ec19c5aeb97a": { - "columnOrder": [ - "fe432a5c-5813-4a13-948e-ea6d83ec8c40", - "fe432a5c-5813-4a13-948e-ea6d83ec8c40X0" - ], - "columns": { - "fe432a5c-5813-4a13-948e-ea6d83ec8c40": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Unique Destination Countries", - "operationType": "formula", - "params": { - "formula": "unique_count(destination.geo.country_name)", - "isFormulaBroken": false - }, - "references": [ - "fe432a5c-5813-4a13-948e-ea6d83ec8c40X0" - ], - "scale": "ratio" + { + "version": "8.6.0", + "type": "lens", + "gridData": { + "h": 7, + "i": "dfcf4383-4ce2-42a2-b0a9-a48dbf39db64", + "w": 8, + "x": 24, + "y": 0 + }, + "panelIndex": "dfcf4383-4ce2-42a2-b0a9-a48dbf39db64", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "formBased": { + "layers": { + "454630b2-cff5-45ab-9cfc-ec19c5aeb97a": { + "columnOrder": [ + "fe432a5c-5813-4a13-948e-ea6d83ec8c40", + "fe432a5c-5813-4a13-948e-ea6d83ec8c40X0" + ], + "columns": { + "fe432a5c-5813-4a13-948e-ea6d83ec8c40": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Unique Source IPs", + "operationType": "formula", + "params": { + "formula": "unique_count(source.ip)", + "isFormulaBroken": false + }, + "references": [ + "fe432a5c-5813-4a13-948e-ea6d83ec8c40X0" + ], + "scale": "ratio" + }, + "fe432a5c-5813-4a13-948e-ea6d83ec8c40X0": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Part of unique_count(source.ip)", + "operationType": "unique_count", + "scale": "ratio", + "sourceField": "source.ip" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "accessor": "fe432a5c-5813-4a13-948e-ea6d83ec8c40", + "layerId": "454630b2-cff5-45ab-9cfc-ec19c5aeb97a", + "layerType": "data", + "textAlign": "center", + "titlePosition": "bottom", + "size": "xl" + } }, - "fe432a5c-5813-4a13-948e-ea6d83ec8c40X0": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Part of Unique Source Countries", - "operationType": "unique_count", - "scale": "ratio", - "sourceField": "destination.geo.country_name" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "accessor": "fe432a5c-5813-4a13-948e-ea6d83ec8c40", - "layerId": "454630b2-cff5-45ab-9cfc-ec19c5aeb97a", - "layerType": "data", - "textAlign": "center", - "titlePosition": "bottom", - "size": "xl" - } + "title": "", + "type": "lens", + "visualizationType": "lnsLegacyMetric" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" + }, + "title": "Unique Source IPs" }, - "title": "", - "type": "lens", - "visualizationType": "lnsLegacyMetric" - }, - "enhancements": {}, - "hidePanelTitles": false, - "type": "lens" - }, - "title": "Unique Destination Countries" - }, - { - "version": "8.6.0", - "type": "lens", - "gridData": { - "h": 7, - "i": "673dd2b3-e271-4ad9-9b86-83e4e1070647", - "w": 8, - "x": 40, - "y": 0 - }, - "panelIndex": "673dd2b3-e271-4ad9-9b86-83e4e1070647", - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "formBased": { - "layers": { - "454630b2-cff5-45ab-9cfc-ec19c5aeb97a": { - "columnOrder": [ - "fe432a5c-5813-4a13-948e-ea6d83ec8c40", - "fe432a5c-5813-4a13-948e-ea6d83ec8c40X0" - ], - "columns": { - "fe432a5c-5813-4a13-948e-ea6d83ec8c40": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Unique Network Protocols", - "operationType": "formula", - "params": { - "formula": "unique_count(network.protocol)", - "isFormulaBroken": false - }, - "references": [ - "fe432a5c-5813-4a13-948e-ea6d83ec8c40X0" - ], - "scale": "ratio" + { + "version": "8.6.0", + "type": "lens", + "gridData": { + "h": 7, + "i": "4c85d573-baea-49ca-bb9e-4013a0373da7", + "w": 8, + "x": 32, + "y": 0 + }, + "panelIndex": "4c85d573-baea-49ca-bb9e-4013a0373da7", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "formBased": { + "layers": { + "454630b2-cff5-45ab-9cfc-ec19c5aeb97a": { + "columnOrder": [ + "fe432a5c-5813-4a13-948e-ea6d83ec8c40", + "fe432a5c-5813-4a13-948e-ea6d83ec8c40X0" + ], + "columns": { + "fe432a5c-5813-4a13-948e-ea6d83ec8c40": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Unique Destination IPs", + "operationType": "formula", + "params": { + "formula": "unique_count(destination.ip)", + "isFormulaBroken": false + }, + "references": [ + "fe432a5c-5813-4a13-948e-ea6d83ec8c40X0" + ], + "scale": "ratio" + }, + "fe432a5c-5813-4a13-948e-ea6d83ec8c40X0": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Part of Unique Source IPs", + "operationType": "unique_count", + "scale": "ratio", + "sourceField": "destination.ip" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "accessor": "fe432a5c-5813-4a13-948e-ea6d83ec8c40", + "layerId": "454630b2-cff5-45ab-9cfc-ec19c5aeb97a", + "layerType": "data", + "textAlign": "center", + "titlePosition": "bottom", + "size": "xl" + } }, - "fe432a5c-5813-4a13-948e-ea6d83ec8c40X0": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Part of Unique Rules", - "operationType": "unique_count", - "scale": "ratio", - "sourceField": "network.protocol" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "accessor": "fe432a5c-5813-4a13-948e-ea6d83ec8c40", - "layerId": "454630b2-cff5-45ab-9cfc-ec19c5aeb97a", - "layerType": "data", - "textAlign": "center", - "titlePosition": "bottom", - "size": "xl" - } + "title": "", + "type": "lens", + "visualizationType": "lnsLegacyMetric" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" + }, + "title": "Unique Destination IPs" }, - "title": "", - "type": "lens", - "visualizationType": "lnsLegacyMetric" - }, - "enhancements": {}, - "hidePanelTitles": false, - "type": "lens" - }, - "title": "Unique Network Protocols" - }, - { - "version": "8.6.0", - "type": "lens", - "gridData": { - "h": 15, - "i": "ce8caf3c-c830-4500-a4bf-66a9f354cd49", - "w": 12, - "x": 0, - "y": 14 - }, - "panelIndex": "ce8caf3c-c830-4500-a4bf-66a9f354cd49", - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "formBased": { - "layers": { - "a5c93c96-5038-49e1-acca-2e876257c059": { - "columnOrder": [ - "b2d72986-1818-4a93-9155-2a66cd00eca4", - "e1f00395-a8a7-42c9-9ce1-a20ec14edf63" - ], - "columns": { - "b2d72986-1818-4a93-9155-2a66cd00eca4": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Firewall", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "e1f00395-a8a7-42c9-9ce1-a20ec14edf63", - "type": "column" + { + "version": "8.6.0", + "type": "lens", + "gridData": { + "h": 7, + "i": "b0b8c30c-2096-49ee-95b3-9adbf27808e5", + "w": 8, + "x": 24, + "y": 7 + }, + "panelIndex": "b0b8c30c-2096-49ee-95b3-9adbf27808e5", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "formBased": { + "layers": { + "454630b2-cff5-45ab-9cfc-ec19c5aeb97a": { + "columnOrder": [ + "fe432a5c-5813-4a13-948e-ea6d83ec8c40", + "fe432a5c-5813-4a13-948e-ea6d83ec8c40X0" + ], + "columns": { + "fe432a5c-5813-4a13-948e-ea6d83ec8c40": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Unique Source Countries", + "operationType": "formula", + "params": { + "formula": "unique_count(source.geo.country_name)", + "isFormulaBroken": false + }, + "references": [ + "fe432a5c-5813-4a13-948e-ea6d83ec8c40X0" + ], + "scale": "ratio" + }, + "fe432a5c-5813-4a13-948e-ea6d83ec8c40X0": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Part of Unique Source IPs", + "operationType": "unique_count", + "scale": "ratio", + "sourceField": "source.geo.country_name" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "observer.name" + "visualization": { + "accessor": "fe432a5c-5813-4a13-948e-ea6d83ec8c40", + "layerId": "454630b2-cff5-45ab-9cfc-ec19c5aeb97a", + "layerType": "data", + "textAlign": "center", + "titlePosition": "bottom", + "size": "xl" + } }, - "e1f00395-a8a7-42c9-9ce1-a20ec14edf63": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "scale": "ratio", - "sourceField": "___records___" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "columns": [ - { - "columnId": "b2d72986-1818-4a93-9155-2a66cd00eca4", - "isTransposed": false - }, - { - "columnId": "e1f00395-a8a7-42c9-9ce1-a20ec14edf63", - "isTransposed": false - } - ], - "layerId": "a5c93c96-5038-49e1-acca-2e876257c059", - "layerType": "data", - "rowHeight": "single", - "rowHeightLines": 1 - } + "title": "", + "type": "lens", + "visualizationType": "lnsLegacyMetric" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" + }, + "title": "Unique Source Countries" }, - "title": "", - "type": "lens", - "visualizationType": "lnsDatatable" - }, - "enhancements": {}, - "hidePanelTitles": false, - "type": "lens" - }, - "title": "Top Event Generating Firewalls" - }, - { - "version": "8.6.0", - "type": "lens", - "gridData": { - "h": 15, - "i": "2148efa5-f130-4751-909d-6a79eed2e16b", - "w": 12, - "x": 12, - "y": 14 - }, - "panelIndex": "2148efa5-f130-4751-909d-6a79eed2e16b", - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-77c8c7dc-b073-4d7c-8403-b25ee4647152", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "formBased": { - "layers": { - "77c8c7dc-b073-4d7c-8403-b25ee4647152": { - "columnOrder": [ - "f49ff962-9e8a-4170-a0d8-54cee9438651", - "0e88e9b7-a2b1-4634-95c1-a7d38dce70a6" - ], - "columns": { - "0e88e9b7-a2b1-4634-95c1-a7d38dce70a6": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "scale": "ratio", - "sourceField": "___records___" + { + "version": "8.6.0", + "type": "lens", + "gridData": { + "h": 7, + "i": "e0be3094-1544-4c59-858c-05320b57c3a7", + "w": 8, + "x": 32, + "y": 7 + }, + "panelIndex": "e0be3094-1544-4c59-858c-05320b57c3a7", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "formBased": { + "layers": { + "454630b2-cff5-45ab-9cfc-ec19c5aeb97a": { + "columnOrder": [ + "fe432a5c-5813-4a13-948e-ea6d83ec8c40", + "fe432a5c-5813-4a13-948e-ea6d83ec8c40X0" + ], + "columns": { + "fe432a5c-5813-4a13-948e-ea6d83ec8c40": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Unique Destination Countries", + "operationType": "formula", + "params": { + "formula": "unique_count(destination.geo.country_name)", + "isFormulaBroken": false + }, + "references": [ + "fe432a5c-5813-4a13-948e-ea6d83ec8c40X0" + ], + "scale": "ratio" + }, + "fe432a5c-5813-4a13-948e-ea6d83ec8c40X0": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Part of Unique Source Countries", + "operationType": "unique_count", + "scale": "ratio", + "sourceField": "destination.geo.country_name" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "accessor": "fe432a5c-5813-4a13-948e-ea6d83ec8c40", + "layerId": "454630b2-cff5-45ab-9cfc-ec19c5aeb97a", + "layerType": "data", + "textAlign": "center", + "titlePosition": "bottom", + "size": "xl" + } }, - "f49ff962-9e8a-4170-a0d8-54cee9438651": { - "dataType": "string", - "isBucketed": true, - "label": "Top values of source.geo.country_name", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "0e88e9b7-a2b1-4634-95c1-a7d38dce70a6", - "type": "column" + "title": "", + "type": "lens", + "visualizationType": "lnsLegacyMetric" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" + }, + "title": "Unique Destination Countries" + }, + { + "version": "8.6.0", + "type": "lens", + "gridData": { + "h": 7, + "i": "673dd2b3-e271-4ad9-9b86-83e4e1070647", + "w": 8, + "x": 40, + "y": 0 + }, + "panelIndex": "673dd2b3-e271-4ad9-9b86-83e4e1070647", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "source.geo.country_name" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "layerId": "77c8c7dc-b073-4d7c-8403-b25ee4647152", - "layerType": "data", - "legendDisplay": "default", - "nestedLegend": false, - "numberDisplay": "percent", - "legendSize": "auto", - "primaryGroups": [ - "f49ff962-9e8a-4170-a0d8-54cee9438651" - ], - "metrics": [ - "0e88e9b7-a2b1-4634-95c1-a7d38dce70a6" - ] - } - ], - "shape": "pie" - } + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "formBased": { + "layers": { + "454630b2-cff5-45ab-9cfc-ec19c5aeb97a": { + "columnOrder": [ + "fe432a5c-5813-4a13-948e-ea6d83ec8c40", + "fe432a5c-5813-4a13-948e-ea6d83ec8c40X0" + ], + "columns": { + "fe432a5c-5813-4a13-948e-ea6d83ec8c40": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Unique Network Protocols", + "operationType": "formula", + "params": { + "formula": "unique_count(network.protocol)", + "isFormulaBroken": false + }, + "references": [ + "fe432a5c-5813-4a13-948e-ea6d83ec8c40X0" + ], + "scale": "ratio" + }, + "fe432a5c-5813-4a13-948e-ea6d83ec8c40X0": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Part of Unique Rules", + "operationType": "unique_count", + "scale": "ratio", + "sourceField": "network.protocol" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "accessor": "fe432a5c-5813-4a13-948e-ea6d83ec8c40", + "layerId": "454630b2-cff5-45ab-9cfc-ec19c5aeb97a", + "layerType": "data", + "textAlign": "center", + "titlePosition": "bottom", + "size": "xl" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsLegacyMetric" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" + }, + "title": "Unique Network Protocols" }, - "title": "", - "type": "lens", - "visualizationType": "lnsPie" - }, - "enhancements": {}, - "hidePanelTitles": false, - "type": "lens" - }, - "title": "Top Source Countries" - }, - { - "version": "8.6.0", - "type": "lens", - "gridData": { - "h": 15, - "i": "6790d45f-4fa9-4a70-b0e1-a3e10682c852", - "w": 12, - "x": 24, - "y": 14 - }, - "panelIndex": "6790d45f-4fa9-4a70-b0e1-a3e10682c852", - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-77c8c7dc-b073-4d7c-8403-b25ee4647152", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "formBased": { - "layers": { - "77c8c7dc-b073-4d7c-8403-b25ee4647152": { - "columnOrder": [ - "f49ff962-9e8a-4170-a0d8-54cee9438651", - "0e88e9b7-a2b1-4634-95c1-a7d38dce70a6" - ], - "columns": { - "0e88e9b7-a2b1-4634-95c1-a7d38dce70a6": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "scale": "ratio", - "sourceField": "___records___" + { + "version": "8.6.0", + "type": "lens", + "gridData": { + "h": 15, + "i": "ce8caf3c-c830-4500-a4bf-66a9f354cd49", + "w": 12, + "x": 0, + "y": 14 + }, + "panelIndex": "ce8caf3c-c830-4500-a4bf-66a9f354cd49", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "formBased": { + "layers": { + "a5c93c96-5038-49e1-acca-2e876257c059": { + "columnOrder": [ + "b2d72986-1818-4a93-9155-2a66cd00eca4", + "e1f00395-a8a7-42c9-9ce1-a20ec14edf63" + ], + "columns": { + "b2d72986-1818-4a93-9155-2a66cd00eca4": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Firewall", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "e1f00395-a8a7-42c9-9ce1-a20ec14edf63", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "observer.name" + }, + "e1f00395-a8a7-42c9-9ce1-a20ec14edf63": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "columnId": "b2d72986-1818-4a93-9155-2a66cd00eca4", + "isTransposed": false + }, + { + "columnId": "e1f00395-a8a7-42c9-9ce1-a20ec14edf63", + "isTransposed": false + } + ], + "layerId": "a5c93c96-5038-49e1-acca-2e876257c059", + "layerType": "data", + "rowHeight": "single", + "rowHeightLines": 1 + } }, - "f49ff962-9e8a-4170-a0d8-54cee9438651": { - "dataType": "string", - "isBucketed": true, - "label": "Top values of destination.geo.country_name", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "0e88e9b7-a2b1-4634-95c1-a7d38dce70a6", - "type": "column" + "title": "", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" + }, + "title": "Top Event Generating Firewalls" + }, + { + "version": "8.6.0", + "type": "lens", + "gridData": { + "h": 15, + "i": "2148efa5-f130-4751-909d-6a79eed2e16b", + "w": 12, + "x": 12, + "y": 14 + }, + "panelIndex": "2148efa5-f130-4751-909d-6a79eed2e16b", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "destination.geo.country_name" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "layerId": "77c8c7dc-b073-4d7c-8403-b25ee4647152", - "layerType": "data", - "legendDisplay": "default", - "nestedLegend": false, - "numberDisplay": "percent", - "legendSize": "auto", - "primaryGroups": [ - "f49ff962-9e8a-4170-a0d8-54cee9438651" - ], - "metrics": [ - "0e88e9b7-a2b1-4634-95c1-a7d38dce70a6" - ] - } - ], - "shape": "pie" - } + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-77c8c7dc-b073-4d7c-8403-b25ee4647152", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "formBased": { + "layers": { + "77c8c7dc-b073-4d7c-8403-b25ee4647152": { + "columnOrder": [ + "f49ff962-9e8a-4170-a0d8-54cee9438651", + "0e88e9b7-a2b1-4634-95c1-a7d38dce70a6" + ], + "columns": { + "0e88e9b7-a2b1-4634-95c1-a7d38dce70a6": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "scale": "ratio", + "sourceField": "___records___" + }, + "f49ff962-9e8a-4170-a0d8-54cee9438651": { + "dataType": "string", + "isBucketed": true, + "label": "Top values of source.geo.country_name", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "0e88e9b7-a2b1-4634-95c1-a7d38dce70a6", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "source.geo.country_name" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "layerId": "77c8c7dc-b073-4d7c-8403-b25ee4647152", + "layerType": "data", + "legendDisplay": "default", + "nestedLegend": false, + "numberDisplay": "percent", + "legendSize": "auto", + "primaryGroups": [ + "f49ff962-9e8a-4170-a0d8-54cee9438651" + ], + "metrics": [ + "0e88e9b7-a2b1-4634-95c1-a7d38dce70a6" + ] + } + ], + "shape": "pie" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" + }, + "title": "Top Source Countries" }, - "title": "", - "type": "lens", - "visualizationType": "lnsPie" - }, - "enhancements": {}, - "hidePanelTitles": false, - "type": "lens" - }, - "title": "Top Destination Countries" - }, - { - "version": "8.6.0", - "type": "lens", - "gridData": { - "h": 15, - "i": "f7c1e866-ba0d-45af-95bf-2736901431dc", - "w": 12, - "x": 36, - "y": 14 - }, - "panelIndex": "f7c1e866-ba0d-45af-95bf-2736901431dc", - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-77c8c7dc-b073-4d7c-8403-b25ee4647152", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "formBased": { - "layers": { - "77c8c7dc-b073-4d7c-8403-b25ee4647152": { - "columnOrder": [ - "76f26815-f13c-4273-b52f-7c25247f2b0d", - "0e88e9b7-a2b1-4634-95c1-a7d38dce70a6" - ], - "columns": { - "0e88e9b7-a2b1-4634-95c1-a7d38dce70a6": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "scale": "ratio", - "sourceField": "___records___" + { + "version": "8.6.0", + "type": "lens", + "gridData": { + "h": 15, + "i": "6790d45f-4fa9-4a70-b0e1-a3e10682c852", + "w": 12, + "x": 24, + "y": 14 + }, + "panelIndex": "6790d45f-4fa9-4a70-b0e1-a3e10682c852", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-77c8c7dc-b073-4d7c-8403-b25ee4647152", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "formBased": { + "layers": { + "77c8c7dc-b073-4d7c-8403-b25ee4647152": { + "columnOrder": [ + "f49ff962-9e8a-4170-a0d8-54cee9438651", + "0e88e9b7-a2b1-4634-95c1-a7d38dce70a6" + ], + "columns": { + "0e88e9b7-a2b1-4634-95c1-a7d38dce70a6": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "scale": "ratio", + "sourceField": "___records___" + }, + "f49ff962-9e8a-4170-a0d8-54cee9438651": { + "dataType": "string", + "isBucketed": true, + "label": "Top values of destination.geo.country_name", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "0e88e9b7-a2b1-4634-95c1-a7d38dce70a6", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "destination.geo.country_name" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "layerId": "77c8c7dc-b073-4d7c-8403-b25ee4647152", + "layerType": "data", + "legendDisplay": "default", + "nestedLegend": false, + "numberDisplay": "percent", + "legendSize": "auto", + "primaryGroups": [ + "f49ff962-9e8a-4170-a0d8-54cee9438651" + ], + "metrics": [ + "0e88e9b7-a2b1-4634-95c1-a7d38dce70a6" + ] + } + ], + "shape": "pie" + } }, - "76f26815-f13c-4273-b52f-7c25247f2b0d": { - "dataType": "string", - "isBucketed": true, - "label": "Top values of network.protocol", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "0e88e9b7-a2b1-4634-95c1-a7d38dce70a6", - "type": "column" + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" + }, + "title": "Top Destination Countries" + }, + { + "version": "8.6.0", + "type": "lens", + "gridData": { + "h": 15, + "i": "f7c1e866-ba0d-45af-95bf-2736901431dc", + "w": 12, + "x": 36, + "y": 14 + }, + "panelIndex": "f7c1e866-ba0d-45af-95bf-2736901431dc", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "network.protocol" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "layerId": "77c8c7dc-b073-4d7c-8403-b25ee4647152", - "layerType": "data", - "legendDisplay": "default", - "nestedLegend": false, - "numberDisplay": "percent", - "legendSize": "auto", - "primaryGroups": [ - "76f26815-f13c-4273-b52f-7c25247f2b0d", - "76f26815-f13c-4273-b52f-7c25247f2b0d", - "76f26815-f13c-4273-b52f-7c25247f2b0d", - "76f26815-f13c-4273-b52f-7c25247f2b0d", - "76f26815-f13c-4273-b52f-7c25247f2b0d" - ], - "metrics": [ - "0e88e9b7-a2b1-4634-95c1-a7d38dce70a6" - ] - } - ], - "shape": "donut" - } + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-77c8c7dc-b073-4d7c-8403-b25ee4647152", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "formBased": { + "layers": { + "77c8c7dc-b073-4d7c-8403-b25ee4647152": { + "columnOrder": [ + "76f26815-f13c-4273-b52f-7c25247f2b0d", + "0e88e9b7-a2b1-4634-95c1-a7d38dce70a6" + ], + "columns": { + "0e88e9b7-a2b1-4634-95c1-a7d38dce70a6": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "scale": "ratio", + "sourceField": "___records___" + }, + "76f26815-f13c-4273-b52f-7c25247f2b0d": { + "dataType": "string", + "isBucketed": true, + "label": "Top values of network.protocol", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "0e88e9b7-a2b1-4634-95c1-a7d38dce70a6", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "network.protocol" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "layerId": "77c8c7dc-b073-4d7c-8403-b25ee4647152", + "layerType": "data", + "legendDisplay": "default", + "nestedLegend": false, + "numberDisplay": "percent", + "legendSize": "auto", + "primaryGroups": [ + "76f26815-f13c-4273-b52f-7c25247f2b0d", + "76f26815-f13c-4273-b52f-7c25247f2b0d", + "76f26815-f13c-4273-b52f-7c25247f2b0d", + "76f26815-f13c-4273-b52f-7c25247f2b0d", + "76f26815-f13c-4273-b52f-7c25247f2b0d" + ], + "metrics": [ + "0e88e9b7-a2b1-4634-95c1-a7d38dce70a6" + ] + } + ], + "shape": "donut" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" + }, + "title": "Network Protocols and Applications" }, - "title": "", - "type": "lens", - "visualizationType": "lnsPie" - }, - "enhancements": {}, - "hidePanelTitles": false, - "type": "lens" - }, - "title": "Network Protocols and Applications" - }, - { - "version": "8.6.0", - "type": "lens", - "gridData": { - "h": 11, - "i": "ffc33e34-3225-40da-97c6-ea9fbfa6db02", - "w": 12, - "x": 0, - "y": 29 - }, - "panelIndex": "ffc33e34-3225-40da-97c6-ea9fbfa6db02", - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "formBased": { - "layers": { - "a5c93c96-5038-49e1-acca-2e876257c059": { - "columnOrder": [ - "63e483b4-0ce2-4f05-92a2-8e699650d64c", - "915adad5-4455-40d4-a9cd-0702da79189c" - ], - "columns": { - "63e483b4-0ce2-4f05-92a2-8e699650d64c": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Rules", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "915adad5-4455-40d4-a9cd-0702da79189c", - "type": "column" + { + "version": "8.6.0", + "type": "lens", + "gridData": { + "h": 11, + "i": "ffc33e34-3225-40da-97c6-ea9fbfa6db02", + "w": 12, + "x": 0, + "y": 29 + }, + "panelIndex": "ffc33e34-3225-40da-97c6-ea9fbfa6db02", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "formBased": { + "layers": { + "a5c93c96-5038-49e1-acca-2e876257c059": { + "columnOrder": [ + "63e483b4-0ce2-4f05-92a2-8e699650d64c", + "915adad5-4455-40d4-a9cd-0702da79189c" + ], + "columns": { + "63e483b4-0ce2-4f05-92a2-8e699650d64c": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Rules", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "915adad5-4455-40d4-a9cd-0702da79189c", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "rule.name" + }, + "915adad5-4455-40d4-a9cd-0702da79189c": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "rule.name" + "visualization": { + "columns": [ + { + "columnId": "915adad5-4455-40d4-a9cd-0702da79189c", + "isTransposed": false + }, + { + "columnId": "63e483b4-0ce2-4f05-92a2-8e699650d64c", + "isTransposed": false + } + ], + "layerId": "a5c93c96-5038-49e1-acca-2e876257c059", + "layerType": "data", + "rowHeight": "single", + "rowHeightLines": 1 + } }, - "915adad5-4455-40d4-a9cd-0702da79189c": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "scale": "ratio", - "sourceField": "___records___" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "columns": [ - { - "columnId": "915adad5-4455-40d4-a9cd-0702da79189c", - "isTransposed": false - }, - { - "columnId": "63e483b4-0ce2-4f05-92a2-8e699650d64c", - "isTransposed": false - } - ], - "layerId": "a5c93c96-5038-49e1-acca-2e876257c059", - "layerType": "data", - "rowHeight": "single", - "rowHeightLines": 1 - } + "title": "", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" + }, + "title": "Top Event Rules" }, - "title": "", - "type": "lens", - "visualizationType": "lnsDatatable" - }, - "enhancements": {}, - "hidePanelTitles": false, - "type": "lens" - }, - "title": "Top Event Rules" - }, - { - "version": "8.6.0", - "type": "lens", - "gridData": { - "h": 11, - "i": "9609e04b-0043-4b3a-a31b-a2461c1e3dcb", - "w": 12, - "x": 12, - "y": 29 - }, - "panelIndex": "9609e04b-0043-4b3a-a31b-a2461c1e3dcb", - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "formBased": { - "layers": { - "a5c93c96-5038-49e1-acca-2e876257c059": { - "columnOrder": [ - "63e483b4-0ce2-4f05-92a2-8e699650d64c", - "915adad5-4455-40d4-a9cd-0702da79189c" - ], - "columns": { - "63e483b4-0ce2-4f05-92a2-8e699650d64c": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Source Address", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "915adad5-4455-40d4-a9cd-0702da79189c", - "type": "column" + { + "version": "8.6.0", + "type": "lens", + "gridData": { + "h": 11, + "i": "9609e04b-0043-4b3a-a31b-a2461c1e3dcb", + "w": 12, + "x": 12, + "y": 29 + }, + "panelIndex": "9609e04b-0043-4b3a-a31b-a2461c1e3dcb", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "source.address" + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "formBased": { + "layers": { + "a5c93c96-5038-49e1-acca-2e876257c059": { + "columnOrder": [ + "63e483b4-0ce2-4f05-92a2-8e699650d64c", + "915adad5-4455-40d4-a9cd-0702da79189c" + ], + "columns": { + "63e483b4-0ce2-4f05-92a2-8e699650d64c": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Source Address", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "915adad5-4455-40d4-a9cd-0702da79189c", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "source.address" + }, + "915adad5-4455-40d4-a9cd-0702da79189c": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "columnId": "915adad5-4455-40d4-a9cd-0702da79189c", + "isTransposed": false + }, + { + "columnId": "63e483b4-0ce2-4f05-92a2-8e699650d64c", + "isTransposed": false + } + ], + "layerId": "a5c93c96-5038-49e1-acca-2e876257c059", + "layerType": "data", + "rowHeight": "single", + "rowHeightLines": 1 + } }, - "915adad5-4455-40d4-a9cd-0702da79189c": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "scale": "ratio", - "sourceField": "___records___" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "columns": [ - { - "columnId": "915adad5-4455-40d4-a9cd-0702da79189c", - "isTransposed": false - }, - { - "columnId": "63e483b4-0ce2-4f05-92a2-8e699650d64c", - "isTransposed": false - } - ], - "layerId": "a5c93c96-5038-49e1-acca-2e876257c059", - "layerType": "data", - "rowHeight": "single", - "rowHeightLines": 1 - } + "title": "", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" + }, + "title": "Top Event Source Addresses" }, - "title": "", - "type": "lens", - "visualizationType": "lnsDatatable" - }, - "enhancements": {}, - "hidePanelTitles": false, - "type": "lens" - }, - "title": "Top Event Source Addresses" - }, - { - "version": "8.6.0", - "type": "lens", - "gridData": { - "h": 11, - "i": "8a1bd282-e360-473d-b26d-e73f2b470c81", - "w": 12, - "x": 24, - "y": 29 - }, - "panelIndex": "8a1bd282-e360-473d-b26d-e73f2b470c81", - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "formBased": { - "layers": { - "a5c93c96-5038-49e1-acca-2e876257c059": { - "columnOrder": [ - "63e483b4-0ce2-4f05-92a2-8e699650d64c", - "915adad5-4455-40d4-a9cd-0702da79189c" - ], - "columns": { - "63e483b4-0ce2-4f05-92a2-8e699650d64c": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Destination Address", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "915adad5-4455-40d4-a9cd-0702da79189c", - "type": "column" + { + "version": "8.6.0", + "type": "lens", + "gridData": { + "h": 11, + "i": "8a1bd282-e360-473d-b26d-e73f2b470c81", + "w": 12, + "x": 24, + "y": 29 + }, + "panelIndex": "8a1bd282-e360-473d-b26d-e73f2b470c81", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "formBased": { + "layers": { + "a5c93c96-5038-49e1-acca-2e876257c059": { + "columnOrder": [ + "63e483b4-0ce2-4f05-92a2-8e699650d64c", + "915adad5-4455-40d4-a9cd-0702da79189c" + ], + "columns": { + "63e483b4-0ce2-4f05-92a2-8e699650d64c": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Destination Address", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "915adad5-4455-40d4-a9cd-0702da79189c", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "destination.address" + }, + "915adad5-4455-40d4-a9cd-0702da79189c": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + } }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "destination.address" + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "columnId": "915adad5-4455-40d4-a9cd-0702da79189c", + "isTransposed": false + }, + { + "columnId": "63e483b4-0ce2-4f05-92a2-8e699650d64c", + "isTransposed": false + } + ], + "layerId": "a5c93c96-5038-49e1-acca-2e876257c059", + "layerType": "data", + "rowHeight": "single", + "rowHeightLines": 1 + } }, - "915adad5-4455-40d4-a9cd-0702da79189c": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "scale": "ratio", - "sourceField": "___records___" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "columns": [ - { - "columnId": "915adad5-4455-40d4-a9cd-0702da79189c", - "isTransposed": false - }, - { - "columnId": "63e483b4-0ce2-4f05-92a2-8e699650d64c", - "isTransposed": false - } - ], - "layerId": "a5c93c96-5038-49e1-acca-2e876257c059", - "layerType": "data", - "rowHeight": "single", - "rowHeightLines": 1 - } + "title": "", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" + }, + "title": "Top Event Destination Addresses" }, - "title": "", - "type": "lens", - "visualizationType": "lnsDatatable" - }, - "enhancements": {}, - "hidePanelTitles": false, - "type": "lens" - }, - "title": "Top Event Destination Addresses" - }, - { - "version": "8.6.0", - "type": "lens", - "gridData": { - "h": 11, - "i": "3b9a2a5f-1226-415c-88d5-21496508d060", - "w": 12, - "x": 36, - "y": 29 - }, - "panelIndex": "3b9a2a5f-1226-415c-88d5-21496508d060", - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "formBased": { - "layers": { - "a5c93c96-5038-49e1-acca-2e876257c059": { - "columnOrder": [ - "71a5a0d6-161e-4175-9a34-b25e8cfbf4c0", - "e1f00395-a8a7-42c9-9ce1-a20ec14edf63" - ], - "columns": { - "71a5a0d6-161e-4175-9a34-b25e8cfbf4c0": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Network Protocol", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "e1f00395-a8a7-42c9-9ce1-a20ec14edf63", - "type": "column" + { + "version": "8.6.0", + "type": "lens", + "gridData": { + "h": 11, + "i": "3b9a2a5f-1226-415c-88d5-21496508d060", + "w": 12, + "x": 36, + "y": 29 + }, + "panelIndex": "3b9a2a5f-1226-415c-88d5-21496508d060", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "formBased": { + "layers": { + "a5c93c96-5038-49e1-acca-2e876257c059": { + "columnOrder": [ + "71a5a0d6-161e-4175-9a34-b25e8cfbf4c0", + "e1f00395-a8a7-42c9-9ce1-a20ec14edf63" + ], + "columns": { + "71a5a0d6-161e-4175-9a34-b25e8cfbf4c0": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Network Protocol", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "e1f00395-a8a7-42c9-9ce1-a20ec14edf63", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "network.protocol" + }, + "e1f00395-a8a7-42c9-9ce1-a20ec14edf63": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "network.protocol" + "visualization": { + "columns": [ + { + "columnId": "71a5a0d6-161e-4175-9a34-b25e8cfbf4c0", + "isTransposed": false + }, + { + "columnId": "e1f00395-a8a7-42c9-9ce1-a20ec14edf63", + "isTransposed": false + } + ], + "layerId": "a5c93c96-5038-49e1-acca-2e876257c059", + "layerType": "data", + "rowHeight": "single", + "rowHeightLines": 1 + } }, - "e1f00395-a8a7-42c9-9ce1-a20ec14edf63": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "scale": "ratio", - "sourceField": "___records___" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "columns": [ - { - "columnId": "71a5a0d6-161e-4175-9a34-b25e8cfbf4c0", - "isTransposed": false - }, - { - "columnId": "e1f00395-a8a7-42c9-9ce1-a20ec14edf63", - "isTransposed": false - } - ], - "layerId": "a5c93c96-5038-49e1-acca-2e876257c059", - "layerType": "data", - "rowHeight": "single", - "rowHeightLines": 1 - } + "title": "", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" + }, + "title": "Top Network Protocols" }, - "title": "", - "type": "lens", - "visualizationType": "lnsDatatable" - }, - "enhancements": {}, - "hidePanelTitles": false, - "type": "lens" + { + "version": "7.16.0", + "type": "search", + "gridData": { + "h": 17, + "i": "01c53b97-697b-40fb-874d-6e7d720eb3fe", + "w": 48, + "x": 0, + "y": 40 + }, + "panelIndex": "01c53b97-697b-40fb-874d-6e7d720eb3fe", + "embeddableConfig": { + "enhancements": {} + }, + "panelRefName": "panel_01c53b97-697b-40fb-874d-6e7d720eb3fe" + } + ], + "timeRestore": false, + "title": "[Logs Azure] Firewall Application Rule Log", + "version": 1 + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "dfcf4383-4ce2-42a2-b0a9-a48dbf39db64:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "dfcf4383-4ce2-42a2-b0a9-a48dbf39db64:indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "4c85d573-baea-49ca-bb9e-4013a0373da7:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "4c85d573-baea-49ca-bb9e-4013a0373da7:indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "b0b8c30c-2096-49ee-95b3-9adbf27808e5:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "b0b8c30c-2096-49ee-95b3-9adbf27808e5:indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "e0be3094-1544-4c59-858c-05320b57c3a7:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "e0be3094-1544-4c59-858c-05320b57c3a7:indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "673dd2b3-e271-4ad9-9b86-83e4e1070647:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "title": "Top Network Protocols" - }, - { - "version": "7.16.0", - "type": "search", - "gridData": { - "h": 17, - "i": "01c53b97-697b-40fb-874d-6e7d720eb3fe", - "w": 48, - "x": 0, - "y": 40 + { + "id": "logs-*", + "name": "673dd2b3-e271-4ad9-9b86-83e4e1070647:indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a", + "type": "index-pattern" }, - "panelIndex": "01c53b97-697b-40fb-874d-6e7d720eb3fe", - "embeddableConfig": { - "enhancements": {} + { + "id": "logs-*", + "name": "ce8caf3c-c830-4500-a4bf-66a9f354cd49:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "panelRefName": "panel_01c53b97-697b-40fb-874d-6e7d720eb3fe" - } + { + "id": "logs-*", + "name": "ce8caf3c-c830-4500-a4bf-66a9f354cd49:indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "2148efa5-f130-4751-909d-6a79eed2e16b:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "2148efa5-f130-4751-909d-6a79eed2e16b:indexpattern-datasource-layer-77c8c7dc-b073-4d7c-8403-b25ee4647152", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "6790d45f-4fa9-4a70-b0e1-a3e10682c852:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "6790d45f-4fa9-4a70-b0e1-a3e10682c852:indexpattern-datasource-layer-77c8c7dc-b073-4d7c-8403-b25ee4647152", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "f7c1e866-ba0d-45af-95bf-2736901431dc:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "f7c1e866-ba0d-45af-95bf-2736901431dc:indexpattern-datasource-layer-77c8c7dc-b073-4d7c-8403-b25ee4647152", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "ffc33e34-3225-40da-97c6-ea9fbfa6db02:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "ffc33e34-3225-40da-97c6-ea9fbfa6db02:indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "9609e04b-0043-4b3a-a31b-a2461c1e3dcb:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "9609e04b-0043-4b3a-a31b-a2461c1e3dcb:indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "8a1bd282-e360-473d-b26d-e73f2b470c81:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "8a1bd282-e360-473d-b26d-e73f2b470c81:indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "3b9a2a5f-1226-415c-88d5-21496508d060:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "3b9a2a5f-1226-415c-88d5-21496508d060:indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059", + "type": "index-pattern" + }, + { + "id": "azure-671ff040-f24e-11ec-a5a8-bf965bcd5646", + "name": "01c53b97-697b-40fb-874d-6e7d720eb3fe:panel_01c53b97-697b-40fb-874d-6e7d720eb3fe", + "type": "search" + }, + { + "name": "controlGroup_7cbe886c-4cc4-4fec-beff-7336b0965067:optionsListDataView", + "type": "index-pattern", + "id": "logs-*" + }, + { + "name": "controlGroup_3ae71a2b-35ee-4659-b6b5-c2ea9e1ab609:optionsListDataView", + "type": "index-pattern", + "id": "logs-*" + } ], - "timeRestore": false, - "title": "[Logs Azure] Firewall Application Rule Log", - "version": 1 - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "dfcf4383-4ce2-42a2-b0a9-a48dbf39db64:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "dfcf4383-4ce2-42a2-b0a9-a48dbf39db64:indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "4c85d573-baea-49ca-bb9e-4013a0373da7:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "4c85d573-baea-49ca-bb9e-4013a0373da7:indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "b0b8c30c-2096-49ee-95b3-9adbf27808e5:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "b0b8c30c-2096-49ee-95b3-9adbf27808e5:indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "e0be3094-1544-4c59-858c-05320b57c3a7:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "e0be3094-1544-4c59-858c-05320b57c3a7:indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "673dd2b3-e271-4ad9-9b86-83e4e1070647:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "673dd2b3-e271-4ad9-9b86-83e4e1070647:indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "ce8caf3c-c830-4500-a4bf-66a9f354cd49:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "ce8caf3c-c830-4500-a4bf-66a9f354cd49:indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "2148efa5-f130-4751-909d-6a79eed2e16b:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "2148efa5-f130-4751-909d-6a79eed2e16b:indexpattern-datasource-layer-77c8c7dc-b073-4d7c-8403-b25ee4647152", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "6790d45f-4fa9-4a70-b0e1-a3e10682c852:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "6790d45f-4fa9-4a70-b0e1-a3e10682c852:indexpattern-datasource-layer-77c8c7dc-b073-4d7c-8403-b25ee4647152", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "f7c1e866-ba0d-45af-95bf-2736901431dc:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "f7c1e866-ba0d-45af-95bf-2736901431dc:indexpattern-datasource-layer-77c8c7dc-b073-4d7c-8403-b25ee4647152", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "ffc33e34-3225-40da-97c6-ea9fbfa6db02:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "ffc33e34-3225-40da-97c6-ea9fbfa6db02:indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "9609e04b-0043-4b3a-a31b-a2461c1e3dcb:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "9609e04b-0043-4b3a-a31b-a2461c1e3dcb:indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "8a1bd282-e360-473d-b26d-e73f2b470c81:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "8a1bd282-e360-473d-b26d-e73f2b470c81:indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "3b9a2a5f-1226-415c-88d5-21496508d060:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "3b9a2a5f-1226-415c-88d5-21496508d060:indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059", - "type": "index-pattern" - }, - { - "id": "azure-671ff040-f24e-11ec-a5a8-bf965bcd5646", - "name": "01c53b97-697b-40fb-874d-6e7d720eb3fe:panel_01c53b97-697b-40fb-874d-6e7d720eb3fe", - "type": "search" - }, - { - "name": "controlGroup_7cbe886c-4cc4-4fec-beff-7336b0965067:optionsListDataView", - "type": "index-pattern", - "id": "logs-*" + "migrationVersion": { + "dashboard": "8.6.0" }, - { - "name": "controlGroup_3ae71a2b-35ee-4659-b6b5-c2ea9e1ab609:optionsListDataView", - "type": "index-pattern", - "id": "logs-*" - } - ], - "migrationVersion": { - "dashboard": "8.6.0" - }, - "coreMigrationVersion": "8.6.1" + "coreMigrationVersion": "8.6.1" } \ No newline at end of file diff --git a/packages/azure/kibana/dashboard/azure-280493a0-f1a1-11ec-a5a8-bf965bcd5646.json b/packages/azure/kibana/dashboard/azure-280493a0-f1a1-11ec-a5a8-bf965bcd5646.json index 961af9dc1bd..aa313c1ffd2 100644 --- a/packages/azure/kibana/dashboard/azure-280493a0-f1a1-11ec-a5a8-bf965bcd5646.json +++ b/packages/azure/kibana/dashboard/azure-280493a0-f1a1-11ec-a5a8-bf965bcd5646.json @@ -1,1159 +1,1159 @@ { - "id": "azure-280493a0-f1a1-11ec-a5a8-bf965bcd5646", - "type": "dashboard", - "namespaces": [ - "default" - ], - "updated_at": "2023-03-07T09:38:25.166Z", - "created_at": "2023-03-07T09:38:25.166Z", - "version": "WzExMjc3LDFd", - "attributes": { - "controlGroupInput": { - "chainingSystem": "HIERARCHICAL", - "controlStyle": "oneLine", - "ignoreParentSettingsJSON": "{\"ignoreFilters\":false,\"ignoreQuery\":false,\"ignoreTimerange\":false,\"ignoreValidations\":false}", - "panelsJSON": "{\"c0dc0cdb-57cb-4bee-9a88-2b680fa911da\":{\"order\":0,\"width\":\"medium\",\"grow\":false,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"cloud.account.id\",\"title\":\"Subscription ID\",\"id\":\"c0dc0cdb-57cb-4bee-9a88-2b680fa911da\",\"enhancements\":{}}},\"fb42737f-72dc-4ace-89ac-746160498381\":{\"order\":1,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"observer.name\",\"title\":\"Firewall\",\"id\":\"fb42737f-72dc-4ace-89ac-746160498381\",\"enhancements\":{}}}}" - }, - "description": "Dashboard providing an overall view of the Azure Firewall integration.", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "azure.firewall_logs" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "azure.firewall_logs" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": false, - "useMargins": true - }, - "panelsJSON": [ - { - "version": "8.6.0", - "type": "visualization", - "gridData": { - "h": 14, - "i": "258f7245-5011-4f03-bcd3-cada0180dc7a", - "w": 21, - "x": 0, - "y": 0 - }, - "panelIndex": "258f7245-5011-4f03-bcd3-cada0180dc7a", - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "data": { - "aggs": [], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "description": "", - "id": "", - "params": { - "fontSize": 12, - "markdown": "**Navigation**\n\n**[Overview (This Page)](/app/dashboards#/view/azure-280493a0-f1a1-11ec-a5a8-bf965bcd5646)** \n[Network Rule Logs](/app/dashboards#/view/azure-91224490-f1a6-11ec-a5a8-bf965bcd5646) \n[Network NAT Rule Logs](/app/dashboards#/view/azure-8731b980-f1aa-11ec-a5a8-bf965bcd5646) \n[Application Rule Logs](/app/dashboards#/view/azure-1e5c9b50-f24a-11ec-a5a8-bf965bcd5646) \n[DNS Proxy Logs](/app/dashboards#/view/azure-cad82b40-f251-11ec-a5a8-bf965bcd5646)\n\n[Integrations Page](/app/integrations/detail/azure/overview?integration=firewall_logs) \n\n**Overview**\n\nThis dashboard provides an overall view of Azure Firewall integration.", - "openLinksInNewTab": false - }, - "title": "", - "type": "markdown", - "uiState": {} - }, - "type": "visualization" - } - }, - { - "version": "8.6.0", - "type": "lens", - "gridData": { - "h": 7, - "i": "e8d2a7be-bc2a-4ca5-ae71-5273156084b3", - "w": 9, - "x": 21, - "y": 0 + "id": "azure-280493a0-f1a1-11ec-a5a8-bf965bcd5646", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2023-03-07T09:38:25.166Z", + "created_at": "2023-03-07T09:38:25.166Z", + "version": "WzExMjc3LDFd", + "attributes": { + "controlGroupInput": { + "chainingSystem": "HIERARCHICAL", + "controlStyle": "oneLine", + "ignoreParentSettingsJSON": "{\"ignoreFilters\":false,\"ignoreQuery\":false,\"ignoreTimerange\":false,\"ignoreValidations\":false}", + "panelsJSON": "{\"c0dc0cdb-57cb-4bee-9a88-2b680fa911da\":{\"order\":0,\"width\":\"medium\",\"grow\":false,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"cloud.account.id\",\"title\":\"Subscription ID\",\"id\":\"c0dc0cdb-57cb-4bee-9a88-2b680fa911da\",\"enhancements\":{}}},\"fb42737f-72dc-4ace-89ac-746160498381\":{\"order\":1,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"observer.name\",\"title\":\"Firewall\",\"id\":\"fb42737f-72dc-4ace-89ac-746160498381\",\"enhancements\":{}}}}" }, - "panelIndex": "e8d2a7be-bc2a-4ca5-ae71-5273156084b3", - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "formBased": { - "layers": { - "454630b2-cff5-45ab-9cfc-ec19c5aeb97a": { - "columnOrder": [ - "775a9e84-2203-42bf-a775-f60ad2cd84ae" - ], - "columns": { - "775a9e84-2203-42bf-a775-f60ad2cd84ae": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Total Events", - "operationType": "count", - "scale": "ratio", - "sourceField": "___records___" + "description": "Dashboard providing an overall view of the Azure Firewall integration.", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "azure.firewall_logs" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "azure.firewall_logs" + } } - }, - "incompleteColumns": {} } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "key": "event.kind", - "negate": false, - "params": { - "query": "event" - }, - "type": "phrase", - "index": "filter-index-pattern-0" - }, - "query": { - "match_phrase": { - "event.kind": "event" - } - } + ], + "query": { + "language": "kuery", + "query": "" } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "accessor": "775a9e84-2203-42bf-a775-f60ad2cd84ae", - "layerId": "454630b2-cff5-45ab-9cfc-ec19c5aeb97a", - "layerType": "data", - "textAlign": "center", - "titlePosition": "bottom", - "size": "xl" - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsLegacyMetric" - }, - "enhancements": {}, - "hidePanelTitles": false, - "type": "lens" + } }, - "title": "Total Events" - }, - { - "version": "8.6.0", - "type": "lens", - "gridData": { - "h": 7, - "i": "3fc05a86-0b0d-435d-9df5-a5423225d5e5", - "w": 9, - "x": 30, - "y": 0 + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "useMargins": true }, - "panelIndex": "3fc05a86-0b0d-435d-9df5-a5423225d5e5", - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-1", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "formBased": { - "layers": { - "454630b2-cff5-45ab-9cfc-ec19c5aeb97a": { - "columnOrder": [ - "775a9e84-2203-42bf-a775-f60ad2cd84ae" - ], - "columns": { - "775a9e84-2203-42bf-a775-f60ad2cd84ae": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Total Allowed Events", - "operationType": "count", - "scale": "ratio", - "sourceField": "___records___" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "key": "event.category", - "negate": false, - "params": { - "query": "network" - }, - "type": "phrase", - "index": "filter-index-pattern-0" - }, - "query": { - "match_phrase": { - "event.category": "network" - } - } + "panelsJSON": [ + { + "version": "8.6.0", + "type": "visualization", + "gridData": { + "h": 14, + "i": "258f7245-5011-4f03-bcd3-cada0180dc7a", + "w": 21, + "x": 0, + "y": 0 }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "key": "event.type", - "negate": false, - "params": { - "query": "allowed" + "panelIndex": "258f7245-5011-4f03-bcd3-cada0180dc7a", + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "description": "", + "id": "", + "params": { + "fontSize": 12, + "markdown": "**Navigation**\n\n**[Overview (This Page)](/app/dashboards#/view/azure-280493a0-f1a1-11ec-a5a8-bf965bcd5646)** \n[Network Rule Logs](/app/dashboards#/view/azure-91224490-f1a6-11ec-a5a8-bf965bcd5646) \n[Network NAT Rule Logs](/app/dashboards#/view/azure-8731b980-f1aa-11ec-a5a8-bf965bcd5646) \n[Application Rule Logs](/app/dashboards#/view/azure-1e5c9b50-f24a-11ec-a5a8-bf965bcd5646) \n[DNS Proxy Logs](/app/dashboards#/view/azure-cad82b40-f251-11ec-a5a8-bf965bcd5646)\n\n[Integrations Page](/app/integrations/detail/azure/overview?integration=firewall_logs) \n\n**Overview**\n\nThis dashboard provides an overall view of Azure Firewall integration.", + "openLinksInNewTab": false + }, + "title": "", + "type": "markdown", + "uiState": {} }, - "type": "phrase", - "index": "filter-index-pattern-1" - }, - "query": { - "match_phrase": { - "event.type": "allowed" - } - } + "type": "visualization" } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "accessor": "775a9e84-2203-42bf-a775-f60ad2cd84ae", - "layerId": "454630b2-cff5-45ab-9cfc-ec19c5aeb97a", - "layerType": "data", - "textAlign": "center", - "titlePosition": "bottom", - "size": "xl" - } }, - "title": "", - "type": "lens", - "visualizationType": "lnsLegacyMetric" - }, - "enhancements": {}, - "hidePanelTitles": false, - "type": "lens" - }, - "title": "Total Allowed Events" - }, - { - "version": "8.6.0", - "type": "lens", - "gridData": { - "h": 7, - "i": "dfcf4383-4ce2-42a2-b0a9-a48dbf39db64", - "w": 9, - "x": 39, - "y": 0 - }, - "panelIndex": "dfcf4383-4ce2-42a2-b0a9-a48dbf39db64", - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-1", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "formBased": { - "layers": { - "454630b2-cff5-45ab-9cfc-ec19c5aeb97a": { - "columnOrder": [ - "775a9e84-2203-42bf-a775-f60ad2cd84ae" - ], - "columns": { - "775a9e84-2203-42bf-a775-f60ad2cd84ae": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Total Denied Events", - "operationType": "count", - "scale": "ratio", - "sourceField": "___records___" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "key": "event.category", - "negate": false, - "params": { - "query": "network" - }, - "type": "phrase", - "index": "filter-index-pattern-0" - }, - "query": { - "match_phrase": { - "event.category": "network" - } - } + { + "version": "8.6.0", + "type": "lens", + "gridData": { + "h": 7, + "i": "e8d2a7be-bc2a-4ca5-ae71-5273156084b3", + "w": 9, + "x": 21, + "y": 0 }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "key": "event.type", - "negate": false, - "params": { - "query": "denied" + "panelIndex": "e8d2a7be-bc2a-4ca5-ae71-5273156084b3", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "formBased": { + "layers": { + "454630b2-cff5-45ab-9cfc-ec19c5aeb97a": { + "columnOrder": [ + "775a9e84-2203-42bf-a775-f60ad2cd84ae" + ], + "columns": { + "775a9e84-2203-42bf-a775-f60ad2cd84ae": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Total Events", + "operationType": "count", + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "key": "event.kind", + "negate": false, + "params": { + "query": "event" + }, + "type": "phrase", + "index": "filter-index-pattern-0" + }, + "query": { + "match_phrase": { + "event.kind": "event" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "accessor": "775a9e84-2203-42bf-a775-f60ad2cd84ae", + "layerId": "454630b2-cff5-45ab-9cfc-ec19c5aeb97a", + "layerType": "data", + "textAlign": "center", + "titlePosition": "bottom", + "size": "xl" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsLegacyMetric" }, - "type": "phrase", - "index": "filter-index-pattern-1" - }, - "query": { - "match_phrase": { - "event.type": "denied" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "accessor": "775a9e84-2203-42bf-a775-f60ad2cd84ae", - "layerId": "454630b2-cff5-45ab-9cfc-ec19c5aeb97a", - "layerType": "data", - "textAlign": "center", - "titlePosition": "bottom", - "size": "xl" - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsLegacyMetric" - }, - "enhancements": {}, - "hidePanelTitles": false, - "type": "lens" - }, - "title": "Total Denied Events" - }, - { - "version": "8.6.0", - "type": "lens", - "gridData": { - "h": 7, - "i": "54c39a08-c881-4c64-af1a-8e48867947c3", - "w": 9, - "x": 21, - "y": 7 - }, - "panelIndex": "54c39a08-c881-4c64-af1a-8e48867947c3", - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "formBased": { - "layers": { - "454630b2-cff5-45ab-9cfc-ec19c5aeb97a": { - "columnOrder": [ - "775a9e84-2203-42bf-a775-f60ad2cd84ae" - ], - "columns": { - "775a9e84-2203-42bf-a775-f60ad2cd84ae": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Unique Source Addresses", - "operationType": "unique_count", - "scale": "ratio", - "sourceField": "source.address" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "accessor": "775a9e84-2203-42bf-a775-f60ad2cd84ae", - "layerId": "454630b2-cff5-45ab-9cfc-ec19c5aeb97a", - "layerType": "data", - "textAlign": "center", - "titlePosition": "bottom", - "size": "xl" - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsLegacyMetric" - }, - "enhancements": {}, - "hidePanelTitles": false, - "type": "lens" - }, - "title": "Unique Source IPs" - }, - { - "version": "8.6.0", - "type": "lens", - "gridData": { - "h": 7, - "i": "b9d7f8b6-deb6-4d46-ad11-7793dd783012", - "w": 9, - "x": 30, - "y": 7 - }, - "panelIndex": "b9d7f8b6-deb6-4d46-ad11-7793dd783012", - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "formBased": { - "layers": { - "454630b2-cff5-45ab-9cfc-ec19c5aeb97a": { - "columnOrder": [ - "775a9e84-2203-42bf-a775-f60ad2cd84ae" - ], - "columns": { - "775a9e84-2203-42bf-a775-f60ad2cd84ae": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Unique Destination Addresses", - "operationType": "unique_count", - "scale": "ratio", - "sourceField": "destination.address" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "accessor": "775a9e84-2203-42bf-a775-f60ad2cd84ae", - "layerId": "454630b2-cff5-45ab-9cfc-ec19c5aeb97a", - "layerType": "data", - "textAlign": "center", - "titlePosition": "bottom", - "size": "xl" - } + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" + }, + "title": "Total Events" }, - "title": "", - "type": "lens", - "visualizationType": "lnsLegacyMetric" - }, - "enhancements": {}, - "hidePanelTitles": false, - "type": "lens" - }, - "title": "Unique Destination IPs" - }, - { - "version": "8.6.0", - "type": "lens", - "gridData": { - "h": 7, - "i": "83dde1a0-0605-4c05-9bd2-1f2686cd7007", - "w": 9, - "x": 39, - "y": 7 - }, - "panelIndex": "83dde1a0-0605-4c05-9bd2-1f2686cd7007", - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "filter-index-pattern-0", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "formBased": { - "layers": { - "454630b2-cff5-45ab-9cfc-ec19c5aeb97a": { - "columnOrder": [ - "b6504f22-c6eb-439d-bb4d-a3acc2b5de34", - "775a9e84-2203-42bf-a775-f60ad2cd84ae" - ], - "columns": { - "775a9e84-2203-42bf-a775-f60ad2cd84ae": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Unique Network Protocols", - "operationType": "unique_count", - "scale": "ratio", - "sourceField": "network.protocol" + { + "version": "8.6.0", + "type": "lens", + "gridData": { + "h": 7, + "i": "3fc05a86-0b0d-435d-9df5-a5423225d5e5", + "w": 9, + "x": 30, + "y": 0 + }, + "panelIndex": "3fc05a86-0b0d-435d-9df5-a5423225d5e5", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-1", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "formBased": { + "layers": { + "454630b2-cff5-45ab-9cfc-ec19c5aeb97a": { + "columnOrder": [ + "775a9e84-2203-42bf-a775-f60ad2cd84ae" + ], + "columns": { + "775a9e84-2203-42bf-a775-f60ad2cd84ae": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Total Allowed Events", + "operationType": "count", + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "key": "event.category", + "negate": false, + "params": { + "query": "network" + }, + "type": "phrase", + "index": "filter-index-pattern-0" + }, + "query": { + "match_phrase": { + "event.category": "network" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "key": "event.type", + "negate": false, + "params": { + "query": "allowed" + }, + "type": "phrase", + "index": "filter-index-pattern-1" + }, + "query": { + "match_phrase": { + "event.type": "allowed" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "accessor": "775a9e84-2203-42bf-a775-f60ad2cd84ae", + "layerId": "454630b2-cff5-45ab-9cfc-ec19c5aeb97a", + "layerType": "data", + "textAlign": "center", + "titlePosition": "bottom", + "size": "xl" + } }, - "b6504f22-c6eb-439d-bb4d-a3acc2b5de34": { - "dataType": "number", - "isBucketed": false, - "label": "Unique count of network.protocol", - "operationType": "unique_count", - "scale": "ratio", - "sourceField": "network.protocol" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "key": "event.kind", - "negate": false, - "params": { - "query": "event" + "title": "", + "type": "lens", + "visualizationType": "lnsLegacyMetric" }, - "type": "phrase", - "index": "filter-index-pattern-0" - }, - "query": { - "match_phrase": { - "event.kind": "event" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "accessor": "775a9e84-2203-42bf-a775-f60ad2cd84ae", - "layerId": "454630b2-cff5-45ab-9cfc-ec19c5aeb97a", - "layerType": "data", - "textAlign": "center", - "titlePosition": "bottom", - "size": "xl" - } + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" + }, + "title": "Total Allowed Events" }, - "title": "", - "type": "lens", - "visualizationType": "lnsLegacyMetric" - }, - "enhancements": {}, - "hidePanelTitles": false, - "type": "lens" - }, - "title": "Unique Network Protocols" - }, - { - "version": "8.6.0", - "type": "lens", - "gridData": { - "h": 16, - "i": "f933435c-1f7d-4cb0-87eb-6c23c6ad6dbb", - "w": 28, - "x": 0, - "y": 14 - }, - "panelIndex": "f933435c-1f7d-4cb0-87eb-6c23c6ad6dbb", - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-8c1d8a18-0da5-431f-8faf-f72f028b10de", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "formBased": { - "layers": { - "8c1d8a18-0da5-431f-8faf-f72f028b10de": { - "columnOrder": [ - "995b44f7-a7f2-474a-b080-bc5e61834c85", - "ac103bf9-1072-42f9-88e1-645355cfab7d", - "d75176b0-fe18-4834-8be1-876ae441c8f9" - ], - "columns": { - "995b44f7-a7f2-474a-b080-bc5e61834c85": { - "dataType": "string", - "isBucketed": true, - "label": "Cvalues of event.kind", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "d75176b0-fe18-4834-8be1-876ae441c8f9", - "type": "column" + { + "version": "8.6.0", + "type": "lens", + "gridData": { + "h": 7, + "i": "dfcf4383-4ce2-42a2-b0a9-a48dbf39db64", + "w": 9, + "x": 39, + "y": 0 + }, + "panelIndex": "dfcf4383-4ce2-42a2-b0a9-a48dbf39db64", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "orderDirection": "desc", - "otherBucket": true, - "size": 3 - }, - "scale": "ordinal", - "sourceField": "event.kind" - }, - "ac103bf9-1072-42f9-88e1-645355cfab7d": { - "dataType": "date", - "isBucketed": true, - "label": "@timestamp", - "operationType": "date_histogram", - "params": { - "interval": "auto", - "includeEmptyRows": true - }, - "scale": "interval", - "sourceField": "@timestamp" + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "filter-index-pattern-1", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "formBased": { + "layers": { + "454630b2-cff5-45ab-9cfc-ec19c5aeb97a": { + "columnOrder": [ + "775a9e84-2203-42bf-a775-f60ad2cd84ae" + ], + "columns": { + "775a9e84-2203-42bf-a775-f60ad2cd84ae": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Total Denied Events", + "operationType": "count", + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "key": "event.category", + "negate": false, + "params": { + "query": "network" + }, + "type": "phrase", + "index": "filter-index-pattern-0" + }, + "query": { + "match_phrase": { + "event.category": "network" + } + } + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "key": "event.type", + "negate": false, + "params": { + "query": "denied" + }, + "type": "phrase", + "index": "filter-index-pattern-1" + }, + "query": { + "match_phrase": { + "event.type": "denied" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "accessor": "775a9e84-2203-42bf-a775-f60ad2cd84ae", + "layerId": "454630b2-cff5-45ab-9cfc-ec19c5aeb97a", + "layerType": "data", + "textAlign": "center", + "titlePosition": "bottom", + "size": "xl" + } }, - "d75176b0-fe18-4834-8be1-876ae441c8f9": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "scale": "ratio", - "sourceField": "___records___" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true + "title": "", + "type": "lens", + "visualizationType": "lnsLegacyMetric" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 + "title": "Total Denied Events" + }, + { + "version": "8.6.0", + "type": "lens", + "gridData": { + "h": 7, + "i": "54c39a08-c881-4c64-af1a-8e48867947c3", + "w": 9, + "x": 21, + "y": 7 }, - "layers": [ - { - "accessors": [ - "d75176b0-fe18-4834-8be1-876ae441c8f9" - ], - "layerId": "8c1d8a18-0da5-431f-8faf-f72f028b10de", - "layerType": "data", - "position": "top", - "seriesType": "line", - "showGridlines": false, - "splitAccessor": "995b44f7-a7f2-474a-b080-bc5e61834c85", - "xAccessor": "ac103bf9-1072-42f9-88e1-645355cfab7d" - } - ], - "legend": { - "isVisible": true, - "position": "right", - "legendSize": "auto" + "panelIndex": "54c39a08-c881-4c64-af1a-8e48867947c3", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "formBased": { + "layers": { + "454630b2-cff5-45ab-9cfc-ec19c5aeb97a": { + "columnOrder": [ + "775a9e84-2203-42bf-a775-f60ad2cd84ae" + ], + "columns": { + "775a9e84-2203-42bf-a775-f60ad2cd84ae": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Unique Source Addresses", + "operationType": "unique_count", + "scale": "ratio", + "sourceField": "source.address" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "accessor": "775a9e84-2203-42bf-a775-f60ad2cd84ae", + "layerId": "454630b2-cff5-45ab-9cfc-ec19c5aeb97a", + "layerType": "data", + "textAlign": "center", + "titlePosition": "bottom", + "size": "xl" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsLegacyMetric" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" }, - "preferredSeriesType": "line", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true + "title": "Unique Source IPs" + }, + { + "version": "8.6.0", + "type": "lens", + "gridData": { + "h": 7, + "i": "b9d7f8b6-deb6-4d46-ad11-7793dd783012", + "w": 9, + "x": 30, + "y": 7 }, - "valueLabels": "hide", - "yLeftExtent": { - "mode": "full" + "panelIndex": "b9d7f8b6-deb6-4d46-ad11-7793dd783012", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "formBased": { + "layers": { + "454630b2-cff5-45ab-9cfc-ec19c5aeb97a": { + "columnOrder": [ + "775a9e84-2203-42bf-a775-f60ad2cd84ae" + ], + "columns": { + "775a9e84-2203-42bf-a775-f60ad2cd84ae": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Unique Destination Addresses", + "operationType": "unique_count", + "scale": "ratio", + "sourceField": "destination.address" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "accessor": "775a9e84-2203-42bf-a775-f60ad2cd84ae", + "layerId": "454630b2-cff5-45ab-9cfc-ec19c5aeb97a", + "layerType": "data", + "textAlign": "center", + "titlePosition": "bottom", + "size": "xl" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsLegacyMetric" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" }, - "yRightExtent": { - "mode": "full" - } - } + "title": "Unique Destination IPs" }, - "title": "", - "type": "lens", - "visualizationType": "lnsXY" - }, - "enhancements": {}, - "hidePanelTitles": false, - "type": "lens" - }, - "title": "Events" - }, - { - "version": "8.6.0", - "type": "lens", - "gridData": { - "h": 16, - "i": "bcfbc5f5-fd40-48e3-937d-965fcb8a5585", - "w": 20, - "x": 28, - "y": 14 - }, - "panelIndex": "bcfbc5f5-fd40-48e3-937d-965fcb8a5585", - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-b2bc813b-af38-4aac-bf1f-7d3b6f3aa51c", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "formBased": { - "layers": { - "b2bc813b-af38-4aac-bf1f-7d3b6f3aa51c": { - "columnOrder": [ - "7ea404e0-e31f-4216-a626-ee830469e97b", - "de9ad2be-a35d-4e4c-a6ac-4a1b2dcc2c0b", - "6e93ea29-3bab-47ea-b978-c91480873532" - ], - "columns": { - "6e93ea29-3bab-47ea-b978-c91480873532": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "scale": "ratio", - "sourceField": "___records___" - }, - "7ea404e0-e31f-4216-a626-ee830469e97b": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Firewalls", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "6e93ea29-3bab-47ea-b978-c91480873532", - "type": "column" + { + "version": "8.6.0", + "type": "lens", + "gridData": { + "h": 7, + "i": "83dde1a0-0605-4c05-9bd2-1f2686cd7007", + "w": 9, + "x": 39, + "y": 7 + }, + "panelIndex": "83dde1a0-0605-4c05-9bd2-1f2686cd7007", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "observer.name" - }, - "de9ad2be-a35d-4e4c-a6ac-4a1b2dcc2c0b": { - "dataType": "string", - "isBucketed": true, - "label": "Top values of event.kind", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "6e93ea29-3bab-47ea-b978-c91480873532", - "type": "column" + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a", + "type": "index-pattern" }, - "orderDirection": "desc", - "otherBucket": true, - "size": 3 - }, - "scale": "ordinal", - "sourceField": "event.kind" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "axisTitlesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true - }, - "fittingFunction": "None", - "gridlinesVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true + { + "id": "logs-*", + "name": "filter-index-pattern-0", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "formBased": { + "layers": { + "454630b2-cff5-45ab-9cfc-ec19c5aeb97a": { + "columnOrder": [ + "b6504f22-c6eb-439d-bb4d-a3acc2b5de34", + "775a9e84-2203-42bf-a775-f60ad2cd84ae" + ], + "columns": { + "775a9e84-2203-42bf-a775-f60ad2cd84ae": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Unique Network Protocols", + "operationType": "unique_count", + "scale": "ratio", + "sourceField": "network.protocol" + }, + "b6504f22-c6eb-439d-bb4d-a3acc2b5de34": { + "dataType": "number", + "isBucketed": false, + "label": "Unique count of network.protocol", + "operationType": "unique_count", + "scale": "ratio", + "sourceField": "network.protocol" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "key": "event.kind", + "negate": false, + "params": { + "query": "event" + }, + "type": "phrase", + "index": "filter-index-pattern-0" + }, + "query": { + "match_phrase": { + "event.kind": "event" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "accessor": "775a9e84-2203-42bf-a775-f60ad2cd84ae", + "layerId": "454630b2-cff5-45ab-9cfc-ec19c5aeb97a", + "layerType": "data", + "textAlign": "center", + "titlePosition": "bottom", + "size": "xl" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsLegacyMetric" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" }, - "labelsOrientation": { - "x": 0, - "yLeft": 0, - "yRight": 0 + "title": "Unique Network Protocols" + }, + { + "version": "8.6.0", + "type": "lens", + "gridData": { + "h": 16, + "i": "f933435c-1f7d-4cb0-87eb-6c23c6ad6dbb", + "w": 28, + "x": 0, + "y": 14 }, - "layers": [ - { - "accessors": [ - "6e93ea29-3bab-47ea-b978-c91480873532" - ], - "layerId": "b2bc813b-af38-4aac-bf1f-7d3b6f3aa51c", - "layerType": "data", - "position": "top", - "seriesType": "bar_horizontal", - "showGridlines": false, - "splitAccessor": "de9ad2be-a35d-4e4c-a6ac-4a1b2dcc2c0b", - "xAccessor": "7ea404e0-e31f-4216-a626-ee830469e97b" - } - ], - "legend": { - "isVisible": true, - "position": "right", - "legendSize": "auto" + "panelIndex": "f933435c-1f7d-4cb0-87eb-6c23c6ad6dbb", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-8c1d8a18-0da5-431f-8faf-f72f028b10de", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "formBased": { + "layers": { + "8c1d8a18-0da5-431f-8faf-f72f028b10de": { + "columnOrder": [ + "995b44f7-a7f2-474a-b080-bc5e61834c85", + "ac103bf9-1072-42f9-88e1-645355cfab7d", + "d75176b0-fe18-4834-8be1-876ae441c8f9" + ], + "columns": { + "995b44f7-a7f2-474a-b080-bc5e61834c85": { + "dataType": "string", + "isBucketed": true, + "label": "Cvalues of event.kind", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "d75176b0-fe18-4834-8be1-876ae441c8f9", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 3 + }, + "scale": "ordinal", + "sourceField": "event.kind" + }, + "ac103bf9-1072-42f9-88e1-645355cfab7d": { + "dataType": "date", + "isBucketed": true, + "label": "@timestamp", + "operationType": "date_histogram", + "params": { + "interval": "auto", + "includeEmptyRows": true + }, + "scale": "interval", + "sourceField": "@timestamp" + }, + "d75176b0-fe18-4834-8be1-876ae441c8f9": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 + }, + "layers": [ + { + "accessors": [ + "d75176b0-fe18-4834-8be1-876ae441c8f9" + ], + "layerId": "8c1d8a18-0da5-431f-8faf-f72f028b10de", + "layerType": "data", + "position": "top", + "seriesType": "line", + "showGridlines": false, + "splitAccessor": "995b44f7-a7f2-474a-b080-bc5e61834c85", + "xAccessor": "ac103bf9-1072-42f9-88e1-645355cfab7d" + } + ], + "legend": { + "isVisible": true, + "position": "right", + "legendSize": "auto" + }, + "preferredSeriesType": "line", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "valueLabels": "hide", + "yLeftExtent": { + "mode": "full" + }, + "yRightExtent": { + "mode": "full" + } + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" }, - "preferredSeriesType": "bar_horizontal", - "tickLabelsVisibilitySettings": { - "x": true, - "yLeft": true, - "yRight": true + "title": "Events" + }, + { + "version": "8.6.0", + "type": "lens", + "gridData": { + "h": 16, + "i": "bcfbc5f5-fd40-48e3-937d-965fcb8a5585", + "w": 20, + "x": 28, + "y": 14 }, - "valueLabels": "hide", - "yLeftExtent": { - "mode": "full" + "panelIndex": "bcfbc5f5-fd40-48e3-937d-965fcb8a5585", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-b2bc813b-af38-4aac-bf1f-7d3b6f3aa51c", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "formBased": { + "layers": { + "b2bc813b-af38-4aac-bf1f-7d3b6f3aa51c": { + "columnOrder": [ + "7ea404e0-e31f-4216-a626-ee830469e97b", + "de9ad2be-a35d-4e4c-a6ac-4a1b2dcc2c0b", + "6e93ea29-3bab-47ea-b978-c91480873532" + ], + "columns": { + "6e93ea29-3bab-47ea-b978-c91480873532": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "scale": "ratio", + "sourceField": "___records___" + }, + "7ea404e0-e31f-4216-a626-ee830469e97b": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Firewalls", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "6e93ea29-3bab-47ea-b978-c91480873532", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "observer.name" + }, + "de9ad2be-a35d-4e4c-a6ac-4a1b2dcc2c0b": { + "dataType": "string", + "isBucketed": true, + "label": "Top values of event.kind", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "6e93ea29-3bab-47ea-b978-c91480873532", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 3 + }, + "scale": "ordinal", + "sourceField": "event.kind" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "fittingFunction": "None", + "gridlinesVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "labelsOrientation": { + "x": 0, + "yLeft": 0, + "yRight": 0 + }, + "layers": [ + { + "accessors": [ + "6e93ea29-3bab-47ea-b978-c91480873532" + ], + "layerId": "b2bc813b-af38-4aac-bf1f-7d3b6f3aa51c", + "layerType": "data", + "position": "top", + "seriesType": "bar_horizontal", + "showGridlines": false, + "splitAccessor": "de9ad2be-a35d-4e4c-a6ac-4a1b2dcc2c0b", + "xAccessor": "7ea404e0-e31f-4216-a626-ee830469e97b" + } + ], + "legend": { + "isVisible": true, + "position": "right", + "legendSize": "auto" + }, + "preferredSeriesType": "bar_horizontal", + "tickLabelsVisibilitySettings": { + "x": true, + "yLeft": true, + "yRight": true + }, + "valueLabels": "hide", + "yLeftExtent": { + "mode": "full" + }, + "yRightExtent": { + "mode": "full" + } + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsXY" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" }, - "yRightExtent": { - "mode": "full" - } - } + "title": "Total Events by Firewall" }, - "title": "", - "type": "lens", - "visualizationType": "lnsXY" - }, - "enhancements": {}, - "hidePanelTitles": false, - "type": "lens" + { + "version": "7.16.0", + "type": "search", + "gridData": { + "h": 17, + "i": "eca6f69d-bee2-4e17-bdb9-4852f3056957", + "w": 48, + "x": 0, + "y": 30 + }, + "panelIndex": "eca6f69d-bee2-4e17-bdb9-4852f3056957", + "embeddableConfig": { + "enhancements": {}, + "hidePanelTitles": false + }, + "title": "Firewall Logs", + "panelRefName": "panel_eca6f69d-bee2-4e17-bdb9-4852f3056957" + } + ], + "timeRestore": false, + "title": "[Logs Azure] Firewall Overview", + "version": 1 + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "e8d2a7be-bc2a-4ca5-ae71-5273156084b3:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "e8d2a7be-bc2a-4ca5-ae71-5273156084b3:indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "e8d2a7be-bc2a-4ca5-ae71-5273156084b3:filter-index-pattern-0", + "type": "index-pattern" }, - "title": "Total Events by Firewall" - }, - { - "version": "7.16.0", - "type": "search", - "gridData": { - "h": 17, - "i": "eca6f69d-bee2-4e17-bdb9-4852f3056957", - "w": 48, - "x": 0, - "y": 30 + { + "id": "logs-*", + "name": "3fc05a86-0b0d-435d-9df5-a5423225d5e5:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "panelIndex": "eca6f69d-bee2-4e17-bdb9-4852f3056957", - "embeddableConfig": { - "enhancements": {}, - "hidePanelTitles": false + { + "id": "logs-*", + "name": "3fc05a86-0b0d-435d-9df5-a5423225d5e5:indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a", + "type": "index-pattern" }, - "title": "Firewall Logs", - "panelRefName": "panel_eca6f69d-bee2-4e17-bdb9-4852f3056957" - } + { + "id": "logs-*", + "name": "3fc05a86-0b0d-435d-9df5-a5423225d5e5:filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "3fc05a86-0b0d-435d-9df5-a5423225d5e5:filter-index-pattern-1", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "dfcf4383-4ce2-42a2-b0a9-a48dbf39db64:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "dfcf4383-4ce2-42a2-b0a9-a48dbf39db64:indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "dfcf4383-4ce2-42a2-b0a9-a48dbf39db64:filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "dfcf4383-4ce2-42a2-b0a9-a48dbf39db64:filter-index-pattern-1", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "54c39a08-c881-4c64-af1a-8e48867947c3:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "54c39a08-c881-4c64-af1a-8e48867947c3:indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "b9d7f8b6-deb6-4d46-ad11-7793dd783012:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "b9d7f8b6-deb6-4d46-ad11-7793dd783012:indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "83dde1a0-0605-4c05-9bd2-1f2686cd7007:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "83dde1a0-0605-4c05-9bd2-1f2686cd7007:indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "83dde1a0-0605-4c05-9bd2-1f2686cd7007:filter-index-pattern-0", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "f933435c-1f7d-4cb0-87eb-6c23c6ad6dbb:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "f933435c-1f7d-4cb0-87eb-6c23c6ad6dbb:indexpattern-datasource-layer-8c1d8a18-0da5-431f-8faf-f72f028b10de", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "bcfbc5f5-fd40-48e3-937d-965fcb8a5585:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "bcfbc5f5-fd40-48e3-937d-965fcb8a5585:indexpattern-datasource-layer-b2bc813b-af38-4aac-bf1f-7d3b6f3aa51c", + "type": "index-pattern" + }, + { + "id": "azure-fb61c4c0-f1a1-11ec-a5a8-bf965bcd5646", + "name": "eca6f69d-bee2-4e17-bdb9-4852f3056957:panel_eca6f69d-bee2-4e17-bdb9-4852f3056957", + "type": "search" + }, + { + "name": "controlGroup_c0dc0cdb-57cb-4bee-9a88-2b680fa911da:optionsListDataView", + "type": "index-pattern", + "id": "logs-*" + }, + { + "name": "controlGroup_fb42737f-72dc-4ace-89ac-746160498381:optionsListDataView", + "type": "index-pattern", + "id": "logs-*" + } ], - "timeRestore": false, - "title": "[Logs Azure] Firewall Overview", - "version": 1 - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "e8d2a7be-bc2a-4ca5-ae71-5273156084b3:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "e8d2a7be-bc2a-4ca5-ae71-5273156084b3:indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "e8d2a7be-bc2a-4ca5-ae71-5273156084b3:filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "3fc05a86-0b0d-435d-9df5-a5423225d5e5:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "3fc05a86-0b0d-435d-9df5-a5423225d5e5:indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "3fc05a86-0b0d-435d-9df5-a5423225d5e5:filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "3fc05a86-0b0d-435d-9df5-a5423225d5e5:filter-index-pattern-1", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "dfcf4383-4ce2-42a2-b0a9-a48dbf39db64:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "dfcf4383-4ce2-42a2-b0a9-a48dbf39db64:indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "dfcf4383-4ce2-42a2-b0a9-a48dbf39db64:filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "dfcf4383-4ce2-42a2-b0a9-a48dbf39db64:filter-index-pattern-1", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "54c39a08-c881-4c64-af1a-8e48867947c3:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "54c39a08-c881-4c64-af1a-8e48867947c3:indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "b9d7f8b6-deb6-4d46-ad11-7793dd783012:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "b9d7f8b6-deb6-4d46-ad11-7793dd783012:indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "83dde1a0-0605-4c05-9bd2-1f2686cd7007:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "83dde1a0-0605-4c05-9bd2-1f2686cd7007:indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "83dde1a0-0605-4c05-9bd2-1f2686cd7007:filter-index-pattern-0", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "f933435c-1f7d-4cb0-87eb-6c23c6ad6dbb:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "f933435c-1f7d-4cb0-87eb-6c23c6ad6dbb:indexpattern-datasource-layer-8c1d8a18-0da5-431f-8faf-f72f028b10de", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "bcfbc5f5-fd40-48e3-937d-965fcb8a5585:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "bcfbc5f5-fd40-48e3-937d-965fcb8a5585:indexpattern-datasource-layer-b2bc813b-af38-4aac-bf1f-7d3b6f3aa51c", - "type": "index-pattern" - }, - { - "id": "azure-fb61c4c0-f1a1-11ec-a5a8-bf965bcd5646", - "name": "eca6f69d-bee2-4e17-bdb9-4852f3056957:panel_eca6f69d-bee2-4e17-bdb9-4852f3056957", - "type": "search" - }, - { - "name": "controlGroup_c0dc0cdb-57cb-4bee-9a88-2b680fa911da:optionsListDataView", - "type": "index-pattern", - "id": "logs-*" + "migrationVersion": { + "dashboard": "8.6.0" }, - { - "name": "controlGroup_fb42737f-72dc-4ace-89ac-746160498381:optionsListDataView", - "type": "index-pattern", - "id": "logs-*" - } - ], - "migrationVersion": { - "dashboard": "8.6.0" - }, - "coreMigrationVersion": "8.6.1" + "coreMigrationVersion": "8.6.1" } \ No newline at end of file diff --git a/packages/azure/kibana/dashboard/azure-8731b980-f1aa-11ec-a5a8-bf965bcd5646.json b/packages/azure/kibana/dashboard/azure-8731b980-f1aa-11ec-a5a8-bf965bcd5646.json index 14eb4a96119..ce9017eb4e2 100644 --- a/packages/azure/kibana/dashboard/azure-8731b980-f1aa-11ec-a5a8-bf965bcd5646.json +++ b/packages/azure/kibana/dashboard/azure-8731b980-f1aa-11ec-a5a8-bf965bcd5646.json @@ -1,1465 +1,1465 @@ { - "id": "azure-8731b980-f1aa-11ec-a5a8-bf965bcd5646", - "type": "dashboard", - "namespaces": [ - "default" - ], - "updated_at": "2023-03-07T09:38:25.166Z", - "created_at": "2023-03-07T09:38:25.166Z", - "version": "WzExMjg0LDFd", - "attributes": { - "controlGroupInput": { - "chainingSystem": "HIERARCHICAL", - "controlStyle": "oneLine", - "ignoreParentSettingsJSON": "{\"ignoreFilters\":false,\"ignoreQuery\":false,\"ignoreTimerange\":false,\"ignoreValidations\":false}", - "panelsJSON": "{\"7cbe886c-4cc4-4fec-beff-7336b0965067\":{\"order\":0,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"cloud.account.id\",\"title\":\"Subscription\",\"id\":\"7cbe886c-4cc4-4fec-beff-7336b0965067\",\"enhancements\":{}}},\"3ae71a2b-35ee-4659-b6b5-c2ea9e1ab609\":{\"order\":1,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"observer.name\",\"title\":\"Firewall \",\"id\":\"3ae71a2b-35ee-4659-b6b5-c2ea9e1ab609\",\"enhancements\":{}}}}" - }, - "description": "Dashboard providing statistics about alerts ingested from the Azure Firewall NAT Rule Log events.", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "azure.firewall_logs" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "azure.firewall_logs" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "key": "azure.firewall.operation_name", - "negate": false, - "params": { - "query": "AzureFirewallNatRuleLog" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "azure.firewall.operation_name": "AzureFirewallNatRuleLog" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": false, - "useMargins": true - }, - "panelsJSON": [ - { - "version": "8.6.0", - "type": "visualization", - "gridData": { - "h": 14, - "i": "258f7245-5011-4f03-bcd3-cada0180dc7a", - "w": 18, - "x": 0, - "y": 0 - }, - "panelIndex": "258f7245-5011-4f03-bcd3-cada0180dc7a", - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "data": { - "aggs": [], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "description": "", - "id": "", - "params": { - "fontSize": 12, - "markdown": "**Navigation**\n\n[Overview](/app/dashboards#/view/azure-280493a0-f1a1-11ec-a5a8-bf965bcd5646) \n[Network Rule Logs](/app/dashboards#/view/azure-91224490-f1a6-11ec-a5a8-bf965bcd5646) \n**[Network NAT Rule Logs (This Page)](/app/dashboards#/view/azure-8731b980-f1aa-11ec-a5a8-bf965bcd5646)** \n[Application Rule Logs](/app/dashboards#/view/azure-1e5c9b50-f24a-11ec-a5a8-bf965bcd5646) \n[DNS Proxy Logs](/app/dashboards#/view/azure-cad82b40-f251-11ec-a5a8-bf965bcd5646)\n\n[Integrations Page](/app/integrations/detail/azure/overview?integration=firewall_logs) \n\n**Overview**\n\nThis dashboard provides an overall view of Azure Firewall Network NAT Rule Log events.", - "openLinksInNewTab": false - }, - "title": "", - "type": "markdown", - "uiState": {} - }, - "type": "visualization" - } - }, - { - "version": "8.6.0", - "type": "lens", - "gridData": { - "h": 7, - "i": "dfcf4383-4ce2-42a2-b0a9-a48dbf39db64", - "w": 6, - "x": 30, - "y": 0 + "id": "azure-8731b980-f1aa-11ec-a5a8-bf965bcd5646", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2023-03-07T09:38:25.166Z", + "created_at": "2023-03-07T09:38:25.166Z", + "version": "WzExMjg0LDFd", + "attributes": { + "controlGroupInput": { + "chainingSystem": "HIERARCHICAL", + "controlStyle": "oneLine", + "ignoreParentSettingsJSON": "{\"ignoreFilters\":false,\"ignoreQuery\":false,\"ignoreTimerange\":false,\"ignoreValidations\":false}", + "panelsJSON": "{\"7cbe886c-4cc4-4fec-beff-7336b0965067\":{\"order\":0,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"cloud.account.id\",\"title\":\"Subscription\",\"id\":\"7cbe886c-4cc4-4fec-beff-7336b0965067\",\"enhancements\":{}}},\"3ae71a2b-35ee-4659-b6b5-c2ea9e1ab609\":{\"order\":1,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"observer.name\",\"title\":\"Firewall \",\"id\":\"3ae71a2b-35ee-4659-b6b5-c2ea9e1ab609\",\"enhancements\":{}}}}" }, - "panelIndex": "dfcf4383-4ce2-42a2-b0a9-a48dbf39db64", - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "formBased": { - "layers": { - "454630b2-cff5-45ab-9cfc-ec19c5aeb97a": { - "columnOrder": [ - "fe432a5c-5813-4a13-948e-ea6d83ec8c40", - "fe432a5c-5813-4a13-948e-ea6d83ec8c40X0" - ], - "columns": { - "fe432a5c-5813-4a13-948e-ea6d83ec8c40": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Unique Source IPs", - "operationType": "formula", - "params": { - "formula": "unique_count(source.ip)", - "isFormulaBroken": false - }, - "references": [ - "fe432a5c-5813-4a13-948e-ea6d83ec8c40X0" - ], - "scale": "ratio" + "description": "Dashboard providing statistics about alerts ingested from the Azure Firewall NAT Rule Log events.", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" }, - "fe432a5c-5813-4a13-948e-ea6d83ec8c40X0": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Part of unique_count(source.ip)", - "operationType": "unique_count", - "scale": "ratio", - "sourceField": "source.ip" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "accessor": "fe432a5c-5813-4a13-948e-ea6d83ec8c40", - "layerId": "454630b2-cff5-45ab-9cfc-ec19c5aeb97a", - "layerType": "data", - "textAlign": "center", - "titlePosition": "bottom", - "size": "xl" - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsLegacyMetric" - }, - "enhancements": {}, - "hidePanelTitles": false, - "type": "lens" - }, - "title": "Unique Source IPs" - }, - { - "version": "8.6.0", - "type": "lens", - "gridData": { - "h": 7, - "i": "4c85d573-baea-49ca-bb9e-4013a0373da7", - "w": 6, - "x": 36, - "y": 7 - }, - "panelIndex": "4c85d573-baea-49ca-bb9e-4013a0373da7", - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "formBased": { - "layers": { - "454630b2-cff5-45ab-9cfc-ec19c5aeb97a": { - "columnOrder": [ - "fe432a5c-5813-4a13-948e-ea6d83ec8c40", - "fe432a5c-5813-4a13-948e-ea6d83ec8c40X0" - ], - "columns": { - "fe432a5c-5813-4a13-948e-ea6d83ec8c40": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Unique Destination IPs", - "operationType": "formula", - "params": { - "formula": "unique_count(destination.ip)", - "isFormulaBroken": false - }, - "references": [ - "fe432a5c-5813-4a13-948e-ea6d83ec8c40X0" - ], - "scale": "ratio" + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "azure.firewall_logs" + }, + "type": "phrase" }, - "fe432a5c-5813-4a13-948e-ea6d83ec8c40X0": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Part of Unique Source IPs", - "operationType": "unique_count", - "scale": "ratio", - "sourceField": "destination.ip" + "query": { + "match_phrase": { + "data_stream.dataset": "azure.firewall_logs" + } } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "accessor": "fe432a5c-5813-4a13-948e-ea6d83ec8c40", - "layerId": "454630b2-cff5-45ab-9cfc-ec19c5aeb97a", - "layerType": "data", - "textAlign": "center", - "titlePosition": "bottom", - "size": "xl" - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsLegacyMetric" - }, - "enhancements": {}, - "hidePanelTitles": false, - "type": "lens" - }, - "title": "Unique Destination IPs" - }, - { - "version": "8.6.0", - "type": "lens", - "gridData": { - "h": 7, - "i": "b0b8c30c-2096-49ee-95b3-9adbf27808e5", - "w": 6, - "x": 36, - "y": 0 - }, - "panelIndex": "b0b8c30c-2096-49ee-95b3-9adbf27808e5", - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "formBased": { - "layers": { - "454630b2-cff5-45ab-9cfc-ec19c5aeb97a": { - "columnOrder": [ - "fe432a5c-5813-4a13-948e-ea6d83ec8c40", - "fe432a5c-5813-4a13-948e-ea6d83ec8c40X0" - ], - "columns": { - "fe432a5c-5813-4a13-948e-ea6d83ec8c40": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Unique Source Countries", - "operationType": "formula", - "params": { - "formula": "unique_count(source.geo.country_name)", - "isFormulaBroken": false - }, - "references": [ - "fe432a5c-5813-4a13-948e-ea6d83ec8c40X0" - ], - "scale": "ratio" + }, + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "azure.firewall.operation_name", + "negate": false, + "params": { + "query": "AzureFirewallNatRuleLog" + }, + "type": "phrase" }, - "fe432a5c-5813-4a13-948e-ea6d83ec8c40X0": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Part of Unique Source IPs", - "operationType": "unique_count", - "scale": "ratio", - "sourceField": "source.geo.country_name" + "query": { + "match_phrase": { + "azure.firewall.operation_name": "AzureFirewallNatRuleLog" + } } - }, - "incompleteColumns": {} } - } + ], + "query": { + "language": "kuery", + "query": "" } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "accessor": "fe432a5c-5813-4a13-948e-ea6d83ec8c40", - "layerId": "454630b2-cff5-45ab-9cfc-ec19c5aeb97a", - "layerType": "data", - "textAlign": "center", - "titlePosition": "bottom", - "size": "xl" - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsLegacyMetric" - }, - "enhancements": {}, - "hidePanelTitles": false, - "type": "lens" + } }, - "title": "Unique Source Countries" - }, - { - "version": "8.6.0", - "type": "lens", - "gridData": { - "h": 7, - "i": "e0be3094-1544-4c59-858c-05320b57c3a7", - "w": 6, - "x": 30, - "y": 7 + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "useMargins": true }, - "panelIndex": "e0be3094-1544-4c59-858c-05320b57c3a7", - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "formBased": { - "layers": { - "454630b2-cff5-45ab-9cfc-ec19c5aeb97a": { - "columnOrder": [ - "fe432a5c-5813-4a13-948e-ea6d83ec8c40", - "fe432a5c-5813-4a13-948e-ea6d83ec8c40X0" - ], - "columns": { - "fe432a5c-5813-4a13-948e-ea6d83ec8c40": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Unique Destination Countries", - "operationType": "formula", - "params": { - "formula": "unique_count(destination.geo.country_name)", - "isFormulaBroken": false - }, - "references": [ - "fe432a5c-5813-4a13-948e-ea6d83ec8c40X0" - ], - "scale": "ratio" + "panelsJSON": [ + { + "version": "8.6.0", + "type": "visualization", + "gridData": { + "h": 14, + "i": "258f7245-5011-4f03-bcd3-cada0180dc7a", + "w": 18, + "x": 0, + "y": 0 + }, + "panelIndex": "258f7245-5011-4f03-bcd3-cada0180dc7a", + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } }, - "fe432a5c-5813-4a13-948e-ea6d83ec8c40X0": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Part of Unique Source Countries", - "operationType": "unique_count", - "scale": "ratio", - "sourceField": "destination.geo.country_name" - } - }, - "incompleteColumns": {} - } - } + "description": "", + "id": "", + "params": { + "fontSize": 12, + "markdown": "**Navigation**\n\n[Overview](/app/dashboards#/view/azure-280493a0-f1a1-11ec-a5a8-bf965bcd5646) \n[Network Rule Logs](/app/dashboards#/view/azure-91224490-f1a6-11ec-a5a8-bf965bcd5646) \n**[Network NAT Rule Logs (This Page)](/app/dashboards#/view/azure-8731b980-f1aa-11ec-a5a8-bf965bcd5646)** \n[Application Rule Logs](/app/dashboards#/view/azure-1e5c9b50-f24a-11ec-a5a8-bf965bcd5646) \n[DNS Proxy Logs](/app/dashboards#/view/azure-cad82b40-f251-11ec-a5a8-bf965bcd5646)\n\n[Integrations Page](/app/integrations/detail/azure/overview?integration=firewall_logs) \n\n**Overview**\n\nThis dashboard provides an overall view of Azure Firewall Network NAT Rule Log events.", + "openLinksInNewTab": false + }, + "title": "", + "type": "markdown", + "uiState": {} + }, + "type": "visualization" } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "accessor": "fe432a5c-5813-4a13-948e-ea6d83ec8c40", - "layerId": "454630b2-cff5-45ab-9cfc-ec19c5aeb97a", - "layerType": "data", - "textAlign": "center", - "titlePosition": "bottom", - "size": "xl" - } }, - "title": "", - "type": "lens", - "visualizationType": "lnsLegacyMetric" - }, - "enhancements": {}, - "hidePanelTitles": false, - "type": "lens" - }, - "title": "Unique Destination Countries" - }, - { - "version": "8.6.0", - "type": "lens", - "gridData": { - "h": 7, - "i": "673dd2b3-e271-4ad9-9b86-83e4e1070647", - "w": 6, - "x": 42, - "y": 0 - }, - "panelIndex": "673dd2b3-e271-4ad9-9b86-83e4e1070647", - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "formBased": { - "layers": { - "454630b2-cff5-45ab-9cfc-ec19c5aeb97a": { - "columnOrder": [ - "fe432a5c-5813-4a13-948e-ea6d83ec8c40", - "fe432a5c-5813-4a13-948e-ea6d83ec8c40X0" - ], - "columns": { - "fe432a5c-5813-4a13-948e-ea6d83ec8c40": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Unique Network Protocols", - "operationType": "formula", - "params": { - "formula": "unique_count(network.protocol)", - "isFormulaBroken": false - }, - "references": [ - "fe432a5c-5813-4a13-948e-ea6d83ec8c40X0" - ], - "scale": "ratio" + { + "version": "8.6.0", + "type": "lens", + "gridData": { + "h": 7, + "i": "dfcf4383-4ce2-42a2-b0a9-a48dbf39db64", + "w": 6, + "x": 30, + "y": 0 + }, + "panelIndex": "dfcf4383-4ce2-42a2-b0a9-a48dbf39db64", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "formBased": { + "layers": { + "454630b2-cff5-45ab-9cfc-ec19c5aeb97a": { + "columnOrder": [ + "fe432a5c-5813-4a13-948e-ea6d83ec8c40", + "fe432a5c-5813-4a13-948e-ea6d83ec8c40X0" + ], + "columns": { + "fe432a5c-5813-4a13-948e-ea6d83ec8c40": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Unique Source IPs", + "operationType": "formula", + "params": { + "formula": "unique_count(source.ip)", + "isFormulaBroken": false + }, + "references": [ + "fe432a5c-5813-4a13-948e-ea6d83ec8c40X0" + ], + "scale": "ratio" + }, + "fe432a5c-5813-4a13-948e-ea6d83ec8c40X0": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Part of unique_count(source.ip)", + "operationType": "unique_count", + "scale": "ratio", + "sourceField": "source.ip" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "accessor": "fe432a5c-5813-4a13-948e-ea6d83ec8c40", + "layerId": "454630b2-cff5-45ab-9cfc-ec19c5aeb97a", + "layerType": "data", + "textAlign": "center", + "titlePosition": "bottom", + "size": "xl" + } }, - "fe432a5c-5813-4a13-948e-ea6d83ec8c40X0": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Part of Unique Rules", - "operationType": "unique_count", - "scale": "ratio", - "sourceField": "network.protocol" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "accessor": "fe432a5c-5813-4a13-948e-ea6d83ec8c40", - "layerId": "454630b2-cff5-45ab-9cfc-ec19c5aeb97a", - "layerType": "data", - "textAlign": "center", - "titlePosition": "bottom", - "size": "xl" - } + "title": "", + "type": "lens", + "visualizationType": "lnsLegacyMetric" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" + }, + "title": "Unique Source IPs" }, - "title": "", - "type": "lens", - "visualizationType": "lnsLegacyMetric" - }, - "enhancements": {}, - "hidePanelTitles": false, - "type": "lens" - }, - "title": "Unique Network Protocols" - }, - { - "version": "8.6.0", - "type": "lens", - "gridData": { - "h": 14, - "i": "ce8caf3c-c830-4500-a4bf-66a9f354cd49", - "w": 12, - "x": 18, - "y": 0 - }, - "panelIndex": "ce8caf3c-c830-4500-a4bf-66a9f354cd49", - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "formBased": { - "layers": { - "a5c93c96-5038-49e1-acca-2e876257c059": { - "columnOrder": [ - "b2d72986-1818-4a93-9155-2a66cd00eca4", - "e1f00395-a8a7-42c9-9ce1-a20ec14edf63" - ], - "columns": { - "b2d72986-1818-4a93-9155-2a66cd00eca4": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Firewall", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "e1f00395-a8a7-42c9-9ce1-a20ec14edf63", - "type": "column" + { + "version": "8.6.0", + "type": "lens", + "gridData": { + "h": 7, + "i": "4c85d573-baea-49ca-bb9e-4013a0373da7", + "w": 6, + "x": 36, + "y": 7 + }, + "panelIndex": "4c85d573-baea-49ca-bb9e-4013a0373da7", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "formBased": { + "layers": { + "454630b2-cff5-45ab-9cfc-ec19c5aeb97a": { + "columnOrder": [ + "fe432a5c-5813-4a13-948e-ea6d83ec8c40", + "fe432a5c-5813-4a13-948e-ea6d83ec8c40X0" + ], + "columns": { + "fe432a5c-5813-4a13-948e-ea6d83ec8c40": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Unique Destination IPs", + "operationType": "formula", + "params": { + "formula": "unique_count(destination.ip)", + "isFormulaBroken": false + }, + "references": [ + "fe432a5c-5813-4a13-948e-ea6d83ec8c40X0" + ], + "scale": "ratio" + }, + "fe432a5c-5813-4a13-948e-ea6d83ec8c40X0": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Part of Unique Source IPs", + "operationType": "unique_count", + "scale": "ratio", + "sourceField": "destination.ip" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "observer.name" + "visualization": { + "accessor": "fe432a5c-5813-4a13-948e-ea6d83ec8c40", + "layerId": "454630b2-cff5-45ab-9cfc-ec19c5aeb97a", + "layerType": "data", + "textAlign": "center", + "titlePosition": "bottom", + "size": "xl" + } }, - "e1f00395-a8a7-42c9-9ce1-a20ec14edf63": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "scale": "ratio", - "sourceField": "___records___" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "columns": [ - { - "columnId": "b2d72986-1818-4a93-9155-2a66cd00eca4", - "isTransposed": false - }, - { - "columnId": "e1f00395-a8a7-42c9-9ce1-a20ec14edf63", - "isTransposed": false - } - ], - "layerId": "a5c93c96-5038-49e1-acca-2e876257c059", - "layerType": "data", - "rowHeight": "single", - "rowHeightLines": 1 - } + "title": "", + "type": "lens", + "visualizationType": "lnsLegacyMetric" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" + }, + "title": "Unique Destination IPs" }, - "title": "", - "type": "lens", - "visualizationType": "lnsDatatable" - }, - "enhancements": {}, - "hidePanelTitles": false, - "type": "lens" - }, - "title": "Top Event Generating Firewalls" - }, - { - "version": "8.6.0", - "type": "lens", - "gridData": { - "h": 15, - "i": "2148efa5-f130-4751-909d-6a79eed2e16b", - "w": 16, - "x": 0, - "y": 14 - }, - "panelIndex": "2148efa5-f130-4751-909d-6a79eed2e16b", - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-77c8c7dc-b073-4d7c-8403-b25ee4647152", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "formBased": { - "layers": { - "77c8c7dc-b073-4d7c-8403-b25ee4647152": { - "columnOrder": [ - "f49ff962-9e8a-4170-a0d8-54cee9438651", - "0e88e9b7-a2b1-4634-95c1-a7d38dce70a6" - ], - "columns": { - "0e88e9b7-a2b1-4634-95c1-a7d38dce70a6": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "scale": "ratio", - "sourceField": "___records___" + { + "version": "8.6.0", + "type": "lens", + "gridData": { + "h": 7, + "i": "b0b8c30c-2096-49ee-95b3-9adbf27808e5", + "w": 6, + "x": 36, + "y": 0 + }, + "panelIndex": "b0b8c30c-2096-49ee-95b3-9adbf27808e5", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "formBased": { + "layers": { + "454630b2-cff5-45ab-9cfc-ec19c5aeb97a": { + "columnOrder": [ + "fe432a5c-5813-4a13-948e-ea6d83ec8c40", + "fe432a5c-5813-4a13-948e-ea6d83ec8c40X0" + ], + "columns": { + "fe432a5c-5813-4a13-948e-ea6d83ec8c40": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Unique Source Countries", + "operationType": "formula", + "params": { + "formula": "unique_count(source.geo.country_name)", + "isFormulaBroken": false + }, + "references": [ + "fe432a5c-5813-4a13-948e-ea6d83ec8c40X0" + ], + "scale": "ratio" + }, + "fe432a5c-5813-4a13-948e-ea6d83ec8c40X0": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Part of Unique Source IPs", + "operationType": "unique_count", + "scale": "ratio", + "sourceField": "source.geo.country_name" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "accessor": "fe432a5c-5813-4a13-948e-ea6d83ec8c40", + "layerId": "454630b2-cff5-45ab-9cfc-ec19c5aeb97a", + "layerType": "data", + "textAlign": "center", + "titlePosition": "bottom", + "size": "xl" + } }, - "f49ff962-9e8a-4170-a0d8-54cee9438651": { - "dataType": "string", - "isBucketed": true, - "label": "Top values of source.geo.country_name", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "0e88e9b7-a2b1-4634-95c1-a7d38dce70a6", - "type": "column" + "title": "", + "type": "lens", + "visualizationType": "lnsLegacyMetric" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" + }, + "title": "Unique Source Countries" + }, + { + "version": "8.6.0", + "type": "lens", + "gridData": { + "h": 7, + "i": "e0be3094-1544-4c59-858c-05320b57c3a7", + "w": 6, + "x": 30, + "y": 7 + }, + "panelIndex": "e0be3094-1544-4c59-858c-05320b57c3a7", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "source.geo.country_name" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "layerId": "77c8c7dc-b073-4d7c-8403-b25ee4647152", - "layerType": "data", - "legendDisplay": "default", - "nestedLegend": false, - "numberDisplay": "percent", - "legendSize": "auto", - "primaryGroups": [ - "f49ff962-9e8a-4170-a0d8-54cee9438651" - ], - "metrics": [ - "0e88e9b7-a2b1-4634-95c1-a7d38dce70a6" - ] - } - ], - "shape": "pie" - } + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "formBased": { + "layers": { + "454630b2-cff5-45ab-9cfc-ec19c5aeb97a": { + "columnOrder": [ + "fe432a5c-5813-4a13-948e-ea6d83ec8c40", + "fe432a5c-5813-4a13-948e-ea6d83ec8c40X0" + ], + "columns": { + "fe432a5c-5813-4a13-948e-ea6d83ec8c40": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Unique Destination Countries", + "operationType": "formula", + "params": { + "formula": "unique_count(destination.geo.country_name)", + "isFormulaBroken": false + }, + "references": [ + "fe432a5c-5813-4a13-948e-ea6d83ec8c40X0" + ], + "scale": "ratio" + }, + "fe432a5c-5813-4a13-948e-ea6d83ec8c40X0": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Part of Unique Source Countries", + "operationType": "unique_count", + "scale": "ratio", + "sourceField": "destination.geo.country_name" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "accessor": "fe432a5c-5813-4a13-948e-ea6d83ec8c40", + "layerId": "454630b2-cff5-45ab-9cfc-ec19c5aeb97a", + "layerType": "data", + "textAlign": "center", + "titlePosition": "bottom", + "size": "xl" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsLegacyMetric" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" + }, + "title": "Unique Destination Countries" }, - "title": "", - "type": "lens", - "visualizationType": "lnsPie" - }, - "enhancements": {}, - "hidePanelTitles": false, - "type": "lens" - }, - "title": "Top Source Countries" - }, - { - "version": "8.6.0", - "type": "lens", - "gridData": { - "h": 15, - "i": "6790d45f-4fa9-4a70-b0e1-a3e10682c852", - "w": 16, - "x": 16, - "y": 14 - }, - "panelIndex": "6790d45f-4fa9-4a70-b0e1-a3e10682c852", - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-77c8c7dc-b073-4d7c-8403-b25ee4647152", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "formBased": { - "layers": { - "77c8c7dc-b073-4d7c-8403-b25ee4647152": { - "columnOrder": [ - "f49ff962-9e8a-4170-a0d8-54cee9438651", - "0e88e9b7-a2b1-4634-95c1-a7d38dce70a6" - ], - "columns": { - "0e88e9b7-a2b1-4634-95c1-a7d38dce70a6": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "scale": "ratio", - "sourceField": "___records___" + { + "version": "8.6.0", + "type": "lens", + "gridData": { + "h": 7, + "i": "673dd2b3-e271-4ad9-9b86-83e4e1070647", + "w": 6, + "x": 42, + "y": 0 + }, + "panelIndex": "673dd2b3-e271-4ad9-9b86-83e4e1070647", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "formBased": { + "layers": { + "454630b2-cff5-45ab-9cfc-ec19c5aeb97a": { + "columnOrder": [ + "fe432a5c-5813-4a13-948e-ea6d83ec8c40", + "fe432a5c-5813-4a13-948e-ea6d83ec8c40X0" + ], + "columns": { + "fe432a5c-5813-4a13-948e-ea6d83ec8c40": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Unique Network Protocols", + "operationType": "formula", + "params": { + "formula": "unique_count(network.protocol)", + "isFormulaBroken": false + }, + "references": [ + "fe432a5c-5813-4a13-948e-ea6d83ec8c40X0" + ], + "scale": "ratio" + }, + "fe432a5c-5813-4a13-948e-ea6d83ec8c40X0": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Part of Unique Rules", + "operationType": "unique_count", + "scale": "ratio", + "sourceField": "network.protocol" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "accessor": "fe432a5c-5813-4a13-948e-ea6d83ec8c40", + "layerId": "454630b2-cff5-45ab-9cfc-ec19c5aeb97a", + "layerType": "data", + "textAlign": "center", + "titlePosition": "bottom", + "size": "xl" + } }, - "f49ff962-9e8a-4170-a0d8-54cee9438651": { - "dataType": "string", - "isBucketed": true, - "label": "Top values of destination.geo.country_name", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "0e88e9b7-a2b1-4634-95c1-a7d38dce70a6", - "type": "column" + "title": "", + "type": "lens", + "visualizationType": "lnsLegacyMetric" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" + }, + "title": "Unique Network Protocols" + }, + { + "version": "8.6.0", + "type": "lens", + "gridData": { + "h": 14, + "i": "ce8caf3c-c830-4500-a4bf-66a9f354cd49", + "w": 12, + "x": 18, + "y": 0 + }, + "panelIndex": "ce8caf3c-c830-4500-a4bf-66a9f354cd49", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "destination.geo.country_name" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "layerId": "77c8c7dc-b073-4d7c-8403-b25ee4647152", - "layerType": "data", - "legendDisplay": "default", - "nestedLegend": false, - "numberDisplay": "percent", - "legendSize": "auto", - "primaryGroups": [ - "f49ff962-9e8a-4170-a0d8-54cee9438651" - ], - "metrics": [ - "0e88e9b7-a2b1-4634-95c1-a7d38dce70a6" - ] - } - ], - "shape": "pie" - } + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "formBased": { + "layers": { + "a5c93c96-5038-49e1-acca-2e876257c059": { + "columnOrder": [ + "b2d72986-1818-4a93-9155-2a66cd00eca4", + "e1f00395-a8a7-42c9-9ce1-a20ec14edf63" + ], + "columns": { + "b2d72986-1818-4a93-9155-2a66cd00eca4": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Firewall", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "e1f00395-a8a7-42c9-9ce1-a20ec14edf63", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "observer.name" + }, + "e1f00395-a8a7-42c9-9ce1-a20ec14edf63": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "columnId": "b2d72986-1818-4a93-9155-2a66cd00eca4", + "isTransposed": false + }, + { + "columnId": "e1f00395-a8a7-42c9-9ce1-a20ec14edf63", + "isTransposed": false + } + ], + "layerId": "a5c93c96-5038-49e1-acca-2e876257c059", + "layerType": "data", + "rowHeight": "single", + "rowHeightLines": 1 + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" + }, + "title": "Top Event Generating Firewalls" }, - "title": "", - "type": "lens", - "visualizationType": "lnsPie" - }, - "enhancements": {}, - "hidePanelTitles": false, - "type": "lens" - }, - "title": "Top Destination Countries" - }, - { - "version": "8.6.0", - "type": "lens", - "gridData": { - "h": 15, - "i": "f7c1e866-ba0d-45af-95bf-2736901431dc", - "w": 16, - "x": 32, - "y": 14 - }, - "panelIndex": "f7c1e866-ba0d-45af-95bf-2736901431dc", - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-77c8c7dc-b073-4d7c-8403-b25ee4647152", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "formBased": { - "layers": { - "77c8c7dc-b073-4d7c-8403-b25ee4647152": { - "columnOrder": [ - "9367ad41-b48b-438e-b4d8-2c3f85aff052", - "76f26815-f13c-4273-b52f-7c25247f2b0d", - "0e88e9b7-a2b1-4634-95c1-a7d38dce70a6" - ], - "columns": { - "0e88e9b7-a2b1-4634-95c1-a7d38dce70a6": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "scale": "ratio", - "sourceField": "___records___" + { + "version": "8.6.0", + "type": "lens", + "gridData": { + "h": 15, + "i": "2148efa5-f130-4751-909d-6a79eed2e16b", + "w": 16, + "x": 0, + "y": 14 + }, + "panelIndex": "2148efa5-f130-4751-909d-6a79eed2e16b", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-77c8c7dc-b073-4d7c-8403-b25ee4647152", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "formBased": { + "layers": { + "77c8c7dc-b073-4d7c-8403-b25ee4647152": { + "columnOrder": [ + "f49ff962-9e8a-4170-a0d8-54cee9438651", + "0e88e9b7-a2b1-4634-95c1-a7d38dce70a6" + ], + "columns": { + "0e88e9b7-a2b1-4634-95c1-a7d38dce70a6": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "scale": "ratio", + "sourceField": "___records___" + }, + "f49ff962-9e8a-4170-a0d8-54cee9438651": { + "dataType": "string", + "isBucketed": true, + "label": "Top values of source.geo.country_name", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "0e88e9b7-a2b1-4634-95c1-a7d38dce70a6", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "source.geo.country_name" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "layerId": "77c8c7dc-b073-4d7c-8403-b25ee4647152", + "layerType": "data", + "legendDisplay": "default", + "nestedLegend": false, + "numberDisplay": "percent", + "legendSize": "auto", + "primaryGroups": [ + "f49ff962-9e8a-4170-a0d8-54cee9438651" + ], + "metrics": [ + "0e88e9b7-a2b1-4634-95c1-a7d38dce70a6" + ] + } + ], + "shape": "pie" + } }, - "76f26815-f13c-4273-b52f-7c25247f2b0d": { - "dataType": "string", - "isBucketed": true, - "label": "Top values of network.protocol", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "0e88e9b7-a2b1-4634-95c1-a7d38dce70a6", - "type": "column" + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" + }, + "title": "Top Source Countries" + }, + { + "version": "8.6.0", + "type": "lens", + "gridData": { + "h": 15, + "i": "6790d45f-4fa9-4a70-b0e1-a3e10682c852", + "w": 16, + "x": 16, + "y": 14 + }, + "panelIndex": "6790d45f-4fa9-4a70-b0e1-a3e10682c852", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-77c8c7dc-b073-4d7c-8403-b25ee4647152", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "formBased": { + "layers": { + "77c8c7dc-b073-4d7c-8403-b25ee4647152": { + "columnOrder": [ + "f49ff962-9e8a-4170-a0d8-54cee9438651", + "0e88e9b7-a2b1-4634-95c1-a7d38dce70a6" + ], + "columns": { + "0e88e9b7-a2b1-4634-95c1-a7d38dce70a6": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "scale": "ratio", + "sourceField": "___records___" + }, + "f49ff962-9e8a-4170-a0d8-54cee9438651": { + "dataType": "string", + "isBucketed": true, + "label": "Top values of destination.geo.country_name", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "0e88e9b7-a2b1-4634-95c1-a7d38dce70a6", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "destination.geo.country_name" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "network.protocol" + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "layerId": "77c8c7dc-b073-4d7c-8403-b25ee4647152", + "layerType": "data", + "legendDisplay": "default", + "nestedLegend": false, + "numberDisplay": "percent", + "legendSize": "auto", + "primaryGroups": [ + "f49ff962-9e8a-4170-a0d8-54cee9438651" + ], + "metrics": [ + "0e88e9b7-a2b1-4634-95c1-a7d38dce70a6" + ] + } + ], + "shape": "pie" + } }, - "9367ad41-b48b-438e-b4d8-2c3f85aff052": { - "dataType": "string", - "isBucketed": true, - "label": "Top values of network.transport", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "0e88e9b7-a2b1-4634-95c1-a7d38dce70a6", - "type": "column" + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" + }, + "title": "Top Destination Countries" + }, + { + "version": "8.6.0", + "type": "lens", + "gridData": { + "h": 15, + "i": "f7c1e866-ba0d-45af-95bf-2736901431dc", + "w": 16, + "x": 32, + "y": 14 + }, + "panelIndex": "f7c1e866-ba0d-45af-95bf-2736901431dc", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "orderDirection": "desc", - "otherBucket": true, - "size": 3 - }, - "scale": "ordinal", - "sourceField": "network.transport" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "layerId": "77c8c7dc-b073-4d7c-8403-b25ee4647152", - "layerType": "data", - "legendDisplay": "default", - "nestedLegend": false, - "numberDisplay": "percent", - "legendSize": "auto", - "primaryGroups": [ - "76f26815-f13c-4273-b52f-7c25247f2b0d", - "76f26815-f13c-4273-b52f-7c25247f2b0d", - "9367ad41-b48b-438e-b4d8-2c3f85aff052", - "76f26815-f13c-4273-b52f-7c25247f2b0d", - "76f26815-f13c-4273-b52f-7c25247f2b0d", - "76f26815-f13c-4273-b52f-7c25247f2b0d" - ], - "metrics": [ - "0e88e9b7-a2b1-4634-95c1-a7d38dce70a6" - ] - } - ], - "shape": "donut" - } + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-77c8c7dc-b073-4d7c-8403-b25ee4647152", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "formBased": { + "layers": { + "77c8c7dc-b073-4d7c-8403-b25ee4647152": { + "columnOrder": [ + "9367ad41-b48b-438e-b4d8-2c3f85aff052", + "76f26815-f13c-4273-b52f-7c25247f2b0d", + "0e88e9b7-a2b1-4634-95c1-a7d38dce70a6" + ], + "columns": { + "0e88e9b7-a2b1-4634-95c1-a7d38dce70a6": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "scale": "ratio", + "sourceField": "___records___" + }, + "76f26815-f13c-4273-b52f-7c25247f2b0d": { + "dataType": "string", + "isBucketed": true, + "label": "Top values of network.protocol", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "0e88e9b7-a2b1-4634-95c1-a7d38dce70a6", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "network.protocol" + }, + "9367ad41-b48b-438e-b4d8-2c3f85aff052": { + "dataType": "string", + "isBucketed": true, + "label": "Top values of network.transport", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "0e88e9b7-a2b1-4634-95c1-a7d38dce70a6", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 3 + }, + "scale": "ordinal", + "sourceField": "network.transport" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "layerId": "77c8c7dc-b073-4d7c-8403-b25ee4647152", + "layerType": "data", + "legendDisplay": "default", + "nestedLegend": false, + "numberDisplay": "percent", + "legendSize": "auto", + "primaryGroups": [ + "76f26815-f13c-4273-b52f-7c25247f2b0d", + "76f26815-f13c-4273-b52f-7c25247f2b0d", + "9367ad41-b48b-438e-b4d8-2c3f85aff052", + "76f26815-f13c-4273-b52f-7c25247f2b0d", + "76f26815-f13c-4273-b52f-7c25247f2b0d", + "76f26815-f13c-4273-b52f-7c25247f2b0d" + ], + "metrics": [ + "0e88e9b7-a2b1-4634-95c1-a7d38dce70a6" + ] + } + ], + "shape": "donut" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" + }, + "title": "Network Protocols and Applications" }, - "title": "", - "type": "lens", - "visualizationType": "lnsPie" - }, - "enhancements": {}, - "hidePanelTitles": false, - "type": "lens" - }, - "title": "Network Protocols and Applications" - }, - { - "version": "8.6.0", - "type": "lens", - "gridData": { - "h": 11, - "i": "9609e04b-0043-4b3a-a31b-a2461c1e3dcb", - "w": 16, - "x": 0, - "y": 29 - }, - "panelIndex": "9609e04b-0043-4b3a-a31b-a2461c1e3dcb", - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "formBased": { - "layers": { - "a5c93c96-5038-49e1-acca-2e876257c059": { - "columnOrder": [ - "63e483b4-0ce2-4f05-92a2-8e699650d64c", - "915adad5-4455-40d4-a9cd-0702da79189c" - ], - "columns": { - "63e483b4-0ce2-4f05-92a2-8e699650d64c": { - "customLabel": true, - "dataType": "ip", - "isBucketed": true, - "label": "Source IP", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "915adad5-4455-40d4-a9cd-0702da79189c", - "type": "column" + { + "version": "8.6.0", + "type": "lens", + "gridData": { + "h": 11, + "i": "9609e04b-0043-4b3a-a31b-a2461c1e3dcb", + "w": 16, + "x": 0, + "y": 29 + }, + "panelIndex": "9609e04b-0043-4b3a-a31b-a2461c1e3dcb", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "formBased": { + "layers": { + "a5c93c96-5038-49e1-acca-2e876257c059": { + "columnOrder": [ + "63e483b4-0ce2-4f05-92a2-8e699650d64c", + "915adad5-4455-40d4-a9cd-0702da79189c" + ], + "columns": { + "63e483b4-0ce2-4f05-92a2-8e699650d64c": { + "customLabel": true, + "dataType": "ip", + "isBucketed": true, + "label": "Source IP", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "915adad5-4455-40d4-a9cd-0702da79189c", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "source.ip" + }, + "915adad5-4455-40d4-a9cd-0702da79189c": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + } }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "source.ip" + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "columnId": "915adad5-4455-40d4-a9cd-0702da79189c", + "isTransposed": false + }, + { + "columnId": "63e483b4-0ce2-4f05-92a2-8e699650d64c", + "isTransposed": false + } + ], + "layerId": "a5c93c96-5038-49e1-acca-2e876257c059", + "layerType": "data", + "rowHeight": "single", + "rowHeightLines": 1 + } }, - "915adad5-4455-40d4-a9cd-0702da79189c": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "scale": "ratio", - "sourceField": "___records___" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "columns": [ - { - "columnId": "915adad5-4455-40d4-a9cd-0702da79189c", - "isTransposed": false - }, - { - "columnId": "63e483b4-0ce2-4f05-92a2-8e699650d64c", - "isTransposed": false - } - ], - "layerId": "a5c93c96-5038-49e1-acca-2e876257c059", - "layerType": "data", - "rowHeight": "single", - "rowHeightLines": 1 - } + "title": "", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" + }, + "title": "Top Event Source IPs" }, - "title": "", - "type": "lens", - "visualizationType": "lnsDatatable" - }, - "enhancements": {}, - "hidePanelTitles": false, - "type": "lens" - }, - "title": "Top Event Source IPs" - }, - { - "version": "8.6.0", - "type": "lens", - "gridData": { - "h": 11, - "i": "8a1bd282-e360-473d-b26d-e73f2b470c81", - "w": 16, - "x": 16, - "y": 29 - }, - "panelIndex": "8a1bd282-e360-473d-b26d-e73f2b470c81", - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "formBased": { - "layers": { - "a5c93c96-5038-49e1-acca-2e876257c059": { - "columnOrder": [ - "63e483b4-0ce2-4f05-92a2-8e699650d64c", - "915adad5-4455-40d4-a9cd-0702da79189c" - ], - "columns": { - "63e483b4-0ce2-4f05-92a2-8e699650d64c": { - "customLabel": true, - "dataType": "ip", - "isBucketed": true, - "label": "Destination IP", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "915adad5-4455-40d4-a9cd-0702da79189c", - "type": "column" + { + "version": "8.6.0", + "type": "lens", + "gridData": { + "h": 11, + "i": "8a1bd282-e360-473d-b26d-e73f2b470c81", + "w": 16, + "x": 16, + "y": 29 + }, + "panelIndex": "8a1bd282-e360-473d-b26d-e73f2b470c81", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "formBased": { + "layers": { + "a5c93c96-5038-49e1-acca-2e876257c059": { + "columnOrder": [ + "63e483b4-0ce2-4f05-92a2-8e699650d64c", + "915adad5-4455-40d4-a9cd-0702da79189c" + ], + "columns": { + "63e483b4-0ce2-4f05-92a2-8e699650d64c": { + "customLabel": true, + "dataType": "ip", + "isBucketed": true, + "label": "Destination IP", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "915adad5-4455-40d4-a9cd-0702da79189c", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "destination.ip" + }, + "915adad5-4455-40d4-a9cd-0702da79189c": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "destination.ip" + "visualization": { + "columns": [ + { + "columnId": "915adad5-4455-40d4-a9cd-0702da79189c", + "isTransposed": false + }, + { + "columnId": "63e483b4-0ce2-4f05-92a2-8e699650d64c", + "isTransposed": false + } + ], + "layerId": "a5c93c96-5038-49e1-acca-2e876257c059", + "layerType": "data", + "rowHeight": "single", + "rowHeightLines": 1 + } }, - "915adad5-4455-40d4-a9cd-0702da79189c": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "scale": "ratio", - "sourceField": "___records___" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "columns": [ - { - "columnId": "915adad5-4455-40d4-a9cd-0702da79189c", - "isTransposed": false - }, - { - "columnId": "63e483b4-0ce2-4f05-92a2-8e699650d64c", - "isTransposed": false - } - ], - "layerId": "a5c93c96-5038-49e1-acca-2e876257c059", - "layerType": "data", - "rowHeight": "single", - "rowHeightLines": 1 - } + "title": "", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" + }, + "title": "Top Event Destination IPs" }, - "title": "", - "type": "lens", - "visualizationType": "lnsDatatable" - }, - "enhancements": {}, - "hidePanelTitles": false, - "type": "lens" - }, - "title": "Top Event Destination IPs" - }, - { - "version": "8.6.0", - "type": "lens", - "gridData": { - "h": 11, - "i": "3b9a2a5f-1226-415c-88d5-21496508d060", - "w": 16, - "x": 32, - "y": 29 - }, - "panelIndex": "3b9a2a5f-1226-415c-88d5-21496508d060", - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "formBased": { - "layers": { - "a5c93c96-5038-49e1-acca-2e876257c059": { - "columnOrder": [ - "71a5a0d6-161e-4175-9a34-b25e8cfbf4c0", - "e1f00395-a8a7-42c9-9ce1-a20ec14edf63" - ], - "columns": { - "71a5a0d6-161e-4175-9a34-b25e8cfbf4c0": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Network Protocol", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "e1f00395-a8a7-42c9-9ce1-a20ec14edf63", - "type": "column" + { + "version": "8.6.0", + "type": "lens", + "gridData": { + "h": 11, + "i": "3b9a2a5f-1226-415c-88d5-21496508d060", + "w": 16, + "x": 32, + "y": 29 + }, + "panelIndex": "3b9a2a5f-1226-415c-88d5-21496508d060", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "formBased": { + "layers": { + "a5c93c96-5038-49e1-acca-2e876257c059": { + "columnOrder": [ + "71a5a0d6-161e-4175-9a34-b25e8cfbf4c0", + "e1f00395-a8a7-42c9-9ce1-a20ec14edf63" + ], + "columns": { + "71a5a0d6-161e-4175-9a34-b25e8cfbf4c0": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Network Protocol", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "e1f00395-a8a7-42c9-9ce1-a20ec14edf63", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "network.protocol" + }, + "e1f00395-a8a7-42c9-9ce1-a20ec14edf63": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "network.protocol" + "visualization": { + "columns": [ + { + "columnId": "71a5a0d6-161e-4175-9a34-b25e8cfbf4c0", + "isTransposed": false + }, + { + "columnId": "e1f00395-a8a7-42c9-9ce1-a20ec14edf63", + "isTransposed": false + } + ], + "layerId": "a5c93c96-5038-49e1-acca-2e876257c059", + "layerType": "data", + "rowHeight": "single", + "rowHeightLines": 1 + } }, - "e1f00395-a8a7-42c9-9ce1-a20ec14edf63": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "scale": "ratio", - "sourceField": "___records___" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "columns": [ - { - "columnId": "71a5a0d6-161e-4175-9a34-b25e8cfbf4c0", - "isTransposed": false - }, - { - "columnId": "e1f00395-a8a7-42c9-9ce1-a20ec14edf63", - "isTransposed": false - } - ], - "layerId": "a5c93c96-5038-49e1-acca-2e876257c059", - "layerType": "data", - "rowHeight": "single", - "rowHeightLines": 1 - } + "title": "", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" + }, + "title": "Top Network Protocols" }, - "title": "", - "type": "lens", - "visualizationType": "lnsDatatable" - }, - "enhancements": {}, - "hidePanelTitles": false, - "type": "lens" + { + "version": "7.16.0", + "type": "search", + "gridData": { + "h": 18, + "i": "6923a967-09ff-4f14-ad5f-46a491efb566", + "w": 48, + "x": 0, + "y": 40 + }, + "panelIndex": "6923a967-09ff-4f14-ad5f-46a491efb566", + "embeddableConfig": { + "enhancements": {} + }, + "panelRefName": "panel_6923a967-09ff-4f14-ad5f-46a491efb566" + } + ], + "timeRestore": false, + "title": "[Logs Azure] Firewall Network NAT Rule Log", + "version": 1 + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "dfcf4383-4ce2-42a2-b0a9-a48dbf39db64:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "dfcf4383-4ce2-42a2-b0a9-a48dbf39db64:indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "4c85d573-baea-49ca-bb9e-4013a0373da7:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "4c85d573-baea-49ca-bb9e-4013a0373da7:indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "b0b8c30c-2096-49ee-95b3-9adbf27808e5:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "b0b8c30c-2096-49ee-95b3-9adbf27808e5:indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "e0be3094-1544-4c59-858c-05320b57c3a7:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "e0be3094-1544-4c59-858c-05320b57c3a7:indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a", + "type": "index-pattern" }, - "title": "Top Network Protocols" - }, - { - "version": "7.16.0", - "type": "search", - "gridData": { - "h": 18, - "i": "6923a967-09ff-4f14-ad5f-46a491efb566", - "w": 48, - "x": 0, - "y": 40 + { + "id": "logs-*", + "name": "673dd2b3-e271-4ad9-9b86-83e4e1070647:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "panelIndex": "6923a967-09ff-4f14-ad5f-46a491efb566", - "embeddableConfig": { - "enhancements": {} + { + "id": "logs-*", + "name": "673dd2b3-e271-4ad9-9b86-83e4e1070647:indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a", + "type": "index-pattern" }, - "panelRefName": "panel_6923a967-09ff-4f14-ad5f-46a491efb566" - } + { + "id": "logs-*", + "name": "ce8caf3c-c830-4500-a4bf-66a9f354cd49:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "ce8caf3c-c830-4500-a4bf-66a9f354cd49:indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "2148efa5-f130-4751-909d-6a79eed2e16b:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "2148efa5-f130-4751-909d-6a79eed2e16b:indexpattern-datasource-layer-77c8c7dc-b073-4d7c-8403-b25ee4647152", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "6790d45f-4fa9-4a70-b0e1-a3e10682c852:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "6790d45f-4fa9-4a70-b0e1-a3e10682c852:indexpattern-datasource-layer-77c8c7dc-b073-4d7c-8403-b25ee4647152", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "f7c1e866-ba0d-45af-95bf-2736901431dc:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "f7c1e866-ba0d-45af-95bf-2736901431dc:indexpattern-datasource-layer-77c8c7dc-b073-4d7c-8403-b25ee4647152", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "9609e04b-0043-4b3a-a31b-a2461c1e3dcb:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "9609e04b-0043-4b3a-a31b-a2461c1e3dcb:indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "8a1bd282-e360-473d-b26d-e73f2b470c81:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "8a1bd282-e360-473d-b26d-e73f2b470c81:indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "3b9a2a5f-1226-415c-88d5-21496508d060:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "3b9a2a5f-1226-415c-88d5-21496508d060:indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059", + "type": "index-pattern" + }, + { + "id": "azure-252228a0-f1ab-11ec-a5a8-bf965bcd5646", + "name": "6923a967-09ff-4f14-ad5f-46a491efb566:panel_6923a967-09ff-4f14-ad5f-46a491efb566", + "type": "search" + }, + { + "name": "controlGroup_7cbe886c-4cc4-4fec-beff-7336b0965067:optionsListDataView", + "type": "index-pattern", + "id": "logs-*" + }, + { + "name": "controlGroup_3ae71a2b-35ee-4659-b6b5-c2ea9e1ab609:optionsListDataView", + "type": "index-pattern", + "id": "logs-*" + } ], - "timeRestore": false, - "title": "[Logs Azure] Firewall Network NAT Rule Log", - "version": 1 - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "dfcf4383-4ce2-42a2-b0a9-a48dbf39db64:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "dfcf4383-4ce2-42a2-b0a9-a48dbf39db64:indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "4c85d573-baea-49ca-bb9e-4013a0373da7:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "4c85d573-baea-49ca-bb9e-4013a0373da7:indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "b0b8c30c-2096-49ee-95b3-9adbf27808e5:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "b0b8c30c-2096-49ee-95b3-9adbf27808e5:indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "e0be3094-1544-4c59-858c-05320b57c3a7:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "e0be3094-1544-4c59-858c-05320b57c3a7:indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "673dd2b3-e271-4ad9-9b86-83e4e1070647:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "673dd2b3-e271-4ad9-9b86-83e4e1070647:indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "ce8caf3c-c830-4500-a4bf-66a9f354cd49:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "ce8caf3c-c830-4500-a4bf-66a9f354cd49:indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "2148efa5-f130-4751-909d-6a79eed2e16b:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "2148efa5-f130-4751-909d-6a79eed2e16b:indexpattern-datasource-layer-77c8c7dc-b073-4d7c-8403-b25ee4647152", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "6790d45f-4fa9-4a70-b0e1-a3e10682c852:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "6790d45f-4fa9-4a70-b0e1-a3e10682c852:indexpattern-datasource-layer-77c8c7dc-b073-4d7c-8403-b25ee4647152", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "f7c1e866-ba0d-45af-95bf-2736901431dc:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "f7c1e866-ba0d-45af-95bf-2736901431dc:indexpattern-datasource-layer-77c8c7dc-b073-4d7c-8403-b25ee4647152", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "9609e04b-0043-4b3a-a31b-a2461c1e3dcb:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "9609e04b-0043-4b3a-a31b-a2461c1e3dcb:indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "8a1bd282-e360-473d-b26d-e73f2b470c81:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "8a1bd282-e360-473d-b26d-e73f2b470c81:indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "3b9a2a5f-1226-415c-88d5-21496508d060:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "3b9a2a5f-1226-415c-88d5-21496508d060:indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059", - "type": "index-pattern" - }, - { - "id": "azure-252228a0-f1ab-11ec-a5a8-bf965bcd5646", - "name": "6923a967-09ff-4f14-ad5f-46a491efb566:panel_6923a967-09ff-4f14-ad5f-46a491efb566", - "type": "search" - }, - { - "name": "controlGroup_7cbe886c-4cc4-4fec-beff-7336b0965067:optionsListDataView", - "type": "index-pattern", - "id": "logs-*" + "migrationVersion": { + "dashboard": "8.6.0" }, - { - "name": "controlGroup_3ae71a2b-35ee-4659-b6b5-c2ea9e1ab609:optionsListDataView", - "type": "index-pattern", - "id": "logs-*" - } - ], - "migrationVersion": { - "dashboard": "8.6.0" - }, - "coreMigrationVersion": "8.6.1" + "coreMigrationVersion": "8.6.1" } \ No newline at end of file diff --git a/packages/azure/kibana/dashboard/azure-91224490-f1a6-11ec-a5a8-bf965bcd5646.json b/packages/azure/kibana/dashboard/azure-91224490-f1a6-11ec-a5a8-bf965bcd5646.json index 47244bcd7e9..e2c5db6a750 100644 --- a/packages/azure/kibana/dashboard/azure-91224490-f1a6-11ec-a5a8-bf965bcd5646.json +++ b/packages/azure/kibana/dashboard/azure-91224490-f1a6-11ec-a5a8-bf965bcd5646.json @@ -1,1474 +1,1474 @@ { - "id": "azure-91224490-f1a6-11ec-a5a8-bf965bcd5646", - "type": "dashboard", - "namespaces": [ - "default" - ], - "updated_at": "2023-03-07T09:38:25.166Z", - "created_at": "2023-03-07T09:38:25.166Z", - "version": "WzExMjg1LDFd", - "attributes": { - "controlGroupInput": { - "chainingSystem": "HIERARCHICAL", - "controlStyle": "oneLine", - "ignoreParentSettingsJSON": "{\"ignoreFilters\":false,\"ignoreQuery\":false,\"ignoreTimerange\":false,\"ignoreValidations\":false}", - "panelsJSON": "{\"7cbe886c-4cc4-4fec-beff-7336b0965067\":{\"order\":0,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"cloud.account.id\",\"title\":\"Subscription\",\"id\":\"7cbe886c-4cc4-4fec-beff-7336b0965067\",\"enhancements\":{}}},\"3ae71a2b-35ee-4659-b6b5-c2ea9e1ab609\":{\"order\":1,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"observer.name\",\"title\":\"Observer name\",\"id\":\"3ae71a2b-35ee-4659-b6b5-c2ea9e1ab609\",\"enhancements\":{}}}}" - }, - "description": "Dashboard providing statistics about alerts ingested from Azure Firewall Network Rule Log events.", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [ - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "azure.firewall_logs" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "azure.firewall_logs" - } - } - }, - { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "key": "azure.firewall.operation_name", - "negate": false, - "params": { - "query": "AzureFirewallNetworkRuleLog" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "azure.firewall.operation_name": "AzureFirewallNetworkRuleLog" - } - } - } - ], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": false, - "useMargins": true - }, - "panelsJSON": [ - { - "version": "8.6.0", - "type": "visualization", - "gridData": { - "h": 14, - "i": "258f7245-5011-4f03-bcd3-cada0180dc7a", - "w": 18, - "x": 0, - "y": 0 - }, - "panelIndex": "258f7245-5011-4f03-bcd3-cada0180dc7a", - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "data": { - "aggs": [], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "description": "", - "id": "", - "params": { - "fontSize": 12, - "markdown": "**Navigation**\n\n[Overview](/app/dashboards#/view/azure-280493a0-f1a1-11ec-a5a8-bf965bcd5646) \n**[Network Rule Logs (This Page)](/app/dashboards#/view/azure-91224490-f1a6-11ec-a5a8-bf965bcd5646)** \n[Network NAT Rule Logs](/app/dashboards#/view/azure-8731b980-f1aa-11ec-a5a8-bf965bcd5646) \n[Application Rule Logs](/app/dashboards#/view/azure-1e5c9b50-f24a-11ec-a5a8-bf965bcd5646) \n[DNS Proxy Logs](/app/dashboards#/view/azure-cad82b40-f251-11ec-a5a8-bf965bcd5646)\n\n[Integrations Page](/app/integrations/detail/azure/overview?integration=firewall_logs) \n\n**Overview**\n\nThis dashboard provides an overall view of Azure Firewall Network Rule Log events.", - "openLinksInNewTab": false - }, - "title": "", - "type": "markdown", - "uiState": {} - }, - "type": "visualization" - } - }, - { - "version": "8.6.0", - "type": "lens", - "gridData": { - "h": 7, - "i": "dfcf4383-4ce2-42a2-b0a9-a48dbf39db64", - "w": 6, - "x": 30, - "y": 0 + "id": "azure-91224490-f1a6-11ec-a5a8-bf965bcd5646", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2023-03-07T09:38:25.166Z", + "created_at": "2023-03-07T09:38:25.166Z", + "version": "WzExMjg1LDFd", + "attributes": { + "controlGroupInput": { + "chainingSystem": "HIERARCHICAL", + "controlStyle": "oneLine", + "ignoreParentSettingsJSON": "{\"ignoreFilters\":false,\"ignoreQuery\":false,\"ignoreTimerange\":false,\"ignoreValidations\":false}", + "panelsJSON": "{\"7cbe886c-4cc4-4fec-beff-7336b0965067\":{\"order\":0,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"cloud.account.id\",\"title\":\"Subscription\",\"id\":\"7cbe886c-4cc4-4fec-beff-7336b0965067\",\"enhancements\":{}}},\"3ae71a2b-35ee-4659-b6b5-c2ea9e1ab609\":{\"order\":1,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"observer.name\",\"title\":\"Observer name\",\"id\":\"3ae71a2b-35ee-4659-b6b5-c2ea9e1ab609\",\"enhancements\":{}}}}" }, - "panelIndex": "dfcf4383-4ce2-42a2-b0a9-a48dbf39db64", - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "formBased": { - "layers": { - "454630b2-cff5-45ab-9cfc-ec19c5aeb97a": { - "columnOrder": [ - "fe432a5c-5813-4a13-948e-ea6d83ec8c40", - "fe432a5c-5813-4a13-948e-ea6d83ec8c40X0" - ], - "columns": { - "fe432a5c-5813-4a13-948e-ea6d83ec8c40": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Unique Source IPs", - "operationType": "formula", - "params": { - "formula": "unique_count(source.ip)", - "isFormulaBroken": false - }, - "references": [ - "fe432a5c-5813-4a13-948e-ea6d83ec8c40X0" - ], - "scale": "ratio" + "description": "Dashboard providing statistics about alerts ingested from Azure Firewall Network Rule Log events.", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" }, - "fe432a5c-5813-4a13-948e-ea6d83ec8c40X0": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Part of unique_count(source.ip)", - "operationType": "unique_count", - "scale": "ratio", - "sourceField": "source.ip" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "accessor": "fe432a5c-5813-4a13-948e-ea6d83ec8c40", - "layerId": "454630b2-cff5-45ab-9cfc-ec19c5aeb97a", - "layerType": "data", - "textAlign": "center", - "titlePosition": "bottom", - "size": "xl" - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsLegacyMetric" - }, - "enhancements": {}, - "hidePanelTitles": false, - "type": "lens" - }, - "title": "Unique Source IPs" - }, - { - "version": "8.6.0", - "type": "lens", - "gridData": { - "h": 7, - "i": "4c85d573-baea-49ca-bb9e-4013a0373da7", - "w": 6, - "x": 30, - "y": 7 - }, - "panelIndex": "4c85d573-baea-49ca-bb9e-4013a0373da7", - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "formBased": { - "layers": { - "454630b2-cff5-45ab-9cfc-ec19c5aeb97a": { - "columnOrder": [ - "fe432a5c-5813-4a13-948e-ea6d83ec8c40", - "fe432a5c-5813-4a13-948e-ea6d83ec8c40X0" - ], - "columns": { - "fe432a5c-5813-4a13-948e-ea6d83ec8c40": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Unique Destination IPs", - "operationType": "formula", - "params": { - "formula": "unique_count(destination.ip)", - "isFormulaBroken": false - }, - "references": [ - "fe432a5c-5813-4a13-948e-ea6d83ec8c40X0" - ], - "scale": "ratio" + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "azure.firewall_logs" + }, + "type": "phrase" }, - "fe432a5c-5813-4a13-948e-ea6d83ec8c40X0": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Part of Unique Source IPs", - "operationType": "unique_count", - "scale": "ratio", - "sourceField": "destination.ip" + "query": { + "match_phrase": { + "data_stream.dataset": "azure.firewall_logs" + } } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "accessor": "fe432a5c-5813-4a13-948e-ea6d83ec8c40", - "layerId": "454630b2-cff5-45ab-9cfc-ec19c5aeb97a", - "layerType": "data", - "textAlign": "center", - "titlePosition": "bottom", - "size": "xl" - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsLegacyMetric" - }, - "enhancements": {}, - "hidePanelTitles": false, - "type": "lens" - }, - "title": "Unique Destination IPs" - }, - { - "version": "8.6.0", - "type": "lens", - "gridData": { - "h": 7, - "i": "b0b8c30c-2096-49ee-95b3-9adbf27808e5", - "w": 6, - "x": 36, - "y": 0 - }, - "panelIndex": "b0b8c30c-2096-49ee-95b3-9adbf27808e5", - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "formBased": { - "layers": { - "454630b2-cff5-45ab-9cfc-ec19c5aeb97a": { - "columnOrder": [ - "fe432a5c-5813-4a13-948e-ea6d83ec8c40", - "fe432a5c-5813-4a13-948e-ea6d83ec8c40X0" - ], - "columns": { - "fe432a5c-5813-4a13-948e-ea6d83ec8c40": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Unique Source Countries", - "operationType": "formula", - "params": { - "formula": "unique_count(source.geo.country_name)", - "isFormulaBroken": false - }, - "references": [ - "fe432a5c-5813-4a13-948e-ea6d83ec8c40X0" - ], - "scale": "ratio" + }, + { + "$state": { + "store": "appState" }, - "fe432a5c-5813-4a13-948e-ea6d83ec8c40X0": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Part of Unique Source IPs", - "operationType": "unique_count", - "scale": "ratio", - "sourceField": "source.geo.country_name" + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "azure.firewall.operation_name", + "negate": false, + "params": { + "query": "AzureFirewallNetworkRuleLog" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "azure.firewall.operation_name": "AzureFirewallNetworkRuleLog" + } } - }, - "incompleteColumns": {} } - } + ], + "query": { + "language": "kuery", + "query": "" } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "accessor": "fe432a5c-5813-4a13-948e-ea6d83ec8c40", - "layerId": "454630b2-cff5-45ab-9cfc-ec19c5aeb97a", - "layerType": "data", - "textAlign": "center", - "titlePosition": "bottom", - "size": "xl" - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsLegacyMetric" - }, - "enhancements": {}, - "hidePanelTitles": false, - "type": "lens" + } }, - "title": "Unique Source Countries" - }, - { - "version": "8.6.0", - "type": "lens", - "gridData": { - "h": 7, - "i": "e0be3094-1544-4c59-858c-05320b57c3a7", - "w": 6, - "x": 36, - "y": 7 + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "useMargins": true }, - "panelIndex": "e0be3094-1544-4c59-858c-05320b57c3a7", - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "formBased": { - "layers": { - "454630b2-cff5-45ab-9cfc-ec19c5aeb97a": { - "columnOrder": [ - "fe432a5c-5813-4a13-948e-ea6d83ec8c40", - "fe432a5c-5813-4a13-948e-ea6d83ec8c40X0" - ], - "columns": { - "fe432a5c-5813-4a13-948e-ea6d83ec8c40": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Unique Destination Countries", - "operationType": "formula", - "params": { - "formula": "unique_count(destination.geo.country_name)", - "isFormulaBroken": false - }, - "references": [ - "fe432a5c-5813-4a13-948e-ea6d83ec8c40X0" - ], - "scale": "ratio" + "panelsJSON": [ + { + "version": "8.6.0", + "type": "visualization", + "gridData": { + "h": 14, + "i": "258f7245-5011-4f03-bcd3-cada0180dc7a", + "w": 18, + "x": 0, + "y": 0 + }, + "panelIndex": "258f7245-5011-4f03-bcd3-cada0180dc7a", + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } }, - "fe432a5c-5813-4a13-948e-ea6d83ec8c40X0": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Part of Unique Source Countries", - "operationType": "unique_count", - "scale": "ratio", - "sourceField": "destination.geo.country_name" - } - }, - "incompleteColumns": {} - } - } + "description": "", + "id": "", + "params": { + "fontSize": 12, + "markdown": "**Navigation**\n\n[Overview](/app/dashboards#/view/azure-280493a0-f1a1-11ec-a5a8-bf965bcd5646) \n**[Network Rule Logs (This Page)](/app/dashboards#/view/azure-91224490-f1a6-11ec-a5a8-bf965bcd5646)** \n[Network NAT Rule Logs](/app/dashboards#/view/azure-8731b980-f1aa-11ec-a5a8-bf965bcd5646) \n[Application Rule Logs](/app/dashboards#/view/azure-1e5c9b50-f24a-11ec-a5a8-bf965bcd5646) \n[DNS Proxy Logs](/app/dashboards#/view/azure-cad82b40-f251-11ec-a5a8-bf965bcd5646)\n\n[Integrations Page](/app/integrations/detail/azure/overview?integration=firewall_logs) \n\n**Overview**\n\nThis dashboard provides an overall view of Azure Firewall Network Rule Log events.", + "openLinksInNewTab": false + }, + "title": "", + "type": "markdown", + "uiState": {} + }, + "type": "visualization" } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "accessor": "fe432a5c-5813-4a13-948e-ea6d83ec8c40", - "layerId": "454630b2-cff5-45ab-9cfc-ec19c5aeb97a", - "layerType": "data", - "textAlign": "center", - "titlePosition": "bottom", - "size": "xl" - } }, - "title": "", - "type": "lens", - "visualizationType": "lnsLegacyMetric" - }, - "enhancements": {}, - "hidePanelTitles": false, - "type": "lens" - }, - "title": "Unique Destination Countries" - }, - { - "version": "8.6.0", - "type": "lens", - "gridData": { - "h": 7, - "i": "673dd2b3-e271-4ad9-9b86-83e4e1070647", - "w": 6, - "x": 42, - "y": 0 - }, - "panelIndex": "673dd2b3-e271-4ad9-9b86-83e4e1070647", - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "formBased": { - "layers": { - "454630b2-cff5-45ab-9cfc-ec19c5aeb97a": { - "columnOrder": [ - "fe432a5c-5813-4a13-948e-ea6d83ec8c40", - "fe432a5c-5813-4a13-948e-ea6d83ec8c40X0" - ], - "columns": { - "fe432a5c-5813-4a13-948e-ea6d83ec8c40": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Unique Network Protocols", - "operationType": "formula", - "params": { - "formula": "unique_count(network.protocol)", - "isFormulaBroken": false - }, - "references": [ - "fe432a5c-5813-4a13-948e-ea6d83ec8c40X0" - ], - "scale": "ratio" + { + "version": "8.6.0", + "type": "lens", + "gridData": { + "h": 7, + "i": "dfcf4383-4ce2-42a2-b0a9-a48dbf39db64", + "w": 6, + "x": 30, + "y": 0 + }, + "panelIndex": "dfcf4383-4ce2-42a2-b0a9-a48dbf39db64", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "formBased": { + "layers": { + "454630b2-cff5-45ab-9cfc-ec19c5aeb97a": { + "columnOrder": [ + "fe432a5c-5813-4a13-948e-ea6d83ec8c40", + "fe432a5c-5813-4a13-948e-ea6d83ec8c40X0" + ], + "columns": { + "fe432a5c-5813-4a13-948e-ea6d83ec8c40": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Unique Source IPs", + "operationType": "formula", + "params": { + "formula": "unique_count(source.ip)", + "isFormulaBroken": false + }, + "references": [ + "fe432a5c-5813-4a13-948e-ea6d83ec8c40X0" + ], + "scale": "ratio" + }, + "fe432a5c-5813-4a13-948e-ea6d83ec8c40X0": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Part of unique_count(source.ip)", + "operationType": "unique_count", + "scale": "ratio", + "sourceField": "source.ip" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "accessor": "fe432a5c-5813-4a13-948e-ea6d83ec8c40", + "layerId": "454630b2-cff5-45ab-9cfc-ec19c5aeb97a", + "layerType": "data", + "textAlign": "center", + "titlePosition": "bottom", + "size": "xl" + } }, - "fe432a5c-5813-4a13-948e-ea6d83ec8c40X0": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Part of Unique Rules", - "operationType": "unique_count", - "scale": "ratio", - "sourceField": "network.protocol" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "accessor": "fe432a5c-5813-4a13-948e-ea6d83ec8c40", - "layerId": "454630b2-cff5-45ab-9cfc-ec19c5aeb97a", - "layerType": "data", - "textAlign": "center", - "titlePosition": "bottom", - "size": "xl" - } + "title": "", + "type": "lens", + "visualizationType": "lnsLegacyMetric" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" + }, + "title": "Unique Source IPs" }, - "title": "", - "type": "lens", - "visualizationType": "lnsLegacyMetric" - }, - "enhancements": {}, - "hidePanelTitles": false, - "type": "lens" - }, - "title": "Unique Network Protocols" - }, - { - "version": "8.6.0", - "type": "lens", - "gridData": { - "h": 14, - "i": "ce8caf3c-c830-4500-a4bf-66a9f354cd49", - "w": 12, - "x": 18, - "y": 0 - }, - "panelIndex": "ce8caf3c-c830-4500-a4bf-66a9f354cd49", - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "formBased": { - "layers": { - "a5c93c96-5038-49e1-acca-2e876257c059": { - "columnOrder": [ - "b2d72986-1818-4a93-9155-2a66cd00eca4", - "e1f00395-a8a7-42c9-9ce1-a20ec14edf63" - ], - "columns": { - "b2d72986-1818-4a93-9155-2a66cd00eca4": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Firewall", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "e1f00395-a8a7-42c9-9ce1-a20ec14edf63", - "type": "column" + { + "version": "8.6.0", + "type": "lens", + "gridData": { + "h": 7, + "i": "4c85d573-baea-49ca-bb9e-4013a0373da7", + "w": 6, + "x": 30, + "y": 7 + }, + "panelIndex": "4c85d573-baea-49ca-bb9e-4013a0373da7", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "observer.name" + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "formBased": { + "layers": { + "454630b2-cff5-45ab-9cfc-ec19c5aeb97a": { + "columnOrder": [ + "fe432a5c-5813-4a13-948e-ea6d83ec8c40", + "fe432a5c-5813-4a13-948e-ea6d83ec8c40X0" + ], + "columns": { + "fe432a5c-5813-4a13-948e-ea6d83ec8c40": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Unique Destination IPs", + "operationType": "formula", + "params": { + "formula": "unique_count(destination.ip)", + "isFormulaBroken": false + }, + "references": [ + "fe432a5c-5813-4a13-948e-ea6d83ec8c40X0" + ], + "scale": "ratio" + }, + "fe432a5c-5813-4a13-948e-ea6d83ec8c40X0": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Part of Unique Source IPs", + "operationType": "unique_count", + "scale": "ratio", + "sourceField": "destination.ip" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "accessor": "fe432a5c-5813-4a13-948e-ea6d83ec8c40", + "layerId": "454630b2-cff5-45ab-9cfc-ec19c5aeb97a", + "layerType": "data", + "textAlign": "center", + "titlePosition": "bottom", + "size": "xl" + } }, - "e1f00395-a8a7-42c9-9ce1-a20ec14edf63": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "scale": "ratio", - "sourceField": "___records___" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "columns": [ - { - "columnId": "b2d72986-1818-4a93-9155-2a66cd00eca4", - "isTransposed": false - }, - { - "columnId": "e1f00395-a8a7-42c9-9ce1-a20ec14edf63", - "isTransposed": false - } - ], - "layerId": "a5c93c96-5038-49e1-acca-2e876257c059", - "layerType": "data", - "rowHeight": "single", - "rowHeightLines": 1 - } + "title": "", + "type": "lens", + "visualizationType": "lnsLegacyMetric" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" + }, + "title": "Unique Destination IPs" }, - "title": "", - "type": "lens", - "visualizationType": "lnsDatatable" - }, - "enhancements": {}, - "hidePanelTitles": false, - "type": "lens" - }, - "title": "Top Event Generating Firewalls" - }, - { - "version": "8.6.0", - "type": "lens", - "gridData": { - "h": 15, - "i": "2148efa5-f130-4751-909d-6a79eed2e16b", - "w": 16, - "x": 0, - "y": 14 - }, - "panelIndex": "2148efa5-f130-4751-909d-6a79eed2e16b", - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-77c8c7dc-b073-4d7c-8403-b25ee4647152", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "formBased": { - "layers": { - "77c8c7dc-b073-4d7c-8403-b25ee4647152": { - "columnOrder": [ - "f49ff962-9e8a-4170-a0d8-54cee9438651", - "0e88e9b7-a2b1-4634-95c1-a7d38dce70a6" - ], - "columns": { - "0e88e9b7-a2b1-4634-95c1-a7d38dce70a6": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "scale": "ratio", - "sourceField": "___records___" + { + "version": "8.6.0", + "type": "lens", + "gridData": { + "h": 7, + "i": "b0b8c30c-2096-49ee-95b3-9adbf27808e5", + "w": 6, + "x": 36, + "y": 0 + }, + "panelIndex": "b0b8c30c-2096-49ee-95b3-9adbf27808e5", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "formBased": { + "layers": { + "454630b2-cff5-45ab-9cfc-ec19c5aeb97a": { + "columnOrder": [ + "fe432a5c-5813-4a13-948e-ea6d83ec8c40", + "fe432a5c-5813-4a13-948e-ea6d83ec8c40X0" + ], + "columns": { + "fe432a5c-5813-4a13-948e-ea6d83ec8c40": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Unique Source Countries", + "operationType": "formula", + "params": { + "formula": "unique_count(source.geo.country_name)", + "isFormulaBroken": false + }, + "references": [ + "fe432a5c-5813-4a13-948e-ea6d83ec8c40X0" + ], + "scale": "ratio" + }, + "fe432a5c-5813-4a13-948e-ea6d83ec8c40X0": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Part of Unique Source IPs", + "operationType": "unique_count", + "scale": "ratio", + "sourceField": "source.geo.country_name" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "accessor": "fe432a5c-5813-4a13-948e-ea6d83ec8c40", + "layerId": "454630b2-cff5-45ab-9cfc-ec19c5aeb97a", + "layerType": "data", + "textAlign": "center", + "titlePosition": "bottom", + "size": "xl" + } }, - "f49ff962-9e8a-4170-a0d8-54cee9438651": { - "dataType": "string", - "isBucketed": true, - "label": "Top values of source.geo.country_name", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "0e88e9b7-a2b1-4634-95c1-a7d38dce70a6", - "type": "column" + "title": "", + "type": "lens", + "visualizationType": "lnsLegacyMetric" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" + }, + "title": "Unique Source Countries" + }, + { + "version": "8.6.0", + "type": "lens", + "gridData": { + "h": 7, + "i": "e0be3094-1544-4c59-858c-05320b57c3a7", + "w": 6, + "x": 36, + "y": 7 + }, + "panelIndex": "e0be3094-1544-4c59-858c-05320b57c3a7", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "source.geo.country_name" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "layerId": "77c8c7dc-b073-4d7c-8403-b25ee4647152", - "layerType": "data", - "legendDisplay": "default", - "nestedLegend": false, - "numberDisplay": "percent", - "legendSize": "auto", - "primaryGroups": [ - "f49ff962-9e8a-4170-a0d8-54cee9438651" - ], - "metrics": [ - "0e88e9b7-a2b1-4634-95c1-a7d38dce70a6" - ] - } - ], - "shape": "pie" - } + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "formBased": { + "layers": { + "454630b2-cff5-45ab-9cfc-ec19c5aeb97a": { + "columnOrder": [ + "fe432a5c-5813-4a13-948e-ea6d83ec8c40", + "fe432a5c-5813-4a13-948e-ea6d83ec8c40X0" + ], + "columns": { + "fe432a5c-5813-4a13-948e-ea6d83ec8c40": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Unique Destination Countries", + "operationType": "formula", + "params": { + "formula": "unique_count(destination.geo.country_name)", + "isFormulaBroken": false + }, + "references": [ + "fe432a5c-5813-4a13-948e-ea6d83ec8c40X0" + ], + "scale": "ratio" + }, + "fe432a5c-5813-4a13-948e-ea6d83ec8c40X0": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Part of Unique Source Countries", + "operationType": "unique_count", + "scale": "ratio", + "sourceField": "destination.geo.country_name" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "accessor": "fe432a5c-5813-4a13-948e-ea6d83ec8c40", + "layerId": "454630b2-cff5-45ab-9cfc-ec19c5aeb97a", + "layerType": "data", + "textAlign": "center", + "titlePosition": "bottom", + "size": "xl" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsLegacyMetric" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" + }, + "title": "Unique Destination Countries" }, - "title": "", - "type": "lens", - "visualizationType": "lnsPie" - }, - "enhancements": {}, - "hidePanelTitles": false, - "type": "lens" - }, - "title": "Top Source Countries" - }, - { - "version": "8.6.0", - "type": "lens", - "gridData": { - "h": 15, - "i": "6790d45f-4fa9-4a70-b0e1-a3e10682c852", - "w": 16, - "x": 16, - "y": 14 - }, - "panelIndex": "6790d45f-4fa9-4a70-b0e1-a3e10682c852", - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-77c8c7dc-b073-4d7c-8403-b25ee4647152", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "formBased": { - "layers": { - "77c8c7dc-b073-4d7c-8403-b25ee4647152": { - "columnOrder": [ - "f49ff962-9e8a-4170-a0d8-54cee9438651", - "0e88e9b7-a2b1-4634-95c1-a7d38dce70a6" - ], - "columns": { - "0e88e9b7-a2b1-4634-95c1-a7d38dce70a6": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "scale": "ratio", - "sourceField": "___records___" + { + "version": "8.6.0", + "type": "lens", + "gridData": { + "h": 7, + "i": "673dd2b3-e271-4ad9-9b86-83e4e1070647", + "w": 6, + "x": 42, + "y": 0 + }, + "panelIndex": "673dd2b3-e271-4ad9-9b86-83e4e1070647", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "formBased": { + "layers": { + "454630b2-cff5-45ab-9cfc-ec19c5aeb97a": { + "columnOrder": [ + "fe432a5c-5813-4a13-948e-ea6d83ec8c40", + "fe432a5c-5813-4a13-948e-ea6d83ec8c40X0" + ], + "columns": { + "fe432a5c-5813-4a13-948e-ea6d83ec8c40": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Unique Network Protocols", + "operationType": "formula", + "params": { + "formula": "unique_count(network.protocol)", + "isFormulaBroken": false + }, + "references": [ + "fe432a5c-5813-4a13-948e-ea6d83ec8c40X0" + ], + "scale": "ratio" + }, + "fe432a5c-5813-4a13-948e-ea6d83ec8c40X0": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Part of Unique Rules", + "operationType": "unique_count", + "scale": "ratio", + "sourceField": "network.protocol" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "accessor": "fe432a5c-5813-4a13-948e-ea6d83ec8c40", + "layerId": "454630b2-cff5-45ab-9cfc-ec19c5aeb97a", + "layerType": "data", + "textAlign": "center", + "titlePosition": "bottom", + "size": "xl" + } }, - "f49ff962-9e8a-4170-a0d8-54cee9438651": { - "dataType": "string", - "isBucketed": true, - "label": "Top values of destination.geo.country_name", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "0e88e9b7-a2b1-4634-95c1-a7d38dce70a6", - "type": "column" + "title": "", + "type": "lens", + "visualizationType": "lnsLegacyMetric" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" + }, + "title": "Unique Network Protocols" + }, + { + "version": "8.6.0", + "type": "lens", + "gridData": { + "h": 14, + "i": "ce8caf3c-c830-4500-a4bf-66a9f354cd49", + "w": 12, + "x": 18, + "y": 0 + }, + "panelIndex": "ce8caf3c-c830-4500-a4bf-66a9f354cd49", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "destination.geo.country_name" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "layerId": "77c8c7dc-b073-4d7c-8403-b25ee4647152", - "layerType": "data", - "legendDisplay": "default", - "nestedLegend": false, - "numberDisplay": "percent", - "legendSize": "auto", - "primaryGroups": [ - "f49ff962-9e8a-4170-a0d8-54cee9438651" - ], - "metrics": [ - "0e88e9b7-a2b1-4634-95c1-a7d38dce70a6" - ] - } - ], - "shape": "pie" - } + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "formBased": { + "layers": { + "a5c93c96-5038-49e1-acca-2e876257c059": { + "columnOrder": [ + "b2d72986-1818-4a93-9155-2a66cd00eca4", + "e1f00395-a8a7-42c9-9ce1-a20ec14edf63" + ], + "columns": { + "b2d72986-1818-4a93-9155-2a66cd00eca4": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Firewall", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "e1f00395-a8a7-42c9-9ce1-a20ec14edf63", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "observer.name" + }, + "e1f00395-a8a7-42c9-9ce1-a20ec14edf63": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "columnId": "b2d72986-1818-4a93-9155-2a66cd00eca4", + "isTransposed": false + }, + { + "columnId": "e1f00395-a8a7-42c9-9ce1-a20ec14edf63", + "isTransposed": false + } + ], + "layerId": "a5c93c96-5038-49e1-acca-2e876257c059", + "layerType": "data", + "rowHeight": "single", + "rowHeightLines": 1 + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" + }, + "title": "Top Event Generating Firewalls" }, - "title": "", - "type": "lens", - "visualizationType": "lnsPie" - }, - "enhancements": {}, - "hidePanelTitles": false, - "type": "lens" - }, - "title": "Top Destination Countries" - }, - { - "version": "8.6.0", - "type": "lens", - "gridData": { - "h": 15, - "i": "f7c1e866-ba0d-45af-95bf-2736901431dc", - "w": 16, - "x": 32, - "y": 14 - }, - "panelIndex": "f7c1e866-ba0d-45af-95bf-2736901431dc", - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-77c8c7dc-b073-4d7c-8403-b25ee4647152", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "formBased": { - "layers": { - "77c8c7dc-b073-4d7c-8403-b25ee4647152": { - "columnOrder": [ - "9367ad41-b48b-438e-b4d8-2c3f85aff052", - "76f26815-f13c-4273-b52f-7c25247f2b0d", - "0e88e9b7-a2b1-4634-95c1-a7d38dce70a6" - ], - "columns": { - "0e88e9b7-a2b1-4634-95c1-a7d38dce70a6": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "scale": "ratio", - "sourceField": "___records___" + { + "version": "8.6.0", + "type": "lens", + "gridData": { + "h": 15, + "i": "2148efa5-f130-4751-909d-6a79eed2e16b", + "w": 16, + "x": 0, + "y": 14 + }, + "panelIndex": "2148efa5-f130-4751-909d-6a79eed2e16b", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-77c8c7dc-b073-4d7c-8403-b25ee4647152", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "formBased": { + "layers": { + "77c8c7dc-b073-4d7c-8403-b25ee4647152": { + "columnOrder": [ + "f49ff962-9e8a-4170-a0d8-54cee9438651", + "0e88e9b7-a2b1-4634-95c1-a7d38dce70a6" + ], + "columns": { + "0e88e9b7-a2b1-4634-95c1-a7d38dce70a6": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "scale": "ratio", + "sourceField": "___records___" + }, + "f49ff962-9e8a-4170-a0d8-54cee9438651": { + "dataType": "string", + "isBucketed": true, + "label": "Top values of source.geo.country_name", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "0e88e9b7-a2b1-4634-95c1-a7d38dce70a6", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "source.geo.country_name" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "layerId": "77c8c7dc-b073-4d7c-8403-b25ee4647152", + "layerType": "data", + "legendDisplay": "default", + "nestedLegend": false, + "numberDisplay": "percent", + "legendSize": "auto", + "primaryGroups": [ + "f49ff962-9e8a-4170-a0d8-54cee9438651" + ], + "metrics": [ + "0e88e9b7-a2b1-4634-95c1-a7d38dce70a6" + ] + } + ], + "shape": "pie" + } }, - "76f26815-f13c-4273-b52f-7c25247f2b0d": { - "dataType": "string", - "isBucketed": true, - "label": "Top values of network.protocol", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "0e88e9b7-a2b1-4634-95c1-a7d38dce70a6", - "type": "column" + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" + }, + "title": "Top Source Countries" + }, + { + "version": "8.6.0", + "type": "lens", + "gridData": { + "h": 15, + "i": "6790d45f-4fa9-4a70-b0e1-a3e10682c852", + "w": 16, + "x": 16, + "y": 14 + }, + "panelIndex": "6790d45f-4fa9-4a70-b0e1-a3e10682c852", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-77c8c7dc-b073-4d7c-8403-b25ee4647152", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "formBased": { + "layers": { + "77c8c7dc-b073-4d7c-8403-b25ee4647152": { + "columnOrder": [ + "f49ff962-9e8a-4170-a0d8-54cee9438651", + "0e88e9b7-a2b1-4634-95c1-a7d38dce70a6" + ], + "columns": { + "0e88e9b7-a2b1-4634-95c1-a7d38dce70a6": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "scale": "ratio", + "sourceField": "___records___" + }, + "f49ff962-9e8a-4170-a0d8-54cee9438651": { + "dataType": "string", + "isBucketed": true, + "label": "Top values of destination.geo.country_name", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "0e88e9b7-a2b1-4634-95c1-a7d38dce70a6", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "destination.geo.country_name" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "network.protocol" + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "layerId": "77c8c7dc-b073-4d7c-8403-b25ee4647152", + "layerType": "data", + "legendDisplay": "default", + "nestedLegend": false, + "numberDisplay": "percent", + "legendSize": "auto", + "primaryGroups": [ + "f49ff962-9e8a-4170-a0d8-54cee9438651" + ], + "metrics": [ + "0e88e9b7-a2b1-4634-95c1-a7d38dce70a6" + ] + } + ], + "shape": "pie" + } }, - "9367ad41-b48b-438e-b4d8-2c3f85aff052": { - "dataType": "string", - "isBucketed": true, - "label": "Top values of network.transport", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "0e88e9b7-a2b1-4634-95c1-a7d38dce70a6", - "type": "column" + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" + }, + "title": "Top Destination Countries" + }, + { + "version": "8.6.0", + "type": "lens", + "gridData": { + "h": 15, + "i": "f7c1e866-ba0d-45af-95bf-2736901431dc", + "w": 16, + "x": 32, + "y": 14 + }, + "panelIndex": "f7c1e866-ba0d-45af-95bf-2736901431dc", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "orderDirection": "desc", - "otherBucket": true, - "size": 3 - }, - "scale": "ordinal", - "sourceField": "network.transport" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "layers": [ - { - "categoryDisplay": "default", - "layerId": "77c8c7dc-b073-4d7c-8403-b25ee4647152", - "layerType": "data", - "legendDisplay": "default", - "nestedLegend": false, - "numberDisplay": "percent", - "legendSize": "auto", - "primaryGroups": [ - "76f26815-f13c-4273-b52f-7c25247f2b0d", - "76f26815-f13c-4273-b52f-7c25247f2b0d", - "9367ad41-b48b-438e-b4d8-2c3f85aff052", - "76f26815-f13c-4273-b52f-7c25247f2b0d", - "76f26815-f13c-4273-b52f-7c25247f2b0d", - "76f26815-f13c-4273-b52f-7c25247f2b0d" - ], - "metrics": [ - "0e88e9b7-a2b1-4634-95c1-a7d38dce70a6" - ] - } - ], - "shape": "donut" - } + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-77c8c7dc-b073-4d7c-8403-b25ee4647152", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "formBased": { + "layers": { + "77c8c7dc-b073-4d7c-8403-b25ee4647152": { + "columnOrder": [ + "9367ad41-b48b-438e-b4d8-2c3f85aff052", + "76f26815-f13c-4273-b52f-7c25247f2b0d", + "0e88e9b7-a2b1-4634-95c1-a7d38dce70a6" + ], + "columns": { + "0e88e9b7-a2b1-4634-95c1-a7d38dce70a6": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "scale": "ratio", + "sourceField": "___records___" + }, + "76f26815-f13c-4273-b52f-7c25247f2b0d": { + "dataType": "string", + "isBucketed": true, + "label": "Top values of network.protocol", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "0e88e9b7-a2b1-4634-95c1-a7d38dce70a6", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "network.protocol" + }, + "9367ad41-b48b-438e-b4d8-2c3f85aff052": { + "dataType": "string", + "isBucketed": true, + "label": "Top values of network.transport", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "0e88e9b7-a2b1-4634-95c1-a7d38dce70a6", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 3 + }, + "scale": "ordinal", + "sourceField": "network.transport" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "layers": [ + { + "categoryDisplay": "default", + "layerId": "77c8c7dc-b073-4d7c-8403-b25ee4647152", + "layerType": "data", + "legendDisplay": "default", + "nestedLegend": false, + "numberDisplay": "percent", + "legendSize": "auto", + "primaryGroups": [ + "76f26815-f13c-4273-b52f-7c25247f2b0d", + "76f26815-f13c-4273-b52f-7c25247f2b0d", + "9367ad41-b48b-438e-b4d8-2c3f85aff052", + "76f26815-f13c-4273-b52f-7c25247f2b0d", + "76f26815-f13c-4273-b52f-7c25247f2b0d", + "76f26815-f13c-4273-b52f-7c25247f2b0d" + ], + "metrics": [ + "0e88e9b7-a2b1-4634-95c1-a7d38dce70a6" + ] + } + ], + "shape": "donut" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsPie" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" + }, + "title": "Network Protocols and Applications" }, - "title": "", - "type": "lens", - "visualizationType": "lnsPie" - }, - "enhancements": {}, - "hidePanelTitles": false, - "type": "lens" - }, - "title": "Network Protocols and Applications" - }, - { - "version": "8.6.0", - "type": "lens", - "gridData": { - "h": 11, - "i": "9609e04b-0043-4b3a-a31b-a2461c1e3dcb", - "w": 16, - "x": 0, - "y": 29 - }, - "panelIndex": "9609e04b-0043-4b3a-a31b-a2461c1e3dcb", - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "formBased": { - "layers": { - "a5c93c96-5038-49e1-acca-2e876257c059": { - "columnOrder": [ - "63e483b4-0ce2-4f05-92a2-8e699650d64c", - "915adad5-4455-40d4-a9cd-0702da79189c" - ], - "columns": { - "63e483b4-0ce2-4f05-92a2-8e699650d64c": { - "customLabel": true, - "dataType": "ip", - "isBucketed": true, - "label": "Source IP", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "915adad5-4455-40d4-a9cd-0702da79189c", - "type": "column" + { + "version": "8.6.0", + "type": "lens", + "gridData": { + "h": 11, + "i": "9609e04b-0043-4b3a-a31b-a2461c1e3dcb", + "w": 16, + "x": 0, + "y": 29 + }, + "panelIndex": "9609e04b-0043-4b3a-a31b-a2461c1e3dcb", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "formBased": { + "layers": { + "a5c93c96-5038-49e1-acca-2e876257c059": { + "columnOrder": [ + "63e483b4-0ce2-4f05-92a2-8e699650d64c", + "915adad5-4455-40d4-a9cd-0702da79189c" + ], + "columns": { + "63e483b4-0ce2-4f05-92a2-8e699650d64c": { + "customLabel": true, + "dataType": "ip", + "isBucketed": true, + "label": "Source IP", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "915adad5-4455-40d4-a9cd-0702da79189c", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "source.ip" + }, + "915adad5-4455-40d4-a9cd-0702da79189c": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + } }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "source.ip" + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "columnId": "915adad5-4455-40d4-a9cd-0702da79189c", + "isTransposed": false + }, + { + "columnId": "63e483b4-0ce2-4f05-92a2-8e699650d64c", + "isTransposed": false + } + ], + "layerId": "a5c93c96-5038-49e1-acca-2e876257c059", + "layerType": "data", + "rowHeight": "single", + "rowHeightLines": 1 + } }, - "915adad5-4455-40d4-a9cd-0702da79189c": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "scale": "ratio", - "sourceField": "___records___" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "columns": [ - { - "columnId": "915adad5-4455-40d4-a9cd-0702da79189c", - "isTransposed": false - }, - { - "columnId": "63e483b4-0ce2-4f05-92a2-8e699650d64c", - "isTransposed": false - } - ], - "layerId": "a5c93c96-5038-49e1-acca-2e876257c059", - "layerType": "data", - "rowHeight": "single", - "rowHeightLines": 1 - } + "title": "", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" + }, + "title": "Top Event Source IPs" }, - "title": "", - "type": "lens", - "visualizationType": "lnsDatatable" - }, - "enhancements": {}, - "hidePanelTitles": false, - "type": "lens" - }, - "title": "Top Event Source IPs" - }, - { - "version": "8.6.0", - "type": "lens", - "gridData": { - "h": 11, - "i": "8a1bd282-e360-473d-b26d-e73f2b470c81", - "w": 16, - "x": 16, - "y": 29 - }, - "panelIndex": "8a1bd282-e360-473d-b26d-e73f2b470c81", - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "formBased": { - "layers": { - "a5c93c96-5038-49e1-acca-2e876257c059": { - "columnOrder": [ - "63e483b4-0ce2-4f05-92a2-8e699650d64c", - "915adad5-4455-40d4-a9cd-0702da79189c" - ], - "columns": { - "63e483b4-0ce2-4f05-92a2-8e699650d64c": { - "customLabel": true, - "dataType": "ip", - "isBucketed": true, - "label": "Destination IP", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "915adad5-4455-40d4-a9cd-0702da79189c", - "type": "column" + { + "version": "8.6.0", + "type": "lens", + "gridData": { + "h": 11, + "i": "8a1bd282-e360-473d-b26d-e73f2b470c81", + "w": 16, + "x": 16, + "y": 29 + }, + "panelIndex": "8a1bd282-e360-473d-b26d-e73f2b470c81", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "formBased": { + "layers": { + "a5c93c96-5038-49e1-acca-2e876257c059": { + "columnOrder": [ + "63e483b4-0ce2-4f05-92a2-8e699650d64c", + "915adad5-4455-40d4-a9cd-0702da79189c" + ], + "columns": { + "63e483b4-0ce2-4f05-92a2-8e699650d64c": { + "customLabel": true, + "dataType": "ip", + "isBucketed": true, + "label": "Destination IP", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "915adad5-4455-40d4-a9cd-0702da79189c", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "destination.ip" + }, + "915adad5-4455-40d4-a9cd-0702da79189c": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "destination.ip" + "visualization": { + "columns": [ + { + "columnId": "915adad5-4455-40d4-a9cd-0702da79189c", + "isTransposed": false + }, + { + "columnId": "63e483b4-0ce2-4f05-92a2-8e699650d64c", + "isTransposed": false + } + ], + "layerId": "a5c93c96-5038-49e1-acca-2e876257c059", + "layerType": "data", + "rowHeight": "single", + "rowHeightLines": 1 + } }, - "915adad5-4455-40d4-a9cd-0702da79189c": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "scale": "ratio", - "sourceField": "___records___" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "columns": [ - { - "columnId": "915adad5-4455-40d4-a9cd-0702da79189c", - "isTransposed": false - }, - { - "columnId": "63e483b4-0ce2-4f05-92a2-8e699650d64c", - "isTransposed": false - } - ], - "layerId": "a5c93c96-5038-49e1-acca-2e876257c059", - "layerType": "data", - "rowHeight": "single", - "rowHeightLines": 1 - } + "title": "", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" + }, + "title": "Top Event Destination IPs" }, - "title": "", - "type": "lens", - "visualizationType": "lnsDatatable" - }, - "enhancements": {}, - "hidePanelTitles": false, - "type": "lens" - }, - "title": "Top Event Destination IPs" - }, - { - "version": "8.6.0", - "type": "lens", - "gridData": { - "h": 11, - "i": "3b9a2a5f-1226-415c-88d5-21496508d060", - "w": 16, - "x": 32, - "y": 29 - }, - "panelIndex": "3b9a2a5f-1226-415c-88d5-21496508d060", - "embeddableConfig": { - "attributes": { - "references": [ - { - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059", - "type": "index-pattern" - } - ], - "state": { - "datasourceStates": { - "formBased": { - "layers": { - "a5c93c96-5038-49e1-acca-2e876257c059": { - "columnOrder": [ - "71a5a0d6-161e-4175-9a34-b25e8cfbf4c0", - "e1f00395-a8a7-42c9-9ce1-a20ec14edf63" - ], - "columns": { - "71a5a0d6-161e-4175-9a34-b25e8cfbf4c0": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Network Protocol", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "e1f00395-a8a7-42c9-9ce1-a20ec14edf63", - "type": "column" + { + "version": "8.6.0", + "type": "lens", + "gridData": { + "h": 11, + "i": "3b9a2a5f-1226-415c-88d5-21496508d060", + "w": 16, + "x": 32, + "y": 29 + }, + "panelIndex": "3b9a2a5f-1226-415c-88d5-21496508d060", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "formBased": { + "layers": { + "a5c93c96-5038-49e1-acca-2e876257c059": { + "columnOrder": [ + "71a5a0d6-161e-4175-9a34-b25e8cfbf4c0", + "e1f00395-a8a7-42c9-9ce1-a20ec14edf63" + ], + "columns": { + "71a5a0d6-161e-4175-9a34-b25e8cfbf4c0": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Network Protocol", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "e1f00395-a8a7-42c9-9ce1-a20ec14edf63", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "network.protocol" + }, + "e1f00395-a8a7-42c9-9ce1-a20ec14edf63": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "network.protocol" + "visualization": { + "columns": [ + { + "columnId": "71a5a0d6-161e-4175-9a34-b25e8cfbf4c0", + "isTransposed": false + }, + { + "columnId": "e1f00395-a8a7-42c9-9ce1-a20ec14edf63", + "isTransposed": false + } + ], + "layerId": "a5c93c96-5038-49e1-acca-2e876257c059", + "layerType": "data", + "rowHeight": "single", + "rowHeightLines": 1 + } }, - "e1f00395-a8a7-42c9-9ce1-a20ec14edf63": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "scale": "ratio", - "sourceField": "___records___" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "columns": [ - { - "columnId": "71a5a0d6-161e-4175-9a34-b25e8cfbf4c0", - "isTransposed": false - }, - { - "columnId": "e1f00395-a8a7-42c9-9ce1-a20ec14edf63", - "isTransposed": false - } - ], - "layerId": "a5c93c96-5038-49e1-acca-2e876257c059", - "layerType": "data", - "rowHeight": "single", - "rowHeightLines": 1 - } + "title": "", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" + }, + "title": "Top Network Protocols" }, - "title": "", - "type": "lens", - "visualizationType": "lnsDatatable" - }, - "enhancements": {}, - "hidePanelTitles": false, - "type": "lens" + { + "version": "7.16.0", + "type": "search", + "gridData": { + "h": 15, + "i": "c469c097-b5bf-4eb9-ba69-c4590ec183a7", + "w": 48, + "x": 0, + "y": 40 + }, + "panelIndex": "c469c097-b5bf-4eb9-ba69-c4590ec183a7", + "embeddableConfig": { + "columns": [ + "observer.name", + "source.ip", + "source.port", + "destination.ip", + "destination.port", + "event.kind", + "event.type" + ], + "enhancements": {} + }, + "panelRefName": "panel_c469c097-b5bf-4eb9-ba69-c4590ec183a7" + } + ], + "timeRestore": false, + "title": "[Logs Azure] Firewall Network Rule Log", + "version": 1 + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "dfcf4383-4ce2-42a2-b0a9-a48dbf39db64:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "dfcf4383-4ce2-42a2-b0a9-a48dbf39db64:indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "4c85d573-baea-49ca-bb9e-4013a0373da7:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "4c85d573-baea-49ca-bb9e-4013a0373da7:indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "b0b8c30c-2096-49ee-95b3-9adbf27808e5:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "b0b8c30c-2096-49ee-95b3-9adbf27808e5:indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "e0be3094-1544-4c59-858c-05320b57c3a7:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "title": "Top Network Protocols" - }, - { - "version": "7.16.0", - "type": "search", - "gridData": { - "h": 15, - "i": "c469c097-b5bf-4eb9-ba69-c4590ec183a7", - "w": 48, - "x": 0, - "y": 40 + { + "id": "logs-*", + "name": "e0be3094-1544-4c59-858c-05320b57c3a7:indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a", + "type": "index-pattern" }, - "panelIndex": "c469c097-b5bf-4eb9-ba69-c4590ec183a7", - "embeddableConfig": { - "columns": [ - "observer.name", - "source.ip", - "source.port", - "destination.ip", - "destination.port", - "event.kind", - "event.type" - ], - "enhancements": {} + { + "id": "logs-*", + "name": "673dd2b3-e271-4ad9-9b86-83e4e1070647:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" }, - "panelRefName": "panel_c469c097-b5bf-4eb9-ba69-c4590ec183a7" - } + { + "id": "logs-*", + "name": "673dd2b3-e271-4ad9-9b86-83e4e1070647:indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "ce8caf3c-c830-4500-a4bf-66a9f354cd49:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "ce8caf3c-c830-4500-a4bf-66a9f354cd49:indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "2148efa5-f130-4751-909d-6a79eed2e16b:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "2148efa5-f130-4751-909d-6a79eed2e16b:indexpattern-datasource-layer-77c8c7dc-b073-4d7c-8403-b25ee4647152", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "6790d45f-4fa9-4a70-b0e1-a3e10682c852:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "6790d45f-4fa9-4a70-b0e1-a3e10682c852:indexpattern-datasource-layer-77c8c7dc-b073-4d7c-8403-b25ee4647152", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "f7c1e866-ba0d-45af-95bf-2736901431dc:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "f7c1e866-ba0d-45af-95bf-2736901431dc:indexpattern-datasource-layer-77c8c7dc-b073-4d7c-8403-b25ee4647152", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "9609e04b-0043-4b3a-a31b-a2461c1e3dcb:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "9609e04b-0043-4b3a-a31b-a2461c1e3dcb:indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "8a1bd282-e360-473d-b26d-e73f2b470c81:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "8a1bd282-e360-473d-b26d-e73f2b470c81:indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "3b9a2a5f-1226-415c-88d5-21496508d060:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "3b9a2a5f-1226-415c-88d5-21496508d060:indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059", + "type": "index-pattern" + }, + { + "id": "azure-70cbce40-f1a7-11ec-a5a8-bf965bcd5646", + "name": "c469c097-b5bf-4eb9-ba69-c4590ec183a7:panel_c469c097-b5bf-4eb9-ba69-c4590ec183a7", + "type": "search" + }, + { + "name": "controlGroup_7cbe886c-4cc4-4fec-beff-7336b0965067:optionsListDataView", + "type": "index-pattern", + "id": "logs-*" + }, + { + "name": "controlGroup_3ae71a2b-35ee-4659-b6b5-c2ea9e1ab609:optionsListDataView", + "type": "index-pattern", + "id": "logs-*" + } ], - "timeRestore": false, - "title": "[Logs Azure] Firewall Network Rule Log", - "version": 1 - }, - "references": [ - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "dfcf4383-4ce2-42a2-b0a9-a48dbf39db64:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "dfcf4383-4ce2-42a2-b0a9-a48dbf39db64:indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "4c85d573-baea-49ca-bb9e-4013a0373da7:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "4c85d573-baea-49ca-bb9e-4013a0373da7:indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "b0b8c30c-2096-49ee-95b3-9adbf27808e5:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "b0b8c30c-2096-49ee-95b3-9adbf27808e5:indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "e0be3094-1544-4c59-858c-05320b57c3a7:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "e0be3094-1544-4c59-858c-05320b57c3a7:indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "673dd2b3-e271-4ad9-9b86-83e4e1070647:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "673dd2b3-e271-4ad9-9b86-83e4e1070647:indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "ce8caf3c-c830-4500-a4bf-66a9f354cd49:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "ce8caf3c-c830-4500-a4bf-66a9f354cd49:indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "2148efa5-f130-4751-909d-6a79eed2e16b:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "2148efa5-f130-4751-909d-6a79eed2e16b:indexpattern-datasource-layer-77c8c7dc-b073-4d7c-8403-b25ee4647152", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "6790d45f-4fa9-4a70-b0e1-a3e10682c852:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "6790d45f-4fa9-4a70-b0e1-a3e10682c852:indexpattern-datasource-layer-77c8c7dc-b073-4d7c-8403-b25ee4647152", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "f7c1e866-ba0d-45af-95bf-2736901431dc:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "f7c1e866-ba0d-45af-95bf-2736901431dc:indexpattern-datasource-layer-77c8c7dc-b073-4d7c-8403-b25ee4647152", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "9609e04b-0043-4b3a-a31b-a2461c1e3dcb:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "9609e04b-0043-4b3a-a31b-a2461c1e3dcb:indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "8a1bd282-e360-473d-b26d-e73f2b470c81:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "8a1bd282-e360-473d-b26d-e73f2b470c81:indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "3b9a2a5f-1226-415c-88d5-21496508d060:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, - { - "id": "logs-*", - "name": "3b9a2a5f-1226-415c-88d5-21496508d060:indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059", - "type": "index-pattern" - }, - { - "id": "azure-70cbce40-f1a7-11ec-a5a8-bf965bcd5646", - "name": "c469c097-b5bf-4eb9-ba69-c4590ec183a7:panel_c469c097-b5bf-4eb9-ba69-c4590ec183a7", - "type": "search" - }, - { - "name": "controlGroup_7cbe886c-4cc4-4fec-beff-7336b0965067:optionsListDataView", - "type": "index-pattern", - "id": "logs-*" + "migrationVersion": { + "dashboard": "8.6.0" }, - { - "name": "controlGroup_3ae71a2b-35ee-4659-b6b5-c2ea9e1ab609:optionsListDataView", - "type": "index-pattern", - "id": "logs-*" - } - ], - "migrationVersion": { - "dashboard": "8.6.0" - }, - "coreMigrationVersion": "8.6.1" + "coreMigrationVersion": "8.6.1" } \ No newline at end of file diff --git a/packages/azure/kibana/dashboard/azure-cad82b40-f251-11ec-a5a8-bf965bcd5646.json b/packages/azure/kibana/dashboard/azure-cad82b40-f251-11ec-a5a8-bf965bcd5646.json index 7cac3c46855..af5a106a43c 100644 --- a/packages/azure/kibana/dashboard/azure-cad82b40-f251-11ec-a5a8-bf965bcd5646.json +++ b/packages/azure/kibana/dashboard/azure-cad82b40-f251-11ec-a5a8-bf965bcd5646.json @@ -1,1044 +1,1119 @@ { - "id": "azure-cad82b40-f251-11ec-a5a8-bf965bcd5646", - "type": "dashboard", - "namespaces": [ - "default" - ], - "updated_at": "2023-03-07T09:38:25.166Z", - "created_at": "2023-03-07T09:38:25.166Z", - "version": "WzExMjg2LDFd", - "attributes": { - "controlGroupInput": { - "chainingSystem": "HIERARCHICAL", - "controlStyle": "oneLine", - "ignoreParentSettingsJSON": "{\"ignoreFilters\":false,\"ignoreQuery\":false,\"ignoreTimerange\":false,\"ignoreValidations\":false}", - "panelsJSON": "{\"7cbe886c-4cc4-4fec-beff-7336b0965067\":{\"order\":0,\"width\":\"medium\",\"grow\":false,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"cloud.account.id\",\"title\":\"Subscription ID\",\"id\":\"7cbe886c-4cc4-4fec-beff-7336b0965067\",\"enhancements\":{}}},\"a2fc452e-8956-4b6d-9313-64e9e3701310\":{\"order\":1,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"observer.name\",\"title\":\"Firewall\",\"id\":\"a2fc452e-8956-4b6d-9313-64e9e3701310\",\"enhancements\":{}}}}" - }, - "description": "Dashboard providing statistics about logs ingested from the Azure Firewall DNS Proxy events.", - "hits": 0, - "kibanaSavedObjectMeta": { - "searchSourceJSON": { - "filter": [{ - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "key": "data_stream.dataset", - "negate": false, - "params": { - "query": "azure.firewall_logs" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "data_stream.dataset": "azure.firewall_logs" - } - } - }, { - "$state": { - "store": "appState" - }, - "meta": { - "alias": null, - "disabled": false, - "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "key": "azure.firewall.operation_name", - "negate": false, - "params": { - "query": "AzureFirewallDnsProxyLog" - }, - "type": "phrase" - }, - "query": { - "match_phrase": { - "azure.firewall.operation_name": "AzureFirewallDnsProxyLog" - } - } - }], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "optionsJSON": { - "hidePanelTitles": false, - "syncColors": false, - "useMargins": true - }, - "panelsJSON": [{ - "version": "8.6.0", - "type": "visualization", - "gridData": { - "h": 14, - "i": "258f7245-5011-4f03-bcd3-cada0180dc7a", - "w": 21, - "x": 0, - "y": 0 - }, - "panelIndex": "258f7245-5011-4f03-bcd3-cada0180dc7a", - "embeddableConfig": { - "enhancements": {}, - "savedVis": { - "data": { - "aggs": [], - "searchSource": { - "filter": [], - "query": { - "language": "kuery", - "query": "" - } - } - }, - "description": "", - "id": "", - "params": { - "fontSize": 12, - "markdown": "**Navigation**\n\n[Overview](/app/dashboards#/view/azure-280493a0-f1a1-11ec-a5a8-bf965bcd5646) \n[Network Rule Logs](/app/dashboards#/view/azure-91224490-f1a6-11ec-a5a8-bf965bcd5646) \n[Network NAT Rule Logs](/app/dashboards#/view/azure-8731b980-f1aa-11ec-a5a8-bf965bcd5646) \n[Application Rule Logs)](/app/dashboards#/view/azure-1e5c9b50-f24a-11ec-a5a8-bf965bcd5646) \n**[DNS Proxy Logs (This Page)](/app/dashboards#/view/azure-cad82b40-f251-11ec-a5a8-bf965bcd5646)**\n\n[Integrations Page](/app/integrations/detail/azure/overview?integration=firewall_logs) \n\n**Overview**\n\nThis dashboard provides an overall view of Azure Firewall DNS Proxy Log events. ", - "openLinksInNewTab": false - }, - "title": "", - "type": "markdown", - "uiState": {} + "id": "azure-cad82b40-f251-11ec-a5a8-bf965bcd5646", + "type": "dashboard", + "namespaces": [ + "default" + ], + "updated_at": "2023-03-07T09:38:25.166Z", + "created_at": "2023-03-07T09:38:25.166Z", + "version": "WzExMjg2LDFd", + "attributes": { + "controlGroupInput": { + "chainingSystem": "HIERARCHICAL", + "controlStyle": "oneLine", + "ignoreParentSettingsJSON": "{\"ignoreFilters\":false,\"ignoreQuery\":false,\"ignoreTimerange\":false,\"ignoreValidations\":false}", + "panelsJSON": "{\"7cbe886c-4cc4-4fec-beff-7336b0965067\":{\"order\":0,\"width\":\"medium\",\"grow\":false,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"cloud.account.id\",\"title\":\"Subscription ID\",\"id\":\"7cbe886c-4cc4-4fec-beff-7336b0965067\",\"enhancements\":{}}},\"a2fc452e-8956-4b6d-9313-64e9e3701310\":{\"order\":1,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"observer.name\",\"title\":\"Firewall\",\"id\":\"a2fc452e-8956-4b6d-9313-64e9e3701310\",\"enhancements\":{}}}}" }, - "type": "visualization" - } - }, { - "version": "8.6.0", - "type": "lens", - "gridData": { - "h": 7, - "i": "8f1313ba-331f-478a-aa30-ea8e2845f86c", - "w": 9, - "x": 21, - "y": 0 - }, - "panelIndex": "8f1313ba-331f-478a-aa30-ea8e2845f86c", - "embeddableConfig": { - "attributes": { - "references": [{ - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, { - "id": "logs-*", - "name": "indexpattern-datasource-layer-8fee795f-a453-4cfa-a819-be091462e0ee", - "type": "index-pattern" - }], - "state": { - "datasourceStates": { - "formBased": { - "layers": { - "8fee795f-a453-4cfa-a819-be091462e0ee": { - "columnOrder": [ - "e5fe95be-c8fe-4066-8ea1-58e63682f94b" - ], - "columns": { - "e5fe95be-c8fe-4066-8ea1-58e63682f94b": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Total DNS Queries", - "operationType": "count", - "scale": "ratio", - "sourceField": "___records___" - } + "description": "Dashboard providing statistics about logs ingested from the Azure Firewall DNS Proxy events.", + "hits": 0, + "kibanaSavedObjectMeta": { + "searchSourceJSON": { + "filter": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "key": "data_stream.dataset", + "negate": false, + "params": { + "query": "azure.firewall_logs" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "data_stream.dataset": "azure.firewall_logs" + } + } }, - "incompleteColumns": {} - } + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "indexRefName": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", + "key": "azure.firewall.operation_name", + "negate": false, + "params": { + "query": "AzureFirewallDnsProxyLog" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "azure.firewall.operation_name": "AzureFirewallDnsProxyLog" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "accessor": "e5fe95be-c8fe-4066-8ea1-58e63682f94b", - "layerId": "8fee795f-a453-4cfa-a819-be091462e0ee", - "layerType": "data", - "textAlign": "center", - "titlePosition": "bottom", - "size": "xl" } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsLegacyMetric" }, - "enhancements": {}, - "hidePanelTitles": false, - "type": "lens" - }, - "title": "Total DNS Queries" - }, { - "version": "8.6.0", - "type": "lens", - "gridData": { - "h": 7, - "i": "dfcf4383-4ce2-42a2-b0a9-a48dbf39db64", - "w": 9, - "x": 30, - "y": 0 - }, - "panelIndex": "dfcf4383-4ce2-42a2-b0a9-a48dbf39db64", - "embeddableConfig": { - "attributes": { - "references": [{ - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, { - "id": "logs-*", - "name": "indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a", - "type": "index-pattern" - }], - "state": { - "datasourceStates": { - "formBased": { - "layers": { - "454630b2-cff5-45ab-9cfc-ec19c5aeb97a": { - "columnOrder": [ - "fe432a5c-5813-4a13-948e-ea6d83ec8c40", - "fe432a5c-5813-4a13-948e-ea6d83ec8c40X0" - ], - "columns": { - "fe432a5c-5813-4a13-948e-ea6d83ec8c40": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Unique Source IPs", - "operationType": "formula", + "optionsJSON": { + "hidePanelTitles": false, + "syncColors": false, + "useMargins": true + }, + "panelsJSON": [ + { + "version": "8.6.0", + "type": "visualization", + "gridData": { + "h": 14, + "i": "258f7245-5011-4f03-bcd3-cada0180dc7a", + "w": 21, + "x": 0, + "y": 0 + }, + "panelIndex": "258f7245-5011-4f03-bcd3-cada0180dc7a", + "embeddableConfig": { + "enhancements": {}, + "savedVis": { + "data": { + "aggs": [], + "searchSource": { + "filter": [], + "query": { + "language": "kuery", + "query": "" + } + } + }, + "description": "", + "id": "", "params": { - "formula": "unique_count(source.ip)", - "isFormulaBroken": false + "fontSize": 12, + "markdown": "**Navigation**\n\n[Overview](/app/dashboards#/view/azure-280493a0-f1a1-11ec-a5a8-bf965bcd5646) \n[Network Rule Logs](/app/dashboards#/view/azure-91224490-f1a6-11ec-a5a8-bf965bcd5646) \n[Network NAT Rule Logs](/app/dashboards#/view/azure-8731b980-f1aa-11ec-a5a8-bf965bcd5646) \n[Application Rule Logs)](/app/dashboards#/view/azure-1e5c9b50-f24a-11ec-a5a8-bf965bcd5646) \n**[DNS Proxy Logs (This Page)](/app/dashboards#/view/azure-cad82b40-f251-11ec-a5a8-bf965bcd5646)**\n\n[Integrations Page](/app/integrations/detail/azure/overview?integration=firewall_logs) \n\n**Overview**\n\nThis dashboard provides an overall view of Azure Firewall DNS Proxy Log events. ", + "openLinksInNewTab": false }, - "references": [ - "fe432a5c-5813-4a13-948e-ea6d83ec8c40X0" - ], - "scale": "ratio" - }, - "fe432a5c-5813-4a13-948e-ea6d83ec8c40X0": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Part of unique_count(source.ip)", - "operationType": "unique_count", - "scale": "ratio", - "sourceField": "source.ip" - } + "title": "", + "type": "markdown", + "uiState": {} }, - "incompleteColumns": {} - } + "type": "visualization" } - } }, - "filters": [], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "accessor": "fe432a5c-5813-4a13-948e-ea6d83ec8c40", - "layerId": "454630b2-cff5-45ab-9cfc-ec19c5aeb97a", - "layerType": "data", - "textAlign": "center", - "titlePosition": "bottom", - "size": "xl" - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsLegacyMetric" - }, - "enhancements": {}, - "hidePanelTitles": false, - "type": "lens" - }, - "title": "Unique Source IPs" - }, { - "version": "8.6.0", - "type": "lens", - "gridData": { - "h": 7, - "i": "b0b8c30c-2096-49ee-95b3-9adbf27808e5", - "w": 9, - "x": 39, - "y": 0 - }, - "panelIndex": "b0b8c30c-2096-49ee-95b3-9adbf27808e5", - "embeddableConfig": { - "attributes": { - "references": [{ - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, { - "id": "logs-*", - "name": "indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a", - "type": "index-pattern" - }], - "state": { - "datasourceStates": { - "formBased": { - "layers": { - "454630b2-cff5-45ab-9cfc-ec19c5aeb97a": { - "columnOrder": [ - "fe432a5c-5813-4a13-948e-ea6d83ec8c40", - "fe432a5c-5813-4a13-948e-ea6d83ec8c40X0" - ], - "columns": { - "fe432a5c-5813-4a13-948e-ea6d83ec8c40": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Unique Source Countries", - "operationType": "formula", - "params": { - "formula": "unique_count(source.geo.country_name)", - "isFormulaBroken": false - }, + { + "version": "8.6.0", + "type": "lens", + "gridData": { + "h": 7, + "i": "8f1313ba-331f-478a-aa30-ea8e2845f86c", + "w": 9, + "x": 21, + "y": 0 + }, + "panelIndex": "8f1313ba-331f-478a-aa30-ea8e2845f86c", + "embeddableConfig": { + "attributes": { "references": [ - "fe432a5c-5813-4a13-948e-ea6d83ec8c40X0" + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-8fee795f-a453-4cfa-a819-be091462e0ee", + "type": "index-pattern" + } ], - "scale": "ratio" - }, - "fe432a5c-5813-4a13-948e-ea6d83ec8c40X0": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Part of Unique Source IPs", - "operationType": "unique_count", - "scale": "ratio", - "sourceField": "source.geo.country_name" - } + "state": { + "datasourceStates": { + "formBased": { + "layers": { + "8fee795f-a453-4cfa-a819-be091462e0ee": { + "columnOrder": [ + "e5fe95be-c8fe-4066-8ea1-58e63682f94b" + ], + "columns": { + "e5fe95be-c8fe-4066-8ea1-58e63682f94b": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Total DNS Queries", + "operationType": "count", + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "accessor": "e5fe95be-c8fe-4066-8ea1-58e63682f94b", + "layerId": "8fee795f-a453-4cfa-a819-be091462e0ee", + "layerType": "data", + "textAlign": "center", + "titlePosition": "bottom", + "size": "xl" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsLegacyMetric" }, - "incompleteColumns": {} - } - } - } + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" + }, + "title": "Total DNS Queries" }, - "filters": [], - "query": { - "language": "kuery", - "query": "" + { + "version": "8.6.0", + "type": "lens", + "gridData": { + "h": 7, + "i": "dfcf4383-4ce2-42a2-b0a9-a48dbf39db64", + "w": 9, + "x": 30, + "y": 0 + }, + "panelIndex": "dfcf4383-4ce2-42a2-b0a9-a48dbf39db64", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "formBased": { + "layers": { + "454630b2-cff5-45ab-9cfc-ec19c5aeb97a": { + "columnOrder": [ + "fe432a5c-5813-4a13-948e-ea6d83ec8c40", + "fe432a5c-5813-4a13-948e-ea6d83ec8c40X0" + ], + "columns": { + "fe432a5c-5813-4a13-948e-ea6d83ec8c40": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Unique Source IPs", + "operationType": "formula", + "params": { + "formula": "unique_count(source.ip)", + "isFormulaBroken": false + }, + "references": [ + "fe432a5c-5813-4a13-948e-ea6d83ec8c40X0" + ], + "scale": "ratio" + }, + "fe432a5c-5813-4a13-948e-ea6d83ec8c40X0": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Part of unique_count(source.ip)", + "operationType": "unique_count", + "scale": "ratio", + "sourceField": "source.ip" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "accessor": "fe432a5c-5813-4a13-948e-ea6d83ec8c40", + "layerId": "454630b2-cff5-45ab-9cfc-ec19c5aeb97a", + "layerType": "data", + "textAlign": "center", + "titlePosition": "bottom", + "size": "xl" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsLegacyMetric" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" + }, + "title": "Unique Source IPs" }, - "visualization": { - "accessor": "fe432a5c-5813-4a13-948e-ea6d83ec8c40", - "layerId": "454630b2-cff5-45ab-9cfc-ec19c5aeb97a", - "layerType": "data", - "textAlign": "center", - "titlePosition": "bottom", - "size": "xl" - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsLegacyMetric" - }, - "enhancements": {}, - "hidePanelTitles": false, - "type": "lens" - }, - "title": "Unique Source Countries" - }, { - "version": "8.6.0", - "type": "lens", - "gridData": { - "h": 7, - "i": "e0be3094-1544-4c59-858c-05320b57c3a7", - "w": 9, - "x": 21, - "y": 7 - }, - "panelIndex": "e0be3094-1544-4c59-858c-05320b57c3a7", - "embeddableConfig": { - "attributes": { - "references": [{ - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, { - "id": "logs-*", - "name": "indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a", - "type": "index-pattern" - }], - "state": { - "datasourceStates": { - "formBased": { - "layers": { - "454630b2-cff5-45ab-9cfc-ec19c5aeb97a": { - "columnOrder": [ - "fe432a5c-5813-4a13-948e-ea6d83ec8c40", - "fe432a5c-5813-4a13-948e-ea6d83ec8c40X0" - ], - "columns": { - "fe432a5c-5813-4a13-948e-ea6d83ec8c40": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Unique Domains", - "operationType": "formula", - "params": { - "formula": "unique_count(dns.question.name)", - "isFormulaBroken": false + { + "version": "8.6.0", + "type": "lens", + "gridData": { + "h": 7, + "i": "b0b8c30c-2096-49ee-95b3-9adbf27808e5", + "w": 9, + "x": 39, + "y": 0 + }, + "panelIndex": "b0b8c30c-2096-49ee-95b3-9adbf27808e5", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "formBased": { + "layers": { + "454630b2-cff5-45ab-9cfc-ec19c5aeb97a": { + "columnOrder": [ + "fe432a5c-5813-4a13-948e-ea6d83ec8c40", + "fe432a5c-5813-4a13-948e-ea6d83ec8c40X0" + ], + "columns": { + "fe432a5c-5813-4a13-948e-ea6d83ec8c40": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Unique Source Countries", + "operationType": "formula", + "params": { + "formula": "unique_count(source.geo.country_name)", + "isFormulaBroken": false + }, + "references": [ + "fe432a5c-5813-4a13-948e-ea6d83ec8c40X0" + ], + "scale": "ratio" + }, + "fe432a5c-5813-4a13-948e-ea6d83ec8c40X0": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Part of Unique Source IPs", + "operationType": "unique_count", + "scale": "ratio", + "sourceField": "source.geo.country_name" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "accessor": "fe432a5c-5813-4a13-948e-ea6d83ec8c40", + "layerId": "454630b2-cff5-45ab-9cfc-ec19c5aeb97a", + "layerType": "data", + "textAlign": "center", + "titlePosition": "bottom", + "size": "xl" + } }, + "title": "", + "type": "lens", + "visualizationType": "lnsLegacyMetric" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" + }, + "title": "Unique Source Countries" + }, + { + "version": "8.6.0", + "type": "lens", + "gridData": { + "h": 7, + "i": "e0be3094-1544-4c59-858c-05320b57c3a7", + "w": 9, + "x": 21, + "y": 7 + }, + "panelIndex": "e0be3094-1544-4c59-858c-05320b57c3a7", + "embeddableConfig": { + "attributes": { "references": [ - "fe432a5c-5813-4a13-948e-ea6d83ec8c40X0" + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a", + "type": "index-pattern" + } ], - "scale": "ratio" - }, - "fe432a5c-5813-4a13-948e-ea6d83ec8c40X0": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Part of Unique DNS Names", - "operationType": "unique_count", - "scale": "ratio", - "sourceField": "dns.question.name" - } + "state": { + "datasourceStates": { + "formBased": { + "layers": { + "454630b2-cff5-45ab-9cfc-ec19c5aeb97a": { + "columnOrder": [ + "fe432a5c-5813-4a13-948e-ea6d83ec8c40", + "fe432a5c-5813-4a13-948e-ea6d83ec8c40X0" + ], + "columns": { + "fe432a5c-5813-4a13-948e-ea6d83ec8c40": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Unique Domains", + "operationType": "formula", + "params": { + "formula": "unique_count(dns.question.name)", + "isFormulaBroken": false + }, + "references": [ + "fe432a5c-5813-4a13-948e-ea6d83ec8c40X0" + ], + "scale": "ratio" + }, + "fe432a5c-5813-4a13-948e-ea6d83ec8c40X0": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Part of Unique DNS Names", + "operationType": "unique_count", + "scale": "ratio", + "sourceField": "dns.question.name" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "accessor": "fe432a5c-5813-4a13-948e-ea6d83ec8c40", + "layerId": "454630b2-cff5-45ab-9cfc-ec19c5aeb97a", + "layerType": "data", + "textAlign": "center", + "titlePosition": "bottom", + "size": "xl" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsLegacyMetric" }, - "incompleteColumns": {} - } - } - } + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" + }, + "title": "Unique Domains" }, - "filters": [], - "query": { - "language": "kuery", - "query": "" + { + "version": "8.6.0", + "type": "lens", + "gridData": { + "h": 7, + "i": "2c2c4900-3223-4061-aba7-6c7274441654", + "w": 9, + "x": 30, + "y": 7 + }, + "panelIndex": "2c2c4900-3223-4061-aba7-6c7274441654", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-8fee795f-a453-4cfa-a819-be091462e0ee", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "formBased": { + "layers": { + "8fee795f-a453-4cfa-a819-be091462e0ee": { + "columnOrder": [ + "e5fe95be-c8fe-4066-8ea1-58e63682f94b", + "e5fe95be-c8fe-4066-8ea1-58e63682f94bX0", + "e5fe95be-c8fe-4066-8ea1-58e63682f94bX1", + "e5fe95be-c8fe-4066-8ea1-58e63682f94bX2" + ], + "columns": { + "e5fe95be-c8fe-4066-8ea1-58e63682f94b": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Total Bytes", + "operationType": "formula", + "params": { + "format": { + "id": "bytes", + "params": { + "decimals": 2 + } + }, + "formula": "sum(source.bytes) + sum(destination.bytes)", + "isFormulaBroken": false + }, + "references": [ + "e5fe95be-c8fe-4066-8ea1-58e63682f94bX2" + ], + "scale": "ratio" + }, + "e5fe95be-c8fe-4066-8ea1-58e63682f94bX0": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Part of Total Source Bytes", + "operationType": "sum", + "scale": "ratio", + "sourceField": "source.bytes" + }, + "e5fe95be-c8fe-4066-8ea1-58e63682f94bX1": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Part of Total Source Bytes", + "operationType": "sum", + "scale": "ratio", + "sourceField": "destination.bytes" + }, + "e5fe95be-c8fe-4066-8ea1-58e63682f94bX2": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Part of Total Source Bytes", + "operationType": "math", + "params": { + "tinymathAst": { + "args": [ + "e5fe95be-c8fe-4066-8ea1-58e63682f94bX0", + "e5fe95be-c8fe-4066-8ea1-58e63682f94bX1" + ], + "location": { + "max": 42, + "min": 0 + }, + "name": "add", + "text": "sum(source.bytes) + sum(destination.bytes)", + "type": "function" + } + }, + "references": [ + "e5fe95be-c8fe-4066-8ea1-58e63682f94bX0", + "e5fe95be-c8fe-4066-8ea1-58e63682f94bX1" + ], + "scale": "ratio" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "accessor": "e5fe95be-c8fe-4066-8ea1-58e63682f94b", + "layerId": "8fee795f-a453-4cfa-a819-be091462e0ee", + "layerType": "data", + "textAlign": "center", + "titlePosition": "bottom", + "size": "xl" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsLegacyMetric" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" + }, + "title": "Total Bytes" }, - "visualization": { - "accessor": "fe432a5c-5813-4a13-948e-ea6d83ec8c40", - "layerId": "454630b2-cff5-45ab-9cfc-ec19c5aeb97a", - "layerType": "data", - "textAlign": "center", - "titlePosition": "bottom", - "size": "xl" - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsLegacyMetric" - }, - "enhancements": {}, - "hidePanelTitles": false, - "type": "lens" - }, - "title": "Unique Domains" - }, { - "version": "8.6.0", - "type": "lens", - "gridData": { - "h": 7, - "i": "2c2c4900-3223-4061-aba7-6c7274441654", - "w": 9, - "x": 30, - "y": 7 - }, - "panelIndex": "2c2c4900-3223-4061-aba7-6c7274441654", - "embeddableConfig": { - "attributes": { - "references": [{ - "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, { - "id": "logs-*", - "name": "indexpattern-datasource-layer-8fee795f-a453-4cfa-a819-be091462e0ee", - "type": "index-pattern" - }], - "state": { - "datasourceStates": { - "formBased": { - "layers": { - "8fee795f-a453-4cfa-a819-be091462e0ee": { - "columnOrder": [ - "e5fe95be-c8fe-4066-8ea1-58e63682f94b", - "e5fe95be-c8fe-4066-8ea1-58e63682f94bX0", - "e5fe95be-c8fe-4066-8ea1-58e63682f94bX1", - "e5fe95be-c8fe-4066-8ea1-58e63682f94bX2" - ], - "columns": { - "e5fe95be-c8fe-4066-8ea1-58e63682f94b": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Total Bytes", - "operationType": "formula", - "params": { - "format": { - "id": "bytes", - "params": { - "decimals": 2 + { + "version": "8.6.0", + "type": "lens", + "gridData": { + "h": 7, + "i": "673dd2b3-e271-4ad9-9b86-83e4e1070647", + "w": 9, + "x": 39, + "y": 7 + }, + "panelIndex": "673dd2b3-e271-4ad9-9b86-83e4e1070647", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "formBased": { + "layers": { + "454630b2-cff5-45ab-9cfc-ec19c5aeb97a": { + "columnOrder": [ + "fe432a5c-5813-4a13-948e-ea6d83ec8c40", + "fe432a5c-5813-4a13-948e-ea6d83ec8c40X0" + ], + "columns": { + "fe432a5c-5813-4a13-948e-ea6d83ec8c40": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Unique Network Protocols", + "operationType": "formula", + "params": { + "formula": "unique_count(network.transport)", + "isFormulaBroken": false + }, + "references": [ + "fe432a5c-5813-4a13-948e-ea6d83ec8c40X0" + ], + "scale": "ratio" + }, + "fe432a5c-5813-4a13-948e-ea6d83ec8c40X0": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Part of Unique Network Protocols", + "operationType": "unique_count", + "scale": "ratio", + "sourceField": "network.transport" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "accessor": "fe432a5c-5813-4a13-948e-ea6d83ec8c40", + "layerId": "454630b2-cff5-45ab-9cfc-ec19c5aeb97a", + "layerType": "data", + "textAlign": "center", + "titlePosition": "bottom", + "size": "xl" } - }, - "formula": "sum(source.bytes) + sum(destination.bytes)", - "isFormulaBroken": false }, + "title": "", + "type": "lens", + "visualizationType": "lnsLegacyMetric" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" + }, + "title": "Unique Network Protocols" + }, + { + "version": "8.6.0", + "type": "lens", + "gridData": { + "h": 15, + "i": "9609e04b-0043-4b3a-a31b-a2461c1e3dcb", + "w": 12, + "x": 24, + "y": 14 + }, + "panelIndex": "9609e04b-0043-4b3a-a31b-a2461c1e3dcb", + "embeddableConfig": { + "attributes": { "references": [ - "e5fe95be-c8fe-4066-8ea1-58e63682f94bX2" + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059", + "type": "index-pattern" + } ], - "scale": "ratio" - }, - "e5fe95be-c8fe-4066-8ea1-58e63682f94bX0": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Part of Total Source Bytes", - "operationType": "sum", - "scale": "ratio", - "sourceField": "source.bytes" - }, - "e5fe95be-c8fe-4066-8ea1-58e63682f94bX1": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Part of Total Source Bytes", - "operationType": "sum", - "scale": "ratio", - "sourceField": "destination.bytes" - }, - "e5fe95be-c8fe-4066-8ea1-58e63682f94bX2": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Part of Total Source Bytes", - "operationType": "math", - "params": { - "tinymathAst": { - "args": [ - "e5fe95be-c8fe-4066-8ea1-58e63682f94bX0", - "e5fe95be-c8fe-4066-8ea1-58e63682f94bX1" - ], - "location": { - "max": 42, - "min": 0 + "state": { + "datasourceStates": { + "formBased": { + "layers": { + "a5c93c96-5038-49e1-acca-2e876257c059": { + "columnOrder": [ + "63e483b4-0ce2-4f05-92a2-8e699650d64c", + "915adad5-4455-40d4-a9cd-0702da79189c" + ], + "columns": { + "63e483b4-0ce2-4f05-92a2-8e699650d64c": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Source Address", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "915adad5-4455-40d4-a9cd-0702da79189c", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "source.address" + }, + "915adad5-4455-40d4-a9cd-0702da79189c": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" }, - "name": "add", - "text": "sum(source.bytes) + sum(destination.bytes)", - "type": "function" - } + "visualization": { + "columns": [ + { + "columnId": "915adad5-4455-40d4-a9cd-0702da79189c", + "isTransposed": false + }, + { + "columnId": "63e483b4-0ce2-4f05-92a2-8e699650d64c", + "isTransposed": false + } + ], + "layerId": "a5c93c96-5038-49e1-acca-2e876257c059", + "layerType": "data", + "rowHeight": "single", + "rowHeightLines": 1 + } }, + "title": "", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" + }, + "title": "Top Event Source Addresses" + }, + { + "version": "8.6.0", + "type": "lens", + "gridData": { + "h": 15, + "i": "ce8caf3c-c830-4500-a4bf-66a9f354cd49", + "w": 12, + "x": 36, + "y": 14 + }, + "panelIndex": "ce8caf3c-c830-4500-a4bf-66a9f354cd49", + "embeddableConfig": { + "attributes": { "references": [ - "e5fe95be-c8fe-4066-8ea1-58e63682f94bX0", - "e5fe95be-c8fe-4066-8ea1-58e63682f94bX1" + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059", + "type": "index-pattern" + } ], - "scale": "ratio" - } + "state": { + "datasourceStates": { + "formBased": { + "layers": { + "a5c93c96-5038-49e1-acca-2e876257c059": { + "columnOrder": [ + "b2d72986-1818-4a93-9155-2a66cd00eca4", + "e1f00395-a8a7-42c9-9ce1-a20ec14edf63" + ], + "columns": { + "b2d72986-1818-4a93-9155-2a66cd00eca4": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Firewall", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "e1f00395-a8a7-42c9-9ce1-a20ec14edf63", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "observer.name" + }, + "e1f00395-a8a7-42c9-9ce1-a20ec14edf63": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "columnId": "b2d72986-1818-4a93-9155-2a66cd00eca4", + "isTransposed": false + }, + { + "columnId": "e1f00395-a8a7-42c9-9ce1-a20ec14edf63", + "isTransposed": false + } + ], + "layerId": "a5c93c96-5038-49e1-acca-2e876257c059", + "layerType": "data", + "rowHeight": "single", + "rowHeightLines": 1 + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsDatatable" }, - "incompleteColumns": {} - } - } - } + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" + }, + "title": "Top Event Generating Firewalls" }, - "filters": [], - "query": { - "language": "kuery", - "query": "" + { + "version": "8.6.0", + "type": "lens", + "gridData": { + "h": 15, + "i": "dc473cf3-3ff8-4c71-b465-1e9b819ddd94", + "w": 24, + "x": 0, + "y": 14 + }, + "panelIndex": "dc473cf3-3ff8-4c71-b465-1e9b819ddd94", + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "logs-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "formBased": { + "layers": { + "a5c93c96-5038-49e1-acca-2e876257c059": { + "columnOrder": [ + "63e483b4-0ce2-4f05-92a2-8e699650d64c", + "915adad5-4455-40d4-a9cd-0702da79189c" + ], + "columns": { + "63e483b4-0ce2-4f05-92a2-8e699650d64c": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Domains", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "915adad5-4455-40d4-a9cd-0702da79189c", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 5 + }, + "scale": "ordinal", + "sourceField": "dns.question.name" + }, + "915adad5-4455-40d4-a9cd-0702da79189c": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "columnId": "915adad5-4455-40d4-a9cd-0702da79189c", + "isTransposed": false + }, + { + "columnId": "63e483b4-0ce2-4f05-92a2-8e699650d64c", + "isTransposed": false + } + ], + "layerId": "a5c93c96-5038-49e1-acca-2e876257c059", + "layerType": "data", + "rowHeight": "single", + "rowHeightLines": 1 + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {}, + "hidePanelTitles": false, + "type": "lens" + }, + "title": "Top Domains" }, - "visualization": { - "accessor": "e5fe95be-c8fe-4066-8ea1-58e63682f94b", - "layerId": "8fee795f-a453-4cfa-a819-be091462e0ee", - "layerType": "data", - "textAlign": "center", - "titlePosition": "bottom", - "size": "xl" + { + "version": "7.16.0", + "type": "search", + "gridData": { + "h": 18, + "i": "49811546-e0b1-4814-82fe-e99715c85069", + "w": 48, + "x": 0, + "y": 29 + }, + "panelIndex": "49811546-e0b1-4814-82fe-e99715c85069", + "embeddableConfig": { + "enhancements": {} + }, + "panelRefName": "panel_49811546-e0b1-4814-82fe-e99715c85069" } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsLegacyMetric" + ], + "timeRestore": false, + "title": "[Logs Azure] Firewall DNS Proxy Log", + "version": 1 + }, + "references": [ + { + "id": "logs-*", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" }, - "enhancements": {}, - "hidePanelTitles": false, - "type": "lens" - }, - "title": "Total Bytes" - }, { - "version": "8.6.0", - "type": "lens", - "gridData": { - "h": 7, - "i": "673dd2b3-e271-4ad9-9b86-83e4e1070647", - "w": 9, - "x": 39, - "y": 7 - }, - "panelIndex": "673dd2b3-e271-4ad9-9b86-83e4e1070647", - "embeddableConfig": { - "attributes": { - "references": [{ + { "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", "type": "index-pattern" - }, { + }, + { "id": "logs-*", - "name": "indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a", + "name": "controlGroup_7cbe886c-4cc4-4fec-beff-7336b0965067:optionsListDataView", "type": "index-pattern" - }], - "state": { - "datasourceStates": { - "formBased": { - "layers": { - "454630b2-cff5-45ab-9cfc-ec19c5aeb97a": { - "columnOrder": [ - "fe432a5c-5813-4a13-948e-ea6d83ec8c40", - "fe432a5c-5813-4a13-948e-ea6d83ec8c40X0" - ], - "columns": { - "fe432a5c-5813-4a13-948e-ea6d83ec8c40": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Unique Network Protocols", - "operationType": "formula", - "params": { - "formula": "unique_count(network.transport)", - "isFormulaBroken": false - }, - "references": [ - "fe432a5c-5813-4a13-948e-ea6d83ec8c40X0" - ], - "scale": "ratio" - }, - "fe432a5c-5813-4a13-948e-ea6d83ec8c40X0": { - "customLabel": true, - "dataType": "number", - "isBucketed": false, - "label": "Part of Unique Network Protocols", - "operationType": "unique_count", - "scale": "ratio", - "sourceField": "network.transport" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "accessor": "fe432a5c-5813-4a13-948e-ea6d83ec8c40", - "layerId": "454630b2-cff5-45ab-9cfc-ec19c5aeb97a", - "layerType": "data", - "textAlign": "center", - "titlePosition": "bottom", - "size": "xl" - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsLegacyMetric" }, - "enhancements": {}, - "hidePanelTitles": false, - "type": "lens" - }, - "title": "Unique Network Protocols" - }, { - "version": "8.6.0", - "type": "lens", - "gridData": { - "h": 15, - "i": "9609e04b-0043-4b3a-a31b-a2461c1e3dcb", - "w": 12, - "x": 24, - "y": 14 - }, - "panelIndex": "9609e04b-0043-4b3a-a31b-a2461c1e3dcb", - "embeddableConfig": { - "attributes": { - "references": [{ + { "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", + "name": "controlGroup_a2fc452e-8956-4b6d-9313-64e9e3701310:optionsListDataView", "type": "index-pattern" - }, { + }, + { "id": "logs-*", - "name": "indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059", + "name": "8f1313ba-331f-478a-aa30-ea8e2845f86c:indexpattern-datasource-current-indexpattern", "type": "index-pattern" - }], - "state": { - "datasourceStates": { - "formBased": { - "layers": { - "a5c93c96-5038-49e1-acca-2e876257c059": { - "columnOrder": [ - "63e483b4-0ce2-4f05-92a2-8e699650d64c", - "915adad5-4455-40d4-a9cd-0702da79189c" - ], - "columns": { - "63e483b4-0ce2-4f05-92a2-8e699650d64c": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Source Address", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "915adad5-4455-40d4-a9cd-0702da79189c", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "source.address" - }, - "915adad5-4455-40d4-a9cd-0702da79189c": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "scale": "ratio", - "sourceField": "___records___" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "columns": [{ - "columnId": "915adad5-4455-40d4-a9cd-0702da79189c", - "isTransposed": false - }, { - "columnId": "63e483b4-0ce2-4f05-92a2-8e699650d64c", - "isTransposed": false - }], - "layerId": "a5c93c96-5038-49e1-acca-2e876257c059", - "layerType": "data", - "rowHeight": "single", - "rowHeightLines": 1 - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsDatatable" }, - "enhancements": {}, - "hidePanelTitles": false, - "type": "lens" - }, - "title": "Top Event Source Addresses" - }, { - "version": "8.6.0", - "type": "lens", - "gridData": { - "h": 15, - "i": "ce8caf3c-c830-4500-a4bf-66a9f354cd49", - "w": 12, - "x": 36, - "y": 14 - }, - "panelIndex": "ce8caf3c-c830-4500-a4bf-66a9f354cd49", - "embeddableConfig": { - "attributes": { - "references": [{ + { "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", + "name": "8f1313ba-331f-478a-aa30-ea8e2845f86c:indexpattern-datasource-layer-8fee795f-a453-4cfa-a819-be091462e0ee", "type": "index-pattern" - }, { + }, + { "id": "logs-*", - "name": "indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059", + "name": "dfcf4383-4ce2-42a2-b0a9-a48dbf39db64:indexpattern-datasource-current-indexpattern", "type": "index-pattern" - }], - "state": { - "datasourceStates": { - "formBased": { - "layers": { - "a5c93c96-5038-49e1-acca-2e876257c059": { - "columnOrder": [ - "b2d72986-1818-4a93-9155-2a66cd00eca4", - "e1f00395-a8a7-42c9-9ce1-a20ec14edf63" - ], - "columns": { - "b2d72986-1818-4a93-9155-2a66cd00eca4": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Firewall", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "e1f00395-a8a7-42c9-9ce1-a20ec14edf63", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "observer.name" - }, - "e1f00395-a8a7-42c9-9ce1-a20ec14edf63": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "scale": "ratio", - "sourceField": "___records___" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "columns": [{ - "columnId": "b2d72986-1818-4a93-9155-2a66cd00eca4", - "isTransposed": false - }, { - "columnId": "e1f00395-a8a7-42c9-9ce1-a20ec14edf63", - "isTransposed": false - }], - "layerId": "a5c93c96-5038-49e1-acca-2e876257c059", - "layerType": "data", - "rowHeight": "single", - "rowHeightLines": 1 - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsDatatable" }, - "enhancements": {}, - "hidePanelTitles": false, - "type": "lens" - }, - "title": "Top Event Generating Firewalls" - }, { - "version": "8.6.0", - "type": "lens", - "gridData": { - "h": 15, - "i": "dc473cf3-3ff8-4c71-b465-1e9b819ddd94", - "w": 24, - "x": 0, - "y": 14 - }, - "panelIndex": "dc473cf3-3ff8-4c71-b465-1e9b819ddd94", - "embeddableConfig": { - "attributes": { - "references": [{ + { "id": "logs-*", - "name": "indexpattern-datasource-current-indexpattern", + "name": "dfcf4383-4ce2-42a2-b0a9-a48dbf39db64:indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a", "type": "index-pattern" - }, { + }, + { "id": "logs-*", - "name": "indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059", + "name": "b0b8c30c-2096-49ee-95b3-9adbf27808e5:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "b0b8c30c-2096-49ee-95b3-9adbf27808e5:indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a", "type": "index-pattern" - }], - "state": { - "datasourceStates": { - "formBased": { - "layers": { - "a5c93c96-5038-49e1-acca-2e876257c059": { - "columnOrder": [ - "63e483b4-0ce2-4f05-92a2-8e699650d64c", - "915adad5-4455-40d4-a9cd-0702da79189c" - ], - "columns": { - "63e483b4-0ce2-4f05-92a2-8e699650d64c": { - "customLabel": true, - "dataType": "string", - "isBucketed": true, - "label": "Domains", - "operationType": "terms", - "params": { - "missingBucket": false, - "orderBy": { - "columnId": "915adad5-4455-40d4-a9cd-0702da79189c", - "type": "column" - }, - "orderDirection": "desc", - "otherBucket": true, - "size": 5 - }, - "scale": "ordinal", - "sourceField": "dns.question.name" - }, - "915adad5-4455-40d4-a9cd-0702da79189c": { - "dataType": "number", - "isBucketed": false, - "label": "Count of records", - "operationType": "count", - "scale": "ratio", - "sourceField": "___records___" - } - }, - "incompleteColumns": {} - } - } - } - }, - "filters": [], - "query": { - "language": "kuery", - "query": "" - }, - "visualization": { - "columns": [{ - "columnId": "915adad5-4455-40d4-a9cd-0702da79189c", - "isTransposed": false - }, { - "columnId": "63e483b4-0ce2-4f05-92a2-8e699650d64c", - "isTransposed": false - }], - "layerId": "a5c93c96-5038-49e1-acca-2e876257c059", - "layerType": "data", - "rowHeight": "single", - "rowHeightLines": 1 - } - }, - "title": "", - "type": "lens", - "visualizationType": "lnsDatatable" }, - "enhancements": {}, - "hidePanelTitles": false, - "type": "lens" - }, - "title": "Top Domains" - }, { - "version": "7.16.0", - "type": "search", - "gridData": { - "h": 18, - "i": "49811546-e0b1-4814-82fe-e99715c85069", - "w": 48, - "x": 0, - "y": 29 - }, - "panelIndex": "49811546-e0b1-4814-82fe-e99715c85069", - "embeddableConfig": { - "enhancements": {} - }, - "panelRefName": "panel_49811546-e0b1-4814-82fe-e99715c85069" - }], - "timeRestore": false, - "title": "[Logs Azure] Firewall DNS Proxy Log", - "version": 1 - }, - "references": [{ - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", - "type": "index-pattern" - }, { - "id": "logs-*", - "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index", - "type": "index-pattern" - }, { - "id": "logs-*", - "name": "controlGroup_7cbe886c-4cc4-4fec-beff-7336b0965067:optionsListDataView", - "type": "index-pattern" - }, { - "id": "logs-*", - "name": "controlGroup_a2fc452e-8956-4b6d-9313-64e9e3701310:optionsListDataView", - "type": "index-pattern" - }, { - "id": "logs-*", - "name": "8f1313ba-331f-478a-aa30-ea8e2845f86c:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, { - "id": "logs-*", - "name": "8f1313ba-331f-478a-aa30-ea8e2845f86c:indexpattern-datasource-layer-8fee795f-a453-4cfa-a819-be091462e0ee", - "type": "index-pattern" - }, { - "id": "logs-*", - "name": "dfcf4383-4ce2-42a2-b0a9-a48dbf39db64:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, { - "id": "logs-*", - "name": "dfcf4383-4ce2-42a2-b0a9-a48dbf39db64:indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a", - "type": "index-pattern" - }, { - "id": "logs-*", - "name": "b0b8c30c-2096-49ee-95b3-9adbf27808e5:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, { - "id": "logs-*", - "name": "b0b8c30c-2096-49ee-95b3-9adbf27808e5:indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a", - "type": "index-pattern" - }, { - "id": "logs-*", - "name": "e0be3094-1544-4c59-858c-05320b57c3a7:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, { - "id": "logs-*", - "name": "e0be3094-1544-4c59-858c-05320b57c3a7:indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a", - "type": "index-pattern" - }, { - "id": "logs-*", - "name": "2c2c4900-3223-4061-aba7-6c7274441654:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, { - "id": "logs-*", - "name": "2c2c4900-3223-4061-aba7-6c7274441654:indexpattern-datasource-layer-8fee795f-a453-4cfa-a819-be091462e0ee", - "type": "index-pattern" - }, { - "id": "logs-*", - "name": "673dd2b3-e271-4ad9-9b86-83e4e1070647:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, { - "id": "logs-*", - "name": "673dd2b3-e271-4ad9-9b86-83e4e1070647:indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a", - "type": "index-pattern" - }, { - "id": "logs-*", - "name": "9609e04b-0043-4b3a-a31b-a2461c1e3dcb:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, { - "id": "logs-*", - "name": "9609e04b-0043-4b3a-a31b-a2461c1e3dcb:indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059", - "type": "index-pattern" - }, { - "id": "logs-*", - "name": "ce8caf3c-c830-4500-a4bf-66a9f354cd49:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, { - "id": "logs-*", - "name": "ce8caf3c-c830-4500-a4bf-66a9f354cd49:indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059", - "type": "index-pattern" - }, { - "id": "logs-*", - "name": "dc473cf3-3ff8-4c71-b465-1e9b819ddd94:indexpattern-datasource-current-indexpattern", - "type": "index-pattern" - }, { - "id": "logs-*", - "name": "dc473cf3-3ff8-4c71-b465-1e9b819ddd94:indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059", - "type": "index-pattern" - }, { - "id": "azure-3d1466b0-f252-11ec-a5a8-bf965bcd5646", - "name": "49811546-e0b1-4814-82fe-e99715c85069:panel_49811546-e0b1-4814-82fe-e99715c85069", - "type": "search" - }], - "migrationVersion": { - "dashboard": "8.6.0" - }, - "coreMigrationVersion": "8.6.1" + { + "id": "logs-*", + "name": "e0be3094-1544-4c59-858c-05320b57c3a7:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "e0be3094-1544-4c59-858c-05320b57c3a7:indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "2c2c4900-3223-4061-aba7-6c7274441654:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "2c2c4900-3223-4061-aba7-6c7274441654:indexpattern-datasource-layer-8fee795f-a453-4cfa-a819-be091462e0ee", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "673dd2b3-e271-4ad9-9b86-83e4e1070647:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "673dd2b3-e271-4ad9-9b86-83e4e1070647:indexpattern-datasource-layer-454630b2-cff5-45ab-9cfc-ec19c5aeb97a", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "9609e04b-0043-4b3a-a31b-a2461c1e3dcb:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "9609e04b-0043-4b3a-a31b-a2461c1e3dcb:indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "ce8caf3c-c830-4500-a4bf-66a9f354cd49:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "ce8caf3c-c830-4500-a4bf-66a9f354cd49:indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "dc473cf3-3ff8-4c71-b465-1e9b819ddd94:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "logs-*", + "name": "dc473cf3-3ff8-4c71-b465-1e9b819ddd94:indexpattern-datasource-layer-a5c93c96-5038-49e1-acca-2e876257c059", + "type": "index-pattern" + }, + { + "id": "azure-3d1466b0-f252-11ec-a5a8-bf965bcd5646", + "name": "49811546-e0b1-4814-82fe-e99715c85069:panel_49811546-e0b1-4814-82fe-e99715c85069", + "type": "search" + } + ], + "migrationVersion": { + "dashboard": "8.6.0" + }, + "coreMigrationVersion": "8.6.1" } \ No newline at end of file diff --git a/packages/azure/manifest.yml b/packages/azure/manifest.yml index 2e3a9108fa4..eaeb9c2f4b4 100644 --- a/packages/azure/manifest.yml +++ b/packages/azure/manifest.yml @@ -1,7 +1,6 @@ name: azure title: Azure Logs -version: 1.5.33 -release: ga +version: 1.6.0 description: This Elastic integration collects logs from Azure type: integration icons: @@ -9,13 +8,15 @@ icons: title: logo azure size: 32x32 type: image/svg+xml -format_version: 1.0.0 -license: basic +format_version: "3.0.0" categories: - azure - observability conditions: - kibana.version: "^8.6.0" + kibana: + version: "^8.6.0" + elastic: + subscription: basic screenshots: - src: /img/azure_user_activity_dashboard.png title: Azure User Activity Dashboard @@ -221,3 +222,4 @@ policy_templates: type: image/svg+xml owner: github: elastic/obs-cloud-monitoring + type: elastic diff --git a/packages/azure/validation.yml b/packages/azure/validation.yml new file mode 100644 index 00000000000..3d7bd8f9aca --- /dev/null +++ b/packages/azure/validation.yml @@ -0,0 +1,4 @@ +errors: + exclude_checks: + - SVR00002 # expected filter in dashboard: no filter found + - SVR00004 # references found in dashboard \ No newline at end of file