2016-03-15 12:50:43 +00:00
[
{
"_id" : "Cowrie" ,
"_type" : "dashboard" ,
"_source" : {
"title" : "Cowrie" ,
"hits" : 0 ,
"description" : "" ,
2016-10-26 14:07:05 +00:00
"panelsJSON" : "[{\"col\":1,\"id\":\"Cowrie-Event-Counter\",\"panelIndex\":1,\"row\":1,\"size_x\":2,\"size_y\":3,\"type\":\"visualization\"},{\"col\":5,\"id\":\"Cowrie-Events-Histogram\",\"panelIndex\":22,\"row\":1,\"size_x\":8,\"size_y\":3,\"type\":\"visualization\"},{\"col\":1,\"id\":\"Cowrie-Cipher-Suites-Top-10\",\"panelIndex\":24,\"row\":4,\"size_x\":4,\"size_y\":3,\"type\":\"visualization\"},{\"col\":5,\"id\":\"Cowrie-Countries-Top-10\",\"panelIndex\":28,\"row\":4,\"size_x\":4,\"size_y\":3,\"type\":\"visualization\"},{\"col\":1,\"id\":\"Cowrie-Events-by-Country-Histogram\",\"panelIndex\":29,\"row\":14,\"size_x\":12,\"size_y\":3,\"type\":\"visualization\"},{\"col\":9,\"id\":\"Cowrie-Version-Pie-Top-10\",\"panelIndex\":31,\"row\":4,\"size_x\":4,\"size_y\":3,\"type\":\"visualization\"},{\"col\":3,\"id\":\"Cowrie-Unique-Session-Counter\",\"panelIndex\":33,\"row\":1,\"size_x\":2,\"size_y\":3,\"type\":\"visualization\"},{\"col\":1,\"id\":\"Cowrie-Username-Tagcloud-Large\",\"panelIndex\":34,\"row\":7,\"size_x\":6,\"size_y\":4,\"type\":\"visualization\"},{\"col\":7,\"id\":\"Cowrie-Password-Tagcloud-Large\",\"panelIndex\":35,\"row\":7,\"size_x\":6,\"size_y\":4,\"type\":\"visualization\"},{\"col\":1,\"id\":\"Cowrie-Map\",\"panelIndex\":36,\"row\":20,\"size_x\":12,\"size_y\":7,\"type\":\"visualization\"},{\"col\":1,\"id\":\"Cowrie-Input-Top-10\",\"panelIndex\":37,\"row\":27,\"size_x\":4,\"size_y\":5,\"type\":\"visualization\"},{\"col\":5,\"id\":\"Cowrie-Source-IP-Top-10\",\"panelIndex\":38,\"row\":27,\"size_x\":4,\"size_y\":5,\"type\":\"visualization\"},{\"col\":9,\"id\":\"Cowrie-ASN-Top-10\",\"panelIndex\":39,\"row\":27,\"size_x\":4,\"size_y\":5,\"type\":\"visualization\"},{\"col\":1,\"columns\":[\"_source\"],\"id\":\"Cowrie-Logs\",\"panelIndex\":40,\"row\":32,\"size_x\":12,\"size_y\":7,\"sort\":[\"@timestamp\",\"desc\"],\"type\":\"search\"},{\"col\":1,\"id\":\"Cowrie-Destination-Ports-Histogram\",\"panelIndex\":41,\"row\":17,\"size_x\":12,\"size_y\":3,\"type\":\"visualization\"},{\"col\":4,\"id\":\"Cowrie-Destination-Ports-Histogram-Incoming\",\"panelIndex\":42,\"row\":11,\"size_x\":9,\"size_y\":3,\"type\":\"visualization\"},{\"col\":1,\"id\":\"Cowrie-Ports-Pie\",\"panelIndex\":43,\"row\":11,\"size_x\":3,\"size_y\":3,\"type\":\"visualization\"}]" ,
2016-03-15 12:50:43 +00:00
"optionsJSON" : "{\"darkTheme\":true}" ,
"uiStateJSON" : "{}" ,
"version" : 1 ,
2016-10-26 14:07:05 +00:00
"timeRestore" : false ,
2016-03-15 12:50:43 +00:00
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : "{\"filter\":[{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}}}]}"
}
}
} ,
{
2016-10-26 14:07:05 +00:00
"_id" : "Honeytrap" ,
2016-03-15 12:50:43 +00:00
"_type" : "dashboard" ,
"_source" : {
2016-10-26 14:07:05 +00:00
"title" : "Honeytrap" ,
2016-03-15 12:50:43 +00:00
"hits" : 0 ,
"description" : "" ,
2016-10-26 14:07:05 +00:00
"panelsJSON" : "[{\"id\":\"Honeytrap-Event-Counter\",\"type\":\"visualization\",\"panelIndex\":1,\"size_x\":3,\"size_y\":3,\"col\":1,\"row\":1},{\"id\":\"Honeytrap-Events-Histogram\",\"type\":\"visualization\",\"panelIndex\":2,\"size_x\":9,\"size_y\":3,\"col\":4,\"row\":1},{\"id\":\"Honeytrap-Heatmap\",\"type\":\"visualization\",\"panelIndex\":3,\"size_x\":12,\"size_y\":5,\"col\":1,\"row\":10},{\"id\":\"Honeytrap-Destination-Ports-Histogram\",\"type\":\"visualization\",\"panelIndex\":4,\"size_x\":9,\"size_y\":3,\"col\":4,\"row\":4},{\"id\":\"Honeytrap-Countries-Top-10\",\"type\":\"visualization\",\"panelIndex\":5,\"size_x\":3,\"size_y\":3,\"col\":1,\"row\":7},{\"id\":\"Honeytrap-Events-by-Country-Histogram\",\"type\":\"visualization\",\"panelIndex\":6,\"size_x\":9,\"size_y\":3,\"col\":4,\"row\":7},{\"id\":\"Honeytrap-Destination-Ports-Top-10\",\"type\":\"visualization\",\"panelIndex\":7,\"size_x\":3,\"size_y\":3,\"col\":1,\"row\":4},{\"id\":\"Honeytrap-Map\",\"type\":\"visualization\",\"panelIndex\":8,\"size_x\":12,\"size_y\":8,\"col\":1,\"row\":15},{\"id\":\"Honeytrap-Source-IP-Top-10\",\"type\":\"visualization\",\"panelIndex\":9,\"size_x\":6,\"size_y\":5,\"col\":1,\"row\":23},{\"id\":\"Honeytrap-ASN-Top-10\",\"type\":\"visualization\",\"panelIndex\":10,\"size_x\":6,\"size_y\":5,\"col\":7,\"row\":23},{\"id\":\"Honeytrap-Logs\",\"type\":\"search\",\"panelIndex\":11,\"size_x\":12,\"size_y\":7,\"col\":1,\"row\":28,\"columns\":[\"_source\"],\"sort\":[\"@timestamp\",\"desc\"]}]" ,
2016-03-15 12:50:43 +00:00
"optionsJSON" : "{\"darkTheme\":true}" ,
"uiStateJSON" : "{}" ,
"version" : 1 ,
2016-10-26 14:07:05 +00:00
"timeRestore" : false ,
2016-03-15 12:50:43 +00:00
"kibanaSavedObjectMeta" : {
2016-10-26 14:07:05 +00:00
"searchSourceJSON" : "{\"filter\":[{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}}}]}"
2016-03-15 12:50:43 +00:00
}
}
} ,
{
2016-10-26 14:07:05 +00:00
"_id" : ">T-Pot-Industrial" ,
2016-03-15 12:50:43 +00:00
"_type" : "dashboard" ,
"_source" : {
2016-10-26 14:07:05 +00:00
"title" : ">T-Pot - Industrial" ,
2016-03-15 12:50:43 +00:00
"hits" : 0 ,
"description" : "" ,
2016-10-26 14:07:05 +00:00
"panelsJSON" : "[{\"col\":7,\"id\":\"Honeytrap-Event-Counter\",\"panelIndex\":5,\"row\":6,\"size_x\":3,\"size_y\":2,\"type\":\"visualization\"},{\"col\":10,\"id\":\"Suricata-Event-Counter\",\"panelIndex\":6,\"row\":6,\"size_x\":3,\"size_y\":2,\"type\":\"visualization\"},{\"col\":1,\"id\":\"Honeypot-Events-Histogram\",\"panelIndex\":7,\"row\":8,\"size_x\":12,\"size_y\":3,\"type\":\"visualization\"},{\"id\":\"Honeypot-Destination-Ports-Histogram\",\"type\":\"visualization\",\"panelIndex\":8,\"size_x\":12,\"size_y\":3,\"col\":1,\"row\":11},{\"id\":\"P0f-OS-Top-10\",\"type\":\"visualization\",\"panelIndex\":9,\"size_x\":4,\"size_y\":3,\"col\":1,\"row\":14},{\"id\":\"Honeypot-Events\",\"type\":\"visualization\",\"panelIndex\":10,\"size_x\":4,\"size_y\":3,\"col\":5,\"row\":14},{\"id\":\"Honeypot-Countries-Top-10\",\"type\":\"visualization\",\"panelIndex\":11,\"size_x\":4,\"size_y\":3,\"col\":9,\"row\":14},{\"id\":\"Honeypot-Events-by-Country-Histogram\",\"type\":\"visualization\",\"panelIndex\":16,\"size_x\":12,\"size_y\":3,\"col\":1,\"row\":17},{\"id\":\"Honeypot-Map\",\"type\":\"visualization\",\"panelIndex\":17,\"size_x\":12,\"size_y\":7,\"col\":1,\"row\":23},{\"id\":\"Honeypot-by-Country-and-Port\",\"type\":\"visualization\",\"panelIndex\":18,\"size_x\":12,\"size_y\":3,\"col\":1,\"row\":30},{\"id\":\"Honeypot-Source-IP-Top-10\",\"type\":\"visualization\",\"panelIndex\":19,\"size_x\":3,\"size_y\":5,\"col\":1,\"row\":33},{\"id\":\"Honeypot-ASN-Top-10\",\"type\":\"visualization\",\"panelIndex\":20,\"size_x\":4,\"size_y\":5,\"col\":4,\"row\":33},{\"id\":\"Suricata-Alert-Signature-Top-10\",\"type\":\"visualization\",\"panelIndex\":21,\"size_x\":5,\"size_y\":5,\"col\":8,\"row\":33},{\"id\":\"Honeypot-Logs\",\"type\":\"search\",\"panelIndex\":22,\"size_x\":12,\"size_y\":7,\"col\":1,\"row\":38,\"columns\":[\"_source\"],\"sort\":[\"@timestamp\",\"desc\"]},{\"id\":\"ConPot-Event-Counter\",\"type\":\"visualization\",\"panelIndex\":23,\"size_x\":3,\"size_y\":2,\"col\":1,\"row\":6},{\"id\":\"eMobility-Event-Counter\",\"type\":\"visualization\",\"panelIndex\":24,\"size_x\":3,\"size_y\":2,\"col\":4,\"row\":6},{\"id\":\"Suricata-Alert-Category-Histogram-Top-10\",\"type\":\"visualization\",\"panelIndex\":25,\"size_x\":12,\"size_y\":3,\"col\":1,\"row\":20},{\"id\":\"Welcome-to-T-Pot\",\"type\":\"visualization\",\"panelIndex\":26,\"size_x\":12,\"size_y\":5,\"col\":1,\"row\":1}]" ,
2016-03-15 12:50:43 +00:00
"optionsJSON" : "{\"darkTheme\":true}" ,
2016-10-26 14:07:05 +00:00
"uiStateJSON" : "{\"P-23\":{\"spy\":{\"mode\":{\"name\":null,\"fill\":false}}}}" ,
2016-03-15 12:50:43 +00:00
"version" : 1 ,
2016-10-26 14:07:05 +00:00
"timeRestore" : false ,
2016-03-15 12:50:43 +00:00
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : "{\"filter\":[{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}}}]}"
}
}
} ,
{
2016-10-26 14:07:05 +00:00
"_id" : "Default" ,
2016-03-15 12:50:43 +00:00
"_type" : "dashboard" ,
"_source" : {
2016-10-26 14:07:05 +00:00
"title" : "Default" ,
2016-03-15 12:50:43 +00:00
"hits" : 0 ,
"description" : "" ,
2016-10-26 14:07:05 +00:00
"panelsJSON" : "[{\"col\":1,\"id\":\"Cowrie-Event-Counter\",\"panelIndex\":1,\"row\":6,\"size_x\":2,\"size_y\":2,\"type\":\"visualization\"},{\"col\":3,\"id\":\"Dionaea-Event-Counter\",\"panelIndex\":2,\"row\":6,\"size_x\":2,\"size_y\":2,\"type\":\"visualization\"},{\"col\":5,\"id\":\"ElasticPot-Event-Counter\",\"panelIndex\":3,\"row\":6,\"size_x\":2,\"size_y\":2,\"type\":\"visualization\"},{\"col\":7,\"id\":\"Glastopf-Event-Counter\",\"panelIndex\":4,\"row\":6,\"size_x\":2,\"size_y\":2,\"type\":\"visualization\"},{\"col\":9,\"id\":\"Honeytrap-Event-Counter\",\"panelIndex\":5,\"row\":6,\"size_x\":2,\"size_y\":2,\"type\":\"visualization\"},{\"col\":11,\"id\":\"Suricata-Event-Counter\",\"panelIndex\":6,\"row\":6,\"size_x\":2,\"size_y\":2,\"type\":\"visualization\"},{\"col\":1,\"id\":\"Honeypot-Events-Histogram\",\"panelIndex\":7,\"row\":8,\"size_x\":12,\"size_y\":3,\"type\":\"visualization\"},{\"id\":\"Honeypot-Destination-Ports-Histogram\",\"type\":\"visualization\",\"panelIndex\":8,\"size_x\":12,\"size_y\":3,\"col\":1,\"row\":11},{\"id\":\"P0f-OS-Top-10\",\"type\":\"visualization\",\"panelIndex\":9,\"size_x\":4,\"size_y\":3,\"col\":1,\"row\":14},{\"id\":\"Honeypot-Events\",\"type\":\"visualization\",\"panelIndex\":10,\"size_x\":4,\"size_y\":3,\"col\":5,\"row\":14},{\"id\":\"Honeypot-Countries-Top-10\",\"type\":\"visualization\",\"panelIndex\":11,\"size_x\":4,\"size_y\":3,\"col\":9,\"row\":14},{\"id\":\"Cowrie-Username-Tagcloud\",\"type\":\"visualization\",\"panelIndex\":12,\"size_x\":3,\"size_y\":3,\"col\":1,\"row\":17},{\"id\":\"Cowrie-Password-Tagcloud\",\"type\":\"visualization\",\"panelIndex\":13,\"size_x\":3,\"size_y\":3,\"col\":4,\"row\":17},{\"id\":\"Dionaea-Username-Tagcloud\",\"type\":\"visualization\",\"panelIndex\":14,\"size_x\":3,\"size_y\":3,\"col\":7,\"row\":17},{\"id\":\"Dionaea-Password-Tagcloud\",\"type\":\"visualization\",\"panelIndex\":15,\"size_x\":3,\"size_y\":3,\"col\":10,\"row\":17},{\"id\":\"Honeypot-Events-by-Country-Histogram\",\"type\":\"visualization\",\"panelIndex\":16,\"size_x\":12,\"size_y\":3,\"col\":1,\"row\":23},{\"id\":\"Honeypot-Map\",\"type\":\"visualization\",\"panelIndex\":17,\"size_x\":12,\"size_y\":7,\"col\":1,\"row\":26},{\"id\":\"Honeypot-by-Country-and-Port\",\"type\":\"visualization\",\"panelIndex\":18,\"size_x\":12,\"size_y\":3,\"col\":1,\"row\":33},{\"id\":\"Honeypot-Source-IP-Top-10\",\"type\":\"visualization\",\"panelIndex\":19,\"size_x\":3,\"size_y\":5,\"col\":1,\"row\":36},{\"id\":\"Honeypot-ASN-Top-10\",\"type\":\"visualization\",\"panelIndex\":20,\"size_x\":4,\"size_y\":5,\"col\":4,\"row\":36},{\"id\":\"Suricata-Alert-Signature-Top-10\",\"type\":\"visualization\",\"panelIndex\":21,\"size_x\":5,\"size_y\":5,\"col\":8,\"row\":36},{\"id\":\"Honeypot-Logs\",\"type\":\"search\",\"panelIndex\":22,\"size_x\":12,\"size_y\":7,\"col\":1,\"row\":41,\"columns\":[\"_source\"],\"sort\":[\"@timestamp\",\"desc\"]},{\"id\":\"Suricata-Alert-Category-Histogram-Top-10\",\"type\":\"visualization\",\"panelIndex\":23,\"size_x\":12,\"size_y\":3,\"col\":1,\"row\":20},{\"id\":\"Welcome-to-T-Pot\",\"type\":\"visualization\",\"panelIndex\":24,\"size_x\":12,\"size_y\":5,\"col\":1,\"row\":1}]" ,
"optionsJSON" : "{\"darkTheme\":true}" ,
2016-03-15 12:50:43 +00:00
"uiStateJSON" : "{}" ,
"version" : 1 ,
"timeRestore" : true ,
"timeTo" : "now" ,
"timeFrom" : "now-24h" ,
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : "{\"filter\":[{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}}}]}"
}
}
} ,
{
2016-10-26 14:07:05 +00:00
"_id" : ">T-Pot-Standard" ,
2016-03-15 12:50:43 +00:00
"_type" : "dashboard" ,
"_source" : {
2016-10-26 14:07:05 +00:00
"title" : ">T-Pot - Standard" ,
2016-03-15 12:50:43 +00:00
"hits" : 0 ,
"description" : "" ,
2016-10-26 14:07:05 +00:00
"panelsJSON" : "[{\"col\":1,\"id\":\"Cowrie-Event-Counter\",\"panelIndex\":1,\"row\":6,\"size_x\":2,\"size_y\":2,\"type\":\"visualization\"},{\"col\":3,\"id\":\"Dionaea-Event-Counter\",\"panelIndex\":2,\"row\":6,\"size_x\":2,\"size_y\":2,\"type\":\"visualization\"},{\"col\":5,\"id\":\"ElasticPot-Event-Counter\",\"panelIndex\":3,\"row\":6,\"size_x\":2,\"size_y\":2,\"type\":\"visualization\"},{\"col\":7,\"id\":\"Glastopf-Event-Counter\",\"panelIndex\":4,\"row\":6,\"size_x\":2,\"size_y\":2,\"type\":\"visualization\"},{\"col\":9,\"id\":\"Honeytrap-Event-Counter\",\"panelIndex\":5,\"row\":6,\"size_x\":2,\"size_y\":2,\"type\":\"visualization\"},{\"col\":11,\"id\":\"Suricata-Event-Counter\",\"panelIndex\":6,\"row\":6,\"size_x\":2,\"size_y\":2,\"type\":\"visualization\"},{\"col\":1,\"id\":\"Honeypot-Events-Histogram\",\"panelIndex\":7,\"row\":8,\"size_x\":12,\"size_y\":3,\"type\":\"visualization\"},{\"id\":\"Honeypot-Destination-Ports-Histogram\",\"type\":\"visualization\",\"panelIndex\":8,\"size_x\":12,\"size_y\":3,\"col\":1,\"row\":11},{\"id\":\"P0f-OS-Top-10\",\"type\":\"visualization\",\"panelIndex\":9,\"size_x\":4,\"size_y\":3,\"col\":1,\"row\":14},{\"id\":\"Honeypot-Events\",\"type\":\"visualization\",\"panelIndex\":10,\"size_x\":4,\"size_y\":3,\"col\":5,\"row\":14},{\"id\":\"Honeypot-Countries-Top-10\",\"type\":\"visualization\",\"panelIndex\":11,\"size_x\":4,\"size_y\":3,\"col\":9,\"row\":14},{\"id\":\"Cowrie-Username-Tagcloud\",\"type\":\"visualization\",\"panelIndex\":12,\"size_x\":3,\"size_y\":3,\"col\":1,\"row\":17},{\"id\":\"Cowrie-Password-Tagcloud\",\"type\":\"visualization\",\"panelIndex\":13,\"size_x\":3,\"size_y\":3,\"col\":4,\"row\":17},{\"id\":\"Dionaea-Username-Tagcloud\",\"type\":\"visualization\",\"panelIndex\":14,\"size_x\":3,\"size_y\":3,\"col\":7,\"row\":17},{\"id\":\"Dionaea-Password-Tagcloud\",\"type\":\"visualization\",\"panelIndex\":15,\"size_x\":3,\"size_y\":3,\"col\":10,\"row\":17},{\"id\":\"Honeypot-Events-by-Country-Histogram\",\"type\":\"visualization\",\"panelIndex\":16,\"size_x\":12,\"size_y\":3,\"col\":1,\"row\":23},{\"id\":\"Honeypot-Map\",\"type\":\"visualization\",\"panelIndex\":17,\"size_x\":12,\"size_y\":7,\"col\":1,\"row\":26},{\"id\":\"Honeypot-by-Country-and-Port\",\"type\":\"visualization\",\"panelIndex\":18,\"size_x\":12,\"size_y\":3,\"col\":1,\"row\":33},{\"id\":\"Honeypot-Source-IP-Top-10\",\"type\":\"visualization\",\"panelIndex\":19,\"size_x\":3,\"size_y\":5,\"col\":1,\"row\":36},{\"id\":\"Honeypot-ASN-Top-10\",\"type\":\"visualization\",\"panelIndex\":20,\"size_x\":4,\"size_y\":5,\"col\":4,\"row\":36},{\"id\":\"Suricata-Alert-Signature-Top-10\",\"type\":\"visualization\",\"panelIndex\":21,\"size_x\":5,\"size_y\":5,\"col\":8,\"row\":36},{\"id\":\"Honeypot-Logs\",\"type\":\"search\",\"panelIndex\":22,\"size_x\":12,\"size_y\":7,\"col\":1,\"row\":41,\"columns\":[\"_source\"],\"sort\":[\"@timestamp\",\"desc\"]},{\"id\":\"Suricata-Alert-Category-Histogram-Top-10\",\"type\":\"visualization\",\"panelIndex\":23,\"size_x\":12,\"size_y\":3,\"col\":1,\"row\":20},{\"id\":\"Welcome-to-T-Pot\",\"type\":\"visualization\",\"panelIndex\":24,\"size_x\":12,\"size_y\":5,\"col\":1,\"row\":1}]" ,
2016-03-15 12:50:43 +00:00
"optionsJSON" : "{\"darkTheme\":true}" ,
"uiStateJSON" : "{}" ,
"version" : 1 ,
2016-10-26 14:07:05 +00:00
"timeRestore" : false ,
2016-03-15 12:50:43 +00:00
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : "{\"filter\":[{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}}}]}"
}
}
} ,
{
2016-10-26 14:07:05 +00:00
"_id" : ">T-Pot-Everything" ,
2016-03-15 12:50:43 +00:00
"_type" : "dashboard" ,
"_source" : {
2016-10-26 14:07:05 +00:00
"title" : ">T-Pot - Everything" ,
2016-03-15 12:50:43 +00:00
"hits" : 0 ,
"description" : "" ,
2016-10-26 14:07:05 +00:00
"panelsJSON" : "[{\"col\":4,\"id\":\"Cowrie-Event-Counter\",\"panelIndex\":1,\"row\":6,\"size_x\":3,\"size_y\":2,\"type\":\"visualization\"},{\"col\":7,\"id\":\"Dionaea-Event-Counter\",\"panelIndex\":2,\"row\":6,\"size_x\":3,\"size_y\":2,\"type\":\"visualization\"},{\"col\":10,\"id\":\"ElasticPot-Event-Counter\",\"panelIndex\":3,\"row\":6,\"size_x\":3,\"size_y\":2,\"type\":\"visualization\"},{\"col\":4,\"id\":\"Glastopf-Event-Counter\",\"panelIndex\":4,\"row\":8,\"size_x\":3,\"size_y\":2,\"type\":\"visualization\"},{\"col\":7,\"id\":\"Honeytrap-Event-Counter\",\"panelIndex\":5,\"row\":8,\"size_x\":3,\"size_y\":2,\"type\":\"visualization\"},{\"col\":10,\"id\":\"Suricata-Event-Counter\",\"panelIndex\":6,\"row\":8,\"size_x\":3,\"size_y\":2,\"type\":\"visualization\"},{\"col\":1,\"id\":\"Honeypot-Events-Histogram\",\"panelIndex\":7,\"row\":10,\"size_x\":12,\"size_y\":3,\"type\":\"visualization\"},{\"col\":1,\"id\":\"Honeypot-Destination-Ports-Histogram\",\"panelIndex\":8,\"row\":13,\"size_x\":12,\"size_y\":3,\"type\":\"visualization\"},{\"col\":1,\"id\":\"P0f-OS-Top-10\",\"panelIndex\":9,\"row\":16,\"size_x\":4,\"size_y\":3,\"type\":\"visualization\"},{\"col\":5,\"id\":\"Honeypot-Events\",\"panelIndex\":10,\"row\":16,\"size_x\":4,\"size_y\":3,\"type\":\"visualization\"},{\"col\":9,\"id\":\"Honeypot-Countries-Top-10\",\"panelIndex\":11,\"row\":16,\"size_x\":4,\"size_y\":3,\"type\":\"visualization\"},{\"col\":1,\"id\":\"Cowrie-Username-Tagcloud\",\"panelIndex\":12,\"row\":19,\"size_x\":3,\"size_y\":3,\"type\":\"visualization\"},{\"col\":4,\"id\":\"Cowrie-Password-Tagcloud\",\"panelIndex\":13,\"row\":19,\"size_x\":3,\"size_y\":3,\"type\":\"visualization\"},{\"col\":7,\"id\":\"Dionaea-Username-Tagcloud\",\"panelIndex\":14,\"row\":19,\"size_x\":3,\"size_y\":3,\"type\":\"visualization\"},{\"col\":10,\"id\":\"Dionaea-Password-Tagcloud\",\"panelIndex\":15,\"row\":19,\"size_x\":3,\"size_y\":3,\"type\":\"visualization\"},{\"col\":1,\"id\":\"Honeypot-Events-by-Country-Histogram\",\"panelIndex\":16,\"row\":25,\"size_x\":12,\"size_y\":3,\"type\":\"visualization\"},{\"col\":1,\"id\":\"Honeypot-Map\",\"panelIndex\":17,\"row\":28,\"size_x\":12,\"size_y\":7,\"type\":\"visualization\"},{\"col\":1,\"id\":\"Honeypot-by-Country-and-Port\",\"panelIndex\":18,\"row\":35,\"size_x\":12,\"size_y\":3,\"type\":\"visualization\"},{\"col\":1,\"id\":\"Honeypot-Source-IP-Top-10\",\"panelIndex\":19,\"row\":38,\"size_x\":3,\"size_y\":5,\"type\":\"visualization\"},{\"col\":4,\"id\":\"Honeypot-ASN-Top-10\",\"panelIndex\":20,\"row\":38,\"size_x\":4,\"size_y\":5,\"type\":\"visualization\"},{\"col\":8,\"id\":\"Suricata-Alert-Signature-Top-10\",\"panelIndex\":21,\"row\":38,\"size_x\":5,\"size_y\":5,\"type\":\"visualization\"},{\"col\":1,\"columns\":[\"_source\"],\"id\":\"Honeypot-Logs\",\"panelIndex\":22,\"row\":43,\"size_x\":12,\"size_y\":7,\"sort\":[\"@timestamp\",\"desc\"],\"type\":\"search\"},{\"col\":1,\"id\":\"ConPot-Event-Counter\",\"panelIndex\":23,\"row\":6,\"size_x\":3,\"size_y\":2,\"type\":\"visualization\"},{\"col\":1,\"id\":\"eMobility-Event-Counter\",\"panelIndex\":24,\"row\":8,\"size_x\":3,\"size_y\":2,\"type\":\"visualization\"},{\"col\":1,\"id\":\"Suricata-Alert-Category-Histogram-Top-10\",\"panelIndex\":25,\"row\":22,\"size_x\":12,\"size_y\":3,\"type\":\"visualization\"},{\"col\":1,\"id\":\"Welcome-to-T-Pot\",\"panelIndex\":26,\"row\":1,\"size_x\":12,\"size_y\":5,\"type\":\"visualization\"}]" ,
2016-03-15 12:50:43 +00:00
"optionsJSON" : "{\"darkTheme\":true}" ,
2016-10-26 14:07:05 +00:00
"uiStateJSON" : "{\"P-23\":{\"spy\":{\"mode\":{\"fill\":false,\"name\":null}}}}" ,
2016-03-15 12:50:43 +00:00
"version" : 1 ,
2016-10-26 14:07:05 +00:00
"timeRestore" : false ,
2016-03-15 12:50:43 +00:00
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : "{\"filter\":[{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}}}]}"
}
}
} ,
{
2016-10-26 14:07:05 +00:00
"_id" : "Syslog" ,
2016-03-15 12:50:43 +00:00
"_type" : "dashboard" ,
"_source" : {
2016-10-26 14:07:05 +00:00
"title" : "Syslog" ,
2016-03-15 12:50:43 +00:00
"hits" : 0 ,
"description" : "" ,
2016-10-26 14:07:05 +00:00
"panelsJSON" : "[{\"col\":1,\"id\":\"Syslog-Events-Histogram\",\"panelIndex\":1,\"row\":1,\"size_x\":12,\"size_y\":3,\"type\":\"visualization\"},{\"col\":1,\"id\":\"Syslog-SSH-Events-Histogram\",\"panelIndex\":2,\"row\":4,\"size_x\":12,\"size_y\":3,\"type\":\"visualization\"},{\"col\":1,\"id\":\"Syslog-Countries-Top-10\",\"panelIndex\":3,\"row\":7,\"size_x\":4,\"size_y\":3,\"type\":\"visualization\"},{\"col\":1,\"id\":\"Syslog-Events-by-Country-Histogram\",\"panelIndex\":4,\"row\":10,\"size_x\":12,\"size_y\":3,\"type\":\"visualization\"},{\"col\":5,\"id\":\"Syslog-Program-Top-10\",\"panelIndex\":6,\"row\":7,\"size_x\":4,\"size_y\":3,\"type\":\"visualization\"},{\"col\":1,\"columns\":[\"_source\"],\"id\":\"Syslog-Logs\",\"panelIndex\":7,\"row\":26,\"size_x\":12,\"size_y\":7,\"sort\":[\"@timestamp\",\"desc\"],\"type\":\"search\"},{\"col\":1,\"id\":\"Syslog-Map\",\"panelIndex\":8,\"row\":13,\"size_x\":12,\"size_y\":7,\"type\":\"visualization\"},{\"col\":7,\"id\":\"Syslog-ASN-Top-10\",\"panelIndex\":9,\"row\":20,\"size_x\":6,\"size_y\":6,\"type\":\"visualization\"},{\"col\":1,\"id\":\"Syslog-Source-IP-Top-10\",\"panelIndex\":10,\"row\":20,\"size_x\":6,\"size_y\":6,\"type\":\"visualization\"},{\"col\":9,\"id\":\"Syslog-Username-Tagcloud\",\"panelIndex\":11,\"row\":7,\"size_x\":4,\"size_y\":3,\"type\":\"visualization\"}]" ,
2016-03-15 12:50:43 +00:00
"optionsJSON" : "{\"darkTheme\":true}" ,
"uiStateJSON" : "{}" ,
"version" : 1 ,
"timeRestore" : true ,
"timeTo" : "now" ,
"timeFrom" : "now-24h" ,
"kibanaSavedObjectMeta" : {
2016-10-26 14:07:05 +00:00
"searchSourceJSON" : "{\"filter\":[{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}}}]}"
2016-03-15 12:50:43 +00:00
}
}
} ,
{
2016-10-26 14:07:05 +00:00
"_id" : "Suricata" ,
2016-03-15 12:50:43 +00:00
"_type" : "dashboard" ,
"_source" : {
2016-10-26 14:07:05 +00:00
"title" : "Suricata" ,
2016-03-15 12:50:43 +00:00
"hits" : 0 ,
"description" : "" ,
2016-10-26 14:07:05 +00:00
"panelsJSON" : "[{\"col\":1,\"id\":\"Suricata-Event-Counter\",\"panelIndex\":1,\"row\":1,\"size_x\":3,\"size_y\":3,\"type\":\"visualization\"},{\"col\":4,\"id\":\"Suricata-Events-Histogram\",\"panelIndex\":2,\"row\":1,\"size_x\":9,\"size_y\":3,\"type\":\"visualization\"},{\"col\":1,\"id\":\"Suricata-Destination-Ports-Histogram\",\"panelIndex\":3,\"row\":4,\"size_x\":12,\"size_y\":3,\"type\":\"visualization\"},{\"col\":1,\"id\":\"Suricata-Alert-Category-Histogram-Top-10\",\"panelIndex\":4,\"row\":7,\"size_x\":12,\"size_y\":3,\"type\":\"visualization\"},{\"col\":4,\"id\":\"Suricata-Countries-Top-10\",\"panelIndex\":9,\"row\":13,\"size_x\":3,\"size_y\":3,\"type\":\"visualization\"},{\"col\":7,\"id\":\"Suricata-Fileinfo-Magic-Top-10\",\"panelIndex\":12,\"row\":13,\"size_x\":3,\"size_y\":3,\"type\":\"visualization\"},{\"col\":1,\"id\":\"Suricata-HTTP-Content-Type-Top-10\",\"panelIndex\":14,\"row\":10,\"size_x\":3,\"size_y\":3,\"type\":\"visualization\"},{\"col\":4,\"id\":\"Suricata-HTTP-Hostname-Pie-Top-10\",\"panelIndex\":15,\"row\":10,\"size_x\":3,\"size_y\":3,\"type\":\"visualization\"},{\"col\":7,\"id\":\"Suricata-HTTP-Method-Pie-Top-10\",\"panelIndex\":16,\"row\":10,\"size_x\":3,\"size_y\":3,\"type\":\"visualization\"},{\"col\":10,\"id\":\"Suricata-HTTP-User-Agent-Pie-Top-10\",\"panelIndex\":18,\"row\":10,\"size_x\":3,\"size_y\":3,\"type\":\"visualization\"},{\"col\":10,\"id\":\"Suricata-SSH-Client-Software-Version-Pie-Top-10\",\"panelIndex\":19,\"row\":13,\"size_x\":3,\"size_y\":3,\"type\":\"visualization\"},{\"col\":1,\"id\":\"Suricata-TLS-Version\",\"panelIndex\":20,\"row\":13,\"size_x\":3,\"size_y\":3,\"type\":\"visualization\"},{\"col\":1,\"id\":\"Suricata-Events-by-Country-Histogram\",\"panelIndex\":22,\"row\":16,\"size_x\":12,\"size_y\":3,\"type\":\"visualization\"},{\"col\":1,\"id\":\"Suricata-Map\",\"panelIndex\":23,\"row\":19,\"size_x\":12,\"size_y\":7,\"type\":\"visualization\"},{\"col\":1,\"id\":\"Suricata-Source-IP-Top-10\",\"panelIndex\":24,\"row\":26,\"size_x\":4,\"size_y\":6,\"type\":\"visualization\"},{\"col\":5,\"id\":\"Suricata-ASN-Top-10\",\"panelIndex\":25,\"row\":26,\"size_x\":4,\"size_y\":6,\"type\":\"visualization\"},{\"col\":9,\"id\":\"Suricata-Alert-Signature-Top-10\",\"panelIndex\":26,\"row\":26,\"size_x\":4,\"size_y\":6,\"type\":\"visualization\"},{\"col\":1,\"columns\":[\"_source\"],\"id\":\"Suricata-Logs\",\"panelIndex\":27,\"row\":32,\"size_x\":12,\"size_y\":6,\"sort\":[\"@timestamp\",\"desc\"],\"type\":\"search\"}]" ,
"optionsJSON" : "{\"darkTheme\":true}" ,
2016-03-15 12:50:43 +00:00
"uiStateJSON" : "{}" ,
"version" : 1 ,
"timeRestore" : true ,
"timeTo" : "now" ,
"timeFrom" : "now-24h" ,
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : "{\"filter\":[{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}}}]}"
}
}
} ,
{
2016-10-26 14:07:05 +00:00
"_id" : "NGINX" ,
2016-03-15 12:50:43 +00:00
"_type" : "dashboard" ,
"_source" : {
2016-10-26 14:07:05 +00:00
"title" : "NGINX" ,
2016-03-15 12:50:43 +00:00
"hits" : 0 ,
"description" : "" ,
2016-10-26 14:07:05 +00:00
"panelsJSON" : "[{\"col\":1,\"id\":\"NGINX-Event-Counter\",\"panelIndex\":1,\"row\":1,\"size_x\":3,\"size_y\":3,\"type\":\"visualization\"},{\"col\":4,\"id\":\"NGINX-Events-Histogram\",\"panelIndex\":2,\"row\":1,\"size_x\":9,\"size_y\":3,\"type\":\"visualization\"},{\"col\":1,\"id\":\"NGINX-HTTP-Method-Pie-Top-10\",\"panelIndex\":3,\"row\":7,\"size_x\":3,\"size_y\":3,\"type\":\"visualization\"},{\"col\":4,\"id\":\"NGINX-HTTP-Status-Code-Pie-Top-10\",\"panelIndex\":4,\"row\":7,\"size_x\":3,\"size_y\":3,\"type\":\"visualization\"},{\"col\":7,\"id\":\"NGINX-HTTP-User-Agent-Pie-Top-10\",\"panelIndex\":5,\"row\":7,\"size_x\":3,\"size_y\":3,\"type\":\"visualization\"},{\"col\":9,\"id\":\"NGINX-Username-Tagcloud\",\"panelIndex\":6,\"row\":4,\"size_x\":4,\"size_y\":3,\"type\":\"visualization\"},{\"col\":1,\"id\":\"NGINX-ASN-Top-10\",\"panelIndex\":7,\"row\":16,\"size_x\":6,\"size_y\":5,\"type\":\"visualization\"},{\"col\":7,\"id\":\"NGINX-Source-IP-Top-10\",\"panelIndex\":8,\"row\":16,\"size_x\":6,\"size_y\":5,\"type\":\"visualization\"},{\"col\":1,\"id\":\"NGINX-Map\",\"panelIndex\":9,\"row\":10,\"size_x\":12,\"size_y\":6,\"type\":\"visualization\"},{\"col\":1,\"columns\":[\"_source\"],\"id\":\"NGINX-Logs\",\"panelIndex\":10,\"row\":21,\"size_x\":12,\"size_y\":6,\"sort\":[\"@timestamp\",\"desc\"],\"type\":\"search\"},{\"col\":5,\"id\":\"NGINX-Top-Users-Histogram\",\"panelIndex\":12,\"row\":4,\"size_x\":4,\"size_y\":3,\"type\":\"visualization\"},{\"col\":1,\"id\":\"NGINX-Events-by-Country-Histogram\",\"panelIndex\":13,\"row\":4,\"size_x\":4,\"size_y\":3,\"type\":\"visualization\"},{\"id\":\"NGINX-Countries-Top-10\",\"type\":\"visualization\",\"panelIndex\":14,\"size_x\":3,\"size_y\":3,\"col\":10,\"row\":7}]" ,
2016-03-15 12:50:43 +00:00
"optionsJSON" : "{\"darkTheme\":true}" ,
"uiStateJSON" : "{}" ,
"version" : 1 ,
2016-10-26 14:07:05 +00:00
"timeRestore" : false ,
2016-03-15 12:50:43 +00:00
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : "{\"filter\":[{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}}}]}"
}
}
} ,
{
"_id" : "Glastopf" ,
"_type" : "dashboard" ,
"_source" : {
"title" : "Glastopf" ,
"hits" : 0 ,
"description" : "" ,
2016-10-26 14:07:05 +00:00
"panelsJSON" : "[{\"col\":1,\"id\":\"Glastopf-Event-Counter\",\"panelIndex\":1,\"row\":1,\"size_x\":4,\"size_y\":3,\"type\":\"visualization\"},{\"col\":5,\"id\":\"Glastopf-Events-Histogram\",\"panelIndex\":2,\"row\":1,\"size_x\":8,\"size_y\":3,\"type\":\"visualization\"},{\"col\":1,\"id\":\"Glastopf-Countries-Top-10\",\"panelIndex\":3,\"row\":4,\"size_x\":4,\"size_y\":3,\"type\":\"visualization\"},{\"col\":1,\"id\":\"Glastopf-Map\",\"panelIndex\":5,\"row\":7,\"size_x\":12,\"size_y\":7,\"type\":\"visualization\"},{\"col\":1,\"id\":\"Glastop-Source-IP-Top-10\",\"panelIndex\":6,\"row\":14,\"size_x\":6,\"size_y\":5,\"type\":\"visualization\"},{\"col\":7,\"id\":\"Glastopf-ASN-Top-10\",\"panelIndex\":7,\"row\":14,\"size_x\":6,\"size_y\":5,\"type\":\"visualization\"},{\"col\":1,\"columns\":[\"_source\"],\"id\":\"Glastopf-Logs\",\"panelIndex\":8,\"row\":19,\"size_x\":12,\"size_y\":7,\"sort\":[\"@timestamp\",\"desc\"],\"type\":\"search\"},{\"id\":\"Glastopf-Events-by-Country-Histogram\",\"type\":\"visualization\",\"panelIndex\":9,\"size_x\":8,\"size_y\":3,\"col\":5,\"row\":4}]" ,
2016-03-15 12:50:43 +00:00
"optionsJSON" : "{\"darkTheme\":true}" ,
"uiStateJSON" : "{}" ,
"version" : 1 ,
2016-10-26 14:07:05 +00:00
"timeRestore" : false ,
2016-03-15 12:50:43 +00:00
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : "{\"filter\":[{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}}}]}"
}
}
} ,
{
"_id" : "ElasticPot" ,
"_type" : "dashboard" ,
"_source" : {
"title" : "ElasticPot" ,
"hits" : 0 ,
"description" : "" ,
2016-10-26 14:07:05 +00:00
"panelsJSON" : "[{\"col\":1,\"id\":\"ElasticPot-Event-Counter\",\"panelIndex\":1,\"row\":1,\"size_x\":4,\"size_y\":3,\"type\":\"visualization\"},{\"col\":5,\"id\":\"ElasticPot-Events-Histogram\",\"panelIndex\":2,\"row\":1,\"size_x\":8,\"size_y\":3,\"type\":\"visualization\"},{\"col\":1,\"id\":\"ElasticPot-Countries-Top-10\",\"panelIndex\":3,\"row\":4,\"size_x\":4,\"size_y\":3,\"type\":\"visualization\"},{\"col\":5,\"id\":\"ElasticPot-Events-by-Country-Histogram\",\"panelIndex\":4,\"row\":4,\"size_x\":8,\"size_y\":3,\"type\":\"visualization\"},{\"col\":1,\"id\":\"ElasticPot-Map\",\"panelIndex\":5,\"row\":12,\"size_x\":12,\"size_y\":7,\"type\":\"visualization\"},{\"col\":1,\"id\":\"ElasticPot-Source-IP-Top-10\",\"panelIndex\":6,\"row\":19,\"size_x\":6,\"size_y\":6,\"type\":\"visualization\"},{\"col\":7,\"id\":\"ElasticPot-ASN-Top-10\",\"panelIndex\":7,\"row\":19,\"size_x\":6,\"size_y\":6,\"type\":\"visualization\"},{\"id\":\"ElasticPot-Logs\",\"type\":\"search\",\"panelIndex\":8,\"size_x\":12,\"size_y\":7,\"col\":1,\"row\":25,\"columns\":[\"_source\"],\"sort\":[\"@timestamp\",\"desc\"]},{\"id\":\"ElasticPot-Query-Top-10\",\"type\":\"visualization\",\"panelIndex\":9,\"size_x\":12,\"size_y\":5,\"col\":1,\"row\":7}]" ,
2016-03-15 12:50:43 +00:00
"optionsJSON" : "{\"darkTheme\":true}" ,
"uiStateJSON" : "{}" ,
"version" : 1 ,
2016-10-26 14:07:05 +00:00
"timeRestore" : false ,
2016-03-15 12:50:43 +00:00
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : "{\"filter\":[{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}}}]}"
}
}
} ,
{
2016-10-26 14:07:05 +00:00
"_id" : "eMobility" ,
2016-03-15 12:50:43 +00:00
"_type" : "dashboard" ,
"_source" : {
2016-10-26 14:07:05 +00:00
"title" : "eMobility" ,
2016-03-15 12:50:43 +00:00
"hits" : 0 ,
"description" : "" ,
2016-10-26 14:07:05 +00:00
"panelsJSON" : "[{\"col\":1,\"id\":\"eMobility-Event-Counter\",\"panelIndex\":1,\"row\":1,\"size_x\":4,\"size_y\":3,\"type\":\"visualization\"},{\"col\":5,\"id\":\"eMobility-Events-Histogram\",\"panelIndex\":2,\"row\":1,\"size_x\":8,\"size_y\":3,\"type\":\"visualization\"},{\"col\":1,\"id\":\"eMobility-Countries-Top-10\",\"panelIndex\":3,\"row\":4,\"size_x\":4,\"size_y\":3,\"type\":\"visualization\"},{\"col\":5,\"id\":\"eMobility-Events-by-Country-Histogram\",\"panelIndex\":4,\"row\":4,\"size_x\":8,\"size_y\":3,\"type\":\"visualization\"},{\"col\":1,\"id\":\"eMobility-Map\",\"panelIndex\":5,\"row\":7,\"size_x\":12,\"size_y\":7,\"type\":\"visualization\"},{\"col\":1,\"id\":\"eMobility-Source-IP-Top-10\",\"panelIndex\":6,\"row\":14,\"size_x\":6,\"size_y\":6,\"type\":\"visualization\"},{\"col\":7,\"id\":\"eMobility-ASN-Top-10\",\"panelIndex\":7,\"row\":14,\"size_x\":6,\"size_y\":6,\"type\":\"visualization\"},{\"col\":1,\"columns\":[\"_source\"],\"id\":\"eMobility-Logs\",\"panelIndex\":8,\"row\":20,\"size_x\":12,\"size_y\":7,\"sort\":[\"@timestamp\",\"desc\"],\"type\":\"search\"}]" ,
2016-03-15 12:50:43 +00:00
"optionsJSON" : "{\"darkTheme\":true}" ,
"uiStateJSON" : "{}" ,
"version" : 1 ,
"timeRestore" : true ,
"timeTo" : "now" ,
"timeFrom" : "now-24h" ,
"kibanaSavedObjectMeta" : {
2016-10-26 14:07:05 +00:00
"searchSourceJSON" : "{\"filter\":[{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}}}]}"
2016-03-15 12:50:43 +00:00
}
}
} ,
{
2016-10-26 14:07:05 +00:00
"_id" : "ConPot" ,
2016-03-15 12:50:43 +00:00
"_type" : "dashboard" ,
"_source" : {
2016-10-26 14:07:05 +00:00
"title" : "ConPot" ,
2016-03-15 12:50:43 +00:00
"hits" : 0 ,
"description" : "" ,
2016-10-26 14:07:05 +00:00
"panelsJSON" : "[{\"id\":\"ConPot-Event-Counter\",\"type\":\"visualization\",\"panelIndex\":1,\"size_x\":3,\"size_y\":3,\"col\":1,\"row\":1},{\"id\":\"ConPot-Events-Histogram\",\"type\":\"visualization\",\"panelIndex\":2,\"size_x\":9,\"size_y\":3,\"col\":4,\"row\":1},{\"id\":\"ConPot-Countries-Top-10\",\"type\":\"visualization\",\"panelIndex\":3,\"size_x\":4,\"size_y\":3,\"col\":1,\"row\":4},{\"id\":\"ConPot-Event-Type\",\"type\":\"visualization\",\"panelIndex\":4,\"size_x\":4,\"size_y\":3,\"col\":5,\"row\":4},{\"id\":\"ConPot-Protocol\",\"type\":\"visualization\",\"panelIndex\":5,\"size_x\":4,\"size_y\":3,\"col\":9,\"row\":4},{\"id\":\"ConPot-Events-by-Country-Histogram\",\"type\":\"visualization\",\"panelIndex\":6,\"size_x\":12,\"size_y\":3,\"col\":1,\"row\":7},{\"id\":\"ConPot-Input-Top-10\",\"type\":\"visualization\",\"panelIndex\":7,\"size_x\":6,\"size_y\":5,\"col\":1,\"row\":10},{\"id\":\"ConPot-Response-Top-10\",\"type\":\"visualization\",\"panelIndex\":8,\"size_x\":6,\"size_y\":5,\"col\":7,\"row\":10},{\"id\":\"ConPot-Map\",\"type\":\"visualization\",\"panelIndex\":9,\"size_x\":12,\"size_y\":7,\"col\":1,\"row\":15},{\"id\":\"ConPot-Source-IP-Top-10\",\"type\":\"visualization\",\"panelIndex\":10,\"size_x\":6,\"size_y\":5,\"col\":1,\"row\":22},{\"id\":\"ConPot-ASN-Top-10\",\"type\":\"visualization\",\"panelIndex\":11,\"size_x\":6,\"size_y\":5,\"col\":7,\"row\":22},{\"id\":\"ConPot-Logs\",\"type\":\"search\",\"panelIndex\":12,\"size_x\":12,\"size_y\":7,\"col\":1,\"row\":27,\"columns\":[\"_source\"],\"sort\":[\"@timestamp\",\"desc\"]}]" ,
2016-03-15 12:50:43 +00:00
"optionsJSON" : "{\"darkTheme\":true}" ,
"uiStateJSON" : "{}" ,
"version" : 1 ,
2016-10-26 14:07:05 +00:00
"timeRestore" : false ,
2016-03-15 12:50:43 +00:00
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : "{\"filter\":[{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}}}]}"
}
}
} ,
{
2016-10-26 14:07:05 +00:00
"_id" : "Dionaea" ,
"_type" : "dashboard" ,
"_source" : {
"title" : "Dionaea" ,
"hits" : 0 ,
"description" : "" ,
"panelsJSON" : "[{\"col\":1,\"id\":\"Dionaea-Event-Counter\",\"panelIndex\":1,\"row\":1,\"size_x\":3,\"size_y\":3,\"type\":\"visualization\"},{\"col\":4,\"id\":\"Dionaea-Events-Histogram\",\"panelIndex\":2,\"row\":1,\"size_x\":9,\"size_y\":3,\"type\":\"visualization\"},{\"id\":\"Dionaea-Destination-Ports-Top-10\",\"type\":\"visualization\",\"panelIndex\":3,\"size_x\":3,\"size_y\":3,\"col\":1,\"row\":11},{\"id\":\"Dionaea-Protocol\",\"type\":\"visualization\",\"panelIndex\":4,\"size_x\":4,\"size_y\":3,\"col\":1,\"row\":4},{\"id\":\"Dionaea-Transport\",\"type\":\"visualization\",\"panelIndex\":5,\"size_x\":4,\"size_y\":3,\"col\":5,\"row\":4},{\"id\":\"Dionaea-Type\",\"type\":\"visualization\",\"panelIndex\":6,\"size_x\":4,\"size_y\":3,\"col\":9,\"row\":4},{\"id\":\"Dionaea-Username-Tagcloud-Large\",\"type\":\"visualization\",\"panelIndex\":7,\"size_x\":6,\"size_y\":4,\"col\":1,\"row\":7},{\"id\":\"Dionaea-Password-Tagcloud-Large\",\"type\":\"visualization\",\"panelIndex\":8,\"size_x\":6,\"size_y\":4,\"col\":7,\"row\":7},{\"id\":\"Dionaea-Destination-Ports-Histogram\",\"type\":\"visualization\",\"panelIndex\":9,\"size_x\":9,\"size_y\":3,\"col\":4,\"row\":11},{\"id\":\"Dionaea-Events-by-Country-Histogram\",\"type\":\"visualization\",\"panelIndex\":10,\"size_x\":12,\"size_y\":3,\"col\":1,\"row\":14},{\"id\":\"Dionaea-Map\",\"type\":\"visualization\",\"panelIndex\":11,\"size_x\":12,\"size_y\":7,\"col\":1,\"row\":17},{\"id\":\"Dionaea-ASN-Top-10\",\"type\":\"visualization\",\"panelIndex\":12,\"size_x\":6,\"size_y\":5,\"col\":7,\"row\":24},{\"id\":\"Dionaea-Source-IP-Top-10\",\"type\":\"visualization\",\"panelIndex\":13,\"size_x\":6,\"size_y\":5,\"col\":1,\"row\":24},{\"id\":\"Dionaea-Logs\",\"type\":\"search\",\"panelIndex\":14,\"size_x\":12,\"size_y\":7,\"col\":1,\"row\":29,\"columns\":[\"_source\"],\"sort\":[\"@timestamp\",\"desc\"]}]" ,
"optionsJSON" : "{\"darkTheme\":true}" ,
"uiStateJSON" : "{}" ,
"version" : 1 ,
"timeRestore" : false ,
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : "{\"filter\":[{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}}}]}"
}
}
} ,
{
"_id" : "ConPot-Logs" ,
2016-03-15 12:50:43 +00:00
"_type" : "search" ,
"_source" : {
2016-10-26 14:07:05 +00:00
"title" : "ConPot-Logs" ,
2016-03-15 12:50:43 +00:00
"description" : "" ,
"hits" : 0 ,
"columns" : [
"_source"
] ,
"sort" : [
"@timestamp" ,
"desc"
] ,
"version" : 1 ,
"kibanaSavedObjectMeta" : {
2016-10-26 14:07:05 +00:00
"searchSourceJSON" : "{\"index\":\"logstash-*\",\"filter\":[],\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}},\"require_field_match\":false,\"fragment_size\":2147483647},\"query\":{\"query_string\":{\"query\":\"type.raw:\\\"ConPot\\\"\",\"analyze_wildcard\":true}}}"
2016-03-15 12:50:43 +00:00
}
}
} ,
{
2016-10-26 14:07:05 +00:00
"_id" : "Cowrie-Logs" ,
2016-03-15 12:50:43 +00:00
"_type" : "search" ,
"_source" : {
2016-10-26 14:07:05 +00:00
"title" : "Cowrie-Logs" ,
2016-03-15 12:50:43 +00:00
"description" : "" ,
"hits" : 0 ,
"columns" : [
"_source"
] ,
"sort" : [
"@timestamp" ,
"desc"
] ,
"version" : 1 ,
"kibanaSavedObjectMeta" : {
2016-10-26 14:07:05 +00:00
"searchSourceJSON" : "{\"index\":\"logstash-*\",\"filter\":[],\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}},\"require_field_match\":false,\"fragment_size\":2147483647},\"query\":{\"query_string\":{\"query\":\"type.raw:\\\"Cowrie\\\"\",\"analyze_wildcard\":true}}}"
2016-03-15 12:50:43 +00:00
}
}
} ,
{
2016-10-26 14:07:05 +00:00
"_id" : "Glastopf-Logs" ,
2016-03-15 12:50:43 +00:00
"_type" : "search" ,
"_source" : {
2016-10-26 14:07:05 +00:00
"title" : "Glastopf-Logs" ,
2016-03-15 12:50:43 +00:00
"description" : "" ,
"hits" : 0 ,
"columns" : [
"_source"
] ,
"sort" : [
"@timestamp" ,
"desc"
] ,
"version" : 1 ,
"kibanaSavedObjectMeta" : {
2016-10-26 14:07:05 +00:00
"searchSourceJSON" : "{\"index\":\"logstash-*\",\"filter\":[],\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}},\"require_field_match\":false,\"fragment_size\":2147483647},\"query\":{\"query_string\":{\"query\":\"type.raw:\\\"Glastopf\\\"\",\"analyze_wildcard\":true}}}"
2016-03-15 12:50:43 +00:00
}
}
} ,
{
2016-10-26 14:07:05 +00:00
"_id" : "Dionaea-Logs" ,
2016-03-15 12:50:43 +00:00
"_type" : "search" ,
"_source" : {
2016-10-26 14:07:05 +00:00
"title" : "Dionaea-Logs" ,
2016-03-15 12:50:43 +00:00
"description" : "" ,
"hits" : 0 ,
"columns" : [
"_source"
] ,
"sort" : [
"@timestamp" ,
"desc"
] ,
"version" : 1 ,
"kibanaSavedObjectMeta" : {
2016-10-26 14:07:05 +00:00
"searchSourceJSON" : "{\"index\":\"logstash-*\",\"filter\":[],\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}},\"require_field_match\":false,\"fragment_size\":2147483647},\"query\":{\"query_string\":{\"query\":\"type.raw:\\\"Dionaea\\\"\",\"analyze_wildcard\":true}}}"
2016-03-15 12:50:43 +00:00
}
}
} ,
{
"_id" : "Honeypot-Logs" ,
"_type" : "search" ,
"_source" : {
"title" : "Honeypot-Logs" ,
"description" : "" ,
"hits" : 0 ,
"columns" : [
"_source"
] ,
"sort" : [
"@timestamp" ,
"desc"
] ,
"version" : 1 ,
"kibanaSavedObjectMeta" : {
2016-10-26 14:07:05 +00:00
"searchSourceJSON" : "{\"index\":\"logstash-*\",\"filter\":[],\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}},\"require_field_match\":false,\"fragment_size\":2147483647},\"query\":{\"query_string\":{\"query\":\"type.raw:\\\"ConPot\\\" OR type.raw:\\\"Cowrie\\\" OR type.raw:\\\"Dionaea\\\" OR type.raw:\\\"ElasticPot\\\" OR type.raw:\\\"eMobility\\\" OR type.raw:\\\"Glastopf\\\" OR type.raw:\\\"Honeytrap\\\"\",\"analyze_wildcard\":true}}}"
2016-03-15 12:50:43 +00:00
}
}
} ,
{
2016-10-26 14:07:05 +00:00
"_id" : "ElasticPot-Logs" ,
2016-03-15 12:50:43 +00:00
"_type" : "search" ,
"_source" : {
2016-10-26 14:07:05 +00:00
"title" : "ElasticPot-Logs" ,
2016-03-15 12:50:43 +00:00
"description" : "" ,
"hits" : 0 ,
"columns" : [
"_source"
] ,
"sort" : [
"@timestamp" ,
"desc"
] ,
"version" : 1 ,
"kibanaSavedObjectMeta" : {
2016-10-26 14:07:05 +00:00
"searchSourceJSON" : "{\"index\":\"logstash-*\",\"filter\":[],\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}},\"require_field_match\":false,\"fragment_size\":2147483647},\"query\":{\"query_string\":{\"query\":\"type.raw:\\\"ElasticPot\\\"\",\"analyze_wildcard\":true}}}"
2016-03-15 12:50:43 +00:00
}
}
} ,
{
2016-10-26 14:07:05 +00:00
"_id" : "Honeytrap-Logs" ,
2016-03-15 12:50:43 +00:00
"_type" : "search" ,
"_source" : {
2016-10-26 14:07:05 +00:00
"title" : "Honeytrap-Logs" ,
2016-03-15 12:50:43 +00:00
"description" : "" ,
"hits" : 0 ,
"columns" : [
"_source"
] ,
"sort" : [
"@timestamp" ,
"desc"
] ,
"version" : 1 ,
"kibanaSavedObjectMeta" : {
2016-10-26 14:07:05 +00:00
"searchSourceJSON" : "{\"index\":\"logstash-*\",\"filter\":[],\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}},\"require_field_match\":false,\"fragment_size\":2147483647},\"query\":{\"query_string\":{\"query\":\"type.raw:\\\"Honeytrap\\\"\",\"analyze_wildcard\":true}}}"
2016-03-15 12:50:43 +00:00
}
}
} ,
{
2016-10-26 14:07:05 +00:00
"_id" : "eMobility-Logs" ,
2016-03-15 12:50:43 +00:00
"_type" : "search" ,
"_source" : {
2016-10-26 14:07:05 +00:00
"title" : "eMobility-Logs" ,
2016-03-15 12:50:43 +00:00
"description" : "" ,
"hits" : 0 ,
"columns" : [
"_source"
] ,
"sort" : [
"@timestamp" ,
"desc"
] ,
"version" : 1 ,
"kibanaSavedObjectMeta" : {
2016-10-26 14:07:05 +00:00
"searchSourceJSON" : "{\"index\":\"logstash-*\",\"filter\":[],\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}},\"require_field_match\":false,\"fragment_size\":2147483647},\"query\":{\"query_string\":{\"query\":\"type.raw:\\\"eMobility\\\"\",\"analyze_wildcard\":true}}}"
2016-03-15 12:50:43 +00:00
}
}
} ,
{
"_id" : "Suricata-Logs" ,
"_type" : "search" ,
"_source" : {
"title" : "Suricata-Logs" ,
"description" : "" ,
"hits" : 0 ,
"columns" : [
"_source"
] ,
"sort" : [
"@timestamp" ,
"desc"
] ,
"version" : 1 ,
"kibanaSavedObjectMeta" : {
2016-10-26 14:07:05 +00:00
"searchSourceJSON" : "{\"index\":\"logstash-*\",\"filter\":[],\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}},\"require_field_match\":false,\"fragment_size\":2147483647},\"query\":{\"query_string\":{\"query\":\"type.raw:\\\"Suricata\\\"\",\"analyze_wildcard\":true}}}"
2016-03-15 12:50:43 +00:00
}
}
} ,
{
"_id" : "Syslog-Logs" ,
"_type" : "search" ,
"_source" : {
"title" : "Syslog-Logs" ,
"description" : "" ,
"hits" : 0 ,
"columns" : [
"_source"
] ,
"sort" : [
"@timestamp" ,
"desc"
] ,
"version" : 1 ,
"kibanaSavedObjectMeta" : {
2016-10-26 14:07:05 +00:00
"searchSourceJSON" : "{\"index\":\"logstash-*\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"type.raw:\\\"Syslog\\\"\"}},\"filter\":[],\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}},\"require_field_match\":false,\"fragment_size\":2147483647}}"
}
}
} ,
{
"_id" : "NGINX-Logs" ,
"_type" : "search" ,
"_source" : {
"title" : "NGINX-Logs" ,
"description" : "" ,
"hits" : 0 ,
"columns" : [
"_source"
] ,
"sort" : [
"@timestamp" ,
"desc"
] ,
"version" : 1 ,
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : "{\"index\":\"logstash-*\",\"filter\":[],\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}},\"require_field_match\":false,\"fragment_size\":2147483647},\"query\":{\"query_string\":{\"query\":\"type.raw:\\\"NGINX\\\"\",\"analyze_wildcard\":true}}}"
2016-03-15 12:50:43 +00:00
}
}
} ,
{
"_id" : "P0f-Logs" ,
"_type" : "search" ,
"_source" : {
"title" : "P0f-Logs" ,
"description" : "" ,
"hits" : 0 ,
"columns" : [
"_source"
] ,
"sort" : [
"@timestamp" ,
"desc"
] ,
"version" : 1 ,
"kibanaSavedObjectMeta" : {
2016-10-26 14:07:05 +00:00
"searchSourceJSON" : "{\"index\":\"logstash-*\",\"filter\":[],\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}},\"require_field_match\":false,\"fragment_size\":2147483647},\"query\":{\"query_string\":{\"query\":\"type.raw:\\\"P0f\\\"\",\"analyze_wildcard\":true}}}"
2016-03-15 12:50:43 +00:00
}
}
} ,
{
2016-10-26 14:07:05 +00:00
"_id" : "Welcome-to-T-Pot" ,
2016-03-15 12:50:43 +00:00
"_type" : "visualization" ,
"_source" : {
2016-10-26 14:07:05 +00:00
"title" : "Welcome to T-Pot" ,
"visState" : "{\"title\":\"Welcome to T-Pot\",\"type\":\"markdown\",\"params\":{\"markdown\":\"# Welcome to your shiny new T-Pot 16.10 installation!\\n\\nBefore you get started tell `Kibana` what installation type you have chosen for T-Pot.\\n\\nIf you have installed from a provided ISO it is probably **T-Pot Standard**. However if you have built your own **[T-Pot ISO](https://github.com/dtag-dev-sec/tpotce)** it is highly likely that you are either running **T-Pot Everything** or **T-Pot Industrial**.\\n\\nYou can now click the `Load Saved Dashboard` button in the **upper right corner** to load your desired dashboard.\\n\\nMake sure to click the `Save Dashboard` button and save your dashboard as `Default`.\\n\\nIf you do not want to see this reminder any longer, just click on the `(X)` in the **upper right corner** of this visualization and save the dashboard on more time.\"},\"aggs\":[],\"listeners\":{}}" ,
2016-03-15 12:50:43 +00:00
"uiStateJSON" : "{}" ,
"description" : "" ,
"version" : 1 ,
"kibanaSavedObjectMeta" : {
2016-10-26 14:07:05 +00:00
"searchSourceJSON" : "{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}},\"filter\":[]}"
2016-03-15 12:50:43 +00:00
}
}
} ,
{
2016-10-26 14:07:05 +00:00
"_id" : "Syslog-Event-Counter" ,
2016-03-15 12:50:43 +00:00
"_type" : "visualization" ,
"_source" : {
2016-10-26 14:07:05 +00:00
"title" : "Syslog - Event Counter" ,
"visState" : "{\"aggs\":[{\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"}],\"listeners\":{},\"params\":{\"fontSize\":\"48\"},\"title\":\"Syslog - Event Counter\",\"type\":\"metric\"}" ,
2016-03-15 12:50:43 +00:00
"uiStateJSON" : "{}" ,
"description" : "" ,
2016-10-26 14:07:05 +00:00
"savedSearchId" : "Syslog-Logs" ,
2016-03-15 12:50:43 +00:00
"version" : 1 ,
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : "{\"filter\":[]}"
}
}
} ,
{
2016-10-26 14:07:05 +00:00
"_id" : "NGINX-HTTP-User-Agent-Pie-Top-10" ,
2016-03-15 12:50:43 +00:00
"_type" : "visualization" ,
"_source" : {
2016-10-26 14:07:05 +00:00
"title" : "NGINX - HTTP User Agent Pie - Top 10" ,
"visState" : "{\"title\":\"NGINX - HTTP User Agent Pie - Top 10\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"http_user_agent.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}" ,
2016-03-15 12:50:43 +00:00
"uiStateJSON" : "{}" ,
"description" : "" ,
2016-10-26 14:07:05 +00:00
"savedSearchId" : "NGINX-Logs" ,
2016-03-15 12:50:43 +00:00
"version" : 1 ,
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : "{\"filter\":[]}"
}
}
} ,
{
2016-10-26 14:07:05 +00:00
"_id" : "Suricata-HTTP-Protocol" ,
2016-03-15 12:50:43 +00:00
"_type" : "visualization" ,
"_source" : {
2016-10-26 14:07:05 +00:00
"title" : "Suricata - HTTP Protocol" ,
"visState" : "{\"title\":\"Suricata - HTTP Protocol\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"http.protocol.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}" ,
2016-03-15 12:50:43 +00:00
"uiStateJSON" : "{}" ,
"description" : "" ,
2016-10-26 14:07:05 +00:00
"savedSearchId" : "Suricata-Logs" ,
2016-03-15 12:50:43 +00:00
"version" : 1 ,
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : "{\"filter\":[]}"
}
}
} ,
{
2016-10-26 14:07:05 +00:00
"_id" : "NGINX-Username-Tagcloud" ,
2016-03-15 12:50:43 +00:00
"_type" : "visualization" ,
"_source" : {
2016-10-26 14:07:05 +00:00
"title" : "NGINX - Username Tagcloud" ,
"visState" : "{\"title\":\"NGINX - Username Tagcloud\",\"type\":\"tagcloud\",\"params\":{\"textScale\":\"linear\",\"orientations\":1,\"fromDegree\":0,\"toDegree\":0,\"font\":\"serif\",\"fontStyle\":\"normal\",\"fontWeight\":\"normal\",\"timeInterval\":500,\"spiral\":\"rectangular\",\"minFontSize\":18,\"maxFontSize\":72},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"remote_user.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}" ,
2016-03-15 12:50:43 +00:00
"uiStateJSON" : "{}" ,
"description" : "" ,
2016-10-26 14:07:05 +00:00
"savedSearchId" : "NGINX-Logs" ,
2016-03-15 12:50:43 +00:00
"version" : 1 ,
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : "{\"filter\":[]}"
}
}
} ,
{
2016-10-26 14:07:05 +00:00
"_id" : "NGINX-Events-Histogram" ,
2016-03-15 12:50:43 +00:00
"_type" : "visualization" ,
"_source" : {
2016-10-26 14:07:05 +00:00
"title" : "NGINX - Events Histogram" ,
"visState" : "{\"title\":\"NGINX - Events Histogram\",\"type\":\"line\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"showCircles\":true,\"smoothLines\":false,\"interpolate\":\"linear\",\"scale\":\"square root\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Access Count\"}},{\"id\":\"2\",\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"src_ip.raw\",\"customLabel\":\"Unique Source IPs\"}}],\"listeners\":{}}" ,
2016-03-15 12:50:43 +00:00
"uiStateJSON" : "{}" ,
"description" : "" ,
2016-10-26 14:07:05 +00:00
"savedSearchId" : "NGINX-Logs" ,
2016-03-15 12:50:43 +00:00
"version" : 1 ,
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : "{\"filter\":[]}"
}
}
} ,
{
2016-10-26 14:07:05 +00:00
"_id" : "NGINX-Event-Counter" ,
2016-03-15 12:50:43 +00:00
"_type" : "visualization" ,
"_source" : {
2016-10-26 14:07:05 +00:00
"title" : "NGINX - Event Counter" ,
"visState" : "{\"title\":\"NGINX - Event Counter\",\"type\":\"metric\",\"params\":{\"handleNoResults\":true,\"fontSize\":\"48\"},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}" ,
2016-03-15 12:50:43 +00:00
"uiStateJSON" : "{}" ,
"description" : "" ,
2016-10-26 14:07:05 +00:00
"savedSearchId" : "NGINX-Logs" ,
2016-03-15 12:50:43 +00:00
"version" : 1 ,
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : "{\"filter\":[]}"
}
}
} ,
{
2016-10-26 14:07:05 +00:00
"_id" : "Dionaea-Destination-Ports-Histogram" ,
2016-03-15 12:50:43 +00:00
"_type" : "visualization" ,
"_source" : {
2016-10-26 14:07:05 +00:00
"title" : "Dionaea - Destination Ports - Histogram" ,
"visState" : "{\"title\":\"Dionaea - Destination Ports - Histogram\",\"type\":\"histogram\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"scale\":\"linear\",\"mode\":\"stacked\",\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"dest_port\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"3\",\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}" ,
2016-03-15 12:50:43 +00:00
"uiStateJSON" : "{}" ,
"description" : "" ,
2016-10-26 14:07:05 +00:00
"savedSearchId" : "Dionaea-Logs" ,
2016-03-15 12:50:43 +00:00
"version" : 1 ,
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : "{\"filter\":[]}"
}
}
} ,
{
2016-10-26 14:07:05 +00:00
"_id" : "Cowrie-Destination-Ports-Histogram-Incoming" ,
2016-03-15 12:50:43 +00:00
"_type" : "visualization" ,
"_source" : {
2016-10-26 14:07:05 +00:00
"title" : "Cowrie - Destination Ports Histogram Incoming" ,
"visState" : "{\"title\":\"Cowrie - Destination Ports Histogram Incoming\",\"type\":\"histogram\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"scale\":\"linear\",\"mode\":\"stacked\",\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"type\":\"filters\",\"schema\":\"group\",\"params\":{\"filters\":[{\"input\":{\"query\":{\"query_string\":{\"query\":\"dest_port:2222\",\"analyze_wildcard\":true}}},\"label\":\"SSH\"},{\"input\":{\"query\":{\"query_string\":{\"query\":\"dest_port:2223\",\"analyze_wildcard\":true}}},\"label\":\"Telnet\"}]}},{\"id\":\"2\",\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}" ,
"uiStateJSON" : "{\"spy\":{\"mode\":{\"name\":null,\"fill\":false}}}" ,
2016-03-15 12:50:43 +00:00
"description" : "" ,
"savedSearchId" : "Cowrie-Logs" ,
"version" : 1 ,
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : "{\"filter\":[]}"
}
}
} ,
{
2016-10-26 14:07:05 +00:00
"_id" : "Glastop-Source-IP-Top-10" ,
2016-03-15 12:50:43 +00:00
"_type" : "visualization" ,
"_source" : {
2016-10-26 14:07:05 +00:00
"title" : "Glastopf - Source IP - Top 10" ,
"visState" : "{\"title\":\"Glastopf - Source IP - Top 10\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"src_ip.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}" ,
2016-03-15 12:50:43 +00:00
"uiStateJSON" : "{}" ,
"description" : "" ,
2016-10-26 14:07:05 +00:00
"savedSearchId" : "Glastopf-Logs" ,
2016-03-15 12:50:43 +00:00
"version" : 1 ,
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : "{\"filter\":[]}"
}
}
} ,
{
2016-10-26 14:07:05 +00:00
"_id" : "Cowrie-Events-by-Country-Histogram" ,
2016-03-15 12:50:43 +00:00
"_type" : "visualization" ,
"_source" : {
2016-10-26 14:07:05 +00:00
"title" : "Cowrie - Events by Country Histogram" ,
"visState" : "{\"title\":\"Cowrie - Events by Country Histogram\",\"type\":\"line\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"showCircles\":true,\"smoothLines\":false,\"interpolate\":\"linear\",\"scale\":\"square root\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"geoip.country_name.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"2\",\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}" ,
2016-03-15 12:50:43 +00:00
"uiStateJSON" : "{}" ,
"description" : "" ,
"savedSearchId" : "Cowrie-Logs" ,
"version" : 1 ,
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : "{\"filter\":[]}"
}
}
} ,
{
2016-10-26 14:07:05 +00:00
"_id" : "Suricata-TLS-Version" ,
2016-03-15 12:50:43 +00:00
"_type" : "visualization" ,
"_source" : {
2016-10-26 14:07:05 +00:00
"title" : "Suricata - TLS Version" ,
"visState" : "{\"title\":\"Suricata - TLS Version\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"tls.version.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}" ,
2016-03-15 12:50:43 +00:00
"uiStateJSON" : "{}" ,
"description" : "" ,
2016-10-26 14:07:05 +00:00
"savedSearchId" : "Suricata-Logs" ,
2016-03-15 12:50:43 +00:00
"version" : 1 ,
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : "{\"filter\":[]}"
}
}
} ,
{
2016-10-26 14:07:05 +00:00
"_id" : "Cowrie-Ports-Pie" ,
2016-03-15 12:50:43 +00:00
"_type" : "visualization" ,
"_source" : {
2016-10-26 14:07:05 +00:00
"title" : "Cowrie - Ports Pie" ,
"visState" : "{\"title\":\"Cowrie - Ports Pie\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"filters\",\"schema\":\"segment\",\"params\":{\"filters\":[{\"input\":{\"query\":{\"query_string\":{\"query\":\"dest_port:2222\",\"analyze_wildcard\":true}}},\"label\":\"SSH\"},{\"input\":{\"query\":{\"query_string\":{\"query\":\"dest_port:2223\",\"analyze_wildcard\":true}}},\"label\":\"Telnet\"}]}}],\"listeners\":{}}" ,
2016-03-15 12:50:43 +00:00
"uiStateJSON" : "{}" ,
"description" : "" ,
"savedSearchId" : "Cowrie-Logs" ,
"version" : 1 ,
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : "{\"filter\":[]}"
}
}
} ,
{
2016-10-26 14:07:05 +00:00
"_id" : "ConPot-Countries-Top-10" ,
2016-03-15 12:50:43 +00:00
"_type" : "visualization" ,
"_source" : {
2016-10-26 14:07:05 +00:00
"title" : "ConPot - Countries - Top 10" ,
"visState" : "{\"title\":\"ConPot - Countries - Top 10\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"geoip.country_name.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}" ,
2016-03-15 12:50:43 +00:00
"uiStateJSON" : "{}" ,
"description" : "" ,
"savedSearchId" : "ConPot-Logs" ,
"version" : 1 ,
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : "{\"filter\":[]}"
}
}
} ,
{
2016-10-26 14:07:05 +00:00
"_id" : "Cowrie-Cipher-Suites-Top-10" ,
2016-03-15 12:50:43 +00:00
"_type" : "visualization" ,
"_source" : {
2016-10-26 14:07:05 +00:00
"title" : "Cowrie - Encryption Ciphers - Top 10" ,
"visState" : "{\"title\":\"Cowrie - Encryption Ciphers - Top 10\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"encCS.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}" ,
2016-03-15 12:50:43 +00:00
"uiStateJSON" : "{}" ,
"description" : "" ,
2016-10-26 14:07:05 +00:00
"savedSearchId" : "Cowrie-Logs" ,
2016-03-15 12:50:43 +00:00
"version" : 1 ,
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : "{\"filter\":[]}"
}
}
} ,
{
2016-10-26 14:07:05 +00:00
"_id" : "Syslog-Countries-Top-10" ,
2016-03-15 12:50:43 +00:00
"_type" : "visualization" ,
"_source" : {
2016-10-26 14:07:05 +00:00
"title" : "Syslog - Countries - Top 10" ,
"visState" : "{\"aggs\":[{\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"id\":\"2\",\"params\":{\"field\":\"geoip.country_name.raw\",\"order\":\"desc\",\"orderBy\":\"1\",\"size\":10},\"schema\":\"segment\",\"type\":\"terms\"}],\"listeners\":{},\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"shareYAxis\":true},\"title\":\"Syslog - Countries - Top 10\",\"type\":\"pie\"}" ,
2016-03-15 12:50:43 +00:00
"uiStateJSON" : "{}" ,
"description" : "" ,
2016-10-26 14:07:05 +00:00
"savedSearchId" : "Syslog-Logs" ,
2016-03-15 12:50:43 +00:00
"version" : 1 ,
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : "{\"filter\":[]}"
}
}
} ,
{
2016-10-26 14:07:05 +00:00
"_id" : "Syslog-Username-Tagcloud" ,
2016-03-15 12:50:43 +00:00
"_type" : "visualization" ,
"_source" : {
2016-10-26 14:07:05 +00:00
"title" : "Syslog - Username Tagcloud" ,
"visState" : "{\"title\":\"Syslog - Username Tagcloud\",\"type\":\"tagcloud\",\"params\":{\"font\":\"serif\",\"fontStyle\":\"normal\",\"fontWeight\":\"normal\",\"fromDegree\":0,\"maxFontSize\":72,\"minFontSize\":18,\"orientations\":1,\"spiral\":\"archimedean\",\"textScale\":\"linear\",\"timeInterval\":500,\"toDegree\":0},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"username.raw\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}" ,
2016-03-15 12:50:43 +00:00
"uiStateJSON" : "{}" ,
"description" : "" ,
2016-10-26 14:07:05 +00:00
"savedSearchId" : "Syslog-Logs" ,
2016-03-15 12:50:43 +00:00
"version" : 1 ,
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : "{\"filter\":[]}"
}
}
} ,
{
2016-10-26 14:07:05 +00:00
"_id" : "ConPot-ASN-Top-10" ,
2016-03-15 12:50:43 +00:00
"_type" : "visualization" ,
"_source" : {
2016-10-26 14:07:05 +00:00
"title" : "ConPot - ASN - Top 10" ,
"visState" : "{\"title\":\"ConPot - ASN - Top 10\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"geoip.number.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"ASN\"}},{\"id\":\"3\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"geoip.asn.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"AS\"}}],\"listeners\":{}}" ,
2016-03-15 12:50:43 +00:00
"uiStateJSON" : "{}" ,
"description" : "" ,
2016-10-26 14:07:05 +00:00
"savedSearchId" : "ConPot-Logs" ,
2016-03-15 12:50:43 +00:00
"version" : 1 ,
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : "{\"filter\":[]}"
}
}
} ,
{
2016-10-26 14:07:05 +00:00
"_id" : "Suricata-HTTP-Hostname-Pie-Top-10" ,
2016-03-15 12:50:43 +00:00
"_type" : "visualization" ,
"_source" : {
2016-10-26 14:07:05 +00:00
"title" : "Suricata - HTTP Hostname Pie - Top 10" ,
"visState" : "{\"title\":\"Suricata - HTTP Hostname Pie - Top 10\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"http.hostname.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}" ,
2016-03-15 12:50:43 +00:00
"uiStateJSON" : "{}" ,
"description" : "" ,
2016-10-26 14:07:05 +00:00
"savedSearchId" : "Suricata-Logs" ,
2016-03-15 12:50:43 +00:00
"version" : 1 ,
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : "{\"filter\":[]}"
}
}
} ,
{
2016-10-26 14:07:05 +00:00
"_id" : "ConPot-Events-by-Country-Histogram" ,
2016-03-15 12:50:43 +00:00
"_type" : "visualization" ,
"_source" : {
2016-10-26 14:07:05 +00:00
"title" : "ConPot - Events by Country Histogram" ,
"visState" : "{\"title\":\"ConPot - Events by Country Histogram\",\"type\":\"line\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"showCircles\":true,\"smoothLines\":false,\"interpolate\":\"linear\",\"scale\":\"square root\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"geoip.country_name.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"\"}},{\"id\":\"2\",\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}" ,
2016-03-15 12:50:43 +00:00
"uiStateJSON" : "{}" ,
"description" : "" ,
2016-10-26 14:07:05 +00:00
"savedSearchId" : "ConPot-Logs" ,
2016-03-15 12:50:43 +00:00
"version" : 1 ,
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : "{\"filter\":[]}"
}
}
} ,
{
2016-10-26 14:07:05 +00:00
"_id" : "ConPot-Events-Histogram" ,
2016-03-15 12:50:43 +00:00
"_type" : "visualization" ,
"_source" : {
2016-10-26 14:07:05 +00:00
"title" : "ConPot - Events Histogram" ,
"visState" : "{\"title\":\"ConPot - Events Histogram\",\"type\":\"line\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"showCircles\":true,\"smoothLines\":false,\"interpolate\":\"linear\",\"scale\":\"square root\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Access Count\"}},{\"id\":\"2\",\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"src_ip.raw\",\"customLabel\":\"Unique Source IPs\"}}],\"listeners\":{}}" ,
2016-03-15 12:50:43 +00:00
"uiStateJSON" : "{}" ,
"description" : "" ,
2016-10-26 14:07:05 +00:00
"savedSearchId" : "ConPot-Logs" ,
2016-03-15 12:50:43 +00:00
"version" : 1 ,
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : "{\"filter\":[]}"
}
}
} ,
{
2016-10-26 14:07:05 +00:00
"_id" : "Suricata-HTTP-Method-Pie-Top-10" ,
2016-03-15 12:50:43 +00:00
"_type" : "visualization" ,
"_source" : {
2016-10-26 14:07:05 +00:00
"title" : "Suricata - HTTP Method Pie - Top 10" ,
"visState" : "{\"title\":\"Suricata - HTTP Method Pie - Top 10\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"http.http_method.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}" ,
2016-03-15 12:50:43 +00:00
"uiStateJSON" : "{}" ,
"description" : "" ,
2016-10-26 14:07:05 +00:00
"savedSearchId" : "Suricata-Logs" ,
2016-03-15 12:50:43 +00:00
"version" : 1 ,
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : "{\"filter\":[]}"
}
}
} ,
{
2016-10-26 14:07:05 +00:00
"_id" : "Glastopf-Events-by-Country-Histogram" ,
2016-03-15 12:50:43 +00:00
"_type" : "visualization" ,
"_source" : {
2016-10-26 14:07:05 +00:00
"title" : "Glastopf - Events by Country Histogram" ,
"visState" : "{\"title\":\"Glastopf - Events by Country Histogram\",\"type\":\"line\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"showCircles\":true,\"smoothLines\":false,\"interpolate\":\"linear\",\"scale\":\"square root\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"geoip.country_name.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"2\",\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}" ,
2016-03-15 12:50:43 +00:00
"uiStateJSON" : "{}" ,
"description" : "" ,
2016-10-26 14:07:05 +00:00
"savedSearchId" : "Glastopf-Logs" ,
2016-03-15 12:50:43 +00:00
"version" : 1 ,
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : "{\"filter\":[]}"
}
}
} ,
{
2016-10-26 14:07:05 +00:00
"_id" : "ElasticPot-Query-Top-10" ,
2016-03-15 12:50:43 +00:00
"_type" : "visualization" ,
"_source" : {
2016-10-26 14:07:05 +00:00
"title" : "ElasticPot - Query - Top 10" ,
"visState" : "{\"title\":\"ElasticPot - Query - Top 10\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"honeypot.query.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Query\"}}],\"listeners\":{}}" ,
2016-03-15 12:50:43 +00:00
"uiStateJSON" : "{}" ,
"description" : "" ,
2016-10-26 14:07:05 +00:00
"savedSearchId" : "ElasticPot-Logs" ,
2016-03-15 12:50:43 +00:00
"version" : 1 ,
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : "{\"filter\":[]}"
}
}
} ,
{
2016-10-26 14:07:05 +00:00
"_id" : "Syslog-Events-Histogram" ,
2016-03-15 12:50:43 +00:00
"_type" : "visualization" ,
"_source" : {
2016-10-26 14:07:05 +00:00
"title" : "Syslog - Events Histogram" ,
"visState" : "{\"aggs\":[{\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"id\":\"3\",\"params\":{\"field\":\"program.raw\",\"order\":\"desc\",\"orderBy\":\"1\",\"size\":10},\"schema\":\"group\",\"type\":\"terms\"},{\"id\":\"2\",\"params\":{\"customInterval\":\"2h\",\"extended_bounds\":{},\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1},\"schema\":\"segment\",\"type\":\"date_histogram\"}],\"listeners\":{},\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"interpolate\":\"linear\",\"radiusRatio\":9,\"scale\":\"square root\",\"setYExtents\":false,\"shareYAxis\":true,\"showCircles\":true,\"smoothLines\":false,\"times\":[],\"yAxis\":{}},\"title\":\"Syslog - Events Histogram\",\"type\":\"line\"}" ,
2016-03-15 12:50:43 +00:00
"uiStateJSON" : "{}" ,
"description" : "" ,
2016-10-26 14:07:05 +00:00
"savedSearchId" : "Syslog-Logs" ,
2016-03-15 12:50:43 +00:00
"version" : 1 ,
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : "{\"filter\":[]}"
}
}
} ,
{
2016-10-26 14:07:05 +00:00
"_id" : "Suricata-Fileinfo-Magic-Top-10" ,
2016-03-15 12:50:43 +00:00
"_type" : "visualization" ,
"_source" : {
2016-10-26 14:07:05 +00:00
"title" : "Suricata - Fileinfo Magic - Top 10" ,
"visState" : "{\"title\":\"Suricata - Fileinfo Magic - Top 10\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"fileinfo.magic.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}" ,
2016-03-15 12:50:43 +00:00
"uiStateJSON" : "{}" ,
"description" : "" ,
2016-10-26 14:07:05 +00:00
"savedSearchId" : "Suricata-Logs" ,
2016-03-15 12:50:43 +00:00
"version" : 1 ,
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : "{\"filter\":[]}"
}
}
} ,
{
2016-10-26 14:07:05 +00:00
"_id" : "Suricata-SSH-Server-Software-Version-Pie-Top-10" ,
2016-03-15 12:50:43 +00:00
"_type" : "visualization" ,
"_source" : {
2016-10-26 14:07:05 +00:00
"title" : "Suricata - SSH Server Software Version Pie - Top 10" ,
"visState" : "{\"title\":\"Suricata - SSH Server Software Version Pie - Top 10\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"ssh.server.software_version.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}" ,
2016-03-15 12:50:43 +00:00
"uiStateJSON" : "{}" ,
"description" : "" ,
2016-10-26 14:07:05 +00:00
"savedSearchId" : "Suricata-Logs" ,
2016-03-15 12:50:43 +00:00
"version" : 1 ,
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : "{\"filter\":[]}"
}
}
} ,
{
2016-10-26 14:07:05 +00:00
"_id" : "Cowrie-Countries-Top-10" ,
2016-03-15 12:50:43 +00:00
"_type" : "visualization" ,
"_source" : {
2016-10-26 14:07:05 +00:00
"title" : "Cowrie - Countries - Top 10" ,
"visState" : "{\"title\":\"Cowrie - Countries - Top 10\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"geoip.country_name.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}" ,
2016-03-15 12:50:43 +00:00
"uiStateJSON" : "{}" ,
"description" : "" ,
2016-10-26 14:07:05 +00:00
"savedSearchId" : "Cowrie-Logs" ,
2016-03-15 12:50:43 +00:00
"version" : 1 ,
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : "{\"filter\":[]}"
}
}
} ,
{
2016-10-26 14:07:05 +00:00
"_id" : "Suricata-Alert-Signature-by-Country" ,
2016-03-15 12:50:43 +00:00
"_type" : "visualization" ,
"_source" : {
2016-10-26 14:07:05 +00:00
"title" : "Suricata - Alert Signature by Country" ,
"visState" : "{\"title\":\"Suricata - Alert Signature by Country\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"split\",\"params\":{\"field\":\"geoip.country_name.raw\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"row\":false}},{\"id\":\"3\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"alert.signature.raw\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}" ,
2016-03-15 12:50:43 +00:00
"uiStateJSON" : "{}" ,
"description" : "" ,
2016-10-26 14:07:05 +00:00
"savedSearchId" : "Suricata-Logs" ,
2016-03-15 12:50:43 +00:00
"version" : 1 ,
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : "{\"filter\":[]}"
}
}
} ,
{
2016-10-26 14:07:05 +00:00
"_id" : "Suricata-DNS-RType-Top-10" ,
2016-03-15 12:50:43 +00:00
"_type" : "visualization" ,
"_source" : {
2016-10-26 14:07:05 +00:00
"title" : "Suricata - DNS RType" ,
"visState" : "{\"title\":\"Suricata - DNS RType\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"dns.rrtype.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}" ,
2016-03-15 12:50:43 +00:00
"uiStateJSON" : "{}" ,
"description" : "" ,
2016-10-26 14:07:05 +00:00
"savedSearchId" : "Suricata-Logs" ,
2016-03-15 12:50:43 +00:00
"version" : 1 ,
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : "{\"filter\":[]}"
}
}
} ,
{
2016-10-26 14:07:05 +00:00
"_id" : "ConPot-Map" ,
2016-03-15 12:50:43 +00:00
"_type" : "visualization" ,
"_source" : {
2016-10-26 14:07:05 +00:00
"title" : "ConPot - Map" ,
"visState" : "{\"title\":\"ConPot - Map\",\"type\":\"tile_map\",\"params\":{\"mapType\":\"Scaled Circle Markers\",\"isDesaturated\":true,\"addTooltip\":true,\"heatMaxZoom\":16,\"heatMinOpacity\":0.1,\"heatRadius\":25,\"heatBlur\":15,\"heatNormalizeData\":true,\"wms\":{\"enabled\":false,\"url\":\"https://basemap.nationalmap.gov/arcgis/services/USGSTopo/MapServer/WMSServer\",\"options\":{\"version\":\"1.3.0\",\"layers\":\"0\",\"format\":\"image/png\",\"transparent\":true,\"attribution\":\"Maps provided by USGS\",\"styles\":\"\"}}},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"geohash_grid\",\"schema\":\"segment\",\"params\":{\"field\":\"geoip.location\",\"autoPrecision\":true,\"precision\":2}}],\"listeners\":{}}" ,
2016-03-15 12:50:43 +00:00
"uiStateJSON" : "{}" ,
"description" : "" ,
2016-10-26 14:07:05 +00:00
"savedSearchId" : "ConPot-Logs" ,
2016-03-15 12:50:43 +00:00
"version" : 1 ,
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : "{\"filter\":[]}"
}
}
} ,
{
2016-10-26 14:07:05 +00:00
"_id" : "ConPot-Event-Type" ,
2016-03-15 12:50:43 +00:00
"_type" : "visualization" ,
"_source" : {
2016-10-26 14:07:05 +00:00
"title" : "ConPot - Event Type" ,
"visState" : "{\"aggs\":[{\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"id\":\"2\",\"params\":{\"field\":\"event_type.raw\",\"order\":\"desc\",\"orderBy\":\"1\",\"size\":10},\"schema\":\"segment\",\"type\":\"terms\"}],\"listeners\":{},\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"shareYAxis\":true},\"title\":\"ConPot - Event Type\",\"type\":\"pie\"}" ,
2016-03-15 12:50:43 +00:00
"uiStateJSON" : "{}" ,
"description" : "" ,
2016-10-26 14:07:05 +00:00
"savedSearchId" : "ConPot-Logs" ,
2016-03-15 12:50:43 +00:00
"version" : 1 ,
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : "{\"filter\":[]}"
}
}
} ,
{
2016-10-26 14:07:05 +00:00
"_id" : "Suricata-HTTP-Content-Type-Top-10" ,
2016-03-15 12:50:43 +00:00
"_type" : "visualization" ,
"_source" : {
2016-10-26 14:07:05 +00:00
"title" : "Suricata - HTTP Content Type - Top 10" ,
"visState" : "{\"title\":\"Suricata - HTTP Content Type - Top 10\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"http.http_content_type.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}" ,
2016-03-15 12:50:43 +00:00
"uiStateJSON" : "{}" ,
"description" : "" ,
2016-10-26 14:07:05 +00:00
"savedSearchId" : "Suricata-Logs" ,
2016-03-15 12:50:43 +00:00
"version" : 1 ,
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : "{\"filter\":[]}"
}
}
} ,
{
2016-10-26 14:07:05 +00:00
"_id" : "Suricata-DNS-Type-Top-10" ,
2016-03-15 12:50:43 +00:00
"_type" : "visualization" ,
"_source" : {
2016-10-26 14:07:05 +00:00
"title" : "Suricata - DNS Type" ,
"visState" : "{\"title\":\"Suricata - DNS Type\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"dns.type.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}" ,
2016-03-15 12:50:43 +00:00
"uiStateJSON" : "{}" ,
"description" : "" ,
2016-10-26 14:07:05 +00:00
"savedSearchId" : "Suricata-Logs" ,
2016-03-15 12:50:43 +00:00
"version" : 1 ,
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : "{\"filter\":[]}"
}
}
} ,
{
2016-10-26 14:07:05 +00:00
"_id" : "Syslog-Program-Top-10" ,
2016-03-15 12:50:43 +00:00
"_type" : "visualization" ,
"_source" : {
2016-10-26 14:07:05 +00:00
"title" : "Syslog - Program - Top 10" ,
"visState" : "{\"title\":\"Syslog - Program - Top 10\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"program.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}" ,
2016-03-15 12:50:43 +00:00
"uiStateJSON" : "{}" ,
"description" : "" ,
2016-10-26 14:07:05 +00:00
"savedSearchId" : "Syslog-Logs" ,
2016-03-15 12:50:43 +00:00
"version" : 1 ,
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : "{\"filter\":[]}"
}
}
} ,
{
2016-10-26 14:07:05 +00:00
"_id" : "Dionaea-Events-Histogram" ,
2016-03-15 12:50:43 +00:00
"_type" : "visualization" ,
"_source" : {
2016-10-26 14:07:05 +00:00
"title" : "Dionaea - Events Histogram" ,
"visState" : "{\"title\":\"Dionaea - Events Histogram\",\"type\":\"line\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"showCircles\":true,\"smoothLines\":false,\"interpolate\":\"linear\",\"scale\":\"square root\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Access Count\"}},{\"id\":\"2\",\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"src_ip.raw\",\"customLabel\":\"Unique Source IPs\"}}],\"listeners\":{}}" ,
2016-03-15 12:50:43 +00:00
"uiStateJSON" : "{}" ,
"description" : "" ,
2016-10-26 14:07:05 +00:00
"savedSearchId" : "Dionaea-Logs" ,
2016-03-15 12:50:43 +00:00
"version" : 1 ,
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : "{\"filter\":[]}"
}
}
} ,
{
2016-10-26 14:07:05 +00:00
"_id" : "Dionaea-Protocol" ,
2016-03-15 12:50:43 +00:00
"_type" : "visualization" ,
"_source" : {
2016-10-26 14:07:05 +00:00
"title" : "Dionaea - Protocol" ,
"visState" : "{\"title\":\"Dionaea - Protocol\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"connection.protocol.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}" ,
2016-03-15 12:50:43 +00:00
"uiStateJSON" : "{}" ,
"description" : "" ,
2016-10-26 14:07:05 +00:00
"savedSearchId" : "Dionaea-Logs" ,
2016-03-15 12:50:43 +00:00
"version" : 1 ,
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : "{\"filter\":[]}"
}
}
} ,
{
2016-10-26 14:07:05 +00:00
"_id" : "Suricata-Events-by-Country-Histogram" ,
2016-03-15 12:50:43 +00:00
"_type" : "visualization" ,
"_source" : {
2016-10-26 14:07:05 +00:00
"title" : "Suricata - Events by Country Histogram" ,
"visState" : "{\"title\":\"Suricata - Events by Country Histogram\",\"type\":\"line\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"showCircles\":true,\"smoothLines\":false,\"interpolate\":\"linear\",\"scale\":\"square root\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"geoip.country_name.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"2\",\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}" ,
2016-03-15 12:50:43 +00:00
"uiStateJSON" : "{}" ,
"description" : "" ,
"savedSearchId" : "Suricata-Logs" ,
"version" : 1 ,
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : "{\"filter\":[]}"
}
}
} ,
{
2016-10-26 14:07:05 +00:00
"_id" : "ElasticPot-Countries-Top-10" ,
2016-03-15 12:50:43 +00:00
"_type" : "visualization" ,
"_source" : {
2016-10-26 14:07:05 +00:00
"title" : "ElasticPot - Countries - Top 10" ,
"visState" : "{\"title\":\"ElasticPot - Countries - Top 10\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"geoip.country_name.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}" ,
2016-03-15 12:50:43 +00:00
"uiStateJSON" : "{}" ,
"description" : "" ,
2016-10-26 14:07:05 +00:00
"savedSearchId" : "ElasticPot-Logs" ,
2016-03-15 12:50:43 +00:00
"version" : 1 ,
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : "{\"filter\":[]}"
}
}
} ,
{
2016-10-26 14:07:05 +00:00
"_id" : "NGINX-Events-by-Country-Histogram" ,
2016-03-15 12:50:43 +00:00
"_type" : "visualization" ,
"_source" : {
2016-10-26 14:07:05 +00:00
"title" : "NGINX - Events by Country Histogram" ,
"visState" : "{\"title\":\"NGINX - Events by Country Histogram\",\"type\":\"line\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"showCircles\":true,\"smoothLines\":false,\"interpolate\":\"linear\",\"scale\":\"square root\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"geoip.country_name.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"2\",\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}" ,
2016-03-15 12:50:43 +00:00
"uiStateJSON" : "{}" ,
"description" : "" ,
2016-10-26 14:07:05 +00:00
"savedSearchId" : "NGINX-Logs" ,
2016-03-15 12:50:43 +00:00
"version" : 1 ,
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : "{\"filter\":[]}"
}
}
} ,
{
2016-10-26 14:07:05 +00:00
"_id" : "Suricata-Alert-Category-Histogram-Top-10" ,
2016-03-15 12:50:43 +00:00
"_type" : "visualization" ,
"_source" : {
2016-10-26 14:07:05 +00:00
"title" : "Suricata - Alert Category Histogram - Top 10" ,
"visState" : "{\"title\":\"Suricata - Alert Category Histogram - Top 10\",\"type\":\"area\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"smoothLines\":true,\"scale\":\"linear\",\"interpolate\":\"linear\",\"mode\":\"overlap\",\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"alert.category.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"2\",\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}" ,
2016-03-15 12:50:43 +00:00
"uiStateJSON" : "{}" ,
"description" : "" ,
"savedSearchId" : "Suricata-Logs" ,
"version" : 1 ,
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : "{\"filter\":[]}"
}
}
} ,
{
2016-10-26 14:07:05 +00:00
"_id" : "NGINX-Countries-Top-10" ,
2016-03-15 12:50:43 +00:00
"_type" : "visualization" ,
"_source" : {
2016-10-26 14:07:05 +00:00
"title" : "NGINX - Countries - Top 10" ,
"visState" : "{\"title\":\"NGINX - Countries - Top 10\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"geoip.country_name.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}" ,
2016-03-15 12:50:43 +00:00
"uiStateJSON" : "{}" ,
"description" : "" ,
2016-10-26 14:07:05 +00:00
"savedSearchId" : "NGINX-Logs" ,
2016-03-15 12:50:43 +00:00
"version" : 1 ,
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : "{\"filter\":[]}"
}
}
} ,
{
2016-10-26 14:07:05 +00:00
"_id" : "Glastopf-Events-Histogram" ,
2016-03-15 12:50:43 +00:00
"_type" : "visualization" ,
"_source" : {
2016-10-26 14:07:05 +00:00
"title" : "Glastopf - Events Histogram" ,
"visState" : "{\"title\":\"Glastopf - Events Histogram\",\"type\":\"line\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"showCircles\":true,\"smoothLines\":false,\"interpolate\":\"linear\",\"scale\":\"square root\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Access Count\"}},{\"id\":\"2\",\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"src_ip.raw\",\"customLabel\":\"Unique Source IPs\"}}],\"listeners\":{}}" ,
2016-03-15 12:50:43 +00:00
"uiStateJSON" : "{}" ,
"description" : "" ,
2016-10-26 14:07:05 +00:00
"savedSearchId" : "Glastopf-Logs" ,
2016-03-15 12:50:43 +00:00
"version" : 1 ,
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : "{\"filter\":[]}"
}
}
} ,
{
2016-10-26 14:07:05 +00:00
"_id" : "ConPot-Protocol" ,
2016-03-15 12:50:43 +00:00
"_type" : "visualization" ,
"_source" : {
2016-10-26 14:07:05 +00:00
"title" : "ConPot - Protocol" ,
"visState" : "{\"title\":\"ConPot - Protocol\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"data_type.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}" ,
2016-03-15 12:50:43 +00:00
"uiStateJSON" : "{}" ,
"description" : "" ,
2016-10-26 14:07:05 +00:00
"savedSearchId" : "ConPot-Logs" ,
2016-03-15 12:50:43 +00:00
"version" : 1 ,
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : "{\"filter\":[]}"
}
}
} ,
{
2016-10-26 14:07:05 +00:00
"_id" : "Syslog-Events-by-Country-Histogram" ,
2016-03-15 12:50:43 +00:00
"_type" : "visualization" ,
"_source" : {
2016-10-26 14:07:05 +00:00
"title" : "Syslog - Events by Country Histogram" ,
"visState" : "{\"aggs\":[{\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"id\":\"3\",\"params\":{\"field\":\"geoip.country_name.raw\",\"order\":\"desc\",\"orderBy\":\"1\",\"size\":10},\"schema\":\"group\",\"type\":\"terms\"},{\"id\":\"2\",\"params\":{\"customInterval\":\"2h\",\"extended_bounds\":{},\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1},\"schema\":\"segment\",\"type\":\"date_histogram\"}],\"listeners\":{},\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"interpolate\":\"linear\",\"radiusRatio\":9,\"scale\":\"square root\",\"setYExtents\":false,\"shareYAxis\":true,\"showCircles\":true,\"smoothLines\":false,\"times\":[],\"yAxis\":{}},\"title\":\"Syslog - Events by Country Histogram\",\"type\":\"line\"}" ,
2016-03-15 12:50:43 +00:00
"uiStateJSON" : "{}" ,
"description" : "" ,
2016-10-26 14:07:05 +00:00
"savedSearchId" : "Syslog-Logs" ,
2016-03-15 12:50:43 +00:00
"version" : 1 ,
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : "{\"filter\":[]}"
}
}
} ,
{
2016-10-26 14:07:05 +00:00
"_id" : "eMobility-Events-by-Country-Histogram" ,
2016-03-15 12:50:43 +00:00
"_type" : "visualization" ,
"_source" : {
2016-10-26 14:07:05 +00:00
"title" : "eMobility - Events by Country Histogram" ,
"visState" : "{\"title\":\"eMobility - Events by Country Histogram\",\"type\":\"line\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"showCircles\":true,\"smoothLines\":false,\"interpolate\":\"linear\",\"scale\":\"square root\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"geoip.country_name.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"2\",\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}" ,
2016-03-15 12:50:43 +00:00
"uiStateJSON" : "{}" ,
"description" : "" ,
2016-10-26 14:07:05 +00:00
"savedSearchId" : "eMobility-Logs" ,
2016-03-15 12:50:43 +00:00
"version" : 1 ,
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : "{\"filter\":[]}"
}
}
} ,
{
2016-10-26 14:07:05 +00:00
"_id" : "Suricata-HTTP-Accept-Encoding" ,
2016-03-15 12:50:43 +00:00
"_type" : "visualization" ,
"_source" : {
2016-10-26 14:07:05 +00:00
"title" : "Suricata - HTTP Accept Encoding" ,
"visState" : "{\"title\":\"Suricata - HTTP Accept Encoding\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"http.accept_encoding.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}" ,
2016-03-15 12:50:43 +00:00
"uiStateJSON" : "{}" ,
"description" : "" ,
2016-10-26 14:07:05 +00:00
"savedSearchId" : "Suricata-Logs" ,
2016-03-15 12:50:43 +00:00
"version" : 1 ,
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : "{\"filter\":[]}"
}
}
} ,
{
2016-10-26 14:07:05 +00:00
"_id" : "Suricata-SSH-Server-Protocol-Version" ,
2016-03-15 12:50:43 +00:00
"_type" : "visualization" ,
"_source" : {
2016-10-26 14:07:05 +00:00
"title" : "Suricata - SSH Server Protocol Version" ,
"visState" : "{\"title\":\"Suricata - SSH Server Protocol Version\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"ssh.server.proto_version.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}" ,
2016-03-15 12:50:43 +00:00
"uiStateJSON" : "{}" ,
"description" : "" ,
2016-10-26 14:07:05 +00:00
"savedSearchId" : "Suricata-Logs" ,
2016-03-15 12:50:43 +00:00
"version" : 1 ,
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : "{\"filter\":[]}"
}
}
} ,
{
2016-10-26 14:07:05 +00:00
"_id" : "Suricata-Alert-Signature-Bar-Chart-Top-10" ,
2016-03-15 12:50:43 +00:00
"_type" : "visualization" ,
"_source" : {
2016-10-26 14:07:05 +00:00
"title" : "Suricata - Alert Signature Bar Chart - Top 10" ,
"visState" : "{\"title\":\"Suricata - Alert Signature Bar Chart - Top 10\",\"type\":\"histogram\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"scale\":\"linear\",\"mode\":\"stacked\",\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"alert.signature.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"2\",\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}" ,
2016-03-15 12:50:43 +00:00
"uiStateJSON" : "{}" ,
"description" : "" ,
2016-10-26 14:07:05 +00:00
"savedSearchId" : "Suricata-Logs" ,
2016-03-15 12:50:43 +00:00
"version" : 1 ,
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : "{\"filter\":[]}"
}
}
} ,
{
2016-10-26 14:07:05 +00:00
"_id" : "eMobility-Countries-Top-10" ,
2016-03-15 12:50:43 +00:00
"_type" : "visualization" ,
"_source" : {
2016-10-26 14:07:05 +00:00
"title" : "eMobility - Countries - Top 10" ,
"visState" : "{\"title\":\"eMobility - Countries - Top 10\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"geoip.country_name.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}" ,
2016-03-15 12:50:43 +00:00
"uiStateJSON" : "{}" ,
"description" : "" ,
2016-10-26 14:07:05 +00:00
"savedSearchId" : "eMobility-Logs" ,
2016-03-15 12:50:43 +00:00
"version" : 1 ,
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : "{\"filter\":[]}"
}
}
} ,
{
2016-10-26 14:07:05 +00:00
"_id" : "NGINX-HTTP-Status-Code-Pie-Top-10" ,
2016-03-15 12:50:43 +00:00
"_type" : "visualization" ,
"_source" : {
2016-10-26 14:07:05 +00:00
"title" : "NGINX - HTTP Status Code Pie - Top 10" ,
"visState" : "{\"title\":\"NGINX - HTTP Status Code Pie - Top 10\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"status.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}" ,
2016-03-15 12:50:43 +00:00
"uiStateJSON" : "{}" ,
"description" : "" ,
2016-10-26 14:07:05 +00:00
"savedSearchId" : "NGINX-Logs" ,
2016-03-15 12:50:43 +00:00
"version" : 1 ,
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : "{\"filter\":[]}"
}
}
} ,
{
2016-10-26 14:07:05 +00:00
"_id" : "Glastopf-Countries-Top-10" ,
2016-03-15 12:50:43 +00:00
"_type" : "visualization" ,
"_source" : {
2016-10-26 14:07:05 +00:00
"title" : "Glastopf - Countries - Top 10" ,
"visState" : "{\"title\":\"Glastopf - Countries - Top 10\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"geoip.country_name.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}" ,
2016-03-15 12:50:43 +00:00
"uiStateJSON" : "{}" ,
"description" : "" ,
2016-10-26 14:07:05 +00:00
"savedSearchId" : "Glastopf-Logs" ,
2016-03-15 12:50:43 +00:00
"version" : 1 ,
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : "{\"filter\":[]}"
}
}
} ,
{
2016-10-26 14:07:05 +00:00
"_id" : "Cowrie-Input-Top-10" ,
2016-03-15 12:50:43 +00:00
"_type" : "visualization" ,
"_source" : {
2016-10-26 14:07:05 +00:00
"title" : "Cowrie - Input - Top 10" ,
"visState" : "{\"title\":\"Cowrie - Input - Top 10\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"input.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Command Line Input\"}}],\"listeners\":{}}" ,
2016-03-15 12:50:43 +00:00
"uiStateJSON" : "{}" ,
"description" : "" ,
2016-10-26 14:07:05 +00:00
"savedSearchId" : "Cowrie-Logs" ,
2016-03-15 12:50:43 +00:00
"version" : 1 ,
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : "{\"filter\":[]}"
}
}
} ,
{
2016-10-26 14:07:05 +00:00
"_id" : "Glastopf-Source-IP-Top-10" ,
2016-03-15 12:50:43 +00:00
"_type" : "visualization" ,
"_source" : {
2016-10-26 14:07:05 +00:00
"title" : "Glastopf - Source IP - Top 10" ,
"visState" : "{\"title\":\"Glastopf - Source IP - Top 10\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"src_ip.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source IP\"}}],\"listeners\":{}}" ,
2016-03-15 12:50:43 +00:00
"uiStateJSON" : "{}" ,
"description" : "" ,
2016-10-26 14:07:05 +00:00
"savedSearchId" : "Glastopf-Logs" ,
2016-03-15 12:50:43 +00:00
"version" : 1 ,
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : "{\"filter\":[]}"
}
}
} ,
{
2016-10-26 14:07:05 +00:00
"_id" : "Suricata-ASN-Top-10" ,
2016-03-15 12:50:43 +00:00
"_type" : "visualization" ,
"_source" : {
2016-10-26 14:07:05 +00:00
"title" : "Suricata - ASN - Top 10" ,
"visState" : "{\"title\":\"Suricata - ASN - Top 10\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"geoip.number.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"AS\"}},{\"id\":\"3\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"geoip.asn.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"ASN\"}}],\"listeners\":{}}" ,
2016-03-15 12:50:43 +00:00
"uiStateJSON" : "{}" ,
"description" : "" ,
"savedSearchId" : "Suricata-Logs" ,
"version" : 1 ,
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : "{\"filter\":[]}"
}
}
} ,
{
2016-10-26 14:07:05 +00:00
"_id" : "ElasticPot-ASN-Top-10" ,
2016-03-15 12:50:43 +00:00
"_type" : "visualization" ,
"_source" : {
2016-10-26 14:07:05 +00:00
"title" : "ElasticPot - ASN - Top 10" ,
"visState" : "{\"title\":\"ElasticPot - ASN - Top 10\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"geoip.number.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"AS\"}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"geoip.asn.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"ASN\"}}],\"listeners\":{}}" ,
2016-03-15 12:50:43 +00:00
"uiStateJSON" : "{}" ,
"description" : "" ,
2016-10-26 14:07:05 +00:00
"savedSearchId" : "ElasticPot-Logs" ,
2016-03-15 12:50:43 +00:00
"version" : 1 ,
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : "{\"filter\":[]}"
}
}
} ,
{
2016-10-26 14:07:05 +00:00
"_id" : "Cowrie-ASN-Top-10" ,
2016-03-15 12:50:43 +00:00
"_type" : "visualization" ,
"_source" : {
2016-10-26 14:07:05 +00:00
"title" : "Cowrie - ASN - Top 10" ,
"visState" : "{\"title\":\"Cowrie - ASN - Top 10\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"geoip.number.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"AS\"}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"geoip.asn.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"ASN\"}}],\"listeners\":{}}" ,
2016-03-15 12:50:43 +00:00
"uiStateJSON" : "{}" ,
"description" : "" ,
"savedSearchId" : "Cowrie-Logs" ,
"version" : 1 ,
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : "{\"filter\":[]}"
}
}
} ,
{
2016-10-26 14:07:05 +00:00
"_id" : "Cowrie-Username-Tagcloud" ,
2016-03-15 12:50:43 +00:00
"_type" : "visualization" ,
"_source" : {
2016-10-26 14:07:05 +00:00
"title" : "Cowrie - Username Tagcloud" ,
"visState" : "{\"title\":\"Cowrie - Username Tagcloud\",\"type\":\"tagcloud\",\"params\":{\"textScale\":\"linear\",\"orientations\":1,\"fromDegree\":\"0\",\"toDegree\":\"0\",\"font\":\"serif\",\"fontStyle\":\"normal\",\"fontWeight\":\"normal\",\"timeInterval\":\"500\",\"spiral\":\"rectangular\",\"minFontSize\":18,\"maxFontSize\":72},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"username.raw\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}" ,
2016-03-15 12:50:43 +00:00
"uiStateJSON" : "{}" ,
"description" : "" ,
2016-10-26 14:07:05 +00:00
"savedSearchId" : "Cowrie-Logs" ,
2016-03-15 12:50:43 +00:00
"version" : 1 ,
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : "{\"filter\":[]}"
}
}
} ,
{
2016-10-26 14:07:05 +00:00
"_id" : "Cowrie-Username-Tagcloud-Large" ,
2016-03-15 12:50:43 +00:00
"_type" : "visualization" ,
"_source" : {
2016-10-26 14:07:05 +00:00
"title" : "Cowrie - Username Tagcloud - Large" ,
"visState" : "{\"title\":\"Cowrie - Username Tagcloud - Large\",\"type\":\"tagcloud\",\"params\":{\"textScale\":\"sqrt\",\"orientations\":1,\"fromDegree\":\"0\",\"toDegree\":\"0\",\"font\":\"serif\",\"fontStyle\":\"normal\",\"fontWeight\":\"normal\",\"timeInterval\":\"500\",\"spiral\":\"rectangular\",\"minFontSize\":18,\"maxFontSize\":72},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"username.raw\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}" ,
2016-03-15 12:50:43 +00:00
"uiStateJSON" : "{}" ,
"description" : "" ,
2016-10-26 14:07:05 +00:00
"savedSearchId" : "Cowrie-Logs" ,
2016-03-15 12:50:43 +00:00
"version" : 1 ,
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : "{\"filter\":[]}"
}
}
} ,
{
2016-10-26 14:07:05 +00:00
"_id" : "Suricata-Events-Histogram" ,
2016-03-15 12:50:43 +00:00
"_type" : "visualization" ,
"_source" : {
2016-10-26 14:07:05 +00:00
"title" : "Suricata - Events Histogram" ,
"visState" : "{\"title\":\"Suricata - Events Histogram\",\"type\":\"line\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"showCircles\":true,\"smoothLines\":false,\"interpolate\":\"linear\",\"scale\":\"square root\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Access Count\"}},{\"id\":\"2\",\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"src_ip.raw\",\"customLabel\":\"Unique Source IPs\"}}],\"listeners\":{}}" ,
2016-03-15 12:50:43 +00:00
"uiStateJSON" : "{}" ,
"description" : "" ,
2016-10-26 14:07:05 +00:00
"savedSearchId" : "Suricata-Logs" ,
2016-03-15 12:50:43 +00:00
"version" : 1 ,
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : "{\"filter\":[]}"
}
}
} ,
{
2016-10-26 14:07:05 +00:00
"_id" : "ElasticPot-Source-IP-Top-10" ,
2016-03-15 12:50:43 +00:00
"_type" : "visualization" ,
"_source" : {
2016-10-26 14:07:05 +00:00
"title" : "ElasticPot - Source IP - Top 10" ,
"visState" : "{\"title\":\"ElasticPot - Source IP - Top 10\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"src_ip.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source IP\"}}],\"listeners\":{}}" ,
2016-03-15 12:50:43 +00:00
"uiStateJSON" : "{}" ,
"description" : "" ,
2016-10-26 14:07:05 +00:00
"savedSearchId" : "ElasticPot-Logs" ,
2016-03-15 12:50:43 +00:00
"version" : 1 ,
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : "{\"filter\":[]}"
}
}
} ,
{
2016-10-26 14:07:05 +00:00
"_id" : "Syslog-SSH-Events-Histogram" ,
2016-03-15 12:50:43 +00:00
"_type" : "visualization" ,
"_source" : {
2016-10-26 14:07:05 +00:00
"title" : "Syslog - SSH Events Histogram" ,
"visState" : "{\"aggs\":[{\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"id\":\"2\",\"params\":{\"customInterval\":\"2h\",\"extended_bounds\":{},\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1},\"schema\":\"segment\",\"type\":\"date_histogram\"},{\"id\":\"3\",\"params\":{\"field\":\"tags.raw\",\"order\":\"desc\",\"orderBy\":\"1\",\"size\":10},\"schema\":\"group\",\"type\":\"terms\"}],\"listeners\":{},\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"defaultYExtents\":false,\"mode\":\"stacked\",\"scale\":\"linear\",\"setYExtents\":false,\"shareYAxis\":true,\"times\":[],\"yAxis\":{}},\"title\":\"Syslog - SSH Events Histogram\",\"type\":\"histogram\"}" ,
2016-03-15 12:50:43 +00:00
"uiStateJSON" : "{}" ,
"description" : "" ,
2016-10-26 14:07:05 +00:00
"savedSearchId" : "Syslog-Logs" ,
2016-03-15 12:50:43 +00:00
"version" : 1 ,
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : "{\"filter\":[]}"
}
}
} ,
{
2016-10-26 14:07:05 +00:00
"_id" : "Cowrie-Destination-Ports-Histogram" ,
2016-03-15 12:50:43 +00:00
"_type" : "visualization" ,
"_source" : {
2016-10-26 14:07:05 +00:00
"title" : "Cowrie - Destination Ports Histogram" ,
"visState" : "{\"title\":\"Cowrie - Destination Ports Histogram\",\"type\":\"histogram\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"scale\":\"linear\",\"mode\":\"stacked\",\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"dest_port\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"2\",\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}" ,
"uiStateJSON" : "{\"spy\":{\"mode\":{\"name\":null,\"fill\":false}}}" ,
2016-03-15 12:50:43 +00:00
"description" : "" ,
2016-10-26 14:07:05 +00:00
"savedSearchId" : "Cowrie-Logs" ,
2016-03-15 12:50:43 +00:00
"version" : 1 ,
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : "{\"filter\":[]}"
}
}
} ,
{
2016-10-26 14:07:05 +00:00
"_id" : "Suricata-HTTP-User-Agent-Top-10" ,
2016-03-15 12:50:43 +00:00
"_type" : "visualization" ,
"_source" : {
2016-10-26 14:07:05 +00:00
"title" : "Suricata - HTTP User Agent - Top 10" ,
"visState" : "{\"title\":\"Suricata - HTTP User Agent - Top 10\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"http.http_user_agent.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"User Agent\"}}],\"listeners\":{}}" ,
2016-03-15 12:50:43 +00:00
"uiStateJSON" : "{}" ,
"description" : "" ,
"savedSearchId" : "Suricata-Logs" ,
"version" : 1 ,
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : "{\"filter\":[]}"
}
}
} ,
{
2016-10-26 14:07:05 +00:00
"_id" : "Suricata-Destination-IP-Top-10" ,
2016-03-15 12:50:43 +00:00
"_type" : "visualization" ,
"_source" : {
2016-10-26 14:07:05 +00:00
"title" : "Suricata - Destination IP - Top 10" ,
"visState" : "{\"title\":\"Suricata - Destination IP - Top 10\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dest_ip.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination IP\"}}],\"listeners\":{}}" ,
2016-03-15 12:50:43 +00:00
"uiStateJSON" : "{}" ,
"description" : "" ,
"savedSearchId" : "Suricata-Logs" ,
"version" : 1 ,
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : "{\"filter\":[]}"
}
}
} ,
{
2016-10-26 14:07:05 +00:00
"_id" : "Cowrie-Heatmap" ,
2016-03-15 12:50:43 +00:00
"_type" : "visualization" ,
"_source" : {
2016-10-26 14:07:05 +00:00
"title" : "Cowrie - Heatmap" ,
"visState" : "{\"title\":\"Cowrie - Heatmap\",\"type\":\"heatmap\",\"params\":{\"margin\":{\"top\":20,\"right\":200,\"bottom\":100,\"left\":100},\"stroke\":\"#ffffff\",\"strokeWidth\":1,\"padding\":0,\"legendNumberFormat\":\"number\",\"color\":\"Greens\",\"numberOfColors\":\"9\",\"rowAxis\":{\"filterBy\":0,\"title\":\"src_ip.raw: Descending\"},\"columnAxis\":{\"filterBy\":0,\"title\":\"@timestamp per 12 hours\"},\"legendTitle\":\"Count\"},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"type\":\"terms\",\"schema\":\"rows\",\"params\":{\"field\":\"src_ip.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"2\",\"type\":\"date_histogram\",\"schema\":\"columns\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}" ,
2016-03-15 12:50:43 +00:00
"uiStateJSON" : "{}" ,
"description" : "" ,
2016-10-26 14:07:05 +00:00
"savedSearchId" : "Cowrie-Logs" ,
2016-03-15 12:50:43 +00:00
"version" : 1 ,
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : "{\"filter\":[]}"
}
}
} ,
{
2016-10-26 14:07:05 +00:00
"_id" : "Suricata-Alert-Signature-Top-10" ,
2016-03-15 12:50:43 +00:00
"_type" : "visualization" ,
"_source" : {
2016-10-26 14:07:05 +00:00
"title" : "Suricata - Alert Signature - Top 10" ,
"visState" : "{\"title\":\"Suricata - Alert Signature - Top 10\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"alert.signature.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Alert Signature\"}},{\"id\":\"3\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"alert.signature_id\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Alert Signature ID\"}}],\"listeners\":{}}" ,
2016-03-15 12:50:43 +00:00
"uiStateJSON" : "{}" ,
"description" : "" ,
"savedSearchId" : "Suricata-Logs" ,
"version" : 1 ,
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : "{\"filter\":[]}"
}
}
} ,
{
2016-10-26 14:07:05 +00:00
"_id" : "Suricata-Destination-Ports-Histogram" ,
2016-03-15 12:50:43 +00:00
"_type" : "visualization" ,
"_source" : {
2016-10-26 14:07:05 +00:00
"title" : "Suricata - Destination Ports Histogram" ,
"visState" : "{\"title\":\"Suricata - Destination Ports Histogram\",\"type\":\"histogram\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"scale\":\"linear\",\"mode\":\"stacked\",\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"dest_port\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"2\",\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}" ,
2016-03-15 12:50:43 +00:00
"uiStateJSON" : "{}" ,
"description" : "" ,
"savedSearchId" : "Suricata-Logs" ,
"version" : 1 ,
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : "{\"filter\":[]}"
}
}
} ,
{
2016-10-26 14:07:05 +00:00
"_id" : "Honeypot-Events" ,
2016-03-15 12:50:43 +00:00
"_type" : "visualization" ,
"_source" : {
2016-10-26 14:07:05 +00:00
"title" : "Honeypot Events" ,
"visState" : "{\"title\":\"Honeypot Events\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"type.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}" ,
2016-03-15 12:50:43 +00:00
"uiStateJSON" : "{}" ,
"description" : "" ,
2016-10-26 14:07:05 +00:00
"savedSearchId" : "Honeypot-Logs" ,
2016-03-15 12:50:43 +00:00
"version" : 1 ,
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : "{\"filter\":[]}"
}
}
} ,
{
2016-10-26 14:07:05 +00:00
"_id" : "Cowrie-Event-Counter" ,
2016-03-15 12:50:43 +00:00
"_type" : "visualization" ,
"_source" : {
2016-10-26 14:07:05 +00:00
"title" : "Cowrie - Event Counter" ,
"visState" : "{\"title\":\"Cowrie - Event Counter\",\"type\":\"metric\",\"params\":{\"fontSize\":\"48\",\"handleNoResults\":true},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Events\"}}],\"listeners\":{}}" ,
2016-03-15 12:50:43 +00:00
"uiStateJSON" : "{}" ,
"description" : "" ,
2016-10-26 14:07:05 +00:00
"savedSearchId" : "Cowrie-Logs" ,
2016-03-15 12:50:43 +00:00
"version" : 1 ,
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : "{\"filter\":[]}"
}
}
} ,
{
2016-10-26 14:07:05 +00:00
"_id" : "Suricata-DNS-Name-Top-10" ,
2016-03-15 12:50:43 +00:00
"_type" : "visualization" ,
"_source" : {
2016-10-26 14:07:05 +00:00
"title" : "Suricata - DNS Name - Top 10" ,
"visState" : "{\"title\":\"Suricata - DNS Name - Top 10\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dns.rrname.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"DNS Name\"}}],\"listeners\":{}}" ,
2016-03-15 12:50:43 +00:00
"uiStateJSON" : "{}" ,
"description" : "" ,
2016-10-26 14:07:05 +00:00
"savedSearchId" : "Suricata-Logs" ,
2016-03-15 12:50:43 +00:00
"version" : 1 ,
"kibanaSavedObjectMeta" : {
2016-10-26 14:07:05 +00:00
"searchSourceJSON" : "{\"filter\":[]}"
2016-03-15 12:50:43 +00:00
}
}
} ,
{
2016-10-26 14:07:05 +00:00
"_id" : "Honeytrap-Destination-Ports-Histogram" ,
2016-03-15 12:50:43 +00:00
"_type" : "visualization" ,
"_source" : {
2016-10-26 14:07:05 +00:00
"title" : "Honeytrap - Destination Ports Histogram" ,
"visState" : "{\"title\":\"Honeytrap - Destination Ports Histogram\",\"type\":\"histogram\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"scale\":\"linear\",\"mode\":\"stacked\",\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"dest_port\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"2\",\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}" ,
2016-03-15 12:50:43 +00:00
"uiStateJSON" : "{}" ,
"description" : "" ,
"savedSearchId" : "Honeytrap-Logs" ,
"version" : 1 ,
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : "{\"filter\":[]}"
}
}
} ,
{
2016-10-26 14:07:05 +00:00
"_id" : "Honeytrap-Destination-Ports-Top-10" ,
2016-03-15 12:50:43 +00:00
"_type" : "visualization" ,
"_source" : {
2016-10-26 14:07:05 +00:00
"title" : "Honeytrap - Destination Ports - Top 10" ,
"visState" : "{\"title\":\"Honeytrap - Destination Ports - Top 10\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"dest_port\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}" ,
2016-03-15 12:50:43 +00:00
"uiStateJSON" : "{}" ,
"description" : "" ,
"savedSearchId" : "Honeytrap-Logs" ,
"version" : 1 ,
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : "{\"filter\":[]}"
}
}
} ,
{
2016-10-26 14:07:05 +00:00
"_id" : "eMobility-Events-Histogram" ,
2016-03-15 12:50:43 +00:00
"_type" : "visualization" ,
"_source" : {
2016-10-26 14:07:05 +00:00
"title" : "eMobility - Events Histogram" ,
"visState" : "{\"title\":\"eMobility - Events Histogram\",\"type\":\"line\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"showCircles\":true,\"smoothLines\":false,\"interpolate\":\"linear\",\"scale\":\"square root\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"src_ip.raw\"}}],\"listeners\":{}}" ,
"uiStateJSON" : "{\"vis\":{\"legendOpen\":true}}" ,
2016-03-15 12:50:43 +00:00
"description" : "" ,
2016-10-26 14:07:05 +00:00
"savedSearchId" : "eMobility-Logs" ,
2016-03-15 12:50:43 +00:00
"version" : 1 ,
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : "{\"filter\":[]}"
}
}
} ,
{
2016-10-26 14:07:05 +00:00
"_id" : "Suricata-TLS-Server-Name-Indication-Top-10" ,
2016-03-15 12:50:43 +00:00
"_type" : "visualization" ,
"_source" : {
2016-10-26 14:07:05 +00:00
"title" : "Suricata - TLS Server Name Indication - Top 10" ,
"visState" : "{\"title\":\"Suricata - TLS Server Name Indication - Top 10\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"tls.sni.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"TLS Server Name Indication\"}}],\"listeners\":{}}" ,
2016-03-15 12:50:43 +00:00
"uiStateJSON" : "{}" ,
"description" : "" ,
2016-10-26 14:07:05 +00:00
"savedSearchId" : "Suricata-Logs" ,
2016-03-15 12:50:43 +00:00
"version" : 1 ,
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : "{\"filter\":[]}"
}
}
} ,
{
2016-10-26 14:07:05 +00:00
"_id" : "Cowrie-Usernames-Top-10" ,
2016-03-15 12:50:43 +00:00
"_type" : "visualization" ,
"_source" : {
2016-10-26 14:07:05 +00:00
"title" : "Cowrie - Usernames - Top 10" ,
"visState" : "{\"title\":\"Cowrie - Usernames - Top 10\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"username.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}" ,
2016-03-15 12:50:43 +00:00
"uiStateJSON" : "{}" ,
"description" : "" ,
2016-10-26 14:07:05 +00:00
"savedSearchId" : "Cowrie-Logs" ,
2016-03-15 12:50:43 +00:00
"version" : 1 ,
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : "{\"filter\":[]}"
}
}
} ,
{
2016-10-26 14:07:05 +00:00
"_id" : "Cowrie-Passwords-Top-10" ,
2016-03-15 12:50:43 +00:00
"_type" : "visualization" ,
"_source" : {
2016-10-26 14:07:05 +00:00
"title" : "Cowrie - Passwords - Top 10" ,
"visState" : "{\"title\":\"Cowrie - Passwords - Top 10\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"password.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}" ,
2016-03-15 12:50:43 +00:00
"uiStateJSON" : "{}" ,
"description" : "" ,
2016-10-26 14:07:05 +00:00
"savedSearchId" : "Cowrie-Logs" ,
2016-03-15 12:50:43 +00:00
"version" : 1 ,
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : "{\"filter\":[]}"
}
}
} ,
{
2016-10-26 14:07:05 +00:00
"_id" : "NGINX-ASN-Top-10" ,
2016-03-15 12:50:43 +00:00
"_type" : "visualization" ,
"_source" : {
2016-10-26 14:07:05 +00:00
"title" : "NGINX - ASN - Top 10" ,
"visState" : "{\"title\":\"NGINX - ASN - Top 10\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"geoip.number.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"AS\"}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"geoip.asn.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"ASN\"}}],\"listeners\":{}}" ,
2016-03-15 12:50:43 +00:00
"uiStateJSON" : "{}" ,
"description" : "" ,
2016-10-26 14:07:05 +00:00
"savedSearchId" : "NGINX-Logs" ,
2016-03-15 12:50:43 +00:00
"version" : 1 ,
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : "{\"filter\":[]}"
}
}
} ,
{
2016-10-26 14:07:05 +00:00
"_id" : "Suricata-TLS-Issuer-Top-10" ,
2016-03-15 12:50:43 +00:00
"_type" : "visualization" ,
"_source" : {
2016-10-26 14:07:05 +00:00
"title" : "Suricata - TLS Issuer - Top 10" ,
"visState" : "{\"title\":\"Suricata - TLS Issuer - Top 10\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"tls.issuerdn.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"TLS Issuer\"}}],\"listeners\":{}}" ,
2016-03-15 12:50:43 +00:00
"uiStateJSON" : "{}" ,
"description" : "" ,
"savedSearchId" : "Suricata-Logs" ,
"version" : 1 ,
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : "{\"filter\":[]}"
}
}
} ,
{
2016-10-26 14:07:05 +00:00
"_id" : "Cowrie-Map" ,
2016-03-15 12:50:43 +00:00
"_type" : "visualization" ,
"_source" : {
2016-10-26 14:07:05 +00:00
"title" : "Cowrie - Map" ,
"visState" : "{\"title\":\"Cowrie - Map\",\"type\":\"tile_map\",\"params\":{\"mapType\":\"Scaled Circle Markers\",\"isDesaturated\":true,\"addTooltip\":true,\"heatMaxZoom\":16,\"heatMinOpacity\":0.1,\"heatRadius\":25,\"heatBlur\":15,\"heatNormalizeData\":true,\"wms\":{\"enabled\":false,\"url\":\"https://basemap.nationalmap.gov/arcgis/services/USGSTopo/MapServer/WMSServer\",\"options\":{\"version\":\"1.3.0\",\"layers\":\"0\",\"format\":\"image/png\",\"transparent\":true,\"attribution\":\"Maps provided by USGS\",\"styles\":\"\"}}},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"geohash_grid\",\"schema\":\"segment\",\"params\":{\"field\":\"geoip.location\",\"autoPrecision\":true,\"precision\":2}}],\"listeners\":{}}" ,
2016-03-15 12:50:43 +00:00
"uiStateJSON" : "{}" ,
"description" : "" ,
2016-10-26 14:07:05 +00:00
"savedSearchId" : "Cowrie-Logs" ,
2016-03-15 12:50:43 +00:00
"version" : 1 ,
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : "{\"filter\":[]}"
}
}
} ,
{
2016-10-26 14:07:05 +00:00
"_id" : "Honeypot-by-Country-and-Port" ,
2016-03-15 12:50:43 +00:00
"_type" : "visualization" ,
"_source" : {
2016-10-26 14:07:05 +00:00
"title" : "Honeypot by Country and Port" ,
"visState" : "{\"title\":\"Honeypot by Country and Port\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"type\":\"terms\",\"schema\":\"split\",\"params\":{\"field\":\"geoip.country_name.raw\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"\",\"row\":false}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"dest_port\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}" ,
2016-03-15 12:50:43 +00:00
"uiStateJSON" : "{}" ,
"description" : "" ,
2016-10-26 14:07:05 +00:00
"savedSearchId" : "Honeypot-Logs" ,
2016-03-15 12:50:43 +00:00
"version" : 1 ,
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : "{\"filter\":[]}"
}
}
} ,
{
2016-10-26 14:07:05 +00:00
"_id" : "Honeypot-Events-by-Country-Histogram" ,
2016-03-15 12:50:43 +00:00
"_type" : "visualization" ,
"_source" : {
2016-10-26 14:07:05 +00:00
"title" : "Honeypot Events by Country Histogram" ,
"visState" : "{\"title\":\"Honeypot Events by Country Histogram\",\"type\":\"line\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"showCircles\":true,\"smoothLines\":false,\"interpolate\":\"linear\",\"scale\":\"square root\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"geoip.country_name.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"2\",\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}" ,
2016-03-15 12:50:43 +00:00
"uiStateJSON" : "{}" ,
"description" : "" ,
2016-10-26 14:07:05 +00:00
"savedSearchId" : "Honeypot-Logs" ,
2016-03-15 12:50:43 +00:00
"version" : 1 ,
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : "{\"filter\":[]}"
}
}
} ,
{
2016-10-26 14:07:05 +00:00
"_id" : "Honeytrap-Heatmap" ,
2016-03-15 12:50:43 +00:00
"_type" : "visualization" ,
"_source" : {
2016-10-26 14:07:05 +00:00
"title" : "Honeytrap - Heatmap" ,
"visState" : "{\"title\":\"Honeytrap - Heatmap\",\"type\":\"heatmap\",\"params\":{\"margin\":{\"top\":20,\"right\":200,\"bottom\":100,\"left\":100},\"stroke\":\"#ffffff\",\"strokeWidth\":1,\"padding\":0,\"legendNumberFormat\":\"number\",\"color\":\"Greens\",\"numberOfColors\":\"9\",\"rowAxis\":{\"filterBy\":0,\"title\":\"src_ip.raw: Descending\"},\"columnAxis\":{\"filterBy\":0,\"title\":\"dest_port: Descending\"},\"legendTitle\":\"Count\"},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"type\":\"terms\",\"schema\":\"rows\",\"params\":{\"field\":\"src_ip.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"4\",\"type\":\"terms\",\"schema\":\"columns\",\"params\":{\"field\":\"dest_port\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}" ,
2016-03-15 12:50:43 +00:00
"uiStateJSON" : "{}" ,
"description" : "" ,
2016-10-26 14:07:05 +00:00
"savedSearchId" : "Honeytrap-Logs" ,
2016-03-15 12:50:43 +00:00
"version" : 1 ,
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : "{\"filter\":[]}"
}
}
} ,
{
2016-10-26 14:07:05 +00:00
"_id" : "Suricata-Map" ,
2016-03-15 12:50:43 +00:00
"_type" : "visualization" ,
"_source" : {
2016-10-26 14:07:05 +00:00
"title" : "Suricata - Map" ,
"visState" : "{\"title\":\"Suricata - Map\",\"type\":\"tile_map\",\"params\":{\"mapType\":\"Scaled Circle Markers\",\"isDesaturated\":true,\"addTooltip\":true,\"heatMaxZoom\":16,\"heatMinOpacity\":0.1,\"heatRadius\":25,\"heatBlur\":15,\"heatNormalizeData\":true,\"wms\":{\"enabled\":false,\"url\":\"https://basemap.nationalmap.gov/arcgis/services/USGSTopo/MapServer/WMSServer\",\"options\":{\"version\":\"1.3.0\",\"layers\":\"0\",\"format\":\"image/png\",\"transparent\":true,\"attribution\":\"Maps provided by USGS\",\"styles\":\"\"}}},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"geohash_grid\",\"schema\":\"segment\",\"params\":{\"field\":\"geoip.location\",\"autoPrecision\":true,\"mapZoom\":2,\"mapCenter\":[0,-0.17578125],\"precision\":2}}],\"listeners\":{}}" ,
2016-03-15 12:50:43 +00:00
"uiStateJSON" : "{}" ,
"description" : "" ,
2016-10-26 14:07:05 +00:00
"savedSearchId" : "Suricata-Logs" ,
2016-03-15 12:50:43 +00:00
"version" : 1 ,
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : "{\"filter\":[]}"
}
}
} ,
{
2016-10-26 14:07:05 +00:00
"_id" : "Syslog-Map" ,
2016-03-15 12:50:43 +00:00
"_type" : "visualization" ,
"_source" : {
2016-10-26 14:07:05 +00:00
"title" : "Syslog - Map" ,
"visState" : "{\"title\":\"Syslog - Map\",\"type\":\"tile_map\",\"params\":{\"addTooltip\":true,\"heatBlur\":15,\"heatMaxZoom\":16,\"heatMinOpacity\":0.1,\"heatNormalizeData\":true,\"heatRadius\":25,\"isDesaturated\":true,\"mapType\":\"Scaled Circle Markers\",\"wms\":{\"enabled\":false,\"options\":{\"attribution\":\"Maps provided by USGS\",\"format\":\"image/png\",\"layers\":\"0\",\"styles\":\"\",\"transparent\":true,\"version\":\"1.3.0\"},\"url\":\"https://basemap.nationalmap.gov/arcgis/services/USGSTopo/MapServer/WMSServer\"}},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"geohash_grid\",\"schema\":\"segment\",\"params\":{\"field\":\"geoip.location\",\"autoPrecision\":true,\"precision\":2}}],\"listeners\":{}}" ,
2016-03-15 12:50:43 +00:00
"uiStateJSON" : "{}" ,
"description" : "" ,
2016-10-26 14:07:05 +00:00
"savedSearchId" : "Syslog-Logs" ,
2016-03-15 12:50:43 +00:00
"version" : 1 ,
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : "{\"filter\":[]}"
}
}
} ,
{
2016-10-26 14:07:05 +00:00
"_id" : "Cowrie-Password-Tagcloud-Large" ,
2016-03-15 12:50:43 +00:00
"_type" : "visualization" ,
"_source" : {
2016-10-26 14:07:05 +00:00
"title" : "Cowrie - Password Tagcloud - Large" ,
"visState" : "{\"title\":\"Cowrie - Password Tagcloud - Large\",\"type\":\"tagcloud\",\"params\":{\"textScale\":\"sqrt\",\"orientations\":1,\"fromDegree\":0,\"toDegree\":0,\"font\":\"serif\",\"fontStyle\":\"normal\",\"fontWeight\":\"normal\",\"timeInterval\":500,\"spiral\":\"rectangular\",\"minFontSize\":18,\"maxFontSize\":72},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"password.raw\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}" ,
2016-03-15 12:50:43 +00:00
"uiStateJSON" : "{}" ,
"description" : "" ,
2016-10-26 14:07:05 +00:00
"savedSearchId" : "Cowrie-Logs" ,
2016-03-15 12:50:43 +00:00
"version" : 1 ,
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : "{\"filter\":[]}"
}
}
} ,
{
2016-10-26 14:07:05 +00:00
"_id" : "Honeypot-Countries-Top-10" ,
2016-03-15 12:50:43 +00:00
"_type" : "visualization" ,
"_source" : {
2016-10-26 14:07:05 +00:00
"title" : "Honeypot Countries - Top 10" ,
"visState" : "{\"title\":\"Honeypot Countries - Top 10\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"geoip.country_name.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}" ,
2016-03-15 12:50:43 +00:00
"uiStateJSON" : "{}" ,
"description" : "" ,
2016-10-26 14:07:05 +00:00
"savedSearchId" : "Honeypot-Logs" ,
2016-03-15 12:50:43 +00:00
"version" : 1 ,
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : "{\"filter\":[]}"
}
}
} ,
{
2016-10-26 14:07:05 +00:00
"_id" : "Honeypot-Destination-Ports-Histogram" ,
2016-03-15 12:50:43 +00:00
"_type" : "visualization" ,
"_source" : {
2016-10-26 14:07:05 +00:00
"title" : "Honeypot Destination Ports Histogram" ,
"visState" : "{\"title\":\"Honeypot Destination Ports Histogram\",\"type\":\"histogram\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"scale\":\"linear\",\"mode\":\"stacked\",\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"dest_port\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"2\",\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}" ,
2016-03-15 12:50:43 +00:00
"uiStateJSON" : "{}" ,
"description" : "" ,
2016-10-26 14:07:05 +00:00
"savedSearchId" : "Honeypot-Logs" ,
2016-03-15 12:50:43 +00:00
"version" : 1 ,
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : "{\"filter\":[]}"
}
}
} ,
{
2016-10-26 14:07:05 +00:00
"_id" : "Honeypot-Source-IP-Top-10" ,
2016-03-15 12:50:43 +00:00
"_type" : "visualization" ,
"_source" : {
2016-10-26 14:07:05 +00:00
"title" : "Honeypot Source IP - Top 10" ,
"visState" : "{\"title\":\"Honeypot Source IP - Top 10\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"src_ip.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source IP\"}}],\"listeners\":{}}" ,
2016-03-15 12:50:43 +00:00
"uiStateJSON" : "{}" ,
"description" : "" ,
2016-10-26 14:07:05 +00:00
"savedSearchId" : "Honeypot-Logs" ,
2016-03-15 12:50:43 +00:00
"version" : 1 ,
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : "{\"filter\":[]}"
}
}
} ,
{
2016-10-26 14:07:05 +00:00
"_id" : "Dionaea-Transport" ,
2016-03-15 12:50:43 +00:00
"_type" : "visualization" ,
"_source" : {
2016-10-26 14:07:05 +00:00
"title" : "Dionaea - Transport" ,
"visState" : "{\"title\":\"Dionaea - Transport\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"connection.transport.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}" ,
2016-03-15 12:50:43 +00:00
"uiStateJSON" : "{}" ,
"description" : "" ,
2016-10-26 14:07:05 +00:00
"savedSearchId" : "Dionaea-Logs" ,
2016-03-15 12:50:43 +00:00
"version" : 1 ,
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : "{\"filter\":[]}"
}
}
} ,
{
2016-10-26 14:07:05 +00:00
"_id" : "Dionaea-Username-Tagcloud" ,
2016-03-15 12:50:43 +00:00
"_type" : "visualization" ,
"_source" : {
2016-10-26 14:07:05 +00:00
"title" : "Dionaea - Username Tagcloud" ,
"visState" : "{\"title\":\"Dionaea - Username Tagcloud\",\"type\":\"tagcloud\",\"params\":{\"textScale\":\"linear\",\"orientations\":1,\"fromDegree\":0,\"toDegree\":0,\"font\":\"serif\",\"fontStyle\":\"normal\",\"fontWeight\":\"normal\",\"timeInterval\":500,\"spiral\":\"rectangular\",\"minFontSize\":18,\"maxFontSize\":72},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"login.username.raw\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}" ,
2016-03-15 12:50:43 +00:00
"uiStateJSON" : "{}" ,
"description" : "" ,
2016-10-26 14:07:05 +00:00
"savedSearchId" : "Dionaea-Logs" ,
2016-03-15 12:50:43 +00:00
"version" : 1 ,
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : "{\"filter\":[]}"
}
}
} ,
{
2016-10-26 14:07:05 +00:00
"_id" : "Honeytrap-ASN-Top-10" ,
2016-03-15 12:50:43 +00:00
"_type" : "visualization" ,
"_source" : {
2016-10-26 14:07:05 +00:00
"title" : "Honeytrap - ASN - Top 10" ,
"visState" : "{\"title\":\"Honeytrap - ASN - Top 10\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"geoip.number.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"AS\"}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"geoip.asn.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"ASN\"}}],\"listeners\":{}}" ,
2016-03-15 12:50:43 +00:00
"uiStateJSON" : "{}" ,
"description" : "" ,
2016-10-26 14:07:05 +00:00
"savedSearchId" : "Honeytrap-Logs" ,
2016-03-15 12:50:43 +00:00
"version" : 1 ,
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : "{\"filter\":[]}"
}
}
} ,
{
2016-10-26 14:07:05 +00:00
"_id" : "Honeypot-ASN-Top-10" ,
2016-03-15 12:50:43 +00:00
"_type" : "visualization" ,
"_source" : {
2016-10-26 14:07:05 +00:00
"title" : "Honeypot ASN - Top 10" ,
"visState" : "{\"title\":\"Honeypot ASN - Top 10\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"geoip.number.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"AS\"}},{\"id\":\"3\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"geoip.asn.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"ASN\"}}],\"listeners\":{}}" ,
"uiStateJSON" : "{}" ,
2016-03-15 12:50:43 +00:00
"description" : "" ,
2016-10-26 14:07:05 +00:00
"savedSearchId" : "Honeypot-Logs" ,
2016-03-15 12:50:43 +00:00
"version" : 1 ,
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : "{\"filter\":[]}"
}
}
} ,
{
2016-10-26 14:07:05 +00:00
"_id" : "Honeypot-Map" ,
2016-03-15 12:50:43 +00:00
"_type" : "visualization" ,
"_source" : {
2016-10-26 14:07:05 +00:00
"title" : "Honeypot Map" ,
"visState" : "{\"title\":\"Honeypot Map\",\"type\":\"tile_map\",\"params\":{\"mapType\":\"Scaled Circle Markers\",\"isDesaturated\":true,\"addTooltip\":true,\"heatMaxZoom\":16,\"heatMinOpacity\":0.1,\"heatRadius\":25,\"heatBlur\":15,\"heatNormalizeData\":true,\"wms\":{\"enabled\":false,\"url\":\"https://basemap.nationalmap.gov/arcgis/services/USGSTopo/MapServer/WMSServer\",\"options\":{\"version\":\"1.3.0\",\"layers\":\"0\",\"format\":\"image/png\",\"transparent\":true,\"attribution\":\"Maps provided by USGS\",\"styles\":\"\"}}},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"geohash_grid\",\"schema\":\"segment\",\"params\":{\"field\":\"geoip.location\",\"autoPrecision\":true,\"precision\":2}}],\"listeners\":{}}" ,
2016-03-15 12:50:43 +00:00
"uiStateJSON" : "{}" ,
"description" : "" ,
2016-10-26 14:07:05 +00:00
"savedSearchId" : "Honeypot-Logs" ,
2016-03-15 12:50:43 +00:00
"version" : 1 ,
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : "{\"filter\":[]}"
}
}
} ,
{
2016-10-26 14:07:05 +00:00
"_id" : "Glastopf-Event-Counter" ,
2016-03-15 12:50:43 +00:00
"_type" : "visualization" ,
"_source" : {
2016-10-26 14:07:05 +00:00
"title" : "Glastopf - Event Counter" ,
"visState" : "{\"title\":\"Glastopf - Event Counter\",\"type\":\"metric\",\"params\":{\"fontSize\":\"48\",\"handleNoResults\":true},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Events\"}}],\"listeners\":{}}" ,
2016-03-15 12:50:43 +00:00
"uiStateJSON" : "{}" ,
"description" : "" ,
2016-10-26 14:07:05 +00:00
"savedSearchId" : "Glastopf-Logs" ,
2016-03-15 12:50:43 +00:00
"version" : 1 ,
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : "{\"filter\":[]}"
}
}
} ,
{
2016-10-26 14:07:05 +00:00
"_id" : "Honeytrap-Events-by-Country-Histogram" ,
2016-03-15 12:50:43 +00:00
"_type" : "visualization" ,
"_source" : {
2016-10-26 14:07:05 +00:00
"title" : "Honeytrap - Events by Country Histogram" ,
"visState" : "{\"title\":\"Honeytrap - Events by Country Histogram\",\"type\":\"line\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"showCircles\":true,\"smoothLines\":false,\"interpolate\":\"linear\",\"scale\":\"square root\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"geoip.country_name.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"2\",\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}" ,
2016-03-15 12:50:43 +00:00
"uiStateJSON" : "{}" ,
"description" : "" ,
2016-10-26 14:07:05 +00:00
"savedSearchId" : "Honeytrap-Logs" ,
2016-03-15 12:50:43 +00:00
"version" : 1 ,
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : "{\"filter\":[]}"
}
}
} ,
{
2016-10-26 14:07:05 +00:00
"_id" : "Honeytrap-Events-Histogram" ,
2016-03-15 12:50:43 +00:00
"_type" : "visualization" ,
"_source" : {
2016-10-26 14:07:05 +00:00
"title" : "Honeytrap - Events Histogram" ,
"visState" : "{\"title\":\"Honeytrap - Events Histogram\",\"type\":\"line\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"showCircles\":true,\"smoothLines\":false,\"interpolate\":\"linear\",\"scale\":\"square root\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Access Count\"}},{\"id\":\"2\",\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"src_ip.raw\",\"customLabel\":\"Unique Source IPs\"}},{\"id\":\"3\",\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}" ,
2016-03-15 12:50:43 +00:00
"uiStateJSON" : "{}" ,
"description" : "" ,
2016-10-26 14:07:05 +00:00
"savedSearchId" : "Honeytrap-Logs" ,
2016-03-15 12:50:43 +00:00
"version" : 1 ,
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : "{\"filter\":[]}"
}
}
} ,
{
2016-10-26 14:07:05 +00:00
"_id" : "eMobility-Map" ,
2016-03-15 12:50:43 +00:00
"_type" : "visualization" ,
"_source" : {
2016-10-26 14:07:05 +00:00
"title" : "eMobility - Map" ,
"visState" : "{\"title\":\"eMobility - Map\",\"type\":\"tile_map\",\"params\":{\"mapType\":\"Scaled Circle Markers\",\"isDesaturated\":true,\"addTooltip\":true,\"heatMaxZoom\":16,\"heatMinOpacity\":0.1,\"heatRadius\":25,\"heatBlur\":15,\"heatNormalizeData\":true,\"wms\":{\"enabled\":false,\"url\":\"https://basemap.nationalmap.gov/arcgis/services/USGSTopo/MapServer/WMSServer\",\"options\":{\"version\":\"1.3.0\",\"layers\":\"0\",\"format\":\"image/png\",\"transparent\":true,\"attribution\":\"Maps provided by USGS\",\"styles\":\"\"}}},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"geohash_grid\",\"schema\":\"segment\",\"params\":{\"field\":\"geoip.location\",\"autoPrecision\":true,\"precision\":2}}],\"listeners\":{}}" ,
2016-03-15 12:50:43 +00:00
"uiStateJSON" : "{}" ,
"description" : "" ,
2016-10-26 14:07:05 +00:00
"savedSearchId" : "eMobility-Logs" ,
2016-03-15 12:50:43 +00:00
"version" : 1 ,
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : "{\"filter\":[]}"
}
}
} ,
{
2016-10-26 14:07:05 +00:00
"_id" : "Dionaea-Map" ,
2016-03-15 12:50:43 +00:00
"_type" : "visualization" ,
"_source" : {
2016-10-26 14:07:05 +00:00
"title" : "Dionaea - Map" ,
"visState" : "{\"title\":\"Dionaea - Map\",\"type\":\"tile_map\",\"params\":{\"mapType\":\"Scaled Circle Markers\",\"isDesaturated\":true,\"addTooltip\":true,\"heatMaxZoom\":16,\"heatMinOpacity\":0.1,\"heatRadius\":25,\"heatBlur\":15,\"heatNormalizeData\":true,\"wms\":{\"enabled\":false,\"url\":\"https://basemap.nationalmap.gov/arcgis/services/USGSTopo/MapServer/WMSServer\",\"options\":{\"version\":\"1.3.0\",\"layers\":\"0\",\"format\":\"image/png\",\"transparent\":true,\"attribution\":\"Maps provided by USGS\",\"styles\":\"\"}}},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"geohash_grid\",\"schema\":\"segment\",\"params\":{\"field\":\"geoip.location\",\"autoPrecision\":true,\"precision\":2}}],\"listeners\":{}}" ,
2016-03-15 12:50:43 +00:00
"uiStateJSON" : "{}" ,
"description" : "" ,
2016-10-26 14:07:05 +00:00
"savedSearchId" : "Dionaea-Logs" ,
2016-03-15 12:50:43 +00:00
"version" : 1 ,
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : "{\"filter\":[]}"
}
}
} ,
{
2016-10-26 14:07:05 +00:00
"_id" : "Dionaea-Username-Tagcloud-Large" ,
2016-03-15 12:50:43 +00:00
"_type" : "visualization" ,
"_source" : {
2016-10-26 14:07:05 +00:00
"title" : "Dionaea - Username Tagcloud - Large" ,
"visState" : "{\"title\":\"Dionaea - Username Tagcloud - Large\",\"type\":\"tagcloud\",\"params\":{\"font\":\"serif\",\"fontStyle\":\"normal\",\"fontWeight\":\"normal\",\"fromDegree\":0,\"maxFontSize\":72,\"minFontSize\":18,\"orientations\":1,\"spiral\":\"rectangular\",\"textScale\":\"sqrt\",\"timeInterval\":500,\"toDegree\":0},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"login.username.raw\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}" ,
"uiStateJSON" : "{}" ,
2016-03-15 12:50:43 +00:00
"description" : "" ,
2016-10-26 14:07:05 +00:00
"savedSearchId" : "Dionaea-Logs" ,
2016-03-15 12:50:43 +00:00
"version" : 1 ,
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : "{\"filter\":[]}"
}
}
} ,
{
2016-10-26 14:07:05 +00:00
"_id" : "Glastopf-Map" ,
2016-03-15 12:50:43 +00:00
"_type" : "visualization" ,
"_source" : {
2016-10-26 14:07:05 +00:00
"title" : "Glastopf - Map" ,
"visState" : "{\"title\":\"Glastopf - Map\",\"type\":\"tile_map\",\"params\":{\"mapType\":\"Scaled Circle Markers\",\"isDesaturated\":true,\"addTooltip\":true,\"heatMaxZoom\":16,\"heatMinOpacity\":0.1,\"heatRadius\":25,\"heatBlur\":15,\"heatNormalizeData\":true,\"wms\":{\"enabled\":false,\"url\":\"https://basemap.nationalmap.gov/arcgis/services/USGSTopo/MapServer/WMSServer\",\"options\":{\"version\":\"1.3.0\",\"layers\":\"0\",\"format\":\"image/png\",\"transparent\":true,\"attribution\":\"Maps provided by USGS\",\"styles\":\"\"}}},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"geohash_grid\",\"schema\":\"segment\",\"params\":{\"field\":\"geoip.location\",\"autoPrecision\":true,\"precision\":2}}],\"listeners\":{}}" ,
2016-03-15 12:50:43 +00:00
"uiStateJSON" : "{}" ,
"description" : "" ,
2016-10-26 14:07:05 +00:00
"savedSearchId" : "Glastopf-Logs" ,
2016-03-15 12:50:43 +00:00
"version" : 1 ,
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : "{\"filter\":[]}"
}
}
} ,
{
2016-10-26 14:07:05 +00:00
"_id" : "Dionaea-Event-Counter" ,
2016-03-15 12:50:43 +00:00
"_type" : "visualization" ,
"_source" : {
2016-10-26 14:07:05 +00:00
"title" : "Dionaea - Event Counter" ,
"visState" : "{\"title\":\"Dionaea - Event Counter\",\"type\":\"metric\",\"params\":{\"handleNoResults\":true,\"fontSize\":\"48\"},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Events\"}}],\"listeners\":{}}" ,
2016-03-15 12:50:43 +00:00
"uiStateJSON" : "{}" ,
"description" : "" ,
2016-10-26 14:07:05 +00:00
"savedSearchId" : "Dionaea-Logs" ,
2016-03-15 12:50:43 +00:00
"version" : 1 ,
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : "{\"filter\":[]}"
}
}
} ,
{
2016-10-26 14:07:05 +00:00
"_id" : "Honeytrap-Countries-Top-10" ,
2016-03-15 12:50:43 +00:00
"_type" : "visualization" ,
"_source" : {
2016-10-26 14:07:05 +00:00
"title" : "Honeytrap - Countries - Top 10" ,
"visState" : "{\"title\":\"Honeytrap - Countries - Top 10\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"geoip.country_name.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}" ,
2016-03-15 12:50:43 +00:00
"uiStateJSON" : "{}" ,
"description" : "" ,
2016-10-26 14:07:05 +00:00
"savedSearchId" : "Honeytrap-Logs" ,
2016-03-15 12:50:43 +00:00
"version" : 1 ,
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : "{\"filter\":[]}"
}
}
} ,
{
2016-10-26 14:07:05 +00:00
"_id" : "Suricata-HTTP-Hostname-Top-10" ,
2016-03-15 12:50:43 +00:00
"_type" : "visualization" ,
"_source" : {
2016-10-26 14:07:05 +00:00
"title" : "Suricata - HTTP Hostname - Top 10" ,
"visState" : "{\"title\":\"Suricata - HTTP Hostname - Top 10\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"http.hostname.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"HTTP Hostname\"}}],\"listeners\":{}}" ,
2016-03-15 12:50:43 +00:00
"uiStateJSON" : "{}" ,
"description" : "" ,
2016-10-26 14:07:05 +00:00
"savedSearchId" : "Suricata-Logs" ,
2016-03-15 12:50:43 +00:00
"version" : 1 ,
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : "{\"filter\":[]}"
}
}
} ,
{
2016-10-26 14:07:05 +00:00
"_id" : "Dionaea-Password-Tagcloud" ,
2016-03-15 12:50:43 +00:00
"_type" : "visualization" ,
"_source" : {
2016-10-26 14:07:05 +00:00
"title" : "Dionaea - Password Tagcloud" ,
"visState" : "{\"title\":\"Dionaea - Password Tagcloud\",\"type\":\"tagcloud\",\"params\":{\"textScale\":\"linear\",\"orientations\":1,\"fromDegree\":0,\"toDegree\":0,\"font\":\"serif\",\"fontStyle\":\"normal\",\"fontWeight\":\"normal\",\"timeInterval\":500,\"spiral\":\"rectangular\",\"minFontSize\":18,\"maxFontSize\":72},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"login.password.raw\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}" ,
2016-03-15 12:50:43 +00:00
"uiStateJSON" : "{}" ,
"description" : "" ,
2016-10-26 14:07:05 +00:00
"savedSearchId" : "Dionaea-Logs" ,
2016-03-15 12:50:43 +00:00
"version" : 1 ,
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : "{\"filter\":[]}"
}
}
} ,
{
2016-10-26 14:07:05 +00:00
"_id" : "ConPot-Event-Counter" ,
2016-03-15 12:50:43 +00:00
"_type" : "visualization" ,
"_source" : {
2016-10-26 14:07:05 +00:00
"title" : "ConPot - Event Counter" ,
"visState" : "{\"title\":\"ConPot - Event Counter\",\"type\":\"metric\",\"params\":{\"handleNoResults\":true,\"fontSize\":\"48\"},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}" ,
2016-03-15 12:50:43 +00:00
"uiStateJSON" : "{}" ,
"description" : "" ,
2016-10-26 14:07:05 +00:00
"savedSearchId" : "ConPot-Logs" ,
2016-03-15 12:50:43 +00:00
"version" : 1 ,
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : "{\"filter\":[]}"
}
}
} ,
{
2016-10-26 14:07:05 +00:00
"_id" : "Honeypot-Events-Histogram" ,
2016-03-15 12:50:43 +00:00
"_type" : "visualization" ,
"_source" : {
2016-10-26 14:07:05 +00:00
"title" : "Honeypot Events Histogram" ,
"visState" : "{\"title\":\"Honeypot Events Histogram\",\"type\":\"line\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"showCircles\":true,\"smoothLines\":false,\"interpolate\":\"linear\",\"scale\":\"square root\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"type.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}" ,
"uiStateJSON" : "{}" ,
"description" : "" ,
"savedSearchId" : "Honeypot-Logs" ,
"version" : 1 ,
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : "{\"filter\":[]}"
}
}
} ,
{
"_id" : "ElasticPot-Map" ,
"_type" : "visualization" ,
"_source" : {
"title" : "ElasticPot - Map" ,
"visState" : "{\"title\":\"ElasticPot - Map\",\"type\":\"tile_map\",\"params\":{\"mapType\":\"Scaled Circle Markers\",\"isDesaturated\":true,\"addTooltip\":true,\"heatMaxZoom\":16,\"heatMinOpacity\":0.1,\"heatRadius\":25,\"heatBlur\":15,\"heatNormalizeData\":true,\"wms\":{\"enabled\":false,\"url\":\"https://basemap.nationalmap.gov/arcgis/services/USGSTopo/MapServer/WMSServer\",\"options\":{\"version\":\"1.3.0\",\"layers\":\"0\",\"format\":\"image/png\",\"transparent\":true,\"attribution\":\"Maps provided by USGS\",\"styles\":\"\"}}},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"geohash_grid\",\"schema\":\"segment\",\"params\":{\"field\":\"geoip.location\",\"autoPrecision\":true,\"precision\":2}}],\"listeners\":{}}" ,
"uiStateJSON" : "{}" ,
"description" : "" ,
"savedSearchId" : "ElasticPot-Logs" ,
"version" : 1 ,
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : "{\"filter\":[]}"
}
}
} ,
{
"_id" : "Honeytrap-Map" ,
"_type" : "visualization" ,
"_source" : {
"title" : "Honeytrap - Map" ,
"visState" : "{\"title\":\"Honeytrap - Map\",\"type\":\"tile_map\",\"params\":{\"mapType\":\"Scaled Circle Markers\",\"isDesaturated\":true,\"addTooltip\":true,\"heatMaxZoom\":16,\"heatMinOpacity\":0.1,\"heatRadius\":25,\"heatBlur\":15,\"heatNormalizeData\":true,\"wms\":{\"enabled\":false,\"url\":\"https://basemap.nationalmap.gov/arcgis/services/USGSTopo/MapServer/WMSServer\",\"options\":{\"version\":\"1.3.0\",\"layers\":\"0\",\"format\":\"image/png\",\"transparent\":true,\"attribution\":\"Maps provided by USGS\",\"styles\":\"\"}}},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"geohash_grid\",\"schema\":\"segment\",\"params\":{\"field\":\"geoip.location\",\"autoPrecision\":true,\"precision\":2}}],\"listeners\":{}}" ,
"uiStateJSON" : "{}" ,
"description" : "" ,
"savedSearchId" : "Honeytrap-Logs" ,
"version" : 1 ,
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : "{\"filter\":[]}"
}
}
} ,
{
"_id" : "Honeytrap-Event-Counter" ,
"_type" : "visualization" ,
"_source" : {
"title" : "Honeytrap - Event Counter" ,
"visState" : "{\"title\":\"Honeytrap - Event Counter\",\"type\":\"metric\",\"params\":{\"handleNoResults\":true,\"fontSize\":\"48\"},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Events\"}}],\"listeners\":{}}" ,
"uiStateJSON" : "{}" ,
"description" : "" ,
"savedSearchId" : "Honeytrap-Logs" ,
"version" : 1 ,
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : "{\"filter\":[]}"
}
}
} ,
{
"_id" : "P0f-OS-Top-10" ,
"_type" : "visualization" ,
"_source" : {
"title" : "P0f - OS - Top 10" ,
"visState" : "{\"title\":\"P0f - OS - Top 10\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"os.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}" ,
"uiStateJSON" : "{}" ,
"description" : "" ,
"savedSearchId" : "P0f-Logs" ,
"version" : 1 ,
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : "{\"filter\":[]}"
}
}
} ,
{
"_id" : "Honeytrap-Source-IP-Top-10" ,
"_type" : "visualization" ,
"_source" : {
"title" : "Honeytrap - Source IP - Top 10" ,
"visState" : "{\"title\":\"Honeytrap - Source IP - Top 10\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"src_ip.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source IP\"}}],\"listeners\":{}}" ,
"uiStateJSON" : "{}" ,
"description" : "" ,
"savedSearchId" : "Honeytrap-Logs" ,
"version" : 1 ,
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : "{\"filter\":[]}"
}
}
} ,
{
"_id" : "NGINX-Map" ,
"_type" : "visualization" ,
"_source" : {
"title" : "NGINX - Map" ,
"visState" : "{\"title\":\"NGINX - Map\",\"type\":\"tile_map\",\"params\":{\"mapType\":\"Scaled Circle Markers\",\"isDesaturated\":true,\"addTooltip\":true,\"heatMaxZoom\":16,\"heatMinOpacity\":0.1,\"heatRadius\":25,\"heatBlur\":15,\"heatNormalizeData\":true,\"wms\":{\"enabled\":false,\"url\":\"https://basemap.nationalmap.gov/arcgis/services/USGSTopo/MapServer/WMSServer\",\"options\":{\"version\":\"1.3.0\",\"layers\":\"0\",\"format\":\"image/png\",\"transparent\":true,\"attribution\":\"Maps provided by USGS\",\"styles\":\"\"}}},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"geohash_grid\",\"schema\":\"segment\",\"params\":{\"field\":\"geoip.location\",\"autoPrecision\":true,\"precision\":2}}],\"listeners\":{}}" ,
"uiStateJSON" : "{}" ,
"description" : "" ,
"savedSearchId" : "NGINX-Logs" ,
"version" : 1 ,
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : "{\"filter\":[]}"
}
}
} ,
{
"_id" : "Syslog-Source-IP-Top-10" ,
"_type" : "visualization" ,
"_source" : {
"title" : "Syslog - Source IP - Top 10" ,
"visState" : "{\"title\":\"Syslog - Source IP - Top 10\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showMeticsAtAllLevels\":false,\"showPartialRows\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"src_ip.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source IP\"}}],\"listeners\":{}}" ,
"uiStateJSON" : "{}" ,
"description" : "" ,
"savedSearchId" : "Syslog-Logs" ,
"version" : 1 ,
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : "{\"filter\":[]}"
}
}
} ,
{
"_id" : "ElasticPot-Event-Counter" ,
"_type" : "visualization" ,
"_source" : {
"title" : "ElasticPot - Event Counter" ,
"visState" : "{\"title\":\"ElasticPot - Event Counter\",\"type\":\"metric\",\"params\":{\"fontSize\":\"48\",\"handleNoResults\":true},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Events\"}}],\"listeners\":{}}" ,
"uiStateJSON" : "{}" ,
"description" : "" ,
"savedSearchId" : "ElasticPot-Logs" ,
"version" : 1 ,
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : "{\"filter\":[]}"
}
}
} ,
{
"_id" : "Dionaea-Type" ,
"_type" : "visualization" ,
"_source" : {
"title" : "Dionaea - Type" ,
"visState" : "{\"title\":\"Dionaea - Type\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"connection.type.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}" ,
"uiStateJSON" : "{}" ,
"description" : "" ,
"savedSearchId" : "Dionaea-Logs" ,
"version" : 1 ,
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : "{\"filter\":[]}"
}
}
} ,
{
"_id" : "Suricata-Alert-Signature-Histogram-Top-10" ,
"_type" : "visualization" ,
"_source" : {
"title" : "Suricata - Alert Signature Histogram - Top 10" ,
"visState" : "{\"title\":\"Suricata - Alert Signature Histogram - Top 10\",\"type\":\"line\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"showCircles\":true,\"smoothLines\":false,\"interpolate\":\"linear\",\"scale\":\"square root\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"alert.signature.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}" ,
2016-03-15 12:50:43 +00:00
"uiStateJSON" : "{}" ,
"description" : "" ,
"savedSearchId" : "Suricata-Logs" ,
"version" : 1 ,
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : "{\"filter\":[]}"
}
}
} ,
2016-10-26 14:07:05 +00:00
{
"_id" : "ConPot-Source-IP-Top-10" ,
"_type" : "visualization" ,
"_source" : {
"title" : "ConPot - Source IP - Top 10" ,
"visState" : "{\"title\":\"ConPot - Source IP - Top 10\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"src_ip.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source IP\"}}],\"listeners\":{}}" ,
"uiStateJSON" : "{}" ,
"description" : "" ,
"savedSearchId" : "ConPot-Logs" ,
"version" : 1 ,
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : "{\"filter\":[]}"
}
}
} ,
{
"_id" : "NGINX-HTTP-Method-Pie-Top-10" ,
"_type" : "visualization" ,
"_source" : {
"title" : "NGINX - HTTP Method Pie - Top 10" ,
"visState" : "{\"title\":\"NGINX - HTTP Method Pie - Top 10\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"request_method.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}" ,
"uiStateJSON" : "{}" ,
"description" : "" ,
"savedSearchId" : "NGINX-Logs" ,
"version" : 1 ,
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : "{\"filter\":[]}"
}
}
} ,
{
"_id" : "ConPot-Response-Top-10" ,
"_type" : "visualization" ,
"_source" : {
"title" : "ConPot - Response - Top 10" ,
"visState" : "{\"title\":\"ConPot - Response - Top 10\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"response.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Response\"}}],\"listeners\":{}}" ,
"uiStateJSON" : "{}" ,
"description" : "" ,
"savedSearchId" : "ConPot-Logs" ,
"version" : 1 ,
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : "{\"filter\":[]}"
}
}
} ,
{
"_id" : "NGINX-Top-Users-Histogram" ,
"_type" : "visualization" ,
"_source" : {
"title" : "NGINX - Top Users Histogram" ,
"visState" : "{\"title\":\"NGINX - Top Users Histogram\",\"type\":\"histogram\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"scale\":\"linear\",\"mode\":\"stacked\",\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"remote_user.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"2\",\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}" ,
"uiStateJSON" : "{}" ,
"description" : "" ,
"savedSearchId" : "NGINX-Logs" ,
"version" : 1 ,
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : "{\"filter\":[]}"
}
}
} ,
{
"_id" : "Cowrie-Unique-Session-Counter" ,
"_type" : "visualization" ,
"_source" : {
"title" : "Cowrie - Unique Session Counter" ,
"visState" : "{\"title\":\"Cowrie - Unique Session Counter\",\"type\":\"metric\",\"params\":{\"fontSize\":\"48\",\"handleNoResults\":true},\"aggs\":[{\"id\":\"1\",\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"session.raw\",\"customLabel\":\"Unique Sessions\"}}],\"listeners\":{}}" ,
"uiStateJSON" : "{}" ,
"description" : "" ,
"savedSearchId" : "Cowrie-Logs" ,
"version" : 1 ,
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : "{\"filter\":[]}"
}
}
} ,
2016-03-15 12:50:43 +00:00
{
"_id" : "Dionaea-Countries-Top-10" ,
"_type" : "visualization" ,
"_source" : {
"title" : "Dionaea - Countries - Top 10" ,
"visState" : "{\"title\":\"Dionaea - Countries - Top 10\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"geoip.country_name.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}" ,
"uiStateJSON" : "{}" ,
"description" : "" ,
"savedSearchId" : "Dionaea-Logs" ,
"version" : 1 ,
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : "{\"filter\":[]}"
}
}
} ,
{
2016-10-26 14:07:05 +00:00
"_id" : "Dionaea-Events-by-Country-Histogram" ,
2016-03-15 12:50:43 +00:00
"_type" : "visualization" ,
"_source" : {
2016-10-26 14:07:05 +00:00
"title" : "Dionaea - Events by Country Histogram" ,
"visState" : "{\"title\":\"Dionaea - Events by Country Histogram\",\"type\":\"line\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"showCircles\":true,\"smoothLines\":false,\"interpolate\":\"linear\",\"scale\":\"square root\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"geoip.country_name.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"2\",\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}" ,
2016-03-15 12:50:43 +00:00
"uiStateJSON" : "{}" ,
"description" : "" ,
2016-10-26 14:07:05 +00:00
"savedSearchId" : "Dionaea-Logs" ,
2016-03-15 12:50:43 +00:00
"version" : 1 ,
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : "{\"filter\":[]}"
}
}
} ,
{
2016-10-26 14:07:05 +00:00
"_id" : "Suricata-Countries-Top-10" ,
2016-03-15 12:50:43 +00:00
"_type" : "visualization" ,
"_source" : {
2016-10-26 14:07:05 +00:00
"title" : "Suricata - Countries - Top 10" ,
"visState" : "{\"title\":\"Suricata - Countries - Top 10\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"geoip.country_name.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}" ,
2016-03-15 12:50:43 +00:00
"uiStateJSON" : "{}" ,
"description" : "" ,
2016-10-26 14:07:05 +00:00
"savedSearchId" : "Suricata-Logs" ,
2016-03-15 12:50:43 +00:00
"version" : 1 ,
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : "{\"filter\":[]}"
}
}
} ,
{
2016-10-26 14:07:05 +00:00
"_id" : "ConPot-Input-Top-10" ,
2016-03-15 12:50:43 +00:00
"_type" : "visualization" ,
"_source" : {
2016-10-26 14:07:05 +00:00
"title" : "ConPot - Input - Top 10" ,
"visState" : "{\"title\":\"ConPot - Input - Top 10\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"request.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Input\"}}],\"listeners\":{}}" ,
2016-03-15 12:50:43 +00:00
"uiStateJSON" : "{}" ,
"description" : "" ,
2016-10-26 14:07:05 +00:00
"savedSearchId" : "ConPot-Logs" ,
2016-03-15 12:50:43 +00:00
"version" : 1 ,
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : "{\"filter\":[]}"
}
}
} ,
{
2016-10-26 14:07:05 +00:00
"_id" : "ElasticPot-Events-by-Country-Histogram" ,
2016-03-15 12:50:43 +00:00
"_type" : "visualization" ,
"_source" : {
2016-10-26 14:07:05 +00:00
"title" : "ElasticPot - Events by Country Histogram" ,
"visState" : "{\"title\":\"ElasticPot - Events by Country Histogram\",\"type\":\"line\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"showCircles\":true,\"smoothLines\":false,\"interpolate\":\"linear\",\"scale\":\"square root\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"geoip.country_name.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"2\",\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}" ,
2016-03-15 12:50:43 +00:00
"uiStateJSON" : "{}" ,
"description" : "" ,
"savedSearchId" : "ElasticPot-Logs" ,
"version" : 1 ,
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : "{\"filter\":[]}"
}
}
} ,
{
2016-10-26 14:07:05 +00:00
"_id" : "Cowrie-Events-Histogram" ,
2016-03-15 12:50:43 +00:00
"_type" : "visualization" ,
"_source" : {
2016-10-26 14:07:05 +00:00
"title" : "Cowrie - Events Histogram" ,
"visState" : "{\"title\":\"Cowrie - Events Histogram\",\"type\":\"line\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"showCircles\":true,\"smoothLines\":false,\"interpolate\":\"linear\",\"scale\":\"square root\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Access Count\"}},{\"id\":\"2\",\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"session.raw\",\"customLabel\":\"Unique Source IPs\"}}],\"listeners\":{}}" ,
"uiStateJSON" : "{\"vis\":{\"legendOpen\":true}}" ,
2016-03-15 12:50:43 +00:00
"description" : "" ,
2016-10-26 14:07:05 +00:00
"savedSearchId" : "Cowrie-Logs" ,
2016-03-15 12:50:43 +00:00
"version" : 1 ,
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : "{\"filter\":[]}"
}
}
} ,
{
2016-10-26 14:07:05 +00:00
"_id" : "Suricata-SSH-Server-Software-Version-Top-10" ,
2016-03-15 12:50:43 +00:00
"_type" : "visualization" ,
"_source" : {
2016-10-26 14:07:05 +00:00
"title" : "Suricata - SSH Server Software Version - Top 10" ,
"visState" : "{\"title\":\"Suricata - SSH Server Software Version - Top 10\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"ssh.server.software_version.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"SSH Server Version\"}}],\"listeners\":{}}" ,
2016-03-15 12:50:43 +00:00
"uiStateJSON" : "{}" ,
"description" : "" ,
2016-10-26 14:07:05 +00:00
"savedSearchId" : "Suricata-Logs" ,
2016-03-15 12:50:43 +00:00
"version" : 1 ,
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : "{\"filter\":[]}"
}
}
} ,
{
2016-10-26 14:07:05 +00:00
"_id" : "Syslog-ASN-Top-10" ,
2016-03-15 12:50:43 +00:00
"_type" : "visualization" ,
"_source" : {
2016-10-26 14:07:05 +00:00
"title" : "Syslog - ASN - Top 10" ,
"visState" : "{\"title\":\"Syslog - ASN - Top 10\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showMeticsAtAllLevels\":false,\"showPartialRows\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"geoip.number.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"AS\"}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"geoip.asn.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"ASN\"}}],\"listeners\":{}}" ,
2016-03-15 12:50:43 +00:00
"uiStateJSON" : "{}" ,
"description" : "" ,
"savedSearchId" : "Syslog-Logs" ,
"version" : 1 ,
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : "{\"filter\":[]}"
}
}
} ,
{
2016-10-26 14:07:05 +00:00
"_id" : "eMobility-Source-IP-Top-10" ,
2016-03-15 12:50:43 +00:00
"_type" : "visualization" ,
"_source" : {
2016-10-26 14:07:05 +00:00
"title" : "eMobility - Source IP - Top 10" ,
"visState" : "{\"title\":\"eMobility - Source IP - Top 10\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"src_ip.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source IP\"}}],\"listeners\":{}}" ,
2016-03-15 12:50:43 +00:00
"uiStateJSON" : "{}" ,
"description" : "" ,
2016-10-26 14:07:05 +00:00
"savedSearchId" : "eMobility-Logs" ,
2016-03-15 12:50:43 +00:00
"version" : 1 ,
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : "{\"filter\":[]}"
}
}
} ,
{
2016-10-26 14:07:05 +00:00
"_id" : "Cowrie-Version-Table-Top-10" ,
2016-03-15 12:50:43 +00:00
"_type" : "visualization" ,
"_source" : {
2016-10-26 14:07:05 +00:00
"title" : "Cowrie - Version Table - Top 10" ,
"visState" : "{\"title\":\"Cowrie - Version Table - Top 10\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"version.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"SSH Version\"}}],\"listeners\":{}}" ,
2016-03-15 12:50:43 +00:00
"uiStateJSON" : "{}" ,
"description" : "" ,
2016-10-26 14:07:05 +00:00
"savedSearchId" : "Cowrie-Logs" ,
2016-03-15 12:50:43 +00:00
"version" : 1 ,
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : "{\"filter\":[]}"
}
}
} ,
{
2016-10-26 14:07:05 +00:00
"_id" : "Cowrie-Password-Tagcloud" ,
2016-03-15 12:50:43 +00:00
"_type" : "visualization" ,
"_source" : {
2016-10-26 14:07:05 +00:00
"title" : "Cowrie - Password Tagcloud" ,
"visState" : "{\"title\":\"Cowrie - Password Tagcloud\",\"type\":\"tagcloud\",\"params\":{\"textScale\":\"linear\",\"orientations\":1,\"fromDegree\":\"0\",\"toDegree\":\"0\",\"font\":\"serif\",\"fontStyle\":\"normal\",\"fontWeight\":\"normal\",\"timeInterval\":\"500\",\"spiral\":\"rectangular\",\"minFontSize\":\"18\",\"maxFontSize\":\"72\"},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"password.raw\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}" ,
2016-03-15 12:50:43 +00:00
"uiStateJSON" : "{}" ,
"description" : "" ,
2016-10-26 14:07:05 +00:00
"savedSearchId" : "Cowrie-Logs" ,
2016-03-15 12:50:43 +00:00
"version" : 1 ,
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : "{\"filter\":[]}"
}
}
} ,
{
2016-10-26 14:07:05 +00:00
"_id" : "Glastopf-ASN-Top-10" ,
2016-03-15 12:50:43 +00:00
"_type" : "visualization" ,
"_source" : {
2016-10-26 14:07:05 +00:00
"title" : "Glastopf - ASN - Top 10" ,
"visState" : "{\"title\":\"Glastopf - ASN - Top 10\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"geoip.number.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"AS\"}},{\"id\":\"3\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"geoip.asn.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"ASN\"}}],\"listeners\":{}}" ,
2016-03-15 12:50:43 +00:00
"uiStateJSON" : "{}" ,
"description" : "" ,
2016-10-26 14:07:05 +00:00
"savedSearchId" : "Glastopf-Logs" ,
2016-03-15 12:50:43 +00:00
"version" : 1 ,
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : "{\"filter\":[]}"
}
}
} ,
{
2016-10-26 14:07:05 +00:00
"_id" : "eMobility-ASN-Top-10" ,
2016-03-15 12:50:43 +00:00
"_type" : "visualization" ,
"_source" : {
2016-10-26 14:07:05 +00:00
"title" : "eMobility - ASN - Top 10" ,
"visState" : "{\"title\":\"eMobility - ASN - Top 10\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"geoip.number.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"AS\"}},{\"id\":\"3\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"geoip.asn.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"ASN\"}}],\"listeners\":{}}" ,
2016-03-15 12:50:43 +00:00
"uiStateJSON" : "{}" ,
"description" : "" ,
2016-10-26 14:07:05 +00:00
"savedSearchId" : "eMobility-Logs" ,
2016-03-15 12:50:43 +00:00
"version" : 1 ,
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : "{\"filter\":[]}"
}
}
} ,
{
2016-10-26 14:07:05 +00:00
"_id" : "Suricata-Event-Counter" ,
2016-03-15 12:50:43 +00:00
"_type" : "visualization" ,
"_source" : {
2016-10-26 14:07:05 +00:00
"title" : "Suricata - Event Counter" ,
"visState" : "{\"title\":\"Suricata - Event Counter\",\"type\":\"metric\",\"params\":{\"fontSize\":\"48\"},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}" ,
"uiStateJSON" : "{}" ,
2016-03-15 12:50:43 +00:00
"description" : "" ,
2016-10-26 14:07:05 +00:00
"savedSearchId" : "Suricata-Logs" ,
2016-03-15 12:50:43 +00:00
"version" : 1 ,
"kibanaSavedObjectMeta" : {
2016-10-26 14:07:05 +00:00
"searchSourceJSON" : "{\"filter\":[]}"
2016-03-15 12:50:43 +00:00
}
}
} ,
{
2016-10-26 14:07:05 +00:00
"_id" : "ElasticPot-Events-Histogram" ,
2016-03-15 12:50:43 +00:00
"_type" : "visualization" ,
"_source" : {
2016-10-26 14:07:05 +00:00
"title" : "ElasticPot - Events Histogram" ,
"visState" : "{\"title\":\"ElasticPot - Events Histogram\",\"type\":\"line\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"showCircles\":true,\"smoothLines\":false,\"interpolate\":\"linear\",\"scale\":\"square root\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Access Count\"}},{\"id\":\"2\",\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"src_ip.raw\",\"customLabel\":\"Unique Source IPs\"}}],\"listeners\":{}}" ,
2016-03-15 12:50:43 +00:00
"uiStateJSON" : "{}" ,
"description" : "" ,
2016-10-26 14:07:05 +00:00
"savedSearchId" : "ElasticPot-Logs" ,
2016-03-15 12:50:43 +00:00
"version" : 1 ,
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : "{\"filter\":[]}"
}
}
} ,
{
2016-10-26 14:07:05 +00:00
"_id" : "Dionaea-Source-IP-Top-10" ,
2016-03-15 12:50:43 +00:00
"_type" : "visualization" ,
"_source" : {
2016-10-26 14:07:05 +00:00
"title" : "Dionaea - Source IP - Top 10" ,
"visState" : "{\"title\":\"Dionaea - Source IP - Top 10\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"src_ip.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source IP\"}}],\"listeners\":{}}" ,
2016-03-15 12:50:43 +00:00
"uiStateJSON" : "{}" ,
"description" : "" ,
2016-10-26 14:07:05 +00:00
"savedSearchId" : "Dionaea-Logs" ,
2016-03-15 12:50:43 +00:00
"version" : 1 ,
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : "{\"filter\":[]}"
}
}
} ,
{
2016-10-26 14:07:05 +00:00
"_id" : "Suricata-HTTP-User-Agent-Pie-Top-10" ,
2016-03-15 12:50:43 +00:00
"_type" : "visualization" ,
"_source" : {
2016-10-26 14:07:05 +00:00
"title" : "Suricata - HTTP User Agent Pie - Top 10" ,
"visState" : "{\"title\":\"Suricata - HTTP User Agent Pie - Top 10\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"http.http_user_agent.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}" ,
2016-03-15 12:50:43 +00:00
"uiStateJSON" : "{}" ,
"description" : "" ,
2016-10-26 14:07:05 +00:00
"savedSearchId" : "Suricata-Logs" ,
2016-03-15 12:50:43 +00:00
"version" : 1 ,
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : "{\"filter\":[]}"
}
}
} ,
{
2016-10-26 14:07:05 +00:00
"_id" : "Cowrie-Source-IP-Top-10" ,
2016-03-15 12:50:43 +00:00
"_type" : "visualization" ,
"_source" : {
2016-10-26 14:07:05 +00:00
"title" : "Cowrie - Source IP - Top 10" ,
"visState" : "{\"title\":\"Cowrie - Source IP - Top 10\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"src_ip.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source IP\"}}],\"listeners\":{}}" ,
2016-03-15 12:50:43 +00:00
"uiStateJSON" : "{}" ,
"description" : "" ,
2016-10-26 14:07:05 +00:00
"savedSearchId" : "Cowrie-Logs" ,
2016-03-15 12:50:43 +00:00
"version" : 1 ,
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : "{\"filter\":[]}"
}
}
} ,
{
2016-10-26 14:07:05 +00:00
"_id" : "NGINX-Source-IP-Top-10" ,
2016-03-15 12:50:43 +00:00
"_type" : "visualization" ,
"_source" : {
2016-10-26 14:07:05 +00:00
"title" : "NGINX - Source IP - Top 10" ,
"visState" : "{\"title\":\"NGINX - Source IP - Top 10\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"src_ip.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source IP\"}}],\"listeners\":{}}" ,
2016-03-15 12:50:43 +00:00
"uiStateJSON" : "{}" ,
"description" : "" ,
2016-10-26 14:07:05 +00:00
"savedSearchId" : "NGINX-Logs" ,
2016-03-15 12:50:43 +00:00
"version" : 1 ,
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : "{\"filter\":[]}"
}
}
2016-03-15 13:07:08 +00:00
} ,
{
2016-10-26 14:07:05 +00:00
"_id" : "Suricata-SSH-Client-Software-Version-Top-10" ,
2016-03-15 13:07:08 +00:00
"_type" : "visualization" ,
"_source" : {
2016-10-26 14:07:05 +00:00
"title" : "Suricata - SSH Client Software Version - Top 10" ,
"visState" : "{\"title\":\"Suricata - SSH Client Software Version - Top 10\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"ssh.client.software_version.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"SSH Client Version\"}}],\"listeners\":{}}" ,
2016-03-15 13:07:08 +00:00
"uiStateJSON" : "{}" ,
"description" : "" ,
2016-10-26 14:07:05 +00:00
"savedSearchId" : "Suricata-Logs" ,
2016-03-15 13:07:08 +00:00
"version" : 1 ,
"kibanaSavedObjectMeta" : {
2016-10-26 14:07:05 +00:00
"searchSourceJSON" : "{\"filter\":[]}"
}
}
} ,
{
"_id" : "Dionaea-ASN-Top-10" ,
"_type" : "visualization" ,
"_source" : {
"title" : "Dionaea - ASN - Top 10" ,
"visState" : "{\"title\":\"Dionaea - ASN - Top 10\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"geoip.number.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"AS\"}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"geoip.asn.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"ASN\"}}],\"listeners\":{}}" ,
"uiStateJSON" : "{}" ,
"description" : "" ,
"savedSearchId" : "Dionaea-Logs" ,
"version" : 1 ,
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : "{\"filter\":[]}"
}
}
} ,
{
"_id" : "Suricata-HTTP-Referrer-Top-10" ,
"_type" : "visualization" ,
"_source" : {
"title" : "Suricata - HTTP Referrer - Top 10" ,
"visState" : "{\"title\":\"Suricata - HTTP Referrer - Top 10\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"http.http_refer.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"HTTP Referrer\"}}],\"listeners\":{}}" ,
"uiStateJSON" : "{}" ,
"description" : "" ,
"savedSearchId" : "Suricata-Logs" ,
"version" : 1 ,
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : "{\"filter\":[]}"
}
}
} ,
{
"_id" : "Suricata-SSH-Client-Software-Version-Pie-Top-10" ,
"_type" : "visualization" ,
"_source" : {
"title" : "Suricata - SSH Client Software Version Pie - Top 10" ,
"visState" : "{\"title\":\"Suricata - SSH Client Software Version Pie - Top 10\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"ssh.client.software_version.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}" ,
"uiStateJSON" : "{}" ,
"description" : "" ,
"savedSearchId" : "Suricata-Logs" ,
"version" : 1 ,
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : "{\"filter\":[]}"
}
}
} ,
{
"_id" : "eMobility-Event-Counter" ,
"_type" : "visualization" ,
"_source" : {
"title" : "eMobility - Event Counter" ,
"visState" : "{\"title\":\"eMobility - Event Counter\",\"type\":\"metric\",\"params\":{\"fontSize\":\"48\"},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}" ,
"uiStateJSON" : "{}" ,
"description" : "" ,
"savedSearchId" : "eMobility-Logs" ,
"version" : 1 ,
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : "{\"filter\":[]}"
}
}
} ,
{
"_id" : "Dionaea-Password-Tagcloud-Large" ,
"_type" : "visualization" ,
"_source" : {
"title" : "Dionaea - Password Tagcloud - Large" ,
"visState" : "{\"title\":\"Dionaea - Password Tagcloud - Large\",\"type\":\"tagcloud\",\"params\":{\"textScale\":\"sqrt\",\"orientations\":1,\"fromDegree\":0,\"toDegree\":0,\"font\":\"serif\",\"fontStyle\":\"normal\",\"fontWeight\":\"normal\",\"timeInterval\":500,\"spiral\":\"rectangular\",\"minFontSize\":18,\"maxFontSize\":72},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"login.password.raw\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}" ,
"uiStateJSON" : "{}" ,
"description" : "" ,
"savedSearchId" : "Dionaea-Logs" ,
"version" : 1 ,
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : "{\"filter\":[]}"
}
}
} ,
{
"_id" : "Suricata-Source-IP-Top-10" ,
"_type" : "visualization" ,
"_source" : {
"title" : "Suricata - Source IP - Top 10" ,
"visState" : "{\"title\":\"Suricata - Source IP - Top 10\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"src_ip.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source IP\"}}],\"listeners\":{}}" ,
"uiStateJSON" : "{}" ,
"description" : "" ,
"savedSearchId" : "Suricata-Logs" ,
"version" : 1 ,
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : "{\"filter\":[]}"
}
}
} ,
{
"_id" : "Cowrie-Version-Pie-Top-10" ,
"_type" : "visualization" ,
"_source" : {
"title" : "Cowrie - Version Pie - Top 10" ,
"visState" : "{\"title\":\"Cowrie - Version Pie - Top 10\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"version.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}" ,
"uiStateJSON" : "{}" ,
"description" : "" ,
"savedSearchId" : "Cowrie-Logs" ,
"version" : 1 ,
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : "{\"filter\":[]}"
}
}
} ,
{
"_id" : "Dionaea-Destination-Ports-Top-10" ,
"_type" : "visualization" ,
"_source" : {
"title" : "Dionaea - Destination Ports - Top 10" ,
"visState" : "{\"title\":\"Dionaea - Destination Ports - Top 10\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"dest_port\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}" ,
"uiStateJSON" : "{}" ,
"description" : "" ,
"savedSearchId" : "Dionaea-Logs" ,
"version" : 1 ,
"kibanaSavedObjectMeta" : {
"searchSourceJSON" : "{\"filter\":[]}"
2016-03-15 13:07:08 +00:00
}
}
2016-03-15 12:50:43 +00:00
}
]
