Alex-Devera/tpotce
1
0
Fork 0
mirror of https://github.com/telekom-security/tpotce.git synced 2026-01-15 10:09:33 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2
tpotce/docker/tpotinit/dist/etc/objects/kibana_export.ndjson

303 lines
908 KiB
Text
Raw Normal View History

Prepare for Elastic Stack 9.2.3
2026-01-05 19:14:57 +00:00
{"attributes":{"color":"#d61613","description":"","name":"Nginx"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"0185bb20-8ebc-11ec-82b5-d375cfa90394","managed":false,"references":[],"sort":[1767638649249,0],"type":"tag","typeMigrationVersion":"8.0.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzQsMV0="}
{"attributes":{"allowHidden":false,"fieldAttrs":"{\"dest_port\":{\"customLabel\":\"DestPort\"},\"geoip.country_code3\":{\"customLabel\":\"Country\"},\"hasshAlgorithms\":{},\"t-pot_hostname\":{\"customLabel\":\"T-Pot Hostname\",\"count\":1},\"type\":{\"customLabel\":\"Type\"},\"attack_connection.protocol\":{},\"geoip.country_code2\":{},\"geoip_ext.country_code2\":{},\"id\":{},\"src_ip\":{},\"t-pot_hostname.keyword\":{},\"request_headers.Accept\":{}}","fieldFormatMap":"{\"alert.cve_id.keyword\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://172.20.254.130:64297\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"https://www.cvedetails.com/cve/{{value}}\",\"labelTemplate\":\"{{value}}\"}},\"alert.signature_id\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://172.20.254.130:64297\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"http://doc.emergingthreats.net/bin/view/Main/{{value}}\",\"labelTemplate\":\"{{value}}\"}},\"dest_ip\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"https://talosintelligence.com/reputation_center/lookup?search={{value}}\",\"labelTemplate\":\"{{value}}\"}},\"dest_port\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"http://www.speedguide.net/port.php?port={{value}}\",\"labelTemplate\":\"{{value}}\"}},\"dns.rrname\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://172.20.254.130:64297\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"http://www.senderbase.org/lookup/?search_string={{value}}\",\"labelTemplate\":\"{{value}}\"}},\"event_type\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://172.20.254.130:64297\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"https://duckduckgo.com/?q={{value}}&t=h_&ia=web\",\"labelTemplate\":\"{{value}}\"}},\"geoip.asn\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://172.20.254.130:64297\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"https://mxtoolbox.com/SuperTool.aspx?action=asn%3a{{value}}\",\"labelTemplate\":\"{{value}}\"}},\"geoip.city_name\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://172.20.254.130:64297\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"https://en.wikipedia.org/w/index.php?search={{value}}&title=Special:Search&go=Go\",\"labelTemplate\":\"{{value}}\"}},\"geoip.country_name\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://172.20.254.130:64297\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"https://en.wikipedia.org/w/index.php?search={{value}}&title=Special:Search&go=Go\",\"labelTemplate\":\"{{value}}\"}},\"geoip.ip\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://172.20.254.130:64297\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"http://www.senderbase.org/lookup/?search_string={{value}}\",\"labelTemplate\":\"{{value}}\"}},\"http.http_user_agent\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://172.20.254.130:64297\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"http://ua.theafh.net/list.php?s={{value}}&include=yes&class=abr&do=desc\",\"labelTemplate\":\"{{value}}\"}},\"http.status\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://172.20.254.130:64297\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"https://httpstatuses.com/{{value}}\",\"labelTemplate\":\"{{value}}\"}},\"http_user_agent\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://172.20.254.130:64297\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"http://ua.theafh.net/list.php?s={{value}}&include=yes&class=abr&do=desc\",\"labelTemplate\":\"{{value}}\"}},\"link\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"https://172.20.254.130:64297\",\"pathname\":\"/kibana/app/kibana\",\"basePath\":\"/kibana\"},\"urlTemplate\":\"https://duckduckgo.com/?q={{val
{"attributes":{"color":"#6bc4d1","description":"","name":"Citrixhoneypot"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"9299bc20-8ebb-11ec-82b5-d375cfa90394","managed":false,"references":[],"sort":[1767638649249,1],"type":"tag","typeMigrationVersion":"8.0.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzUsMV0="}
{"attributes":{"color":"#e20074","description":"","name":"T-Pot"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"02526be0-8eba-11ec-82b5-d375cfa90394","managed":false,"references":[],"sort":[1767638649249,2],"type":"tag","typeMigrationVersion":"8.0.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzYsMV0="}
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"673ed8bd-ec4c-4231-bc8f-13c485f4a68e":{"columnOrder":["04df95ed-2c41-41e2-a8b7-df6133ab71da","182ebb16-3ba1-4083-b8cf-19c4b2f6db5e","623019c1-c170-4937-9c80-21fa072620ad","db63efc0-932f-44e1-aa5d-1eb2f936d18e"],"columns":{"04df95ed-2c41-41e2-a8b7-df6133ab71da":{"customLabel":true,"dataType":"date","isBucketed":true,"label":"Timestamp","operationType":"date_histogram","params":{"dropPartials":true,"includeEmptyRows":false,"interval":"auto"},"scale":"interval","sourceField":"@timestamp"},"182ebb16-3ba1-4083-b8cf-19c4b2f6db5e":{"dataType":"string","isBucketed":true,"label":"Filters","operationType":"filters","params":{"filters":[{"input":{"language":"lucene","query":"*"},"label":"All"},{"input":{"language":"lucene","query":"attempt"},"label":"Scan"},{"input":{"language":"lucene","query":"completion"},"label":"Exploit"}]},"scale":"ordinal"},"623019c1-c170-4937-9c80-21fa072620ad":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Attacks","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"},"db63efc0-932f-44e1-aa5d-1eb2f936d18e":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Unique Src IPs","operationType":"unique_count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"src_ip.keyword"}},"ignoreGlobalFilters":false,"incompleteColumns":{}}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"kuery","query":"type.keyword:\"CitrixHoneypot\""},"visualization":{"axisTitlesVisibilitySettings":{"x":true,"yLeft":true,"yRight":true},"curveType":"LINEAR","fittingFunction":"Zero","gridlinesVisibilitySettings":{"x":false,"yLeft":false,"yRight":true},"labelsOrientation":{"x":0,"yLeft":0,"yRight":-90},"layers":[{"accessors":["623019c1-c170-4937-9c80-21fa072620ad","db63efc0-932f-44e1-aa5d-1eb2f936d18e"],"isHistogram":true,"layerId":"673ed8bd-ec4c-4231-bc8f-13c485f4a68e","layerType":"data","palette":{"name":"kibana_palette","type":"palette"},"seriesType":"line","simpleView":false,"splitAccessor":"182ebb16-3ba1-4083-b8cf-19c4b2f6db5e","xAccessor":"04df95ed-2c41-41e2-a8b7-df6133ab71da","xScaleType":"time","yConfig":[{"axisMode":"left","forAccessor":"623019c1-c170-4937-9c80-21fa072620ad"},{"axisMode":"left","forAccessor":"db63efc0-932f-44e1-aa5d-1eb2f936d18e"}]}],"legend":{"isVisible":true,"legendSize":"auto","maxLines":1,"position":"right","shouldTruncate":true,"showSingleSeries":true},"preferredSeriesType":"bar_stacked","showCurrentTimeMarker":false,"tickLabelsVisibilitySettings":{"x":true,"yLeft":true,"yRight":true},"valueLabels":"hide","valuesInLegend":false,"xTitle":"Timestamp","yLeftExtent":{"enforce":true,"mode":"full"},"yLeftScale":"sqrt","yRightScale":"linear","yTitle":""}},"title":"CitrixHoneypot Attacks Histogram","visualizationType":"lnsXY"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"019074f3-7b20-4ef4-a2d2-ec3979c09aae","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-673ed8bd-ec4c-4231-bc8f-13c485f4a68e","type":"index-pattern"},{"id":"9299bc20-8ebb-11ec-82b5-d375cfa90394","name":"tag-ref-9299bc20-8ebb-11ec-82b5-d375cfa90394","type":"tag"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"}],"sort":[1767638649249,8589934601],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzYsMV0="}
{"attributes":{"color":"#98359b","description":"","name":"Dynamic"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"1fab5730-8f49-11ec-98cd-292aebe8beaf","managed":false,"references":[],"sort":[1767638649249,3],"type":"tag","typeMigrationVersion":"8.0.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzcsMV0="}
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"f99aa1bf-315a-4d79-8947-e29b6e06e2d0":{"columnOrder":["07a5e437-33dc-43c2-bc57-ddbfc54f49af","98af9e6b-bfa8-4a17-b1cb-5cd45f07660d","2bdea75e-9976-4740-ac83-a851c1948382"],"columns":{"07a5e437-33dc-43c2-bc57-ddbfc54f49af":{"dataType":"string","isBucketed":true,"label":"Top 5 values of type.keyword","operationType":"terms","params":{"accuracyMode":true,"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"98af9e6b-bfa8-4a17-b1cb-5cd45f07660d","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"size":5},"scale":"ordinal","sourceField":"type.keyword"},"2bdea75e-9976-4740-ac83-a851c1948382":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Unique Src IPs","operationType":"unique_count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"src_ip.keyword"},"98af9e6b-bfa8-4a17-b1cb-5cd45f07660d":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Attacks","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"}},"ignoreGlobalFilters":false,"incompleteColumns":{}}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"kuery","query":"*"},"visualization":{"axisTitlesVisibilitySettings":{"x":false,"yLeft":false,"yRight":true},"curveType":"LINEAR","gridlinesVisibilitySettings":{"x":false,"yLeft":false,"yRight":true},"labelsOrientation":{"x":0,"yLeft":0,"yRight":-90},"layers":[{"accessors":["98af9e6b-bfa8-4a17-b1cb-5cd45f07660d","2bdea75e-9976-4740-ac83-a851c1948382"],"isHistogram":false,"layerId":"f99aa1bf-315a-4d79-8947-e29b6e06e2d0","layerType":"data","palette":{"name":"kibana_palette","type":"palette"},"seriesType":"bar_horizontal","simpleView":false,"xAccessor":"07a5e437-33dc-43c2-bc57-ddbfc54f49af","xScaleType":"ordinal","yConfig":[{"axisMode":"left","forAccessor":"98af9e6b-bfa8-4a17-b1cb-5cd45f07660d"},{"axisMode":"left","forAccessor":"2bdea75e-9976-4740-ac83-a851c1948382"}]}],"legend":{"isVisible":true,"legendSize":"auto","maxLines":1,"position":"right","shouldTruncate":true,"showSingleSeries":true},"preferredSeriesType":"bar_stacked","tickLabelsVisibilitySettings":{"x":false,"yLeft":true,"yRight":true},"valueLabels":"show","valuesInLegend":true,"xTitle":"Cowrie","yLeftExtent":{"enforce":true,"mode":"full"},"yLeftScale":"sqrt","yRightScale":"linear","yTitle":""}},"title":"Attacks Bar - Dynamic","visualizationType":"lnsXY"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"c6fae7be-5ac1-428d-958a-eb1964375d3b","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-f99aa1bf-315a-4d79-8947-e29b6e06e2d0","type":"index-pattern"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"},{"id":"1fab5730-8f49-11ec-98cd-292aebe8beaf","name":"tag-ref-1fab5730-8f49-11ec-98cd-292aebe8beaf","type":"tag"}],"sort":[1767638649249,8589934605],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzcsMV0="}
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"58dd166f-c215-44fb-ad8e-931cd56b8f00":{"columnOrder":["75a28eac-6197-4e6f-aeef-708be5dfb04e","390ca20b-f017-47e4-a099-5a52eefd563d","e2c60ed6-e5e7-44d6-9355-eb0c719085d1"],"columns":{"390ca20b-f017-47e4-a099-5a52eefd563d":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Unique SrcIPs:","operationType":"unique_count","params":{"emptyAsNull":true,"format":{"id":"number","params":{"compact":false,"decimals":0}}},"scale":"ratio","sourceField":"src_ip.keyword"},"75a28eac-6197-4e6f-aeef-708be5dfb04e":{"dataType":"date","isBucketed":true,"label":"@timestamp","operationType":"date_histogram","params":{"dropPartials":false,"includeEmptyRows":true,"interval":"auto"},"scale":"interval","sourceField":"@timestamp"},"e2c60ed6-e5e7-44d6-9355-eb0c719085d1":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Attacks","operationType":"count","params":{"emptyAsNull":true,"format":{"id":"number","params":{"compact":true,"decimals":0}}},"scale":"ratio","sourceField":"___records___"}},"ignoreGlobalFilters":false,"incompleteColumns":{},"linkToLayers":["a3575b87-f059-46f0-8a02-7e287afa4ef5"],"sampling":1},"a3575b87-f059-46f0-8a02-7e287afa4ef5":{"columnOrder":["0959c753-3318-4147-82ea-db6250b91680","132a2ca5-f458-4fbf-ba20-3f6a5009236f"],"columns":{"0959c753-3318-4147-82ea-db6250b91680":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Attacks","operationType":"count","params":{"emptyAsNull":true,"format":{"id":"number","params":{"compact":true,"decimals":0}}},"scale":"ratio","sourceField":"___records___"},"132a2ca5-f458-4fbf-ba20-3f6a5009236f":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Unique SrcIPs:","operationType":"unique_count","params":{"emptyAsNull":true,"format":{"id":"number","params":{"compact":false,"decimals":0}}},"scale":"ratio","sourceField":"src_ip.keyword"}},"ignoreGlobalFilters":false,"incompleteColumns":{},"sampling":1}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"kuery","query":""},"visualization":{"layerId":"a3575b87-f059-46f0-8a02-7e287afa4ef5","layerType":"data","metricAccessor":"0959c753-3318-4147-82ea-db6250b91680","secondaryMetricAccessor":"132a2ca5-f458-4fbf-ba20-3f6a5009236f","showBar":false,"trendlineLayerId":"58dd166f-c215-44fb-ad8e-931cd56b8f00","trendlineLayerType":"metricTrendline","trendlineMetricAccessor":"e2c60ed6-e5e7-44d6-9355-eb0c719085d1","trendlineSecondaryMetricAccessor":"390ca20b-f017-47e4-a099-5a52eefd563d","trendlineTimeAccessor":"75a28eac-6197-4e6f-aeef-708be5dfb04e","valueFontMode":"fit"}},"title":"Attacks - Dynamic","visualizationType":"lnsMetric"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"95a453e7-090e-477b-af3e-2bd66c2928a4","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-58dd166f-c215-44fb-ad8e-931cd56b8f00","type":"index-pattern"},{"id":"logstash-*","name":"indexpattern-datasource-layer-a3575b87-f059-46f0-8a02-7e287afa4ef5","type":"index-pattern"},{"id":"1fab5730-8f49-11ec-98cd-292aebe8beaf","name":"tag-ref-1fab5730-8f49-11ec-98cd-292aebe8beaf","type":"tag"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"}],"sort":[1767638649249,8589934610],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzgsMV0="}
{"attributes":{"description":"","layerListJSON":"[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true,\"lightModeDefault\":\"road_map_desaturated\"},\"id\":\"c1538807-8d0e-4f45-8d5f-5668a7db26ac\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"includeInFitToBounds\":true,\"type\":\"EMS_VECTOR_TILE\",\"areLabelsOnTop\":false},{\"alpha\":0.75,\"id\":\"269e50be-d878-4c4b-a84e-f922da28ba75\",\"includeInFitToBounds\":true,\"joins\":[],\"label\":\"Attacks\",\"maxZoom\":24,\"minZoom\":0,\"sourceDescriptor\":{\"applyForceRefresh\":true,\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"geoField\":\"geoip.location\",\"id\":\"5f2303fa-f071-4bc5-a758-c3d08670b8fd\",\"metrics\":[{\"type\":\"count\",\"label\":\"Attacks\"}],\"requestType\":\"point\",\"resolution\":\"MOST_FINE\",\"type\":\"ES_GEO_GRID\",\"indexPatternRefName\":\"layer_1_source_index_pattern\"},\"style\":{\"type\":\"VECTOR\",\"properties\":{\"icon\":{\"type\":\"STATIC\",\"options\":{\"value\":\"circle-stroked\"}},\"fillColor\":{\"type\":\"DYNAMIC\",\"options\":{\"color\":\"theclassic\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3},\"type\":\"ORDINAL\",\"useCustomColorRamp\":false}},\"lineColor\":{\"type\":\"DYNAMIC\",\"options\":{\"color\":\"theclassic\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":true,\"sigma\":3},\"type\":\"ORDINAL\",\"useCustomColorRamp\":false}},\"lineWidth\":{\"type\":\"STATIC\",\"options\":{\"size\":1}},\"iconSize\":{\"type\":\"DYNAMIC\",\"options\":{\"minSize\":5,\"maxSize\":20,\"field\":{\"label\":\"Attacks\",\"name\":\"doc_count\",\"origin\":\"source\",\"type\":\"number\",\"supportsAutoDomain\":true},\"fieldMetaOptions\":{\"isEnabled\":true,\"sigma\":3}}},\"iconOrientation\":{\"type\":\"STATIC\",\"options\":{\"orientation\":0}},\"labelText\":{\"type\":\"STATIC\",\"options\":{\"value\":\"\"}},\"labelColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#FFFFFF\"}},\"labelSize\":{\"options\":{\"size\":14},\"type\":\"STATIC\"},\"labelBorderColor\":{\"options\":{\"color\":\"#000000\"},\"type\":\"STATIC\"},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}}},\"isTimeAware\":true},\"type\":\"GEOJSON_VECTOR\",\"visible\":true,\"query\":{\"query\":\"\",\"language\":\"kuery\"}}]","mapStateJSON":"{\"zoom\":2,\"center\":{\"lon\":-12.12891,\"lat\":20.96144},\"timeFilters\":{\"from\":\"now-24h/h\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"query\":\"*\",\"language\":\"lucene\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#1d1e24\",\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"showTimesliderToggleButton\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}","title":"Attack Map - Dynamic","uiStateJSON":"{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"5c377b80-8f48-11ec-98cd-292aebe8beaf","managed":false,"references":[{"id":"logstash-*","name":"layer_1_source_index_pattern","type":"index-pattern"},{"id":"1fab5730-8f49-11ec-98cd-292aebe8beaf","name":"tag-ref-1fab5730-8f49-11ec-98cd-292aebe8beaf","type":"tag"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"}],"sort":[1767638649249,8589934614],"type":"map","typeMigrationVersion":"8.4.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzksMV0="}
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"e1008951-f054-4088-81c6-ffbe03613523":{"columnOrder":["ad692156-a364-4942-9714-b2d7881cb8c5","6e0ae223-68ac-4c23-a357-7370eaf2049f","373d5e59-965d-4fb2-8da2-06c4cf60c503"],"columns":{"373d5e59-965d-4fb2-8da2-06c4cf60c503":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Unique Src IPs","operationType":"unique_count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"src_ip.keyword"},"6e0ae223-68ac-4c23-a357-7370eaf2049f":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Attacks","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"},"ad692156-a364-4942-9714-b2d7881cb8c5":{"customLabel":true,"dataType":"date","isBucketed":true,"label":"Timestamp","operationType":"date_histogram","params":{"dropPartials":true,"includeEmptyRows":false,"interval":"auto"},"scale":"interval","sourceField":"@timestamp"}},"ignoreGlobalFilters":false,"incompleteColumns":{}}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"kuery","query":"*"},"visualization":{"axisTitlesVisibilitySettings":{"x":false,"yLeft":false,"yRight":true},"curveType":"LINEAR","fittingFunction":"Zero","gridlinesVisibilitySettings":{"x":false,"yLeft":false,"yRight":true},"labelsOrientation":{"x":0,"yLeft":0,"yRight":-90},"layers":[{"accessors":["6e0ae223-68ac-4c23-a357-7370eaf2049f","373d5e59-965d-4fb2-8da2-06c4cf60c503"],"isHistogram":true,"layerId":"e1008951-f054-4088-81c6-ffbe03613523","layerType":"data","palette":{"name":"kibana_palette","type":"palette"},"seriesType":"line","simpleView":false,"xAccessor":"ad692156-a364-4942-9714-b2d7881cb8c5","xScaleType":"time","yConfig":[{"axisMode":"left","forAccessor":"6e0ae223-68ac-4c23-a357-7370eaf2049f"},{"axisMode":"left","forAccessor":"373d5e59-965d-4fb2-8da2-06c4cf60c503"}]}],"legend":{"isVisible":true,"legendSize":"auto","maxLines":1,"position":"right","shouldTruncate":true,"showSingleSeries":true},"preferredSeriesType":"bar_stacked","showCurrentTimeMarker":false,"tickLabelsVisibilitySettings":{"x":true,"yLeft":true,"yRight":true},"valueLabels":"hide","valuesInLegend":false,"xTitle":"Timestamp","yLeftExtent":{"enforce":true,"mode":"full"},"yLeftScale":"sqrt","yRightScale":"linear","yTitle":"Attacks"}},"title":"Attacks Histogram - Dynamic","visualizationType":"lnsXY"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"c5fb84fe-db5b-40f4-9610-25bc1579058c","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-e1008951-f054-4088-81c6-ffbe03613523","type":"index-pattern"},{"id":"1fab5730-8f49-11ec-98cd-292aebe8beaf","name":"tag-ref-1fab5730-8f49-11ec-98cd-292aebe8beaf","type":"tag"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"}],"sort":[1767638649249,8589934618],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzEwLDFd"}
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"083bb8c3-dbe1-4c62-a0b6-2bace7a359a6":{"columnOrder":["0ea28a59-f738-4731-84ee-553303a0a856","c9d65613-c785-4089-9d47-77d7750d2aa8"],"columns":{"0ea28a59-f738-4731-84ee-553303a0a856":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"ip_rep.keyword: Descending","operationType":"terms","params":{"accuracyMode":true,"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"c9d65613-c785-4089-9d47-77d7750d2aa8","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"size":10},"scale":"ordinal","sourceField":"ip_rep.keyword"},"c9d65613-c785-4089-9d47-77d7750d2aa8":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Count","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"}},"ignoreGlobalFilters":false,"incompleteColumns":{}}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"kuery","query":"*"},"visualization":{"layers":[{"categoryDisplay":"hide","emptySizeRatio":0.3,"layerId":"083bb8c3-dbe1-4c62-a0b6-2bace7a359a6","layerType":"data","legendDisplay":"show","legendMaxLines":1,"legendPosition":"right","legendSize":"auto","metrics":["c9d65613-c785-4089-9d47-77d7750d2aa8"],"nestedLegend":true,"numberDisplay":"percent","percentDecimals":0,"primaryGroups":["0ea28a59-f738-4731-84ee-553303a0a856"],"secondaryGroups":[],"showValuesInLegend":true,"truncateLegend":true}],"palette":{"name":"kibana_palette","type":"palette"},"shape":"donut"}},"title":"Attacker Src IP Reputation - Dynamic","visualizationType":"lnsPie"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"95294891-02b8-431c-b4fe-e75ef2b8cf28","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-083bb8c3-dbe1-4c62-a0b6-2bace7a359a6","type":"index-pattern"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"},{"id":"1fab5730-8f49-11ec-98cd-292aebe8beaf","name":"tag-ref-1fab5730-8f49-11ec-98cd-292aebe8beaf","type":"tag"}],"sort":[1767638649249,8589934622],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzExLDFd"}
{"attributes":{"color":"#f9d747","description":"","name":"Endlessh"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"b933efe0-8ebb-11ec-82b5-d375cfa90394","managed":false,"references":[],"sort":[1767638649249,4],"type":"tag","typeMigrationVersion":"8.0.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzgsMV0="}
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"0713e1a8-6fbc-4822-aa52-dd4deb58909b":{"columnOrder":["aec3e941-06a3-4741-a066-a0280e95367b","4ed4336c-74a5-4d48-85c7-4e8f4ec03dd3"],"columns":{"4ed4336c-74a5-4d48-85c7-4e8f4ec03dd3":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Count","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"},"aec3e941-06a3-4741-a066-a0280e95367b":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"reason.keyword: Descending","operationType":"terms","params":{"accuracyMode":true,"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"4ed4336c-74a5-4d48-85c7-4e8f4ec03dd3","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"size":5},"scale":"ordinal","sourceField":"reason.keyword"}},"ignoreGlobalFilters":false,"incompleteColumns":{}}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"kuery","query":"type : Endlessh"},"visualization":{"layers":[{"categoryDisplay":"hide","emptySizeRatio":0.3,"layerId":"0713e1a8-6fbc-4822-aa52-dd4deb58909b","layerType":"data","legendDisplay":"show","legendMaxLines":1,"legendPosition":"right","legendSize":"auto","metrics":["4ed4336c-74a5-4d48-85c7-4e8f4ec03dd3"],"nestedLegend":false,"numberDisplay":"percent","percentDecimals":0,"primaryGroups":["aec3e941-06a3-4741-a066-a0280e95367b"],"secondaryGroups":[],"showValuesInLegend":true,"truncateLegend":true}],"palette":{"name":"kibana_palette","type":"palette"},"shape":"donut"}},"title":"Endlessh - Reason","visualizationType":"lnsPie"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"7b01b64d-96f3-4662-85ef-6cda10299ffa","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-0713e1a8-6fbc-4822-aa52-dd4deb58909b","type":"index-pattern"},{"id":"b933efe0-8ebb-11ec-82b5-d375cfa90394","name":"tag-ref-b933efe0-8ebb-11ec-82b5-d375cfa90394","type":"tag"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"}],"sort":[1767638649249,8589934626],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzEyLDFd"}
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"c0ccda65-4201-4e2e-b1eb-2f702b20c497":{"columnOrder":["3ebfabea-9bf7-4662-8ae3-26cef80da986","f9811612-ada1-4092-bd38-ba24ca2a0a81"],"columns":{"3ebfabea-9bf7-4662-8ae3-26cef80da986":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"geoip.country_name.keyword: Descending","operationType":"terms","params":{"accuracyMode":true,"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"f9811612-ada1-4092-bd38-ba24ca2a0a81","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"size":10},"scale":"ordinal","sourceField":"geoip.country_name.keyword"},"f9811612-ada1-4092-bd38-ba24ca2a0a81":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Count","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"}},"ignoreGlobalFilters":false,"incompleteColumns":{}}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"kuery","query":"*"},"visualization":{"layers":[{"categoryDisplay":"hide","emptySizeRatio":0.3,"layerId":"c0ccda65-4201-4e2e-b1eb-2f702b20c497","layerType":"data","legendDisplay":"show","legendMaxLines":1,"legendPosition":"right","legendSize":"auto","metrics":["f9811612-ada1-4092-bd38-ba24ca2a0a81"],"nestedLegend":false,"numberDisplay":"percent","percentDecimals":0,"primaryGroups":["3ebfabea-9bf7-4662-8ae3-26cef80da986"],"secondaryGroups":[],"showValuesInLegend":true,"truncateLegend":true}],"palette":{"name":"kibana_palette","type":"palette"},"shape":"donut"}},"title":"Attacks by Country - Dynamic","visualizationType":"lnsPie"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"c2873f3f-b786-4ee4-a1b7-706a1a393ca6","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-c0ccda65-4201-4e2e-b1eb-2f702b20c497","type":"index-pattern"},{"id":"1fab5730-8f49-11ec-98cd-292aebe8beaf","name":"tag-ref-1fab5730-8f49-11ec-98cd-292aebe8beaf","type":"tag"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"}],"sort":[1767638649249,8589934630],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzEzLDFd"}
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"eac15369-8123-4cf7-9601-fb81d3458ca1":{"columnOrder":["6525ef05-e459-4996-bb74-5287ca283882","976bb8c8-2373-480e-8fe8-a96e350ee5e7","1fe02aa3-71c0-45cc-9e1a-84135f453aca"],"columns":{"1fe02aa3-71c0-45cc-9e1a-84135f453aca":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Attacks","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"},"6525ef05-e459-4996-bb74-5287ca283882":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"geoip.country_name.keyword: Descending","operationType":"terms","params":{"accuracyMode":true,"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"1fe02aa3-71c0-45cc-9e1a-84135f453aca","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"size":5},"scale":"ordinal","sourceField":"geoip.country_name.keyword"},"976bb8c8-2373-480e-8fe8-a96e350ee5e7":{"customLabel":true,"dataType":"date","isBucketed":true,"label":"Timestamp","operationType":"date_histogram","params":{"dropPartials":true,"includeEmptyRows":false,"interval":"auto"},"scale":"interval","sourceField":"@timestamp"}},"ignoreGlobalFilters":false,"incompleteColumns":{}}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"kuery","query":"*"},"visualization":{"axisTitlesVisibilitySettings":{"x":false,"yLeft":false,"yRight":true},"curveType":"LINEAR","fittingFunction":"Zero","gridlinesVisibilitySettings":{"x":false,"yLeft":false,"yRight":true},"labelsOrientation":{"x":0,"yLeft":0,"yRight":-90},"layers":[{"accessors":["1fe02aa3-71c0-45cc-9e1a-84135f453aca"],"isHistogram":true,"layerId":"eac15369-8123-4cf7-9601-fb81d3458ca1","layerType":"data","palette":{"name":"kibana_palette","type":"palette"},"seriesType":"area","simpleView":false,"splitAccessor":"6525ef05-e459-4996-bb74-5287ca283882","xAccessor":"976bb8c8-2373-480e-8fe8-a96e350ee5e7","xScaleType":"time","yConfig":[{"axisMode":"left","forAccessor":"1fe02aa3-71c0-45cc-9e1a-84135f453aca"}]}],"legend":{"isVisible":true,"legendSize":"auto","maxLines":1,"position":"right","shouldTruncate":true,"showSingleSeries":true},"preferredSeriesType":"bar_stacked","showCurrentTimeMarker":false,"tickLabelsVisibilitySettings":{"x":true,"yLeft":true,"yRight":true},"valueLabels":"hide","valuesInLegend":false,"xTitle":"Timestamp","yLeftExtent":{"enforce":true,"mode":"full"},"yLeftScale":"sqrt","yRightScale":"linear","yTitle":""}},"title":"Attacks by Country Histogram - Dynamic","visualizationType":"lnsXY"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"ca1c6fe4-008d-4559-b625-e1980551898e","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-eac15369-8123-4cf7-9601-fb81d3458ca1","type":"index-pattern"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"},{"id":"1fab5730-8f49-11ec-98cd-292aebe8beaf","name":"tag-ref-1fab5730-8f49-11ec-98cd-292aebe8beaf","type":"tag"}],"sort":[1767638649249,8589934634],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzE0LDFd"}
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"3b29fab4-3002-40aa-a63f-5124e196a295":{"columnOrder":["56a49a00-361a-426e-a1a4-1de12e0c7e92","3bd70ec5-054e-44b5-bef3-03436e292f8b","f25074f5-6ed8-430e-89df-bde7d5290fcc"],"columns":{"3bd70ec5-054e-44b5-bef3-03436e292f8b":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"ASN","operationType":"terms","params":{"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"f25074f5-6ed8-430e-89df-bde7d5290fcc","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"size":10},"scale":"ordinal","sourceField":"geoip.as_org.keyword"},"56a49a00-361a-426e-a1a4-1de12e0c7e92":{"customLabel":true,"dataType":"number","isBucketed":true,"label":"AS","operationType":"terms","params":{"accuracyMode":true,"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"f25074f5-6ed8-430e-89df-bde7d5290fcc","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"size":10},"scale":"ordinal","sourceField":"geoip.asn"},"f25074f5-6ed8-430e-89df-bde7d5290fcc":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Count","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"}},"ignoreGlobalFilters":false,"incompleteColumns":{}}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"kuery","query":""},"visualization":{"columns":[{"alignment":"left","colorMode":"text","columnId":"f25074f5-6ed8-430e-89df-bde7d5290fcc","palette":{"name":"status","params":{"continuity":"above","name":"status","rangeMax":null,"rangeMin":0,"reverse":false,"stops":[{"color":"#209280","stop":0},{"color":"#54b399","stop":20},{"color":"#d6bf57","stop":40},{"color":"#e7664c","stop":60},{"color":"#cc5642","stop":80}]},"type":"palette"}},{"alignment":"left","columnId":"56a49a00-361a-426e-a1a4-1de12e0c7e92"},{"alignment":"left","columnId":"3bd70ec5-054e-44b5-bef3-03436e292f8b"}],"headerRowHeight":"single","headerRowHeightLines":1,"layerId":"3b29fab4-3002-40aa-a63f-5124e196a295","layerType":"data","paging":{"enabled":true,"size":10},"rowHeight":"single","rowHeightLines":1}},"title":"Attacker AS/N - Top 10 - Dynamic","visualizationType":"lnsDatatable"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"2adac05d-f5b6-40d2-8f3c-a856baca1b3e","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-3b29fab4-3002-40aa-a63f-5124e196a295","type":"index-pattern"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"},{"id":"1fab5730-8f49-11ec-98cd-292aebe8beaf","name":"tag-ref-1fab5730-8f49-11ec-98cd-292aebe8beaf","type":"tag"}],"sort":[1767638649249,8589934638],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzE1LDFd"}
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"e580c6d0-cb49-420f-a878-2144a5e0a1e1":{"columnOrder":["c68b04cd-6f7c-4a9e-986f-0d4f7f721b71","cb316b48-ff25-47d0-bb23-f4963a643fa2"],"columns":{"c68b04cd-6f7c-4a9e-986f-0d4f7f721b71":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"Source IP","operationType":"terms","params":{"accuracyMode":true,"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"cb316b48-ff25-47d0-bb23-f4963a643fa2","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"size":10},"scale":"ordinal","sourceField":"src_ip.keyword"},"cb316b48-ff25-47d0-bb23-f4963a643fa2":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Count","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"}},"ignoreGlobalFilters":false,"incompleteColumns":{}}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"kuery","query":"*"},"visualization":{"columns":[{"alignment":"left","colorMode":"text","columnId":"cb316b48-ff25-47d0-bb23-f4963a643fa2","palette":{"name":"status","params":{"continuity":"above","name":"status","rangeMax":null,"rangeMin":0,"reverse":false,"stops":[{"color":"#209280","stop":0},{"color":"#54b399","stop":20},{"color":"#d6bf57","stop":40},{"color":"#e7664c","stop":60},{"color":"#cc5642","stop":80}]},"type":"palette"}},{"alignment":"left","columnId":"c68b04cd-6f7c-4a9e-986f-0d4f7f721b71"}],"headerRowHeight":"single","layerId":"e580c6d0-cb49-420f-a878-2144a5e0a1e1","layerType":"data","paging":{"enabled":true,"size":10},"rowHeight":"single"}},"title":"Src IP - Top 10 - Dynamic","version":1,"visualizationType":"lnsDatatable"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"12a03b08-96af-40bb-860b-e8f286601cdf","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-e580c6d0-cb49-420f-a878-2144a5e0a1e1","type":"index-pattern"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"},{"id":"1fab5730-8f49-11ec-98cd-292aebe8beaf","name":"tag-ref-1fab5730-8f49-11ec-98cd-292aebe8beaf","type":"tag"}],"sort":[1767638649249,8589934642],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzE2LDFd"}
{"attributes":{"description":"Endlessh Dashboard","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"type : Endlessh\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":true,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":0,\"w\":14,\"h\":7,\"i\":\"bec118b6-6743-4f46-afaa-607dd4fe9def\"},\"panelIndex\":\"bec118b6-6743-4f46-afaa-607dd4fe9def\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_bec118b6-6743-4f46-afaa-607dd4fe9def\"},{\"type\":\"lens\",\"gridData\":{\"x\":14,\"y\":0,\"w\":10,\"h\":7,\"i\":\"04947f3e-47dc-4757-9039-d234fe32bba2\"},\"panelIndex\":\"04947f3e-47dc-4757-9039-d234fe32bba2\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true},\"panelRefName\":\"panel_04947f3e-47dc-4757-9039-d234fe32bba2\"},{\"type\":\"map\",\"gridData\":{\"x\":24,\"y\":0,\"w\":24,\"h\":17,\"i\":\"6afd8656-7cba-43fd-bc14-342fe9f3725a\"},\"panelIndex\":\"6afd8656-7cba-43fd-bc14-342fe9f3725a\",\"embeddableConfig\":{\"mapCenter\":{\"lat\":20.96144,\"lon\":-12.12891,\"zoom\":1},\"mapBuffer\":{\"minLon\":-360,\"minLat\":-85.05113,\"maxLon\":180,\"maxLat\":85.05113},\"isLayerTOCOpen\":false,\"openTOCDetails\":[],\"hiddenLayers\":[],\"enhancements\":{}},\"panelRefName\":\"panel_6afd8656-7cba-43fd-bc14-342fe9f3725a\"},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":7,\"w\":24,\"h\":10,\"i\":\"e5312a04-4aba-4402-b9be-1d3f817e8946\"},\"panelIndex\":\"e5312a04-4aba-4402-b9be-1d3f817e8946\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_e5312a04-4aba-4402-b9be-1d3f817e8946\"},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":17,\"w\":10,\"h\":10,\"i\":\"859fad68-6752-4647-a0eb-cc35981b734a\"},\"panelIndex\":\"859fad68-6752-4647-a0eb-cc35981b734a\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_859fad68-6752-4647-a0eb-cc35981b734a\"},{\"type\":\"lens\",\"gridData\":{\"x\":10,\"y\":17,\"w\":9,\"h\":10,\"i\":\"8c20a7a6-eaf0-4df2-ba6d-4dcadf858667\"},\"panelIndex\":\"8c20a7a6-eaf0-4df2-ba6d-4dcadf858667\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_8c20a7a6-eaf0-4df2-ba6d-4dcadf858667\"},{\"type\":\"lens\",\"gridData\":{\"x\":19,\"y\":17,\"w\":11,\"h\":10,\"i\":\"27d84df9-e6ea-447e-8539-8f8314ba94e9\"},\"panelIndex\":\"27d84df9-e6ea-447e-8539-8f8314ba94e9\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_27d84df9-e6ea-447e-8539-8f8314ba94e9\"},{\"type\":\"lens\",\"gridData\":{\"x\":30,\"y\":17,\"w\":18,\"h\":10,\"i\":\"e82b3a1f-b112-468e-bb12-834aaceb49a0\"},\"panelIndex\":\"e82b3a1f-b112-468e-bb12-834aaceb49a0\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_e82b3a1f-b112-468e-bb12-834aaceb49a0\"},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":27,\"w\":24,\"h\":18,\"i\":\"3717155d-24be-4c60-bb1e-1659b6d577b2\"},\"panelIndex\":\"3717155d-24be-4c60-bb1e-1659b6d577b2\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3717155d-24be-4c60-bb1e-1659b6d577b2\"},{\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":27,\"w\":24,\"h\":18,\"i\":\"ec7aee51-e44d-4b19-bcf2-86962d3d1a0f\"},\"panelIndex\":\"ec7aee51-e44d-4b19-bcf2-86962d3d1a0f\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_ec7aee51-e44d-4b19-bcf2-86962d3d1a0f\"}]","refreshInterval":{"pause":false,"value":60000},"timeFrom":"now-24h","timeRestore":true,"timeTo":"now","title":"Endlessh","version":1},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"01c47200-3bdf-11ec-9045-3f14f09dc487","managed":false,"references":[{"id":"c6fae7be-5ac1-428d-958a-eb1964375d3b","name":"bec118b6-6743-4f46-afaa-607dd4fe9def:panel_bec118b6-6743-4f46-afaa-607dd4fe9def","type":"lens"},{"id":"95a453e7-090e-477b-af3e-2bd66c2928a4","name":"04947f3e-47dc-4757-9039-d234fe32bba2:panel_04947f3e-47dc-4757-9039-d234fe32bba2","type":"lens"},{"id":"5c377b80-8f48-11ec-98cd-292aebe8beaf","name":"6afd8656-7cba-43fd-bc14-342fe9f3725a:panel_6afd8656-7cba-43fd-bc14-342fe9f3725a","type":"map"},{"id":"
{"attributes":{"color":"#7194fc","description":"","name":"Dicompot"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"a9713540-8ebb-11ec-82b5-d375cfa90394","managed":false,"references":[],"sort":[1767638649249,5],"type":"tag","typeMigrationVersion":"8.0.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzksMV0="}
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"09299097-376e-4c51-b2b7-d49d0a4ccef4":{"columnOrder":["7062a235-f306-49a3-90de-be71b69000b6","36da86b6-fdc0-48a8-8c48-8273fca0db9b"],"columns":{"36da86b6-fdc0-48a8-8c48-8273fca0db9b":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Count","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"},"7062a235-f306-49a3-90de-be71b69000b6":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"level.keyword: Descending","operationType":"terms","params":{"accuracyMode":true,"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"36da86b6-fdc0-48a8-8c48-8273fca0db9b","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"size":10},"scale":"ordinal","sourceField":"level.keyword"}},"ignoreGlobalFilters":false,"incompleteColumns":{}}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"kuery","query":"type.keyword:\"Dicompot\""},"visualization":{"layers":[{"categoryDisplay":"hide","emptySizeRatio":0.3,"layerId":"09299097-376e-4c51-b2b7-d49d0a4ccef4","layerType":"data","legendDisplay":"show","legendMaxLines":1,"legendPosition":"right","legendSize":"auto","metrics":["36da86b6-fdc0-48a8-8c48-8273fca0db9b"],"nestedLegend":true,"numberDisplay":"percent","percentDecimals":0,"primaryGroups":["7062a235-f306-49a3-90de-be71b69000b6"],"secondaryGroups":[],"showValuesInLegend":true,"truncateLegend":true}],"palette":{"name":"kibana_palette","type":"palette"},"shape":"donut"}},"title":"Dicompot Level","visualizationType":"lnsPie"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"022cbb65-4bce-46ff-a68f-44c6e1eeee84","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-09299097-376e-4c51-b2b7-d49d0a4ccef4","type":"index-pattern"},{"id":"a9713540-8ebb-11ec-82b5-d375cfa90394","name":"tag-ref-a9713540-8ebb-11ec-82b5-d375cfa90394","type":"tag"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"}],"sort":[1767638649249,8589934659],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzE4LDFd"}
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"826c7ba4-ec53-4105-9dd2-67df63c9fe3f":{"columnOrder":["2983289f-6339-4dd4-b6a7-65277de47ec3","f30ee52d-18a7-466e-93d8-442caffba440"],"columns":{"2983289f-6339-4dd4-b6a7-65277de47ec3":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"geoip.country_name.keyword: Descending","operationType":"terms","params":{"accuracyMode":true,"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"f30ee52d-18a7-466e-93d8-442caffba440","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"size":10},"scale":"ordinal","sourceField":"geoip.country_name.keyword"},"f30ee52d-18a7-466e-93d8-442caffba440":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Count","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"}},"ignoreGlobalFilters":false,"incompleteColumns":{}}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"kuery","query":"type : NGINX"},"visualization":{"layers":[{"categoryDisplay":"hide","emptySizeRatio":0.3,"layerId":"826c7ba4-ec53-4105-9dd2-67df63c9fe3f","layerType":"data","legendDisplay":"show","legendMaxLines":1,"legendPosition":"right","legendSize":"auto","metrics":["f30ee52d-18a7-466e-93d8-442caffba440"],"nestedLegend":true,"numberDisplay":"percent","percentDecimals":0,"primaryGroups":["2983289f-6339-4dd4-b6a7-65277de47ec3"],"secondaryGroups":[],"showValuesInLegend":true,"truncateLegend":true}],"palette":{"name":"kibana_palette","type":"palette"},"shape":"donut"}},"title":"NGINX Countries - Top 10","visualizationType":"lnsPie"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"033be6ae-c3a7-4da7-bacd-9c1b23bc3905","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-826c7ba4-ec53-4105-9dd2-67df63c9fe3f","type":"index-pattern"},{"id":"0185bb20-8ebc-11ec-82b5-d375cfa90394","name":"tag-ref-0185bb20-8ebc-11ec-82b5-d375cfa90394","type":"tag"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"}],"sort":[1767638649249,8589934663],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzE5LDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"type.keyword:\\\"Dicompot\\\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Dicompot Identifier","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Dicompot Identifier\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"identifier.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"},\"schema\":\"segment\"}],\"params\":{\"addTooltip\":true,\"isDonut\":true,\"legendPosition\":\"right\",\"shareYAxis\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"nestedLegend\":false,\"truncateLegend\":true,\"maxLegendLines\":1,\"legendDisplay\":\"show\",\"emptySizeRatio\":0.3,\"legendSize\":\"auto\"}}"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"03aa5c40-b640-11ea-b09e-0955921226b1","managed":false,"references":[{"id":"logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"},{"id":"a9713540-8ebb-11ec-82b5-d375cfa90394","name":"tag-ref-a9713540-8ebb-11ec-82b5-d375cfa90394","type":"tag"}],"sort":[1767638649249,8589934667],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzIwLDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"type.keyword:\\\"Endlessh\\\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Endlessh Duration and Bytes - Top 10","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Endlessh Duration and Bytes - Top 10\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Count\",\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"duration\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Duration (seconds)\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"bytes.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Bytes Transferred\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"src_ip.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"count\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\",\"showToolbar\":false,\"autoFitRowToContent\":false}}"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"03b11810-3be5-11ec-b866-3db993737f54","managed":false,"references":[{"id":"logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"},{"id":"b933efe0-8ebb-11ec-82b5-d375cfa90394","name":"tag-ref-b933efe0-8ebb-11ec-82b5-d375cfa90394","type":"tag"}],"sort":[1767638649249,8589934671],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzIxLDFd"}
{"attributes":{"color":"#b6e983","description":"","name":"Tanner"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"16459ee0-8ebc-11ec-82b5-d375cfa90394","managed":false,"references":[],"sort":[1767638649249,6],"type":"tag","typeMigrationVersion":"8.0.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzEwLDFd"}
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"6373f697-e61e-4edf-9cae-b96e6b7d74f8":{"columnOrder":["ddcc2374-6cd8-445b-a807-6cf42340e759","ac11053f-9aa2-4e0e-b184-85294c9bc478"],"columns":{"ac11053f-9aa2-4e0e-b184-85294c9bc478":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Count","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"},"ddcc2374-6cd8-445b-a807-6cf42340e759":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"URI","operationType":"terms","params":{"accuracyMode":true,"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"ac11053f-9aa2-4e0e-b184-85294c9bc478","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"size":10},"scale":"ordinal","sourceField":"path.keyword"}},"ignoreGlobalFilters":false,"incompleteColumns":{}}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"kuery","query":"type : Tanner"},"visualization":{"columns":[{"alignment":"left","columnId":"ac11053f-9aa2-4e0e-b184-85294c9bc478"},{"alignment":"left","columnId":"ddcc2374-6cd8-445b-a807-6cf42340e759"}],"headerRowHeight":"single","layerId":"6373f697-e61e-4edf-9cae-b96e6b7d74f8","layerType":"data","paging":{"enabled":true,"size":10},"rowHeight":"single"}},"title":"Tanner URI - Top 10","visualizationType":"lnsDatatable"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"03bbec01-e04e-4996-81a6-d5e0cd3eb071","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-6373f697-e61e-4edf-9cae-b96e6b7d74f8","type":"index-pattern"},{"id":"16459ee0-8ebc-11ec-82b5-d375cfa90394","name":"tag-ref-16459ee0-8ebc-11ec-82b5-d375cfa90394","type":"tag"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"}],"sort":[1767638649249,8589934675],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzIyLDFd"}
{"attributes":{"color":"#cde23c","description":"","name":"Go-pot"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"d3ab0b82-8c88-4968-aa32-23d9a867a6ca","managed":false,"references":[],"sort":[1767638649249,7],"type":"tag","typeMigrationVersion":"8.0.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzExLDFd"}
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"f5a94802-967f-41f4-8cff-ee049791281f":{"columnOrder":["b59251ab-f883-4762-b23b-4dc33e1df8b8","6c32a844-7489-4493-8a9c-6fd17a2765b3"],"columns":{"6c32a844-7489-4493-8a9c-6fd17a2765b3":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Count","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"},"b59251ab-f883-4762-b23b-4dc33e1df8b8":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"user-agent.keyword: Descending","operationType":"terms","params":{"accuracyMode":true,"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"6c32a844-7489-4493-8a9c-6fd17a2765b3","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"secondaryFields":[],"size":10},"scale":"ordinal","sourceField":"user_agent.keyword"}},"ignoreGlobalFilters":false,"incompleteColumns":{}}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"lucene","query":"*"},"visualization":{"layers":[{"categoryDisplay":"hide","emptySizeRatio":0.3,"layerId":"f5a94802-967f-41f4-8cff-ee049791281f","layerType":"data","legendDisplay":"show","legendMaxLines":1,"legendPosition":"right","legendSize":"auto","legendStats":["value"],"metrics":["6c32a844-7489-4493-8a9c-6fd17a2765b3"],"nestedLegend":true,"numberDisplay":"percent","percentDecimals":0,"primaryGroups":["b59251ab-f883-4762-b23b-4dc33e1df8b8"],"secondaryGroups":[],"truncateLegend":true}],"palette":{"name":"kibana_palette","type":"palette"},"shape":"donut"}},"title":"Go-pot - User Agent - Top 10","visualizationType":"lnsPie"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"03bcb74b-3306-4f23-9440-cef42c1a7823","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-f5a94802-967f-41f4-8cff-ee049791281f","type":"index-pattern"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"},{"id":"d3ab0b82-8c88-4968-aa32-23d9a867a6ca","name":"tag-ref-d3ab0b82-8c88-4968-aa32-23d9a867a6ca","type":"tag"}],"sort":[1767638649249,8589934679],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzIzLDFd"}
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"c0ccda65-4201-4e2e-b1eb-2f702b20c497":{"columnOrder":["3ebfabea-9bf7-4662-8ae3-26cef80da986","f9811612-ada1-4092-bd38-ba24ca2a0a81"],"columns":{"3ebfabea-9bf7-4662-8ae3-26cef80da986":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"os.keyword: Descending","operationType":"terms","params":{"accuracyMode":true,"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"f9811612-ada1-4092-bd38-ba24ca2a0a81","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"secondaryFields":[],"size":10},"scale":"ordinal","sourceField":"os.keyword"},"f9811612-ada1-4092-bd38-ba24ca2a0a81":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Count","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"}},"ignoreGlobalFilters":false,"incompleteColumns":{}}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"kuery","query":"type : Go-pot"},"visualization":{"layers":[{"categoryDisplay":"hide","emptySizeRatio":0.3,"layerId":"c0ccda65-4201-4e2e-b1eb-2f702b20c497","layerType":"data","legendDisplay":"show","legendMaxLines":1,"legendPosition":"right","legendSize":"auto","metrics":["f9811612-ada1-4092-bd38-ba24ca2a0a81"],"nestedLegend":false,"numberDisplay":"percent","percentDecimals":0,"primaryGroups":["3ebfabea-9bf7-4662-8ae3-26cef80da986"],"secondaryGroups":[],"showValuesInLegend":true,"truncateLegend":true}],"palette":{"name":"kibana_palette","type":"palette"},"shape":"donut"}},"title":"Go-pot - OS Distribution - Top 10","visualizationType":"lnsPie"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"041fcbea-7121-4a79-a0fa-ec97683cd083","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-c0ccda65-4201-4e2e-b1eb-2f702b20c497","type":"index-pattern"},{"id":"d3ab0b82-8c88-4968-aa32-23d9a867a6ca","name":"tag-ref-d3ab0b82-8c88-4968-aa32-23d9a867a6ca","type":"tag"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"}],"sort":[1767638649249,8589934683],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzI0LDFd"}
{"attributes":{"color":"#dce27f","description":"","name":"ConPot"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"991ee4d0-8ebb-11ec-82b5-d375cfa90394","managed":false,"references":[],"sort":[1767638649249,8],"type":"tag","typeMigrationVersion":"8.0.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzEyLDFd"}
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"d57adaaf-bba5-4706-8646-63531479400e":{"columnOrder":["2afbca12-9796-4fc3-a57a-cd0da9d33b6e","dccd0584-bdc9-44c3-b5b5-078c2cb7fbc2"],"columns":{"2afbca12-9796-4fc3-a57a-cd0da9d33b6e":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"Input","operationType":"terms","params":{"accuracyMode":true,"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"dccd0584-bdc9-44c3-b5b5-078c2cb7fbc2","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"size":10},"scale":"ordinal","sourceField":"request.keyword"},"dccd0584-bdc9-44c3-b5b5-078c2cb7fbc2":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Count","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"}},"ignoreGlobalFilters":false,"incompleteColumns":{}}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"kuery","query":"type.keyword:\"ConPot\""},"visualization":{"columns":[{"alignment":"left","columnId":"dccd0584-bdc9-44c3-b5b5-078c2cb7fbc2"},{"alignment":"left","columnId":"2afbca12-9796-4fc3-a57a-cd0da9d33b6e"}],"headerRowHeight":"single","layerId":"d57adaaf-bba5-4706-8646-63531479400e","layerType":"data","paging":{"enabled":true,"size":10},"rowHeight":"single"}},"title":"Conpot Input - Top 10","visualizationType":"lnsDatatable"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"06b734a5-57f1-420e-b9cc-4b19bf581006","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-d57adaaf-bba5-4706-8646-63531479400e","type":"index-pattern"},{"id":"991ee4d0-8ebb-11ec-82b5-d375cfa90394","name":"tag-ref-991ee4d0-8ebb-11ec-82b5-d375cfa90394","type":"tag"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"}],"sort":[1767638649249,8589934687],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzI1LDFd"}
{"attributes":{"color":"#32ebd9","description":"","name":"P0f"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"06f46ac0-8ebc-11ec-82b5-d375cfa90394","managed":false,"references":[],"sort":[1767638649249,9],"type":"tag","typeMigrationVersion":"8.0.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzEzLDFd"}
{"attributes":{"color":"#3542a8","description":"","name":"Fatt"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"c2b98750-8ebb-11ec-82b5-d375cfa90394","managed":false,"references":[],"sort":[1767638649249,10],"type":"tag","typeMigrationVersion":"8.0.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzE0LDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"type : Fatt\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Fatt Attacks Histogram","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Fatt Attacks Histogram\",\"type\":\"line\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Attacks\",\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"src_ip.keyword\",\"customLabel\":\"Unique Src IPs\",\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"fatt_http.clientHeaderHash.keyword\",\"customLabel\":\"Unique HTTP Client Hashes\",\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"7\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"fatt_ssh.hassh.keyword\",\"customLabel\":\"Unique SSH Client Hashes\",\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"6\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"fatt_rdp.rdfp.keyword\",\"customLabel\":\"Unique RDP RDFPs\",\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"fatt_tls.ja3s.keyword\",\"customLabel\":\"Unique JA3s\",\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"params\":{\"field\":\"@timestamp\",\"timeRange\":{\"from\":\"now-24h/h\",\"to\":\"now\"},\"useNormalizedEsInterval\":true,\"extendToTimeRange\":false,\"scaleMetricValues\":false,\"interval\":\"auto\",\"used_interval\":\"30m\",\"drop_partials\":true,\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\"Timestamp\"},\"schema\":\"segment\"}],\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":true,\"truncate\":100,\"filter\":true,\"rotate\":0},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Timestamp\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"right\",\"radiusRatio\":9,\"scale\":\"square root\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Attacks\"},\"drawLinesBetweenPoints\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"mode\":\"normal\",\"show\":\"true\",\"showCircles\":true,\"type\":\"line\",\"valueAxis\":\"ValueAxis-1\",\"circlesRadius\":1},{\"data\":{\"id\":\"3\",\"label\":\"Unique Src IPs\"},\"drawLinesBetweenPoints\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"mode\":\"normal\",\"show\":true,\"showCircles\":true,\"type\":\"line\",\"valueAxis\":\"ValueAxis-1\",\"circlesRadius\":1},{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"5\",\"label\":\"Unique HTTP Client Hashes\"},\"valueAxis\":\"ValueAxis-1\",\"circlesRadius\":1},{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"7\",\"label\":\"Unique SSH Client Hashes\"},\"valueAxis\":\"ValueAxis-1\",\"circlesRadius\":1},{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"6\",\"label\":\"Unique RDP RDFPs\"},\"valueAxis\":\"ValueAxis-1\",\"circlesRadius\":1},{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"4\",\"label\":\"Unique JA3s\"},\"valueAxis\":\"ValueAxis-1\",\"circlesRadius\":1}],\"setYExtents\":false,\"shareYAxis\":true,\"showCircles\":true,\"smoothLines\":false,\"times\":[],\"valueAxes\":[{\"id\":
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"a486f75a-0274-4d94-a340-ed219a3b2e27":{"columnOrder":["f17502dc-787e-494c-8af8-1a584508f516","dd9ca8ed-1a35-4392-b527-1cac22210739"],"columns":{"dd9ca8ed-1a35-4392-b527-1cac22210739":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Count","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"},"f17502dc-787e-494c-8af8-1a584508f516":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"protocol.keyword: Descending","operationType":"terms","params":{"accuracyMode":true,"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"dd9ca8ed-1a35-4392-b527-1cac22210739","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"size":10},"scale":"ordinal","sourceField":"protocol.keyword"}},"ignoreGlobalFilters":false,"incompleteColumns":{}}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"kuery","query":"*"},"visualization":{"layers":[{"categoryDisplay":"hide","emptySizeRatio":0.3,"layerId":"a486f75a-0274-4d94-a340-ed219a3b2e27","layerType":"data","legendDisplay":"show","legendMaxLines":1,"legendPosition":"right","legendSize":"auto","metrics":["dd9ca8ed-1a35-4392-b527-1cac22210739"],"nestedLegend":true,"numberDisplay":"percent","percentDecimals":0,"primaryGroups":["f17502dc-787e-494c-8af8-1a584508f516"],"secondaryGroups":[],"showValuesInLegend":true,"truncateLegend":true}],"palette":{"name":"kibana_palette","type":"palette"},"shape":"donut"}},"title":"Protocols - Dynamic","visualizationType":"lnsPie"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"08db4c49-ca5a-4fae-84c7-be11adeca289","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-a486f75a-0274-4d94-a340-ed219a3b2e27","type":"index-pattern"},{"id":"1fab5730-8f49-11ec-98cd-292aebe8beaf","name":"tag-ref-1fab5730-8f49-11ec-98cd-292aebe8beaf","type":"tag"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"}],"sort":[1767638649249,8589934695],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzI3LDFd"}
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"690e9462-8486-4682-8f6b-bb3d8c67ace4":{"columnOrder":["ead85b23-7246-4157-92bf-7056447fea8c","59dcaa7e-2e3c-4dee-b8d5-32e24e2fbb68"],"columns":{"59dcaa7e-2e3c-4dee-b8d5-32e24e2fbb68":{"dataType":"number","isBucketed":false,"label":"Count of records","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"},"ead85b23-7246-4157-92bf-7056447fea8c":{"dataType":"string","isBucketed":true,"label":"Top 50 values of username.keyword","operationType":"terms","params":{"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"59dcaa7e-2e3c-4dee-b8d5-32e24e2fbb68","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"size":50},"scale":"ordinal","sourceField":"username.keyword"}},"ignoreGlobalFilters":false,"incompleteColumns":{}}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"kuery","query":"type : Beelzebub Cowrie Dionaea Heralding Wordpot"},"visualization":{"layerId":"690e9462-8486-4682-8f6b-bb3d8c67ace4","layerType":"data","maxFontSize":64,"minFontSize":16,"orientation":"single","palette":{"name":"kibana_palette","type":"palette"},"showLabel":false,"tagAccessor":"ead85b23-7246-4157-92bf-7056447fea8c","valueAccessor":"59dcaa7e-2e3c-4dee-b8d5-32e24e2fbb68"}},"title":"Username Tagcloud","visualizationType":"lnsTagcloud"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"0abbd535-e860-4bd8-8ba3-9061956d9401","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-690e9462-8486-4682-8f6b-bb3d8c67ace4","type":"index-pattern"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"}],"sort":[1767638649249,8589934698],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzI4LDFd"}
{"attributes":{"color":"#650fe6","description":"","name":"Redishoneypot"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"0ac8a440-8ebc-11ec-82b5-d375cfa90394","managed":false,"references":[],"sort":[1767638649249,11],"type":"tag","typeMigrationVersion":"8.0.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzE1LDFd"}
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"4e1645d4-b99f-4f36-add5-54e91ee922dc":{"columnOrder":["ac9c3039-546b-4002-8291-ccce598f6192","3c0a6c1c-984e-4e4f-ae4e-f55f3b027354"],"columns":{"3c0a6c1c-984e-4e4f-ae4e-f55f3b027354":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Count","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"},"ac9c3039-546b-4002-8291-ccce598f6192":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"Request URI","operationType":"terms","params":{"accuracyMode":true,"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"3c0a6c1c-984e-4e4f-ae4e-f55f3b027354","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"size":10},"scale":"ordinal","sourceField":"fatt_http.requestURI.keyword"}},"ignoreGlobalFilters":false,"incompleteColumns":{}}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"kuery","query":"type : Fatt"},"visualization":{"columns":[{"alignment":"left","columnId":"3c0a6c1c-984e-4e4f-ae4e-f55f3b027354"},{"alignment":"left","columnId":"ac9c3039-546b-4002-8291-ccce598f6192"}],"headerRowHeight":"single","layerId":"4e1645d4-b99f-4f36-add5-54e91ee922dc","layerType":"data","paging":{"enabled":true,"size":10},"rowHeight":"single"}},"title":"Fatt Request URI - Top 10","visualizationType":"lnsDatatable"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"0c9335b8-e7c6-453f-9a68-775d48c08c07","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-4e1645d4-b99f-4f36-add5-54e91ee922dc","type":"index-pattern"},{"id":"c2b98750-8ebb-11ec-82b5-d375cfa90394","name":"tag-ref-c2b98750-8ebb-11ec-82b5-d375cfa90394","type":"tag"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"}],"sort":[1767638649249,8589934702],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzI5LDFd"}
{"attributes":{"color":"#4778de","description":"Beelzebub","name":"Beelzebub"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"0f7e570e-9791-4edf-b252-0bc9c465cb86","managed":false,"references":[],"sort":[1767638649249,12],"type":"tag","typeMigrationVersion":"8.0.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzE2LDFd"}
{"attributes":{"color":"#1f4b34","description":"","name":"Cowrie"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"9fc921b0-8ebb-11ec-82b5-d375cfa90394","managed":false,"references":[],"sort":[1767638649249,13],"type":"tag","typeMigrationVersion":"8.0.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzE3LDFd"}
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"35641384-e73e-49bc-8a6b-6da09d23c6ac":{"columnOrder":["cf927eb4-f4ba-44f1-8166-67c16e156417","a1fd8f2b-00e4-4719-9544-8404652d0c31","d73e82e2-511e-41a0-8611-ec31999b7453"],"columns":{"a1fd8f2b-00e4-4719-9544-8404652d0c31":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"T-Pot Path (/data/cowrie/downloads)","operationType":"terms","params":{"accuracyMode":true,"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"d73e82e2-511e-41a0-8611-ec31999b7453","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"size":5},"scale":"ordinal","sourceField":"outfile.keyword"},"cf927eb4-f4ba-44f1-8166-67c16e156417":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"Filename","operationType":"terms","params":{"accuracyMode":true,"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"d73e82e2-511e-41a0-8611-ec31999b7453","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"size":5},"scale":"ordinal","sourceField":"filename.keyword"},"d73e82e2-511e-41a0-8611-ec31999b7453":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Count","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"}},"ignoreGlobalFilters":false,"incompleteColumns":{}}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"kuery","query":"type.keyword:\"Cowrie\""},"visualization":{"columns":[{"alignment":"left","columnId":"d73e82e2-511e-41a0-8611-ec31999b7453"},{"alignment":"left","columnId":"cf927eb4-f4ba-44f1-8166-67c16e156417"},{"alignment":"left","columnId":"a1fd8f2b-00e4-4719-9544-8404652d0c31"}],"headerRowHeight":"single","layerId":"35641384-e73e-49bc-8a6b-6da09d23c6ac","layerType":"data","paging":{"enabled":true,"size":10},"rowHeight":"single"}},"title":"Cowrie - Top Downloads","visualizationType":"lnsDatatable"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"0fa84833-1b2f-4eea-b5cc-4df0fc5af74a","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-35641384-e73e-49bc-8a6b-6da09d23c6ac","type":"index-pattern"},{"id":"9fc921b0-8ebb-11ec-82b5-d375cfa90394","name":"tag-ref-9fc921b0-8ebb-11ec-82b5-d375cfa90394","type":"tag"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"}],"sort":[1767638649249,8589934706],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzMwLDFd"}
{"attributes":{"color":"#2e6f71","description":"","name":"Heralding"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"d42e5ec0-8ebb-11ec-82b5-d375cfa90394","managed":false,"references":[],"sort":[1767638649249,14],"type":"tag","typeMigrationVersion":"8.0.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzE4LDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"type.keyword:\\\"Heralding\\\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Heralding Top Credentials Per Protocol","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Heralding Top Credentials Per Protocol\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Count\",\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"proto.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Protocol\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"username.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":3,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Username\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"password.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":3,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Password\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":100,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":false,\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\",\"autoFitRowToContent\":false}}"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"124a1140-488e-11e8-9b3d-f36e8d4f5cb2","managed":false,"references":[{"id":"logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"},{"id":"d42e5ec0-8ebb-11ec-82b5-d375cfa90394","name":"tag-ref-d42e5ec0-8ebb-11ec-82b5-d375cfa90394","type":"tag"}],"sort":[1767638649249,8589934710],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzMxLDFd"}
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"9462e6bb-74c0-40da-aec4-b4d7c2d04c23":{"columnOrder":["0f006b98-a8ef-45c3-8cd1-5cba2f74fba3","5b186870-b1ef-4d34-9a44-e5fb18a05e5b","13a4c97c-e730-445b-9f90-6de87038ed74"],"columns":{"0f006b98-a8ef-45c3-8cd1-5cba2f74fba3":{"customLabel":true,"dataType":"number","isBucketed":true,"label":"AS","operationType":"terms","params":{"accuracyMode":true,"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"13a4c97c-e730-445b-9f90-6de87038ed74","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"size":10},"scale":"ordinal","sourceField":"geoip.asn"},"13a4c97c-e730-445b-9f90-6de87038ed74":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Count","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"},"5b186870-b1ef-4d34-9a44-e5fb18a05e5b":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"ASN","operationType":"terms","params":{"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"13a4c97c-e730-445b-9f90-6de87038ed74","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"size":10},"scale":"ordinal","sourceField":"geoip.as_org.keyword"}},"ignoreGlobalFilters":false,"incompleteColumns":{}}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"kuery","query":"type : Adbhoney Beelzebub Ciscoasa CitrixHoneypot ConPot Cowrie Ddospot Dicompot Dionaea ElasticPot Endlessh Galah Go-pot Glutton H0neytr4p Hellpot Heralding Honeyaml Honeytrap Honeypots Log4pot Ipphoney Mailoney Medpot Miniprint Redishoneypot Sentrypeer Tanner Wordpot"},"visualization":{"columns":[{"alignment":"left","columnId":"13a4c97c-e730-445b-9f90-6de87038ed74"},{"alignment":"left","columnId":"0f006b98-a8ef-45c3-8cd1-5cba2f74fba3"},{"alignment":"left","columnId":"5b186870-b1ef-4d34-9a44-e5fb18a05e5b"}],"headerRowHeight":"custom","headerRowHeightLines":1,"layerId":"9462e6bb-74c0-40da-aec4-b4d7c2d04c23","layerType":"data","paging":{"enabled":true,"size":10},"rowHeight":"custom","rowHeightLines":1}},"title":"Attacker AS/N - Top 10","visualizationType":"lnsDatatable"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"127e1f7d-16fb-4511-8751-a6a124ad438a","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-9462e6bb-74c0-40da-aec4-b4d7c2d04c23","type":"index-pattern"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"}],"sort":[1767638649249,8589934713],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzMyLDFd"}
{"attributes":{"color":"#5e8407","description":"","name":"Suricata"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"1324d6e0-8ebc-11ec-82b5-d375cfa90394","managed":false,"references":[],"sort":[1767638649249,15],"type":"tag","typeMigrationVersion":"8.0.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzE5LDFd"}
{"attributes":{"color":"#832648","description":"","name":"Sentrypeer"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"eca457c0-9631-11ec-8535-97c455858195","managed":false,"references":[],"sort":[1767638649249,16],"type":"tag","typeMigrationVersion":"8.0.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzIwLDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"*\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"Sentrypeer - Attacker Number Relation - Vega","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Sentrypeer - Attacker Number Relation - Vega\",\"type\":\"vega\",\"aggs\":[],\"params\":{\"spec\":\"{\\n $schema: https://vega.github.io/schema/vega/v3.0.json\\n data: [\\n {\\n // query ES based on the currently selected time range and filter string\\n name: rawData\\n url: {\\n %context%: true\\n %timefield%: @timestamp\\n index: logstash-*\\n body: {\\n size: 0\\n aggs: {\\n table: {\\n composite: {\\n size: 10000\\n sources: [\\n {\\n stk1: {\\n terms: {\\n field: src_ip.keyword\\n }\\n }\\n }\\n {\\n stk2: {\\n terms: {\\n field: called_number.keyword\\n }\\n }\\n }\\n ]\\n }\\n }\\n }\\n }\\n }\\n // From the result, take just the data we are interested in\\n format: {\\n property: aggregations.table.buckets\\n }\\n // Convert key.stk1 -> stk1 for simpler access below\\n transform: [\\n {\\n type: formula\\n expr: datum.key.stk1\\n as: stk1\\n }\\n {\\n type: formula\\n expr: datum.key.stk2\\n as: stk2\\n }\\n {\\n type: formula\\n expr: datum.doc_count\\n as: size\\n }\\n ]\\n }\\n {\\n name: nodes\\n source: rawData\\n transform: [\\n // when a country is selected, filter out unrelated data\\n {\\n type: filter\\n expr: !groupSelector || groupSelector.stk1 == datum.stk1 || groupSelector.stk2 == datum.stk2\\n }\\n // Set new key for later lookups - identifies each node\\n {\\n type: formula\\n expr: datum.stk1+datum.stk2\\n as: key\\n }\\n // instead of each table row, create two new rows,\\n // one for the source (stack=stk1) and one for destination node (stack=stk2).\\n // The country code stored in stk1 and stk2 fields is placed into grpId field.\\n {\\n type: fold\\n fields: [\\n stk1\\n stk2\\n ]\\n as: [\\n stack\\n grpId\\n ]\\n }\\n // Create a sortkey, different for stk1 and stk2 stacks.\\n // Space separator ensures proper sort order in some corner cases.\\n {\\n type: formula\\n expr: datum.stack == 'stk1' ? datum.stk1+' '+datum.stk2 : datum.stk2+' '+datum.stk1\\n as: sortField\\n }\\n // Calculate y0 and y1 positions for stacking nodes one on top of the other,\\n // independently for each stack, and ensuring they are in the proper order,\\n // alphabetical from the top (reversed on the y axis)\\n {\\n type: stack\\n groupby: [\\n stack\\n ]\\n sort: {\\n field: sortField\\n order: descending\\n }\\n field: size\\n }\\n // calculate vertical center point for each node, used to draw edges\\n {\\n type: formula\\n expr: (datum.y0+datum.y1)/2\\n as: yc\\n }\\n ]\\n }\\n {\\n name: groups\\n source: nodes\\n transform: [\\n // combine all nodes into country groups, summing up the doc counts\\n {\\n type: aggregate\\n groupby: [\\n stack\\n grpId\\n ]\\n fields: [\\n size\\n ]\\n
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"291bbe70-ef1b-42e7-868b-1d6ce8b53bf4":{"columnOrder":["39f349df-7e38-4d96-b9a4-85519f3b2d6b","036c0aaa-7b07-4e33-96b0-88598de128ea","9f623691-27d6-4fe2-984c-35d898858c1c"],"columns":{"036c0aaa-7b07-4e33-96b0-88598de128ea":{"customLabel":true,"dataType":"date","isBucketed":true,"label":"Timestamp","operationType":"date_histogram","params":{"dropPartials":true,"includeEmptyRows":false,"interval":"auto"},"scale":"interval","sourceField":"@timestamp"},"39f349df-7e38-4d96-b9a4-85519f3b2d6b":{"customLabel":true,"dataType":"number","isBucketed":true,"label":"DestPort: Descending","operationType":"terms","params":{"accuracyMode":true,"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"9f623691-27d6-4fe2-984c-35d898858c1c","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"size":5},"scale":"ordinal","sourceField":"dest_port"},"9f623691-27d6-4fe2-984c-35d898858c1c":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Attacks","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"}},"ignoreGlobalFilters":false,"incompleteColumns":{}}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"kuery","query":"*"},"visualization":{"axisTitlesVisibilitySettings":{"x":false,"yLeft":false,"yRight":true},"curveType":"CURVE_STEP_AFTER","fittingFunction":"Zero","gridlinesVisibilitySettings":{"x":false,"yLeft":false,"yRight":true},"labelsOrientation":{"x":0,"yLeft":0,"yRight":-90},"layers":[{"accessors":["9f623691-27d6-4fe2-984c-35d898858c1c"],"isHistogram":true,"layerId":"291bbe70-ef1b-42e7-868b-1d6ce8b53bf4","layerType":"data","palette":{"name":"kibana_palette","type":"palette"},"seriesType":"area","simpleView":false,"splitAccessor":"39f349df-7e38-4d96-b9a4-85519f3b2d6b","xAccessor":"036c0aaa-7b07-4e33-96b0-88598de128ea","xScaleType":"time","yConfig":[{"axisMode":"left","forAccessor":"9f623691-27d6-4fe2-984c-35d898858c1c"}]}],"legend":{"isVisible":true,"legendSize":"auto","maxLines":1,"position":"right","shouldTruncate":true,"showSingleSeries":true},"preferredSeriesType":"bar_stacked","showCurrentTimeMarker":false,"tickLabelsVisibilitySettings":{"x":true,"yLeft":true,"yRight":true},"valueLabels":"hide","valuesInLegend":false,"yLeftExtent":{"enforce":true,"mode":"full"},"yLeftScale":"sqrt","yRightScale":"linear","yTitle":"Attacks"}},"title":"Attacks by Destination Ports Histogram - Dynamic","visualizationType":"lnsXY"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"b7aa7958-5072-4934-b997-1c34d1d25abd","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-291bbe70-ef1b-42e7-868b-1d6ce8b53bf4","type":"index-pattern"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"},{"id":"1fab5730-8f49-11ec-98cd-292aebe8beaf","name":"tag-ref-1fab5730-8f49-11ec-98cd-292aebe8beaf","type":"tag"}],"sort":[1767638649249,8589934720],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzM0LDFd"}
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"9483a4b2-b4ae-41e8-bea3-11208fabc1a7":{"columnOrder":["2691d7e0-bdb3-4202-9a5c-91d5a86fa6d0","0a9f5658-af62-467f-9164-ab2ee7a1ddfc"],"columns":{"0a9f5658-af62-467f-9164-ab2ee7a1ddfc":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Count","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"},"2691d7e0-bdb3-4202-9a5c-91d5a86fa6d0":{"customLabel":true,"dataType":"number","isBucketed":true,"label":"DestPort: Descending","operationType":"terms","params":{"accuracyMode":true,"exclude":[0],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"0a9f5658-af62-467f-9164-ab2ee7a1ddfc","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"size":10},"scale":"ordinal","sourceField":"dest_port"}},"ignoreGlobalFilters":false,"incompleteColumns":{}}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"kuery","query":"*"},"visualization":{"layers":[{"categoryDisplay":"hide","emptySizeRatio":0.3,"layerId":"9483a4b2-b4ae-41e8-bea3-11208fabc1a7","layerType":"data","legendDisplay":"show","legendMaxLines":1,"legendPosition":"right","legendSize":"auto","metrics":["0a9f5658-af62-467f-9164-ab2ee7a1ddfc"],"nestedLegend":false,"numberDisplay":"percent","percentDecimals":0,"primaryGroups":["2691d7e0-bdb3-4202-9a5c-91d5a86fa6d0"],"secondaryGroups":[],"showValuesInLegend":true,"truncateLegend":true}],"palette":{"name":"kibana_palette","type":"palette"},"shape":"donut"}},"title":"Attacks by Port - Dynamic","visualizationType":"lnsPie"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"b9bae916-7755-408c-94b9-3a2d4db6f33b","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-9483a4b2-b4ae-41e8-bea3-11208fabc1a7","type":"index-pattern"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"},{"id":"1fab5730-8f49-11ec-98cd-292aebe8beaf","name":"tag-ref-1fab5730-8f49-11ec-98cd-292aebe8beaf","type":"tag"}],"sort":[1767638649249,8589934724],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzM1LDFd"}
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"7ed80f62-870a-4be8-b044-47956b45608c":{"columnOrder":["8fb80a04-4c98-439a-a132-a848e0f6b050","59f8b369-8009-4123-867e-994868ad0a93"],"columns":{"59f8b369-8009-4123-867e-994868ad0a93":{"dataType":"number","isBucketed":false,"label":"Count of records","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"},"8fb80a04-4c98-439a-a132-a848e0f6b050":{"dataType":"string","isBucketed":true,"label":"Top 50 values of username.keyword","operationType":"terms","params":{"accuracyMode":true,"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"59f8b369-8009-4123-867e-994868ad0a93","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"size":50},"scale":"ordinal","sourceField":"username.keyword"}},"ignoreGlobalFilters":false,"incompleteColumns":{}}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"kuery","query":""},"visualization":{"layerId":"7ed80f62-870a-4be8-b044-47956b45608c","layerType":"data","maxFontSize":64,"minFontSize":16,"orientation":"single","palette":{"name":"kibana_palette","type":"palette"},"showLabel":false,"tagAccessor":"8fb80a04-4c98-439a-a132-a848e0f6b050","valueAccessor":"59f8b369-8009-4123-867e-994868ad0a93"}},"title":"Username Tagcloud - Dynamic","visualizationType":"lnsTagcloud"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"3ac916a5-b94c-42aa-b9c2-0a9aa082d377","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-7ed80f62-870a-4be8-b044-47956b45608c","type":"index-pattern"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"},{"id":"1fab5730-8f49-11ec-98cd-292aebe8beaf","name":"tag-ref-1fab5730-8f49-11ec-98cd-292aebe8beaf","type":"tag"}],"sort":[1767638649249,8589934728],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzM2LDFd"}
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"5c9e66de-03b2-490c-b5bd-e08d63161180":{"columnOrder":["6900731a-6fda-46ad-9a02-0dbc2f5b0d74","622decbb-111d-4131-8949-350b387e2b97"],"columns":{"622decbb-111d-4131-8949-350b387e2b97":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Count","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"},"6900731a-6fda-46ad-9a02-0dbc2f5b0d74":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"password.keyword: Descending","operationType":"terms","params":{"accuracyMode":true,"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"622decbb-111d-4131-8949-350b387e2b97","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"size":50},"scale":"ordinal","sourceField":"password.keyword"}},"ignoreGlobalFilters":false,"incompleteColumns":{}}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"kuery","query":""},"visualization":{"layerId":"5c9e66de-03b2-490c-b5bd-e08d63161180","layerType":"data","maxFontSize":64,"minFontSize":16,"orientation":"single","palette":{"name":"kibana_palette","type":"palette"},"showLabel":false,"tagAccessor":"6900731a-6fda-46ad-9a02-0dbc2f5b0d74","valueAccessor":"622decbb-111d-4131-8949-350b387e2b97"}},"title":"Password Tagcloud - Dynamic","visualizationType":"lnsTagcloud"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"806aee6e-9784-41d1-85c3-aab00c8b79a7","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-5c9e66de-03b2-490c-b5bd-e08d63161180","type":"index-pattern"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"},{"id":"1fab5730-8f49-11ec-98cd-292aebe8beaf","name":"tag-ref-1fab5730-8f49-11ec-98cd-292aebe8beaf","type":"tag"}],"sort":[1767638649249,8589934732],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzM3LDFd"}
{"attributes":{"description":"Heralding Dashboard","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"type : Heralding\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":true,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":54,\"w\":24,\"h\":17,\"i\":\"14\"},\"panelIndex\":\"14\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_14\"},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":0,\"w\":14,\"h\":7,\"i\":\"94e894fa-e031-4e14-9a09-bd0310d5fd88\"},\"panelIndex\":\"94e894fa-e031-4e14-9a09-bd0310d5fd88\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_94e894fa-e031-4e14-9a09-bd0310d5fd88\"},{\"type\":\"lens\",\"gridData\":{\"x\":14,\"y\":0,\"w\":10,\"h\":7,\"i\":\"f5d857a5-ac49-4a20-9311-acc4247e62bf\"},\"panelIndex\":\"f5d857a5-ac49-4a20-9311-acc4247e62bf\",\"embeddableConfig\":{\"attributes\":{\"title\":\"Attacks - Dynamic\",\"description\":\"\",\"visualizationType\":\"lnsMetric\",\"state\":{\"visualization\":{\"layerId\":\"a3575b87-f059-46f0-8a02-7e287afa4ef5\",\"layerType\":\"data\",\"metricAccessor\":\"0959c753-3318-4147-82ea-db6250b91680\",\"showBar\":true,\"secondaryMetricAccessor\":\"132a2ca5-f458-4fbf-ba20-3f6a5009236f\",\"trendlineSecondaryMetricAccessor\":\"390ca20b-f017-47e4-a099-5a52eefd563d\",\"maxAccessor\":\"e5602d35-02d6-4007-b268-b0d1514d9077\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"a3575b87-f059-46f0-8a02-7e287afa4ef5\":{\"columns\":{\"0959c753-3318-4147-82ea-db6250b91680\":{\"label\":\"Attacks\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true},\"customLabel\":true},\"132a2ca5-f458-4fbf-ba20-3f6a5009236f\":{\"label\":\"Unique Src IPs\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"src_ip.keyword\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":true},\"customLabel\":true},\"e5602d35-02d6-4007-b268-b0d1514d9077\":{\"label\":\"Count of records -1d\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"timeShift\":\"1d\",\"params\":{\"emptyAsNull\":true}}},\"columnOrder\":[\"0959c753-3318-4147-82ea-db6250b91680\",\"132a2ca5-f458-4fbf-ba20-3f6a5009236f\",\"e5602d35-02d6-4007-b268-b0d1514d9077\"],\"sampling\":1,\"ignoreGlobalFilters\":false,\"incompleteColumns\":{},\"indexPatternId\":\"logstash-*\"}},\"currentIndexPatternId\":\"logstash-*\"},\"indexpattern\":{\"layers\":{}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}},\"references\":[{\"type\":\"index-pattern\",\"id\":\"logstash-*\",\"name\":\"indexpattern-datasource-layer-a3575b87-f059-46f0-8a02-7e287afa4ef5\"}],\"type\":\"lens\"},\"enhancements\":{},\"hidePanelTitles\":true},\"panelRefName\":\"panel_f5d857a5-ac49-4a20-9311-acc4247e62bf\"},{\"type\":\"map\",\"gridData\":{\"x\":24,\"y\":0,\"w\":24,\"h\":17,\"i\":\"330ff518-12f6-4f31-af37-c98ceefa4ef4\"},\"panelIndex\":\"330ff518-12f6-4f31-af37-c98ceefa4ef4\",\"embeddableConfig\":{\"mapCenter\":{\"lat\":27.08268,\"lon\":13.8898,\"zoom\":0.89},\"mapBuffer\":{\"minLon\":-180,\"minLat\":-85.05113,\"maxLon\":360,\"maxLat\":85.05113},\"isLayerTOCOpen\":false,\"openTOCDetails\":[],\"hiddenLayers\":[],\"enhancements\":{}},\"panelRefName\":\"panel_330ff518-12f6-4f31-af37-c98ceefa4ef4\"},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":7,\"w\":24,\"h\":10,\"i\":\"3619beaf-3d47-4ff0-9fde-3a7954e20d01\"},\"panelIndex\":\"3619beaf-3d47-4ff0-9fde-3a7954e20d01\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3619beaf-3d47-4ff0-9fde-3a7954e20d01\"},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":17,\"w\":24,\"h\":10,\"i\":\"3afe950e-29e9-413d-96aa-91243650d343\"},\"panelIndex\":\"3afe950e-29e9-413d-96aa-91243650d343\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefN
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"bce0f82e-a1e4-40b3-bbac-dbddefb9fb65":{"columnOrder":["3da3b77c-c59c-40c1-9518-163247e10692","16b0f708-a27f-4597-98c4-c6dd64a63ab9"],"columns":{"16b0f708-a27f-4597-98c4-c6dd64a63ab9":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Count","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"},"3da3b77c-c59c-40c1-9518-163247e10692":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"geoip.country_name.keyword: Descending","operationType":"terms","params":{"accuracyMode":true,"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"16b0f708-a27f-4597-98c4-c6dd64a63ab9","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"size":10},"scale":"ordinal","sourceField":"geoip.country_name.keyword"}},"ignoreGlobalFilters":false,"incompleteColumns":{}}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"kuery","query":"type : Adbhoney Beelzebub Ciscoasa CitrixHoneypot ConPot Cowrie Ddospot Dicompot Dionaea ElasticPot Endlessh Galah Go-pot Glutton H0neytr4p Hellpot Heralding Honeyaml Honeytrap Honeypots Log4pot Ipphoney Mailoney Medpot Miniprint Redishoneypot Sentrypeer Tanner Wordpot"},"visualization":{"layers":[{"categoryDisplay":"hide","emptySizeRatio":0.3,"layerId":"bce0f82e-a1e4-40b3-bbac-dbddefb9fb65","layerType":"data","legendDisplay":"show","legendMaxLines":1,"legendPosition":"right","legendSize":"auto","metrics":["16b0f708-a27f-4597-98c4-c6dd64a63ab9"],"nestedLegend":false,"numberDisplay":"percent","percentDecimals":0,"primaryGroups":["3da3b77c-c59c-40c1-9518-163247e10692"],"secondaryGroups":[],"showValuesInLegend":true,"truncateLegend":true}],"palette":{"name":"kibana_palette","type":"palette"},"shape":"donut"}},"title":"Attacks by Country","visualizationType":"lnsPie"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"159bd0ee-2993-4794-b894-e68c967f8610","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-bce0f82e-a1e4-40b3-bbac-dbddefb9fb65","type":"index-pattern"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"}],"sort":[1767638649249,8589934753],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzM5LDFd"}
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"243435a5-0b1b-48b0-8be1-152bebfe7501":{"columnOrder":["a0a97e82-04f1-406b-a2d0-809ceba45336","55b8df52-7024-45e4-890d-ba9281e8675e"],"columns":{"55b8df52-7024-45e4-890d-ba9281e8675e":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Count","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"},"a0a97e82-04f1-406b-a2d0-809ceba45336":{"dataType":"string","isBucketed":true,"label":"Top 10 values of client.keyword","operationType":"terms","params":{"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"55b8df52-7024-45e4-890d-ba9281e8675e","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"size":10},"scale":"ordinal","sourceField":"client.keyword"}},"ignoreGlobalFilters":false,"incompleteColumns":{}}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"kuery","query":"type.keyword:\"Beelzebub\""},"visualization":{"layers":[{"categoryDisplay":"hide","emptySizeRatio":0.3,"layerId":"243435a5-0b1b-48b0-8be1-152bebfe7501","layerType":"data","legendDisplay":"show","legendMaxLines":1,"legendPosition":"right","legendSize":"auto","metrics":["55b8df52-7024-45e4-890d-ba9281e8675e"],"nestedLegend":true,"numberDisplay":"percent","percentDecimals":0,"primaryGroups":["a0a97e82-04f1-406b-a2d0-809ceba45336"],"secondaryGroups":[],"showValuesInLegend":true,"truncateLegend":true}],"palette":{"name":"kibana_palette","type":"palette"},"shape":"donut"}},"title":"Beelzebub Version Pie - Top 10","visualizationType":"lnsPie"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"171599a5-102c-49cb-b719-a8c503d15ab7","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-243435a5-0b1b-48b0-8be1-152bebfe7501","type":"index-pattern"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"},{"id":"0f7e570e-9791-4edf-b252-0bc9c465cb86","name":"tag-ref-0f7e570e-9791-4edf-b252-0bc9c465cb86","type":"tag"}],"sort":[1767638649249,8589934757],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzQwLDFd"}
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"22608b88-49c0-4f3c-9e0e-89cfa449292a":{"columnOrder":["7f107032-5484-48d8-92b1-1fa7b0964857","923d1530-b003-4b6e-8c21-64b00446aa81"],"columns":{"7f107032-5484-48d8-92b1-1fa7b0964857":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"data_type.keyword: Descending","operationType":"terms","params":{"accuracyMode":true,"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"923d1530-b003-4b6e-8c21-64b00446aa81","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"size":10},"scale":"ordinal","sourceField":"data_type.keyword"},"923d1530-b003-4b6e-8c21-64b00446aa81":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Count","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"}},"ignoreGlobalFilters":false,"incompleteColumns":{}}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"kuery","query":"type.keyword:\"ConPot\""},"visualization":{"layers":[{"categoryDisplay":"hide","emptySizeRatio":0.3,"layerId":"22608b88-49c0-4f3c-9e0e-89cfa449292a","layerType":"data","legendDisplay":"show","legendMaxLines":1,"legendPosition":"right","legendSize":"auto","metrics":["923d1530-b003-4b6e-8c21-64b00446aa81"],"nestedLegend":false,"numberDisplay":"percent","percentDecimals":0,"primaryGroups":["7f107032-5484-48d8-92b1-1fa7b0964857"],"secondaryGroups":[],"showValuesInLegend":true,"truncateLegend":true}],"palette":{"name":"kibana_palette","type":"palette"},"shape":"donut"}},"title":"Conpot Protocol","visualizationType":"lnsPie"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"17b6d8f0-8799-48e9-bfb5-85b21ed46777","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-22608b88-49c0-4f3c-9e0e-89cfa449292a","type":"index-pattern"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"},{"id":"991ee4d0-8ebb-11ec-82b5-d375cfa90394","name":"tag-ref-991ee4d0-8ebb-11ec-82b5-d375cfa90394","type":"tag"}],"sort":[1767638649249,8589934761],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzQxLDFd"}
{"attributes":{"color":"#0ddce1","description":"","name":"Wordpot"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"19822c40-8ebc-11ec-82b5-d375cfa90394","managed":false,"references":[],"sort":[1767638649249,17],"type":"tag","typeMigrationVersion":"8.0.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzIxLDFd"}
{"attributes":{"color":"#ecf179","description":"Security Solution auto-generated tag","name":"Security Solution"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:46:44.458Z","id":"19a6ab5d-bb87-4cd2-9f8b-6f8d82ce438c","managed":false,"references":[],"sort":[1767638804458,37],"type":"tag","typeMigrationVersion":"8.0.0","updated_at":"2026-01-05T18:46:44.458Z","version":"WzEzMSwxXQ=="}
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"ee504c04-2d64-4fb6-8ce4-6945a5e24413":{"columnOrder":["ba0d7ace-a7a5-4881-93b6-15a460b9007f","e948159e-1a44-47b3-842a-81466030dcb3"],"columns":{"ba0d7ace-a7a5-4881-93b6-15a460b9007f":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"protocol.keyword: Descending","operationType":"terms","params":{"accuracyMode":true,"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"e948159e-1a44-47b3-842a-81466030dcb3","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"size":5},"scale":"ordinal","sourceField":"protocol.keyword"},"e948159e-1a44-47b3-842a-81466030dcb3":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Count","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"}},"ignoreGlobalFilters":false,"incompleteColumns":{}}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"kuery","query":"type.keyword:\"Cowrie\""},"visualization":{"layers":[{"categoryDisplay":"hide","emptySizeRatio":0.3,"layerId":"ee504c04-2d64-4fb6-8ce4-6945a5e24413","layerType":"data","legendDisplay":"show","legendMaxLines":1,"legendPosition":"right","legendSize":"auto","metrics":["e948159e-1a44-47b3-842a-81466030dcb3"],"nestedLegend":false,"numberDisplay":"percent","percentDecimals":0,"primaryGroups":["ba0d7ace-a7a5-4881-93b6-15a460b9007f"],"secondaryGroups":[],"showValuesInLegend":true,"truncateLegend":true}],"palette":{"name":"kibana_palette","type":"palette"},"shape":"donut"}},"title":"Cowrie - Attacks by Port","visualizationType":"lnsPie"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"19ad4368-7187-4487-8807-52e7165a1f0a","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-ee504c04-2d64-4fb6-8ce4-6945a5e24413","type":"index-pattern"},{"id":"9fc921b0-8ebb-11ec-82b5-d375cfa90394","name":"tag-ref-9fc921b0-8ebb-11ec-82b5-d375cfa90394","type":"tag"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"}],"sort":[1767638649249,8589934765],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzQyLDFd"}
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"264ad6f2-e5d0-4143-8d55-210de014d10f":{"columnOrder":["7e1177d1-2017-49d1-abbe-5ed9181a4682","7cc84262-09c8-4e77-ba7d-19c80db34c24","0f98353a-8256-454e-b683-fd5209fb2214"],"columns":{"0f98353a-8256-454e-b683-fd5209fb2214":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Count","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"},"7cc84262-09c8-4e77-ba7d-19c80db34c24":{"customLabel":true,"dataType":"date","isBucketed":true,"label":"Timestamp","operationType":"date_histogram","params":{"dropPartials":false,"includeEmptyRows":true,"interval":"auto"},"scale":"interval","sourceField":"@timestamp"},"7e1177d1-2017-49d1-abbe-5ed9181a4682":{"customLabel":true,"dataType":"number","isBucketed":true,"label":"Destination Port","operationType":"terms","params":{"accuracyMode":true,"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"0f98353a-8256-454e-b683-fd5209fb2214","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"size":10},"scale":"ordinal","sourceField":"dest_port"}},"ignoreGlobalFilters":false,"incompleteColumns":{}}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"kuery","query":"*"},"visualization":{"gridConfig":{"isCellLabelVisible":false,"isXAxisLabelVisible":true,"isXAxisTitleVisible":false,"isYAxisLabelVisible":true,"isYAxisTitleVisible":true,"type":"heatmap_grid"},"layerId":"264ad6f2-e5d0-4143-8d55-210de014d10f","layerType":"data","legend":{"isVisible":false,"position":"right","type":"heatmap_legend"},"palette":{"accessor":"0f98353a-8256-454e-b683-fd5209fb2214","name":"custom","params":{"colorStops":[{"color":"#006837","stop":0},{"color":"#2DA155","stop":12.5},{"color":"#86CB66","stop":25},{"color":"#CCE982","stop":37.5},{"color":"#FEFEBD","stop":50},{"color":"#FED380","stop":62.5},{"color":"#F88D52","stop":75},{"color":"#DE3E2E","stop":87.5}],"continuity":"none","maxSteps":5,"name":"custom","progression":"fixed","rangeMax":100,"rangeMin":0,"rangeType":"percent","reverse":false,"stops":[{"color":"#006837","stop":12.5},{"color":"#2DA155","stop":25},{"color":"#86CB66","stop":37.5},{"color":"#CCE982","stop":50},{"color":"#FEFEBD","stop":62.5},{"color":"#FED380","stop":75},{"color":"#F88D52","stop":87.5},{"color":"#DE3E2E","stop":100}]},"type":"palette"},"shape":"heatmap","valueAccessor":"0f98353a-8256-454e-b683-fd5209fb2214","xAccessor":"7cc84262-09c8-4e77-ba7d-19c80db34c24","yAccessor":"7e1177d1-2017-49d1-abbe-5ed9181a4682"}},"title":"Heatmap Destination Ports - Dynamic","visualizationType":"lnsHeatmap"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"2622a450-ab5b-4551-857c-8f4f6edb100a","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-264ad6f2-e5d0-4143-8d55-210de014d10f","type":"index-pattern"},{"id":"1fab5730-8f49-11ec-98cd-292aebe8beaf","name":"tag-ref-1fab5730-8f49-11ec-98cd-292aebe8beaf","type":"tag"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"}],"sort":[1767638649249,8589934769],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzQzLDFd"}
{"attributes":{"color":"#d7c11f","description":"","name":"Honeypots"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"da7e1f90-8ebb-11ec-82b5-d375cfa90394","managed":false,"references":[],"sort":[1767638649249,18],"type":"tag","typeMigrationVersion":"8.0.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzIyLDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"type.keyword:\\\"Honeypots\\\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"qHoneypots Event Type - Top 10","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"qHoneypots Event Type - Top 10\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"action.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"},\"schema\":\"segment\"}],\"params\":{\"addTooltip\":true,\"isDonut\":true,\"legendPosition\":\"right\",\"shareYAxis\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100,\"percentDecimals\":0},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"nestedLegend\":true,\"truncateLegend\":true,\"maxLegendLines\":1,\"legendDisplay\":\"show\",\"emptySizeRatio\":0.3,\"legendSize\":\"auto\"}}"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"85700de0-731a-11ec-9e1e-29d5d4b58b2b","managed":false,"references":[{"id":"logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"},{"id":"da7e1f90-8ebb-11ec-82b5-d375cfa90394","name":"tag-ref-da7e1f90-8ebb-11ec-82b5-d375cfa90394","type":"tag"}],"sort":[1767638649249,8589934773],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzQ0LDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"*\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"Country Protocol Relation - Vega","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Country Protocol Relation - Vega\",\"type\":\"vega\",\"aggs\":[],\"params\":{\"spec\":\"{\\n $schema: https://vega.github.io/schema/vega/v3.0.json\\n data: [\\n {\\n // query ES based on the currently selected time range and filter string\\n name: rawData\\n url: {\\n %context%: true\\n %timefield%: @timestamp\\n index: logstash-*\\n body: {\\n size: 0\\n aggs: {\\n table: {\\n composite: {\\n size: 10000\\n sources: [\\n {\\n stk1: {\\n terms: {\\n field: geoip.country_name.keyword\\n }\\n }\\n }\\n {\\n stk2: {\\n terms: {\\n field: protocol.keyword\\n }\\n }\\n }\\n ]\\n }\\n }\\n }\\n }\\n }\\n // From the result, take just the data we are interested in\\n format: {\\n property: aggregations.table.buckets\\n }\\n // Convert key.stk1 -> stk1 for simpler access below\\n transform: [\\n {\\n type: formula\\n expr: datum.key.stk1\\n as: stk1\\n }\\n {\\n type: formula\\n expr: datum.key.stk2\\n as: stk2\\n }\\n {\\n type: formula\\n expr: datum.doc_count\\n as: size\\n }\\n ]\\n }\\n {\\n name: nodes\\n source: rawData\\n transform: [\\n // when a country is selected, filter out unrelated data\\n {\\n type: filter\\n expr: !groupSelector || groupSelector.stk1 == datum.stk1 || groupSelector.stk2 == datum.stk2\\n }\\n // Set new key for later lookups - identifies each node\\n {\\n type: formula\\n expr: datum.stk1+datum.stk2\\n as: key\\n }\\n // instead of each table row, create two new rows,\\n // one for the source (stack=stk1) and one for destination node (stack=stk2).\\n // The country code stored in stk1 and stk2 fields is placed into grpId field.\\n {\\n type: fold\\n fields: [\\n stk1\\n stk2\\n ]\\n as: [\\n stack\\n grpId\\n ]\\n }\\n // Create a sortkey, different for stk1 and stk2 stacks.\\n // Space separator ensures proper sort order in some corner cases.\\n {\\n type: formula\\n expr: datum.stack == 'stk1' ? datum.stk1+' '+datum.stk2 : datum.stk2+' '+datum.stk1\\n as: sortField\\n }\\n // Calculate y0 and y1 positions for stacking nodes one on top of the other,\\n // independently for each stack, and ensuring they are in the proper order,\\n // alphabetical from the top (reversed on the y axis)\\n {\\n type: stack\\n groupby: [\\n stack\\n ]\\n sort: {\\n field: sortField\\n order: descending\\n }\\n field: size\\n }\\n // calculate vertical center point for each node, used to draw edges\\n {\\n type: formula\\n expr: (datum.y0+datum.y1)/2\\n as: yc\\n }\\n ]\\n }\\n {\\n name: groups\\n source: nodes\\n transform: [\\n // combine all nodes into country groups, summing up the doc counts\\n {\\n type: aggregate\\n groupby: [\\n stack\\n grpId\\n ]\\n fields: [\\n size\\n ]\\n ops: [\\n
{"attributes":{"controlGroupInput":{"chainingSystem":"HIERARCHICAL","controlStyle":"oneLine","ignoreParentSettingsJSON":"{\"ignoreFilters\":false,\"ignoreQuery\":false,\"ignoreTimerange\":false,\"ignoreValidations\":false}","panelsJSON":"{\"33d7daa4-2af2-473c-a8d3-107437783e24\":{\"type\":\"optionsListControl\",\"order\":0,\"grow\":true,\"width\":\"small\",\"explicitInput\":{\"id\":\"33d7daa4-2af2-473c-a8d3-107437783e24\",\"fieldName\":\"protocol.keyword\",\"title\":\"Honeypots Protocol\",\"grow\":false,\"width\":\"small\",\"enhancements\":{}}}}"},"description":"Dashboard for qeeqbox's Honeypots","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"type : Honeypots\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":true,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":0,\"w\":14,\"h\":7,\"i\":\"d3800e10-0f24-4750-8186-9d04483a46d1\"},\"panelIndex\":\"d3800e10-0f24-4750-8186-9d04483a46d1\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_d3800e10-0f24-4750-8186-9d04483a46d1\"},{\"type\":\"lens\",\"gridData\":{\"x\":14,\"y\":0,\"w\":10,\"h\":7,\"i\":\"f0ea435d-7f91-4a6e-b93a-8be282eeb2ad\"},\"panelIndex\":\"f0ea435d-7f91-4a6e-b93a-8be282eeb2ad\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_f0ea435d-7f91-4a6e-b93a-8be282eeb2ad\"},{\"type\":\"map\",\"gridData\":{\"x\":24,\"y\":0,\"w\":24,\"h\":17,\"i\":\"7635bd90-9404-4366-91e0-79f9b3180ce9\"},\"panelIndex\":\"7635bd90-9404-4366-91e0-79f9b3180ce9\",\"embeddableConfig\":{\"mapCenter\":{\"lat\":20.96144,\"lon\":-12.12891,\"zoom\":2},\"mapBuffer\":{\"minLon\":-180,\"minLat\":-66.51326,\"maxLon\":90,\"maxLat\":66.51326},\"isLayerTOCOpen\":false,\"openTOCDetails\":[],\"hiddenLayers\":[],\"enhancements\":{}},\"panelRefName\":\"panel_7635bd90-9404-4366-91e0-79f9b3180ce9\"},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":7,\"w\":24,\"h\":10,\"i\":\"6d6ad170-6ac3-4fea-9511-c3acf4ddd9e3\"},\"panelIndex\":\"6d6ad170-6ac3-4fea-9511-c3acf4ddd9e3\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6d6ad170-6ac3-4fea-9511-c3acf4ddd9e3\"},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":17,\"w\":12,\"h\":10,\"i\":\"0e5f241a-2c73-4d88-8845-5d7b970e34eb\"},\"panelIndex\":\"0e5f241a-2c73-4d88-8845-5d7b970e34eb\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0e5f241a-2c73-4d88-8845-5d7b970e34eb\"},{\"type\":\"lens\",\"gridData\":{\"x\":12,\"y\":17,\"w\":18,\"h\":10,\"i\":\"dd975871-1ee9-40b5-a319-22846fede431\"},\"panelIndex\":\"dd975871-1ee9-40b5-a319-22846fede431\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_dd975871-1ee9-40b5-a319-22846fede431\"},{\"type\":\"lens\",\"gridData\":{\"x\":30,\"y\":17,\"w\":18,\"h\":10,\"i\":\"e9365847-db9f-4a9b-a552-fc88d75e5958\"},\"panelIndex\":\"e9365847-db9f-4a9b-a552-fc88d75e5958\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_e9365847-db9f-4a9b-a552-fc88d75e5958\"},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":27,\"w\":12,\"h\":10,\"i\":\"cbe49bf4-3e84-4eb1-82b6-81a80d5627b0\"},\"panelIndex\":\"cbe49bf4-3e84-4eb1-82b6-81a80d5627b0\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_cbe49bf4-3e84-4eb1-82b6-81a80d5627b0\"},{\"type\":\"visualization\",\"gridData\":{\"x\":12,\"y\":27,\"w\":12,\"h\":10,\"i\":\"1d06634d-4f4c-4bbc-bcc1-f9410a9e93ef\"},\"panelIndex\":\"1d06634d-4f4c-4bbc-bcc1-f9410a9e93ef\",\"embeddableConfig\":{\"enhancements\":{},\"vis\":{\"legendOpen\":true}},\"panelRefName\":\"panel_1d06634d-4f4c-4bbc-bcc1-f9410a9e93ef\"},{\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":27,\"w\":12,\"h\":10,\"i\":\"d160edd2-cceb-43fd-945f-493d875bf128\"},\"panelIndex\":\"d160edd2-cceb-43fd-945f-493d875bf128\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_d160edd2-cceb-43fd-945f-493d875bf128\"},{\"type\":\"lens\",\"gridData\":{\"x\":36,\"y\":27,\"w\":12,\"h\":10,\"i\":\"70e96966-de1b-4bb5-9c29-6ac8134fa43f\"},\"panelIndex\":\"70e9696
{"attributes":{"color":"#a649c9","description":"","name":"Miniprint"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"676894ac-8dc6-4b98-badb-db2ea992ebbb","managed":false,"references":[],"sort":[1767638649249,19],"type":"tag","typeMigrationVersion":"8.0.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzIzLDFd"}
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"8558b1bb-ff6d-496c-835a-f25e40627376":{"columnOrder":["bdbce8d3-4662-4ffc-8c82-dd7b870ddfda","4ce88ca1-a52a-4ae9-8ddc-333c0c104bb0"],"columns":{"4ce88ca1-a52a-4ae9-8ddc-333c0c104bb0":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Count","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"},"bdbce8d3-4662-4ffc-8c82-dd7b870ddfda":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"Directories","operationType":"terms","params":{"accuracyMode":true,"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"4ce88ca1-a52a-4ae9-8ddc-333c0c104bb0","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"secondaryFields":[],"size":10},"scale":"ordinal","sourceField":"dir.keyword"}},"ignoreGlobalFilters":false,"incompleteColumns":{}}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"kuery","query":"type : Miniprint"},"visualization":{"layers":[{"categoryDisplay":"hide","emptySizeRatio":0.3,"layerId":"8558b1bb-ff6d-496c-835a-f25e40627376","layerType":"data","legendDisplay":"show","legendMaxLines":1,"legendPosition":"right","legendSize":"auto","metrics":["4ce88ca1-a52a-4ae9-8ddc-333c0c104bb0"],"nestedLegend":false,"numberDisplay":"percent","percentDecimals":2,"primaryGroups":["bdbce8d3-4662-4ffc-8c82-dd7b870ddfda"],"secondaryGroups":[],"showValuesInLegend":true,"truncateLegend":false}],"palette":{"name":"kibana_palette","type":"palette"},"shape":"donut"}},"title":"Miniprint - Directories - Top 10","visualizationType":"lnsPie"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"1cfbe4f3-868a-4373-ace0-d824505009ad","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-8558b1bb-ff6d-496c-835a-f25e40627376","type":"index-pattern"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"},{"id":"676894ac-8dc6-4b98-badb-db2ea992ebbb","name":"tag-ref-676894ac-8dc6-4b98-badb-db2ea992ebbb","type":"tag"}],"sort":[1767638649249,8589934800],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzQ3LDFd"}
{"attributes":{"color":"#3117da","description":"Galah","name":"Galah"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"bdc42668-bfaa-40ea-82de-02b382f9c0ae","managed":false,"references":[],"sort":[1767638649249,20],"type":"tag","typeMigrationVersion":"8.0.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzI0LDFd"}
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"8d3c9890-e96c-4e94-b8dd-55ac1607b16b":{"columnOrder":["ef6a1d2e-967b-437d-8fee-f4d13b093f27","943d675e-cf3c-427e-9cb2-777500927983"],"columns":{"943d675e-cf3c-427e-9cb2-777500927983":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Count","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"},"ef6a1d2e-967b-437d-8fee-f4d13b093f27":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"Request URI","operationType":"terms","params":{"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"943d675e-cf3c-427e-9cb2-777500927983","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"secondaryFields":[],"size":10},"scale":"ordinal","sourceField":"request.requestURI.keyword"}},"ignoreGlobalFilters":false,"incompleteColumns":{}}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"kuery","query":"type.keyword:\"Galah\""},"visualization":{"columns":[{"alignment":"left","columnId":"943d675e-cf3c-427e-9cb2-777500927983"},{"columnId":"ef6a1d2e-967b-437d-8fee-f4d13b093f27","isMetric":false,"isTransposed":false}],"headerRowHeight":"single","headerRowHeightLines":1,"layerId":"8d3c9890-e96c-4e94-b8dd-55ac1607b16b","layerType":"data","paging":{"enabled":false,"size":10},"rowHeight":"auto"}},"title":"Galah HTTP Request URI - Top 10","visualizationType":"lnsDatatable"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"1e39a556-0df7-459d-a2c9-6c0ba007c2b7","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-8d3c9890-e96c-4e94-b8dd-55ac1607b16b","type":"index-pattern"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"},{"id":"bdc42668-bfaa-40ea-82de-02b382f9c0ae","name":"tag-ref-bdc42668-bfaa-40ea-82de-02b382f9c0ae","type":"tag"}],"sort":[1767638649249,8589934804],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzQ4LDFd"}
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"1818d7e3-2f75-4fa3-b4b3-5c3ac0b91c91":{"columnOrder":["58e5812b-1db6-48df-bf97-b00d5fad411e","6b9e1990-79a5-4202-9aba-87139c15bf92"],"columns":{"58e5812b-1db6-48df-bf97-b00d5fad411e":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"event_type.keyword: Descending","operationType":"terms","params":{"accuracyMode":true,"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"6b9e1990-79a5-4202-9aba-87139c15bf92","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"size":10},"scale":"ordinal","sourceField":"event_type.keyword"},"6b9e1990-79a5-4202-9aba-87139c15bf92":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Count","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"}},"ignoreGlobalFilters":false,"incompleteColumns":{}}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"kuery","query":"type.keyword:\"ConPot\""},"visualization":{"layers":[{"categoryDisplay":"hide","emptySizeRatio":0.3,"layerId":"1818d7e3-2f75-4fa3-b4b3-5c3ac0b91c91","layerType":"data","legendDisplay":"show","legendMaxLines":1,"legendPosition":"right","legendSize":"auto","metrics":["6b9e1990-79a5-4202-9aba-87139c15bf92"],"nestedLegend":false,"numberDisplay":"percent","percentDecimals":2,"primaryGroups":["58e5812b-1db6-48df-bf97-b00d5fad411e"],"secondaryGroups":[],"showValuesInLegend":true,"truncateLegend":true}],"palette":{"name":"kibana_palette","type":"palette"},"shape":"donut"}},"title":"Conpot Event Type","visualizationType":"lnsPie"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"1e50c57e-fd55-48e3-81aa-e907199247a0","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-1818d7e3-2f75-4fa3-b4b3-5c3ac0b91c91","type":"index-pattern"},{"id":"991ee4d0-8ebb-11ec-82b5-d375cfa90394","name":"tag-ref-991ee4d0-8ebb-11ec-82b5-d375cfa90394","type":"tag"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"}],"sort":[1767638649249,8589934808],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzQ5LDFd"}
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"01ea945b-1d90-4ebd-8e91-4129e5c27865":{"columnOrder":["a1cbbe38-bac7-477c-98b2-852c06ac2c99","75e18357-da2a-4cdf-bf40-e9efd56cc1d4","b6d38419-0afa-4509-a3c0-654179483f96","9ef15f87-3576-44df-83ba-3342fa11ac12","fe7ab8fd-061b-4bef-93f3-5b67e0be523d"],"columns":{"75e18357-da2a-4cdf-bf40-e9efd56cc1d4":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Events","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"},"9ef15f87-3576-44df-83ba-3342fa11ac12":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Unique JA3s","operationType":"unique_count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"tls.ja3.hash.keyword"},"a1cbbe38-bac7-477c-98b2-852c06ac2c99":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"Suricata","operationType":"terms","params":{"accuracyMode":true,"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"75e18357-da2a-4cdf-bf40-e9efd56cc1d4","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"size":5},"scale":"ordinal","sourceField":"type.keyword"},"b6d38419-0afa-4509-a3c0-654179483f96":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Unique Src IPs","operationType":"unique_count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"src_ip.keyword"},"fe7ab8fd-061b-4bef-93f3-5b67e0be523d":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Unique JA4s","operationType":"unique_count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"tls.ja4.keyword"}},"ignoreGlobalFilters":false,"incompleteColumns":{}}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"kuery","query":"type : Suricata"},"visualization":{"axisTitlesVisibilitySettings":{"x":false,"yLeft":false,"yRight":true},"curveType":"LINEAR","gridlinesVisibilitySettings":{"x":false,"yLeft":false,"yRight":true},"labelsOrientation":{"x":-90,"yLeft":0,"yRight":-90},"layers":[{"accessors":["75e18357-da2a-4cdf-bf40-e9efd56cc1d4","b6d38419-0afa-4509-a3c0-654179483f96","9ef15f87-3576-44df-83ba-3342fa11ac12","fe7ab8fd-061b-4bef-93f3-5b67e0be523d"],"isHistogram":false,"layerId":"01ea945b-1d90-4ebd-8e91-4129e5c27865","layerType":"data","palette":{"name":"kibana_palette","type":"palette"},"seriesType":"bar_horizontal","simpleView":false,"xAccessor":"a1cbbe38-bac7-477c-98b2-852c06ac2c99","xScaleType":"ordinal","yConfig":[{"axisMode":"left","forAccessor":"75e18357-da2a-4cdf-bf40-e9efd56cc1d4"},{"axisMode":"left","forAccessor":"b6d38419-0afa-4509-a3c0-654179483f96"},{"axisMode":"left","forAccessor":"9ef15f87-3576-44df-83ba-3342fa11ac12"}]}],"legend":{"isVisible":true,"legendSize":"auto","legendStats":[],"maxLines":1,"position":"right","shouldTruncate":true,"showSingleSeries":true},"preferredSeriesType":"bar_stacked","tickLabelsVisibilitySettings":{"x":false,"yLeft":true,"yRight":true},"valueLabels":"hide","xTitle":"Suricata","yLeftExtent":{"enforce":true,"mode":"full"},"yLeftScale":"sqrt","yRightScale":"linear","yTitle":""}},"title":"Suricata Events Bar","visualizationType":"lnsXY"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"1ef94544-8225-4a8b-a731-5f1073a8fbe7","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-01ea945b-1d90-4ebd-8e91-4129e5c27865","type":"index-pattern"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"},{"id":"1324d6e0-8ebc-11ec-82b5-d375cfa90394","name":"tag-ref-1324d6e0-8ebc-11ec-82b5-d375cfa90394","type":"tag"}],"sort":[1767638649249,8589934812],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzUwLDFd"}
{"attributes":{"color":"#31dba7","description":"","name":"Medpot"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"fc9b0890-8ebb-11ec-82b5-d375cfa90394","managed":false,"references":[],"sort":[1767638649249,21],"type":"tag","typeMigrationVersion":"8.0.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzI1LDFd"}
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"76d73ce6-2591-46e3-8348-5376cb18591e":{"columnOrder":["c3d22943-d630-430e-986d-45dcb1ca1c74","619846eb-6763-434a-9649-3c23d9f1cb54"],"columns":{"619846eb-6763-434a-9649-3c23d9f1cb54":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Count","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"},"c3d22943-d630-430e-986d-45dcb1ca1c74":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"Data","operationType":"terms","params":{"accuracyMode":true,"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"619846eb-6763-434a-9649-3c23d9f1cb54","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"size":10},"scale":"ordinal","sourceField":"data.keyword"}},"ignoreGlobalFilters":false,"incompleteColumns":{}}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"kuery","query":"type : Medpot"},"visualization":{"columns":[{"alignment":"left","columnId":"619846eb-6763-434a-9649-3c23d9f1cb54"},{"alignment":"left","columnId":"c3d22943-d630-430e-986d-45dcb1ca1c74"}],"headerRowHeight":"single","layerId":"76d73ce6-2591-46e3-8348-5376cb18591e","layerType":"data","paging":{"enabled":true,"size":10},"rowHeight":"single"}},"title":"Medpot Data - Top 10","visualizationType":"lnsDatatable"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"2027a470-59e9-40c9-9177-919977aec4aa","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-76d73ce6-2591-46e3-8348-5376cb18591e","type":"index-pattern"},{"id":"fc9b0890-8ebb-11ec-82b5-d375cfa90394","name":"tag-ref-fc9b0890-8ebb-11ec-82b5-d375cfa90394","type":"tag"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"}],"sort":[1767638649249,8589934816],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzUxLDFd"}
{"attributes":{"color":"#8639df","description":"","name":"Honeytrap"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"e0fb8010-8ebb-11ec-82b5-d375cfa90394","managed":false,"references":[],"sort":[1767638649249,22],"type":"tag","typeMigrationVersion":"8.0.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzI2LDFd"}
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"ce141a61-cab6-4f4e-aab8-04f2fd428a5d":{"columnOrder":["39b4a01a-009c-45b0-8463-d6e04c49ce2a","04904c81-acdb-4584-ab69-b5f4a418a297","f6f13161-8b5f-4fea-a5d9-482668ff8b34"],"columns":{"04904c81-acdb-4584-ab69-b5f4a418a297":{"customLabel":true,"dataType":"date","isBucketed":true,"label":"Timestamp","operationType":"date_histogram","params":{"dropPartials":true,"includeEmptyRows":false,"interval":"auto"},"scale":"interval","sourceField":"@timestamp"},"39b4a01a-009c-45b0-8463-d6e04c49ce2a":{"customLabel":true,"dataType":"number","isBucketed":true,"label":"Destination Port","operationType":"terms","params":{"accuracyMode":true,"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"f6f13161-8b5f-4fea-a5d9-482668ff8b34","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"size":10},"scale":"ordinal","sourceField":"dest_port"},"f6f13161-8b5f-4fea-a5d9-482668ff8b34":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Count","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"}},"ignoreGlobalFilters":false,"incompleteColumns":{}}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"kuery","query":"type : Honeytrap"},"visualization":{"gridConfig":{"isCellLabelVisible":false,"isXAxisLabelVisible":true,"isXAxisTitleVisible":true,"isYAxisLabelVisible":true,"isYAxisTitleVisible":true,"type":"heatmap_grid"},"layerId":"ce141a61-cab6-4f4e-aab8-04f2fd428a5d","layerType":"data","legend":{"isVisible":false,"position":"right","type":"heatmap_legend"},"palette":{"accessor":"f6f13161-8b5f-4fea-a5d9-482668ff8b34","name":"custom","params":{"colorStops":[{"color":"#006837","stop":0},{"color":"#1E974F","stop":10},{"color":"#65BC62","stop":20},{"color":"#A5D96B","stop":30},{"color":"#D8EF8C","stop":40},{"color":"#FEFEBD","stop":50},{"color":"#FEDF8B","stop":60},{"color":"#FDAD61","stop":70},{"color":"#F36D43","stop":80},{"color":"#D63129","stop":90}],"continuity":"none","maxSteps":5,"name":"custom","progression":"fixed","rangeMax":100,"rangeMin":0,"rangeType":"percent","reverse":false,"stops":[{"color":"#006837","stop":10},{"color":"#1E974F","stop":20},{"color":"#65BC62","stop":30},{"color":"#A5D96B","stop":40},{"color":"#D8EF8C","stop":50},{"color":"#FEFEBD","stop":60},{"color":"#FEDF8B","stop":70},{"color":"#FDAD61","stop":80},{"color":"#F36D43","stop":90},{"color":"#D63129","stop":100}]},"type":"palette"},"shape":"heatmap","valueAccessor":"f6f13161-8b5f-4fea-a5d9-482668ff8b34","xAccessor":"04904c81-acdb-4584-ab69-b5f4a418a297","yAccessor":"39b4a01a-009c-45b0-8463-d6e04c49ce2a"}},"title":"Honeytrap Heatmap","visualizationType":"lnsHeatmap"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"2083978d-e4e1-4d81-b547-5d88cead0414","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-ce141a61-cab6-4f4e-aab8-04f2fd428a5d","type":"index-pattern"},{"id":"e0fb8010-8ebb-11ec-82b5-d375cfa90394","name":"tag-ref-e0fb8010-8ebb-11ec-82b5-d375cfa90394","type":"tag"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"}],"sort":[1767638649249,8589934820],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzUyLDFd"}
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"c033cec3-e553-43c3-9f97-f6bfff3f8e1e":{"columnOrder":["c387daa6-a2c3-4dae-8698-76663887be8d","a9d585ea-9c08-48cf-a351-217f11bd39e1"],"columns":{"a9d585ea-9c08-48cf-a351-217f11bd39e1":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Count","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"},"c387daa6-a2c3-4dae-8698-76663887be8d":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"method.keyword: Descending","operationType":"terms","params":{"accuracyMode":true,"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"a9d585ea-9c08-48cf-a351-217f11bd39e1","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"size":10},"scale":"ordinal","sourceField":"method.keyword"}},"ignoreGlobalFilters":false,"incompleteColumns":{}}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"kuery","query":"type : Tanner"},"visualization":{"layers":[{"categoryDisplay":"hide","emptySizeRatio":0.3,"layerId":"c033cec3-e553-43c3-9f97-f6bfff3f8e1e","layerType":"data","legendDisplay":"show","legendMaxLines":1,"legendPosition":"right","legendSize":"auto","metrics":["a9d585ea-9c08-48cf-a351-217f11bd39e1"],"nestedLegend":true,"numberDisplay":"percent","percentDecimals":0,"primaryGroups":["c387daa6-a2c3-4dae-8698-76663887be8d"],"secondaryGroups":[],"showValuesInLegend":true,"truncateLegend":true}],"palette":{"name":"kibana_palette","type":"palette"},"shape":"donut"}},"title":"Tanner HTTP Method Pie - Top 10","visualizationType":"lnsPie"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"20a07f8b-864d-4d6d-96b8-d66764768a22","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-c033cec3-e553-43c3-9f97-f6bfff3f8e1e","type":"index-pattern"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"},{"id":"16459ee0-8ebc-11ec-82b5-d375cfa90394","name":"tag-ref-16459ee0-8ebc-11ec-82b5-d375cfa90394","type":"tag"}],"sort":[1767638649249,8589934824],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzUzLDFd"}
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"96dae8b4-0362-41eb-b924-5825cb030615":{"columnOrder":["493c3329-186c-4588-b8ed-80cf425836b4","9840e6a7-0336-4ca1-a409-187d8e745b95","3164b423-ab3b-4875-bc14-2c74760984f2"],"columns":{"3164b423-ab3b-4875-bc14-2c74760984f2":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Count","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"},"493c3329-186c-4588-b8ed-80cf425836b4":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"geoip.country_name.keyword: Descending","operationType":"terms","params":{"accuracyMode":true,"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"3164b423-ab3b-4875-bc14-2c74760984f2","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"size":5},"scale":"ordinal","sourceField":"geoip.country_name.keyword"},"9840e6a7-0336-4ca1-a409-187d8e745b95":{"customLabel":true,"dataType":"date","isBucketed":true,"label":"Timestamp","operationType":"date_histogram","params":{"dropPartials":true,"includeEmptyRows":false,"interval":"auto"},"scale":"interval","sourceField":"@timestamp"}},"ignoreGlobalFilters":false,"incompleteColumns":{}}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"kuery","query":"type : Suricata"},"visualization":{"axisTitlesVisibilitySettings":{"x":false,"yLeft":false,"yRight":true},"curveType":"LINEAR","fittingFunction":"Linear","gridlinesVisibilitySettings":{"x":false,"yLeft":false,"yRight":true},"labelsOrientation":{"x":0,"yLeft":0,"yRight":-90},"layers":[{"accessors":["3164b423-ab3b-4875-bc14-2c74760984f2"],"isHistogram":true,"layerId":"96dae8b4-0362-41eb-b924-5825cb030615","layerType":"data","palette":{"name":"default","type":"palette"},"seriesType":"area","simpleView":false,"splitAccessor":"493c3329-186c-4588-b8ed-80cf425836b4","xAccessor":"9840e6a7-0336-4ca1-a409-187d8e745b95","xScaleType":"time","yConfig":[{"axisMode":"left","forAccessor":"3164b423-ab3b-4875-bc14-2c74760984f2"}]}],"legend":{"isVisible":true,"legendSize":"auto","maxLines":1,"position":"right","shouldTruncate":true,"showSingleSeries":true},"preferredSeriesType":"bar_stacked","showCurrentTimeMarker":false,"tickLabelsVisibilitySettings":{"x":true,"yLeft":true,"yRight":true},"valueLabels":"hide","valuesInLegend":false,"xTitle":"Timestamp","yLeftExtent":{"enforce":true,"mode":"full"},"yLeftScale":"sqrt","yRightScale":"linear","yTitle":""}},"title":"Suricata Events by Country Histogram","visualizationType":"lnsXY"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"219ff5e1-5a0f-464e-939f-c3e83972db66","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-96dae8b4-0362-41eb-b924-5825cb030615","type":"index-pattern"},{"id":"1324d6e0-8ebc-11ec-82b5-d375cfa90394","name":"tag-ref-1324d6e0-8ebc-11ec-82b5-d375cfa90394","type":"tag"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"}],"sort":[1767638649249,8589934828],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzU0LDFd"}
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"0ba003d8-b32f-4949-800f-a002b41d0364":{"columnOrder":["6d5be106-1389-485e-aa18-ce7e286e2735","5c65c1b5-a323-4e7d-8176-7f43f0baae17","00149f36-af45-462f-a5b2-1b617f8cb303"],"columns":{"00149f36-af45-462f-a5b2-1b617f8cb303":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Unique Source IPs","operationType":"unique_count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"src_ip.keyword"},"5c65c1b5-a323-4e7d-8176-7f43f0baae17":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Attacks","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"},"6d5be106-1389-485e-aa18-ce7e286e2735":{"customLabel":true,"dataType":"date","isBucketed":true,"label":"Timestamp","operationType":"date_histogram","params":{"dropPartials":true,"includeEmptyRows":false,"interval":"auto"},"scale":"interval","sourceField":"@timestamp"}},"ignoreGlobalFilters":false,"incompleteColumns":{}}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"kuery","query":"type : Adbhoney Beelzebub Ciscoasa CitrixHoneypot ConPot Cowrie Ddospot Dicompot Dionaea ElasticPot Endlessh Galah Go-pot Glutton H0neytr4p Hellpot Heralding Honeyaml Honeytrap Honeypots Log4pot Ipphoney Mailoney Medpot Miniprint Redishoneypot Sentrypeer Tanner Wordpot"},"visualization":{"axisTitlesVisibilitySettings":{"x":false,"yLeft":false,"yRight":true},"curveType":"LINEAR","fittingFunction":"Zero","gridlinesVisibilitySettings":{"x":false,"yLeft":false,"yRight":true},"labelsOrientation":{"x":0,"yLeft":0,"yRight":-90},"layers":[{"accessors":["5c65c1b5-a323-4e7d-8176-7f43f0baae17","00149f36-af45-462f-a5b2-1b617f8cb303"],"isHistogram":true,"layerId":"0ba003d8-b32f-4949-800f-a002b41d0364","layerType":"data","palette":{"name":"kibana_palette","type":"palette"},"seriesType":"line","simpleView":false,"xAccessor":"6d5be106-1389-485e-aa18-ce7e286e2735","xScaleType":"time","yConfig":[{"axisMode":"left","forAccessor":"5c65c1b5-a323-4e7d-8176-7f43f0baae17"},{"axisMode":"left","forAccessor":"00149f36-af45-462f-a5b2-1b617f8cb303"}]}],"legend":{"isVisible":true,"legendSize":"auto","maxLines":1,"position":"right","shouldTruncate":true,"showSingleSeries":true},"preferredSeriesType":"bar_stacked","showCurrentTimeMarker":false,"tickLabelsVisibilitySettings":{"x":true,"yLeft":true,"yRight":true},"valueLabels":"hide","valuesInLegend":false,"xTitle":"Timestamp","yLeftExtent":{"enforce":true,"mode":"full"},"yLeftScale":"sqrt","yRightScale":"linear","yTitle":""}},"title":"Honeypot Attacks Histogram","visualizationType":"lnsXY"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"23db95d1-b5da-451a-9908-ff1eed7ad863","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-0ba003d8-b32f-4949-800f-a002b41d0364","type":"index-pattern"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"}],"sort":[1767638649249,8589934831],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzU1LDFd"}
{"attributes":{"color":"#2a53b0","description":"","name":"Hellpot"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"ca6de130-8ebb-11ec-82b5-d375cfa90394","managed":false,"references":[],"sort":[1767638649249,23],"type":"tag","typeMigrationVersion":"8.0.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzI3LDFd"}
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"e5a48e0b-951d-4363-8b15-dd762c83a699":{"columnOrder":["4074fd02-94c9-493d-84b6-1beea8fd78fc","8aa85896-1e1a-4de2-9c2c-57f278d60137"],"columns":{"4074fd02-94c9-493d-84b6-1beea8fd78fc":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"reason.keyword: Descending","operationType":"terms","params":{"accuracyMode":true,"exclude":[],"excludeIsRegex":false,"include":["FINISH","NEW"],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"8aa85896-1e1a-4de2-9c2c-57f278d60137","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"size":10},"scale":"ordinal","sourceField":"reason.keyword"},"8aa85896-1e1a-4de2-9c2c-57f278d60137":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Count","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"}},"ignoreGlobalFilters":false,"incompleteColumns":{}}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"kuery","query":"type : Hellpot"},"visualization":{"layers":[{"categoryDisplay":"hide","emptySizeRatio":0.3,"layerId":"e5a48e0b-951d-4363-8b15-dd762c83a699","layerType":"data","legendDisplay":"show","legendMaxLines":1,"legendPosition":"right","legendSize":"auto","metrics":["8aa85896-1e1a-4de2-9c2c-57f278d60137"],"nestedLegend":false,"numberDisplay":"percent","percentDecimals":0,"primaryGroups":["4074fd02-94c9-493d-84b6-1beea8fd78fc"],"secondaryGroups":[],"showValuesInLegend":true,"truncateLegend":true}],"palette":{"name":"kibana_palette","type":"palette"},"shape":"donut"}},"title":"Hellpot - Reason","visualizationType":"lnsPie"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"2476a031-3c99-4392-ad6a-be49ca1123d4","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-e5a48e0b-951d-4363-8b15-dd762c83a699","type":"index-pattern"},{"id":"ca6de130-8ebb-11ec-82b5-d375cfa90394","name":"tag-ref-ca6de130-8ebb-11ec-82b5-d375cfa90394","type":"tag"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"}],"sort":[1767638649249,8589934835],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzU2LDFd"}
{"attributes":{"color":"#98ef53","description":"","name":"Elasticpot"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"b4f3ae20-8ebb-11ec-82b5-d375cfa90394","managed":false,"references":[],"sort":[1767638649249,24],"type":"tag","typeMigrationVersion":"8.0.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzI4LDFd"}
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"20ebe63b-22e2-4c7d-aa96-dd45d8682f19":{"columnOrder":["3135bfab-4d52-4143-9433-7c5c84c84ee2","010daddb-9f60-451a-9fab-42dddae6198a"],"columns":{"010daddb-9f60-451a-9fab-42dddae6198a":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Count","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"},"3135bfab-4d52-4143-9433-7c5c84c84ee2":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"event_type.keyword: Descending","operationType":"terms","params":{"accuracyMode":true,"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"010daddb-9f60-451a-9fab-42dddae6198a","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"size":5},"scale":"ordinal","sourceField":"event_type.keyword"}},"ignoreGlobalFilters":false,"incompleteColumns":{}}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"kuery","query":"type : ElasticPot"},"visualization":{"layers":[{"categoryDisplay":"hide","emptySizeRatio":0.3,"layerId":"20ebe63b-22e2-4c7d-aa96-dd45d8682f19","layerType":"data","legendDisplay":"show","legendMaxLines":1,"legendPosition":"right","legendSize":"auto","metrics":["010daddb-9f60-451a-9fab-42dddae6198a"],"nestedLegend":true,"numberDisplay":"percent","percentDecimals":0,"primaryGroups":["3135bfab-4d52-4143-9433-7c5c84c84ee2"],"secondaryGroups":[],"showValuesInLegend":true,"truncateLegend":true}],"palette":{"name":"kibana_palette","type":"palette"},"shape":"donut"}},"title":"ElasticPot - Event Types","visualizationType":"lnsPie"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"26bb28d0-0959-4735-8cec-f6824a301605","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-20ebe63b-22e2-4c7d-aa96-dd45d8682f19","type":"index-pattern"},{"id":"b4f3ae20-8ebb-11ec-82b5-d375cfa90394","name":"tag-ref-b4f3ae20-8ebb-11ec-82b5-d375cfa90394","type":"tag"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"}],"sort":[1767638649249,8589934839],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzU3LDFd"}
{"attributes":{"columns":["_source"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"type:\\\"Ciscoasa\\\"\",\"language\":\"lucene\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"tabs":[{"attributes":{"columns":["_source"],"hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"type:\\\"Ciscoasa\\\"\",\"language\":\"lucene\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"version":1},"id":"f4852408-70f8-451d-afbc-7dd36f2d2237","label":"Untitled"}],"title":"Ciscoasa-Logs","version":1},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"2934abc0-4ad4-11e8-ab1b-fdef76c312f4","managed":false,"references":[{"id":"logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1767638649249,8589934841],"type":"search","typeMigrationVersion":"10.9.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzU4LDFd"}
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"fd508388-0718-4153-be2b-848b30ab6f5e":{"columnOrder":["61ad99da-3535-4c97-8a85-ad26d2e028fc","bd8f890f-fd69-496e-8427-7ca04023349b"],"columns":{"61ad99da-3535-4c97-8a85-ad26d2e028fc":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"Data Input","operationType":"terms","params":{"accuracyMode":true,"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"bd8f890f-fd69-496e-8427-7ca04023349b","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"size":5},"scale":"ordinal","sourceField":"input.keyword"},"bd8f890f-fd69-496e-8427-7ca04023349b":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Count","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"}},"ignoreGlobalFilters":false,"incompleteColumns":{}}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"kuery","query":"type.keyword:\"Dicompot\""},"visualization":{"columns":[{"alignment":"left","columnId":"bd8f890f-fd69-496e-8427-7ca04023349b"},{"alignment":"left","columnId":"61ad99da-3535-4c97-8a85-ad26d2e028fc"}],"headerRowHeight":"single","layerId":"fd508388-0718-4153-be2b-848b30ab6f5e","layerType":"data","paging":{"enabled":true,"size":10},"rowHeight":"single"}},"title":"Dicompot Input - Top 10","visualizationType":"lnsDatatable"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"29b92ac8-6d4c-454a-be64-cfe07d5e253a","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-fd508388-0718-4153-be2b-848b30ab6f5e","type":"index-pattern"},{"id":"a9713540-8ebb-11ec-82b5-d375cfa90394","name":"tag-ref-a9713540-8ebb-11ec-82b5-d375cfa90394","type":"tag"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"}],"sort":[1767638649249,8589934845],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzU5LDFd"}
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"6f40f832-52e7-4e69-858e-8e3a2de3e97d":{"columnOrder":["a0d77695-9390-4873-bc3d-ab4fd8aafb90","16dee4a6-b58f-40bd-ba61-6b9b13a9d476","81da846b-48dc-4b76-bc3f-233e94592492"],"columns":{"16dee4a6-b58f-40bd-ba61-6b9b13a9d476":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Events","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"},"81da846b-48dc-4b76-bc3f-233e94592492":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Unique Src IPs","operationType":"unique_count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"src_ip.keyword"},"a0d77695-9390-4873-bc3d-ab4fd8aafb90":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"NGINX","operationType":"terms","params":{"accuracyMode":true,"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"16dee4a6-b58f-40bd-ba61-6b9b13a9d476","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"size":5},"scale":"ordinal","sourceField":"type.keyword"}},"ignoreGlobalFilters":false,"incompleteColumns":{}}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"kuery","query":"type : NGINX"},"visualization":{"axisTitlesVisibilitySettings":{"x":false,"yLeft":false,"yRight":true},"curveType":"LINEAR","gridlinesVisibilitySettings":{"x":false,"yLeft":false,"yRight":true},"labelsOrientation":{"x":-90,"yLeft":0,"yRight":-90},"layers":[{"accessors":["16dee4a6-b58f-40bd-ba61-6b9b13a9d476","81da846b-48dc-4b76-bc3f-233e94592492"],"isHistogram":false,"layerId":"6f40f832-52e7-4e69-858e-8e3a2de3e97d","layerType":"data","palette":{"name":"kibana_palette","type":"palette"},"seriesType":"bar_horizontal","simpleView":false,"xAccessor":"a0d77695-9390-4873-bc3d-ab4fd8aafb90","xScaleType":"ordinal","yConfig":[{"axisMode":"left","forAccessor":"16dee4a6-b58f-40bd-ba61-6b9b13a9d476"},{"axisMode":"left","forAccessor":"81da846b-48dc-4b76-bc3f-233e94592492"}]}],"legend":{"isVisible":true,"legendSize":"auto","maxLines":1,"position":"right","shouldTruncate":true,"showSingleSeries":true},"preferredSeriesType":"bar_stacked","tickLabelsVisibilitySettings":{"x":false,"yLeft":true,"yRight":true},"valueLabels":"show","valuesInLegend":false,"xTitle":"NGINX","yLeftExtent":{"enforce":true,"mode":"full"},"yLeftScale":"sqrt","yRightScale":"linear","yTitle":""}},"title":"NGINX Events Bar","visualizationType":"lnsXY"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"2c02fdfd-53fd-48be-9b20-741392462440","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-6f40f832-52e7-4e69-858e-8e3a2de3e97d","type":"index-pattern"},{"id":"0185bb20-8ebc-11ec-82b5-d375cfa90394","name":"tag-ref-0185bb20-8ebc-11ec-82b5-d375cfa90394","type":"tag"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"}],"sort":[1767638649249,8589934849],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzYwLDFd"}
{"attributes":{"color":"#da8de1","description":"","name":"Dionaea"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"ad990d00-8ebb-11ec-82b5-d375cfa90394","managed":false,"references":[],"sort":[1767638649249,25],"type":"tag","typeMigrationVersion":"8.0.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzI5LDFd"}
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"c9cf8a28-2cd6-4ede-b858-729891c4268f":{"columnOrder":["8662d802-d2cc-45a9-b75c-e67d40b64924","0c57659e-63b9-445d-bf55-6f38cd95fc14"],"columns":{"0c57659e-63b9-445d-bf55-6f38cd95fc14":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Count","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"},"8662d802-d2cc-45a9-b75c-e67d40b64924":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"connection.protocol.keyword: Descending","operationType":"terms","params":{"accuracyMode":true,"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"0c57659e-63b9-445d-bf55-6f38cd95fc14","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"size":10},"scale":"ordinal","sourceField":"connection.protocol.keyword"}},"ignoreGlobalFilters":false,"incompleteColumns":{}}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"kuery","query":"type.keyword:\"Dionaea\""},"visualization":{"layers":[{"categoryDisplay":"hide","emptySizeRatio":0.3,"layerId":"c9cf8a28-2cd6-4ede-b858-729891c4268f","layerType":"data","legendDisplay":"show","legendMaxLines":1,"legendPosition":"right","legendSize":"auto","metrics":["0c57659e-63b9-445d-bf55-6f38cd95fc14"],"nestedLegend":true,"numberDisplay":"percent","percentDecimals":0,"primaryGroups":["8662d802-d2cc-45a9-b75c-e67d40b64924"],"secondaryGroups":[],"showValuesInLegend":true,"truncateLegend":true}],"palette":{"name":"kibana_palette","type":"palette"},"shape":"donut"}},"title":"Dionaea Protocol","visualizationType":"lnsPie"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"2ce802b4-2e27-4dfa-b267-3c2376976f33","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-c9cf8a28-2cd6-4ede-b858-729891c4268f","type":"index-pattern"},{"id":"ad990d00-8ebb-11ec-82b5-d375cfa90394","name":"tag-ref-ad990d00-8ebb-11ec-82b5-d375cfa90394","type":"tag"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"}],"sort":[1767638649249,8589934853],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzYxLDFd"}
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"b477117c-e4c9-499d-974f-6fcc23489713":{"columnOrder":["74ceb6fd-3e5c-42eb-bf96-df862fc7f061","99846e46-b55d-4475-9667-455d1e5fdfcd"],"columns":{"74ceb6fd-3e5c-42eb-bf96-df862fc7f061":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"connection.transport.keyword: Descending","operationType":"terms","params":{"accuracyMode":true,"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"99846e46-b55d-4475-9667-455d1e5fdfcd","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"size":10},"scale":"ordinal","sourceField":"connection.transport.keyword"},"99846e46-b55d-4475-9667-455d1e5fdfcd":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Count","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"}},"ignoreGlobalFilters":false,"incompleteColumns":{}}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"kuery","query":"type.keyword:\"Dionaea\""},"visualization":{"layers":[{"categoryDisplay":"hide","emptySizeRatio":0.3,"layerId":"b477117c-e4c9-499d-974f-6fcc23489713","layerType":"data","legendDisplay":"show","legendMaxLines":1,"legendPosition":"right","legendSize":"auto","metrics":["99846e46-b55d-4475-9667-455d1e5fdfcd"],"nestedLegend":true,"numberDisplay":"percent","percentDecimals":0,"primaryGroups":["74ceb6fd-3e5c-42eb-bf96-df862fc7f061"],"secondaryGroups":[],"showValuesInLegend":true,"truncateLegend":true}],"palette":{"name":"kibana_palette","type":"palette"},"shape":"donut"}},"title":"Dionaea Transport","visualizationType":"lnsPie"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"2d2a5bb7-854d-4ba8-8aec-080fc68008fd","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-b477117c-e4c9-499d-974f-6fcc23489713","type":"index-pattern"},{"id":"ad990d00-8ebb-11ec-82b5-d375cfa90394","name":"tag-ref-ad990d00-8ebb-11ec-82b5-d375cfa90394","type":"tag"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"}],"sort":[1767638649249,8589934857],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzYyLDFd"}
{"attributes":{"color":"#368cc9","description":"","name":"Ipphoney"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"eb550950-8ebb-11ec-82b5-d375cfa90394","managed":false,"references":[],"sort":[1767638649249,26],"type":"tag","typeMigrationVersion":"8.0.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzMwLDFd"}
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"f11f63b7-9a81-4bbc-9ade-c4eb236cddbd":{"columnOrder":["7477ad42-c8e1-4d7e-9494-f4ea8600f6c7","dd0e6fe1-8e13-420d-b5ba-54097491e638"],"columns":{"7477ad42-c8e1-4d7e-9494-f4ea8600f6c7":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"Query","operationType":"terms","params":{"accuracyMode":true,"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"dd0e6fe1-8e13-420d-b5ba-54097491e638","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"size":10},"scale":"ordinal","sourceField":"http.url.keyword"},"dd0e6fe1-8e13-420d-b5ba-54097491e638":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Count","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"}},"ignoreGlobalFilters":false,"incompleteColumns":{}}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"lucene","query":"*"},"visualization":{"columns":[{"alignment":"left","columnId":"dd0e6fe1-8e13-420d-b5ba-54097491e638"},{"alignment":"left","columnId":"7477ad42-c8e1-4d7e-9494-f4ea8600f6c7"}],"headerRowHeight":"single","layerId":"f11f63b7-9a81-4bbc-9ade-c4eb236cddbd","layerType":"data","paging":{"enabled":true,"size":10},"rowHeight":"single"}},"title":"Ipphoney - Query - Top 10","visualizationType":"lnsDatatable"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"2d488982-8fe0-4998-8870-e28251de5fb3","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-f11f63b7-9a81-4bbc-9ade-c4eb236cddbd","type":"index-pattern"},{"id":"eb550950-8ebb-11ec-82b5-d375cfa90394","name":"tag-ref-eb550950-8ebb-11ec-82b5-d375cfa90394","type":"tag"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"}],"sort":[1767638649249,8589934861],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzYzLDFd"}
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"4248520a-24b0-41dc-813d-b58a8e19030d":{"columnOrder":["c176b7ee-f8d1-44f3-b0f7-e319fb178e01","64e6d9c9-9162-44df-b6b7-40e8a96ee233"],"columns":{"64e6d9c9-9162-44df-b6b7-40e8a96ee233":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Count","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"},"c176b7ee-f8d1-44f3-b0f7-e319fb178e01":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"http_user_agent.keyword: Descending","operationType":"terms","params":{"accuracyMode":true,"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"64e6d9c9-9162-44df-b6b7-40e8a96ee233","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"size":10},"scale":"ordinal","sourceField":"http_user_agent.keyword"}},"ignoreGlobalFilters":false,"incompleteColumns":{}}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"kuery","query":"type.keyword:\"NGINX\""},"visualization":{"layers":[{"categoryDisplay":"hide","emptySizeRatio":0.3,"layerId":"4248520a-24b0-41dc-813d-b58a8e19030d","layerType":"data","legendDisplay":"show","legendMaxLines":1,"legendPosition":"right","legendSize":"auto","metrics":["64e6d9c9-9162-44df-b6b7-40e8a96ee233"],"nestedLegend":true,"numberDisplay":"percent","percentDecimals":0,"primaryGroups":["c176b7ee-f8d1-44f3-b0f7-e319fb178e01"],"secondaryGroups":[],"showValuesInLegend":true,"truncateLegend":true}],"palette":{"name":"kibana_palette","type":"palette"},"shape":"donut"}},"title":"NGINX HTTP User Agent Pie - Top 10","visualizationType":"lnsPie"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"2f1fc729-10f9-4d37-aa86-f450d7651487","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-4248520a-24b0-41dc-813d-b58a8e19030d","type":"index-pattern"},{"id":"0185bb20-8ebc-11ec-82b5-d375cfa90394","name":"tag-ref-0185bb20-8ebc-11ec-82b5-d375cfa90394","type":"tag"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"}],"sort":[1767638649249,8589934865],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzY0LDFd"}
{"attributes":{"columns":["_source"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query\":{\"query_string\":{\"query\":\"type:\\\"Suricata\\\" OR type:\\\"p0f\\\"\",\"analyze_wildcard\":true}},\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"tabs":[{"attributes":{"columns":["_source"],"hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query\":{\"query_string\":{\"query\":\"type:\\\"Suricata\\\" OR type:\\\"p0f\\\"\",\"analyze_wildcard\":true}},\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"version":1},"id":"ba2e0fac-ebd7-4d93-b366-ef772d237f36","label":"Untitled"}],"title":"NSM-Logs","version":1},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"3290fa70-69a2-11e7-bcac-d3ee6f9c26fd","managed":false,"references":[{"id":"logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1767638649249,8589934867],"type":"search","typeMigrationVersion":"10.9.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzY1LDFd"}
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"8e34e8f9-dffb-4854-9c2d-a7e0e9bb2d63":{"columnOrder":["951aa249-7213-4e09-a335-661303cac4de","6def2657-1874-4c24-b834-7a2fe83f780b"],"columns":{"6def2657-1874-4c24-b834-7a2fe83f780b":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Count","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"},"951aa249-7213-4e09-a335-661303cac4de":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"request_method.keyword: Descending","operationType":"terms","params":{"accuracyMode":true,"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"6def2657-1874-4c24-b834-7a2fe83f780b","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"size":5},"scale":"ordinal","sourceField":"request_method.keyword"}},"ignoreGlobalFilters":false,"incompleteColumns":{}}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"kuery","query":"type.keyword:\"ElasticPot\""},"visualization":{"layers":[{"categoryDisplay":"hide","emptySizeRatio":0.3,"layerId":"8e34e8f9-dffb-4854-9c2d-a7e0e9bb2d63","layerType":"data","legendDisplay":"show","legendMaxLines":1,"legendPosition":"right","legendSize":"auto","metrics":["6def2657-1874-4c24-b834-7a2fe83f780b"],"nestedLegend":true,"numberDisplay":"percent","percentDecimals":0,"primaryGroups":["951aa249-7213-4e09-a335-661303cac4de"],"secondaryGroups":[],"showValuesInLegend":true,"truncateLegend":true}],"palette":{"name":"kibana_palette","type":"palette"},"shape":"donut"}},"title":"ElasticPot - Request Method - Top 5","visualizationType":"lnsPie"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"3371f322-be8e-4c5f-9ab3-3dcfa964d232","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-8e34e8f9-dffb-4854-9c2d-a7e0e9bb2d63","type":"index-pattern"},{"id":"b4f3ae20-8ebb-11ec-82b5-d375cfa90394","name":"tag-ref-b4f3ae20-8ebb-11ec-82b5-d375cfa90394","type":"tag"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"}],"sort":[1767638649249,8589934871],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzY2LDFd"}
{"attributes":{"color":"#5ecc88","description":"","name":"Ddospot"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"a2e2bdc0-8ebb-11ec-82b5-d375cfa90394","managed":false,"references":[],"sort":[1767638649249,27],"type":"tag","typeMigrationVersion":"8.0.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzMxLDFd"}
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"2e36995d-a9fe-402e-84a8-ec0e953024e8":{"columnOrder":["ace65cef-2bbe-4a88-8b72-4d5f15d57888","e6945339-3410-421f-85f7-7117b9f71bb0"],"columns":{"ace65cef-2bbe-4a88-8b72-4d5f15d57888":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"mode.keyword: Descending","operationType":"terms","params":{"accuracyMode":true,"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"e6945339-3410-421f-85f7-7117b9f71bb0","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"size":5},"scale":"ordinal","sourceField":"mode.keyword"},"e6945339-3410-421f-85f7-7117b9f71bb0":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Count","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"}},"ignoreGlobalFilters":false,"incompleteColumns":{}}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"kuery","query":"type.keyword:\"Ddospot\""},"visualization":{"layers":[{"categoryDisplay":"hide","emptySizeRatio":0.3,"layerId":"2e36995d-a9fe-402e-84a8-ec0e953024e8","layerType":"data","legendDisplay":"show","legendMaxLines":1,"legendPosition":"right","legendSize":"auto","metrics":["e6945339-3410-421f-85f7-7117b9f71bb0"],"nestedLegend":false,"numberDisplay":"percent","percentDecimals":0,"primaryGroups":["ace65cef-2bbe-4a88-8b72-4d5f15d57888"],"secondaryGroups":[],"showValuesInLegend":true,"truncateLegend":true}],"palette":{"name":"kibana_palette","type":"palette"},"shape":"donut"}},"title":"Ddospot - Ntpot Mode","visualizationType":"lnsPie"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"3493848f-f27b-45f5-97e3-c9b077671c52","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-2e36995d-a9fe-402e-84a8-ec0e953024e8","type":"index-pattern"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"},{"id":"a2e2bdc0-8ebb-11ec-82b5-d375cfa90394","name":"tag-ref-a2e2bdc0-8ebb-11ec-82b5-d375cfa90394","type":"tag"}],"sort":[1767638649249,8589934875],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzY3LDFd"}
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"b56e0917-9796-4d58-af83-d1539a6fe471":{"columnOrder":["6d45ae97-d13f-4ce1-8716-3aa8bf62b0d2","c7a4a4cd-3c69-4881-a3fe-7d238f75a7ba","807e69ae-0b92-4153-a365-9c2fb48c74e8"],"columns":{"6d45ae97-d13f-4ce1-8716-3aa8bf62b0d2":{"customLabel":true,"dataType":"date","isBucketed":true,"label":"Timestamp","operationType":"date_histogram","params":{"dropPartials":true,"includeEmptyRows":false,"interval":"auto"},"scale":"interval","sourceField":"@timestamp"},"807e69ae-0b92-4153-a365-9c2fb48c74e8":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Count","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"},"c7a4a4cd-3c69-4881-a3fe-7d238f75a7ba":{"dataType":"string","isBucketed":true,"label":"Top 5 values of remote_user.keyword","operationType":"terms","params":{"accuracyMode":true,"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"807e69ae-0b92-4153-a365-9c2fb48c74e8","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"size":5},"scale":"ordinal","sourceField":"remote_user.keyword"}},"ignoreGlobalFilters":false,"incompleteColumns":{}}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"kuery","query":"type : NGINX"},"visualization":{"axisTitlesVisibilitySettings":{"x":false,"yLeft":false,"yRight":true},"curveType":"CURVE_STEP_AFTER","fittingFunction":"Linear","gridlinesVisibilitySettings":{"x":false,"yLeft":false,"yRight":true},"labelsOrientation":{"x":0,"yLeft":0,"yRight":-90},"layers":[{"accessors":["807e69ae-0b92-4153-a365-9c2fb48c74e8"],"isHistogram":true,"layerId":"b56e0917-9796-4d58-af83-d1539a6fe471","layerType":"data","palette":{"name":"default","type":"palette"},"seriesType":"area","simpleView":false,"splitAccessor":"c7a4a4cd-3c69-4881-a3fe-7d238f75a7ba","xAccessor":"6d45ae97-d13f-4ce1-8716-3aa8bf62b0d2","xScaleType":"time","yConfig":[{"axisMode":"left","forAccessor":"807e69ae-0b92-4153-a365-9c2fb48c74e8"}]}],"legend":{"isVisible":true,"legendSize":"auto","maxLines":1,"position":"right","shouldTruncate":true,"showSingleSeries":true},"preferredSeriesType":"bar_stacked","showCurrentTimeMarker":false,"tickLabelsVisibilitySettings":{"x":true,"yLeft":true,"yRight":true},"valueLabels":"hide","valuesInLegend":false,"xTitle":"Timestamp","yLeftExtent":{"enforce":true,"mode":"full"},"yLeftScale":"sqrt","yRightScale":"linear","yTitle":""}},"title":"NGINX Top Users Histogram","visualizationType":"lnsXY"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"352b1bf9-a90f-4ca1-8f2e-1b3a81fcc690","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-b56e0917-9796-4d58-af83-d1539a6fe471","type":"index-pattern"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"},{"id":"0185bb20-8ebc-11ec-82b5-d375cfa90394","name":"tag-ref-0185bb20-8ebc-11ec-82b5-d375cfa90394","type":"tag"}],"sort":[1767638649249,8589934879],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzY4LDFd"}
{"attributes":{"color":"#ace722","description":"","name":"Adbhoney"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"858335c0-8ebb-11ec-82b5-d375cfa90394","managed":false,"references":[],"sort":[1767638649249,28],"type":"tag","typeMigrationVersion":"8.0.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzMyLDFd"}
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"69d3d68c-6a3c-452c-9c4c-43e44f99cfea":{"columnOrder":["f7f77dd8-f46c-4930-956c-1439a460b221","3a005811-c9fc-4db7-a7b0-e45200ac4dc5"],"columns":{"3a005811-c9fc-4db7-a7b0-e45200ac4dc5":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Count","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"},"f7f77dd8-f46c-4930-956c-1439a460b221":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"Command Line Input","operationType":"terms","params":{"accuracyMode":true,"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"3a005811-c9fc-4db7-a7b0-e45200ac4dc5","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"size":10},"scale":"ordinal","sourceField":"input.keyword"}},"ignoreGlobalFilters":false,"incompleteColumns":{}}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"kuery","query":"type.keyword:\"Adbhoney\""},"visualization":{"columns":[{"alignment":"left","columnId":"3a005811-c9fc-4db7-a7b0-e45200ac4dc5","width":110.5},{"alignment":"left","columnId":"f7f77dd8-f46c-4930-956c-1439a460b221","width":507.5}],"headerRowHeight":"single","layerId":"69d3d68c-6a3c-452c-9c4c-43e44f99cfea","layerType":"data","paging":{"enabled":true,"size":10},"rowHeight":"single"}},"title":"Adbhoney Input - Top 10","visualizationType":"lnsDatatable"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"364b80e1-202d-4403-8f31-19c7dedf8f24","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-69d3d68c-6a3c-452c-9c4c-43e44f99cfea","type":"index-pattern"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"},{"id":"858335c0-8ebb-11ec-82b5-d375cfa90394","name":"tag-ref-858335c0-8ebb-11ec-82b5-d375cfa90394","type":"tag"}],"sort":[1767638649249,8589934883],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzY5LDFd"}
{"attributes":{"columns":["_source"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"type:\\\"Glutton\\\"\",\"language\":\"lucene\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"tabs":[{"attributes":{"columns":["_source"],"hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"type:\\\"Glutton\\\"\",\"language\":\"lucene\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"version":1},"id":"0001f6e6-760d-45cd-a9ec-df898d471bc1","label":"Untitled"}],"title":"Glutton-Logs","version":1},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"385ea460-ad22-11e8-942c-a39712fa9ddf","managed":false,"references":[{"id":"logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1767638649249,8589934885],"type":"search","typeMigrationVersion":"10.9.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzcwLDFd"}
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"69375cd3-9864-450c-9cef-0e07b3261461":{"columnOrder":["bef92ea3-f814-46cb-8da3-c3668a3c3d49","9fbac612-7e1b-4732-af49-6a2cd2f4c37a"],"columns":{"9fbac612-7e1b-4732-af49-6a2cd2f4c37a":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Count","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"},"bef92ea3-f814-46cb-8da3-c3668a3c3d49":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"Captured Samples","operationType":"terms","params":{"accuracyMode":true,"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"9fbac612-7e1b-4732-af49-6a2cd2f4c37a","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"size":10},"scale":"ordinal","sourceField":"outfile.keyword"}},"ignoreGlobalFilters":false,"incompleteColumns":{}}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"kuery","query":"type:\"Adbhoney\""},"visualization":{"columns":[{"alignment":"left","columnId":"9fbac612-7e1b-4732-af49-6a2cd2f4c37a","width":114.5},{"alignment":"left","columnId":"bef92ea3-f814-46cb-8da3-c3668a3c3d49","width":672.5}],"headerRowHeight":"single","layerId":"69375cd3-9864-450c-9cef-0e07b3261461","layerType":"data","paging":{"enabled":true,"size":10},"rowHeight":"single"}},"title":"Adbhoney Samples - Top 10","visualizationType":"lnsDatatable"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"3a39eff1-a81b-4c93-837d-053a64a4b226","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-69375cd3-9864-450c-9cef-0e07b3261461","type":"index-pattern"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"},{"id":"858335c0-8ebb-11ec-82b5-d375cfa90394","name":"tag-ref-858335c0-8ebb-11ec-82b5-d375cfa90394","type":"tag"}],"sort":[1767638649249,8589934889],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzcxLDFd"}
{"attributes":{"description":"","filters":[],"query":{"language":"kuery","query":"type : Adbhoney Ciscoasa CitrixHoneypot ConPot Cowrie Ddospot Dicompot Dionaea ElasticPot Endlessh Glutton Hellpot Heralding Honeytrap Honeypots Log4pot Ipphoney Mailoney Medpot Redishoneypot Sentrypeer Tanner Wordpot"},"timefilter":{"from":"now-1m","refreshInterval":{"pause":false,"value":5000},"to":"now"},"title":"Honeypots - Query","titleKeyword":"Honeypots - Query"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"3d34c600-db53-11ec-a64c-4b0bef5acfbb","managed":false,"references":[],"sort":[1767638649249,8589934890],"type":"query","typeMigrationVersion":"10.2.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzcyLDFd"}
{"attributes":{"columns":[],"description":"","grid":{},"hideChart":false,"hits":0,"isTextBasedQuery":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}},\"require_field_match\":false,\"fragment_size\":2147483647},\"query\":{\"query\":\"type.keyword:(\\\"Adbhoney\\\" OR \\\"Beelzebub\\\" OR \\\"Ciscoasa\\\" OR \\\"CitrixHoneypot\\\" OR \\\"ConPot\\\" OR \\\"Cowrie\\\" OR \\\"Ddospot\\\" OR \\\"Dicompot\\\" OR \\\"Dionaea\\\" OR \\\"ElasticPot\\\" OR \\\"Endlessh\\\" OR \\\"Galah\\\" OR \\\"Glutton\\\" OR \\\"Go-pot\\\" OR \\\"H0neytr4p\\\" OR \\\"Hellpot\\\" OR \\\"Heralding\\\" OR \\\"Honeyaml\\\" OR \\\"Honeytrap\\\" OR \\\"Honeypots\\\" OR \\\"Log4pot\\\" OR \\\"Ipphoney\\\" OR \\\"Mailoney\\\" OR \\\"Medpot\\\" OR \\\"Miniprint\\\" OR \\\"Redishoneypot\\\" OR \\\"Sentrypeer\\\" OR \\\"Tanner\\\" OR \\\"Wordpot\\\")\",\"language\":\"kuery\"},\"highlightAll\":true,\"version\":true,\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"rowHeight":3,"sort":[["@timestamp","desc"]],"tabs":[{"attributes":{"columns":[],"grid":{},"hideChart":false,"hits":0,"isTextBasedQuery":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}},\"require_field_match\":false,\"fragment_size\":2147483647},\"query\":{\"query\":\"type.keyword:(\\\"Adbhoney\\\" OR \\\"Beelzebub\\\" OR \\\"Ciscoasa\\\" OR \\\"CitrixHoneypot\\\" OR \\\"ConPot\\\" OR \\\"Cowrie\\\" OR \\\"Ddospot\\\" OR \\\"Dicompot\\\" OR \\\"Dionaea\\\" OR \\\"ElasticPot\\\" OR \\\"Endlessh\\\" OR \\\"Galah\\\" OR \\\"Glutton\\\" OR \\\"Go-pot\\\" OR \\\"H0neytr4p\\\" OR \\\"Hellpot\\\" OR \\\"Heralding\\\" OR \\\"Honeyaml\\\" OR \\\"Honeytrap\\\" OR \\\"Honeypots\\\" OR \\\"Log4pot\\\" OR \\\"Ipphoney\\\" OR \\\"Mailoney\\\" OR \\\"Medpot\\\" OR \\\"Miniprint\\\" OR \\\"Redishoneypot\\\" OR \\\"Sentrypeer\\\" OR \\\"Tanner\\\" OR \\\"Wordpot\\\")\",\"language\":\"kuery\"},\"highlightAll\":true,\"version\":true,\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"rowHeight":3,"sort":[["@timestamp","desc"]],"timeRestore":false,"usesAdHocDataView":false,"version":1},"id":"4c402a50-06f9-4719-a5b0-2e5f00ca3579","label":"Untitled"}],"timeRestore":false,"title":"Honeypot-Logs","usesAdHocDataView":false,"version":1},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"Honeypot-Logs","managed":false,"references":[{"id":"logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"},{"id":"da7e1f90-8ebb-11ec-82b5-d375cfa90394","name":"tag-ref-da7e1f90-8ebb-11ec-82b5-d375cfa90394","type":"tag"}],"sort":[1767638649249,8589934894],"type":"search","typeMigrationVersion":"10.9.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzczLDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Honeypot Attacks Country Tagcloud","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Honeypot Attacks Country Tagcloud\",\"type\":\"tagcloud\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"geoip.country_code3.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"},\"schema\":\"segment\"}],\"params\":{\"scale\":\"linear\",\"orientation\":\"single\",\"minFontSize\":18,\"maxFontSize\":72,\"showLabel\":false,\"palette\":{\"type\":\"palette\",\"name\":\"default\"}}}"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"3ea85280-6e8f-11ec-a667-cfa2ee57ea38","managed":false,"references":[{"id":"Honeypot-Logs","name":"search_0","type":"search"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"}],"sort":[1767638649249,8589934897],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2026-01-05T18:44:09.249Z","version":"Wzc0LDFd"}
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"b168e628-6cff-46dd-9829-9450baa4690f":{"columnOrder":["624ae234-78a5-43f8-99d8-1ac4847f5acf","676850e4-2de1-4bb7-b4ef-2b91c70d6adf","5b946771-c8c9-4646-94b2-9232d1cf8ee4"],"columns":{"5b946771-c8c9-4646-94b2-9232d1cf8ee4":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Attacks","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"},"624ae234-78a5-43f8-99d8-1ac4847f5acf":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"protocol.keyword: Descending","operationType":"terms","params":{"accuracyMode":true,"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"5b946771-c8c9-4646-94b2-9232d1cf8ee4","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"size":5},"scale":"ordinal","sourceField":"protocol.keyword"},"676850e4-2de1-4bb7-b4ef-2b91c70d6adf":{"customLabel":true,"dataType":"date","isBucketed":true,"label":"Timestamp","operationType":"date_histogram","params":{"dropPartials":true,"includeEmptyRows":false,"interval":"auto"},"scale":"interval","sourceField":"@timestamp"}},"ignoreGlobalFilters":false,"incompleteColumns":{}}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"kuery","query":"type.keyword:\"Beelzebub\""},"visualization":{"axisTitlesVisibilitySettings":{"x":false,"yLeft":false,"yRight":true},"curveType":"CURVE_STEP_AFTER","fittingFunction":"Zero","gridlinesVisibilitySettings":{"x":false,"yLeft":false,"yRight":true},"labelsOrientation":{"x":0,"yLeft":0,"yRight":-90},"layers":[{"accessors":["5b946771-c8c9-4646-94b2-9232d1cf8ee4"],"isHistogram":true,"layerId":"b168e628-6cff-46dd-9829-9450baa4690f","layerType":"data","palette":{"name":"kibana_palette","type":"palette"},"seriesType":"area","simpleView":false,"splitAccessor":"624ae234-78a5-43f8-99d8-1ac4847f5acf","xAccessor":"676850e4-2de1-4bb7-b4ef-2b91c70d6adf","xScaleType":"time","yConfig":[{"axisMode":"left","forAccessor":"5b946771-c8c9-4646-94b2-9232d1cf8ee4"}]}],"legend":{"isVisible":true,"legendSize":"auto","maxLines":1,"position":"right","shouldTruncate":true,"showSingleSeries":true},"preferredSeriesType":"bar_stacked","showCurrentTimeMarker":false,"tickLabelsVisibilitySettings":{"x":true,"yLeft":true,"yRight":true},"valueLabels":"hide","valuesInLegend":false,"xTitle":"Timestamp","yLeftExtent":{"enforce":true,"mode":"full"},"yLeftScale":"sqrt","yRightScale":"linear","yTitle":""}},"title":"Beelzebub - Attacks by Protocols Histogram Incoming","visualizationType":"lnsXY"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"70fe88f6-b633-4c5c-9f3f-feaffcae34ef","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-b168e628-6cff-46dd-9829-9450baa4690f","type":"index-pattern"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"},{"id":"0f7e570e-9791-4edf-b252-0bc9c465cb86","name":"tag-ref-0f7e570e-9791-4edf-b252-0bc9c465cb86","type":"tag"}],"sort":[1767638649249,8589934901],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"Wzc1LDFd"}
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"ee504c04-2d64-4fb6-8ce4-6945a5e24413":{"columnOrder":["ba0d7ace-a7a5-4881-93b6-15a460b9007f","e948159e-1a44-47b3-842a-81466030dcb3"],"columns":{"ba0d7ace-a7a5-4881-93b6-15a460b9007f":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"protocol.keyword: Descending","operationType":"terms","params":{"accuracyMode":true,"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"e948159e-1a44-47b3-842a-81466030dcb3","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"size":5},"scale":"ordinal","sourceField":"protocol.keyword"},"e948159e-1a44-47b3-842a-81466030dcb3":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Count","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"}},"ignoreGlobalFilters":false,"incompleteColumns":{}}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"kuery","query":"type.keyword:\"Beelzebub\""},"visualization":{"layers":[{"categoryDisplay":"hide","emptySizeRatio":0.3,"layerId":"ee504c04-2d64-4fb6-8ce4-6945a5e24413","layerType":"data","legendDisplay":"show","legendMaxLines":1,"legendPosition":"right","legendSize":"auto","metrics":["e948159e-1a44-47b3-842a-81466030dcb3"],"nestedLegend":false,"numberDisplay":"percent","percentDecimals":0,"primaryGroups":["ba0d7ace-a7a5-4881-93b6-15a460b9007f"],"secondaryGroups":[],"showValuesInLegend":true,"truncateLegend":true}],"palette":{"name":"kibana_palette","type":"palette"},"shape":"donut"}},"title":"Beelzebub - Attacks by Protocols","visualizationType":"lnsPie"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"769ca91e-593e-46b7-80d4-ccc33b1b36d6","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-ee504c04-2d64-4fb6-8ce4-6945a5e24413","type":"index-pattern"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"},{"id":"0f7e570e-9791-4edf-b252-0bc9c465cb86","name":"tag-ref-0f7e570e-9791-4edf-b252-0bc9c465cb86","type":"tag"}],"sort":[1767638649249,8589934905],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"Wzc2LDFd"}
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"8d3c9890-e96c-4e94-b8dd-55ac1607b16b":{"columnOrder":["3fd17d29-7987-4814-b340-164300a8a85e","943d675e-cf3c-427e-9cb2-777500927983"],"columns":{"3fd17d29-7987-4814-b340-164300a8a85e":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"Command Line Input","operationType":"terms","params":{"accuracyMode":true,"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"943d675e-cf3c-427e-9cb2-777500927983","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"size":10},"scale":"ordinal","sourceField":"input.keyword"},"943d675e-cf3c-427e-9cb2-777500927983":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Count","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"}},"ignoreGlobalFilters":false,"incompleteColumns":{}}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"kuery","query":"type.keyword:\"Beelzebub\""},"visualization":{"columns":[{"alignment":"left","columnId":"943d675e-cf3c-427e-9cb2-777500927983"},{"alignment":"left","columnId":"3fd17d29-7987-4814-b340-164300a8a85e"}],"headerRowHeight":"single","layerId":"8d3c9890-e96c-4e94-b8dd-55ac1607b16b","layerType":"data","paging":{"enabled":true,"size":10},"rowHeight":"single"}},"title":"Beelzebub SSH Input - Top 10","visualizationType":"lnsDatatable"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"af9081e7-b095-455a-b60a-52ee738cdeb5","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-8d3c9890-e96c-4e94-b8dd-55ac1607b16b","type":"index-pattern"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"},{"id":"0f7e570e-9791-4edf-b252-0bc9c465cb86","name":"tag-ref-0f7e570e-9791-4edf-b252-0bc9c465cb86","type":"tag"}],"sort":[1767638649249,8589934909],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"Wzc3LDFd"}
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"8d3c9890-e96c-4e94-b8dd-55ac1607b16b":{"columnOrder":["ef6a1d2e-967b-437d-8fee-f4d13b093f27","943d675e-cf3c-427e-9cb2-777500927983"],"columns":{"943d675e-cf3c-427e-9cb2-777500927983":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Count","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"},"ef6a1d2e-967b-437d-8fee-f4d13b093f27":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"Request URI","operationType":"terms","params":{"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"943d675e-cf3c-427e-9cb2-777500927983","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"size":10},"scale":"ordinal","sourceField":"request_uri.keyword"}},"ignoreGlobalFilters":false,"incompleteColumns":{}}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"kuery","query":"type.keyword:\"Beelzebub\""},"visualization":{"columns":[{"alignment":"left","columnId":"943d675e-cf3c-427e-9cb2-777500927983"},{"columnId":"ef6a1d2e-967b-437d-8fee-f4d13b093f27","isMetric":false,"isTransposed":false,"width":742.5}],"headerRowHeight":"single","headerRowHeightLines":1,"layerId":"8d3c9890-e96c-4e94-b8dd-55ac1607b16b","layerType":"data","paging":{"enabled":false,"size":10},"rowHeight":"auto"}},"title":"Beelzebub HTTP Request URI - Top 10","visualizationType":"lnsDatatable"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"5e854506-3c27-41b9-af73-f4aa2069c44a","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-8d3c9890-e96c-4e94-b8dd-55ac1607b16b","type":"index-pattern"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"},{"id":"0f7e570e-9791-4edf-b252-0bc9c465cb86","name":"tag-ref-0f7e570e-9791-4edf-b252-0bc9c465cb86","type":"tag"}],"sort":[1767638649249,8589934913],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"Wzc4LDFd"}
{"attributes":{"description":"Beelzebub Dashboard","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"type : Beelzebub\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":true,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":0,\"w\":14,\"h\":8,\"i\":\"81237bdf-633c-4a60-abbe-3cef31ce9548\"},\"panelIndex\":\"81237bdf-633c-4a60-abbe-3cef31ce9548\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_81237bdf-633c-4a60-abbe-3cef31ce9548\"},{\"type\":\"lens\",\"gridData\":{\"x\":14,\"y\":0,\"w\":10,\"h\":8,\"i\":\"617b5634-dd20-43a7-891c-5f480dbd0c47\"},\"panelIndex\":\"617b5634-dd20-43a7-891c-5f480dbd0c47\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_617b5634-dd20-43a7-891c-5f480dbd0c47\"},{\"type\":\"map\",\"gridData\":{\"x\":24,\"y\":0,\"w\":24,\"h\":18,\"i\":\"515f0598-c2f2-4f96-904d-889bc7d55cf8\"},\"panelIndex\":\"515f0598-c2f2-4f96-904d-889bc7d55cf8\",\"embeddableConfig\":{\"mapCenter\":{\"lat\":33.63243,\"lon\":1.83085,\"zoom\":1.1},\"mapBuffer\":{\"minLon\":-180,\"minLat\":-66.51326,\"maxLon\":180,\"maxLat\":85.05113},\"isLayerTOCOpen\":false,\"openTOCDetails\":[],\"hiddenLayers\":[],\"enhancements\":{}},\"panelRefName\":\"panel_515f0598-c2f2-4f96-904d-889bc7d55cf8\"},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":8,\"w\":24,\"h\":10,\"i\":\"e92f8d23-7966-4776-a1d4-9d407a1de055\"},\"panelIndex\":\"e92f8d23-7966-4776-a1d4-9d407a1de055\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_e92f8d23-7966-4776-a1d4-9d407a1de055\"},{\"type\":\"lens\",\"gridData\":{\"x\":32,\"y\":18,\"w\":16,\"h\":10,\"i\":\"cc0b98ed-7831-4056-8a5e-ef45a0a44e5d\"},\"panelIndex\":\"cc0b98ed-7831-4056-8a5e-ef45a0a44e5d\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_cc0b98ed-7831-4056-8a5e-ef45a0a44e5d\"},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":18,\"w\":16,\"h\":10,\"i\":\"942b65a0-fc65-4baa-aeab-1d74408a87c6\"},\"panelIndex\":\"942b65a0-fc65-4baa-aeab-1d74408a87c6\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_942b65a0-fc65-4baa-aeab-1d74408a87c6\"},{\"type\":\"lens\",\"gridData\":{\"x\":16,\"y\":18,\"w\":16,\"h\":10,\"i\":\"321418d0-ac65-4b43-9e26-af9f78180f43\"},\"panelIndex\":\"321418d0-ac65-4b43-9e26-af9f78180f43\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_321418d0-ac65-4b43-9e26-af9f78180f43\"},{\"type\":\"lens\",\"gridData\":{\"x\":36,\"y\":28,\"w\":12,\"h\":10,\"i\":\"9470cb22-6472-4cc4-ae9c-3116aa419124\"},\"panelIndex\":\"9470cb22-6472-4cc4-ae9c-3116aa419124\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_9470cb22-6472-4cc4-ae9c-3116aa419124\"},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":28,\"w\":12,\"h\":10,\"i\":\"f36ecadc-a0f6-4cd6-878c-b37935632458\"},\"panelIndex\":\"f36ecadc-a0f6-4cd6-878c-b37935632458\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_f36ecadc-a0f6-4cd6-878c-b37935632458\"},{\"type\":\"lens\",\"gridData\":{\"x\":12,\"y\":28,\"w\":12,\"h\":10,\"i\":\"cce340ba-1d9e-474d-a713-abd04718d563\"},\"panelIndex\":\"cce340ba-1d9e-474d-a713-abd04718d563\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_cce340ba-1d9e-474d-a713-abd04718d563\"},{\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":28,\"w\":12,\"h\":10,\"i\":\"c0c8ebbd-a4a5-45b3-be2e-e007140f5e7f\"},\"panelIndex\":\"c0c8ebbd-a4a5-45b3-be2e-e007140f5e7f\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_c0c8ebbd-a4a5-45b3-be2e-e007140f5e7f\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":38,\"w\":24,\"h\":30,\"i\":\"62c775b5-c490-41d4-ac6e-7503b72bbe85\"},\"panelIndex\":\"62c775b5-c490-41d4-ac6e-7503b72bbe85\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_62c775b5-c490-41d4-ac6e-7503b72bbe85\"},{\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":38,\"w\":24,\"h\":15,\"i\":\"be1e89ba-b8f4-42a8-9d0f-8983905d3866\"},\"panelIndex\":\"be1e89ba-b8f4-42a8-9d0f-8983905d3866\",\"embeddableCo
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"d489d8f6-ab51-44f1-8dce-5e438d70c038":{"columnOrder":["70931bba-ad6b-495f-adc5-5de7a87a9834","95fcc996-b607-4ebe-b7d3-86aa3a9ce92b"],"columns":{"70931bba-ad6b-495f-adc5-5de7a87a9834":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"ip_rep.keyword: Descending","operationType":"terms","params":{"accuracyMode":true,"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"95fcc996-b607-4ebe-b7d3-86aa3a9ce92b","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"size":10},"scale":"ordinal","sourceField":"ip_rep.keyword"},"95fcc996-b607-4ebe-b7d3-86aa3a9ce92b":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Count","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"}},"ignoreGlobalFilters":false,"incompleteColumns":{}}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"kuery","query":"type : Adbhoney Beelzebub Ciscoasa CitrixHoneypot ConPot Cowrie Ddospot Dicompot Dionaea ElasticPot Endlessh Galah Go-pot Glutton H0neytr4p Hellpot Heralding Honeyaml Honeytrap Honeypots Log4pot Ipphoney Mailoney Medpot Miniprint Redishoneypot Sentrypeer Tanner Wordpot"},"visualization":{"layers":[{"categoryDisplay":"hide","emptySizeRatio":0.3,"layerId":"d489d8f6-ab51-44f1-8dce-5e438d70c038","layerType":"data","legendDisplay":"show","legendMaxLines":1,"legendPosition":"right","legendSize":"auto","metrics":["95fcc996-b607-4ebe-b7d3-86aa3a9ce92b"],"nestedLegend":true,"numberDisplay":"hidden","percentDecimals":0,"primaryGroups":["70931bba-ad6b-495f-adc5-5de7a87a9834"],"secondaryGroups":[],"showValuesInLegend":false,"truncateLegend":true}],"palette":{"name":"kibana_palette","type":"palette"},"shape":"donut"}},"title":"Attacker Src IP Reputation","visualizationType":"lnsPie"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"3edfaadd-591d-450d-8e85-071b504c326f","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-d489d8f6-ab51-44f1-8dce-5e438d70c038","type":"index-pattern"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"}],"sort":[1767638649249,8589934937],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzgwLDFd"}
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"6ced4393-7e9f-4c12-bffb-4ecef43aeab6":{"columnOrder":["3e00226a-060b-4319-b791-cb8853cbac1e","7b4616f1-8dad-4ffb-bba8-a325ed787930"],"columns":{"3e00226a-060b-4319-b791-cb8853cbac1e":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"http.http_user_agent.keyword: Descending","operationType":"terms","params":{"accuracyMode":true,"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"7b4616f1-8dad-4ffb-bba8-a325ed787930","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"size":10},"scale":"ordinal","sourceField":"http.http_user_agent.keyword"},"7b4616f1-8dad-4ffb-bba8-a325ed787930":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Count","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"}},"ignoreGlobalFilters":false,"incompleteColumns":{}}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"kuery","query":"type : Suricata"},"visualization":{"layers":[{"categoryDisplay":"hide","emptySizeRatio":0.3,"layerId":"6ced4393-7e9f-4c12-bffb-4ecef43aeab6","layerType":"data","legendDisplay":"show","legendMaxLines":1,"legendPosition":"right","legendSize":"auto","metrics":["7b4616f1-8dad-4ffb-bba8-a325ed787930"],"nestedLegend":true,"numberDisplay":"percent","percentDecimals":0,"primaryGroups":["3e00226a-060b-4319-b791-cb8853cbac1e"],"secondaryGroups":[],"showValuesInLegend":true,"truncateLegend":true}],"palette":{"name":"kibana_palette","type":"palette"},"shape":"donut"}},"title":"Suricata HTTP User Agent Pie - Top 10","visualizationType":"lnsPie"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"3efa7ed3-6caa-4a78-8751-2d3aa76344b4","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-6ced4393-7e9f-4c12-bffb-4ecef43aeab6","type":"index-pattern"},{"id":"1324d6e0-8ebc-11ec-82b5-d375cfa90394","name":"tag-ref-1324d6e0-8ebc-11ec-82b5-d375cfa90394","type":"tag"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"}],"sort":[1767638649249,8589934941],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzgxLDFd"}
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"170044e0-cd42-4d0f-b7a9-5f01d0ec2ce3":{"columnOrder":["c7378206-aaf7-4d00-8035-432be3c9f5ea","c47b19c1-dec7-45c2-a99c-bfe777ef510f","c0ed361a-4bcd-4f9c-8b54-6b013c43bff2"],"columns":{"c0ed361a-4bcd-4f9c-8b54-6b013c43bff2":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Count","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"},"c47b19c1-dec7-45c2-a99c-bfe777ef510f":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"ASN","operationType":"terms","params":{"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"c0ed361a-4bcd-4f9c-8b54-6b013c43bff2","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"size":10},"scale":"ordinal","sourceField":"geoip.as_org.keyword"},"c7378206-aaf7-4d00-8035-432be3c9f5ea":{"customLabel":true,"dataType":"number","isBucketed":true,"label":"AS","operationType":"terms","params":{"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"c0ed361a-4bcd-4f9c-8b54-6b013c43bff2","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"size":10},"scale":"ordinal","sourceField":"geoip.asn"}},"ignoreGlobalFilters":false,"incompleteColumns":{}}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"kuery","query":"type.keyword:\"NGINX\""},"visualization":{"columns":[{"alignment":"left","columnId":"c0ed361a-4bcd-4f9c-8b54-6b013c43bff2"},{"alignment":"left","columnId":"c7378206-aaf7-4d00-8035-432be3c9f5ea"},{"alignment":"left","columnId":"c47b19c1-dec7-45c2-a99c-bfe777ef510f"}],"headerRowHeight":"single","layerId":"170044e0-cd42-4d0f-b7a9-5f01d0ec2ce3","layerType":"data","paging":{"enabled":true,"size":10},"rowHeight":"single"}},"title":"NGINX - AS/N - Top 10","visualizationType":"lnsDatatable"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"4455be61-2db2-4fb0-954d-2e851ff8fbd5","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-170044e0-cd42-4d0f-b7a9-5f01d0ec2ce3","type":"index-pattern"},{"id":"0185bb20-8ebc-11ec-82b5-d375cfa90394","name":"tag-ref-0185bb20-8ebc-11ec-82b5-d375cfa90394","type":"tag"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"}],"sort":[1767638649249,8589934945],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzgyLDFd"}
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"59a9c2e2-eb3e-41c7-965c-5791fbc9ce1c":{"columnOrder":["ad859e50-d7a0-47ea-99eb-e95b61f50a49","a0c7b460-43ea-4dbd-b324-dbfdd92a37ba"],"columns":{"a0c7b460-43ea-4dbd-b324-dbfdd92a37ba":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Count","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"},"ad859e50-d7a0-47ea-99eb-e95b61f50a49":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"http.http_content_type.keyword: Descending","operationType":"terms","params":{"accuracyMode":true,"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"a0c7b460-43ea-4dbd-b324-dbfdd92a37ba","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"size":10},"scale":"ordinal","sourceField":"http.http_content_type.keyword"}},"ignoreGlobalFilters":false,"incompleteColumns":{}}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"kuery","query":"type : Suricata"},"visualization":{"layers":[{"categoryDisplay":"hide","emptySizeRatio":0.3,"layerId":"59a9c2e2-eb3e-41c7-965c-5791fbc9ce1c","layerType":"data","legendDisplay":"show","legendMaxLines":1,"legendPosition":"right","legendSize":"auto","metrics":["a0c7b460-43ea-4dbd-b324-dbfdd92a37ba"],"nestedLegend":true,"numberDisplay":"percent","percentDecimals":0,"primaryGroups":["ad859e50-d7a0-47ea-99eb-e95b61f50a49"],"secondaryGroups":[],"showValuesInLegend":true,"truncateLegend":true}],"palette":{"name":"kibana_palette","type":"palette"},"shape":"donut"}},"title":"Suricata HTTP Content Type - Top 10","visualizationType":"lnsPie"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"44ac8cf6-8be7-4699-be61-529955ef755b","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-59a9c2e2-eb3e-41c7-965c-5791fbc9ce1c","type":"index-pattern"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"},{"id":"1324d6e0-8ebc-11ec-82b5-d375cfa90394","name":"tag-ref-1324d6e0-8ebc-11ec-82b5-d375cfa90394","type":"tag"}],"sort":[1767638649249,8589934949],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzgzLDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"type.keyword:\\\"Cowrie\\\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Cowrie Attacks","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Cowrie Attacks\",\"type\":\"metric\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Attacks\",\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"src_ip.keyword\",\"customLabel\":\"Unique Src IPs\",\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"hassh.keyword\",\"customLabel\":\"Unique HASSHs\",\"emptyAsNull\":false},\"schema\":\"metric\"}],\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Yellow to Red\",\"metricColorMode\":\"Labels\",\"colorsRange\":[{\"from\":1,\"to\":10},{\"from\":11,\"to\":100},{\"from\":101,\"to\":1000},{\"from\":1001,\"to\":10000},{\"from\":10001,\"to\":100000},{\"from\":100001,\"to\":1000000},{\"from\":1000001,\"to\":10000000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":24}}}}"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"45e32dc0-dec5-11e8-87cf-239397d2b8d3","managed":false,"references":[{"id":"logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"},{"id":"9fc921b0-8ebb-11ec-82b5-d375cfa90394","name":"tag-ref-9fc921b0-8ebb-11ec-82b5-d375cfa90394","type":"tag"}],"sort":[1767638649249,8589934953],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2026-01-05T18:44:09.249Z","version":"Wzg0LDFd"}
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"2ad821d4-c589-46a0-a40c-9455345de1f2":{"columnOrder":["fbd04482-dc0d-4b36-aeaa-5f2bd64ca8db","f710e5b9-e237-488c-8fc2-1a0ac9a9336e"],"columns":{"f710e5b9-e237-488c-8fc2-1a0ac9a9336e":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Count","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"},"fbd04482-dc0d-4b36-aeaa-5f2bd64ca8db":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"password.keyword: Descending","operationType":"terms","params":{"accuracyMode":true,"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"f710e5b9-e237-488c-8fc2-1a0ac9a9336e","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"size":50},"scale":"ordinal","sourceField":"password.keyword"}},"ignoreGlobalFilters":false,"incompleteColumns":{}}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"kuery","query":"type : Beelzebub Cowrie Dionaea Heralding Wordpot"},"visualization":{"layerId":"2ad821d4-c589-46a0-a40c-9455345de1f2","layerType":"data","maxFontSize":64,"minFontSize":16,"orientation":"single","palette":{"name":"kibana_palette","type":"palette"},"showLabel":false,"tagAccessor":"fbd04482-dc0d-4b36-aeaa-5f2bd64ca8db","valueAccessor":"f710e5b9-e237-488c-8fc2-1a0ac9a9336e"}},"title":"Password Tagcloud","visualizationType":"lnsTagcloud"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"48c6209c-dd70-45f7-baf3-72fe3af04fde","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-2ad821d4-c589-46a0-a40c-9455345de1f2","type":"index-pattern"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"}],"sort":[1767638649249,8589934956],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"Wzg1LDFd"}
{"attributes":{"description":"Medpot Dashboard","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"type : Medpot\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":true,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":27,\"w\":24,\"h\":18,\"i\":\"22\"},\"panelIndex\":\"22\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_22\"},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":0,\"w\":14,\"h\":7,\"i\":\"28fd6c8f-09f0-43a6-ab95-43f712af19f7\"},\"panelIndex\":\"28fd6c8f-09f0-43a6-ab95-43f712af19f7\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_28fd6c8f-09f0-43a6-ab95-43f712af19f7\"},{\"type\":\"lens\",\"gridData\":{\"x\":14,\"y\":0,\"w\":10,\"h\":7,\"i\":\"b8f7cfe9-45a4-40f5-b85f-21565f597a1a\"},\"panelIndex\":\"b8f7cfe9-45a4-40f5-b85f-21565f597a1a\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_b8f7cfe9-45a4-40f5-b85f-21565f597a1a\"},{\"type\":\"map\",\"gridData\":{\"x\":24,\"y\":0,\"w\":24,\"h\":17,\"i\":\"c0f53dd7-eb47-4fe7-9f58-1c1ca9737e32\"},\"panelIndex\":\"c0f53dd7-eb47-4fe7-9f58-1c1ca9737e32\",\"embeddableConfig\":{\"mapCenter\":{\"lat\":20.96144,\"lon\":-12.12891,\"zoom\":2},\"mapBuffer\":{\"minLon\":-180,\"minLat\":-66.51326,\"maxLon\":90,\"maxLat\":66.51326},\"isLayerTOCOpen\":false,\"openTOCDetails\":[],\"hiddenLayers\":[],\"enhancements\":{}},\"panelRefName\":\"panel_c0f53dd7-eb47-4fe7-9f58-1c1ca9737e32\"},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":7,\"w\":24,\"h\":10,\"i\":\"b2d59a3b-376a-40bd-a6b1-5139f8736708\"},\"panelIndex\":\"b2d59a3b-376a-40bd-a6b1-5139f8736708\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_b2d59a3b-376a-40bd-a6b1-5139f8736708\"},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":17,\"w\":12,\"h\":10,\"i\":\"a002d810-8913-4be5-9b62-feca08af7b44\"},\"panelIndex\":\"a002d810-8913-4be5-9b62-feca08af7b44\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_a002d810-8913-4be5-9b62-feca08af7b44\"},{\"type\":\"lens\",\"gridData\":{\"x\":12,\"y\":17,\"w\":12,\"h\":10,\"i\":\"6d9c761d-2d40-414c-b104-e72cf0c32aa6\"},\"panelIndex\":\"6d9c761d-2d40-414c-b104-e72cf0c32aa6\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6d9c761d-2d40-414c-b104-e72cf0c32aa6\"},{\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":17,\"w\":24,\"h\":10,\"i\":\"9827be12-e963-46e6-b621-4f26d66038b1\"},\"panelIndex\":\"9827be12-e963-46e6-b621-4f26d66038b1\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_9827be12-e963-46e6-b621-4f26d66038b1\"},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":27,\"w\":12,\"h\":18,\"i\":\"ad769885-f76b-4723-ae18-fb9abdc22773\"},\"panelIndex\":\"ad769885-f76b-4723-ae18-fb9abdc22773\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_ad769885-f76b-4723-ae18-fb9abdc22773\"},{\"type\":\"lens\",\"gridData\":{\"x\":12,\"y\":27,\"w\":12,\"h\":18,\"i\":\"b49c6123-24d0-4734-80ff-8bcb5946c425\"},\"panelIndex\":\"b49c6123-24d0-4734-80ff-8bcb5946c425\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_b49c6123-24d0-4734-80ff-8bcb5946c425\"}]","refreshInterval":{"pause":false,"value":60000},"timeFrom":"now-24h/h","timeRestore":true,"timeTo":"now","title":"Medpot","version":1},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"48f595c0-e7f8-11e8-9ac4-13ecd4ad8d70","managed":false,"references":[{"id":"2027a470-59e9-40c9-9177-919977aec4aa","name":"22:panel_22","type":"lens"},{"id":"c6fae7be-5ac1-428d-958a-eb1964375d3b","name":"28fd6c8f-09f0-43a6-ab95-43f712af19f7:panel_28fd6c8f-09f0-43a6-ab95-43f712af19f7","type":"lens"},{"id":"95a453e7-090e-477b-af3e-2bd66c2928a4","name":"b8f7cfe9-45a4-40f5-b85f-21565f597a1a:panel_b8f7cfe9-45a4-40f5-b85f-21565f597a1a","type":"lens"},{"id":"5c377b80-8f48-11ec-98cd-292aebe8beaf","name":"c0f53dd7-eb47-4fe7-9f58-1c1ca9737e32:panel_c0f53dd7-eb47-4fe7-9f58-1c1ca9737e32","type":"map"},{"id":"c5fb84fe-db5b-40f4-9610-2
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"a37751ce-225f-4f44-8c6b-b98c6e204741":{"columnOrder":["93837b55-e77c-418e-a4df-4689f623920b","5e263349-44ab-4e23-93fc-ffc549ae286c","f633b8aa-1bfc-4ddd-b827-f2eb265e41db"],"columns":{"5e263349-44ab-4e23-93fc-ffc549ae286c":{"customLabel":true,"dataType":"date","isBucketed":true,"label":"Timestamp","operationType":"date_histogram","params":{"dropPartials":true,"includeEmptyRows":false,"interval":"auto"},"scale":"interval","sourceField":"@timestamp"},"93837b55-e77c-418e-a4df-4689f623920b":{"dataType":"number","isBucketed":true,"label":"Top 5 values of DestPort","operationType":"terms","params":{"accuracyMode":true,"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"f633b8aa-1bfc-4ddd-b827-f2eb265e41db","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"size":5},"scale":"ordinal","sourceField":"dest_port"},"f633b8aa-1bfc-4ddd-b827-f2eb265e41db":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Count","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"}},"ignoreGlobalFilters":false,"incompleteColumns":{}}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"kuery","query":"type : Suricata"},"visualization":{"axisTitlesVisibilitySettings":{"x":false,"yLeft":false,"yRight":true},"curveType":"LINEAR","fittingFunction":"Linear","gridlinesVisibilitySettings":{"x":false,"yLeft":false,"yRight":true},"labelsOrientation":{"x":0,"yLeft":0,"yRight":-90},"layers":[{"accessors":["f633b8aa-1bfc-4ddd-b827-f2eb265e41db"],"isHistogram":true,"layerId":"a37751ce-225f-4f44-8c6b-b98c6e204741","layerType":"data","palette":{"name":"default","type":"palette"},"seriesType":"area","simpleView":false,"splitAccessor":"93837b55-e77c-418e-a4df-4689f623920b","xAccessor":"5e263349-44ab-4e23-93fc-ffc549ae286c","xScaleType":"time","yConfig":[{"axisMode":"left","forAccessor":"f633b8aa-1bfc-4ddd-b827-f2eb265e41db"}]}],"legend":{"isVisible":true,"legendSize":"auto","maxLines":1,"position":"right","shouldTruncate":true,"showSingleSeries":true},"preferredSeriesType":"bar_stacked","showCurrentTimeMarker":false,"tickLabelsVisibilitySettings":{"x":true,"yLeft":true,"yRight":true},"valueLabels":"hide","valuesInLegend":false,"xTitle":"Timestamp","yLeftExtent":{"enforce":true,"mode":"full"},"yLeftScale":"sqrt","yRightScale":"linear","yTitle":""}},"title":"Suricata Destination Ports Histogram","visualizationType":"lnsXY"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"498e7401-1fa4-4d44-b7ee-84739686b9c3","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-a37751ce-225f-4f44-8c6b-b98c6e204741","type":"index-pattern"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"},{"id":"1324d6e0-8ebc-11ec-82b5-d375cfa90394","name":"tag-ref-1324d6e0-8ebc-11ec-82b5-d375cfa90394","type":"tag"}],"sort":[1767638649249,8589934973],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"Wzg3LDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"type : Suricata\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Suricata Events","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Suricata Events\",\"type\":\"metric\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Events\",\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"src_ip.keyword\",\"customLabel\":\"Unique Src IPs\",\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"tls.ja3.hash.keyword\",\"customLabel\":\"Unique JA3s\",\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"tls.ja4.keyword\",\"customLabel\":\"Unique JA4s\",\"emptyAsNull\":false},\"schema\":\"metric\"}],\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Yellow to Red\",\"metricColorMode\":\"Labels\",\"colorsRange\":[{\"from\":1,\"to\":10},{\"from\":11,\"to\":100},{\"from\":101,\"to\":1000},{\"from\":1001,\"to\":10000},{\"from\":10001,\"to\":100000},{\"from\":100001,\"to\":1000000},{\"from\":1000001,\"to\":10000000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":24}}}}"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"4a60fe20-e75f-11e8-803c-59c072645505","managed":false,"references":[{"id":"logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"},{"id":"1324d6e0-8ebc-11ec-82b5-d375cfa90394","name":"tag-ref-1324d6e0-8ebc-11ec-82b5-d375cfa90394","type":"tag"}],"sort":[1767638649249,8589934977],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2026-01-05T18:44:09.249Z","version":"Wzg4LDFd"}
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"f11f63b7-9a81-4bbc-9ade-c4eb236cddbd":{"columnOrder":["7477ad42-c8e1-4d7e-9494-f4ea8600f6c7","dd0e6fe1-8e13-420d-b5ba-54097491e638"],"columns":{"7477ad42-c8e1-4d7e-9494-f4ea8600f6c7":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"Event","operationType":"terms","params":{"accuracyMode":true,"exclude":[],"excludeIsRegex":false,"include":["save_raw_print_job","save_postscript"],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"dd0e6fe1-8e13-420d-b5ba-54097491e638","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"secondaryFields":[],"size":10},"scale":"ordinal","sourceField":"event.keyword"},"dd0e6fe1-8e13-420d-b5ba-54097491e638":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Count","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"}},"ignoreGlobalFilters":false,"incompleteColumns":{}}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"lucene","query":"type : Miniprint"},"visualization":{"columns":[{"alignment":"left","columnId":"dd0e6fe1-8e13-420d-b5ba-54097491e638"},{"alignment":"left","columnId":"7477ad42-c8e1-4d7e-9494-f4ea8600f6c7","oneClickFilter":false}],"headerRowHeight":"single","layerId":"f11f63b7-9a81-4bbc-9ade-c4eb236cddbd","layerType":"data","paging":{"enabled":true,"size":10},"rowHeight":"single"}},"title":"Miniprint - Upload Stats","visualizationType":"lnsDatatable"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"4b632a83-f3f9-4d89-9fe6-5742c80adcdb","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-f11f63b7-9a81-4bbc-9ade-c4eb236cddbd","type":"index-pattern"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"},{"id":"676894ac-8dc6-4b98-badb-db2ea992ebbb","name":"tag-ref-676894ac-8dc6-4b98-badb-db2ea992ebbb","type":"tag"}],"sort":[1767638649249,8589934981],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"Wzg5LDFd"}
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"34dc4427-98ac-4644-bf63-c1a08d684eb4":{"columnOrder":["1b18556a-e836-408f-a40e-dcad4cf90f80","041e6e32-7847-47bd-a14c-d3cb5fa5c173"],"columns":{"041e6e32-7847-47bd-a14c-d3cb5fa5c173":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Count","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"},"1b18556a-e836-408f-a40e-dcad4cf90f80":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"Action","operationType":"terms","params":{"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"041e6e32-7847-47bd-a14c-d3cb5fa5c173","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"size":10},"scale":"ordinal","sourceField":"action.keyword"}},"ignoreGlobalFilters":false,"incompleteColumns":{}}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"kuery","query":"type : Redishoneypot"},"visualization":{"columns":[{"alignment":"left","columnId":"041e6e32-7847-47bd-a14c-d3cb5fa5c173"},{"alignment":"left","columnId":"1b18556a-e836-408f-a40e-dcad4cf90f80"}],"headerRowHeight":"single","layerId":"34dc4427-98ac-4644-bf63-c1a08d684eb4","layerType":"data","paging":{"enabled":true,"size":10},"rowHeight":"single"}},"title":"Redishoneypot Duration and Bytes - Top 10","visualizationType":"lnsDatatable"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"d73013a4-87eb-446c-b626-cf2765251737","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-34dc4427-98ac-4644-bf63-c1a08d684eb4","type":"index-pattern"},{"id":"0ac8a440-8ebc-11ec-82b5-d375cfa90394","name":"tag-ref-0ac8a440-8ebc-11ec-82b5-d375cfa90394","type":"tag"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"}],"sort":[1767638649249,8589934985],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzkwLDFd"}
{"attributes":{"description":"Redishoneypot Dashboard","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"type : Redishoneypot\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":true,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":0,\"w\":14,\"h\":7,\"i\":\"f374ffce-b7b2-4ac8-8372-ffaf1b41947d\"},\"panelIndex\":\"f374ffce-b7b2-4ac8-8372-ffaf1b41947d\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_f374ffce-b7b2-4ac8-8372-ffaf1b41947d\"},{\"type\":\"lens\",\"gridData\":{\"x\":14,\"y\":0,\"w\":10,\"h\":7,\"i\":\"b59c4fe8-da69-4f3b-8fa0-05eb7ac5d4fa\"},\"panelIndex\":\"b59c4fe8-da69-4f3b-8fa0-05eb7ac5d4fa\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_b59c4fe8-da69-4f3b-8fa0-05eb7ac5d4fa\"},{\"type\":\"map\",\"gridData\":{\"x\":24,\"y\":0,\"w\":24,\"h\":17,\"i\":\"129b5492-f532-4c67-9e0a-70ec9fd52619\"},\"panelIndex\":\"129b5492-f532-4c67-9e0a-70ec9fd52619\",\"embeddableConfig\":{\"mapCenter\":{\"lat\":20.96144,\"lon\":-12.12891,\"zoom\":2},\"mapBuffer\":{\"minLon\":-180,\"minLat\":-66.51326,\"maxLon\":90,\"maxLat\":66.51326},\"isLayerTOCOpen\":false,\"openTOCDetails\":[],\"hiddenLayers\":[],\"enhancements\":{}},\"panelRefName\":\"panel_129b5492-f532-4c67-9e0a-70ec9fd52619\"},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":7,\"w\":24,\"h\":10,\"i\":\"25029bcb-d301-4904-9774-f1435b16ace3\"},\"panelIndex\":\"25029bcb-d301-4904-9774-f1435b16ace3\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_25029bcb-d301-4904-9774-f1435b16ace3\"},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":17,\"w\":12,\"h\":10,\"i\":\"b951e2bc-e2f9-4d56-8f2d-49140bc187f3\"},\"panelIndex\":\"b951e2bc-e2f9-4d56-8f2d-49140bc187f3\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_b951e2bc-e2f9-4d56-8f2d-49140bc187f3\"},{\"type\":\"lens\",\"gridData\":{\"x\":12,\"y\":17,\"w\":12,\"h\":10,\"i\":\"a30d5e51-a8f4-4d3b-a954-8cc0a9266f51\"},\"panelIndex\":\"a30d5e51-a8f4-4d3b-a954-8cc0a9266f51\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_a30d5e51-a8f4-4d3b-a954-8cc0a9266f51\"},{\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":17,\"w\":24,\"h\":10,\"i\":\"4f54caad-6e7c-4382-aa12-8ee5ab9079e9\"},\"panelIndex\":\"4f54caad-6e7c-4382-aa12-8ee5ab9079e9\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4f54caad-6e7c-4382-aa12-8ee5ab9079e9\"},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":27,\"w\":12,\"h\":18,\"i\":\"88b41e3e-f3c1-4d80-8761-24335b2f0464\"},\"panelIndex\":\"88b41e3e-f3c1-4d80-8761-24335b2f0464\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_88b41e3e-f3c1-4d80-8761-24335b2f0464\"},{\"type\":\"lens\",\"gridData\":{\"x\":12,\"y\":27,\"w\":12,\"h\":18,\"i\":\"cdaa0b45-207c-4156-9ae0-2a0a34ef64e8\"},\"panelIndex\":\"cdaa0b45-207c-4156-9ae0-2a0a34ef64e8\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_cdaa0b45-207c-4156-9ae0-2a0a34ef64e8\"},{\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":27,\"w\":24,\"h\":18,\"i\":\"62473400-7d07-4eeb-8914-f5011d15841e\"},\"panelIndex\":\"62473400-7d07-4eeb-8914-f5011d15841e\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_62473400-7d07-4eeb-8914-f5011d15841e\"}]","refreshInterval":{"pause":false,"value":60000},"timeFrom":"now-24h","timeRestore":true,"timeTo":"now","title":"Redishoneypot","version":1},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"4b897850-3c0b-11ec-b37b-416a7cc98388","managed":false,"references":[{"id":"c6fae7be-5ac1-428d-958a-eb1964375d3b","name":"f374ffce-b7b2-4ac8-8372-ffaf1b41947d:panel_f374ffce-b7b2-4ac8-8372-ffaf1b41947d","type":"lens"},{"id":"95a453e7-090e-477b-af3e-2bd66c2928a4","name":"b59c4fe8-da69-4f3b-8fa0-05eb7ac5d4fa:panel_b59c4fe8-da69-4f3b-8fa0-05eb7ac5d4fa","type":"lens"},{"id":"5c377b80-8f48-11ec-98cd-292aebe8beaf","name":"129b5492-f532-4c67-9e0a-70ec9fd52619:panel_129b5492-f532-4c67-9e0a-70ec9fd52619","type"
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"f7e33b82-97b4-4c86-ba78-eddb7ff727b0":{"columnOrder":["582823f5-d139-4b50-a371-8e29a5d3478d","d5f82b97-712d-4d78-87a8-11275aa89de4"],"columns":{"582823f5-d139-4b50-a371-8e29a5d3478d":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"Query","operationType":"terms","params":{"accuracyMode":true,"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"d5f82b97-712d-4d78-87a8-11275aa89de4","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"size":10},"scale":"ordinal","sourceField":"http.url.keyword"},"d5f82b97-712d-4d78-87a8-11275aa89de4":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Count","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"}},"ignoreGlobalFilters":false,"incompleteColumns":{}}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"lucene","query":"type : ElasticPot"},"visualization":{"columns":[{"alignment":"left","columnId":"d5f82b97-712d-4d78-87a8-11275aa89de4"},{"alignment":"left","columnId":"582823f5-d139-4b50-a371-8e29a5d3478d"}],"headerRowHeight":"single","layerId":"f7e33b82-97b4-4c86-ba78-eddb7ff727b0","layerType":"data","paging":{"enabled":true,"size":10},"rowHeight":"single"}},"title":"ElasticPot Query - Top 10","visualizationType":"lnsDatatable"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"4d182033-b2f4-4a0b-9c05-d429b8babac0","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-f7e33b82-97b4-4c86-ba78-eddb7ff727b0","type":"index-pattern"},{"id":"b4f3ae20-8ebb-11ec-82b5-d375cfa90394","name":"tag-ref-b4f3ae20-8ebb-11ec-82b5-d375cfa90394","type":"tag"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"}],"sort":[1767638649249,8589935002],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzkyLDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"type:\\\"Cowrie\\\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"Vega Test","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Vega Test\",\"type\":\"vega\",\"aggs\":[],\"params\":{\"spec\":\"{\\n $schema: https://vega.github.io/schema/vega/v3.0.json\\n data: [\\n {\\n // query ES based on the currently selected time range and filter string\\n name: rawData\\n url: {\\n %context%: true\\n %timefield%: @timestamp\\n index: logstash-*\\n body: {\\n size: 0\\n aggs: {\\n table: {\\n composite: {\\n size: 10000\\n sources: [\\n {\\n stk1: {\\n terms: {\\n field: src_ip.keyword\\n }\\n }\\n }\\n {\\n stk2: {\\n terms: {\\n field: dest_ip.keyword\\n }\\n }\\n }\\n ]\\n }\\n }\\n }\\n }\\n }\\n // From the result, take just the data we are interested in\\n format: {\\n property: aggregations.table.buckets\\n }\\n // Convert key.stk1 -> stk1 for simpler access below\\n transform: [\\n {\\n type: formula\\n expr: datum.key.stk1\\n as: stk1\\n }\\n {\\n type: formula\\n expr: datum.key.stk2\\n as: stk2\\n }\\n {\\n type: formula\\n expr: datum.doc_count\\n as: size\\n }\\n ]\\n }\\n {\\n name: nodes\\n source: rawData\\n transform: [\\n // when a country is selected, filter out unrelated data\\n {\\n type: filter\\n expr: !groupSelector || groupSelector.stk1 == datum.stk1 || groupSelector.stk2 == datum.stk2\\n }\\n // Set new key for later lookups - identifies each node\\n {\\n type: formula\\n expr: datum.stk1+datum.stk2\\n as: key\\n }\\n // instead of each table row, create two new rows,\\n // one for the source (stack=stk1) and one for destination node (stack=stk2).\\n // The country code stored in stk1 and stk2 fields is placed into grpId field.\\n {\\n type: fold\\n fields: [\\n stk1\\n stk2\\n ]\\n as: [\\n stack\\n grpId\\n ]\\n }\\n // Create a sortkey, different for stk1 and stk2 stacks.\\n // Space separator ensures proper sort order in some corner cases.\\n {\\n type: formula\\n expr: datum.stack == 'stk1' ? datum.stk1+' '+datum.stk2 : datum.stk2+' '+datum.stk1\\n as: sortField\\n }\\n // Calculate y0 and y1 positions for stacking nodes one on top of the other,\\n // independently for each stack, and ensuring they are in the proper order,\\n // alphabetical from the top (reversed on the y axis)\\n {\\n type: stack\\n groupby: [\\n stack\\n ]\\n sort: {\\n field: sortField\\n order: descending\\n }\\n field: size\\n }\\n // calculate vertical center point for each node, used to draw edges\\n {\\n type: formula\\n expr: (datum.y0+datum.y1)/2\\n as: yc\\n }\\n ]\\n }\\n {\\n name: groups\\n source: nodes\\n transform: [\\n // combine all nodes into country groups, summing up the doc counts\\n {\\n type: aggregate\\n groupby: [\\n stack\\n grpId\\n ]\\n fields: [\\n size\\n ]\\n ops: [\\n sum\\n ]\\n as: [\\
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"c7e7760e-ff71-4f4c-95e8-b921aaea265a":{"columnOrder":["e2841c6a-983e-412c-9e2f-d416daa5af75","7e321c91-ac82-4048-8faa-163c7365bf4f","75547a8b-9fd9-4d5e-bfb9-f1a7c56d7f2a"],"columns":{"75547a8b-9fd9-4d5e-bfb9-f1a7c56d7f2a":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Count","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"},"7e321c91-ac82-4048-8faa-163c7365bf4f":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"Source IP","operationType":"terms","params":{"accuracyMode":true,"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"75547a8b-9fd9-4d5e-bfb9-f1a7c56d7f2a","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"size":5},"scale":"ordinal","sourceField":"src_ip.keyword"},"e2841c6a-983e-412c-9e2f-d416daa5af75":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"SSH HASSH","operationType":"terms","params":{"accuracyMode":true,"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"75547a8b-9fd9-4d5e-bfb9-f1a7c56d7f2a","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"size":5},"scale":"ordinal","sourceField":"fatt_ssh.hassh.keyword"}},"ignoreGlobalFilters":false,"incompleteColumns":{}}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"kuery","query":"type : Fatt"},"visualization":{"layers":[{"categoryDisplay":"hide","emptySizeRatio":0.3,"layerId":"c7e7760e-ff71-4f4c-95e8-b921aaea265a","layerType":"data","legendDisplay":"show","legendMaxLines":1,"legendPosition":"right","legendSize":"auto","metrics":["75547a8b-9fd9-4d5e-bfb9-f1a7c56d7f2a"],"nestedLegend":true,"numberDisplay":"percent","percentDecimals":0,"primaryGroups":["e2841c6a-983e-412c-9e2f-d416daa5af75","7e321c91-ac82-4048-8faa-163c7365bf4f"],"secondaryGroups":[],"showValuesInLegend":true,"truncateLegend":true}],"palette":{"name":"kibana_palette","type":"palette"},"shape":"donut"}},"title":"Fatt - IP / SSH HASSH - Pie","visualizationType":"lnsPie"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"4ec6bf0f-2512-4540-9e73-1d7a2140d00c","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-c7e7760e-ff71-4f4c-95e8-b921aaea265a","type":"index-pattern"},{"id":"c2b98750-8ebb-11ec-82b5-d375cfa90394","name":"tag-ref-c2b98750-8ebb-11ec-82b5-d375cfa90394","type":"tag"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"}],"sort":[1767638649249,8589935008],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"Wzk0LDFd"}
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"6a3dc3c2-e101-46d7-9a87-bf8fd7381346":{"columnOrder":["53be67f9-8ff8-44e6-a988-db568e47ed3f","7c79b432-2481-4670-b698-cc42fdd5be1c","3e1c3012-d177-467b-9af5-51b0063b9a64","74cc1a2f-f2b5-41c3-9805-01b7c3b9987e","7aa7f978-100e-4461-ba87-18f25c93b1c2"],"columns":{"3e1c3012-d177-467b-9af5-51b0063b9a64":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Unique Src IPs","operationType":"unique_count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"src_ip.keyword"},"53be67f9-8ff8-44e6-a988-db568e47ed3f":{"customLabel":true,"dataType":"date","isBucketed":true,"label":"Timestamp","operationType":"date_histogram","params":{"dropPartials":true,"includeEmptyRows":false,"interval":"auto"},"scale":"interval","sourceField":"@timestamp"},"74cc1a2f-f2b5-41c3-9805-01b7c3b9987e":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Unique JA3s","operationType":"unique_count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"tls.ja3.hash.keyword"},"7aa7f978-100e-4461-ba87-18f25c93b1c2":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Unique JA4s","operationType":"unique_count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"tls.ja4.keyword"},"7c79b432-2481-4670-b698-cc42fdd5be1c":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Events","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"}},"ignoreGlobalFilters":false,"incompleteColumns":{}}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"kuery","query":"type : Suricata"},"visualization":{"axisTitlesVisibilitySettings":{"x":false,"yLeft":false,"yRight":true},"curveType":"LINEAR","fittingFunction":"Zero","gridlinesVisibilitySettings":{"x":false,"yLeft":false,"yRight":true},"labelsOrientation":{"x":0,"yLeft":0,"yRight":-90},"layers":[{"accessors":["7c79b432-2481-4670-b698-cc42fdd5be1c","3e1c3012-d177-467b-9af5-51b0063b9a64","74cc1a2f-f2b5-41c3-9805-01b7c3b9987e","7aa7f978-100e-4461-ba87-18f25c93b1c2"],"isHistogram":true,"layerId":"6a3dc3c2-e101-46d7-9a87-bf8fd7381346","layerType":"data","palette":{"name":"kibana_palette","type":"palette"},"seriesType":"line","simpleView":false,"xAccessor":"53be67f9-8ff8-44e6-a988-db568e47ed3f","xScaleType":"time","yConfig":[{"axisMode":"left","forAccessor":"7c79b432-2481-4670-b698-cc42fdd5be1c"},{"axisMode":"left","forAccessor":"3e1c3012-d177-467b-9af5-51b0063b9a64"},{"axisMode":"left","forAccessor":"74cc1a2f-f2b5-41c3-9805-01b7c3b9987e"}]}],"legend":{"isVisible":true,"legendSize":"auto","legendStats":[],"maxLines":1,"position":"right","shouldTruncate":true,"showSingleSeries":true},"preferredSeriesType":"bar_stacked","showCurrentTimeMarker":false,"tickLabelsVisibilitySettings":{"x":true,"yLeft":true,"yRight":true},"valueLabels":"hide","xTitle":"Timestamp","yLeftExtent":{"enforce":true,"mode":"full"},"yLeftScale":"sqrt","yRightScale":"linear","yTitle":""}},"title":"Suricata Events Histogram","visualizationType":"lnsXY"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"4f946428-7351-4df2-8b06-38087603fc28","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-6a3dc3c2-e101-46d7-9a87-bf8fd7381346","type":"index-pattern"},{"id":"1324d6e0-8ebc-11ec-82b5-d375cfa90394","name":"tag-ref-1324d6e0-8ebc-11ec-82b5-d375cfa90394","type":"tag"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"}],"sort":[1767638649249,8589935012],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"Wzk1LDFd"}
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"b168e628-6cff-46dd-9829-9450baa4690f":{"columnOrder":["624ae234-78a5-43f8-99d8-1ac4847f5acf","676850e4-2de1-4bb7-b4ef-2b91c70d6adf","5b946771-c8c9-4646-94b2-9232d1cf8ee4"],"columns":{"5b946771-c8c9-4646-94b2-9232d1cf8ee4":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Attacks","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"},"624ae234-78a5-43f8-99d8-1ac4847f5acf":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"protocol.keyword: Descending","operationType":"terms","params":{"accuracyMode":true,"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"5b946771-c8c9-4646-94b2-9232d1cf8ee4","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"size":5},"scale":"ordinal","sourceField":"protocol.keyword"},"676850e4-2de1-4bb7-b4ef-2b91c70d6adf":{"customLabel":true,"dataType":"date","isBucketed":true,"label":"Timestamp","operationType":"date_histogram","params":{"dropPartials":true,"includeEmptyRows":false,"interval":"auto"},"scale":"interval","sourceField":"@timestamp"}},"ignoreGlobalFilters":false,"incompleteColumns":{}}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"kuery","query":"type.keyword:\"Cowrie\""},"visualization":{"axisTitlesVisibilitySettings":{"x":false,"yLeft":false,"yRight":true},"curveType":"CURVE_STEP_AFTER","fittingFunction":"Zero","gridlinesVisibilitySettings":{"x":false,"yLeft":false,"yRight":true},"labelsOrientation":{"x":0,"yLeft":0,"yRight":-90},"layers":[{"accessors":["5b946771-c8c9-4646-94b2-9232d1cf8ee4"],"isHistogram":true,"layerId":"b168e628-6cff-46dd-9829-9450baa4690f","layerType":"data","palette":{"name":"kibana_palette","type":"palette"},"seriesType":"area","simpleView":false,"splitAccessor":"624ae234-78a5-43f8-99d8-1ac4847f5acf","xAccessor":"676850e4-2de1-4bb7-b4ef-2b91c70d6adf","xScaleType":"time","yConfig":[{"axisMode":"left","forAccessor":"5b946771-c8c9-4646-94b2-9232d1cf8ee4"}]}],"legend":{"isVisible":true,"legendSize":"auto","maxLines":1,"position":"right","shouldTruncate":true,"showSingleSeries":true},"preferredSeriesType":"bar_stacked","showCurrentTimeMarker":false,"tickLabelsVisibilitySettings":{"x":true,"yLeft":true,"yRight":true},"valueLabels":"hide","valuesInLegend":false,"xTitle":"Timestamp","yLeftExtent":{"enforce":true,"mode":"full"},"yLeftScale":"sqrt","yRightScale":"linear","yTitle":""}},"title":"Cowrie - Attacks by Destination Ports Histogram Incoming","visualizationType":"lnsXY"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"50641835-a95b-4968-98e7-64a294d90151","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-b168e628-6cff-46dd-9829-9450baa4690f","type":"index-pattern"},{"id":"9fc921b0-8ebb-11ec-82b5-d375cfa90394","name":"tag-ref-9fc921b0-8ebb-11ec-82b5-d375cfa90394","type":"tag"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"}],"sort":[1767638649249,8589935016],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"Wzk2LDFd"}
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"8558b1bb-ff6d-496c-835a-f25e40627376":{"columnOrder":["bdbce8d3-4662-4ffc-8c82-dd7b870ddfda","4ce88ca1-a52a-4ae9-8ddc-333c0c104bb0"],"columns":{"4ce88ca1-a52a-4ae9-8ddc-333c0c104bb0":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Count","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"},"bdbce8d3-4662-4ffc-8c82-dd7b870ddfda":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"Events","operationType":"terms","params":{"accuracyMode":true,"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"4ce88ca1-a52a-4ae9-8ddc-333c0c104bb0","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"secondaryFields":[],"size":10},"scale":"ordinal","sourceField":"event.keyword"}},"ignoreGlobalFilters":false,"incompleteColumns":{}}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"kuery","query":"type : Miniprint"},"visualization":{"layers":[{"categoryDisplay":"hide","emptySizeRatio":0.3,"layerId":"8558b1bb-ff6d-496c-835a-f25e40627376","layerType":"data","legendDisplay":"show","legendMaxLines":1,"legendPosition":"right","legendSize":"auto","metrics":["4ce88ca1-a52a-4ae9-8ddc-333c0c104bb0"],"nestedLegend":false,"numberDisplay":"percent","percentDecimals":2,"primaryGroups":["bdbce8d3-4662-4ffc-8c82-dd7b870ddfda"],"secondaryGroups":[],"showValuesInLegend":true,"truncateLegend":true}],"palette":{"name":"kibana_palette","type":"palette"},"shape":"donut"}},"title":"Miniprint - Event Types - Top 10","visualizationType":"lnsPie"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"508226b3-8ca7-48e2-89fb-18ea9a01eb14","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-8558b1bb-ff6d-496c-835a-f25e40627376","type":"index-pattern"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"},{"id":"676894ac-8dc6-4b98-badb-db2ea992ebbb","name":"tag-ref-676894ac-8dc6-4b98-badb-db2ea992ebbb","type":"tag"}],"sort":[1767638649249,8589935020],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"Wzk3LDFd"}
{"attributes":{"color":"#cce0f7","description":"","name":"H0neytr4p"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"50d4872d-45a3-4e23-97c0-2cbbe59fa5f2","managed":false,"references":[],"sort":[1767638649249,29],"type":"tag","typeMigrationVersion":"8.0.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzMzLDFd"}
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"cd8af2ab-b369-4cd2-8828-506fce272a12":{"columnOrder":["e27e73f4-72fb-4733-9779-001686326f79","646f574d-5618-4fe9-a3eb-e59d1fc51e58","d1478f53-6a6c-40cc-a15c-c15dd29fc173","8b92bb85-1aec-484d-b890-808d887ea714"],"columns":{"646f574d-5618-4fe9-a3eb-e59d1fc51e58":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Attacks","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"},"8b92bb85-1aec-484d-b890-808d887ea714":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Unique HASSHs","operationType":"unique_count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"hassh.keyword"},"d1478f53-6a6c-40cc-a15c-c15dd29fc173":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Unique Src IPs","operationType":"unique_count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"src_ip.keyword"},"e27e73f4-72fb-4733-9779-001686326f79":{"customLabel":true,"dataType":"date","isBucketed":true,"label":"Timestamp","operationType":"date_histogram","params":{"dropPartials":true,"includeEmptyRows":false,"interval":"auto"},"scale":"interval","sourceField":"@timestamp"}},"ignoreGlobalFilters":false,"incompleteColumns":{}}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"kuery","query":"type.keyword:\"Cowrie\""},"visualization":{"axisTitlesVisibilitySettings":{"x":false,"yLeft":false,"yRight":true},"curveType":"LINEAR","fittingFunction":"Zero","gridlinesVisibilitySettings":{"x":false,"yLeft":false,"yRight":true},"labelsOrientation":{"x":0,"yLeft":0,"yRight":-90},"layers":[{"accessors":["646f574d-5618-4fe9-a3eb-e59d1fc51e58","d1478f53-6a6c-40cc-a15c-c15dd29fc173","8b92bb85-1aec-484d-b890-808d887ea714"],"isHistogram":true,"layerId":"cd8af2ab-b369-4cd2-8828-506fce272a12","layerType":"data","palette":{"name":"kibana_palette","type":"palette"},"seriesType":"line","simpleView":false,"xAccessor":"e27e73f4-72fb-4733-9779-001686326f79","xScaleType":"time","yConfig":[{"axisMode":"left","forAccessor":"646f574d-5618-4fe9-a3eb-e59d1fc51e58"},{"axisMode":"left","forAccessor":"d1478f53-6a6c-40cc-a15c-c15dd29fc173"},{"axisMode":"left","forAccessor":"8b92bb85-1aec-484d-b890-808d887ea714"}]}],"legend":{"isVisible":true,"legendSize":"auto","maxLines":1,"position":"right","shouldTruncate":true,"showSingleSeries":true},"preferredSeriesType":"bar_stacked","showCurrentTimeMarker":false,"tickLabelsVisibilitySettings":{"x":true,"yLeft":true,"yRight":true},"valueLabels":"hide","valuesInLegend":false,"xTitle":"Timestamp","yLeftExtent":{"enforce":true,"mode":"full"},"yLeftScale":"sqrt","yRightScale":"linear","yTitle":"Attacks"}},"title":"Cowrie Attacks Histogram","visualizationType":"lnsXY"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"50ec1605-14ff-4562-a6df-9c92e8dccdd4","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-cd8af2ab-b369-4cd2-8828-506fce272a12","type":"index-pattern"},{"id":"9fc921b0-8ebb-11ec-82b5-d375cfa90394","name":"tag-ref-9fc921b0-8ebb-11ec-82b5-d375cfa90394","type":"tag"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"}],"sort":[1767638649249,8589935024],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"Wzk4LDFd"}
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"3f367b43-e4c2-47ad-96a8-56bf953c93e0":{"columnOrder":["77456073-c862-43b1-a84e-7dd131d7c7d8","01f155ac-9a95-4891-b1f4-1826ba649c83"],"columns":{"01f155ac-9a95-4891-b1f4-1826ba649c83":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Count","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"},"77456073-c862-43b1-a84e-7dd131d7c7d8":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"sip_method.keyword: Descending","operationType":"terms","params":{"accuracyMode":true,"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"01f155ac-9a95-4891-b1f4-1826ba649c83","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"size":10},"scale":"ordinal","sourceField":"sip_method.keyword"}},"ignoreGlobalFilters":false,"incompleteColumns":{}}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"kuery","query":"type : Sentrypeer"},"visualization":{"layers":[{"categoryDisplay":"hide","emptySizeRatio":0.3,"layerId":"3f367b43-e4c2-47ad-96a8-56bf953c93e0","layerType":"data","legendDisplay":"show","legendMaxLines":1,"legendPosition":"right","legendSize":"auto","metrics":["01f155ac-9a95-4891-b1f4-1826ba649c83"],"nestedLegend":false,"numberDisplay":"percent","percentDecimals":0,"primaryGroups":["77456073-c862-43b1-a84e-7dd131d7c7d8"],"secondaryGroups":[],"showValuesInLegend":true,"truncateLegend":true}],"palette":{"name":"kibana_palette","type":"palette"},"shape":"donut"}},"title":"Sentrypeer - SIP Method Pie - Top 10","visualizationType":"lnsPie"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"50f07365-4073-42e1-b2d6-1f783ad37dc4","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-3f367b43-e4c2-47ad-96a8-56bf953c93e0","type":"index-pattern"},{"id":"eca457c0-9631-11ec-8535-97c455858195","name":"tag-ref-eca457c0-9631-11ec-8535-97c455858195","type":"tag"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"}],"sort":[1767638649249,8589935028],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"Wzk5LDFd"}
{"attributes":{"color":"#e227e1","description":"","name":"Glutton"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"c66acf80-8ebb-11ec-82b5-d375cfa90394","managed":false,"references":[],"sort":[1767638649249,30],"type":"tag","typeMigrationVersion":"8.0.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzM0LDFd"}
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"cb9ad1fd-d0dd-4f55-9693-679800d816d7":{"columnOrder":["bfc890be-fa66-4af8-88e5-dcb4f4423cd6","46c0471b-ecc5-4de0-bd60-64bf93b4d680"],"columns":{"46c0471b-ecc5-4de0-bd60-64bf93b4d680":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Count","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"},"bfc890be-fa66-4af8-88e5-dcb4f4423cd6":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"method.keyword: Descending","operationType":"terms","params":{"accuracyMode":true,"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"46c0471b-ecc5-4de0-bd60-64bf93b4d680","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"size":10},"scale":"ordinal","sourceField":"method.keyword"}},"ignoreGlobalFilters":false,"incompleteColumns":{}}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"kuery","query":"type.keyword:\"Glutton\""},"visualization":{"layers":[{"categoryDisplay":"hide","emptySizeRatio":0.3,"layerId":"cb9ad1fd-d0dd-4f55-9693-679800d816d7","layerType":"data","legendDisplay":"show","legendMaxLines":1,"legendPosition":"right","legendSize":"auto","metrics":["46c0471b-ecc5-4de0-bd60-64bf93b4d680"],"nestedLegend":true,"numberDisplay":"percent","percentDecimals":0,"primaryGroups":["bfc890be-fa66-4af8-88e5-dcb4f4423cd6"],"secondaryGroups":[],"showValuesInLegend":true,"truncateLegend":true}],"palette":{"name":"kibana_palette","type":"palette"},"shape":"donut"}},"title":"Glutton Method","visualizationType":"lnsPie"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"51383fd9-721b-4378-b2d5-8a9d7a3660f2","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-cb9ad1fd-d0dd-4f55-9693-679800d816d7","type":"index-pattern"},{"id":"c66acf80-8ebb-11ec-82b5-d375cfa90394","name":"tag-ref-c66acf80-8ebb-11ec-82b5-d375cfa90394","type":"tag"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"}],"sort":[1767638649249,8589935032],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzEwMCwxXQ=="}
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"44764254-d3d3-4ec5-b402-7eaec15fcb58":{"columnOrder":["ccdc075a-2164-48c1-8fa2-7227b958f041","e2920dca-0e60-449a-b92a-fb29ac9f792c"],"columns":{"ccdc075a-2164-48c1-8fa2-7227b958f041":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"dns_name.keyword: Descending","operationType":"terms","params":{"accuracyMode":true,"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"e2920dca-0e60-449a-b92a-fb29ac9f792c","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"size":5},"scale":"ordinal","sourceField":"dns_name.keyword"},"e2920dca-0e60-449a-b92a-fb29ac9f792c":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Count","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"}},"ignoreGlobalFilters":false,"incompleteColumns":{}}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"kuery","query":"type.keyword:\"Ddospot\""},"visualization":{"layers":[{"categoryDisplay":"hide","emptySizeRatio":0.3,"layerId":"44764254-d3d3-4ec5-b402-7eaec15fcb58","layerType":"data","legendDisplay":"show","legendMaxLines":1,"legendPosition":"right","legendSize":"auto","metrics":["e2920dca-0e60-449a-b92a-fb29ac9f792c"],"nestedLegend":false,"numberDisplay":"percent","percentDecimals":0,"primaryGroups":["ccdc075a-2164-48c1-8fa2-7227b958f041"],"secondaryGroups":[],"showValuesInLegend":true,"truncateLegend":true}],"palette":{"name":"kibana_palette","type":"palette"},"shape":"donut"}},"title":"Ddospot - DNS Name","visualizationType":"lnsPie"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"c25c5be6-a304-4f24-b730-7a209ac1d0b3","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-44764254-d3d3-4ec5-b402-7eaec15fcb58","type":"index-pattern"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"},{"id":"a2e2bdc0-8ebb-11ec-82b5-d375cfa90394","name":"tag-ref-a2e2bdc0-8ebb-11ec-82b5-d375cfa90394","type":"tag"}],"sort":[1767638649249,8589935036],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzEwMSwxXQ=="}
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"1a8a1ae2-7b0c-4fda-9f32-ba2979cd086a":{"columnOrder":["a8c5f039-f7ab-4b28-bb97-d260ed2f14b0","e26b272d-a156-4a0c-9d38-9f4384aec888","c0c71298-7961-4c65-9867-0c9ea8d2d73b"],"columns":{"a8c5f039-f7ab-4b28-bb97-d260ed2f14b0":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"Request Packet","operationType":"terms","params":{"accuracyMode":true,"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"c0c71298-7961-4c65-9867-0c9ea8d2d73b","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"size":10},"scale":"ordinal","sourceField":"req_pkt.keyword"},"c0c71298-7961-4c65-9867-0c9ea8d2d73b":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Count","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"},"e26b272d-a156-4a0c-9d38-9f4384aec888":{"customLabel":true,"dataType":"number","isBucketed":true,"label":"Destination Port","operationType":"terms","params":{"accuracyMode":true,"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"c0c71298-7961-4c65-9867-0c9ea8d2d73b","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"size":10},"scale":"ordinal","sourceField":"dest_port"}},"ignoreGlobalFilters":false,"incompleteColumns":{}}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"kuery","query":"type:\"Ddospot\""},"visualization":{"columns":[{"alignment":"left","columnId":"c0c71298-7961-4c65-9867-0c9ea8d2d73b"},{"alignment":"left","columnId":"a8c5f039-f7ab-4b28-bb97-d260ed2f14b0"},{"alignment":"left","columnId":"e26b272d-a156-4a0c-9d38-9f4384aec888"}],"headerRowHeight":"single","layerId":"1a8a1ae2-7b0c-4fda-9f32-ba2979cd086a","layerType":"data","paging":{"enabled":true,"size":10},"rowHeight":"single"}},"title":"Ddospot Request Packet - Top 10","visualizationType":"lnsDatatable"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"9ae9984f-968a-4033-bc1c-9e94f1945123","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-1a8a1ae2-7b0c-4fda-9f32-ba2979cd086a","type":"index-pattern"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"},{"id":"a2e2bdc0-8ebb-11ec-82b5-d375cfa90394","name":"tag-ref-a2e2bdc0-8ebb-11ec-82b5-d375cfa90394","type":"tag"}],"sort":[1767638649249,8589935040],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzEwMiwxXQ=="}
{"attributes":{"description":"Ddospot Dashboard","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"type : Ddospot\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":true,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":0,\"w\":14,\"h\":7,\"i\":\"bbbce785-8a1c-420c-a8b4-7b47e384ec6a\"},\"panelIndex\":\"bbbce785-8a1c-420c-a8b4-7b47e384ec6a\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_bbbce785-8a1c-420c-a8b4-7b47e384ec6a\"},{\"type\":\"lens\",\"gridData\":{\"x\":14,\"y\":0,\"w\":10,\"h\":7,\"i\":\"72b79e31-480b-48ca-a871-b71060fb4bc8\"},\"panelIndex\":\"72b79e31-480b-48ca-a871-b71060fb4bc8\",\"embeddableConfig\":{\"enhancements\":{},\"attributes\":{\"title\":\"Attacks - Dynamic\",\"description\":\"\",\"visualizationType\":\"lnsMetric\",\"state\":{\"visualization\":{\"layerId\":\"a3575b87-f059-46f0-8a02-7e287afa4ef5\",\"layerType\":\"data\",\"metricAccessor\":\"0959c753-3318-4147-82ea-db6250b91680\",\"showBar\":true,\"secondaryMetricAccessor\":\"132a2ca5-f458-4fbf-ba20-3f6a5009236f\",\"trendlineSecondaryMetricAccessor\":\"390ca20b-f017-47e4-a099-5a52eefd563d\",\"maxAccessor\":\"92344288-8021-4581-92bd-bd4dab40aa2f\",\"palette\":{\"name\":\"custom\",\"type\":\"palette\",\"params\":{\"steps\":3,\"name\":\"custom\",\"reverse\":false,\"rangeType\":\"percent\",\"rangeMin\":null,\"rangeMax\":null,\"progression\":\"fixed\",\"stops\":[{\"color\":\"#209280\",\"stop\":50},{\"color\":\"#d6bf57\",\"stop\":100},{\"color\":\"#cc5642\",\"stop\":101}],\"colorStops\":[{\"color\":\"#209280\",\"stop\":null},{\"color\":\"#d6bf57\",\"stop\":50},{\"color\":\"#cc5642\",\"stop\":100}],\"continuity\":\"all\",\"maxSteps\":5}}},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"a3575b87-f059-46f0-8a02-7e287afa4ef5\":{\"columns\":{\"0959c753-3318-4147-82ea-db6250b91680\":{\"label\":\"Attacks\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true},\"customLabel\":true},\"132a2ca5-f458-4fbf-ba20-3f6a5009236f\":{\"label\":\"Unique Src IPs\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"src_ip.keyword\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":true},\"customLabel\":true},\"92344288-8021-4581-92bd-bd4dab40aa2f\":{\"label\":\"Count of records -1d\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"timeShift\":\"1d\",\"params\":{\"emptyAsNull\":true}}},\"columnOrder\":[\"0959c753-3318-4147-82ea-db6250b91680\",\"132a2ca5-f458-4fbf-ba20-3f6a5009236f\",\"92344288-8021-4581-92bd-bd4dab40aa2f\"],\"sampling\":1,\"ignoreGlobalFilters\":false,\"incompleteColumns\":{},\"indexPatternId\":\"logstash-*\"}},\"currentIndexPatternId\":\"logstash-*\"},\"indexpattern\":{\"layers\":{}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}},\"references\":[{\"type\":\"index-pattern\",\"id\":\"logstash-*\",\"name\":\"indexpattern-datasource-layer-a3575b87-f059-46f0-8a02-7e287afa4ef5\"}],\"type\":\"lens\"},\"hidePanelTitles\":true},\"panelRefName\":\"panel_72b79e31-480b-48ca-a871-b71060fb4bc8\"},{\"type\":\"map\",\"gridData\":{\"x\":24,\"y\":0,\"w\":24,\"h\":17,\"i\":\"1b273bdb-373d-4fcd-a8a7-39d2211afd30\"},\"panelIndex\":\"1b273bdb-373d-4fcd-a8a7-39d2211afd30\",\"embeddableConfig\":{\"mapCenter\":{\"lat\":37.25504,\"lon\":-3.8707,\"zoom\":1.5},\"mapBuffer\":{\"minLon\":-180,\"minLat\":-66.51326,\"maxLon\":180,\"maxLat\":85.05113},\"isLayerTOCOpen\":false,\"openTOCDetails\":[],\"hiddenLayers\":[],\"enhancements\":{}},\"panelRefName\":\"panel_1b273bdb-373d-4fcd-a8a7-39d2211afd30\"},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":7,\"w\":24,\"h\":10,\"i\":\"35b54717-9f10-4a58-80a1-671a6421029a\"},\"panelIndex\":\"35b54717-9f10-4a58-80a1-671a6421029a\",\"embeddableConfig\":{\"enhanceme
{"attributes":{"columns":["_source"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"type:\\\"CitrixHoneypot\\\"\",\"language\":\"lucene\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"tabs":[{"attributes":{"columns":["_source"],"hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"type:\\\"CitrixHoneypot\\\"\",\"language\":\"lucene\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"version":1},"id":"50df5268-ed6a-49bc-892d-dac17ebfe4b6","label":"Untitled"}],"title":"CitrixHoneypot-Logs","version":1},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"53002930-3875-11ea-8891-53245875dffb","managed":false,"references":[{"id":"logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1767638649249,8589935060],"type":"search","typeMigrationVersion":"10.9.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzEwNCwxXQ=="}
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"bfafee1a-b451-488c-86c4-6339ca820c47":{"columnOrder":["22511af1-1901-4b09-b4d4-6eb19397b046","32d5bbb1-f86a-434e-98ed-d94807acb55c","e2855506-598b-4af6-8b17-76a2acd3429d"],"columns":{"22511af1-1901-4b09-b4d4-6eb19397b046":{"customLabel":true,"dataType":"number","isBucketed":true,"label":"ID","operationType":"terms","params":{"accuracyMode":true,"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"e2855506-598b-4af6-8b17-76a2acd3429d","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"size":10},"scale":"ordinal","sourceField":"alert.signature_id"},"32d5bbb1-f86a-434e-98ed-d94807acb55c":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"Description","operationType":"terms","params":{"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"e2855506-598b-4af6-8b17-76a2acd3429d","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"size":10},"scale":"ordinal","sourceField":"alert.signature.keyword"},"e2855506-598b-4af6-8b17-76a2acd3429d":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Count","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"}},"ignoreGlobalFilters":false,"incompleteColumns":{}}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"kuery","query":"type : Suricata"},"visualization":{"columns":[{"alignment":"left","columnId":"e2855506-598b-4af6-8b17-76a2acd3429d"},{"alignment":"left","columnId":"22511af1-1901-4b09-b4d4-6eb19397b046","width":149.66666666666669},{"alignment":"left","columnId":"32d5bbb1-f86a-434e-98ed-d94807acb55c","width":511.66666666666663}],"headerRowHeight":"single","layerId":"bfafee1a-b451-488c-86c4-6339ca820c47","layerType":"data","paging":{"enabled":true,"size":10},"rowHeight":"single"}},"title":"Suricata Alert Signature - Top 10","visualizationType":"lnsDatatable"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"532b150a-a379-4874-8385-9a63f1dc4e8e","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-bfafee1a-b451-488c-86c4-6339ca820c47","type":"index-pattern"},{"id":"1324d6e0-8ebc-11ec-82b5-d375cfa90394","name":"tag-ref-1324d6e0-8ebc-11ec-82b5-d375cfa90394","type":"tag"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"}],"sort":[1767638649249,8589935064],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzEwNSwxXQ=="}
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"50aff316-b0ff-42be-848e-f3c7d32c7624":{"columnOrder":["b6df16c7-2c40-4e25-85ce-4aee0860d04a","48bc3f35-888a-4a7c-ac9f-09521b5aaad2"],"columns":{"48bc3f35-888a-4a7c-ac9f-09521b5aaad2":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Count","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"},"b6df16c7-2c40-4e25-85ce-4aee0860d04a":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"headers.accept_language.keyword: Descending","operationType":"terms","params":{"accuracyMode":true,"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"48bc3f35-888a-4a7c-ac9f-09521b5aaad2","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"size":10},"scale":"ordinal","sourceField":"headers.accept_language.keyword"}},"ignoreGlobalFilters":false,"incompleteColumns":{}}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"kuery","query":"type : Tanner"},"visualization":{"layers":[{"categoryDisplay":"hide","emptySizeRatio":0.3,"layerId":"50aff316-b0ff-42be-848e-f3c7d32c7624","layerType":"data","legendDisplay":"show","legendMaxLines":1,"legendPosition":"right","legendSize":"auto","metrics":["48bc3f35-888a-4a7c-ac9f-09521b5aaad2"],"nestedLegend":true,"numberDisplay":"percent","percentDecimals":0,"primaryGroups":["b6df16c7-2c40-4e25-85ce-4aee0860d04a"],"secondaryGroups":[],"showValuesInLegend":true,"truncateLegend":true}],"palette":{"name":"kibana_palette","type":"palette"},"shape":"donut"}},"title":"Tanner HTTP Language Pie - Top 10","visualizationType":"lnsPie"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"537fd65b-2487-4aa2-b9ec-85b068b07ce5","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-50aff316-b0ff-42be-848e-f3c7d32c7624","type":"index-pattern"},{"id":"16459ee0-8ebc-11ec-82b5-d375cfa90394","name":"tag-ref-16459ee0-8ebc-11ec-82b5-d375cfa90394","type":"tag"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"}],"sort":[1767638649249,8589935068],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzEwNiwxXQ=="}
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"6373f697-e61e-4edf-9cae-b96e6b7d74f8":{"columnOrder":["2b9c8550-ab67-4c1c-b2b1-526865f45608","a6ae77bd-5f35-4119-9c20-436cd8271c97","3e7688c9-0ba8-4dc2-b707-88a1131c8185","ac11053f-9aa2-4e0e-b184-85294c9bc478"],"columns":{"2b9c8550-ab67-4c1c-b2b1-526865f45608":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"Payload Printable","operationType":"terms","params":{"accuracyMode":true,"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"ac11053f-9aa2-4e0e-b184-85294c9bc478","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"size":10},"scale":"ordinal","sourceField":"payload.keyword"},"3e7688c9-0ba8-4dc2-b707-88a1131c8185":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"Trapped Reason","operationType":"terms","params":{"accuracyMode":true,"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"ac11053f-9aa2-4e0e-b184-85294c9bc478","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"size":1},"scale":"ordinal","sourceField":"trapped_for.keyword"},"a6ae77bd-5f35-4119-9c20-436cd8271c97":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"Trapped","operationType":"terms","params":{"accuracyMode":true,"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"ac11053f-9aa2-4e0e-b184-85294c9bc478","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"size":1},"scale":"ordinal","sourceField":"trapped.keyword"},"ac11053f-9aa2-4e0e-b184-85294c9bc478":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Count","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"}},"ignoreGlobalFilters":false,"incompleteColumns":{}}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"kuery","query":"type : H0neytr4p"},"visualization":{"columns":[{"alignment":"left","colorMode":"text","columnId":"ac11053f-9aa2-4e0e-b184-85294c9bc478","palette":{"name":"status","params":{"continuity":"above","name":"status","rangeMax":null,"rangeMin":0,"reverse":false,"stops":[{"color":"#209280","stop":0},{"color":"#54b399","stop":20},{"color":"#d6bf57","stop":40},{"color":"#e7664c","stop":60},{"color":"#cc5642","stop":80}]},"type":"palette"}},{"columnId":"2b9c8550-ab67-4c1c-b2b1-526865f45608","isMetric":false,"isTransposed":false},{"columnId":"a6ae77bd-5f35-4119-9c20-436cd8271c97","isMetric":false,"isTransposed":false},{"columnId":"3e7688c9-0ba8-4dc2-b707-88a1131c8185","isMetric":false,"isTransposed":false}],"headerRowHeight":"single","headerRowHeightLines":1,"layerId":"6373f697-e61e-4edf-9cae-b96e6b7d74f8","layerType":"data","paging":{"enabled":true,"size":10},"rowHeight":"auto"}},"title":"H0neytr4p Payload Printable - Top 10","visualizationType":"lnsDatatable"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"54b3b7d4-679d-438a-a9f5-616d4cd2b6b5","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-6373f697-e61e-4edf-9cae-b96e6b7d74f8","type":"index-pattern"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"},{"id":"50d4872d-45a3-4e23-97c0-2cbbe59fa5f2","name":"tag-ref-50d4872d-45a3-4e23-97c0-2cbbe59fa5f2","type":"tag"}],"sort":[1767638649249,8589935072],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzEwNywxXQ=="}
{"attributes":{"color":"#4cac56","description":"","name":"Ciscoasa"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"8b57d320-8ebb-11ec-82b5-d375cfa90394","managed":false,"references":[],"sort":[1767638649249,31],"type":"tag","typeMigrationVersion":"8.0.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzM1LDFd"}
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"f48f106a-f68c-48f7-a823-9b3d6128ae28":{"columnOrder":["81f12078-df4b-46bd-9507-b1514a03f4b5","b67f1b10-f2e1-4384-812b-deabc2aa4197","353e9caf-5789-409d-ad9c-28eea23ac925","4a93b1ca-883d-497d-93ca-2e3cefc8484d"],"columns":{"353e9caf-5789-409d-ad9c-28eea23ac925":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Attacks","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"},"4a93b1ca-883d-497d-93ca-2e3cefc8484d":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Unique Src IPs","operationType":"unique_count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"src_ip.keyword"},"81f12078-df4b-46bd-9507-b1514a03f4b5":{"customLabel":true,"dataType":"date","isBucketed":true,"label":"Timestamp","operationType":"date_histogram","params":{"dropPartials":true,"includeEmptyRows":false,"interval":"auto"},"scale":"interval","sourceField":"@timestamp"},"b67f1b10-f2e1-4384-812b-deabc2aa4197":{"dataType":"string","isBucketed":true,"label":"Filters","operationType":"filters","params":{"filters":[{"input":{"language":"lucene","query":"*"},"label":"All"},{"input":{"language":"lucene","query":"src_port:*"},"label":"Exploit"}]},"scale":"ordinal"}},"ignoreGlobalFilters":false,"incompleteColumns":{}}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"kuery","query":"type : Ciscoasa"},"visualization":{"axisTitlesVisibilitySettings":{"x":false,"yLeft":false,"yRight":true},"curveType":"LINEAR","fittingFunction":"Zero","gridlinesVisibilitySettings":{"x":false,"yLeft":false,"yRight":true},"labelsOrientation":{"x":0,"yLeft":0,"yRight":-90},"layers":[{"accessors":["353e9caf-5789-409d-ad9c-28eea23ac925","4a93b1ca-883d-497d-93ca-2e3cefc8484d"],"isHistogram":true,"layerId":"f48f106a-f68c-48f7-a823-9b3d6128ae28","layerType":"data","palette":{"name":"kibana_palette","type":"palette"},"seriesType":"line","simpleView":false,"splitAccessor":"b67f1b10-f2e1-4384-812b-deabc2aa4197","xAccessor":"81f12078-df4b-46bd-9507-b1514a03f4b5","xScaleType":"time","yConfig":[{"axisMode":"left","forAccessor":"353e9caf-5789-409d-ad9c-28eea23ac925"},{"axisMode":"left","forAccessor":"4a93b1ca-883d-497d-93ca-2e3cefc8484d"}]}],"legend":{"isVisible":true,"legendSize":"auto","maxLines":1,"position":"right","shouldTruncate":true,"showSingleSeries":true},"preferredSeriesType":"bar_stacked","showCurrentTimeMarker":false,"tickLabelsVisibilitySettings":{"x":true,"yLeft":true,"yRight":true},"valueLabels":"hide","valuesInLegend":false,"yLeftExtent":{"enforce":true,"mode":"full"},"yLeftScale":"sqrt","yRightScale":"linear","yTitle":""}},"title":"Ciscoasa Attacks Histogram","visualizationType":"lnsXY"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"96ff7109-2cbe-4b20-a621-cde6f8dd72d1","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-f48f106a-f68c-48f7-a823-9b3d6128ae28","type":"index-pattern"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"},{"id":"8b57d320-8ebb-11ec-82b5-d375cfa90394","name":"tag-ref-8b57d320-8ebb-11ec-82b5-d375cfa90394","type":"tag"}],"sort":[1767638649249,8589935076],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzEwOCwxXQ=="}
{"attributes":{"description":"Ciscoasa Dashboard","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"type : Ciscoasa\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":true,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":7,\"w\":24,\"h\":10,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":0,\"w\":14,\"h\":7,\"i\":\"53a01b55-a5fd-41f1-86d3-158c80ef3dc6\"},\"panelIndex\":\"53a01b55-a5fd-41f1-86d3-158c80ef3dc6\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_53a01b55-a5fd-41f1-86d3-158c80ef3dc6\"},{\"type\":\"lens\",\"gridData\":{\"x\":14,\"y\":0,\"w\":10,\"h\":7,\"i\":\"49ea76dd-e247-424b-a651-829173b2febb\"},\"panelIndex\":\"49ea76dd-e247-424b-a651-829173b2febb\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true},\"panelRefName\":\"panel_49ea76dd-e247-424b-a651-829173b2febb\"},{\"type\":\"map\",\"gridData\":{\"x\":24,\"y\":0,\"w\":24,\"h\":17,\"i\":\"6fa47ece-f3f7-4f69-91c5-894f49c93c53\"},\"panelIndex\":\"6fa47ece-f3f7-4f69-91c5-894f49c93c53\",\"embeddableConfig\":{\"mapCenter\":{\"lat\":50.25817,\"lon\":-36.411,\"zoom\":2.13},\"mapBuffer\":{\"minLon\":-135,\"minLat\":0,\"maxLon\":45,\"maxLat\":79.17133},\"isLayerTOCOpen\":false,\"openTOCDetails\":[],\"hiddenLayers\":[],\"enhancements\":{}},\"panelRefName\":\"panel_6fa47ece-f3f7-4f69-91c5-894f49c93c53\"},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":17,\"w\":12,\"h\":10,\"i\":\"7a01827e-51c2-45f9-8e34-4582325883a1\"},\"panelIndex\":\"7a01827e-51c2-45f9-8e34-4582325883a1\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7a01827e-51c2-45f9-8e34-4582325883a1\"},{\"type\":\"lens\",\"gridData\":{\"x\":12,\"y\":17,\"w\":12,\"h\":10,\"i\":\"f2356849-3c7a-43dd-818a-de0f76dc2c43\"},\"panelIndex\":\"f2356849-3c7a-43dd-818a-de0f76dc2c43\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_f2356849-3c7a-43dd-818a-de0f76dc2c43\"},{\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":17,\"w\":24,\"h\":10,\"i\":\"8c064f4d-486a-4847-a2bd-5d3580ac329d\"},\"panelIndex\":\"8c064f4d-486a-4847-a2bd-5d3580ac329d\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_8c064f4d-486a-4847-a2bd-5d3580ac329d\"},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":27,\"w\":24,\"h\":17,\"i\":\"88236000-4ab7-430a-ad5b-71887485c843\"},\"panelIndex\":\"88236000-4ab7-430a-ad5b-71887485c843\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_88236000-4ab7-430a-ad5b-71887485c843\"},{\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":27,\"w\":24,\"h\":17,\"i\":\"adc79551-f41f-4398-a5e6-fd6ecadce67f\"},\"panelIndex\":\"adc79551-f41f-4398-a5e6-fd6ecadce67f\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_adc79551-f41f-4398-a5e6-fd6ecadce67f\"}]","refreshInterval":{"pause":false,"value":60000},"timeFrom":"now-24h","timeRestore":true,"timeTo":"now","title":"Ciscoasa","version":1},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"54d8c6a0-dec0-11e8-87cf-239397d2b8d3","managed":false,"references":[{"id":"96ff7109-2cbe-4b20-a621-cde6f8dd72d1","name":"2:panel_2","type":"lens"},{"id":"c6fae7be-5ac1-428d-958a-eb1964375d3b","name":"53a01b55-a5fd-41f1-86d3-158c80ef3dc6:panel_53a01b55-a5fd-41f1-86d3-158c80ef3dc6","type":"lens"},{"id":"95a453e7-090e-477b-af3e-2bd66c2928a4","name":"49ea76dd-e247-424b-a651-829173b2febb:panel_49ea76dd-e247-424b-a651-829173b2febb","type":"lens"},{"id":"5c377b80-8f48-11ec-98cd-292aebe8beaf","name":"6fa47ece-f3f7-4f69-91c5-894f49c93c53:panel_6fa47ece-f3f7-4f69-91c5-894f49c93c53","type":"map"},{"id":"95294891-02b8-431c-b4fe-e75ef2b8cf28","name":"7a01827e-51c2-45f9-8e34-4582325883a1:panel_7a01827e-51c2-45f9-8e34-4582325883a1","type":"lens"},{"id":"c2873f3f-b786-4ee4-a1b7-706a1a393ca6","name":"f2356849-3c7a-43dd-818a-de0f76dc2c43:panel_f2356849-3c7a-43dd-818a-de0f76dc2c43","type":"lens"},{"id":"ca1c6fe4-008d-45
{"attributes":{"columns":["_source"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"type:\\\"Adbhoney\\\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"tabs":[{"attributes":{"columns":["_source"],"hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"type:\\\"Adbhoney\\\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"version":1},"id":"d139f84b-2161-47d7-9776-2521ad161a37","label":"Untitled"}],"title":"Adbhoney-Logs","version":1},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"557c7d60-f8ae-11e8-ad78-0555bc917463","managed":false,"references":[{"id":"logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1767638649249,8589935090],"type":"search","typeMigrationVersion":"10.9.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzExMCwxXQ=="}
{"attributes":{"columns":["_source"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"type:\\\"Dicompot\\\"\",\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"filter\":[]}"},"sort":[],"tabs":[{"attributes":{"columns":["_source"],"hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"type:\\\"Dicompot\\\"\",\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"filter\":[]}"},"sort":[],"version":1},"id":"0f6864fa-57bf-4687-8287-511bd2ab15ed","label":"Untitled"}],"title":"Dicompot-Logs","version":1},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"58a6ef60-b622-11ea-b09e-0955921226b1","managed":false,"references":[{"id":"logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1767638649249,8589935092],"type":"search","typeMigrationVersion":"10.9.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzExMSwxXQ=="}
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"22ac654c-048c-42ba-a04e-09bc18a7acfb":{"columnOrder":["b93c4549-8c83-4d84-97a2-76b54e01e863","46e5239d-d0bc-4de9-b751-f52b6f9a8fe6","fbc22e54-cdd1-47e4-8f89-35aeaca3637e"],"columns":{"46e5239d-d0bc-4de9-b751-f52b6f9a8fe6":{"customLabel":true,"dataType":"date","isBucketed":true,"label":"Timestamp","operationType":"date_histogram","params":{"dropPartials":true,"includeEmptyRows":false,"interval":"auto"},"scale":"interval","sourceField":"@timestamp"},"b93c4549-8c83-4d84-97a2-76b54e01e863":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"alert.category.keyword: Descending","operationType":"terms","params":{"accuracyMode":true,"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"fbc22e54-cdd1-47e4-8f89-35aeaca3637e","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"size":5},"scale":"ordinal","sourceField":"alert.category.keyword"},"fbc22e54-cdd1-47e4-8f89-35aeaca3637e":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Attacks","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"}},"ignoreGlobalFilters":false,"incompleteColumns":{}}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"kuery","query":"type : Suricata"},"visualization":{"axisTitlesVisibilitySettings":{"x":false,"yLeft":false,"yRight":true},"curveType":"LINEAR","gridlinesVisibilitySettings":{"x":false,"yLeft":false,"yRight":true},"labelsOrientation":{"x":0,"yLeft":0,"yRight":-90},"layers":[{"accessors":["fbc22e54-cdd1-47e4-8f89-35aeaca3637e"],"isHistogram":true,"layerId":"22ac654c-048c-42ba-a04e-09bc18a7acfb","layerType":"data","palette":{"name":"kibana_palette","type":"palette"},"seriesType":"bar_stacked","simpleView":false,"splitAccessor":"b93c4549-8c83-4d84-97a2-76b54e01e863","xAccessor":"46e5239d-d0bc-4de9-b751-f52b6f9a8fe6","xScaleType":"time","yConfig":[{"axisMode":"left","forAccessor":"fbc22e54-cdd1-47e4-8f89-35aeaca3637e"}]}],"legend":{"isVisible":true,"legendSize":"auto","maxLines":1,"position":"right","shouldTruncate":true,"showSingleSeries":true},"preferredSeriesType":"bar_stacked","showCurrentTimeMarker":false,"tickLabelsVisibilitySettings":{"x":true,"yLeft":true,"yRight":true},"valueLabels":"hide","valuesInLegend":false,"xTitle":"Timestamp","yLeftExtent":{"enforce":true,"mode":"full"},"yLeftScale":"sqrt","yRightScale":"linear","yTitle":"Attacks"}},"title":"Suricata Alert Category Histogram","visualizationType":"lnsXY"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"59847638-da13-4308-bd01-22a176c289af","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-22ac654c-048c-42ba-a04e-09bc18a7acfb","type":"index-pattern"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"},{"id":"1324d6e0-8ebc-11ec-82b5-d375cfa90394","name":"tag-ref-1324d6e0-8ebc-11ec-82b5-d375cfa90394","type":"tag"}],"sort":[1767638649249,8589935096],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzExMiwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"*\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"Country Port Relation - Vega","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Country Port Relation - Vega\",\"type\":\"vega\",\"aggs\":[],\"params\":{\"spec\":\"{\\n $schema: https://vega.github.io/schema/vega/v3.0.json\\n data: [\\n {\\n // query ES based on the currently selected time range and filter string\\n name: rawData\\n url: {\\n %context%: true\\n %timefield%: @timestamp\\n index: logstash-*\\n body: {\\n size: 0\\n aggs: {\\n table: {\\n composite: {\\n size: 10000\\n sources: [\\n {\\n stk1: {\\n terms: {\\n field: geoip.country_name.keyword\\n }\\n }\\n }\\n {\\n stk2: {\\n terms: {\\n field: dest_port\\n }\\n }\\n }\\n ]\\n }\\n }\\n }\\n }\\n }\\n // From the result, take just the data we are interested in\\n format: {\\n property: aggregations.table.buckets\\n }\\n // Convert key.stk1 -> stk1 for simpler access below\\n transform: [\\n {\\n type: formula\\n expr: datum.key.stk1\\n as: stk1\\n }\\n {\\n type: formula\\n expr: datum.key.stk2\\n as: stk2\\n }\\n {\\n type: formula\\n expr: datum.doc_count\\n as: size\\n }\\n ]\\n }\\n {\\n name: nodes\\n source: rawData\\n transform: [\\n // when a country is selected, filter out unrelated data\\n {\\n type: filter\\n expr: !groupSelector || groupSelector.stk1 == datum.stk1 || groupSelector.stk2 == datum.stk2\\n }\\n // Set new key for later lookups - identifies each node\\n {\\n type: formula\\n expr: datum.stk1+datum.stk2\\n as: key\\n }\\n // instead of each table row, create two new rows,\\n // one for the source (stack=stk1) and one for destination node (stack=stk2).\\n // The country code stored in stk1 and stk2 fields is placed into grpId field.\\n {\\n type: fold\\n fields: [\\n stk1\\n stk2\\n ]\\n as: [\\n stack\\n grpId\\n ]\\n }\\n // Create a sortkey, different for stk1 and stk2 stacks.\\n // Space separator ensures proper sort order in some corner cases.\\n {\\n type: formula\\n expr: datum.stack == 'stk1' ? datum.stk1+' '+datum.stk2 : datum.stk2+' '+datum.stk1\\n as: sortField\\n }\\n // Calculate y0 and y1 positions for stacking nodes one on top of the other,\\n // independently for each stack, and ensuring they are in the proper order,\\n // alphabetical from the top (reversed on the y axis)\\n {\\n type: stack\\n groupby: [\\n stack\\n ]\\n sort: {\\n field: sortField\\n order: descending\\n }\\n field: size\\n }\\n // calculate vertical center point for each node, used to draw edges\\n {\\n type: formula\\n expr: (datum.y0+datum.y1)/2\\n as: yc\\n }\\n ]\\n }\\n {\\n name: groups\\n source: nodes\\n transform: [\\n // combine all nodes into country groups, summing up the doc counts\\n {\\n type: aggregate\\n groupby: [\\n stack\\n grpId\\n ]\\n fields: [\\n size\\n ]\\n ops: [\\n sum\\n
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"b2de5a67-cd28-48f5-ae6d-32dd5b9861eb":{"columnOrder":["ef0e6e1c-dbe5-4600-a2b3-470b96af8b87","30d8a834-3d1c-4d7f-a318-1c539727d5ef"],"columns":{"30d8a834-3d1c-4d7f-a318-1c539727d5ef":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Count","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"},"ef0e6e1c-dbe5-4600-a2b3-470b96af8b87":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"request_method.keyword: Descending","operationType":"terms","params":{"accuracyMode":true,"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"30d8a834-3d1c-4d7f-a318-1c539727d5ef","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"secondaryFields":[],"size":10},"scale":"ordinal","sourceField":"command.keyword"}},"ignoreGlobalFilters":false,"incompleteColumns":{}}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"kuery","query":"type : Miniprint"},"visualization":{"layers":[{"categoryDisplay":"hide","emptySizeRatio":0.3,"layerId":"b2de5a67-cd28-48f5-ae6d-32dd5b9861eb","layerType":"data","legendDisplay":"show","legendMaxLines":1,"legendPosition":"right","legendSize":"xlarge","metrics":["30d8a834-3d1c-4d7f-a318-1c539727d5ef"],"nestedLegend":true,"numberDisplay":"percent","percentDecimals":0,"primaryGroups":["ef0e6e1c-dbe5-4600-a2b3-470b96af8b87"],"secondaryGroups":[],"showValuesInLegend":true,"truncateLegend":false}],"palette":{"name":"kibana_palette","type":"palette"},"shape":"donut"}},"title":"Miniprint - Unknown Commands - Top 10","visualizationType":"lnsPie"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"8f3669cf-3812-42e3-b443-2e7aabaa64f7","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-b2de5a67-cd28-48f5-ae6d-32dd5b9861eb","type":"index-pattern"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"},{"id":"676894ac-8dc6-4b98-badb-db2ea992ebbb","name":"tag-ref-676894ac-8dc6-4b98-badb-db2ea992ebbb","type":"tag"}],"sort":[1767638649249,8589935103],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzExNCwxXQ=="}
{"attributes":{"description":"Miniprint Dashboard","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"type : Miniprint\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":true,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":0,\"w\":14,\"h\":7,\"i\":\"db1aba6b-01ef-40e4-8791-a584de5e755c\"},\"panelIndex\":\"db1aba6b-01ef-40e4-8791-a584de5e755c\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_db1aba6b-01ef-40e4-8791-a584de5e755c\"},{\"type\":\"lens\",\"gridData\":{\"x\":14,\"y\":0,\"w\":10,\"h\":7,\"i\":\"72a50086-8935-4030-949b-85f690a8452f\"},\"panelIndex\":\"72a50086-8935-4030-949b-85f690a8452f\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_72a50086-8935-4030-949b-85f690a8452f\"},{\"type\":\"map\",\"gridData\":{\"x\":24,\"y\":0,\"w\":24,\"h\":17,\"i\":\"064ff226-742e-448e-aef8-f49a79dd853e\"},\"panelIndex\":\"064ff226-742e-448e-aef8-f49a79dd853e\",\"embeddableConfig\":{\"mapCenter\":{\"lat\":16.78895,\"lon\":-0.93306,\"zoom\":0.72},\"mapBuffer\":{\"minLon\":-360,\"minLat\":-85.05113,\"maxLon\":360,\"maxLat\":85.05113},\"isLayerTOCOpen\":false,\"openTOCDetails\":[],\"hiddenLayers\":[],\"enhancements\":{}},\"panelRefName\":\"panel_064ff226-742e-448e-aef8-f49a79dd853e\"},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":7,\"w\":24,\"h\":10,\"i\":\"c95a6fc4-7525-45d8-a301-38fa3f43e87d\"},\"panelIndex\":\"c95a6fc4-7525-45d8-a301-38fa3f43e87d\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_c95a6fc4-7525-45d8-a301-38fa3f43e87d\"},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":17,\"w\":12,\"h\":10,\"i\":\"e5043b18-ee49-4cc5-83c2-735411d7b5e5\"},\"panelIndex\":\"e5043b18-ee49-4cc5-83c2-735411d7b5e5\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_e5043b18-ee49-4cc5-83c2-735411d7b5e5\"},{\"type\":\"lens\",\"gridData\":{\"x\":12,\"y\":17,\"w\":12,\"h\":10,\"i\":\"45ee76f8-8281-4e86-8853-74404ff0b084\"},\"panelIndex\":\"45ee76f8-8281-4e86-8853-74404ff0b084\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_45ee76f8-8281-4e86-8853-74404ff0b084\"},{\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":17,\"w\":24,\"h\":10,\"i\":\"31e37ed1-c2dd-432c-99a1-ef94fe22ba8f\"},\"panelIndex\":\"31e37ed1-c2dd-432c-99a1-ef94fe22ba8f\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_31e37ed1-c2dd-432c-99a1-ef94fe22ba8f\"},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":27,\"w\":16,\"h\":10,\"i\":\"39c29a03-2eb8-4b0b-9125-6a914f2548de\"},\"panelIndex\":\"39c29a03-2eb8-4b0b-9125-6a914f2548de\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_39c29a03-2eb8-4b0b-9125-6a914f2548de\"},{\"type\":\"lens\",\"gridData\":{\"x\":16,\"y\":27,\"w\":16,\"h\":10,\"i\":\"edfb2162-e129-449f-8b6e-c2181dc4bb75\"},\"panelIndex\":\"edfb2162-e129-449f-8b6e-c2181dc4bb75\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_edfb2162-e129-449f-8b6e-c2181dc4bb75\"},{\"type\":\"lens\",\"gridData\":{\"x\":32,\"y\":27,\"w\":16,\"h\":10,\"i\":\"41f108dc-b79e-4522-b569-f138ae11bfac\"},\"panelIndex\":\"41f108dc-b79e-4522-b569-f138ae11bfac\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_41f108dc-b79e-4522-b569-f138ae11bfac\"},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":37,\"w\":16,\"h\":17,\"i\":\"407b9eaf-7fb2-4442-a3cd-dcf72374e414\"},\"panelIndex\":\"407b9eaf-7fb2-4442-a3cd-dcf72374e414\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_407b9eaf-7fb2-4442-a3cd-dcf72374e414\"},{\"type\":\"lens\",\"gridData\":{\"x\":16,\"y\":37,\"w\":12,\"h\":17,\"i\":\"9daf9de3-b4e3-4c1e-8633-e85977f938cc\"},\"panelIndex\":\"9daf9de3-b4e3-4c1e-8633-e85977f938cc\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_9daf9de3-b4e3-4c1e-8633-e85977f938cc\"},{\"type\":\"lens\",\"gridData\":{\"x\":28,\"y\":37,\"w\":20,\"h\":17,\"i\":\"7c21f271-7b8f-443e-bf90-f3f4603ee632\"},\"panelIndex\":\"7c21f271-7b8f-443e-bf90-f3f4603ee63
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"edd21aee-a186-40ac-bc7b-6c5f01170755":{"columnOrder":["50417c8c-29d5-4672-b53e-3334c5398910","2169a112-b488-44e9-a2a3-15fa3ef5681a","fb55fa80-e4a4-4545-8d47-4bbcdf0d6eac"],"columns":{"2169a112-b488-44e9-a2a3-15fa3ef5681a":{"dataType":"number","isBucketed":false,"label":"Count of records -1d","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___","timeShift":"1d"},"50417c8c-29d5-4672-b53e-3334c5398910":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Events","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"},"fb55fa80-e4a4-4545-8d47-4bbcdf0d6eac":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Unique Src IPs","operationType":"unique_count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"@version.keyword"}},"ignoreGlobalFilters":false,"incompleteColumns":{},"sampling":1}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"kuery","query":"type : NGINX"},"visualization":{"layerId":"edd21aee-a186-40ac-bc7b-6c5f01170755","layerType":"data","maxAccessor":"2169a112-b488-44e9-a2a3-15fa3ef5681a","metricAccessor":"50417c8c-29d5-4672-b53e-3334c5398910","palette":{"name":"custom","params":{"colorStops":[{"color":"#209280","stop":null},{"color":"#d6bf57","stop":50},{"color":"#cc5642","stop":100}],"continuity":"all","maxSteps":5,"name":"custom","progression":"fixed","rangeMax":null,"rangeMin":null,"rangeType":"percent","reverse":false,"steps":3,"stops":[{"color":"#209280","stop":50},{"color":"#d6bf57","stop":100},{"color":"#cc5642","stop":101}]},"type":"palette"},"progressDirection":"vertical","secondaryMetricAccessor":"fb55fa80-e4a4-4545-8d47-4bbcdf0d6eac","showBar":true}},"title":"NGINX Events","visualizationType":"lnsMetric"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"5cc4cda5-0b43-4b1c-99fc-8750e45268b7","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-edd21aee-a186-40ac-bc7b-6c5f01170755","type":"index-pattern"},{"id":"0185bb20-8ebc-11ec-82b5-d375cfa90394","name":"tag-ref-0185bb20-8ebc-11ec-82b5-d375cfa90394","type":"tag"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"}],"sort":[1767638649249,8589935123],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzExNiwxXQ=="}
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"9aa2a833-5f04-45bf-8c28-fa8dbbb3d757":{"columnOrder":["1a1e8e7d-404b-4bf1-af6d-b99f26ea9138","44f922a6-5b0e-4727-a4b0-8ee2c53fc2cf"],"columns":{"1a1e8e7d-404b-4bf1-af6d-b99f26ea9138":{"dataType":"string","isBucketed":true,"label":"Top 10 values of header_user-agent.keyword","operationType":"terms","params":{"accuracyMode":true,"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"44f922a6-5b0e-4727-a4b0-8ee2c53fc2cf","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"size":10},"scale":"ordinal","sourceField":"header_user-agent.keyword"},"44f922a6-5b0e-4727-a4b0-8ee2c53fc2cf":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Count","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"}},"ignoreGlobalFilters":false,"incompleteColumns":{}}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"kuery","query":"type : H0neytr4p"},"visualization":{"layers":[{"categoryDisplay":"hide","emptySizeRatio":0.3,"layerId":"9aa2a833-5f04-45bf-8c28-fa8dbbb3d757","layerType":"data","legendDisplay":"show","legendMaxLines":1,"legendPosition":"right","legendSize":"auto","metrics":["44f922a6-5b0e-4727-a4b0-8ee2c53fc2cf"],"nestedLegend":true,"numberDisplay":"percent","percentDecimals":0,"primaryGroups":["1a1e8e7d-404b-4bf1-af6d-b99f26ea9138"],"secondaryGroups":[],"showValuesInLegend":true,"truncateLegend":true}],"palette":{"name":"kibana_palette","type":"palette"},"shape":"donut"}},"title":"H0neytr4p HTTP User Agent Pie - Top 10","visualizationType":"lnsPie"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"5d9cfa71-2a13-46c7-8a79-d8e1673aeb8a","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-9aa2a833-5f04-45bf-8c28-fa8dbbb3d757","type":"index-pattern"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"},{"id":"50d4872d-45a3-4e23-97c0-2cbbe59fa5f2","name":"tag-ref-50d4872d-45a3-4e23-97c0-2cbbe59fa5f2","type":"tag"}],"sort":[1767638649249,8589935127],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzExNywxXQ=="}
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"c033cec3-e553-43c3-9f97-f6bfff3f8e1e":{"columnOrder":["c387daa6-a2c3-4dae-8698-76663887be8d","a9d585ea-9c08-48cf-a351-217f11bd39e1"],"columns":{"a9d585ea-9c08-48cf-a351-217f11bd39e1":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Count","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"},"c387daa6-a2c3-4dae-8698-76663887be8d":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"method.keyword: Descending","operationType":"terms","params":{"accuracyMode":true,"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"a9d585ea-9c08-48cf-a351-217f11bd39e1","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"size":10},"scale":"ordinal","sourceField":"request.method.keyword"}},"ignoreGlobalFilters":false,"incompleteColumns":{}}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"kuery","query":"type : Galah"},"visualization":{"layers":[{"categoryDisplay":"hide","emptySizeRatio":0.3,"layerId":"c033cec3-e553-43c3-9f97-f6bfff3f8e1e","layerType":"data","legendDisplay":"show","legendMaxLines":1,"legendPosition":"right","legendSize":"auto","metrics":["a9d585ea-9c08-48cf-a351-217f11bd39e1"],"nestedLegend":true,"numberDisplay":"percent","percentDecimals":0,"primaryGroups":["c387daa6-a2c3-4dae-8698-76663887be8d"],"secondaryGroups":[],"showValuesInLegend":true,"truncateLegend":true}],"palette":{"name":"kibana_palette","type":"palette"},"shape":"donut"}},"title":"Galah Method Pie - Top 10","visualizationType":"lnsPie"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"d423f20c-9763-43da-a1c7-09562ac9abdc","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-c033cec3-e553-43c3-9f97-f6bfff3f8e1e","type":"index-pattern"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"},{"id":"bdc42668-bfaa-40ea-82de-02b382f9c0ae","name":"tag-ref-bdc42668-bfaa-40ea-82de-02b382f9c0ae","type":"tag"}],"sort":[1767638649249,8589935131],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzExOCwxXQ=="}
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"f5a94802-967f-41f4-8cff-ee049791281f":{"columnOrder":["b59251ab-f883-4762-b23b-4dc33e1df8b8","6c32a844-7489-4493-8a9c-6fd17a2765b3"],"columns":{"6c32a844-7489-4493-8a9c-6fd17a2765b3":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Count","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"},"b59251ab-f883-4762-b23b-4dc33e1df8b8":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"http_user_agent.keyword: Descending","operationType":"terms","params":{"accuracyMode":true,"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"6c32a844-7489-4493-8a9c-6fd17a2765b3","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"secondaryFields":[],"size":10},"scale":"ordinal","sourceField":"request.headers.User-Agent.keyword"}},"ignoreGlobalFilters":false,"incompleteColumns":{}}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"lucene","query":"*"},"visualization":{"layers":[{"categoryDisplay":"hide","emptySizeRatio":0.3,"layerId":"f5a94802-967f-41f4-8cff-ee049791281f","layerType":"data","legendDisplay":"show","legendMaxLines":1,"legendPosition":"right","legendSize":"auto","metrics":["6c32a844-7489-4493-8a9c-6fd17a2765b3"],"nestedLegend":true,"numberDisplay":"percent","percentDecimals":0,"primaryGroups":["b59251ab-f883-4762-b23b-4dc33e1df8b8"],"secondaryGroups":[],"showValuesInLegend":true,"truncateLegend":true}],"palette":{"name":"kibana_palette","type":"palette"},"shape":"donut"}},"title":"Galah - User Agent - Top 10","visualizationType":"lnsPie"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"d103273e-32ad-41a6-8963-fba824c79705","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-f5a94802-967f-41f4-8cff-ee049791281f","type":"index-pattern"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"},{"id":"bdc42668-bfaa-40ea-82de-02b382f9c0ae","name":"tag-ref-bdc42668-bfaa-40ea-82de-02b382f9c0ae","type":"tag"}],"sort":[1767638649249,8589935135],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzExOSwxXQ=="}
{"attributes":{"description":"Galah Dashboard","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"type : Galah\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":true,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":0,\"w\":14,\"h\":8,\"i\":\"e69d24da-c6f1-4a5b-b196-7291ed99106f\"},\"panelIndex\":\"e69d24da-c6f1-4a5b-b196-7291ed99106f\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_e69d24da-c6f1-4a5b-b196-7291ed99106f\"},{\"type\":\"lens\",\"gridData\":{\"x\":14,\"y\":0,\"w\":10,\"h\":8,\"i\":\"313042dd-cd3d-4a8d-8cd5-f7f25395134a\"},\"panelIndex\":\"313042dd-cd3d-4a8d-8cd5-f7f25395134a\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_313042dd-cd3d-4a8d-8cd5-f7f25395134a\"},{\"type\":\"map\",\"gridData\":{\"x\":24,\"y\":0,\"w\":24,\"h\":18,\"i\":\"18fd3e97-fd07-4448-b67d-c542d2d1f521\"},\"panelIndex\":\"18fd3e97-fd07-4448-b67d-c542d2d1f521\",\"embeddableConfig\":{\"mapCenter\":{\"lat\":33.63243,\"lon\":1.83085,\"zoom\":1.1},\"mapBuffer\":{\"minLon\":-180,\"minLat\":-66.51326,\"maxLon\":180,\"maxLat\":85.05113},\"isLayerTOCOpen\":false,\"openTOCDetails\":[],\"hiddenLayers\":[],\"enhancements\":{}},\"panelRefName\":\"panel_18fd3e97-fd07-4448-b67d-c542d2d1f521\"},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":8,\"w\":24,\"h\":10,\"i\":\"27a5c4e5-edfc-47b0-9ed1-0396bede856f\"},\"panelIndex\":\"27a5c4e5-edfc-47b0-9ed1-0396bede856f\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_27a5c4e5-edfc-47b0-9ed1-0396bede856f\"},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":18,\"w\":24,\"h\":10,\"i\":\"b225217b-e479-4e5b-9077-e1ba30f15ae3\"},\"panelIndex\":\"b225217b-e479-4e5b-9077-e1ba30f15ae3\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_b225217b-e479-4e5b-9077-e1ba30f15ae3\"},{\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":18,\"w\":24,\"h\":10,\"i\":\"1d83aec1-7b9a-4f6e-8218-a94bd45adc23\"},\"panelIndex\":\"1d83aec1-7b9a-4f6e-8218-a94bd45adc23\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1d83aec1-7b9a-4f6e-8218-a94bd45adc23\"},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":28,\"w\":12,\"h\":10,\"i\":\"69dde18e-c0bc-4604-936c-c2219c2eb34d\"},\"panelIndex\":\"69dde18e-c0bc-4604-936c-c2219c2eb34d\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_69dde18e-c0bc-4604-936c-c2219c2eb34d\"},{\"type\":\"lens\",\"gridData\":{\"x\":12,\"y\":28,\"w\":12,\"h\":10,\"i\":\"55c15f3b-2ab8-49e2-a502-539a13d910b9\"},\"panelIndex\":\"55c15f3b-2ab8-49e2-a502-539a13d910b9\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_55c15f3b-2ab8-49e2-a502-539a13d910b9\"},{\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":28,\"w\":12,\"h\":10,\"i\":\"32e5690e-df8e-413d-b927-7b8710589b04\"},\"panelIndex\":\"32e5690e-df8e-413d-b927-7b8710589b04\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_32e5690e-df8e-413d-b927-7b8710589b04\"},{\"type\":\"lens\",\"gridData\":{\"x\":36,\"y\":28,\"w\":12,\"h\":10,\"i\":\"bf285a48-d737-4ea7-b0c4-79772a1ac8cb\"},\"panelIndex\":\"bf285a48-d737-4ea7-b0c4-79772a1ac8cb\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_bf285a48-d737-4ea7-b0c4-79772a1ac8cb\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":38,\"w\":24,\"h\":18,\"i\":\"c79b54a3-1ac1-4c31-ae0e-c5fc4cb870d1\"},\"panelIndex\":\"c79b54a3-1ac1-4c31-ae0e-c5fc4cb870d1\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_c79b54a3-1ac1-4c31-ae0e-c5fc4cb870d1\"},{\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":38,\"w\":12,\"h\":18,\"i\":\"503b22f0-439f-45ef-b882-af524d4e60e4\"},\"panelIndex\":\"503b22f0-439f-45ef-b882-af524d4e60e4\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_503b22f0-439f-45ef-b882-af524d4e60e4\"},{\"type\":\"lens\",\"gridData\":{\"x\":36,\"y\":38,\"w\":12,\"h\":18,\"i\":\"e21d7661-fa19-427a-84f0-01c0a4fc131a\"},\"panelIndex\":\"e21d7661-fa19-427a-84f0-01c0a4fc131a\",\"embeddableConfig\":{
{"attributes":{"description":"","state":{"datasourceStates":{"formBased":{"layers":{"a7add055-4cdf-4f04-aa7d-00755ea2400c":{"columnOrder":["71b0b215-f291-488c-b37f-8f49f03c26d2","2cea1993-e42b-434e-92f6-e0448828b6f1","bafc359d-86c2-4011-b6e5-47b37b927588"],"columns":{"2cea1993-e42b-434e-92f6-e0448828b6f1":{"dataType":"date","isBucketed":true,"label":"@timestamp","operationType":"date_histogram","params":{"includeEmptyRows":true,"interval":"auto"},"scale":"interval","sourceField":"@timestamp"},"71b0b215-f291-488c-b37f-8f49f03c26d2":{"dataType":"number","isBucketed":true,"label":"Top values of dest_port","operationType":"terms","params":{"missingBucket":false,"orderBy":{"columnId":"bafc359d-86c2-4011-b6e5-47b37b927588","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"size":5},"scale":"ordinal","sourceField":"dest_port"},"bafc359d-86c2-4011-b6e5-47b37b927588":{"dataType":"number","isBucketed":false,"label":"Count of records","operationType":"count","scale":"ratio","sourceField":"___records___"}},"incompleteColumns":{}}}}},"filters":[],"query":{"language":"kuery","query":""},"visualization":{"axisTitlesVisibilitySettings":{"x":false,"yLeft":false,"yRight":true},"curveType":"LINEAR","gridlinesVisibilitySettings":{"x":false,"yLeft":false,"yRight":true},"hideEndzones":true,"layers":[{"accessors":["bafc359d-86c2-4011-b6e5-47b37b927588"],"layerId":"a7add055-4cdf-4f04-aa7d-00755ea2400c","layerType":"data","palette":{"name":"kibana_palette","type":"palette"},"position":"top","seriesType":"line","showGridlines":false,"splitAccessor":"71b0b215-f291-488c-b37f-8f49f03c26d2","xAccessor":"2cea1993-e42b-434e-92f6-e0448828b6f1"}],"legend":{"isVisible":false,"legendSize":"auto","position":"right","showSingleSeries":false},"preferredSeriesType":"line","tickLabelsVisibilitySettings":{"x":false,"yLeft":false,"yRight":true},"title":"Empty XY chart","valueLabels":"hide","yLeftExtent":{"mode":"full"},"yRightExtent":{"mode":"full"}}},"title":"T-Pot Attacks Destination Port Sparkline","visualizationType":"lnsXY"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"60631090-6e8a-11ec-a667-cfa2ee57ea38","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logstash-*","name":"indexpattern-datasource-layer-a7add055-4cdf-4f04-aa7d-00755ea2400c","type":"index-pattern"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"}],"sort":[1767638649249,8589935156],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzEyMSwxXQ=="}
{"attributes":{"columns":["_source"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"type:\\\"Ipphoney\\\"\",\"language\":\"lucene\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[],"tabs":[{"attributes":{"columns":["_source"],"hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"type:\\\"Ipphoney\\\"\",\"language\":\"lucene\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[],"version":1},"id":"01a700ae-0539-42b5-90b0-d062c591fb9b","label":"Untitled"}],"title":"Ipphoney-Logs","version":1},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"61b35210-e69c-11ea-a187-bff602343d4c","managed":false,"references":[{"id":"logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1767638649249,8589935158],"type":"search","typeMigrationVersion":"10.9.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzEyMiwxXQ=="}
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"b814e2c5-1658-4999-9d06-513e73eea56f":{"columnOrder":["a9cc7d98-d582-4350-9cc9-f56edb6c2fe0","2d64e52a-354f-44a5-84e9-e3f3ae35adb1","2a004cbe-4e70-45fc-952d-9c4cd5f6c472"],"columns":{"2a004cbe-4e70-45fc-952d-9c4cd5f6c472":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Count","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"},"2d64e52a-354f-44a5-84e9-e3f3ae35adb1":{"customLabel":true,"dataType":"date","isBucketed":true,"label":"Timestamp","operationType":"date_histogram","params":{"dropPartials":true,"includeEmptyRows":false,"interval":"auto"},"scale":"interval","sourceField":"@timestamp"},"a9cc7d98-d582-4350-9cc9-f56edb6c2fe0":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"geoip.country_name.keyword: Descending","operationType":"terms","params":{"accuracyMode":true,"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"2a004cbe-4e70-45fc-952d-9c4cd5f6c472","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"size":5},"scale":"ordinal","sourceField":"geoip.country_name.keyword"}},"ignoreGlobalFilters":false,"incompleteColumns":{}}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"kuery","query":"type : NGINX"},"visualization":{"axisTitlesVisibilitySettings":{"x":true,"yLeft":true,"yRight":true},"curveType":"LINEAR","fittingFunction":"Linear","gridlinesVisibilitySettings":{"x":false,"yLeft":false,"yRight":true},"labelsOrientation":{"x":0,"yLeft":0,"yRight":-90},"layers":[{"accessors":["2a004cbe-4e70-45fc-952d-9c4cd5f6c472"],"isHistogram":true,"layerId":"b814e2c5-1658-4999-9d06-513e73eea56f","layerType":"data","palette":{"name":"default","type":"palette"},"seriesType":"area","simpleView":false,"splitAccessor":"a9cc7d98-d582-4350-9cc9-f56edb6c2fe0","xAccessor":"2d64e52a-354f-44a5-84e9-e3f3ae35adb1","xScaleType":"time","yConfig":[{"axisMode":"left","forAccessor":"2a004cbe-4e70-45fc-952d-9c4cd5f6c472"}]}],"legend":{"isVisible":true,"legendSize":"auto","maxLines":1,"position":"right","shouldTruncate":true,"showSingleSeries":true},"preferredSeriesType":"bar_stacked","showCurrentTimeMarker":false,"tickLabelsVisibilitySettings":{"x":true,"yLeft":true,"yRight":true},"valueLabels":"hide","valuesInLegend":false,"xTitle":"Timestamp","yLeftExtent":{"enforce":true,"mode":"full"},"yLeftScale":"sqrt","yRightScale":"linear","yTitle":""}},"title":"NGINX Events by Country Histogram","visualizationType":"lnsXY"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"61def38f-2f46-4455-a7a2-70a538818c9e","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-b814e2c5-1658-4999-9d06-513e73eea56f","type":"index-pattern"},{"id":"0185bb20-8ebc-11ec-82b5-d375cfa90394","name":"tag-ref-0185bb20-8ebc-11ec-82b5-d375cfa90394","type":"tag"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"}],"sort":[1767638649249,8589935162],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzEyMywxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"type.keyword:\\\"Adbhoney\\\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Adbhoney Input - Top 10","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Adbhoney Input - Top 10\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Count\",\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"input.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Command Line Input\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"showToolbar\":false,\"percentageCol\":\"\",\"autoFitRowToContent\":false}}"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"62efe620-fa35-11e8-838f-fff066e21110","managed":false,"references":[{"id":"logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"},{"id":"858335c0-8ebb-11ec-82b5-d375cfa90394","name":"tag-ref-858335c0-8ebb-11ec-82b5-d375cfa90394","type":"tag"}],"sort":[1767638649249,8589935166],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzEyNCwxXQ=="}
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"e30c7751-d6bb-400f-8de3-b81f85e78d51":{"columnOrder":["caf318ff-9120-48b8-90f4-abf634f26abe","a6381da7-6558-4d71-b72b-5772f8ac0d9d"],"columns":{"a6381da7-6558-4d71-b72b-5772f8ac0d9d":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Count","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"},"caf318ff-9120-48b8-90f4-abf634f26abe":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"fatt_ssh.client.keyword: Descending","operationType":"terms","params":{"accuracyMode":true,"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"a6381da7-6558-4d71-b72b-5772f8ac0d9d","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"size":10},"scale":"ordinal","sourceField":"fatt_ssh.client.keyword"}},"ignoreGlobalFilters":false,"incompleteColumns":{}}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"kuery","query":"type : Fatt"},"visualization":{"layers":[{"categoryDisplay":"hide","emptySizeRatio":0.3,"layerId":"e30c7751-d6bb-400f-8de3-b81f85e78d51","layerType":"data","legendDisplay":"show","legendMaxLines":1,"legendPosition":"right","legendSize":"auto","metrics":["a6381da7-6558-4d71-b72b-5772f8ac0d9d"],"nestedLegend":true,"numberDisplay":"percent","percentDecimals":0,"primaryGroups":["caf318ff-9120-48b8-90f4-abf634f26abe"],"secondaryGroups":[],"showValuesInLegend":true,"truncateLegend":true}],"palette":{"name":"kibana_palette","type":"palette"},"shape":"donut"}},"title":"Fatt SSH Client - Top 10","visualizationType":"lnsPie"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"63379e38-e230-4f8b-b428-f29b4acfcec3","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-e30c7751-d6bb-400f-8de3-b81f85e78d51","type":"index-pattern"},{"id":"c2b98750-8ebb-11ec-82b5-d375cfa90394","name":"tag-ref-c2b98750-8ebb-11ec-82b5-d375cfa90394","type":"tag"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"}],"sort":[1767638649249,8589935170],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzEyNSwxXQ=="}
{"attributes":{"color":"#0cf12d","description":"","name":"Mailoney"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"f70cc300-8ebb-11ec-82b5-d375cfa90394","managed":false,"references":[],"sort":[1767638649249,32],"type":"tag","typeMigrationVersion":"8.0.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzM2LDFd"}
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"392c8cdf-4ef6-46bc-80a7-075f7e4f4f2b":{"columnOrder":["e8699294-1fa3-4343-8730-0ae8f00cf5d1","c0a3dc5c-ec88-49dd-9491-03b3b15b95ae","f145d366-b1dd-400d-a0e9-1ae77a97ca3f"],"columns":{"c0a3dc5c-ec88-49dd-9491-03b3b15b95ae":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"eMail Address","operationType":"terms","params":{"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"f145d366-b1dd-400d-a0e9-1ae77a97ca3f","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"secondaryFields":[],"size":10},"scale":"ordinal","sourceField":"emails.keyword"},"e8699294-1fa3-4343-8730-0ae8f00cf5d1":{"dataType":"string","isBucketed":true,"label":"Filters","operationType":"filters","params":{"filters":[{"input":{"language":"lucene","query":"mail from"},"label":"Sender"},{"input":{"language":"lucene","query":"rcpt to"},"label":"Receiver"}]},"scale":"ordinal"},"f145d366-b1dd-400d-a0e9-1ae77a97ca3f":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Count","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"}},"ignoreGlobalFilters":false,"incompleteColumns":{}}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"kuery","query":"*"},"visualization":{"columns":[{"alignment":"left","columnId":"f145d366-b1dd-400d-a0e9-1ae77a97ca3f"},{"alignment":"left","columnId":"e8699294-1fa3-4343-8730-0ae8f00cf5d1"},{"alignment":"left","columnId":"c0a3dc5c-ec88-49dd-9491-03b3b15b95ae"}],"headerRowHeight":"single","layerId":"392c8cdf-4ef6-46bc-80a7-075f7e4f4f2b","layerType":"data","paging":{"enabled":true,"size":10},"rowHeight":"single"}},"title":"Mailoney eMails - Top 10","visualizationType":"lnsDatatable"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"6478386e-a5d4-494a-9c11-e70e0360a832","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-392c8cdf-4ef6-46bc-80a7-075f7e4f4f2b","type":"index-pattern"},{"id":"f70cc300-8ebb-11ec-82b5-d375cfa90394","name":"tag-ref-f70cc300-8ebb-11ec-82b5-d375cfa90394","type":"tag"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"}],"sort":[1767638649249,8589935174],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzEyNiwxXQ=="}
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"67dbb5a6-1515-43d9-8d4b-8cbd9549b746":{"columnOrder":["2cdc54c2-20a7-4c7c-9428-279dd91377a6","dcf50dd8-a4a1-4c26-923a-d69762d4941d"],"columns":{"2cdc54c2-20a7-4c7c-9428-279dd91377a6":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"headers.host.keyword: Descending","operationType":"terms","params":{"accuracyMode":true,"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"dcf50dd8-a4a1-4c26-923a-d69762d4941d","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"size":10},"scale":"ordinal","sourceField":"headers.host.keyword"},"dcf50dd8-a4a1-4c26-923a-d69762d4941d":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Count","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"}},"ignoreGlobalFilters":false,"incompleteColumns":{}}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"kuery","query":"type : Tanner"},"visualization":{"layers":[{"categoryDisplay":"hide","emptySizeRatio":0.3,"layerId":"67dbb5a6-1515-43d9-8d4b-8cbd9549b746","layerType":"data","legendDisplay":"show","legendMaxLines":1,"legendPosition":"right","legendSize":"auto","metrics":["dcf50dd8-a4a1-4c26-923a-d69762d4941d"],"nestedLegend":true,"numberDisplay":"percent","percentDecimals":0,"primaryGroups":["2cdc54c2-20a7-4c7c-9428-279dd91377a6"],"secondaryGroups":[],"showValuesInLegend":true,"truncateLegend":true}],"palette":{"name":"kibana_palette","type":"palette"},"shape":"donut"}},"title":"Tanner HTTP Hostname Pie - Top 10","visualizationType":"lnsPie"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"6498a7a0-6fa3-48dd-9d65-adadd03cbedb","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-67dbb5a6-1515-43d9-8d4b-8cbd9549b746","type":"index-pattern"},{"id":"16459ee0-8ebc-11ec-82b5-d375cfa90394","name":"tag-ref-16459ee0-8ebc-11ec-82b5-d375cfa90394","type":"tag"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"}],"sort":[1767638649249,8589935178],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzEyNywxXQ=="}
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"22669c8f-008f-458f-8659-f1b0ba4920e6":{"columnOrder":["abaea010-1f90-4888-8377-d2195c446723","afcf6db0-8558-4e97-8670-8d5e1a5a6faa"],"columns":{"abaea010-1f90-4888-8377-d2195c446723":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"sip_user_agent.keyword: Descending","operationType":"terms","params":{"accuracyMode":true,"exclude":["NOT_FOUND"],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"afcf6db0-8558-4e97-8670-8d5e1a5a6faa","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"size":10},"scale":"ordinal","sourceField":"sip_user_agent.keyword"},"afcf6db0-8558-4e97-8670-8d5e1a5a6faa":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Count","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"}},"ignoreGlobalFilters":false,"incompleteColumns":{}}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"kuery","query":"type : Sentrypeer"},"visualization":{"layers":[{"categoryDisplay":"hide","emptySizeRatio":0.3,"layerId":"22669c8f-008f-458f-8659-f1b0ba4920e6","layerType":"data","legendDisplay":"show","legendMaxLines":1,"legendPosition":"right","legendSize":"auto","metrics":["afcf6db0-8558-4e97-8670-8d5e1a5a6faa"],"nestedLegend":false,"numberDisplay":"percent","percentDecimals":0,"primaryGroups":["abaea010-1f90-4888-8377-d2195c446723"],"secondaryGroups":[],"showValuesInLegend":true,"truncateLegend":true}],"palette":{"name":"kibana_palette","type":"palette"},"shape":"donut"}},"title":"Sentrypeer - SIP User Agent Pie - Top 10","visualizationType":"lnsPie"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"9deda3d8-d3c0-4f03-9608-0b4cd22b8217","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-22669c8f-008f-458f-8659-f1b0ba4920e6","type":"index-pattern"},{"id":"eca457c0-9631-11ec-8535-97c455858195","name":"tag-ref-eca457c0-9631-11ec-8535-97c455858195","type":"tag"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"}],"sort":[1767638649249,8589935182],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzEyOCwxXQ=="}
{"attributes":{"description":"Sentrypeer Dashboard","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"type : Sentrypeer\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":true,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":0,\"w\":14,\"h\":7,\"i\":\"6e5a95c8-3b8a-47bd-a48b-ee13a13773a8\"},\"panelIndex\":\"6e5a95c8-3b8a-47bd-a48b-ee13a13773a8\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6e5a95c8-3b8a-47bd-a48b-ee13a13773a8\"},{\"type\":\"lens\",\"gridData\":{\"x\":14,\"y\":0,\"w\":10,\"h\":7,\"i\":\"e1bc0edf-76fe-4589-bfba-077c1eb1a6a9\"},\"panelIndex\":\"e1bc0edf-76fe-4589-bfba-077c1eb1a6a9\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_e1bc0edf-76fe-4589-bfba-077c1eb1a6a9\"},{\"type\":\"map\",\"gridData\":{\"x\":24,\"y\":0,\"w\":24,\"h\":17,\"i\":\"129b5492-f532-4c67-9e0a-70ec9fd52619\"},\"panelIndex\":\"129b5492-f532-4c67-9e0a-70ec9fd52619\",\"embeddableConfig\":{\"mapCenter\":{\"lat\":14.94478,\"lon\":14.53852,\"zoom\":1},\"mapBuffer\":{\"minLon\":-180,\"minLat\":-85.05113,\"maxLon\":360,\"maxLat\":85.05113},\"isLayerTOCOpen\":false,\"openTOCDetails\":[],\"hiddenLayers\":[],\"enhancements\":{}},\"panelRefName\":\"panel_129b5492-f532-4c67-9e0a-70ec9fd52619\"},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":7,\"w\":24,\"h\":10,\"i\":\"5b4509ca-727a-4835-b18e-4be14bad96ae\"},\"panelIndex\":\"5b4509ca-727a-4835-b18e-4be14bad96ae\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5b4509ca-727a-4835-b18e-4be14bad96ae\"},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":17,\"w\":12,\"h\":10,\"i\":\"36a8256e-300a-4b1c-a15a-cf5355eb8bdd\"},\"panelIndex\":\"36a8256e-300a-4b1c-a15a-cf5355eb8bdd\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_36a8256e-300a-4b1c-a15a-cf5355eb8bdd\"},{\"type\":\"lens\",\"gridData\":{\"x\":12,\"y\":17,\"w\":12,\"h\":10,\"i\":\"6ae5df20-65d2-4646-bd18-aa0c6c50a7f1\"},\"panelIndex\":\"6ae5df20-65d2-4646-bd18-aa0c6c50a7f1\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6ae5df20-65d2-4646-bd18-aa0c6c50a7f1\"},{\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":17,\"w\":24,\"h\":10,\"i\":\"9d560099-9fe1-4732-b023-e62f83a55fe9\"},\"panelIndex\":\"9d560099-9fe1-4732-b023-e62f83a55fe9\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_9d560099-9fe1-4732-b023-e62f83a55fe9\"},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":27,\"w\":12,\"h\":10,\"i\":\"dd94cb87-c2ea-461b-8e64-f9fedeba0c36\"},\"panelIndex\":\"dd94cb87-c2ea-461b-8e64-f9fedeba0c36\",\"embeddableConfig\":{\"attributes\":{\"title\":\"Sentrypeer - SIP User Agent Pie - Top 10\",\"description\":\"\",\"visualizationType\":\"lnsPie\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"logstash-*\",\"name\":\"indexpattern-datasource-layer-22669c8f-008f-458f-8659-f1b0ba4920e6\"}],\"state\":{\"visualization\":{\"shape\":\"donut\",\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"layers\":[{\"layerId\":\"22669c8f-008f-458f-8659-f1b0ba4920e6\",\"layerType\":\"data\",\"primaryGroups\":[\"abaea010-1f90-4888-8377-d2195c446723\"],\"secondaryGroups\":[],\"metrics\":[\"afcf6db0-8558-4e97-8670-8d5e1a5a6faa\"],\"numberDisplay\":\"percent\",\"categoryDisplay\":\"hide\",\"legendDisplay\":\"show\",\"legendPosition\":\"right\",\"showValuesInLegend\":true,\"nestedLegend\":false,\"percentDecimals\":0,\"emptySizeRatio\":0.3,\"legendMaxLines\":1,\"legendSize\":\"auto\",\"truncateLegend\":true}]},\"query\":{\"query\":\"type : Sentrypeer\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"22669c8f-008f-458f-8659-f1b0ba4920e6\":{\"ignoreGlobalFilters\":false,\"columns\":{\"abaea010-1f90-4888-8377-d2195c446723\":{\"label\":\"sip_user_agent.keyword: Descending\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"sip_user_agent.keyword\",\"isBucketed\":true,\"params\":{\"size\"
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"71e532c9-f39d-46ee-9abe-acda4c3d0a1c":{"columnOrder":["c10313ba-0eee-4eb1-bcaf-1406bafb4b2e","9bc7f4b9-50ae-4a0b-95c7-79b7a999fccc"],"columns":{"9bc7f4b9-50ae-4a0b-95c7-79b7a999fccc":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Count","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"},"c10313ba-0eee-4eb1-bcaf-1406bafb4b2e":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"request_uri.keyword: Descending","operationType":"terms","params":{"accuracyMode":true,"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"9bc7f4b9-50ae-4a0b-95c7-79b7a999fccc","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"size":10},"scale":"ordinal","sourceField":"request_uri.keyword"}},"ignoreGlobalFilters":false,"incompleteColumns":{}}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"kuery","query":"*"},"visualization":{"layers":[{"categoryDisplay":"hide","emptySizeRatio":0.3,"layerId":"71e532c9-f39d-46ee-9abe-acda4c3d0a1c","layerType":"data","legendDisplay":"show","legendMaxLines":1,"legendPosition":"right","legendSize":"auto","metrics":["9bc7f4b9-50ae-4a0b-95c7-79b7a999fccc"],"nestedLegend":true,"numberDisplay":"percent","percentDecimals":0,"primaryGroups":["c10313ba-0eee-4eb1-bcaf-1406bafb4b2e"],"secondaryGroups":[],"showValuesInLegend":true,"truncateLegend":true}],"palette":{"name":"kibana_palette","type":"palette"},"shape":"donut"}},"title":"HTTP Request - Top 10 - Dynamic","visualizationType":"lnsPie"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"66257d44-a3a6-49ce-9362-000a920929ea","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-71e532c9-f39d-46ee-9abe-acda4c3d0a1c","type":"index-pattern"},{"id":"1fab5730-8f49-11ec-98cd-292aebe8beaf","name":"tag-ref-1fab5730-8f49-11ec-98cd-292aebe8beaf","type":"tag"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"}],"sort":[1767638649249,8589935202],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzEzMCwxXQ=="}
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"50aff316-b0ff-42be-848e-f3c7d32c7624":{"columnOrder":["7be06c5a-dc71-4f5c-9da7-3422cded5ed8","1933097f-e6cd-46e1-b833-817b1d72b200"],"columns":{"1933097f-e6cd-46e1-b833-817b1d72b200":{"dataType":"number","isBucketed":false,"label":"Count of records","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"},"7be06c5a-dc71-4f5c-9da7-3422cded5ed8":{"dataType":"string","isBucketed":true,"label":"Top 2 values of trapped.keyword","operationType":"terms","params":{"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"1933097f-e6cd-46e1-b833-817b1d72b200","type":"column"},"orderDirection":"desc","otherBucket":true,"parentFormat":{"id":"terms"},"size":2},"scale":"ordinal","sourceField":"trapped.keyword"}},"ignoreGlobalFilters":false,"incompleteColumns":{}}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"kuery","query":"type : H0neytr4p"},"visualization":{"layers":[{"categoryDisplay":"hide","emptySizeRatio":0.3,"layerId":"50aff316-b0ff-42be-848e-f3c7d32c7624","layerType":"data","legendDisplay":"show","legendMaxLines":1,"legendPosition":"right","legendSize":"auto","metrics":["1933097f-e6cd-46e1-b833-817b1d72b200"],"nestedLegend":true,"numberDisplay":"percent","percentDecimals":0,"primaryGroups":["7be06c5a-dc71-4f5c-9da7-3422cded5ed8"],"secondaryGroups":[],"showValuesInLegend":true,"truncateLegend":true}],"palette":{"name":"kibana_palette","type":"palette"},"shape":"donut"}},"title":"H0neytr4p Trapped Pie","visualizationType":"lnsPie"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"685bcbf8-0679-4425-a60d-286650299e8f","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-50aff316-b0ff-42be-848e-f3c7d32c7624","type":"index-pattern"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"},{"id":"50d4872d-45a3-4e23-97c0-2cbbe59fa5f2","name":"tag-ref-50d4872d-45a3-4e23-97c0-2cbbe59fa5f2","type":"tag"}],"sort":[1767638649249,8589935206],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzEzMSwxXQ=="}
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"8d3c9890-e96c-4e94-b8dd-55ac1607b16b":{"columnOrder":["ef6a1d2e-967b-437d-8fee-f4d13b093f27","943d675e-cf3c-427e-9cb2-777500927983"],"columns":{"943d675e-cf3c-427e-9cb2-777500927983":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Count","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"},"ef6a1d2e-967b-437d-8fee-f4d13b093f27":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"Request Path","operationType":"terms","params":{"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"943d675e-cf3c-427e-9cb2-777500927983","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"secondaryFields":[],"size":10},"scale":"ordinal","sourceField":"path.keyword"}},"ignoreGlobalFilters":false,"incompleteColumns":{}}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"kuery","query":"type.keyword:\"Go-pot\""},"visualization":{"columns":[{"alignment":"left","columnId":"943d675e-cf3c-427e-9cb2-777500927983"},{"columnId":"ef6a1d2e-967b-437d-8fee-f4d13b093f27","isMetric":false,"isTransposed":false}],"headerRowHeight":"single","headerRowHeightLines":1,"layerId":"8d3c9890-e96c-4e94-b8dd-55ac1607b16b","layerType":"data","paging":{"enabled":false,"size":10},"rowHeight":"auto"}},"title":"Go-pot - HTTP Request Path - Top 10","visualizationType":"lnsDatatable"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"685e1e26-518b-4cd5-8e5c-1c565b0ebafd","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-8d3c9890-e96c-4e94-b8dd-55ac1607b16b","type":"index-pattern"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"},{"id":"d3ab0b82-8c88-4968-aa32-23d9a867a6ca","name":"tag-ref-d3ab0b82-8c88-4968-aa32-23d9a867a6ca","type":"tag"}],"sort":[1767638649249,8589935210],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzEzMiwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Attacks per T-Pot","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Attacks per T-Pot\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"t-pot_hostname.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"},\"schema\":\"segment\"}],\"params\":{\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100,\"percentDecimals\":0},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"nestedLegend\":false,\"truncateLegend\":true,\"maxLegendLines\":1,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"}}"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"68e94460-6e11-11ec-a667-cfa2ee57ea38","managed":false,"references":[{"id":"Honeypot-Logs","name":"search_0","type":"search"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"}],"sort":[1767638649249,8589935213],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzEzMywxXQ=="}
{"attributes":{"color":"#b75102","description":"","name":"Honeyaml"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"f604f105-6ad6-491a-b6ad-df038df7698d","managed":false,"references":[],"sort":[1767638649249,33],"type":"tag","typeMigrationVersion":"8.0.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzM3LDFd"}
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"c033cec3-e553-43c3-9f97-f6bfff3f8e1e":{"columnOrder":["1f157382-27ad-4010-8800-70c35088db5d","a9d585ea-9c08-48cf-a351-217f11bd39e1"],"columns":{"1f157382-27ad-4010-8800-70c35088db5d":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"Method","operationType":"terms","params":{"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"a9d585ea-9c08-48cf-a351-217f11bd39e1","type":"column"},"orderDirection":"desc","otherBucket":true,"parentFormat":{"id":"terms"},"size":10},"scale":"ordinal","sourceField":"method.keyword"},"a9d585ea-9c08-48cf-a351-217f11bd39e1":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Count","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"}},"ignoreGlobalFilters":false,"incompleteColumns":{}}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"kuery","query":"type : Honeyaml"},"visualization":{"layers":[{"categoryDisplay":"hide","emptySizeRatio":0.3,"layerId":"c033cec3-e553-43c3-9f97-f6bfff3f8e1e","layerType":"data","legendDisplay":"show","legendMaxLines":1,"legendPosition":"right","legendSize":"auto","metrics":["a9d585ea-9c08-48cf-a351-217f11bd39e1"],"nestedLegend":true,"numberDisplay":"percent","percentDecimals":0,"primaryGroups":["1f157382-27ad-4010-8800-70c35088db5d"],"secondaryGroups":[],"showValuesInLegend":true,"truncateLegend":true}],"palette":{"name":"kibana_palette","type":"palette"},"shape":"donut"}},"title":"Honeyaml - Method Pie - Top 10","visualizationType":"lnsPie"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"6907f0c1-ac79-45ef-b8c5-e324f65acf7a","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-c033cec3-e553-43c3-9f97-f6bfff3f8e1e","type":"index-pattern"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"},{"id":"f604f105-6ad6-491a-b6ad-df038df7698d","name":"tag-ref-f604f105-6ad6-491a-b6ad-df038df7698d","type":"tag"}],"sort":[1767638649249,8589935217],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzEzNCwxXQ=="}
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"8d3c9890-e96c-4e94-b8dd-55ac1607b16b":{"columnOrder":["48968943-c1fc-46ff-a921-62cf247b9c9d","f06613ff-0544-4304-bb34-fd249ad49433","943d675e-cf3c-427e-9cb2-777500927983"],"columns":{"48968943-c1fc-46ff-a921-62cf247b9c9d":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"Output","operationType":"terms","params":{"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"943d675e-cf3c-427e-9cb2-777500927983","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"size":10},"scale":"ordinal","sourceField":"output.keyword"},"943d675e-cf3c-427e-9cb2-777500927983":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Count","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"},"f06613ff-0544-4304-bb34-fd249ad49433":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"Input","operationType":"terms","params":{"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"943d675e-cf3c-427e-9cb2-777500927983","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"size":1},"scale":"ordinal","sourceField":"input.keyword"}},"ignoreGlobalFilters":false,"incompleteColumns":{}}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"kuery","query":"type.keyword:\"Beelzebub\""},"visualization":{"columns":[{"alignment":"left","columnId":"943d675e-cf3c-427e-9cb2-777500927983"},{"columnId":"48968943-c1fc-46ff-a921-62cf247b9c9d","isMetric":false,"isTransposed":false},{"alignment":"left","columnId":"f06613ff-0544-4304-bb34-fd249ad49433","isMetric":false,"isTransposed":false}],"headerRowHeight":"single","headerRowHeightLines":1,"layerId":"8d3c9890-e96c-4e94-b8dd-55ac1607b16b","layerType":"data","paging":{"enabled":false,"size":10},"rowHeight":"auto"}},"title":"Beelzebub Output- Top 10","visualizationType":"lnsDatatable"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"6a9e7b17-c478-45e7-b567-9b5654ca64c1","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-8d3c9890-e96c-4e94-b8dd-55ac1607b16b","type":"index-pattern"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"},{"id":"0f7e570e-9791-4edf-b252-0bc9c465cb86","name":"tag-ref-0f7e570e-9791-4edf-b252-0bc9c465cb86","type":"tag"}],"sort":[1767638649249,8589935221],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzEzNSwxXQ=="}
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"7b6506e9-a7fe-44bd-9ff6-6eda899592a1":{"columnOrder":["9eb04b5a-21f9-45ca-8dc3-80d887430e15","4b5ca36d-51dc-40bc-a7ff-fcf7d197bc8f"],"columns":{"4b5ca36d-51dc-40bc-a7ff-fcf7d197bc8f":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Count","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"},"9eb04b5a-21f9-45ca-8dc3-80d887430e15":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"CVE ID","operationType":"terms","params":{"accuracyMode":true,"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"4b5ca36d-51dc-40bc-a7ff-fcf7d197bc8f","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"size":10},"scale":"ordinal","sourceField":"alert.cve_id.keyword"}},"ignoreGlobalFilters":false,"incompleteColumns":{}}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"kuery","query":"type : Suricata"},"visualization":{"columns":[{"alignment":"left","columnId":"4b5ca36d-51dc-40bc-a7ff-fcf7d197bc8f"},{"alignment":"left","columnId":"9eb04b5a-21f9-45ca-8dc3-80d887430e15"}],"headerRowHeight":"single","layerId":"7b6506e9-a7fe-44bd-9ff6-6eda899592a1","layerType":"data","paging":{"enabled":true,"size":10},"rowHeight":"single"}},"title":"Suricata CVE - Top 10","version":1,"visualizationType":"lnsDatatable"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"6d730250-5d09-4b96-b2b7-6638b278a8bc","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-7b6506e9-a7fe-44bd-9ff6-6eda899592a1","type":"index-pattern"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"},{"id":"1324d6e0-8ebc-11ec-82b5-d375cfa90394","name":"tag-ref-1324d6e0-8ebc-11ec-82b5-d375cfa90394","type":"tag"}],"sort":[1767638649249,8589935225],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzEzNiwxXQ=="}
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"01879d4f-abde-4065-b9a2-729e6aa61faa":{"columnOrder":["902b8bce-d658-4e6d-acd8-1423c3856515","27c6f160-fe0d-4ea8-a52e-2423b319cae3"],"columns":{"27c6f160-fe0d-4ea8-a52e-2423b319cae3":{"dataType":"number","isBucketed":false,"label":"Count of plugin.keyword","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"plugin.keyword"},"902b8bce-d658-4e6d-acd8-1423c3856515":{"dataType":"string","isBucketed":true,"label":"Top 5 values of plugin.keyword","operationType":"terms","params":{"accuracyMode":true,"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"27c6f160-fe0d-4ea8-a52e-2423b319cae3","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"size":5},"scale":"ordinal","sourceField":"plugin.keyword"}},"ignoreGlobalFilters":false,"incompleteColumns":{},"sampling":1}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"kuery","query":"type : Wordpot"},"visualization":{"layers":[{"categoryDisplay":"hide","layerId":"01879d4f-abde-4065-b9a2-729e6aa61faa","layerType":"data","legendDisplay":"show","metrics":["27c6f160-fe0d-4ea8-a52e-2423b319cae3"],"nestedLegend":false,"numberDisplay":"hidden","percentDecimals":0,"primaryGroups":["902b8bce-d658-4e6d-acd8-1423c3856515"],"truncateLegend":false}],"shape":"donut"}},"title":"Wordpot Attack Type Pie","visualizationType":"lnsPie"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"6f5d0344-c789-4a71-96ae-0fd1245add78","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-01879d4f-abde-4065-b9a2-729e6aa61faa","type":"index-pattern"},{"id":"19822c40-8ebc-11ec-82b5-d375cfa90394","name":"tag-ref-19822c40-8ebc-11ec-82b5-d375cfa90394","type":"tag"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"}],"sort":[1767638649249,8589935229],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzEzNywxXQ=="}
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"0dc086e8-e231-414e-8104-82f7f6b631a5":{"columnOrder":["50447067-1188-41ad-bb26-629596761255","ae4c4a2e-a98b-4f98-8483-5b5eab501d97"],"columns":{"50447067-1188-41ad-bb26-629596761255":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"Response","operationType":"terms","params":{"accuracyMode":true,"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"ae4c4a2e-a98b-4f98-8483-5b5eab501d97","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"size":10},"scale":"ordinal","sourceField":"response.keyword"},"ae4c4a2e-a98b-4f98-8483-5b5eab501d97":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Count","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"}},"ignoreGlobalFilters":false,"incompleteColumns":{}}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"kuery","query":"type : ConPot"},"visualization":{"columns":[{"alignment":"left","columnId":"ae4c4a2e-a98b-4f98-8483-5b5eab501d97"},{"alignment":"left","columnId":"50447067-1188-41ad-bb26-629596761255"}],"headerRowHeight":"single","layerId":"0dc086e8-e231-414e-8104-82f7f6b631a5","layerType":"data","paging":{"enabled":true,"size":10},"rowHeight":"single"}},"title":"Conpot Response - Top 10","visualizationType":"lnsDatatable"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"708273e4-072b-4fe3-8c2d-c97eaecfc0e6","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-0dc086e8-e231-414e-8104-82f7f6b631a5","type":"index-pattern"},{"id":"991ee4d0-8ebb-11ec-82b5-d375cfa90394","name":"tag-ref-991ee4d0-8ebb-11ec-82b5-d375cfa90394","type":"tag"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"}],"sort":[1767638649249,8589935233],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzEzOCwxXQ=="}
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"8d3c9890-e96c-4e94-b8dd-55ac1607b16b":{"columnOrder":["ef6a1d2e-967b-437d-8fee-f4d13b093f27","943d675e-cf3c-427e-9cb2-777500927983"],"columns":{"943d675e-cf3c-427e-9cb2-777500927983":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Count","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"},"ef6a1d2e-967b-437d-8fee-f4d13b093f27":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"Request Path","operationType":"terms","params":{"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"943d675e-cf3c-427e-9cb2-777500927983","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"secondaryFields":[],"size":10},"scale":"ordinal","sourceField":"path.keyword"}},"ignoreGlobalFilters":false,"incompleteColumns":{}}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"kuery","query":"type.keyword:\"Honeyaml\""},"visualization":{"columns":[{"alignment":"left","columnId":"943d675e-cf3c-427e-9cb2-777500927983"},{"columnId":"ef6a1d2e-967b-437d-8fee-f4d13b093f27","isMetric":false,"isTransposed":false}],"headerRowHeight":"single","headerRowHeightLines":1,"layerId":"8d3c9890-e96c-4e94-b8dd-55ac1607b16b","layerType":"data","paging":{"enabled":false,"size":10},"rowHeight":"auto"}},"title":"Honeyaml - HTTP Request Path - Top 10","visualizationType":"lnsDatatable"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"70fe6671-52e9-42cd-8bb0-dc56ce6fa4d5","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-8d3c9890-e96c-4e94-b8dd-55ac1607b16b","type":"index-pattern"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"},{"id":"f604f105-6ad6-491a-b6ad-df038df7698d","name":"tag-ref-f604f105-6ad6-491a-b6ad-df038df7698d","type":"tag"}],"sort":[1767638649249,8589935237],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzEzOSwxXQ=="}
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"f901d3a7-1555-4223-9268-9c1fd860f4d0":{"columnOrder":["7c99d3ac-b205-45a4-8292-73e19f6579a2","306f15dc-9734-4c0b-82ce-d93987d121f4"],"columns":{"306f15dc-9734-4c0b-82ce-d93987d121f4":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Count","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"},"7c99d3ac-b205-45a4-8292-73e19f6579a2":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"response_msg.response.message.detection.name.keyword: Descending","operationType":"terms","params":{"accuracyMode":true,"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"306f15dc-9734-4c0b-82ce-d93987d121f4","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"size":10},"scale":"ordinal","sourceField":"response_msg.response.message.detection.name.keyword"}},"ignoreGlobalFilters":false,"incompleteColumns":{}}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"kuery","query":"type.keyword:\"Tanner\""},"visualization":{"layers":[{"categoryDisplay":"hide","emptySizeRatio":0.3,"layerId":"f901d3a7-1555-4223-9268-9c1fd860f4d0","layerType":"data","legendDisplay":"show","legendMaxLines":1,"legendPosition":"right","legendSize":"auto","metrics":["306f15dc-9734-4c0b-82ce-d93987d121f4"],"nestedLegend":true,"numberDisplay":"percent","percentDecimals":0,"primaryGroups":["7c99d3ac-b205-45a4-8292-73e19f6579a2"],"secondaryGroups":[],"showValuesInLegend":true,"truncateLegend":true}],"palette":{"name":"kibana_palette","type":"palette"},"shape":"donut"}},"title":"Tanner Detection Type Pie - Top 10","visualizationType":"lnsPie"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"741ca3cd-f15e-4c55-9122-9cd7a050eba1","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-f901d3a7-1555-4223-9268-9c1fd860f4d0","type":"index-pattern"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"},{"id":"16459ee0-8ebc-11ec-82b5-d375cfa90394","name":"tag-ref-16459ee0-8ebc-11ec-82b5-d375cfa90394","type":"tag"}],"sort":[1767638649249,8589935241],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzE0MCwxXQ=="}
{"attributes":{"columns":[],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"type:\\\"Endlessh\\\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"tabs":[{"attributes":{"columns":[],"hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"type:\\\"Endlessh\\\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"version":1},"id":"c0d69b11-d750-45ee-a6ac-82c9c95db656","label":"Untitled"}],"title":"Endlessh-Logs","version":1},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"ce19b410-3738-11ec-a911-7f1b8f93d32e","managed":false,"references":[{"id":"logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1767638649249,8589935243],"type":"search","typeMigrationVersion":"10.9.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzE0MSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\n \"query\": {\n \"query\": \"\",\n \"language\": \"lucene\"\n },\n \"filter\": []\n}"},"savedSearchRefName":"search_0","title":"Endlessh - Dnspot Name","uiStateJSON":"{\n \"vis\": {\n \"legendOpen\": true\n }\n}","version":1,"visState":"{\"title\":\"Endlessh - Dnspot Name\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"dns_name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"},\"schema\":\"segment\"}],\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"isDonut\":true,\"legendPosition\":\"right\",\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100,\"percentDecimals\":0},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"nestedLegend\":false,\"truncateLegend\":true,\"maxLegendLines\":1,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"}}"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"74730500-3be4-11ec-b866-3db993737f54","managed":false,"references":[{"id":"ce19b410-3738-11ec-a911-7f1b8f93d32e","name":"search_0","type":"search"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"},{"id":"b933efe0-8ebb-11ec-82b5-d375cfa90394","name":"tag-ref-b933efe0-8ebb-11ec-82b5-d375cfa90394","type":"tag"}],"sort":[1767638649249,8589935247],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzE0MiwxXQ=="}
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"6ad0595c-74fd-457e-a5ec-39f45a468809":{"columnOrder":["fa7bd12c-53d4-4d5d-a724-f1018d810b5e","a98a6ef1-e080-4e5d-a1a0-4ec10c280913"],"columns":{"a98a6ef1-e080-4e5d-a1a0-4ec10c280913":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Count","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"},"fa7bd12c-53d4-4d5d-a724-f1018d810b5e":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"http_user_agent.keyword: Descending","operationType":"terms","params":{"accuracyMode":true,"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"a98a6ef1-e080-4e5d-a1a0-4ec10c280913","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"size":10},"scale":"ordinal","sourceField":"http_user_agent.keyword"}},"ignoreGlobalFilters":false,"incompleteColumns":{}}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"kuery","query":"type : ElasticPot"},"visualization":{"layers":[{"categoryDisplay":"hide","emptySizeRatio":0.3,"layerId":"6ad0595c-74fd-457e-a5ec-39f45a468809","layerType":"data","legendDisplay":"show","legendMaxLines":1,"legendPosition":"right","legendSize":"auto","metrics":["a98a6ef1-e080-4e5d-a1a0-4ec10c280913"],"nestedLegend":true,"numberDisplay":"percent","percentDecimals":0,"primaryGroups":["fa7bd12c-53d4-4d5d-a724-f1018d810b5e"],"secondaryGroups":[],"showValuesInLegend":true,"truncateLegend":true}],"palette":{"name":"kibana_palette","type":"palette"},"shape":"donut"}},"title":"ElasticPot - User Agent - Top 10","visualizationType":"lnsPie"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"76e9eb5d-362c-4a9b-b8d7-b0b94c5d6c77","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-6ad0595c-74fd-457e-a5ec-39f45a468809","type":"index-pattern"},{"id":"b4f3ae20-8ebb-11ec-82b5-d375cfa90394","name":"tag-ref-b4f3ae20-8ebb-11ec-82b5-d375cfa90394","type":"tag"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"}],"sort":[1767638649249,8589935251],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzE0MywxXQ=="}
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"3809081f-947e-49b2-bbc5-dd3dbff96d79":{"columnOrder":["d2c68988-355e-446a-8212-8546978858fd","9032cc7b-5707-4c78-9d55-146f1eddfc07"],"columns":{"9032cc7b-5707-4c78-9d55-146f1eddfc07":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Count","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"},"d2c68988-355e-446a-8212-8546978858fd":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"os.keyword: Descending","operationType":"terms","params":{"accuracyMode":true,"exclude":["\"???\""],"excludeIsRegex":true,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"9032cc7b-5707-4c78-9d55-146f1eddfc07","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"size":10},"scale":"ordinal","sourceField":"os.keyword"}},"ignoreGlobalFilters":false,"incompleteColumns":{}}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"kuery","query":"type : P0f"},"visualization":{"layers":[{"categoryDisplay":"hide","layerId":"3809081f-947e-49b2-bbc5-dd3dbff96d79","layerType":"data","legendDisplay":"show","legendSize":"large","metrics":["9032cc7b-5707-4c78-9d55-146f1eddfc07"],"nestedLegend":false,"numberDisplay":"percent","percentDecimals":0,"primaryGroups":["d2c68988-355e-446a-8212-8546978858fd"],"truncateLegend":true}],"shape":"donut"}},"title":"P0f OS Distribution","visualizationType":"lnsPie"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"7a2a7c9f-7cf1-4b0f-86ca-f50768b98a73","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-3809081f-947e-49b2-bbc5-dd3dbff96d79","type":"index-pattern"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"},{"id":"06f46ac0-8ebc-11ec-82b5-d375cfa90394","name":"tag-ref-06f46ac0-8ebc-11ec-82b5-d375cfa90394","type":"tag"}],"sort":[1767638649249,8589935255],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzE0NCwxXQ=="}
{"attributes":{"columns":[],"description":"","grid":{},"hideChart":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"type:\\\"Sentrypeer\\\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"tabs":[{"attributes":{"columns":[],"grid":{},"hideChart":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"type:\\\"Sentrypeer\\\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]]},"id":"7ed46e93-0477-4ea2-8455-104cb14db53f","label":"Untitled"}],"title":"Sentrypeer-Logs"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"7ac30870-957f-11ec-bc9b-ed66fe49aa9a","managed":false,"references":[{"id":"logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1767638649249,8589935257],"type":"search","typeMigrationVersion":"10.9.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzE0NSwxXQ=="}
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"67dbb5a6-1515-43d9-8d4b-8cbd9549b746":{"columnOrder":["2cdc54c2-20a7-4c7c-9428-279dd91377a6","dcf50dd8-a4a1-4c26-923a-d69762d4941d"],"columns":{"2cdc54c2-20a7-4c7c-9428-279dd91377a6":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"headers.host.keyword: Descending","operationType":"terms","params":{"accuracyMode":true,"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"dcf50dd8-a4a1-4c26-923a-d69762d4941d","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"size":10},"scale":"ordinal","sourceField":"hostname.keyword"},"dcf50dd8-a4a1-4c26-923a-d69762d4941d":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Count","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"}},"ignoreGlobalFilters":false,"incompleteColumns":{}}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"kuery","query":"type : H0neytr4p"},"visualization":{"layers":[{"categoryDisplay":"hide","emptySizeRatio":0.3,"layerId":"67dbb5a6-1515-43d9-8d4b-8cbd9549b746","layerType":"data","legendDisplay":"show","legendMaxLines":1,"legendPosition":"right","legendSize":"auto","metrics":["dcf50dd8-a4a1-4c26-923a-d69762d4941d"],"nestedLegend":true,"numberDisplay":"percent","percentDecimals":0,"primaryGroups":["2cdc54c2-20a7-4c7c-9428-279dd91377a6"],"secondaryGroups":[],"showValuesInLegend":true,"truncateLegend":true}],"palette":{"name":"kibana_palette","type":"palette"},"shape":"donut"}},"title":"H0neytr4p HTTP Hostname Pie - Top 10","visualizationType":"lnsPie"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"c4feb618-00a1-4df8-9f74-633096d4565d","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-67dbb5a6-1515-43d9-8d4b-8cbd9549b746","type":"index-pattern"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"},{"id":"50d4872d-45a3-4e23-97c0-2cbbe59fa5f2","name":"tag-ref-50d4872d-45a3-4e23-97c0-2cbbe59fa5f2","type":"tag"}],"sort":[1767638649249,8589935261],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzE0NiwxXQ=="}
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"53b84435-8dbc-4a4a-904f-38983e3db2d4":{"columnOrder":["768bf3e1-1ccc-4e65-a17d-d96bdd9d1df5","5f9be20e-0aea-420d-9e25-a0f6e4247691"],"columns":{"5f9be20e-0aea-420d-9e25-a0f6e4247691":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Count","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"},"768bf3e1-1ccc-4e65-a17d-d96bdd9d1df5":{"dataType":"string","isBucketed":true,"label":"Top 10 values of header_content-type.keyword","operationType":"terms","params":{"accuracyMode":true,"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"5f9be20e-0aea-420d-9e25-a0f6e4247691","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"size":10},"scale":"ordinal","sourceField":"header_content-type.keyword"}},"ignoreGlobalFilters":false,"incompleteColumns":{}}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"kuery","query":"type : H0neytr4p"},"visualization":{"layers":[{"categoryDisplay":"hide","emptySizeRatio":0.3,"layerId":"53b84435-8dbc-4a4a-904f-38983e3db2d4","layerType":"data","legendDisplay":"show","legendMaxLines":1,"legendPosition":"right","legendSize":"auto","metrics":["5f9be20e-0aea-420d-9e25-a0f6e4247691"],"nestedLegend":true,"numberDisplay":"percent","percentDecimals":0,"primaryGroups":["768bf3e1-1ccc-4e65-a17d-d96bdd9d1df5"],"secondaryGroups":[],"showValuesInLegend":true,"truncateLegend":true}],"palette":{"name":"kibana_palette","type":"palette"},"shape":"donut"}},"title":"H0neytr4p Content Type Pie - Top 10","visualizationType":"lnsPie"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"85aa63a7-5fe1-4f94-9a02-0a2a26415e86","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-53b84435-8dbc-4a4a-904f-38983e3db2d4","type":"index-pattern"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"},{"id":"50d4872d-45a3-4e23-97c0-2cbbe59fa5f2","name":"tag-ref-50d4872d-45a3-4e23-97c0-2cbbe59fa5f2","type":"tag"}],"sort":[1767638649249,8589935265],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzE0NywxXQ=="}
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"f901d3a7-1555-4223-9268-9c1fd860f4d0":{"columnOrder":["d1bfcf60-6a44-45fc-a264-8dfd90bf4de1","e7c08801-c946-4b7f-9eab-4caa943f9033","306f15dc-9734-4c0b-82ce-d93987d121f4"],"columns":{"306f15dc-9734-4c0b-82ce-d93987d121f4":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Count","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"},"d1bfcf60-6a44-45fc-a264-8dfd90bf4de1":{"dataType":"string","isBucketed":true,"label":"Top 10 values of trapped_for.keyword","operationType":"terms","params":{"accuracyMode":true,"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"306f15dc-9734-4c0b-82ce-d93987d121f4","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"size":10},"scale":"ordinal","sourceField":"trapped_for.keyword"},"e7c08801-c946-4b7f-9eab-4caa943f9033":{"dataType":"string","isBucketed":true,"label":"Top 3 values of trapped_risk_rating.keyword","operationType":"terms","params":{"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"306f15dc-9734-4c0b-82ce-d93987d121f4","type":"column"},"orderDirection":"desc","otherBucket":true,"parentFormat":{"id":"terms"},"size":3},"scale":"ordinal","sourceField":"trapped_risk_rating.keyword"}},"ignoreGlobalFilters":false,"incompleteColumns":{}}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"kuery","query":"type : H0neytr4p"},"visualization":{"layers":[{"categoryDisplay":"hide","emptySizeRatio":0.3,"layerId":"f901d3a7-1555-4223-9268-9c1fd860f4d0","layerType":"data","legendDisplay":"show","legendMaxLines":1,"legendPosition":"right","legendSize":"auto","metrics":["306f15dc-9734-4c0b-82ce-d93987d121f4"],"nestedLegend":true,"numberDisplay":"percent","percentDecimals":0,"primaryGroups":["d1bfcf60-6a44-45fc-a264-8dfd90bf4de1","e7c08801-c946-4b7f-9eab-4caa943f9033"],"secondaryGroups":[],"showValuesInLegend":true,"truncateLegend":true}],"palette":{"name":"kibana_palette","type":"palette"},"shape":"donut"}},"title":"H0neytr4p Trap Reason Pie - Top 10","visualizationType":"lnsPie"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"8fec43d0-fa58-46f8-989c-903e3127483a","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-f901d3a7-1555-4223-9268-9c1fd860f4d0","type":"index-pattern"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"},{"id":"50d4872d-45a3-4e23-97c0-2cbbe59fa5f2","name":"tag-ref-50d4872d-45a3-4e23-97c0-2cbbe59fa5f2","type":"tag"}],"sort":[1767638649249,8589935269],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzE0OCwxXQ=="}
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"c033cec3-e553-43c3-9f97-f6bfff3f8e1e":{"columnOrder":["cb559566-9f0d-467f-a97f-fa9ebd077978","a9d585ea-9c08-48cf-a351-217f11bd39e1"],"columns":{"a9d585ea-9c08-48cf-a351-217f11bd39e1":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Count","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"},"cb559566-9f0d-467f-a97f-fa9ebd077978":{"dataType":"string","isBucketed":true,"label":"Top 10 values of request_method.keyword","operationType":"terms","params":{"accuracyMode":true,"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"a9d585ea-9c08-48cf-a351-217f11bd39e1","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"size":10},"scale":"ordinal","sourceField":"request_method.keyword"}},"ignoreGlobalFilters":false,"incompleteColumns":{}}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"kuery","query":"type : H0neytr4p"},"visualization":{"layers":[{"categoryDisplay":"hide","emptySizeRatio":0.3,"layerId":"c033cec3-e553-43c3-9f97-f6bfff3f8e1e","layerType":"data","legendDisplay":"show","legendMaxLines":1,"legendPosition":"right","legendSize":"auto","metrics":["a9d585ea-9c08-48cf-a351-217f11bd39e1"],"nestedLegend":true,"numberDisplay":"percent","percentDecimals":0,"primaryGroups":["cb559566-9f0d-467f-a97f-fa9ebd077978"],"secondaryGroups":[],"showValuesInLegend":true,"truncateLegend":true}],"palette":{"name":"kibana_palette","type":"palette"},"shape":"donut"}},"title":"H0neytr4p HTTP Method Pie - Top 10","visualizationType":"lnsPie"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"ec5e9356-7a67-40c9-9d56-6cb0fd0a0e1e","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-c033cec3-e553-43c3-9f97-f6bfff3f8e1e","type":"index-pattern"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"},{"id":"50d4872d-45a3-4e23-97c0-2cbbe59fa5f2","name":"tag-ref-50d4872d-45a3-4e23-97c0-2cbbe59fa5f2","type":"tag"}],"sort":[1767638649249,8589935273],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzE0OSwxXQ=="}
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"c033cec3-e553-43c3-9f97-f6bfff3f8e1e":{"columnOrder":["5af86e8e-91e5-4614-8318-7d93eb556999","438cdb46-cb37-4083-8b17-9922d2f04e85","a9d585ea-9c08-48cf-a351-217f11bd39e1"],"columns":{"438cdb46-cb37-4083-8b17-9922d2f04e85":{"dataType":"number","isBucketed":true,"label":"DestPort","operationType":"range","params":{"includeEmptyRows":false,"maxBars":"auto","ranges":[{"from":0,"label":"","to":1000}],"type":"histogram"},"scale":"interval","sourceField":"dest_port"},"5af86e8e-91e5-4614-8318-7d93eb556999":{"dataType":"string","isBucketed":true,"label":"Top 5 values of protocol.keyword","operationType":"terms","params":{"accuracyMode":true,"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"a9d585ea-9c08-48cf-a351-217f11bd39e1","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"size":5},"scale":"ordinal","sourceField":"protocol.keyword"},"a9d585ea-9c08-48cf-a351-217f11bd39e1":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Count","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"}},"ignoreGlobalFilters":false,"incompleteColumns":{}}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"kuery","query":"type : H0neytr4p"},"visualization":{"layers":[{"categoryDisplay":"hide","emptySizeRatio":0.3,"layerId":"c033cec3-e553-43c3-9f97-f6bfff3f8e1e","layerType":"data","legendDisplay":"show","legendMaxLines":1,"legendPosition":"right","legendSize":"auto","metrics":["a9d585ea-9c08-48cf-a351-217f11bd39e1"],"nestedLegend":true,"numberDisplay":"percent","percentDecimals":0,"primaryGroups":["5af86e8e-91e5-4614-8318-7d93eb556999","438cdb46-cb37-4083-8b17-9922d2f04e85"],"secondaryGroups":[],"showValuesInLegend":true,"truncateLegend":true}],"palette":{"name":"kibana_palette","type":"palette"},"shape":"donut"}},"title":"H0neytr4p HTTP Protocol Pie","visualizationType":"lnsPie"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"da3a64e6-18e6-4fd1-9c9f-514d1fc08753","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-c033cec3-e553-43c3-9f97-f6bfff3f8e1e","type":"index-pattern"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"},{"id":"50d4872d-45a3-4e23-97c0-2cbbe59fa5f2","name":"tag-ref-50d4872d-45a3-4e23-97c0-2cbbe59fa5f2","type":"tag"}],"sort":[1767638649249,8589935277],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzE1MCwxXQ=="}
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"50aff316-b0ff-42be-848e-f3c7d32c7624":{"columnOrder":["4f6840c4-10df-40e4-a08d-d93af3f90841","1933097f-e6cd-46e1-b833-817b1d72b200"],"columns":{"1933097f-e6cd-46e1-b833-817b1d72b200":{"dataType":"number","isBucketed":false,"label":"Count of records","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"},"4f6840c4-10df-40e4-a08d-d93af3f90841":{"dataType":"string","isBucketed":true,"label":"Top 10 values of header_accept-language.keyword","operationType":"terms","params":{"accuracyMode":true,"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"1933097f-e6cd-46e1-b833-817b1d72b200","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"size":10},"scale":"ordinal","sourceField":"header_accept-language.keyword"}},"ignoreGlobalFilters":false,"incompleteColumns":{}}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"kuery","query":"type : H0neytr4p"},"visualization":{"layers":[{"categoryDisplay":"hide","emptySizeRatio":0.3,"layerId":"50aff316-b0ff-42be-848e-f3c7d32c7624","layerType":"data","legendDisplay":"show","legendMaxLines":1,"legendPosition":"right","legendSize":"auto","metrics":["1933097f-e6cd-46e1-b833-817b1d72b200"],"nestedLegend":true,"numberDisplay":"percent","percentDecimals":0,"primaryGroups":["4f6840c4-10df-40e4-a08d-d93af3f90841"],"secondaryGroups":[],"showValuesInLegend":true,"truncateLegend":true}],"palette":{"name":"kibana_palette","type":"palette"},"shape":"donut"}},"title":"H0neytr4p HTTP Language Pie - Top 10","visualizationType":"lnsPie"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"f0959fbd-a031-4c85-bdb6-3315c4de4e97","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-50aff316-b0ff-42be-848e-f3c7d32c7624","type":"index-pattern"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"},{"id":"50d4872d-45a3-4e23-97c0-2cbbe59fa5f2","name":"tag-ref-50d4872d-45a3-4e23-97c0-2cbbe59fa5f2","type":"tag"}],"sort":[1767638649249,8589935281],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzE1MSwxXQ=="}
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"6373f697-e61e-4edf-9cae-b96e6b7d74f8":{"columnOrder":["c5cad4d7-315a-449c-a4c6-2c41f61b9313","16edb289-de12-4ac7-ac4e-9c773669fa89","ac11053f-9aa2-4e0e-b184-85294c9bc478"],"columns":{"16edb289-de12-4ac7-ac4e-9c773669fa89":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"Trapped","operationType":"terms","params":{"accuracyMode":true,"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"ac11053f-9aa2-4e0e-b184-85294c9bc478","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"size":1},"scale":"ordinal","sourceField":"trapped.keyword"},"ac11053f-9aa2-4e0e-b184-85294c9bc478":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Count","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"},"c5cad4d7-315a-449c-a4c6-2c41f61b9313":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"URI","operationType":"terms","params":{"accuracyMode":true,"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"ac11053f-9aa2-4e0e-b184-85294c9bc478","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"size":10},"scale":"ordinal","sourceField":"request_uri.keyword"}},"ignoreGlobalFilters":false,"incompleteColumns":{}}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"kuery","query":"type : H0neytr4p"},"visualization":{"columns":[{"alignment":"left","colorMode":"text","columnId":"ac11053f-9aa2-4e0e-b184-85294c9bc478","palette":{"name":"status","params":{"continuity":"above","name":"status","rangeMax":null,"rangeMin":0,"reverse":false,"stops":[{"color":"#209280","stop":0},{"color":"#54b399","stop":20},{"color":"#d6bf57","stop":40},{"color":"#e7664c","stop":60},{"color":"#cc5642","stop":80}]},"type":"palette"}},{"columnId":"c5cad4d7-315a-449c-a4c6-2c41f61b9313","isMetric":false,"isTransposed":false},{"alignment":"left","columnId":"16edb289-de12-4ac7-ac4e-9c773669fa89","isMetric":false,"isTransposed":false}],"headerRowHeight":"single","headerRowHeightLines":1,"layerId":"6373f697-e61e-4edf-9cae-b96e6b7d74f8","layerType":"data","paging":{"enabled":true,"size":10},"rowHeight":"auto"}},"title":"H0neytr4p URI - Top 10","visualizationType":"lnsDatatable"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"83c89eca-c470-45f5-af71-aa7ff3c950f9","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-6373f697-e61e-4edf-9cae-b96e6b7d74f8","type":"index-pattern"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"},{"id":"50d4872d-45a3-4e23-97c0-2cbbe59fa5f2","name":"tag-ref-50d4872d-45a3-4e23-97c0-2cbbe59fa5f2","type":"tag"}],"sort":[1767638649249,8589935285],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzE1MiwxXQ=="}
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"6373f697-e61e-4edf-9cae-b96e6b7d74f8":{"columnOrder":["2b9c8550-ab67-4c1c-b2b1-526865f45608","a6ae77bd-5f35-4119-9c20-436cd8271c97","3e7688c9-0ba8-4dc2-b707-88a1131c8185","ac11053f-9aa2-4e0e-b184-85294c9bc478"],"columns":{"2b9c8550-ab67-4c1c-b2b1-526865f45608":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"Payload Filename","operationType":"terms","params":{"accuracyMode":true,"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"ac11053f-9aa2-4e0e-b184-85294c9bc478","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"secondaryFields":[],"size":10},"scale":"ordinal","sourceField":"payload_filename.keyword"},"3e7688c9-0ba8-4dc2-b707-88a1131c8185":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"Trapped Reason","operationType":"terms","params":{"accuracyMode":true,"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"ac11053f-9aa2-4e0e-b184-85294c9bc478","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"size":1},"scale":"ordinal","sourceField":"trapped_for.keyword"},"a6ae77bd-5f35-4119-9c20-436cd8271c97":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"Trapped","operationType":"terms","params":{"accuracyMode":true,"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"ac11053f-9aa2-4e0e-b184-85294c9bc478","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"size":1},"scale":"ordinal","sourceField":"trapped.keyword"},"ac11053f-9aa2-4e0e-b184-85294c9bc478":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Count","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"}},"ignoreGlobalFilters":false,"incompleteColumns":{}}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"kuery","query":"type : H0neytr4p"},"visualization":{"columns":[{"alignment":"left","colorMode":"text","columnId":"ac11053f-9aa2-4e0e-b184-85294c9bc478","palette":{"name":"status","params":{"continuity":"above","name":"status","rangeMax":null,"rangeMin":0,"reverse":false,"stops":[{"color":"#209280","stop":0},{"color":"#54b399","stop":20},{"color":"#d6bf57","stop":40},{"color":"#e7664c","stop":60},{"color":"#cc5642","stop":80}]},"type":"palette"}},{"columnId":"2b9c8550-ab67-4c1c-b2b1-526865f45608","isMetric":false,"isTransposed":false},{"columnId":"a6ae77bd-5f35-4119-9c20-436cd8271c97","isMetric":false,"isTransposed":false},{"columnId":"3e7688c9-0ba8-4dc2-b707-88a1131c8185","isMetric":false,"isTransposed":false}],"headerRowHeight":"single","headerRowHeightLines":1,"layerId":"6373f697-e61e-4edf-9cae-b96e6b7d74f8","layerType":"data","paging":{"enabled":true,"size":10},"rowHeight":"auto"}},"title":"H0neytr4p Payload Filename - Top 10","visualizationType":"lnsDatatable"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"8b21940e-f586-4f47-abd0-569a9665d5f3","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-6373f697-e61e-4edf-9cae-b96e6b7d74f8","type":"index-pattern"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"},{"id":"50d4872d-45a3-4e23-97c0-2cbbe59fa5f2","name":"tag-ref-50d4872d-45a3-4e23-97c0-2cbbe59fa5f2","type":"tag"}],"sort":[1767638649249,8589935289],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzE1MywxXQ=="}
{"attributes":{"description":"H0neytr4p Dashboard","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"type : H0neytr4p\",\"language\":\"lucene\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":true,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":0,\"w\":14,\"h\":7,\"i\":\"117b3574-0eb7-4c72-816c-fc8e0516bbdb\"},\"panelIndex\":\"117b3574-0eb7-4c72-816c-fc8e0516bbdb\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_117b3574-0eb7-4c72-816c-fc8e0516bbdb\"},{\"type\":\"lens\",\"gridData\":{\"x\":14,\"y\":0,\"w\":10,\"h\":7,\"i\":\"b4b8c242-0f0d-416b-95ac-278afd9e8de1\"},\"panelIndex\":\"b4b8c242-0f0d-416b-95ac-278afd9e8de1\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true},\"panelRefName\":\"panel_b4b8c242-0f0d-416b-95ac-278afd9e8de1\"},{\"type\":\"map\",\"gridData\":{\"x\":24,\"y\":0,\"w\":24,\"h\":17,\"i\":\"e962e0e6-3013-46c9-bdf7-0805041edb8b\"},\"panelIndex\":\"e962e0e6-3013-46c9-bdf7-0805041edb8b\",\"embeddableConfig\":{\"mapCenter\":{\"lat\":17.85176,\"lon\":13.36745,\"zoom\":0.98},\"mapBuffer\":{\"minLon\":-180,\"minLat\":-85.05113,\"maxLon\":360,\"maxLat\":85.05113},\"isLayerTOCOpen\":false,\"openTOCDetails\":[],\"hiddenLayers\":[],\"enhancements\":{}},\"panelRefName\":\"panel_e962e0e6-3013-46c9-bdf7-0805041edb8b\"},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":7,\"w\":24,\"h\":10,\"i\":\"acf0b92f-055a-413e-94b9-db77f13992e9\"},\"panelIndex\":\"acf0b92f-055a-413e-94b9-db77f13992e9\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_acf0b92f-055a-413e-94b9-db77f13992e9\"},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":17,\"w\":12,\"h\":10,\"i\":\"1ced9560-ece7-40dd-b553-21bad52506f9\"},\"panelIndex\":\"1ced9560-ece7-40dd-b553-21bad52506f9\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1ced9560-ece7-40dd-b553-21bad52506f9\"},{\"type\":\"lens\",\"gridData\":{\"x\":12,\"y\":17,\"w\":12,\"h\":10,\"i\":\"a9db7eb5-60ad-4dc4-b07e-f6e003c4f32d\"},\"panelIndex\":\"a9db7eb5-60ad-4dc4-b07e-f6e003c4f32d\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_a9db7eb5-60ad-4dc4-b07e-f6e003c4f32d\"},{\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":17,\"w\":24,\"h\":10,\"i\":\"d301df5c-2d69-4acc-bde5-cc1c7e304f47\"},\"panelIndex\":\"d301df5c-2d69-4acc-bde5-cc1c7e304f47\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_d301df5c-2d69-4acc-bde5-cc1c7e304f47\"},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":27,\"w\":12,\"h\":10,\"i\":\"b5a7f7c1-217d-4684-80a4-1d30523e80cb\"},\"panelIndex\":\"b5a7f7c1-217d-4684-80a4-1d30523e80cb\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_b5a7f7c1-217d-4684-80a4-1d30523e80cb\"},{\"type\":\"lens\",\"gridData\":{\"x\":12,\"y\":27,\"w\":12,\"h\":10,\"i\":\"63c3a852-7da8-4d86-aefb-6bd451ab6ec5\"},\"panelIndex\":\"63c3a852-7da8-4d86-aefb-6bd451ab6ec5\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_63c3a852-7da8-4d86-aefb-6bd451ab6ec5\"},{\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":27,\"w\":12,\"h\":10,\"i\":\"c328cacb-9e7d-4c82-a396-2e492c37b602\"},\"panelIndex\":\"c328cacb-9e7d-4c82-a396-2e492c37b602\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_c328cacb-9e7d-4c82-a396-2e492c37b602\"},{\"type\":\"lens\",\"gridData\":{\"x\":36,\"y\":27,\"w\":12,\"h\":10,\"i\":\"a5fde607-4fcf-474a-b83d-e8f970a8ac9f\"},\"panelIndex\":\"a5fde607-4fcf-474a-b83d-e8f970a8ac9f\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_a5fde607-4fcf-474a-b83d-e8f970a8ac9f\"},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":37,\"w\":12,\"h\":10,\"i\":\"9f1ebdb8-d66a-4a1d-b52b-101e0f43b972\"},\"panelIndex\":\"9f1ebdb8-d66a-4a1d-b52b-101e0f43b972\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_9f1ebdb8-d66a-4a1d-b52b-101e0f43b972\"},{\"type\":\"lens\",\"gridData\":{\"x\":12,\"y\":37,\"w\":12,\"h\":10,\"i\":\"a18c7353-fd07-4965-871a-2e0cddf14369\"},\"panelIndex\":\"a18c7353-fd07-4965-871a-2e0cddf143
{"attributes":{"description":"","state":{"datasourceStates":{"formBased":{"layers":{"890c6b33-6f7f-4c6f-9343-be26791435d1":{"columnOrder":["fd46bee8-d1d7-481a-bb6e-3620c4985307","dcbf4636-5343-46cf-aa13-8427c314e6ab"],"columns":{"dcbf4636-5343-46cf-aa13-8427c314e6ab":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Attacks","operationType":"count","scale":"ratio","sourceField":"___records___"},"fd46bee8-d1d7-481a-bb6e-3620c4985307":{"dataType":"date","isBucketed":true,"label":"@timestamp","operationType":"date_histogram","params":{"includeEmptyRows":true,"interval":"auto"},"scale":"interval","sourceField":"@timestamp"}},"incompleteColumns":{}}}}},"filters":[],"query":{"language":"kuery","query":""},"visualization":{"axisTitlesVisibilitySettings":{"x":false,"yLeft":false,"yRight":true},"fittingFunction":"None","gridlinesVisibilitySettings":{"x":false,"yLeft":false,"yRight":true},"hideEndzones":true,"labelsOrientation":{"x":0,"yLeft":0,"yRight":0},"layers":[{"accessors":["dcbf4636-5343-46cf-aa13-8427c314e6ab"],"layerId":"890c6b33-6f7f-4c6f-9343-be26791435d1","layerType":"data","position":"top","seriesType":"line","showGridlines":false,"xAccessor":"fd46bee8-d1d7-481a-bb6e-3620c4985307"}],"legend":{"isVisible":true,"legendSize":"auto","position":"right"},"preferredSeriesType":"line","tickLabelsVisibilitySettings":{"x":false,"yLeft":false,"yRight":true},"valueLabels":"hide","yLeftExtent":{"mode":"full"},"yRightExtent":{"mode":"full"}}},"title":"T-Pot Attacks Sparkline","visualizationType":"lnsXY"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"7e089ce0-6e77-11ec-a667-cfa2ee57ea38","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logstash-*","name":"indexpattern-datasource-layer-890c6b33-6f7f-4c6f-9343-be26791435d1","type":"index-pattern"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"}],"sort":[1767638649249,8589935317],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzE1NSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Glutton Flow Direction","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Glutton Flow Direction\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"isDonut\":true,\"legendPosition\":\"right\",\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"direction.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"7e9a7d20-e858-11e8-97df-bbc3de28ece0","managed":false,"references":[{"id":"385ea460-ad22-11e8-942c-a39712fa9ddf","name":"search_0","type":"search"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"},{"id":"c66acf80-8ebb-11ec-82b5-d375cfa90394","name":"tag-ref-c66acf80-8ebb-11ec-82b5-d375cfa90394","type":"tag"}],"sort":[1767638649249,8589935321],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzE1NiwxXQ=="}
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"e8ec1abb-4881-4dc4-ad97-c184fa4faf6b":{"columnOrder":["abcbe56c-00d0-4074-a44c-ee930368a57c","2a1a6f0d-6149-4b9b-9c22-5b9a2422473c"],"columns":{"2a1a6f0d-6149-4b9b-9c22-5b9a2422473c":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Count","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"},"abcbe56c-00d0-4074-a44c-ee930368a57c":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"geoip.country_name.keyword: Descending","operationType":"terms","params":{"accuracyMode":true,"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"2a1a6f0d-6149-4b9b-9c22-5b9a2422473c","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"size":10},"scale":"ordinal","sourceField":"geoip.country_name.keyword"}},"ignoreGlobalFilters":false,"incompleteColumns":{}}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"kuery","query":"type : Suricata"},"visualization":{"layers":[{"categoryDisplay":"hide","emptySizeRatio":0.3,"layerId":"e8ec1abb-4881-4dc4-ad97-c184fa4faf6b","layerType":"data","legendDisplay":"show","legendMaxLines":1,"legendPosition":"right","legendSize":"auto","metrics":["2a1a6f0d-6149-4b9b-9c22-5b9a2422473c"],"nestedLegend":true,"numberDisplay":"percent","percentDecimals":0,"primaryGroups":["abcbe56c-00d0-4074-a44c-ee930368a57c"],"secondaryGroups":[],"showValuesInLegend":true,"truncateLegend":true}],"palette":{"name":"kibana_palette","type":"palette"},"shape":"donut"}},"title":"Suricata Countries - Top 10","visualizationType":"lnsPie"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"7f1d7d38-c48d-488d-b3a2-e580d2699a15","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-e8ec1abb-4881-4dc4-ad97-c184fa4faf6b","type":"index-pattern"},{"id":"1324d6e0-8ebc-11ec-82b5-d375cfa90394","name":"tag-ref-1324d6e0-8ebc-11ec-82b5-d375cfa90394","type":"tag"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"}],"sort":[1767638649249,8589935325],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzE1NywxXQ=="}
{"attributes":{"description":"","layerListJSON":"[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true,\"lightModeDefault\":\"road_map\"},\"id\":\"959945a7-2a3f-4922-9a90-2758b9c27c88\",\"label\":\"Map\",\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"includeInFitToBounds\":true,\"type\":\"EMS_VECTOR_TILE\",\"areLabelsOnTop\":false},{\"sourceDescriptor\":{\"geoField\":\"geoip.location\",\"requestType\":\"heatmap\",\"id\":\"41e200d3-a1b0-4b60-afa4-294ca69a6e8f\",\"type\":\"ES_GEO_GRID\",\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"applyForceRefresh\":true,\"metrics\":[{\"type\":\"count\",\"label\":\"Attacks\"}],\"resolution\":\"MOST_FINE\",\"indexPatternRefName\":\"layer_1_source_index_pattern\"},\"id\":\"fb70638c-b285-4292-bb2f-5c3517e11656\",\"label\":\"Attacker Source IP\",\"minZoom\":0,\"maxZoom\":24,\"alpha\":0.75,\"visible\":true,\"style\":{\"type\":\"HEATMAP\",\"colorRampName\":\"theclassic\"},\"includeInFitToBounds\":true,\"type\":\"HEATMAP\"},{\"sourceDescriptor\":{\"geoField\":\"geoip_ext.location\",\"requestType\":\"heatmap\",\"id\":\"e7f690ab-17ac-4df2-a460-7478afaee1ac\",\"type\":\"ES_GEO_GRID\",\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"applyForceRefresh\":true,\"metrics\":[{\"type\":\"count\",\"label\":\"Attacks\"}],\"resolution\":\"MOST_FINE\",\"indexPatternRefName\":\"layer_2_source_index_pattern\"},\"id\":\"ccc39255-ecaa-4aa8-a9e1-e353eeff31b8\",\"label\":\"T-Pot Ext. IP (Destination)\",\"minZoom\":0,\"maxZoom\":24,\"alpha\":0.75,\"visible\":true,\"style\":{\"type\":\"HEATMAP\",\"colorRampName\":\"theclassic\"},\"includeInFitToBounds\":true,\"type\":\"HEATMAP\"},{\"sourceDescriptor\":{\"sourceGeoField\":\"geoip.location\",\"destGeoField\":\"geoip_ext.location\",\"id\":\"e99e1ac5-3ae4-4e32-89c3-cce32d9f821d\",\"type\":\"ES_PEW_PEW\",\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"applyForceRefresh\":true,\"metrics\":[{\"type\":\"count\",\"label\":\"Attacks\"}],\"indexPatternRefName\":\"layer_3_source_index_pattern\"},\"style\":{\"type\":\"VECTOR\",\"properties\":{\"icon\":{\"type\":\"STATIC\",\"options\":{\"value\":\"marker\"}},\"fillColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#54B399\"}},\"lineColor\":{\"type\":\"DYNAMIC\",\"options\":{\"color\":\"theclassic\",\"colorCategory\":\"palette_30\",\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":true,\"sigma\":3},\"type\":\"ORDINAL\",\"useCustomColorRamp\":false,\"useCustomColorPalette\":false,\"customColorRamp\":[{\"stop\":0,\"color\":\"#FF0000\"}]}},\"lineWidth\":{\"type\":\"DYNAMIC\",\"options\":{\"minSize\":2,\"maxSize\":6,\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":true,\"sigma\":3}}},\"iconSize\":{\"type\":\"STATIC\",\"options\":{\"size\":6}},\"iconOrientation\":{\"type\":\"STATIC\",\"options\":{\"orientation\":0}},\"labelText\":{\"type\":\"STATIC\",\"options\":{\"value\":\"\"}},\"labelColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#FFFFFF\"}},\"labelSize\":{\"type\":\"STATIC\",\"options\":{\"size\":14}},\"labelBorderColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#000000\"}},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}}},\"isTimeAware\":true},\"id\":\"ef8cec3a-cdbe-4fee-9241-1f22f79f209f\",\"label\":\"Attack Paths\",\"minZoom\":0,\"maxZoom\":24,\"alpha\":0.75,\"visible\":true,\"includeInFitToBounds\":true,\"type\":\"GEOJSON_VECTOR\",\"joins\":[]}]","mapStateJSON":"{\"zoom\":2.16,\"center\":{\"lon\":14.58777,\"lat\":24.25621},\"timeFilters\":{\"from\":\"now-24h/h\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":true,\"backgroundColor\":\"#1D1E24\",\"customIcons\":[],\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"AUTO_FIT_TO_BOUNDS\",\"fixedLocation\":{\"lat\":0,\
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"currentIndexPatternId":"logstash-*","layers":{"86caa2ff-b371-49c4-aaa6-b4a7c1c61f3e":{"columnOrder":["bb2085d2-9033-4a63-918a-6e22d5fc75c0"],"columns":{"bb2085d2-9033-4a63-918a-6e22d5fc75c0":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Attacks","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___","timeShift":""}},"ignoreGlobalFilters":false,"incompleteColumns":{},"indexPatternId":"logstash-*"},"dee10866-eee2-4031-9d10-cb72f0255534":{"columnOrder":["7744e967-273c-4121-aa2b-6861dab9d152","76b8f1fd-acf0-4270-964c-366213abd842"],"columns":{"76b8f1fd-acf0-4270-964c-366213abd842":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Attacks","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___","timeShift":""},"7744e967-273c-4121-aa2b-6861dab9d152":{"dataType":"date","isBucketed":true,"label":"@timestamp","operationType":"date_histogram","params":{"dropPartials":false,"includeEmptyRows":true,"interval":"auto"},"scale":"interval","sourceField":"@timestamp"}},"ignoreGlobalFilters":false,"incompleteColumns":{},"indexPatternId":"logstash-*","linkToLayers":["86caa2ff-b371-49c4-aaa6-b4a7c1c61f3e"],"sampling":1}}},"indexpattern":{"currentIndexPatternId":"logstash-*","layers":{}},"textBased":{"indexPatternRefs":[{"id":"logstash-*","timeField":"@timestamp","title":"logstash-*"}],"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"kuery","query":""},"visualization":{"layerId":"86caa2ff-b371-49c4-aaa6-b4a7c1c61f3e","layerType":"data","metricAccessor":"bb2085d2-9033-4a63-918a-6e22d5fc75c0","showBar":false,"trendlineLayerId":"dee10866-eee2-4031-9d10-cb72f0255534","trendlineLayerType":"metricTrendline","trendlineMetricAccessor":"76b8f1fd-acf0-4270-964c-366213abd842","trendlineTimeAccessor":"7744e967-273c-4121-aa2b-6861dab9d152"}},"title":"Honeypot Attacks - Total (converted)","visualizationType":"lnsMetric"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"ee9e1dc0-08db-49bb-811f-7f20399ea5d1","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-86caa2ff-b371-49c4-aaa6-b4a7c1c61f3e","type":"index-pattern"},{"id":"logstash-*","name":"indexpattern-datasource-layer-dee10866-eee2-4031-9d10-cb72f0255534","type":"index-pattern"}],"sort":[1767638649249,8589935333],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzE1OSwxXQ=="}
{"attributes":{"description":"","state":{"datasourceStates":{"formBased":{"layers":{"a7add055-4cdf-4f04-aa7d-00755ea2400c":{"columnOrder":["6d255acb-886e-46fb-a5f3-542004fbb6fa","2cea1993-e42b-434e-92f6-e0448828b6f1","bafc359d-86c2-4011-b6e5-47b37b927588"],"columns":{"2cea1993-e42b-434e-92f6-e0448828b6f1":{"dataType":"date","isBucketed":true,"label":"@timestamp","operationType":"date_histogram","params":{"includeEmptyRows":true,"interval":"auto"},"scale":"interval","sourceField":"@timestamp"},"6d255acb-886e-46fb-a5f3-542004fbb6fa":{"dataType":"string","isBucketed":true,"label":"Top values of geoip.country_name.keyword","operationType":"terms","params":{"missingBucket":false,"orderBy":{"columnId":"bafc359d-86c2-4011-b6e5-47b37b927588","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"size":5},"scale":"ordinal","sourceField":"geoip.country_name.keyword"},"bafc359d-86c2-4011-b6e5-47b37b927588":{"dataType":"number","isBucketed":false,"label":"Count of records","operationType":"count","scale":"ratio","sourceField":"___records___"}},"incompleteColumns":{}}}}},"filters":[],"query":{"language":"kuery","query":""},"visualization":{"axisTitlesVisibilitySettings":{"x":false,"yLeft":false,"yRight":true},"curveType":"LINEAR","gridlinesVisibilitySettings":{"x":false,"yLeft":false,"yRight":true},"hideEndzones":true,"layers":[{"accessors":["bafc359d-86c2-4011-b6e5-47b37b927588"],"layerId":"a7add055-4cdf-4f04-aa7d-00755ea2400c","layerType":"data","position":"top","seriesType":"line","showGridlines":false,"splitAccessor":"6d255acb-886e-46fb-a5f3-542004fbb6fa","xAccessor":"2cea1993-e42b-434e-92f6-e0448828b6f1"}],"legend":{"isVisible":false,"legendSize":"auto","position":"right","showSingleSeries":false},"preferredSeriesType":"line","tickLabelsVisibilitySettings":{"x":false,"yLeft":false,"yRight":true},"title":"Empty XY chart","valueLabels":"hide","yLeftExtent":{"mode":"full"},"yRightExtent":{"mode":"full"}}},"title":"T-Pot Attacks by Country Sparkline","visualizationType":"lnsXY"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"b5c312e0-6e8c-11ec-a667-cfa2ee57ea38","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-current-indexpattern","type":"index-pattern"},{"id":"logstash-*","name":"indexpattern-datasource-layer-a7add055-4cdf-4f04-aa7d-00755ea2400c","type":"index-pattern"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"}],"sort":[1767638649249,8589935337],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzE2MCwxXQ=="}
{"attributes":{"columns":["t-pot_hostname","type","dest_port","geoip.country_code3"],"description":"","grid":{},"hideChart":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}},\"require_field_match\":false,\"fragment_size\":2147483647},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"highlightAll\":true,\"version\":true,\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"tabs":[{"attributes":{"columns":["t-pot_hostname","type","dest_port","geoip.country_code3"],"grid":{},"hideChart":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}},\"require_field_match\":false,\"fragment_size\":2147483647},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"highlightAll\":true,\"version\":true,\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]]},"id":"7eae0994-deac-40b8-a8a2-47faa196ef4f","label":"Untitled"}],"title":"T-Pot Attack Log"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"87e9e9b0-6e47-11ec-a667-cfa2ee57ea38","managed":false,"references":[{"id":"logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1767638649249,8589935339],"type":"search","typeMigrationVersion":"10.9.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzE2MSwxXQ=="}
{"attributes":{"description":"T-Pot Live Attack Map","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"type : Adbhoney Beelzebub Ciscoasa CitrixHoneypot ConPot Cowrie Ddospot Dicompot Dionaea ElasticPot Endlessh Galah Go-pot Glutton Hellpot Heralding Honeyaml Honeytrap Honeypots Log4pot Ipphoney Mailoney Medpot Miniprint Redishoneypot Sentrypeer Tanner Wordpot\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":true,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"type\":\"map\",\"gridData\":{\"x\":0,\"y\":0,\"w\":30,\"h\":37,\"i\":\"75b6ab16-bb78-423e-97ff-db3f11011d9b\"},\"panelIndex\":\"75b6ab16-bb78-423e-97ff-db3f11011d9b\",\"embeddableConfig\":{\"mapCenter\":{\"lat\":51.0593,\"lon\":8.7823,\"zoom\":17},\"mapBuffer\":{\"minLon\":8.77808,\"minLat\":51.05693,\"maxLon\":8.78632,\"maxLat\":51.06211},\"isLayerTOCOpen\":false,\"openTOCDetails\":[],\"hiddenLayers\":[],\"enhancements\":{},\"timeRange\":{\"from\":\"now-1m\",\"to\":\"now\"},\"filterByMapExtent\":false},\"panelRefName\":\"panel_75b6ab16-bb78-423e-97ff-db3f11011d9b\"},{\"type\":\"lens\",\"gridData\":{\"x\":30,\"y\":0,\"w\":6,\"h\":5,\"i\":\"bf839ec1-a612-4120-b217-fbbae0402b14\"},\"panelIndex\":\"bf839ec1-a612-4120-b217-fbbae0402b14\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"attributes\":{\"title\":\"Honeypot Attacks - Total (converted)\",\"description\":\"\",\"visualizationType\":\"lnsMetric\",\"state\":{\"visualization\":{\"layerId\":\"86caa2ff-b371-49c4-aaa6-b4a7c1c61f3e\",\"layerType\":\"data\",\"metricAccessor\":\"bb2085d2-9033-4a63-918a-6e22d5fc75c0\",\"showBar\":false,\"trendlineLayerId\":\"dee10866-eee2-4031-9d10-cb72f0255534\",\"trendlineLayerType\":\"metricTrendline\",\"trendlineTimeAccessor\":\"7744e967-273c-4121-aa2b-6861dab9d152\",\"trendlineMetricAccessor\":\"76b8f1fd-acf0-4270-964c-366213abd842\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"86caa2ff-b371-49c4-aaa6-b4a7c1c61f3e\":{\"ignoreGlobalFilters\":false,\"columns\":{\"bb2085d2-9033-4a63-918a-6e22d5fc75c0\":{\"label\":\"Attacks\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true},\"customLabel\":true,\"timeShift\":\"\"}},\"columnOrder\":[\"bb2085d2-9033-4a63-918a-6e22d5fc75c0\"],\"incompleteColumns\":{},\"indexPatternId\":\"logstash-*\"},\"dee10866-eee2-4031-9d10-cb72f0255534\":{\"linkToLayers\":[\"86caa2ff-b371-49c4-aaa6-b4a7c1c61f3e\"],\"columns\":{\"7744e967-273c-4121-aa2b-6861dab9d152\":{\"label\":\"@timestamp\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"@timestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\",\"includeEmptyRows\":true,\"dropPartials\":false}},\"76b8f1fd-acf0-4270-964c-366213abd842\":{\"label\":\"Attacks\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true},\"customLabel\":true,\"timeShift\":\"\"}},\"columnOrder\":[\"7744e967-273c-4121-aa2b-6861dab9d152\",\"76b8f1fd-acf0-4270-964c-366213abd842\"],\"sampling\":1,\"ignoreGlobalFilters\":false,\"incompleteColumns\":{},\"indexPatternId\":\"logstash-*\"}},\"currentIndexPatternId\":\"logstash-*\"},\"indexpattern\":{\"layers\":{},\"currentIndexPatternId\":\"logstash-*\"},\"textBased\":{\"layers\":{},\"indexPatternRefs\":[{\"id\":\"logstash-*\",\"title\":\"logstash-*\",\"timeField\":\"@timestamp\"}]}},\"internalReferences\":[],\"adHocDataViews\":{}},\"references\":[{\"id\":\"logstash-*\",\"name\":\"indexpattern-datasource-layer-86caa2ff-b371-49c4-aaa6-b4a7c1c61f3e\",\"type\":\"index-pattern\"},{\"id\":\"logstash-*\",\"name\":\"indexpattern-datasource-layer-dee10866-eee2-4031-9d10-cb72f0255534\",\"type\":\"index-pattern\"}],\"type\":\"lens\"},\"timeRange\":{\"from\":\"now-1m\",\"to\":\"now\"},\"enhancements\":{}},\"title\":\"\",\"panelRefName\":\"panel_bf839ec1-a612-4120-
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"057b6001-8667-4c6a-a6ca-adb51a7eb3b5":{"columnOrder":["6db4d46e-af7e-4253-a251-b59008ff43ea","4ca3dd9b-5521-493a-a570-f17b550b553e","da1b1493-6197-43c1-ae5c-fd4357833606"],"columns":{"4ca3dd9b-5521-493a-a570-f17b550b553e":{"customLabel":true,"dataType":"date","isBucketed":true,"label":"Timestamp","operationType":"date_histogram","params":{"dropPartials":true,"includeEmptyRows":true,"interval":"auto"},"scale":"interval","sourceField":"@timestamp"},"6db4d46e-af7e-4253-a251-b59008ff43ea":{"customLabel":true,"dataType":"number","isBucketed":true,"label":"Destination Port","operationType":"terms","params":{"accuracyMode":true,"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"da1b1493-6197-43c1-ae5c-fd4357833606","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"size":10},"scale":"ordinal","sourceField":"dest_port"},"da1b1493-6197-43c1-ae5c-fd4357833606":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Count","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"}},"ignoreGlobalFilters":false,"incompleteColumns":{}}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"kuery","query":"type : Glutton"},"visualization":{"gridConfig":{"isCellLabelVisible":false,"isXAxisLabelVisible":true,"isXAxisTitleVisible":true,"isYAxisLabelVisible":true,"isYAxisTitleVisible":true,"type":"heatmap_grid"},"layerId":"057b6001-8667-4c6a-a6ca-adb51a7eb3b5","layerType":"data","legend":{"position":"right","type":"heatmap_legend"},"palette":{"accessor":"da1b1493-6197-43c1-ae5c-fd4357833606","name":"custom","params":{"colorStops":[{"color":"#006837","stop":0},{"color":"#1E974F","stop":10},{"color":"#65BC62","stop":20},{"color":"#A5D96B","stop":30},{"color":"#D8EF8C","stop":40},{"color":"#FEFEBD","stop":50},{"color":"#FEDF8B","stop":60},{"color":"#FDAD61","stop":70},{"color":"#F36D43","stop":80},{"color":"#D63129","stop":90}],"continuity":"none","maxSteps":5,"name":"custom","progression":"fixed","rangeMax":100,"rangeMin":0,"rangeType":"percent","reverse":false,"stops":[{"color":"#006837","stop":10},{"color":"#1E974F","stop":20},{"color":"#65BC62","stop":30},{"color":"#A5D96B","stop":40},{"color":"#D8EF8C","stop":50},{"color":"#FEFEBD","stop":60},{"color":"#FEDF8B","stop":70},{"color":"#FDAD61","stop":80},{"color":"#F36D43","stop":90},{"color":"#D63129","stop":100}]},"type":"palette"},"shape":"heatmap","valueAccessor":"da1b1493-6197-43c1-ae5c-fd4357833606","xAccessor":"4ca3dd9b-5521-493a-a570-f17b550b553e","yAccessor":"6db4d46e-af7e-4253-a251-b59008ff43ea"}},"title":"Glutton Heatmap","visualizationType":"lnsHeatmap"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"f9380094-391f-4d5d-85d8-f3a71d028eac","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-057b6001-8667-4c6a-a6ca-adb51a7eb3b5","type":"index-pattern"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"},{"id":"c66acf80-8ebb-11ec-82b5-d375cfa90394","name":"tag-ref-c66acf80-8ebb-11ec-82b5-d375cfa90394","type":"tag"}],"sort":[1767638649249,8589935355],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzE2MywxXQ=="}
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"e7e49e84-2bee-42c1-b76d-71ec950c9cf9":{"columnOrder":["622f79e9-1e92-4381-af4d-8ddb95bd008d","0b37ee78-bbe2-4fa1-b7ed-37027a08a693"],"columns":{"0b37ee78-bbe2-4fa1-b7ed-37027a08a693":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Count","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"},"622f79e9-1e92-4381-af4d-8ddb95bd008d":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"handler.keyword: Descending","operationType":"terms","params":{"accuracyMode":true,"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"0b37ee78-bbe2-4fa1-b7ed-37027a08a693","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"size":10},"scale":"ordinal","sourceField":"handler.keyword"}},"ignoreGlobalFilters":false,"incompleteColumns":{}}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"kuery","query":"type : Glutton"},"visualization":{"layers":[{"categoryDisplay":"hide","emptySizeRatio":0.3,"layerId":"e7e49e84-2bee-42c1-b76d-71ec950c9cf9","layerType":"data","legendDisplay":"show","legendMaxLines":1,"legendPosition":"right","legendSize":"auto","metrics":["0b37ee78-bbe2-4fa1-b7ed-37027a08a693"],"nestedLegend":false,"numberDisplay":"percent","percentDecimals":2,"primaryGroups":["622f79e9-1e92-4381-af4d-8ddb95bd008d"],"secondaryGroups":[],"showValuesInLegend":true,"truncateLegend":true}],"palette":{"name":"kibana_palette","type":"palette"},"shape":"donut"}},"title":"Glutton Handler","visualizationType":"lnsPie"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"cdd67f30-8ed7-471e-83b1-4a4ebdbe0c86","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-e7e49e84-2bee-42c1-b76d-71ec950c9cf9","type":"index-pattern"},{"id":"c66acf80-8ebb-11ec-82b5-d375cfa90394","name":"tag-ref-c66acf80-8ebb-11ec-82b5-d375cfa90394","type":"tag"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"}],"sort":[1767638649249,8589935359],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzE2NCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"type.keyword:\\\"Glutton\\\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Glutton Payload Hex - Top 10","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Glutton Payload Hex - Top 10\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Count\",\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"payload_hex.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Payload Hex\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"showToolbar\":false,\"percentageCol\":\"\",\"autoFitRowToContent\":false}}"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"a001a350-e85b-11e8-97df-bbc3de28ece0","managed":false,"references":[{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"},{"id":"c66acf80-8ebb-11ec-82b5-d375cfa90394","name":"tag-ref-c66acf80-8ebb-11ec-82b5-d375cfa90394","type":"tag"},{"id":"385ea460-ad22-11e8-942c-a39712fa9ddf","name":"search_0","type":"search"}],"sort":[1767638649249,8589935363],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzE2NSwxXQ=="}
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"990a08fa-cc1b-4a55-ad94-25f12277f4b1":{"columnOrder":["a52d52ef-b6e8-409f-b2e5-8002ee6cfc20","4b021cd6-0dfb-4e2d-8a7d-b7a566dc729d"],"columns":{"4b021cd6-0dfb-4e2d-8a7d-b7a566dc729d":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Count","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"},"a52d52ef-b6e8-409f-b2e5-8002ee6cfc20":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"Msg","operationType":"terms","params":{"accuracyMode":true,"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"4b021cd6-0dfb-4e2d-8a7d-b7a566dc729d","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"size":10},"scale":"ordinal","sourceField":"msg.keyword"}},"ignoreGlobalFilters":false,"incompleteColumns":{}}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"lucene","query":"type : Glutton"},"visualization":{"columns":[{"alignment":"left","columnId":"4b021cd6-0dfb-4e2d-8a7d-b7a566dc729d"},{"alignment":"left","columnId":"a52d52ef-b6e8-409f-b2e5-8002ee6cfc20"}],"headerRowHeight":"single","layerId":"990a08fa-cc1b-4a55-ad94-25f12277f4b1","layerType":"data","paging":{"enabled":true,"size":10},"rowHeight":"single"}},"title":"Glutton Msg - Top 10","visualizationType":"lnsDatatable"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"b35a86dc-43d3-4633-82c9-871d18ff5798","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-990a08fa-cc1b-4a55-ad94-25f12277f4b1","type":"index-pattern"},{"id":"c66acf80-8ebb-11ec-82b5-d375cfa90394","name":"tag-ref-c66acf80-8ebb-11ec-82b5-d375cfa90394","type":"tag"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"}],"sort":[1767638649249,8589935367],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzE2NiwxXQ=="}
{"attributes":{"description":"Glutton Dashboard","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"type : Glutton\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":true,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":37,\"w\":48,\"h\":11,\"i\":\"17\"},\"panelIndex\":\"17\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_17\"},{\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":27,\"w\":12,\"h\":10,\"i\":\"29\"},\"panelIndex\":\"29\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_29\"},{\"type\":\"lens\",\"gridData\":{\"x\":12,\"y\":27,\"w\":12,\"h\":10,\"i\":\"30\"},\"panelIndex\":\"30\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_30\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":66,\"w\":48,\"h\":17,\"i\":\"31\"},\"panelIndex\":\"31\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_31\"},{\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":48,\"w\":24,\"h\":18,\"i\":\"32\"},\"panelIndex\":\"32\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_32\"},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":0,\"w\":14,\"h\":7,\"i\":\"cad09eea-90a5-4d58-9835-da89e2218a95\"},\"panelIndex\":\"cad09eea-90a5-4d58-9835-da89e2218a95\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_cad09eea-90a5-4d58-9835-da89e2218a95\"},{\"type\":\"lens\",\"gridData\":{\"x\":14,\"y\":0,\"w\":10,\"h\":7,\"i\":\"a1994922-6933-450e-987a-dc8ae41a1fb0\"},\"panelIndex\":\"a1994922-6933-450e-987a-dc8ae41a1fb0\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true},\"panelRefName\":\"panel_a1994922-6933-450e-987a-dc8ae41a1fb0\"},{\"type\":\"map\",\"gridData\":{\"x\":24,\"y\":0,\"w\":24,\"h\":17,\"i\":\"653f9810-b8b8-47c7-bd1e-0ef631d5f2e2\"},\"panelIndex\":\"653f9810-b8b8-47c7-bd1e-0ef631d5f2e2\",\"embeddableConfig\":{\"mapCenter\":{\"lat\":36.41063,\"lon\":0.2586,\"zoom\":1.16},\"mapBuffer\":{\"minLon\":-180,\"minLat\":-66.51326,\"maxLon\":180,\"maxLat\":85.05113},\"isLayerTOCOpen\":false,\"openTOCDetails\":[],\"hiddenLayers\":[],\"enhancements\":{}},\"panelRefName\":\"panel_653f9810-b8b8-47c7-bd1e-0ef631d5f2e2\"},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":7,\"w\":24,\"h\":10,\"i\":\"00f8b582-4a35-4548-8320-d11b7b75d041\"},\"panelIndex\":\"00f8b582-4a35-4548-8320-d11b7b75d041\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_00f8b582-4a35-4548-8320-d11b7b75d041\"},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":17,\"w\":12,\"h\":10,\"i\":\"cd6f8ceb-4b26-49ce-97b0-bbdcef95c063\"},\"panelIndex\":\"cd6f8ceb-4b26-49ce-97b0-bbdcef95c063\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_cd6f8ceb-4b26-49ce-97b0-bbdcef95c063\"},{\"type\":\"lens\",\"gridData\":{\"x\":12,\"y\":17,\"w\":18,\"h\":10,\"i\":\"791d2b2b-1ddf-436a-ae43-7fb544e82927\"},\"panelIndex\":\"791d2b2b-1ddf-436a-ae43-7fb544e82927\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_791d2b2b-1ddf-436a-ae43-7fb544e82927\"},{\"type\":\"lens\",\"gridData\":{\"x\":30,\"y\":17,\"w\":18,\"h\":10,\"i\":\"e0137b85-4cdb-404f-94de-30866716065a\"},\"panelIndex\":\"e0137b85-4cdb-404f-94de-30866716065a\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_e0137b85-4cdb-404f-94de-30866716065a\"},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":27,\"w\":12,\"h\":10,\"i\":\"c91c9be1-5191-4ac2-801b-a4457dfd9397\"},\"panelIndex\":\"c91c9be1-5191-4ac2-801b-a4457dfd9397\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_c91c9be1-5191-4ac2-801b-a4457dfd9397\"},{\"type\":\"lens\",\"gridData\":{\"x\":36,\"y\":27,\"w\":12,\"h\":10,\"i\":\"e5a439d8-a9a3-42c3-83d2-5ad754ab0c02\"},\"panelIndex\":\"e5a439d8-a9a3-42c3-83d2-5ad754ab0c02\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_e5a439d8-a9a3-42c3-83d2-5ad754ab0c02\"},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":48,\"w\":16,\"h\":18,\"i\":\"4532c318-755a-4375-afc3-b6e315951a60\"}
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"8d3c9890-e96c-4e94-b8dd-55ac1607b16b":{"columnOrder":["3fd17d29-7987-4814-b340-164300a8a85e","943d675e-cf3c-427e-9cb2-777500927983"],"columns":{"3fd17d29-7987-4814-b340-164300a8a85e":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"Command Line Input","operationType":"terms","params":{"accuracyMode":true,"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"943d675e-cf3c-427e-9cb2-777500927983","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"size":10},"scale":"ordinal","sourceField":"input.keyword"},"943d675e-cf3c-427e-9cb2-777500927983":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Count","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"}},"ignoreGlobalFilters":false,"incompleteColumns":{}}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"kuery","query":"type.keyword:\"Cowrie\""},"visualization":{"columns":[{"alignment":"left","columnId":"943d675e-cf3c-427e-9cb2-777500927983"},{"alignment":"left","columnId":"3fd17d29-7987-4814-b340-164300a8a85e"}],"headerRowHeight":"single","layerId":"8d3c9890-e96c-4e94-b8dd-55ac1607b16b","layerType":"data","paging":{"enabled":true,"size":10},"rowHeight":"single"}},"title":"Cowrie Input - Top 10","visualizationType":"lnsDatatable"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"84932308-8772-43d2-b917-9bf4e56852a7","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-8d3c9890-e96c-4e94-b8dd-55ac1607b16b","type":"index-pattern"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"},{"id":"9fc921b0-8ebb-11ec-82b5-d375cfa90394","name":"tag-ref-9fc921b0-8ebb-11ec-82b5-d375cfa90394","type":"tag"}],"sort":[1767638649249,8589935390],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzE2OCwxXQ=="}
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"c49f56f7-7c9e-4d31-9d1d-a0ad9c1f9201":{"columnOrder":["6e7818ff-43a7-4346-95d6-06f6ec315e64","4c0b2181-0060-46b1-bbce-273387bd4d83"],"columns":{"4c0b2181-0060-46b1-bbce-273387bd4d83":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Count","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"},"6e7818ff-43a7-4346-95d6-06f6ec315e64":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"type.keyword: Descending","operationType":"terms","params":{"accuracyMode":true,"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"4c0b2181-0060-46b1-bbce-273387bd4d83","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"size":10},"scale":"ordinal","sourceField":"type.keyword"}},"ignoreGlobalFilters":false,"incompleteColumns":{}}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"kuery","query":"type : Adbhoney Beelzebub Ciscoasa CitrixHoneypot ConPot Cowrie Ddospot Dicompot Dionaea ElasticPot Endlessh Galah Go-pot Glutton H0neytr4p Hellpot Heralding Honeyaml Honeytrap Honeypots Log4pot Ipphoney Mailoney Medpot Miniprint Redishoneypot Sentrypeer Tanner Wordpot"},"visualization":{"layers":[{"categoryDisplay":"hide","emptySizeRatio":0.3,"layerId":"c49f56f7-7c9e-4d31-9d1d-a0ad9c1f9201","layerType":"data","legendDisplay":"show","legendMaxLines":1,"legendPosition":"right","legendSize":"auto","metrics":["4c0b2181-0060-46b1-bbce-273387bd4d83"],"nestedLegend":false,"numberDisplay":"percent","percentDecimals":0,"primaryGroups":["6e7818ff-43a7-4346-95d6-06f6ec315e64"],"secondaryGroups":[],"showValuesInLegend":true,"truncateLegend":true}],"palette":{"name":"kibana_palette","type":"palette"},"shape":"donut"}},"title":"Attacks by Honeypot","visualizationType":"lnsPie"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"858024aa-6318-460a-9f81-df851da4ef4b","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-c49f56f7-7c9e-4d31-9d1d-a0ad9c1f9201","type":"index-pattern"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"}],"sort":[1767638649249,8589935393],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzE2OSwxXQ=="}
{"attributes":{"color":"#34d279","description":"","name":"Log4pot"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"f1bc97e0-8ebb-11ec-82b5-d375cfa90394","managed":false,"references":[],"sort":[1767638649249,34],"type":"tag","typeMigrationVersion":"8.0.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzM4LDFd"}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"type : Log4Pot\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Log4Pot - HTTP Hostname Pie - Top 10","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Log4Pot - HTTP Hostname Pie - Top 10\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"headers.Host.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true},\"schema\":\"segment\"}],\"params\":{\"addTooltip\":true,\"isDonut\":true,\"legendPosition\":\"right\",\"shareYAxis\":true,\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"type\":\"pie\",\"nestedLegend\":true,\"labels\":{\"show\":false,\"last_level\":false,\"values\":true,\"valuesFormat\":\"percent\",\"percentDecimals\":0,\"truncate\":100,\"position\":\"default\"},\"truncateLegend\":true,\"maxLegendLines\":1,\"legendDisplay\":\"show\",\"emptySizeRatio\":0.3,\"legendSize\":\"auto\"}}"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"85cf0790-5eb2-11ec-a5e0-c39c8f7484bc","managed":false,"references":[{"id":"logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"},{"id":"f1bc97e0-8ebb-11ec-82b5-d375cfa90394","name":"tag-ref-f1bc97e0-8ebb-11ec-82b5-d375cfa90394","type":"tag"}],"sort":[1767638649249,8589935397],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzE3MCwxXQ=="}
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"9aa2a833-5f04-45bf-8c28-fa8dbbb3d757":{"columnOrder":["ba1c2d1e-79d3-4e5b-9ef0-1d1dbb78dcac","44f922a6-5b0e-4727-a4b0-8ee2c53fc2cf"],"columns":{"44f922a6-5b0e-4727-a4b0-8ee2c53fc2cf":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Count","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"},"ba1c2d1e-79d3-4e5b-9ef0-1d1dbb78dcac":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"headers.user-agent.keyword: Descending","operationType":"terms","params":{"accuracyMode":true,"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"44f922a6-5b0e-4727-a4b0-8ee2c53fc2cf","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"size":10},"scale":"ordinal","sourceField":"headers.user-agent.keyword"}},"ignoreGlobalFilters":false,"incompleteColumns":{}}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"kuery","query":"type : Tanner"},"visualization":{"layers":[{"categoryDisplay":"hide","emptySizeRatio":0.3,"layerId":"9aa2a833-5f04-45bf-8c28-fa8dbbb3d757","layerType":"data","legendDisplay":"show","legendMaxLines":1,"legendPosition":"right","legendSize":"auto","metrics":["44f922a6-5b0e-4727-a4b0-8ee2c53fc2cf"],"nestedLegend":true,"numberDisplay":"percent","percentDecimals":0,"primaryGroups":["ba1c2d1e-79d3-4e5b-9ef0-1d1dbb78dcac"],"secondaryGroups":[],"showValuesInLegend":true,"truncateLegend":true}],"palette":{"name":"kibana_palette","type":"palette"},"shape":"donut"}},"title":"Tanner HTTP User Agent Pie - Top 10","visualizationType":"lnsPie"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"87dfa6dc-b30a-4f57-be3f-750bdc4a7e44","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-9aa2a833-5f04-45bf-8c28-fa8dbbb3d757","type":"index-pattern"},{"id":"16459ee0-8ebc-11ec-82b5-d375cfa90394","name":"tag-ref-16459ee0-8ebc-11ec-82b5-d375cfa90394","type":"tag"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"}],"sort":[1767638649249,8589935401],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzE3MSwxXQ=="}
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"d1bbbdd7-5205-49d4-bea4-fbe936b85b51":{"columnOrder":["fa734aad-d3f0-4717-8644-ddc3c90ea1e3","a653bb35-6c43-428f-ad96-9445d8623b65","b254fc9d-899f-42d8-8ee4-2994fc84a632"],"columns":{"a653bb35-6c43-428f-ad96-9445d8623b65":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"Source IP","operationType":"terms","params":{"accuracyMode":true,"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"b254fc9d-899f-42d8-8ee4-2994fc84a632","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"size":5},"scale":"ordinal","sourceField":"src_ip.keyword"},"b254fc9d-899f-42d8-8ee4-2994fc84a632":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Count","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"},"fa734aad-d3f0-4717-8644-ddc3c90ea1e3":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"HASSH","operationType":"terms","params":{"accuracyMode":true,"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"b254fc9d-899f-42d8-8ee4-2994fc84a632","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"size":5},"scale":"ordinal","sourceField":"hassh.keyword"}},"ignoreGlobalFilters":false,"incompleteColumns":{}}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"kuery","query":"type.keyword:\"Cowrie\""},"visualization":{"layers":[{"categoryDisplay":"hide","emptySizeRatio":0.3,"layerId":"d1bbbdd7-5205-49d4-bea4-fbe936b85b51","layerType":"data","legendDisplay":"show","legendMaxLines":1,"legendPosition":"right","legendSize":"auto","metrics":["b254fc9d-899f-42d8-8ee4-2994fc84a632"],"nestedLegend":true,"numberDisplay":"percent","percentDecimals":0,"primaryGroups":["fa734aad-d3f0-4717-8644-ddc3c90ea1e3","a653bb35-6c43-428f-ad96-9445d8623b65"],"secondaryGroups":[],"showValuesInLegend":true,"truncateLegend":true}],"palette":{"name":"kibana_palette","type":"palette"},"shape":"donut"}},"title":"Cowrie - HASSH / IP - Pie","visualizationType":"lnsPie"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"88b0ec2b-7285-4324-ac32-575609c3a1cd","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-d1bbbdd7-5205-49d4-bea4-fbe936b85b51","type":"index-pattern"},{"id":"9fc921b0-8ebb-11ec-82b5-d375cfa90394","name":"tag-ref-9fc921b0-8ebb-11ec-82b5-d375cfa90394","type":"tag"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"}],"sort":[1767638649249,8589935405],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzE3MiwxXQ=="}
{"attributes":{"description":"Adbhoney Dashboard","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"type : Adbhoney\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":true,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"type\":\"lens\",\"gridData\":{\"x\":32,\"y\":27,\"w\":16,\"h\":18,\"i\":\"60\"},\"panelIndex\":\"60\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_60\"},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":0,\"w\":14,\"h\":7,\"i\":\"db297793-e4cf-47fd-b00e-465f127e58ed\"},\"panelIndex\":\"db297793-e4cf-47fd-b00e-465f127e58ed\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_db297793-e4cf-47fd-b00e-465f127e58ed\"},{\"type\":\"lens\",\"gridData\":{\"x\":14,\"y\":0,\"w\":10,\"h\":7,\"i\":\"8475310f-fc95-4fbb-9fdb-aa6d2d87b41f\"},\"panelIndex\":\"8475310f-fc95-4fbb-9fdb-aa6d2d87b41f\",\"embeddableConfig\":{\"attributes\":{\"title\":\"Attacks Dynamic\",\"description\":\"\",\"visualizationType\":\"lnsMetric\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"logstash-*\",\"name\":\"indexpattern-datasource-layer-a3575b87-f059-46f0-8a02-7e287afa4ef5\"},{\"type\":\"index-pattern\",\"id\":\"logstash-*\",\"name\":\"indexpattern-datasource-layer-7be837c5-3404-464c-aef1-3c5a33c0f60b\"}],\"state\":{\"visualization\":{\"layerId\":\"a3575b87-f059-46f0-8a02-7e287afa4ef5\",\"layerType\":\"data\",\"metricAccessor\":\"0959c753-3318-4147-82ea-db6250b91680\",\"showBar\":false,\"trendlineLayerId\":\"7be837c5-3404-464c-aef1-3c5a33c0f60b\",\"trendlineLayerType\":\"metricTrendline\",\"trendlineTimeAccessor\":\"b855d1b9-69cb-4989-a42b-099f5ee778ed\",\"trendlineMetricAccessor\":\"277e3608-ab63-4555-a71f-a99343b5665b\",\"secondaryMetricAccessor\":\"132a2ca5-f458-4fbf-ba20-3f6a5009236f\",\"trendlineSecondaryMetricAccessor\":\"390ca20b-f017-47e4-a099-5a52eefd563d\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"a3575b87-f059-46f0-8a02-7e287afa4ef5\":{\"columns\":{\"0959c753-3318-4147-82ea-db6250b91680\":{\"label\":\"Attacks\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true},\"customLabel\":true},\"132a2ca5-f458-4fbf-ba20-3f6a5009236f\":{\"label\":\"Unique Src IPs\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"src_ip.keyword\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":true},\"customLabel\":true}},\"columnOrder\":[\"0959c753-3318-4147-82ea-db6250b91680\",\"132a2ca5-f458-4fbf-ba20-3f6a5009236f\"],\"sampling\":1,\"ignoreGlobalFilters\":false,\"incompleteColumns\":{}},\"7be837c5-3404-464c-aef1-3c5a33c0f60b\":{\"linkToLayers\":[\"a3575b87-f059-46f0-8a02-7e287afa4ef5\"],\"columns\":{\"b855d1b9-69cb-4989-a42b-099f5ee778ed\":{\"label\":\"@timestamp\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"@timestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\",\"includeEmptyRows\":true,\"dropPartials\":false}},\"277e3608-ab63-4555-a71f-a99343b5665b\":{\"label\":\"Attacks\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true},\"customLabel\":true},\"390ca20b-f017-47e4-a099-5a52eefd563d\":{\"label\":\"Unique Src IPs\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"src_ip.keyword\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":true},\"customLabel\":true}},\"columnOrder\":[\"b855d1b9-69cb-4989-a42b-099f5ee778ed\",\"390ca20b-f017-47e4-a099-5a52eefd563d\",\"277e3608-ab63-4555-a71f-a99343b5665b\"],\"sampling\":1,\"ignoreGlobalFilters\":false,\"incompleteColumns\":{}}}},\"indexpattern\":{\"layers\":{}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{},\"hidePanelTitles\":true},\"panelRefName\":\
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"*\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Payload - Top 10 - Dynamic","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Payload - Top 10 - Dynamic\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Count\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"payload.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Payload\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showToolbar\":false,\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\",\"autoFitRowToContent\":false}}"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"89ec89a0-5eb3-11ec-a5e0-c39c8f7484bc","managed":false,"references":[{"id":"logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"},{"id":"1fab5730-8f49-11ec-98cd-292aebe8beaf","name":"tag-ref-1fab5730-8f49-11ec-98cd-292aebe8beaf","type":"tag"}],"sort":[1767638649249,8589935425],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzE3NCwxXQ=="}
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"c0ccda65-4201-4e2e-b1eb-2f702b20c497":{"columnOrder":["3ebfabea-9bf7-4662-8ae3-26cef80da986","f9811612-ada1-4092-bd38-ba24ca2a0a81"],"columns":{"3ebfabea-9bf7-4662-8ae3-26cef80da986":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"Device Info","operationType":"terms","params":{"accuracyMode":true,"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"f9811612-ada1-4092-bd38-ba24ca2a0a81","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"secondaryFields":[],"size":10},"scale":"ordinal","sourceField":"user_agent_device_info.keyword"},"f9811612-ada1-4092-bd38-ba24ca2a0a81":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Count","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"}},"ignoreGlobalFilters":false,"incompleteColumns":{}}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"kuery","query":"type : Honeyaml"},"visualization":{"layers":[{"categoryDisplay":"hide","emptySizeRatio":0.3,"layerId":"c0ccda65-4201-4e2e-b1eb-2f702b20c497","layerType":"data","legendDisplay":"show","legendMaxLines":1,"legendPosition":"right","legendSize":"auto","metrics":["f9811612-ada1-4092-bd38-ba24ca2a0a81"],"nestedLegend":false,"numberDisplay":"percent","percentDecimals":0,"primaryGroups":["3ebfabea-9bf7-4662-8ae3-26cef80da986"],"secondaryGroups":[],"showValuesInLegend":true,"truncateLegend":true}],"palette":{"name":"kibana_palette","type":"palette"},"shape":"donut"}},"title":"Honeyaml - Device Info - Top 10","visualizationType":"lnsPie"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"fdd37326-23a9-4a07-9a3b-3ebb71e9c461","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-c0ccda65-4201-4e2e-b1eb-2f702b20c497","type":"index-pattern"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"},{"id":"f604f105-6ad6-491a-b6ad-df038df7698d","name":"tag-ref-f604f105-6ad6-491a-b6ad-df038df7698d","type":"tag"}],"sort":[1767638649249,8589935429],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzE3NSwxXQ=="}
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"f5a94802-967f-41f4-8cff-ee049791281f":{"columnOrder":["b59251ab-f883-4762-b23b-4dc33e1df8b8","6c32a844-7489-4493-8a9c-6fd17a2765b3"],"columns":{"6c32a844-7489-4493-8a9c-6fd17a2765b3":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Count","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"},"b59251ab-f883-4762-b23b-4dc33e1df8b8":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"User Agent","operationType":"terms","params":{"accuracyMode":true,"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"6c32a844-7489-4493-8a9c-6fd17a2765b3","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"size":10},"scale":"ordinal","sourceField":"user_agent.keyword"}},"ignoreGlobalFilters":false,"incompleteColumns":{}}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"lucene","query":"*"},"visualization":{"layers":[{"categoryDisplay":"hide","emptySizeRatio":0.3,"layerId":"f5a94802-967f-41f4-8cff-ee049791281f","layerType":"data","legendDisplay":"show","legendMaxLines":1,"legendPosition":"right","legendSize":"auto","metrics":["6c32a844-7489-4493-8a9c-6fd17a2765b3"],"nestedLegend":true,"numberDisplay":"percent","percentDecimals":0,"primaryGroups":["b59251ab-f883-4762-b23b-4dc33e1df8b8"],"secondaryGroups":[],"showValuesInLegend":true,"truncateLegend":true}],"palette":{"name":"kibana_palette","type":"palette"},"shape":"donut"}},"title":"Honeyaml - User Agent - Top 10","visualizationType":"lnsPie"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"f1d0f7cd-fbee-45a5-b7da-bde95edcf1c5","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-f5a94802-967f-41f4-8cff-ee049791281f","type":"index-pattern"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"},{"id":"f604f105-6ad6-491a-b6ad-df038df7698d","name":"tag-ref-f604f105-6ad6-491a-b6ad-df038df7698d","type":"tag"}],"sort":[1767638649249,8589935433],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzE3NiwxXQ=="}
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"f365ef1a-2e14-4805-bd7f-5ece8c46d39f":{"columnOrder":["472ff748-973e-43ef-ab2f-b6f93ed12372","9605c039-4e9c-4922-876b-5f35319c83fd"],"columns":{"472ff748-973e-43ef-ab2f-b6f93ed12372":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"Body Top 10","operationType":"terms","params":{"accuracyMode":true,"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"9605c039-4e9c-4922-876b-5f35319c83fd","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"size":10},"scale":"ordinal","sourceField":"body.keyword"},"9605c039-4e9c-4922-876b-5f35319c83fd":{"dataType":"number","isBucketed":false,"label":"Unique count of body.keyword","operationType":"unique_count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"body.keyword"}},"ignoreGlobalFilters":false,"incompleteColumns":{},"sampling":1}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"kuery","query":"type : Honeyaml"},"visualization":{"layerId":"f365ef1a-2e14-4805-bd7f-5ece8c46d39f","layerType":"data","maxFontSize":18,"minFontSize":15,"orientation":"single","palette":{"name":"kibana_palette","type":"palette"},"showLabel":false,"tagAccessor":"472ff748-973e-43ef-ab2f-b6f93ed12372","valueAccessor":"9605c039-4e9c-4922-876b-5f35319c83fd"}},"title":"Honeyaml - Body Top 10 - Tagcloud","visualizationType":"lnsTagcloud"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"aeeb4baa-e9c3-4094-90ac-67f284859fca","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-f365ef1a-2e14-4805-bd7f-5ece8c46d39f","type":"index-pattern"},{"id":"f604f105-6ad6-491a-b6ad-df038df7698d","name":"tag-ref-f604f105-6ad6-491a-b6ad-df038df7698d","type":"tag"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"}],"sort":[1767638649249,8589935437],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzE3NywxXQ=="}
{"attributes":{"description":"Honeyaml Dashboard","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"type : Honeyaml\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":true,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":0,\"w\":14,\"h\":8,\"i\":\"3702741e-d5b3-41b2-976c-8eccba48b40e\"},\"panelIndex\":\"3702741e-d5b3-41b2-976c-8eccba48b40e\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3702741e-d5b3-41b2-976c-8eccba48b40e\"},{\"type\":\"lens\",\"gridData\":{\"x\":14,\"y\":0,\"w\":10,\"h\":8,\"i\":\"57842038-d16c-4f40-bb89-f2cb3b755b07\"},\"panelIndex\":\"57842038-d16c-4f40-bb89-f2cb3b755b07\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_57842038-d16c-4f40-bb89-f2cb3b755b07\"},{\"type\":\"map\",\"gridData\":{\"x\":24,\"y\":0,\"w\":24,\"h\":18,\"i\":\"c03a63d9-a054-4ce2-aa01-4660b49ae363\"},\"panelIndex\":\"c03a63d9-a054-4ce2-aa01-4660b49ae363\",\"embeddableConfig\":{\"mapCenter\":{\"lat\":33.63243,\"lon\":1.83085,\"zoom\":1.1},\"mapBuffer\":{\"minLon\":-180,\"minLat\":-66.51326,\"maxLon\":180,\"maxLat\":85.05113},\"isLayerTOCOpen\":false,\"openTOCDetails\":[],\"hiddenLayers\":[],\"enhancements\":{}},\"panelRefName\":\"panel_c03a63d9-a054-4ce2-aa01-4660b49ae363\"},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":8,\"w\":24,\"h\":10,\"i\":\"84ec59be-a171-451b-8a1e-0fdb20c0b679\"},\"panelIndex\":\"84ec59be-a171-451b-8a1e-0fdb20c0b679\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_84ec59be-a171-451b-8a1e-0fdb20c0b679\"},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":18,\"w\":12,\"h\":10,\"i\":\"ae4ccfa1-2910-4aa8-804d-013d59baebec\"},\"panelIndex\":\"ae4ccfa1-2910-4aa8-804d-013d59baebec\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_ae4ccfa1-2910-4aa8-804d-013d59baebec\"},{\"type\":\"lens\",\"gridData\":{\"x\":12,\"y\":18,\"w\":18,\"h\":10,\"i\":\"a3e82960-82ed-44b6-9258-f6aa9b90daf6\"},\"panelIndex\":\"a3e82960-82ed-44b6-9258-f6aa9b90daf6\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_a3e82960-82ed-44b6-9258-f6aa9b90daf6\"},{\"type\":\"lens\",\"gridData\":{\"x\":30,\"y\":18,\"w\":18,\"h\":10,\"i\":\"1c8098d9-d977-438e-a391-4dd48a85833a\"},\"panelIndex\":\"1c8098d9-d977-438e-a391-4dd48a85833a\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1c8098d9-d977-438e-a391-4dd48a85833a\"},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":28,\"w\":12,\"h\":10,\"i\":\"bc049442-756f-475e-8285-4c122f02b008\"},\"panelIndex\":\"bc049442-756f-475e-8285-4c122f02b008\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_bc049442-756f-475e-8285-4c122f02b008\"},{\"type\":\"lens\",\"gridData\":{\"x\":12,\"y\":28,\"w\":12,\"h\":10,\"i\":\"ba3d37e9-b66a-49af-84df-f70db83bde07\"},\"panelIndex\":\"ba3d37e9-b66a-49af-84df-f70db83bde07\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_ba3d37e9-b66a-49af-84df-f70db83bde07\"},{\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":28,\"w\":12,\"h\":10,\"i\":\"7c66cab4-2895-459d-bede-b3c18a3cf8c3\"},\"panelIndex\":\"7c66cab4-2895-459d-bede-b3c18a3cf8c3\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7c66cab4-2895-459d-bede-b3c18a3cf8c3\"},{\"type\":\"lens\",\"gridData\":{\"x\":36,\"y\":28,\"w\":12,\"h\":10,\"i\":\"3fd4552b-39e1-4f47-a864-9e7e06caca0f\"},\"panelIndex\":\"3fd4552b-39e1-4f47-a864-9e7e06caca0f\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3fd4552b-39e1-4f47-a864-9e7e06caca0f\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":38,\"w\":24,\"h\":18,\"i\":\"76420417-3aa6-4390-963d-22d92a92120a\"},\"panelIndex\":\"76420417-3aa6-4390-963d-22d92a92120a\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_76420417-3aa6-4390-963d-22d92a92120a\"},{\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":56,\"w\":12,\"h\":18,\"i\":\"5eef8d10-cef0-4474-a11c-1c9762a51800\"},\"panelIndex\":\"5eef8d10-cef0-4474-a11c-1c9762a51800\",\"embeddableConf
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"4444521c-6ae1-4f02-a06f-a8b69abacf2c":{"columnOrder":["b265c40e-38cd-4c74-a7d6-78e1a8e328b9","a801a3e3-760c-416b-8544-1d231fabb5c7","9fcab306-e22a-48fb-9a5d-ff472599af48"],"columns":{"9fcab306-e22a-48fb-9a5d-ff472599af48":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Attacks","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"},"a801a3e3-760c-416b-8544-1d231fabb5c7":{"customLabel":false,"dataType":"string","isBucketed":true,"label":"Top 15 values of type.keyword","operationType":"terms","params":{"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"9fcab306-e22a-48fb-9a5d-ff472599af48","type":"column"},"orderDirection":"desc","otherBucket":true,"parentFormat":{"id":"terms"},"size":15},"scale":"ordinal","sourceField":"type.keyword"},"b265c40e-38cd-4c74-a7d6-78e1a8e328b9":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"Honeypots","operationType":"terms","params":{"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"9fcab306-e22a-48fb-9a5d-ff472599af48","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"size":15},"scale":"ordinal","sourceField":"type.keyword"}},"ignoreGlobalFilters":false,"incompleteColumns":{}}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"kuery","query":"type : Adbhoney Beelzebub Ciscoasa CitrixHoneypot ConPot Cowrie Ddospot Dicompot Dionaea ElasticPot Endlessh Galah Go-pot Glutton H0neytr4p Hellpot Heralding Honeyaml Honeytrap Honeypots Log4pot Ipphoney Mailoney Medpot Miniprint Redishoneypot Sentrypeer Tanner Wordpot"},"visualization":{"axisTitlesVisibilitySettings":{"x":false,"yLeft":false,"yRight":true},"curveType":"LINEAR","fittingFunction":"None","gridlinesVisibilitySettings":{"x":false,"yLeft":false,"yRight":true},"labelsOrientation":{"x":0,"yLeft":0,"yRight":-90},"layers":[{"accessors":["9fcab306-e22a-48fb-9a5d-ff472599af48"],"isHistogram":false,"layerId":"4444521c-6ae1-4f02-a06f-a8b69abacf2c","layerType":"data","palette":{"name":"kibana_palette","type":"palette"},"seriesType":"bar_horizontal_stacked","simpleView":false,"splitAccessor":"a801a3e3-760c-416b-8544-1d231fabb5c7","xAccessor":"b265c40e-38cd-4c74-a7d6-78e1a8e328b9","xScaleType":"ordinal","yConfig":[{"axisMode":"left","forAccessor":"9fcab306-e22a-48fb-9a5d-ff472599af48"}]}],"legend":{"isVisible":false,"legendSize":"auto","maxLines":1,"position":"right","shouldTruncate":true,"showSingleSeries":true},"preferredSeriesType":"bar_horizontal_stacked","tickLabelsVisibilitySettings":{"x":true,"yLeft":true,"yRight":true},"valueLabels":"hide","valuesInLegend":false,"xTitle":"Honeypots","yLeftExtent":{"enforce":true,"mode":"full"},"yLeftScale":"sqrt","yRightScale":"linear","yTitle":""}},"title":"Honeypot Attacks Bar","visualizationType":"lnsXY"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"cdd72903-46b4-4bf9-9c70-873e44358ff2","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-4444521c-6ae1-4f02-a06f-a8b69abacf2c","type":"index-pattern"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"}],"sort":[1767638649249,8589935460],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzE3OSwxXQ=="}
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"9b35566e-c658-4538-a791-1130e07d9907":{"columnOrder":["bcc5ca53-e5bf-4536-bcdb-f0611e3c517c","f3aa005a-7b10-448d-bcf6-9754b5093730","4e001c32-f27e-4d1e-90d5-4b374c3f973d"],"columns":{"4e001c32-f27e-4d1e-90d5-4b374c3f973d":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Attacks","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"},"bcc5ca53-e5bf-4536-bcdb-f0611e3c517c":{"dataType":"string","isBucketed":true,"label":"Top 5 values of type.keyword","operationType":"terms","params":{"accuracyMode":true,"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"4e001c32-f27e-4d1e-90d5-4b374c3f973d","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"size":5},"scale":"ordinal","sourceField":"type.keyword"},"f3aa005a-7b10-448d-bcf6-9754b5093730":{"customLabel":true,"dataType":"date","isBucketed":true,"label":"Timestamp","operationType":"date_histogram","params":{"dropPartials":true,"includeEmptyRows":false,"interval":"auto"},"scale":"interval","sourceField":"@timestamp"}},"ignoreGlobalFilters":false,"incompleteColumns":{}}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"kuery","query":"type : Adbhoney Beelzebub Ciscoasa CitrixHoneypot ConPot Cowrie Ddospot Dicompot Dionaea ElasticPot Endlessh Galah Go-pot Glutton H0neytr4p Hellpot Heralding Honeyaml Honeytrap Honeypots Log4pot Ipphoney Mailoney Medpot Miniprint Redishoneypot Sentrypeer Tanner Wordpot"},"visualization":{"axisTitlesVisibilitySettings":{"x":false,"yLeft":false,"yRight":true},"curveType":"LINEAR","fittingFunction":"Zero","gridlinesVisibilitySettings":{"x":false,"yLeft":false,"yRight":false},"labelsOrientation":{"x":0,"yLeft":0,"yRight":-90},"layers":[{"accessors":["4e001c32-f27e-4d1e-90d5-4b374c3f973d"],"isHistogram":true,"layerId":"9b35566e-c658-4538-a791-1130e07d9907","layerType":"data","palette":{"name":"kibana_palette","type":"palette"},"seriesType":"line","simpleView":false,"splitAccessor":"bcc5ca53-e5bf-4536-bcdb-f0611e3c517c","xAccessor":"f3aa005a-7b10-448d-bcf6-9754b5093730","xScaleType":"time","yConfig":[{"axisMode":"left","forAccessor":"4e001c32-f27e-4d1e-90d5-4b374c3f973d"}]}],"legend":{"isVisible":true,"legendSize":"auto","maxLines":1,"position":"right","shouldTruncate":true,"showSingleSeries":true},"preferredSeriesType":"bar_stacked","showCurrentTimeMarker":false,"tickLabelsVisibilitySettings":{"x":true,"yLeft":true,"yRight":true},"valueLabels":"hide","valuesInLegend":false,"xTitle":"Timestamp","yLeftExtent":{"enforce":true,"mode":"full"},"yLeftScale":"sqrt","yRightScale":"linear","yTitle":""}},"title":"Attacks by Honeypot Histogram","visualizationType":"lnsXY"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"d76f6665-8539-4580-9c91-1c33ae3ffa25","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-9b35566e-c658-4538-a791-1130e07d9907","type":"index-pattern"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"}],"sort":[1767638649249,8589935463],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzE4MCwxXQ=="}
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"ca7d3d49-20bb-4503-9521-8f7555d2873f":{"columnOrder":["8723b06d-7ef1-4504-bc80-50584af4f7d7","361ab6a2-b5e0-4f41-b8ae-8a1e4bfd4650"],"columns":{"361ab6a2-b5e0-4f41-b8ae-8a1e4bfd4650":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Count","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"},"8723b06d-7ef1-4504-bc80-50584af4f7d7":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"Source IP","operationType":"terms","params":{"accuracyMode":true,"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"361ab6a2-b5e0-4f41-b8ae-8a1e4bfd4650","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"size":10},"scale":"ordinal","sourceField":"src_ip.keyword"}},"ignoreGlobalFilters":false,"incompleteColumns":{}}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"kuery","query":"type : Adbhoney Beelzebub Ciscoasa CitrixHoneypot ConPot Cowrie Ddospot Dicompot Dionaea ElasticPot Endlessh Galah Go-pot Glutton H0neytr4p Hellpot Heralding Honeyaml Honeytrap Honeypots Log4pot Ipphoney Mailoney Medpot Miniprint Redishoneypot Sentrypeer Tanner Wordpot"},"visualization":{"columns":[{"alignment":"left","columnId":"361ab6a2-b5e0-4f41-b8ae-8a1e4bfd4650"},{"alignment":"left","columnId":"8723b06d-7ef1-4504-bc80-50584af4f7d7"}],"headerRowHeight":"single","layerId":"ca7d3d49-20bb-4503-9521-8f7555d2873f","layerType":"data","paging":{"enabled":true,"size":10},"rowHeight":"single"}},"title":"Attacker Source IP - Top 10","visualizationType":"lnsDatatable"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"98f9940f-3c53-4755-82d6-e5ae6c9abf29","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-ca7d3d49-20bb-4503-9521-8f7555d2873f","type":"index-pattern"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"}],"sort":[1767638649249,8589935466],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzE4MSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Attacks by Country and Port","uiStateJSON":"{\"vis\":{\"legendOpen\":true}}","version":1,"visState":"{\"title\":\"Attacks by Country and Port\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"geoip.country_name.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"\"},\"schema\":\"split\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"dest_port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"\"},\"schema\":\"segment\"}],\"params\":{\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":false,\"last_level\":true,\"truncate\":10,\"percentDecimals\":0,\"valuesFormat\":\"percent\"},\"row\":false,\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"nestedLegend\":true,\"legendDisplay\":\"hide\",\"legendSize\":\"auto\"}}"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"f1a19000-7ebf-11e7-a286-9f03beba6417","managed":false,"references":[{"id":"Honeypot-Logs","name":"search_0","type":"search"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"}],"sort":[1767638649249,8589935469],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzE4MiwxXQ=="}
{"attributes":{"controlGroupInput":{"chainingSystem":"HIERARCHICAL","controlStyle":"oneLine","ignoreParentSettingsJSON":"{\"ignoreFilters\":false,\"ignoreQuery\":false,\"ignoreTimerange\":false,\"ignoreValidations\":false}","panelsJSON":"{}","showApplySelections":false},"description":"T-Pot Dashboard","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":true,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":25,\"w\":12,\"h\":10,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{\"attributes\":{\"title\":\"P0f OS Distribution (converted)\",\"description\":\"\",\"visualizationType\":\"lnsTagcloud\",\"state\":{\"visualization\":{\"layerId\":\"3809081f-947e-49b2-bbc5-dd3dbff96d79\",\"tagAccessor\":\"d2c68988-355e-446a-8212-8546978858fd\",\"valueAccessor\":\"9032cc7b-5707-4c78-9d55-146f1eddfc07\",\"maxFontSize\":58,\"minFontSize\":18,\"orientation\":\"single\",\"showLabel\":false},\"query\":{\"query\":\"type : P0f\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"3809081f-947e-49b2-bbc5-dd3dbff96d79\":{\"ignoreGlobalFilters\":false,\"columns\":{\"d2c68988-355e-446a-8212-8546978858fd\":{\"label\":\"os.keyword: Descending\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"os.keyword\",\"isBucketed\":true,\"params\":{\"size\":10,\"orderBy\":{\"type\":\"column\",\"columnId\":\"9032cc7b-5707-4c78-9d55-146f1eddfc07\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[\"\\\"???\\\"\"],\"includeIsRegex\":false,\"excludeIsRegex\":true},\"customLabel\":true},\"9032cc7b-5707-4c78-9d55-146f1eddfc07\":{\"label\":\"Count\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true},\"customLabel\":true}},\"columnOrder\":[\"d2c68988-355e-446a-8212-8546978858fd\",\"9032cc7b-5707-4c78-9d55-146f1eddfc07\"],\"incompleteColumns\":{},\"indexPatternId\":\"logstash-*\"}},\"currentIndexPatternId\":\"logstash-*\"},\"indexpattern\":{\"layers\":{}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}},\"references\":[{\"id\":\"logstash-*\",\"name\":\"indexpattern-datasource-layer-3809081f-947e-49b2-bbc5-dd3dbff96d79\",\"type\":\"index-pattern\"}],\"type\":\"lens\"},\"enhancements\":{}},\"panelRefName\":\"panel_9\"},{\"type\":\"lens\",\"gridData\":{\"x\":28,\"y\":59,\"w\":20,\"h\":18,\"i\":\"21\"},\"panelIndex\":\"21\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_21\"},{\"type\":\"lens\",\"gridData\":{\"x\":20,\"y\":59,\"w\":8,\"h\":18,\"i\":\"38\"},\"panelIndex\":\"38\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_38\"},{\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":35,\"w\":24,\"h\":10,\"i\":\"43\"},\"panelIndex\":\"43\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_43\"},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":59,\"w\":12,\"h\":18,\"i\":\"44\"},\"panelIndex\":\"44\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_44\"},{\"type\":\"lens\",\"gridData\":{\"x\":36,\"y\":25,\"w\":12,\"h\":10,\"i\":\"45\"},\"panelIndex\":\"45\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_45\"},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":15,\"w\":16,\"h\":10,\"i\":\"46\"},\"panelIndex\":\"46\",\"embeddableConfig\":{\"enhancements\":{},\"attributes\":{\"savedObjectId\":\"d772f5de-7b59-4046-9863-69b11133642c\",\"title\":\"Attacks by Destination Port Histogram\",\"description\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"id\":\"logstash-*\",\"name\":\"indexpattern-datasource-layer-897405c9-f4c4-4b04-a528-1d8bcc993bc8\",\"type\":\"index-pattern\"}],\"state\":{\"visualization\":{\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":fal
{"attributes":{"columns":[],"description":"","grid":{},"hideChart":false,"isTextBasedQuery":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}},\"require_field_match\":false,\"fragment_size\":2147483647},\"query\":{\"query\":\"type:\\\"Beelzebub\\\"\",\"language\":\"lucene\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"tabs":[{"attributes":{"columns":[],"grid":{},"hideChart":false,"isTextBasedQuery":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}},\"require_field_match\":false,\"fragment_size\":2147483647},\"query\":{\"query\":\"type:\\\"Beelzebub\\\"\",\"language\":\"lucene\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"timeRestore":false},"id":"fe83b2f7-3baf-4fe9-b9c8-e61ab1891288","label":"Untitled"}],"timeRestore":false,"title":"Beelzebub-Logs"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"8dfe9733-2efa-432c-93d5-d95536faae5a","managed":false,"references":[{"id":"logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"0f7e570e-9791-4edf-b252-0bc9c465cb86","name":"tag-ref-0f7e570e-9791-4edf-b252-0bc9c465cb86","type":"tag"}],"sort":[1767638649249,8589935500],"type":"search","typeMigrationVersion":"10.9.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzE4NCwxXQ=="}
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"663de252-8824-4a71-af7a-644eed369a2a":{"columnOrder":["a3a05880-302c-4be7-ab08-0486b94438d8","bbaf09fa-2f14-4f0d-a0cf-99b433e0a6a9"],"columns":{"a3a05880-302c-4be7-ab08-0486b94438d8":{"dataType":"string","isBucketed":true,"label":"Top 10 values of url.keyword","operationType":"terms","params":{"accuracyMode":true,"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"bbaf09fa-2f14-4f0d-a0cf-99b433e0a6a9","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"size":10},"scale":"ordinal","sourceField":"url.keyword"},"bbaf09fa-2f14-4f0d-a0cf-99b433e0a6a9":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Count","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"}},"ignoreGlobalFilters":false,"incompleteColumns":{},"sampling":1}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"kuery","query":"type : Wordpot"},"visualization":{"columns":[{"columnId":"a3a05880-302c-4be7-ab08-0486b94438d8","isMetric":false,"isTransposed":false},{"columnId":"bbaf09fa-2f14-4f0d-a0cf-99b433e0a6a9","isMetric":true,"isTransposed":false}],"layerId":"663de252-8824-4a71-af7a-644eed369a2a","layerType":"data"}},"title":"Wordpot URL - Top 10","visualizationType":"lnsDatatable"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"8e63c41c-6af7-4de3-b633-595449502284","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-663de252-8824-4a71-af7a-644eed369a2a","type":"index-pattern"},{"id":"19822c40-8ebc-11ec-82b5-d375cfa90394","name":"tag-ref-19822c40-8ebc-11ec-82b5-d375cfa90394","type":"tag"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"}],"sort":[1767638649249,8589935504],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzE4NSwxXQ=="}
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"0f45efed-d695-48d9-ac4c-cb6cb78aa997":{"columnOrder":["400cf6bc-1e0d-43d2-b1ac-a81202915495","5b5caf8d-0429-464b-a37d-52a455012362"],"columns":{"400cf6bc-1e0d-43d2-b1ac-a81202915495":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"http_user_agent.keyword: Descending","operationType":"terms","params":{"accuracyMode":true,"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"5b5caf8d-0429-464b-a37d-52a455012362","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"size":5},"scale":"ordinal","sourceField":"http_user_agent.keyword"},"5b5caf8d-0429-464b-a37d-52a455012362":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Count","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"}},"ignoreGlobalFilters":false,"incompleteColumns":{}}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"kuery","query":"type : Hellpot"},"visualization":{"layers":[{"categoryDisplay":"hide","emptySizeRatio":0.3,"layerId":"0f45efed-d695-48d9-ac4c-cb6cb78aa997","layerType":"data","legendDisplay":"show","legendMaxLines":1,"legendPosition":"right","legendSize":"auto","metrics":["5b5caf8d-0429-464b-a37d-52a455012362"],"nestedLegend":false,"numberDisplay":"percent","percentDecimals":0,"primaryGroups":["400cf6bc-1e0d-43d2-b1ac-a81202915495"],"secondaryGroups":[],"showValuesInLegend":true,"truncateLegend":true}],"palette":{"name":"kibana_palette","type":"palette"},"shape":"donut"}},"title":"Hellpot - User Agent","visualizationType":"lnsPie"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"8e8478d5-89f7-4d41-b7d5-1c988c2a129a","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-0f45efed-d695-48d9-ac4c-cb6cb78aa997","type":"index-pattern"},{"id":"ca6de130-8ebb-11ec-82b5-d375cfa90394","name":"tag-ref-ca6de130-8ebb-11ec-82b5-d375cfa90394","type":"tag"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"}],"sort":[1767638649249,8589935508],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzE4NiwxXQ=="}
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"f5a94802-967f-41f4-8cff-ee049791281f":{"columnOrder":["b59251ab-f883-4762-b23b-4dc33e1df8b8","6c32a844-7489-4493-8a9c-6fd17a2765b3"],"columns":{"6c32a844-7489-4493-8a9c-6fd17a2765b3":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Count","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"},"b59251ab-f883-4762-b23b-4dc33e1df8b8":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"http_user_agent.keyword: Descending","operationType":"terms","params":{"accuracyMode":true,"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"6c32a844-7489-4493-8a9c-6fd17a2765b3","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"size":10},"scale":"ordinal","sourceField":"http_user_agent.keyword"}},"ignoreGlobalFilters":false,"incompleteColumns":{}}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"lucene","query":"*"},"visualization":{"layers":[{"categoryDisplay":"hide","emptySizeRatio":0.3,"layerId":"f5a94802-967f-41f4-8cff-ee049791281f","layerType":"data","legendDisplay":"show","legendMaxLines":1,"legendPosition":"right","legendSize":"auto","metrics":["6c32a844-7489-4493-8a9c-6fd17a2765b3"],"nestedLegend":true,"numberDisplay":"percent","percentDecimals":0,"primaryGroups":["b59251ab-f883-4762-b23b-4dc33e1df8b8"],"secondaryGroups":[],"showValuesInLegend":true,"truncateLegend":true}],"palette":{"name":"kibana_palette","type":"palette"},"shape":"donut"}},"title":"User Agent - Top 10 - Dynamic","visualizationType":"lnsPie"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"8ef9cd57-a2d5-4207-b0b3-d27a91817ae7","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-f5a94802-967f-41f4-8cff-ee049791281f","type":"index-pattern"},{"id":"1fab5730-8f49-11ec-98cd-292aebe8beaf","name":"tag-ref-1fab5730-8f49-11ec-98cd-292aebe8beaf","type":"tag"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"}],"sort":[1767638649249,8589935512],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzE4NywxXQ=="}
{"attributes":{"buildNum":92546,"dateFormat:dow":"Monday","defaultIndex":"logstash-*","defaultRoute":"/app/dashboards#/view/8d4e8300-ebde-11e8-9675-1b303bfb38ef","hideAnnouncements":true,"isDefaultIndexMigrated":true,"state:storeInSessionStorage":true,"theme:darkMode":"enabled"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"9.2.3","managed":false,"references":[],"sort":[1767638649249,35],"type":"config","typeMigrationVersion":"10.2.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzM5LDFd"}
{"attributes":{"buildNum":92546,"isDefaultIndexMigrated":true,"showSpaceSolutionTour":false},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"9.2.3","managed":false,"references":[],"sort":[1767638649249,36],"type":"config-global","updated_at":"2026-01-05T18:44:09.249Z","version":"WzQwLDFd"}
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"69332f88-c099-43ec-959b-547325e0a100":{"columnOrder":["7988e238-28d4-4c0d-9189-4d392b13bc5c","9899f9b1-1e11-4a16-a9f4-a18dce8bf8b5"],"columns":{"7988e238-28d4-4c0d-9189-4d392b13bc5c":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"ssh.client.software_version.keyword: Descending","operationType":"terms","params":{"accuracyMode":true,"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"9899f9b1-1e11-4a16-a9f4-a18dce8bf8b5","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"size":10},"scale":"ordinal","sourceField":"ssh.client.software_version.keyword"},"9899f9b1-1e11-4a16-a9f4-a18dce8bf8b5":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Count","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"}},"ignoreGlobalFilters":false,"incompleteColumns":{}}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"kuery","query":"type : Suricata"},"visualization":{"layers":[{"categoryDisplay":"hide","emptySizeRatio":0.3,"layerId":"69332f88-c099-43ec-959b-547325e0a100","layerType":"data","legendDisplay":"show","legendMaxLines":1,"legendPosition":"right","legendSize":"auto","metrics":["9899f9b1-1e11-4a16-a9f4-a18dce8bf8b5"],"nestedLegend":true,"numberDisplay":"percent","percentDecimals":0,"primaryGroups":["7988e238-28d4-4c0d-9189-4d392b13bc5c"],"secondaryGroups":[],"showValuesInLegend":true,"truncateLegend":true}],"palette":{"name":"kibana_palette","type":"palette"},"shape":"donut"}},"title":"Suricata SSH Client Software Version Pie - Top 10","visualizationType":"lnsPie"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"90b3201f-0a03-4c0e-94e9-6ebbc52262b8","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-69332f88-c099-43ec-959b-547325e0a100","type":"index-pattern"},{"id":"1324d6e0-8ebc-11ec-82b5-d375cfa90394","name":"tag-ref-1324d6e0-8ebc-11ec-82b5-d375cfa90394","type":"tag"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"}],"sort":[1767638649249,8589935516],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzE4OCwxXQ=="}
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"be329219-4b49-402f-862f-ce30ea35487c":{"columnOrder":["6feeb95b-3767-4d10-8bf4-62d863abc3b3","a9fdf3eb-c58e-4eb6-92af-64602dc03b64","099e33f7-47c1-4f07-9968-050f9cddc209"],"columns":{"099e33f7-47c1-4f07-9968-050f9cddc209":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Count","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"},"6feeb95b-3767-4d10-8bf4-62d863abc3b3":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"Filename","operationType":"terms","params":{"accuracyMode":true,"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"099e33f7-47c1-4f07-9968-050f9cddc209","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"size":5},"scale":"ordinal","sourceField":"url.keyword"},"a9fdf3eb-c58e-4eb6-92af-64602dc03b64":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"T-Pot Path (/data/cowrie/downloads)","operationType":"terms","params":{"accuracyMode":true,"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"099e33f7-47c1-4f07-9968-050f9cddc209","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"size":5},"scale":"ordinal","sourceField":"outfile.keyword"}},"ignoreGlobalFilters":false,"incompleteColumns":{}}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"kuery","query":"type.keyword:\"Cowrie\""},"visualization":{"columns":[{"alignment":"left","columnId":"099e33f7-47c1-4f07-9968-050f9cddc209"},{"alignment":"left","columnId":"6feeb95b-3767-4d10-8bf4-62d863abc3b3"},{"alignment":"left","columnId":"a9fdf3eb-c58e-4eb6-92af-64602dc03b64"}],"headerRowHeight":"single","layerId":"be329219-4b49-402f-862f-ce30ea35487c","layerType":"data","paging":{"enabled":true,"size":10},"rowHeight":"single"}},"title":"Cowrie - Top URI Downloads","visualizationType":"lnsDatatable"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"93c591a5-bb61-4eb8-8063-ee3f8df929c3","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-be329219-4b49-402f-862f-ce30ea35487c","type":"index-pattern"},{"id":"9fc921b0-8ebb-11ec-82b5-d375cfa90394","name":"tag-ref-9fc921b0-8ebb-11ec-82b5-d375cfa90394","type":"tag"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"}],"sort":[1767638649249,8589935520],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzE4OSwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"type : Fatt\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Fatt RDP Client Name - Top 10","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Fatt RDP Client Name - Top 10\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Count\",\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"fatt_rdp.clientName.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"includeIsRegex\":true,\"excludeIsRegex\":true,\"customLabel\":\"Client Name\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"showToolbar\":false,\"percentageCol\":\"\",\"autoFitRowToContent\":false}}"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"945026a0-86c9-11e9-bb05-e35ae47552fd","managed":false,"references":[{"id":"logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"},{"id":"c2b98750-8ebb-11ec-82b5-d375cfa90394","name":"tag-ref-c2b98750-8ebb-11ec-82b5-d375cfa90394","type":"tag"}],"sort":[1767638649249,8589935524],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzE5MCwxXQ=="}
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"2bf57759-9489-498b-9314-a61b948fe579":{"columnOrder":["7a98f073-97a8-43f4-8703-ec07dd0c77f1","90c37da6-c381-4b4c-8c1e-00783d65ca82"],"columns":{"7a98f073-97a8-43f4-8703-ec07dd0c77f1":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"reason.keyword: Descending","operationType":"terms","params":{"accuracyMode":true,"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"90c37da6-c381-4b4c-8c1e-00783d65ca82","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"size":10},"scale":"ordinal","sourceField":"reason.keyword"},"90c37da6-c381-4b4c-8c1e-00783d65ca82":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Count","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"}},"ignoreGlobalFilters":false,"incompleteColumns":{}}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"kuery","query":"type : Log4Pot"},"visualization":{"layers":[{"categoryDisplay":"hide","emptySizeRatio":0.3,"layerId":"2bf57759-9489-498b-9314-a61b948fe579","layerType":"data","legendDisplay":"show","legendMaxLines":1,"legendPosition":"right","legendSize":"auto","metrics":["90c37da6-c381-4b4c-8c1e-00783d65ca82"],"nestedLegend":true,"numberDisplay":"percent","percentDecimals":0,"primaryGroups":["7a98f073-97a8-43f4-8703-ec07dd0c77f1"],"secondaryGroups":[],"showValuesInLegend":true,"truncateLegend":true}],"palette":{"name":"kibana_palette","type":"palette"},"shape":"donut"}},"title":"Log4Pot - HTTP Reason Pie - Top 10","visualizationType":"lnsPie"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"a658f7a6-ff32-4377-939d-381e4113d48f","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-2bf57759-9489-498b-9314-a61b948fe579","type":"index-pattern"},{"id":"f1bc97e0-8ebb-11ec-82b5-d375cfa90394","name":"tag-ref-f1bc97e0-8ebb-11ec-82b5-d375cfa90394","type":"tag"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"}],"sort":[1767638649249,8589935528],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzE5MSwxXQ=="}
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"ec19a243-eb8d-42b5-a936-e95d616e96e0":{"columnOrder":["8f89871e-742b-4377-8dc9-de8007a58f34","100a50e8-387f-41f1-99e4-74ec31f5ba64"],"columns":{"100a50e8-387f-41f1-99e4-74ec31f5ba64":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Count","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"},"8f89871e-742b-4377-8dc9-de8007a58f34":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"Payload","operationType":"terms","params":{"accuracyMode":true,"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"100a50e8-387f-41f1-99e4-74ec31f5ba64","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"size":10},"scale":"ordinal","sourceField":"payload.keyword"}},"ignoreGlobalFilters":false,"incompleteColumns":{}}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"kuery","query":"*"},"visualization":{"columns":[{"alignment":"left","columnId":"100a50e8-387f-41f1-99e4-74ec31f5ba64"},{"alignment":"left","columnId":"8f89871e-742b-4377-8dc9-de8007a58f34"}],"headerRowHeight":"single","layerId":"ec19a243-eb8d-42b5-a936-e95d616e96e0","layerType":"data","paging":{"enabled":true,"size":10},"rowHeight":"single"}},"title":"Payload - Top 10 - Dynamic","visualizationType":"lnsDatatable"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"f528372e-8078-4ee3-949e-a3f0af0e0777","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-ec19a243-eb8d-42b5-a936-e95d616e96e0","type":"index-pattern"},{"id":"1fab5730-8f49-11ec-98cd-292aebe8beaf","name":"tag-ref-1fab5730-8f49-11ec-98cd-292aebe8beaf","type":"tag"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"}],"sort":[1767638649249,8589935532],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzE5MiwxXQ=="}
{"attributes":{"description":"Log4Pot Dashboard","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"type : Log4Pot\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":true,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":0,\"w\":14,\"h\":8,\"i\":\"19529e74-4c6a-4f64-ba94-de3c4aede65b\"},\"panelIndex\":\"19529e74-4c6a-4f64-ba94-de3c4aede65b\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_19529e74-4c6a-4f64-ba94-de3c4aede65b\"},{\"type\":\"lens\",\"gridData\":{\"x\":14,\"y\":0,\"w\":10,\"h\":8,\"i\":\"a43bbef1-aab3-438c-997a-25300c61e63c\"},\"panelIndex\":\"a43bbef1-aab3-438c-997a-25300c61e63c\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true},\"panelRefName\":\"panel_a43bbef1-aab3-438c-997a-25300c61e63c\"},{\"type\":\"map\",\"gridData\":{\"x\":24,\"y\":0,\"w\":24,\"h\":18,\"i\":\"5409c2f1-75cb-4ef3-8e6d-d57a7a0b44e0\"},\"panelIndex\":\"5409c2f1-75cb-4ef3-8e6d-d57a7a0b44e0\",\"embeddableConfig\":{\"mapCenter\":{\"lat\":20.96144,\"lon\":-12.12891,\"zoom\":2},\"mapBuffer\":{\"minLon\":-180,\"minLat\":-66.51326,\"maxLon\":90,\"maxLat\":66.51326},\"isLayerTOCOpen\":false,\"openTOCDetails\":[],\"hiddenLayers\":[],\"enhancements\":{}},\"panelRefName\":\"panel_5409c2f1-75cb-4ef3-8e6d-d57a7a0b44e0\"},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":8,\"w\":24,\"h\":10,\"i\":\"b3135f14-d0f5-4d2f-8af1-341030f124e4\"},\"panelIndex\":\"b3135f14-d0f5-4d2f-8af1-341030f124e4\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_b3135f14-d0f5-4d2f-8af1-341030f124e4\"},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":18,\"w\":12,\"h\":10,\"i\":\"b451d8ed-08e8-4f3d-b9f6-9ce4f221659b\"},\"panelIndex\":\"b451d8ed-08e8-4f3d-b9f6-9ce4f221659b\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_b451d8ed-08e8-4f3d-b9f6-9ce4f221659b\"},{\"type\":\"visualization\",\"gridData\":{\"x\":12,\"y\":18,\"w\":12,\"h\":10,\"i\":\"ed8fedca-47db-4a4c-9180-cea215f798b2\"},\"panelIndex\":\"ed8fedca-47db-4a4c-9180-cea215f798b2\",\"embeddableConfig\":{\"enhancements\":{},\"vis\":{\"legendOpen\":true}},\"panelRefName\":\"panel_ed8fedca-47db-4a4c-9180-cea215f798b2\"},{\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":18,\"w\":24,\"h\":10,\"i\":\"216de32f-7e50-41be-8b04-837c0e5a11d5\"},\"panelIndex\":\"216de32f-7e50-41be-8b04-837c0e5a11d5\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_216de32f-7e50-41be-8b04-837c0e5a11d5\"},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":28,\"w\":16,\"h\":10,\"i\":\"c93d8988-586e-4018-a734-74774527e0bc\"},\"panelIndex\":\"c93d8988-586e-4018-a734-74774527e0bc\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_c93d8988-586e-4018-a734-74774527e0bc\"},{\"type\":\"lens\",\"gridData\":{\"x\":16,\"y\":28,\"w\":16,\"h\":10,\"i\":\"d742c47a-ed45-4cbf-8d3e-ea63cf411ab6\"},\"panelIndex\":\"d742c47a-ed45-4cbf-8d3e-ea63cf411ab6\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_d742c47a-ed45-4cbf-8d3e-ea63cf411ab6\"},{\"type\":\"lens\",\"gridData\":{\"x\":32,\"y\":28,\"w\":16,\"h\":10,\"i\":\"46a55cf2-a277-4914-9756-4c58b26f2f6d\"},\"panelIndex\":\"46a55cf2-a277-4914-9756-4c58b26f2f6d\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_46a55cf2-a277-4914-9756-4c58b26f2f6d\"},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":38,\"w\":16,\"h\":18,\"i\":\"b9a16f36-c7b6-4db5-a17a-c733c962b58f\"},\"panelIndex\":\"b9a16f36-c7b6-4db5-a17a-c733c962b58f\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_b9a16f36-c7b6-4db5-a17a-c733c962b58f\"},{\"type\":\"lens\",\"gridData\":{\"x\":16,\"y\":38,\"w\":16,\"h\":18,\"i\":\"f0d78a55-f886-4d9d-b476-65a7995479f7\"},\"panelIndex\":\"f0d78a55-f886-4d9d-b476-65a7995479f7\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_f0d78a55-f886-4d9d-b476-65a7995479f7\"},{\"type\":\"lens\",\"gridData\":{\"x\":32,\"y\":38,\"w\":16,\"h\":18,\"i\":\"1df94f07-e48f-4680-8f3f-8253907db786\"},\"panelIndex\":\"1df
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"dea3fb83-71a1-47c4-b972-9307eb9b5bc6":{"columnOrder":["7b2fbb97-9543-4582-94db-ebf650d3d824","5c0c48be-d9b6-4092-901e-dca449010aa3","ebaf6c6b-9a17-44ac-a3f8-7903a0773399"],"columns":{"5c0c48be-d9b6-4092-901e-dca449010aa3":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"Source IP","operationType":"terms","params":{"accuracyMode":true,"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"ebaf6c6b-9a17-44ac-a3f8-7903a0773399","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"size":5},"scale":"ordinal","sourceField":"src_ip.keyword"},"7b2fbb97-9543-4582-94db-ebf650d3d824":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"JA3","operationType":"terms","params":{"accuracyMode":true,"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"ebaf6c6b-9a17-44ac-a3f8-7903a0773399","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"size":5},"scale":"ordinal","sourceField":"tls.ja3.hash.keyword"},"ebaf6c6b-9a17-44ac-a3f8-7903a0773399":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Count","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"}},"ignoreGlobalFilters":false,"incompleteColumns":{}}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"kuery","query":"type : Suricata"},"visualization":{"layers":[{"categoryDisplay":"hide","emptySizeRatio":0.3,"layerId":"dea3fb83-71a1-47c4-b972-9307eb9b5bc6","layerType":"data","legendDisplay":"show","legendMaxLines":1,"legendPosition":"right","legendSize":"auto","metrics":["ebaf6c6b-9a17-44ac-a3f8-7903a0773399"],"nestedLegend":true,"numberDisplay":"percent","percentDecimals":0,"primaryGroups":["7b2fbb97-9543-4582-94db-ebf650d3d824","5c0c48be-d9b6-4092-901e-dca449010aa3"],"secondaryGroups":[],"showValuesInLegend":true,"truncateLegend":true}],"palette":{"name":"kibana_palette","type":"palette"},"shape":"donut"}},"title":"Suricata - IP / JA3 - Pie","visualizationType":"lnsPie"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"979d9852-49cf-4b84-a42c-573600da14f9","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-dea3fb83-71a1-47c4-b972-9307eb9b5bc6","type":"index-pattern"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"},{"id":"1324d6e0-8ebc-11ec-82b5-d375cfa90394","name":"tag-ref-1324d6e0-8ebc-11ec-82b5-d375cfa90394","type":"tag"}],"sort":[1767638649249,8589935552],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzE5NCwxXQ=="}
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"127ca004-eab0-441d-a9ee-18bb76e46e70":{"columnOrder":["87ffcf78-a0d4-4ef0-9e66-76c6ea3ac5ce","6b5b0b57-dde1-468f-8e75-76f88474a2e4"],"columns":{"6b5b0b57-dde1-468f-8e75-76f88474a2e4":{"dataType":"number","isBucketed":false,"label":"Count of user_agent.keyword","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"user_agent.keyword"},"87ffcf78-a0d4-4ef0-9e66-76c6ea3ac5ce":{"dataType":"string","isBucketed":true,"label":"Top 5 values of user_agent.keyword","operationType":"terms","params":{"accuracyMode":true,"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"6b5b0b57-dde1-468f-8e75-76f88474a2e4","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"size":5},"scale":"ordinal","sourceField":"user_agent.keyword"}},"ignoreGlobalFilters":false,"incompleteColumns":{},"sampling":1}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"kuery","query":""},"visualization":{"layers":[{"categoryDisplay":"hide","layerId":"127ca004-eab0-441d-a9ee-18bb76e46e70","layerType":"data","legendDisplay":"show","legendMaxLines":1,"legendPosition":"bottom","metrics":["6b5b0b57-dde1-468f-8e75-76f88474a2e4"],"nestedLegend":false,"numberDisplay":"percent","percentDecimals":0,"primaryGroups":["87ffcf78-a0d4-4ef0-9e66-76c6ea3ac5ce"],"truncateLegend":true}],"shape":"donut"}},"title":"Wordpot UserAgent - Top 5","visualizationType":"lnsPie"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"e11fcc4d-f623-4086-afd7-147e70083a0d","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-127ca004-eab0-441d-a9ee-18bb76e46e70","type":"index-pattern"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"},{"id":"19822c40-8ebc-11ec-82b5-d375cfa90394","name":"tag-ref-19822c40-8ebc-11ec-82b5-d375cfa90394","type":"tag"}],"sort":[1767638649249,8589935556],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzE5NSwxXQ=="}
{"attributes":{"description":"Wordpot Dashboard","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"type : Wordpot\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":true,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":0,\"w\":14,\"h\":7,\"i\":\"12757ddf-f712-4360-8100-5f20ec0c216f\"},\"panelIndex\":\"12757ddf-f712-4360-8100-5f20ec0c216f\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_12757ddf-f712-4360-8100-5f20ec0c216f\"},{\"type\":\"lens\",\"gridData\":{\"x\":14,\"y\":0,\"w\":10,\"h\":7,\"i\":\"d0d772d2-1b34-4b4a-a062-9586339557d5\"},\"panelIndex\":\"d0d772d2-1b34-4b4a-a062-9586339557d5\",\"embeddableConfig\":{\"attributes\":{\"title\":\"Attacks Dynamic\",\"description\":\"\",\"visualizationType\":\"lnsMetric\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"logstash-*\",\"name\":\"indexpattern-datasource-layer-a3575b87-f059-46f0-8a02-7e287afa4ef5\"},{\"type\":\"index-pattern\",\"id\":\"logstash-*\",\"name\":\"indexpattern-datasource-layer-7be837c5-3404-464c-aef1-3c5a33c0f60b\"}],\"state\":{\"visualization\":{\"layerId\":\"a3575b87-f059-46f0-8a02-7e287afa4ef5\",\"layerType\":\"data\",\"metricAccessor\":\"0959c753-3318-4147-82ea-db6250b91680\",\"showBar\":false,\"trendlineLayerId\":\"7be837c5-3404-464c-aef1-3c5a33c0f60b\",\"trendlineLayerType\":\"metricTrendline\",\"trendlineTimeAccessor\":\"b855d1b9-69cb-4989-a42b-099f5ee778ed\",\"trendlineMetricAccessor\":\"277e3608-ab63-4555-a71f-a99343b5665b\",\"secondaryMetricAccessor\":\"132a2ca5-f458-4fbf-ba20-3f6a5009236f\",\"trendlineSecondaryMetricAccessor\":\"390ca20b-f017-47e4-a099-5a52eefd563d\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"a3575b87-f059-46f0-8a02-7e287afa4ef5\":{\"columns\":{\"0959c753-3318-4147-82ea-db6250b91680\":{\"label\":\"Attacks\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true},\"customLabel\":true},\"132a2ca5-f458-4fbf-ba20-3f6a5009236f\":{\"label\":\"Unique Src IPs\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"src_ip.keyword\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":true},\"customLabel\":true}},\"columnOrder\":[\"0959c753-3318-4147-82ea-db6250b91680\",\"132a2ca5-f458-4fbf-ba20-3f6a5009236f\"],\"sampling\":1,\"ignoreGlobalFilters\":false,\"incompleteColumns\":{}},\"7be837c5-3404-464c-aef1-3c5a33c0f60b\":{\"linkToLayers\":[\"a3575b87-f059-46f0-8a02-7e287afa4ef5\"],\"columns\":{\"b855d1b9-69cb-4989-a42b-099f5ee778ed\":{\"label\":\"@timestamp\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"@timestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\",\"includeEmptyRows\":true,\"dropPartials\":false}},\"277e3608-ab63-4555-a71f-a99343b5665b\":{\"label\":\"Attacks\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true},\"customLabel\":true},\"390ca20b-f017-47e4-a099-5a52eefd563d\":{\"label\":\"Unique Src IPs\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"src_ip.keyword\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":true},\"customLabel\":true}},\"columnOrder\":[\"b855d1b9-69cb-4989-a42b-099f5ee778ed\",\"390ca20b-f017-47e4-a099-5a52eefd563d\",\"277e3608-ab63-4555-a71f-a99343b5665b\"],\"sampling\":1,\"ignoreGlobalFilters\":false,\"incompleteColumns\":{}}}},\"indexpattern\":{\"layers\":{}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{},\"hidePanelTitles\":true},\"panelRefName\":\"panel_d0d772d2-1b34-4b4a-a062-9586339557d5\"},{\"type\":\"map\",\"gridData\":{\"x\":24,\"y\":0,\"w\":24,\"h\":17,\"i\":\"9734fb26-44f8-4895-8913-7a63b7213e27\"},\"panelIndex\":\"97
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"2d3aa3fa-d955-45b3-865f-316f7c5e710e":{"columnOrder":["3207b3a6-0b5e-49b8-808d-5f83f4af0560","1929085e-cba7-45a0-9ac0-4c8fe5f1460f"],"columns":{"1929085e-cba7-45a0-9ac0-4c8fe5f1460f":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Count","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"},"3207b3a6-0b5e-49b8-808d-5f83f4af0560":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"fatt_http.userAgent.keyword: Descending","operationType":"terms","params":{"accuracyMode":true,"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"1929085e-cba7-45a0-9ac0-4c8fe5f1460f","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"size":10},"scale":"ordinal","sourceField":"fatt_http.userAgent.keyword"}},"ignoreGlobalFilters":false,"incompleteColumns":{}}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"kuery","query":"type : Fatt"},"visualization":{"layers":[{"categoryDisplay":"hide","emptySizeRatio":0.3,"layerId":"2d3aa3fa-d955-45b3-865f-316f7c5e710e","layerType":"data","legendDisplay":"show","legendMaxLines":1,"legendPosition":"right","legendSize":"auto","metrics":["1929085e-cba7-45a0-9ac0-4c8fe5f1460f"],"nestedLegend":true,"numberDisplay":"percent","percentDecimals":0,"primaryGroups":["3207b3a6-0b5e-49b8-808d-5f83f4af0560"],"secondaryGroups":[],"showValuesInLegend":true,"truncateLegend":true}],"palette":{"name":"kibana_palette","type":"palette"},"shape":"donut"}},"title":"Fatt HTTP User Agent - Top 10","visualizationType":"lnsPie"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"9bbad201-36ef-471a-ae24-dbf739f16a33","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-2d3aa3fa-d955-45b3-865f-316f7c5e710e","type":"index-pattern"},{"id":"c2b98750-8ebb-11ec-82b5-d375cfa90394","name":"tag-ref-c2b98750-8ebb-11ec-82b5-d375cfa90394","type":"tag"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"}],"sort":[1767638649249,8589935579],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzE5NywxXQ=="}
{"attributes":{"columns":["_source"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"type:\\\"Mailoney\\\"\",\"default_field\":\"*\"}},\"language\":\"lucene\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"tabs":[{"attributes":{"columns":["_source"],"hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"type:\\\"Mailoney\\\"\",\"default_field\":\"*\"}},\"language\":\"lucene\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"version":1},"id":"5c3160ab-77eb-4694-bc03-e30161d6f051","label":"Untitled"}],"title":"Mailoney-Logs","version":1},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"9c35dd90-6977-11e7-9c11-8d9c11943fa0","managed":false,"references":[{"id":"logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1767638649249,8589935581],"type":"search","typeMigrationVersion":"10.9.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzE5OCwxXQ=="}
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"5378cbb4-6302-4777-80a7-ace28054523f":{"columnOrder":["1490dcb8-206d-4552-8e04-d29b3fdd0403","bd1740de-4d3d-4b09-813c-a056bd245fa1"],"columns":{"1490dcb8-206d-4552-8e04-d29b3fdd0403":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"Source IP","operationType":"terms","params":{"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"bd1740de-4d3d-4b09-813c-a056bd245fa1","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"size":10},"scale":"ordinal","sourceField":"src_ip.keyword"},"bd1740de-4d3d-4b09-813c-a056bd245fa1":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Count","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"}},"ignoreGlobalFilters":false,"incompleteColumns":{}}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"kuery","query":"type.keyword:\"NGINX\""},"visualization":{"columns":[{"alignment":"left","columnId":"bd1740de-4d3d-4b09-813c-a056bd245fa1"},{"alignment":"left","columnId":"1490dcb8-206d-4552-8e04-d29b3fdd0403"}],"headerRowHeight":"single","layerId":"5378cbb4-6302-4777-80a7-ace28054523f","layerType":"data","paging":{"enabled":true,"size":10},"rowHeight":"single"}},"title":"NGINX Source IP - Top 10","visualizationType":"lnsDatatable"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"9fcdfd6e-245e-4758-bd7e-4a6742276cab","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-5378cbb4-6302-4777-80a7-ace28054523f","type":"index-pattern"},{"id":"0185bb20-8ebc-11ec-82b5-d375cfa90394","name":"tag-ref-0185bb20-8ebc-11ec-82b5-d375cfa90394","type":"tag"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"}],"sort":[1767638649249,8589935585],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzE5OSwxXQ=="}
{"attributes":{"description":"Conpot Dashboard","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"type : ConPot\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":true,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":27,\"w\":12,\"h\":10,\"i\":\"4\"},\"panelIndex\":\"4\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"type\":\"lens\",\"gridData\":{\"x\":12,\"y\":27,\"w\":12,\"h\":10,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":37,\"w\":12,\"h\":18,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"},{\"type\":\"lens\",\"gridData\":{\"x\":36,\"y\":37,\"w\":12,\"h\":18,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_8\"},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":0,\"w\":13,\"h\":7,\"i\":\"69ed73a0-fc0b-4ecc-9a77-2004f45c014f\"},\"panelIndex\":\"69ed73a0-fc0b-4ecc-9a77-2004f45c014f\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_69ed73a0-fc0b-4ecc-9a77-2004f45c014f\"},{\"type\":\"lens\",\"gridData\":{\"x\":13,\"y\":0,\"w\":11,\"h\":7,\"i\":\"cb792255-4796-464f-ad6b-16f1d5279722\"},\"panelIndex\":\"cb792255-4796-464f-ad6b-16f1d5279722\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true},\"panelRefName\":\"panel_cb792255-4796-464f-ad6b-16f1d5279722\"},{\"type\":\"map\",\"gridData\":{\"x\":24,\"y\":0,\"w\":24,\"h\":17,\"i\":\"b91090eb-a671-45e5-bc24-716ea76ed4a3\"},\"panelIndex\":\"b91090eb-a671-45e5-bc24-716ea76ed4a3\",\"embeddableConfig\":{\"mapCenter\":{\"lat\":47.84663,\"lon\":-42.3832,\"zoom\":1.75},\"mapBuffer\":{\"minLon\":-180,\"minLat\":0,\"maxLon\":90,\"maxLat\":85.05113},\"isLayerTOCOpen\":false,\"openTOCDetails\":[],\"hiddenLayers\":[],\"enhancements\":{}},\"panelRefName\":\"panel_b91090eb-a671-45e5-bc24-716ea76ed4a3\"},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":7,\"w\":24,\"h\":10,\"i\":\"56d573ac-996f-4882-b08b-4e9d33466ca5\"},\"panelIndex\":\"56d573ac-996f-4882-b08b-4e9d33466ca5\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_56d573ac-996f-4882-b08b-4e9d33466ca5\"},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":17,\"w\":12,\"h\":10,\"i\":\"fdf6e9c6-cda5-42ff-8b81-f0079db61e30\"},\"panelIndex\":\"fdf6e9c6-cda5-42ff-8b81-f0079db61e30\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_fdf6e9c6-cda5-42ff-8b81-f0079db61e30\"},{\"type\":\"lens\",\"gridData\":{\"x\":12,\"y\":17,\"w\":12,\"h\":10,\"i\":\"19016edd-9b25-4c4c-8e2f-a6349f4c7a52\"},\"panelIndex\":\"19016edd-9b25-4c4c-8e2f-a6349f4c7a52\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_19016edd-9b25-4c4c-8e2f-a6349f4c7a52\"},{\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":17,\"w\":24,\"h\":10,\"i\":\"bd1f5ca8-1846-49aa-af40-b6eab01ce2c5\"},\"panelIndex\":\"bd1f5ca8-1846-49aa-af40-b6eab01ce2c5\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_bd1f5ca8-1846-49aa-af40-b6eab01ce2c5\"},{\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":27,\"w\":24,\"h\":10,\"i\":\"ec4e295e-124d-4c97-a310-a7bd86886f28\"},\"panelIndex\":\"ec4e295e-124d-4c97-a310-a7bd86886f28\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_ec4e295e-124d-4c97-a310-a7bd86886f28\"},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":37,\"w\":12,\"h\":18,\"i\":\"2a5da351-9262-48a5-b626-5dac53483e29\"},\"panelIndex\":\"2a5da351-9262-48a5-b626-5dac53483e29\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2a5da351-9262-48a5-b626-5dac53483e29\"},{\"type\":\"lens\",\"gridData\":{\"x\":12,\"y\":37,\"w\":12,\"h\":18,\"i\":\"9a4ca47b-9738-4617-95fb-e55ca02673ac\"},\"panelIndex\":\"9a4ca47b-9738-4617-95fb-e55ca02673ac\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_9a4ca47b-9738-4617-95fb-e55ca02673ac\"}]","refreshInterval":{"pause":false,"value"
{"attributes":{"columns":["_source"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}},\"require_field_match\":false,\"fragment_size\":2147483647},\"query\":{\"query\":{\"query_string\":{\"query\":\"type:\\\"ConPot\\\"\",\"analyze_wildcard\":true}},\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"tabs":[{"attributes":{"columns":["_source"],"hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}},\"require_field_match\":false,\"fragment_size\":2147483647},\"query\":{\"query\":{\"query_string\":{\"query\":\"type:\\\"ConPot\\\"\",\"analyze_wildcard\":true}},\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"version":1},"id":"efd47eeb-8ec3-44fb-bdd1-c7c3d18d91c7","label":"Untitled"}],"title":"ConPot-Logs","version":1},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"ConPot-Logs","managed":false,"references":[{"id":"logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1767638649249,8589935604],"type":"search","typeMigrationVersion":"10.9.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzIwMSwxXQ=="}
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"243435a5-0b1b-48b0-8be1-152bebfe7501":{"columnOrder":["26daf27d-1845-43f0-b548-6284ab637d6d","55b8df52-7024-45e4-890d-ba9281e8675e"],"columns":{"26daf27d-1845-43f0-b548-6284ab637d6d":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"version.keyword: Descending","operationType":"terms","params":{"accuracyMode":true,"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"55b8df52-7024-45e4-890d-ba9281e8675e","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"size":10},"scale":"ordinal","sourceField":"version.keyword"},"55b8df52-7024-45e4-890d-ba9281e8675e":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Count","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"}},"ignoreGlobalFilters":false,"incompleteColumns":{}}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"kuery","query":"type.keyword:\"Cowrie\""},"visualization":{"layers":[{"categoryDisplay":"hide","emptySizeRatio":0.3,"layerId":"243435a5-0b1b-48b0-8be1-152bebfe7501","layerType":"data","legendDisplay":"show","legendMaxLines":1,"legendPosition":"right","legendSize":"auto","metrics":["55b8df52-7024-45e4-890d-ba9281e8675e"],"nestedLegend":true,"numberDisplay":"percent","percentDecimals":0,"primaryGroups":["26daf27d-1845-43f0-b548-6284ab637d6d"],"secondaryGroups":[],"showValuesInLegend":true,"truncateLegend":true}],"palette":{"name":"kibana_palette","type":"palette"},"shape":"donut"}},"title":"Cowrie Version Pie - Top 10","visualizationType":"lnsPie"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"a28ab49e-1b01-4939-84a2-0a5a234bfbc2","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-243435a5-0b1b-48b0-8be1-152bebfe7501","type":"index-pattern"},{"id":"9fc921b0-8ebb-11ec-82b5-d375cfa90394","name":"tag-ref-9fc921b0-8ebb-11ec-82b5-d375cfa90394","type":"tag"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"}],"sort":[1767638649249,8589935608],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzIwMiwxXQ=="}
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"4b28e527-cced-4861-905d-0fa291e813c6":{"columnOrder":["ff316a38-4d0c-4613-aa80-3ec9a210b7e2","53fa80a0-31a0-4f89-a8d2-0d88ea4baa8d","df824f79-090a-43dd-b210-e153c7dd31dc","31697c44-d210-40c4-bd05-e72973408956"],"columns":{"31697c44-d210-40c4-bd05-e72973408956":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Unique HASSHs","operationType":"unique_count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"hassh.keyword"},"53fa80a0-31a0-4f89-a8d2-0d88ea4baa8d":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Attacks","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"},"df824f79-090a-43dd-b210-e153c7dd31dc":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Unique Src IPs","operationType":"unique_count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"src_ip.keyword"},"ff316a38-4d0c-4613-aa80-3ec9a210b7e2":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"Cowrie","operationType":"terms","params":{"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"53fa80a0-31a0-4f89-a8d2-0d88ea4baa8d","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"size":5},"scale":"ordinal","sourceField":"type.keyword"}},"ignoreGlobalFilters":false,"incompleteColumns":{}}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"lucene","query":{"query_string":{"analyze_wildcard":true,"query":"type:\"Cowrie\""}}},"visualization":{"axisTitlesVisibilitySettings":{"x":false,"yLeft":false,"yRight":true},"curveType":"LINEAR","gridlinesVisibilitySettings":{"x":false,"yLeft":false,"yRight":true},"labelsOrientation":{"x":0,"yLeft":0,"yRight":-90},"layers":[{"accessors":["53fa80a0-31a0-4f89-a8d2-0d88ea4baa8d","df824f79-090a-43dd-b210-e153c7dd31dc","31697c44-d210-40c4-bd05-e72973408956"],"isHistogram":false,"layerId":"4b28e527-cced-4861-905d-0fa291e813c6","layerType":"data","palette":{"name":"kibana_palette","type":"palette"},"seriesType":"bar_horizontal","simpleView":false,"xAccessor":"ff316a38-4d0c-4613-aa80-3ec9a210b7e2","xScaleType":"ordinal","yConfig":[{"axisMode":"left","forAccessor":"53fa80a0-31a0-4f89-a8d2-0d88ea4baa8d"},{"axisMode":"left","forAccessor":"df824f79-090a-43dd-b210-e153c7dd31dc"},{"axisMode":"left","forAccessor":"31697c44-d210-40c4-bd05-e72973408956"}]}],"legend":{"isVisible":true,"legendSize":"auto","maxLines":1,"position":"right","shouldTruncate":true,"showSingleSeries":true},"preferredSeriesType":"bar_stacked","tickLabelsVisibilitySettings":{"x":false,"yLeft":true,"yRight":true},"valueLabels":"show","valuesInLegend":true,"xTitle":"Cowrie","yLeftExtent":{"enforce":true,"mode":"full"},"yLeftScale":"sqrt","yRightScale":"linear","yTitle":"Attacks"}},"title":"Cowrie Attacks Bar","visualizationType":"lnsXY"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"e9d9401e-76e8-4985-8309-32c293352b5d","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-4b28e527-cced-4861-905d-0fa291e813c6","type":"index-pattern"},{"id":"9fc921b0-8ebb-11ec-82b5-d375cfa90394","name":"tag-ref-9fc921b0-8ebb-11ec-82b5-d375cfa90394","type":"tag"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"}],"sort":[1767638649249,8589935612],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzIwMywxXQ=="}
{"attributes":{"description":"Cowrie Dashboard","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"type : Cowrie\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":true,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":8,\"w\":24,\"h\":10,\"i\":\"22\"},\"panelIndex\":\"22\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_22\"},{\"type\":\"lens\",\"gridData\":{\"x\":36,\"y\":28,\"w\":12,\"h\":10,\"i\":\"31\"},\"panelIndex\":\"31\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_31\"},{\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":28,\"w\":12,\"h\":10,\"i\":\"43\"},\"panelIndex\":\"43\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_43\"},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":0,\"w\":14,\"h\":8,\"i\":\"44\"},\"panelIndex\":\"44\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_44\"},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":18,\"w\":16,\"h\":10,\"i\":\"46\"},\"panelIndex\":\"46\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_46\"},{\"type\":\"visualization\",\"gridData\":{\"x\":14,\"y\":0,\"w\":10,\"h\":8,\"i\":\"48\"},\"panelIndex\":\"48\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_48\"},{\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":38,\"w\":24,\"h\":20,\"i\":\"50\"},\"panelIndex\":\"50\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_50\"},{\"type\":\"map\",\"gridData\":{\"x\":24,\"y\":0,\"w\":24,\"h\":18,\"i\":\"42bb14bd-861c-43e0-8df3-607ee17fdf90\"},\"panelIndex\":\"42bb14bd-861c-43e0-8df3-607ee17fdf90\",\"embeddableConfig\":{\"mapCenter\":{\"lat\":33.63243,\"lon\":1.83085,\"zoom\":1.1},\"mapBuffer\":{\"minLon\":-180,\"minLat\":-66.51326,\"maxLon\":180,\"maxLat\":85.05113},\"isLayerTOCOpen\":false,\"openTOCDetails\":[],\"hiddenLayers\":[],\"enhancements\":{}},\"panelRefName\":\"panel_42bb14bd-861c-43e0-8df3-607ee17fdf90\"},{\"type\":\"lens\",\"gridData\":{\"x\":16,\"y\":18,\"w\":16,\"h\":10,\"i\":\"893838be-6be9-4b61-a21c-a7d352f02b12\"},\"panelIndex\":\"893838be-6be9-4b61-a21c-a7d352f02b12\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_893838be-6be9-4b61-a21c-a7d352f02b12\"},{\"type\":\"lens\",\"gridData\":{\"x\":32,\"y\":18,\"w\":16,\"h\":10,\"i\":\"ad82fa70-cf4e-4ad6-8d43-d31170c7738a\"},\"panelIndex\":\"ad82fa70-cf4e-4ad6-8d43-d31170c7738a\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_ad82fa70-cf4e-4ad6-8d43-d31170c7738a\"},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":28,\"w\":12,\"h\":10,\"i\":\"143c8d9e-b972-4efc-adee-a3a6f6ae6211\"},\"panelIndex\":\"143c8d9e-b972-4efc-adee-a3a6f6ae6211\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_143c8d9e-b972-4efc-adee-a3a6f6ae6211\"},{\"type\":\"lens\",\"gridData\":{\"x\":12,\"y\":28,\"w\":12,\"h\":10,\"i\":\"79446302-2e8a-43d6-afba-c170faa2ad02\"},\"panelIndex\":\"79446302-2e8a-43d6-afba-c170faa2ad02\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_79446302-2e8a-43d6-afba-c170faa2ad02\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":38,\"w\":24,\"h\":20,\"i\":\"1b0601b5-0d6d-4733-a2b0-b6d390eddb61\"},\"panelIndex\":\"1b0601b5-0d6d-4733-a2b0-b6d390eddb61\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1b0601b5-0d6d-4733-a2b0-b6d390eddb61\"},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":58,\"w\":24,\"h\":15,\"i\":\"5c91654e-7f7e-4ef3-8cdb-c87303618d72\"},\"panelIndex\":\"5c91654e-7f7e-4ef3-8cdb-c87303618d72\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5c91654e-7f7e-4ef3-8cdb-c87303618d72\"},{\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":58,\"w\":24,\"h\":15,\"i\":\"e6df42dc-a97d-48c2-aab0-d8038f50ad3b\"},\"panelIndex\":\"e6df42dc-a97d-48c2-aab0-d8038f50ad3b\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_e6df42dc-a97d-48c2-aab0-d8038f50ad3b\"},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":73,\"w\":
{"attributes":{"columns":["_source"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}},\"require_field_match\":false,\"fragment_size\":2147483647},\"query\":{\"query\":{\"query_string\":{\"query\":\"type:\\\"Cowrie\\\"\",\"analyze_wildcard\":true}},\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"tabs":[{"attributes":{"columns":["_source"],"hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}},\"require_field_match\":false,\"fragment_size\":2147483647},\"query\":{\"query\":{\"query_string\":{\"query\":\"type:\\\"Cowrie\\\"\",\"analyze_wildcard\":true}},\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"version":1},"id":"7640ea49-4792-4735-bf38-71b3fd28c976","label":"Untitled"}],"title":"Cowrie-Logs","version":1},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"Cowrie-Logs","managed":false,"references":[{"id":"logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1767638649249,8589935637],"type":"search","typeMigrationVersion":"10.9.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzIwNSwxXQ=="}
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"3640a946-588b-4f03-a016-4c9f9366bf62":{"columnOrder":["94168050-4a67-46c2-be73-8e51a168715d","0d3ea41c-7e2b-475f-95b6-7f7a548f4fb2"],"columns":{"0d3ea41c-7e2b-475f-95b6-7f7a548f4fb2":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Count","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"},"94168050-4a67-46c2-be73-8e51a168715d":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"connection.type.keyword: Descending","operationType":"terms","params":{"accuracyMode":true,"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"0d3ea41c-7e2b-475f-95b6-7f7a548f4fb2","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"size":10},"scale":"ordinal","sourceField":"connection.type.keyword"}},"ignoreGlobalFilters":false,"incompleteColumns":{}}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"kuery","query":"type.keyword:\"Dionaea\""},"visualization":{"layers":[{"categoryDisplay":"hide","emptySizeRatio":0.3,"layerId":"3640a946-588b-4f03-a016-4c9f9366bf62","layerType":"data","legendDisplay":"show","legendMaxLines":1,"legendPosition":"right","legendSize":"auto","metrics":["0d3ea41c-7e2b-475f-95b6-7f7a548f4fb2"],"nestedLegend":true,"numberDisplay":"percent","percentDecimals":0,"primaryGroups":["94168050-4a67-46c2-be73-8e51a168715d"],"secondaryGroups":[],"showValuesInLegend":true,"truncateLegend":true}],"palette":{"name":"kibana_palette","type":"palette"},"shape":"donut"}},"title":"Dionaea Type","visualizationType":"lnsPie"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"c8af8104-d955-4e4e-89c0-ce89bb707ce6","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-3640a946-588b-4f03-a016-4c9f9366bf62","type":"index-pattern"},{"id":"ad990d00-8ebb-11ec-82b5-d375cfa90394","name":"tag-ref-ad990d00-8ebb-11ec-82b5-d375cfa90394","type":"tag"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"}],"sort":[1767638649249,8589935641],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzIwNiwxXQ=="}
{"attributes":{"description":"Dionaea Dashboard","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"type : Dionaea\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":true,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"type\":\"lens\",\"gridData\":{\"x\":11,\"y\":17,\"w\":11,\"h\":10,\"i\":\"4\"},\"panelIndex\":\"4\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":27,\"w\":11,\"h\":10,\"i\":\"17\"},\"panelIndex\":\"17\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_17\"},{\"type\":\"lens\",\"gridData\":{\"x\":11,\"y\":27,\"w\":11,\"h\":10,\"i\":\"18\"},\"panelIndex\":\"18\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_18\"},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":0,\"w\":14,\"h\":7,\"i\":\"f7f2ba6f-3215-41f2-9ebb-cb380bc00270\"},\"panelIndex\":\"f7f2ba6f-3215-41f2-9ebb-cb380bc00270\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_f7f2ba6f-3215-41f2-9ebb-cb380bc00270\"},{\"type\":\"lens\",\"gridData\":{\"x\":14,\"y\":0,\"w\":10,\"h\":7,\"i\":\"c184847c-013d-47d6-9050-7bb01128e6b2\"},\"panelIndex\":\"c184847c-013d-47d6-9050-7bb01128e6b2\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true},\"panelRefName\":\"panel_c184847c-013d-47d6-9050-7bb01128e6b2\"},{\"type\":\"map\",\"gridData\":{\"x\":24,\"y\":0,\"w\":24,\"h\":17,\"i\":\"6da61e04-3e60-4e96-bcd9-089acd71d07c\"},\"panelIndex\":\"6da61e04-3e60-4e96-bcd9-089acd71d07c\",\"embeddableConfig\":{\"mapCenter\":{\"lat\":31.52076,\"lon\":2.3214,\"zoom\":1.11},\"mapBuffer\":{\"minLon\":-180,\"minLat\":-66.51326,\"maxLon\":180,\"maxLat\":85.05113},\"isLayerTOCOpen\":false,\"openTOCDetails\":[],\"hiddenLayers\":[],\"enhancements\":{}},\"panelRefName\":\"panel_6da61e04-3e60-4e96-bcd9-089acd71d07c\"},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":7,\"w\":24,\"h\":10,\"i\":\"d27850fa-9f96-4b48-9eec-958f58cc40a3\"},\"panelIndex\":\"d27850fa-9f96-4b48-9eec-958f58cc40a3\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_d27850fa-9f96-4b48-9eec-958f58cc40a3\"},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":17,\"w\":11,\"h\":10,\"i\":\"94274103-21b8-441f-af44-b82e55134f33\"},\"panelIndex\":\"94274103-21b8-441f-af44-b82e55134f33\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_94274103-21b8-441f-af44-b82e55134f33\"},{\"type\":\"lens\",\"gridData\":{\"x\":22,\"y\":17,\"w\":11,\"h\":10,\"i\":\"704551fc-2182-4846-b116-d910fd28fa5e\"},\"panelIndex\":\"704551fc-2182-4846-b116-d910fd28fa5e\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_704551fc-2182-4846-b116-d910fd28fa5e\"},{\"type\":\"lens\",\"gridData\":{\"x\":33,\"y\":17,\"w\":15,\"h\":10,\"i\":\"5bb0cb54-f63d-4078-a634-88a28b5064f1\"},\"panelIndex\":\"5bb0cb54-f63d-4078-a634-88a28b5064f1\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5bb0cb54-f63d-4078-a634-88a28b5064f1\"},{\"type\":\"lens\",\"gridData\":{\"x\":22,\"y\":27,\"w\":11,\"h\":10,\"i\":\"c0dc8493-55b0-42f9-a059-5dbf371722c3\"},\"panelIndex\":\"c0dc8493-55b0-42f9-a059-5dbf371722c3\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_c0dc8493-55b0-42f9-a059-5dbf371722c3\"},{\"type\":\"lens\",\"gridData\":{\"x\":33,\"y\":27,\"w\":15,\"h\":10,\"i\":\"3f5b5c04-bf5a-4abb-ab44-e4b1ff329340\"},\"panelIndex\":\"3f5b5c04-bf5a-4abb-ab44-e4b1ff329340\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3f5b5c04-bf5a-4abb-ab44-e4b1ff329340\"},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":37,\"w\":24,\"h\":15,\"i\":\"95c9e110-d666-4a6d-9c8b-ba2219e5ad5b\"},\"panelIndex\":\"95c9e110-d666-4a6d-9c8b-ba2219e5ad5b\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_95c9e110-d666-4a6d-9c8b-ba2219e5ad5b\"},{\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":37,\"w\":24,\"h\":15,\"i\":\"51a388b6-e8f6-44db-925e-92c66ada0d63\"},\"panelIndex\":\"51a388b6-e8f6-44db-925e-92c66ada0d63\",\"embeddableConfig\":{\"enhanc
{"attributes":{"columns":["_source"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}},\"require_field_match\":false,\"fragment_size\":2147483647},\"query\":{\"query\":{\"query_string\":{\"query\":\"type:\\\"Dionaea\\\"\",\"analyze_wildcard\":true}},\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"tabs":[{"attributes":{"columns":["_source"],"hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}},\"require_field_match\":false,\"fragment_size\":2147483647},\"query\":{\"query\":{\"query_string\":{\"query\":\"type:\\\"Dionaea\\\"\",\"analyze_wildcard\":true}},\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"version":1},"id":"608ed375-eb79-4513-9b1b-704b3c954452","label":"Untitled"}],"title":"Dionaea-Logs","version":1},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"Dionaea-Logs","managed":false,"references":[{"id":"logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1767638649249,8589935662],"type":"search","typeMigrationVersion":"10.9.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzIwOCwxXQ=="}
{"attributes":{"description":"ElasticPot Dashboard","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"type : ElasticPot\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":true,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"type\":\"lens\",\"gridData\":{\"x\":28,\"y\":37,\"w\":20,\"h\":17,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_9\"},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":0,\"w\":14,\"h\":7,\"i\":\"2176062e-639f-4d44-a055-eae424ab9d8f\"},\"panelIndex\":\"2176062e-639f-4d44-a055-eae424ab9d8f\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2176062e-639f-4d44-a055-eae424ab9d8f\"},{\"type\":\"lens\",\"gridData\":{\"x\":14,\"y\":0,\"w\":10,\"h\":7,\"i\":\"6b991f81-95a1-4727-8b59-0cdcdbbbe6c1\"},\"panelIndex\":\"6b991f81-95a1-4727-8b59-0cdcdbbbe6c1\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true},\"panelRefName\":\"panel_6b991f81-95a1-4727-8b59-0cdcdbbbe6c1\"},{\"type\":\"map\",\"gridData\":{\"x\":24,\"y\":0,\"w\":24,\"h\":17,\"i\":\"ea8593fd-610d-4d27-8662-186aade8f9c9\"},\"panelIndex\":\"ea8593fd-610d-4d27-8662-186aade8f9c9\",\"embeddableConfig\":{\"mapCenter\":{\"lat\":46.11523,\"lon\":-2.99215,\"zoom\":1.15},\"mapBuffer\":{\"minLon\":-180,\"minLat\":-66.51326,\"maxLon\":180,\"maxLat\":85.05113},\"isLayerTOCOpen\":false,\"openTOCDetails\":[],\"hiddenLayers\":[],\"enhancements\":{}},\"panelRefName\":\"panel_ea8593fd-610d-4d27-8662-186aade8f9c9\"},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":7,\"w\":24,\"h\":10,\"i\":\"bb015908-5800-4643-83fb-5335f096dc09\"},\"panelIndex\":\"bb015908-5800-4643-83fb-5335f096dc09\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_bb015908-5800-4643-83fb-5335f096dc09\"},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":17,\"w\":12,\"h\":10,\"i\":\"3661753a-f79f-4479-8164-c2b3a3c782f9\"},\"panelIndex\":\"3661753a-f79f-4479-8164-c2b3a3c782f9\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3661753a-f79f-4479-8164-c2b3a3c782f9\"},{\"type\":\"lens\",\"gridData\":{\"x\":12,\"y\":17,\"w\":12,\"h\":10,\"i\":\"0a30f52f-f6dc-4a56-a04a-70d80d98c61b\"},\"panelIndex\":\"0a30f52f-f6dc-4a56-a04a-70d80d98c61b\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0a30f52f-f6dc-4a56-a04a-70d80d98c61b\"},{\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":17,\"w\":24,\"h\":10,\"i\":\"9e1ac81e-fae8-4072-94a7-8a77ca8c3320\"},\"panelIndex\":\"9e1ac81e-fae8-4072-94a7-8a77ca8c3320\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_9e1ac81e-fae8-4072-94a7-8a77ca8c3320\"},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":27,\"w\":16,\"h\":10,\"i\":\"adde7ab2-138c-4a5a-b135-7df39a54089a\"},\"panelIndex\":\"adde7ab2-138c-4a5a-b135-7df39a54089a\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_adde7ab2-138c-4a5a-b135-7df39a54089a\"},{\"type\":\"lens\",\"gridData\":{\"x\":16,\"y\":27,\"w\":16,\"h\":10,\"i\":\"3e583d0a-7735-44e4-b831-5adbca69bab3\"},\"panelIndex\":\"3e583d0a-7735-44e4-b831-5adbca69bab3\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3e583d0a-7735-44e4-b831-5adbca69bab3\"},{\"type\":\"lens\",\"gridData\":{\"x\":32,\"y\":27,\"w\":16,\"h\":10,\"i\":\"1df60dd4-b0f8-47cb-842a-1ed5300db775\"},\"panelIndex\":\"1df60dd4-b0f8-47cb-842a-1ed5300db775\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1df60dd4-b0f8-47cb-842a-1ed5300db775\"},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":37,\"w\":16,\"h\":17,\"i\":\"1952f50d-9360-4d63-8ee8-fb5c622313f8\"},\"panelIndex\":\"1952f50d-9360-4d63-8ee8-fb5c622313f8\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1952f50d-9360-4d63-8ee8-fb5c622313f8\"},{\"type\":\"lens\",\"gridData\":{\"x\":16,\"y\":37,\"w\":12,\"h\":17,\"i\":\"10fc7c1b-30ab-4653-b6cd-88cdf9d7377f\"},\"panelIndex\":\"10fc7c1b-30ab-4653-b6cd-88cdf9d7377f\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_10fc7c1b-30ab-4653-b6cd-88cdf9d
{"attributes":{"columns":["_source"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}},\"require_field_match\":false,\"fragment_size\":2147483647},\"query\":{\"query\":{\"query_string\":{\"query\":\"type:\\\"ElasticPot\\\"\",\"analyze_wildcard\":true}},\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"tabs":[{"attributes":{"columns":["_source"],"hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}},\"require_field_match\":false,\"fragment_size\":2147483647},\"query\":{\"query\":{\"query_string\":{\"query\":\"type:\\\"ElasticPot\\\"\",\"analyze_wildcard\":true}},\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"version":1},"id":"1ce69caa-c1bc-4855-b0ac-8a3ca86e08b1","label":"Untitled"}],"title":"ElasticPot-Logs","version":1},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"ElasticPot-Logs","managed":false,"references":[{"id":"logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1767638649249,8589935680],"type":"search","typeMigrationVersion":"10.9.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzIxMCwxXQ=="}
{"attributes":{"description":"Honeytrap Dashboard","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"type : Honeytrap\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":true,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":27,\"w\":24,\"h\":10,\"i\":\"14\"},\"panelIndex\":\"14\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_14\"},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":0,\"w\":14,\"h\":7,\"i\":\"459cd725-77c7-4cdc-8302-9c9bf9723c1a\"},\"panelIndex\":\"459cd725-77c7-4cdc-8302-9c9bf9723c1a\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_459cd725-77c7-4cdc-8302-9c9bf9723c1a\"},{\"type\":\"lens\",\"gridData\":{\"x\":14,\"y\":0,\"w\":10,\"h\":7,\"i\":\"43b945e5-674d-4398-92dd-4b50a161b0b4\"},\"panelIndex\":\"43b945e5-674d-4398-92dd-4b50a161b0b4\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_43b945e5-674d-4398-92dd-4b50a161b0b4\"},{\"type\":\"map\",\"gridData\":{\"x\":24,\"y\":0,\"w\":24,\"h\":17,\"i\":\"bb655c21-f03d-41a6-97fa-826e9954e7fa\"},\"panelIndex\":\"bb655c21-f03d-41a6-97fa-826e9954e7fa\",\"embeddableConfig\":{\"mapCenter\":{\"lat\":25.79822,\"lon\":8.69,\"zoom\":0.96},\"mapBuffer\":{\"minLon\":-180,\"minLat\":-85.05113,\"maxLon\":360,\"maxLat\":85.05113},\"isLayerTOCOpen\":false,\"openTOCDetails\":[],\"hiddenLayers\":[],\"enhancements\":{}},\"panelRefName\":\"panel_bb655c21-f03d-41a6-97fa-826e9954e7fa\"},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":7,\"w\":24,\"h\":10,\"i\":\"7100ad71-5a1b-418f-bf9a-8ab4ae491b80\"},\"panelIndex\":\"7100ad71-5a1b-418f-bf9a-8ab4ae491b80\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7100ad71-5a1b-418f-bf9a-8ab4ae491b80\"},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":17,\"w\":12,\"h\":10,\"i\":\"172fa533-43d0-43ed-bda2-8f9e9c8e09e0\"},\"panelIndex\":\"172fa533-43d0-43ed-bda2-8f9e9c8e09e0\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_172fa533-43d0-43ed-bda2-8f9e9c8e09e0\"},{\"type\":\"lens\",\"gridData\":{\"x\":12,\"y\":17,\"w\":18,\"h\":10,\"i\":\"c3f45930-a42c-4dd8-8107-baf25c7bd8fc\"},\"panelIndex\":\"c3f45930-a42c-4dd8-8107-baf25c7bd8fc\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_c3f45930-a42c-4dd8-8107-baf25c7bd8fc\"},{\"type\":\"lens\",\"gridData\":{\"x\":30,\"y\":17,\"w\":18,\"h\":10,\"i\":\"2aafbf65-a420-481f-9b1e-20c5a0c58f18\"},\"panelIndex\":\"2aafbf65-a420-481f-9b1e-20c5a0c58f18\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2aafbf65-a420-481f-9b1e-20c5a0c58f18\"},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":27,\"w\":12,\"h\":10,\"i\":\"a2896e51-b558-480a-b7ca-8ef3335edde3\"},\"panelIndex\":\"a2896e51-b558-480a-b7ca-8ef3335edde3\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_a2896e51-b558-480a-b7ca-8ef3335edde3\"},{\"type\":\"lens\",\"gridData\":{\"x\":12,\"y\":27,\"w\":12,\"h\":10,\"i\":\"08aaa7f8-8368-4f0d-b046-5569409f4365\"},\"panelIndex\":\"08aaa7f8-8368-4f0d-b046-5569409f4365\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_08aaa7f8-8368-4f0d-b046-5569409f4365\"},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":37,\"w\":24,\"h\":18,\"i\":\"7502d7ca-2d2f-432b-966b-002ac89bc3f3\"},\"panelIndex\":\"7502d7ca-2d2f-432b-966b-002ac89bc3f3\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7502d7ca-2d2f-432b-966b-002ac89bc3f3\"},{\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":37,\"w\":24,\"h\":18,\"i\":\"6c9df17a-26b0-40b4-a06b-abb4eafb8346\"},\"panelIndex\":\"6c9df17a-26b0-40b4-a06b-abb4eafb8346\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6c9df17a-26b0-40b4-a06b-abb4eafb8346\"}]","refreshInterval":{"pause":false,"value":60000},"timeFrom":"now-24h","timeRestore":true,"timeTo":"now","title":"Honeytrap","version":1},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"Honeytrap","managed":false,"references":[{"id":"2083978d-e4e
{"attributes":{"columns":["_source"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}},\"require_field_match\":false,\"fragment_size\":2147483647},\"query\":{\"query\":{\"query_string\":{\"query\":\"type:\\\"Honeytrap\\\"\",\"analyze_wildcard\":true}},\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"tabs":[{"attributes":{"columns":["_source"],"hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}},\"require_field_match\":false,\"fragment_size\":2147483647},\"query\":{\"query\":{\"query_string\":{\"query\":\"type:\\\"Honeytrap\\\"\",\"analyze_wildcard\":true}},\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"version":1},"id":"e038849b-353c-4946-98a0-a3d39d14d5b4","label":"Untitled"}],"title":"Honeytrap-Logs","version":1},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"Honeytrap-Logs","managed":false,"references":[{"id":"logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1767638649249,8589935697],"type":"search","typeMigrationVersion":"10.9.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzIxMiwxXQ=="}
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"fe8b2d06-c568-48e0-b1f8-592be1248a96":{"columnOrder":["739b4113-dfeb-42be-92b5-9340da7d7400","8e265baa-936c-4dc2-bf43-15688d6d1fb9","24fb6f1b-4ae9-4c59-a1e3-3b1dab637574"],"columns":{"24fb6f1b-4ae9-4c59-a1e3-3b1dab637574":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Unique Src IPs","operationType":"unique_count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"src_ip.keyword"},"739b4113-dfeb-42be-92b5-9340da7d7400":{"customLabel":true,"dataType":"date","isBucketed":true,"label":"Timestamp","operationType":"date_histogram","params":{"dropPartials":true,"includeEmptyRows":false,"interval":"auto"},"scale":"interval","sourceField":"@timestamp"},"8e265baa-936c-4dc2-bf43-15688d6d1fb9":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Events","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"}},"ignoreGlobalFilters":false,"incompleteColumns":{}}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"kuery","query":"type : NGINX"},"visualization":{"axisTitlesVisibilitySettings":{"x":false,"yLeft":false,"yRight":true},"curveType":"LINEAR","fittingFunction":"Zero","gridlinesVisibilitySettings":{"x":false,"yLeft":false,"yRight":true},"labelsOrientation":{"x":0,"yLeft":0,"yRight":-90},"layers":[{"accessors":["8e265baa-936c-4dc2-bf43-15688d6d1fb9","24fb6f1b-4ae9-4c59-a1e3-3b1dab637574"],"isHistogram":true,"layerId":"fe8b2d06-c568-48e0-b1f8-592be1248a96","layerType":"data","palette":{"name":"kibana_palette","type":"palette"},"seriesType":"line","simpleView":false,"xAccessor":"739b4113-dfeb-42be-92b5-9340da7d7400","xScaleType":"time","yConfig":[{"axisMode":"left","forAccessor":"8e265baa-936c-4dc2-bf43-15688d6d1fb9"},{"axisMode":"left","forAccessor":"24fb6f1b-4ae9-4c59-a1e3-3b1dab637574"}]}],"legend":{"isVisible":true,"legendSize":"auto","maxLines":1,"position":"right","shouldTruncate":true,"showSingleSeries":true},"preferredSeriesType":"bar_stacked","showCurrentTimeMarker":false,"tickLabelsVisibilitySettings":{"x":true,"yLeft":true,"yRight":true},"valueLabels":"hide","valuesInLegend":false,"xTitle":"Timestamp","yLeftExtent":{"enforce":true,"mode":"full"},"yLeftScale":"sqrt","yRightScale":"linear","yTitle":""}},"title":"NGINX Events Histogram","visualizationType":"lnsXY"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"aba07c94-4fa5-4929-bc8b-0e29b97cae10","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-fe8b2d06-c568-48e0-b1f8-592be1248a96","type":"index-pattern"},{"id":"0185bb20-8ebc-11ec-82b5-d375cfa90394","name":"tag-ref-0185bb20-8ebc-11ec-82b5-d375cfa90394","type":"tag"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"}],"sort":[1767638649249,8589935701],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzIxMywxXQ=="}
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"a86f7df6-b43e-4354-9923-30887b07c180":{"columnOrder":["bb9480f6-b7ab-4be8-9ee4-ab472755f47c","6d7fb1f2-afbc-43f7-bfe7-263439030db3"],"columns":{"6d7fb1f2-afbc-43f7-bfe7-263439030db3":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Count","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"},"bb9480f6-b7ab-4be8-9ee4-ab472755f47c":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"request_method.keyword: Descending","operationType":"terms","params":{"accuracyMode":true,"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"6d7fb1f2-afbc-43f7-bfe7-263439030db3","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"size":10},"scale":"ordinal","sourceField":"request_method.keyword"}},"ignoreGlobalFilters":false,"incompleteColumns":{}}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"kuery","query":"type : NGINX"},"visualization":{"layers":[{"categoryDisplay":"hide","emptySizeRatio":0.3,"layerId":"a86f7df6-b43e-4354-9923-30887b07c180","layerType":"data","legendDisplay":"show","legendMaxLines":1,"legendPosition":"right","legendSize":"auto","metrics":["6d7fb1f2-afbc-43f7-bfe7-263439030db3"],"nestedLegend":true,"numberDisplay":"percent","percentDecimals":0,"primaryGroups":["bb9480f6-b7ab-4be8-9ee4-ab472755f47c"],"secondaryGroups":[],"showValuesInLegend":true,"truncateLegend":true}],"palette":{"name":"kibana_palette","type":"palette"},"shape":"donut"}},"title":"NGINX HTTP Method Pie - Top 10","visualizationType":"lnsPie"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"ee6b007a-5812-41c0-ad23-0dc19fe982b6","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-a86f7df6-b43e-4354-9923-30887b07c180","type":"index-pattern"},{"id":"0185bb20-8ebc-11ec-82b5-d375cfa90394","name":"tag-ref-0185bb20-8ebc-11ec-82b5-d375cfa90394","type":"tag"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"}],"sort":[1767638649249,8589935705],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzIxNCwxXQ=="}
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"46665d69-712f-474b-841f-38e6d12c72a5":{"columnOrder":["1e77a2f7-3336-4eee-956d-179435cd8e59","82ccd43b-d671-4f41-a244-1c564e1205e4"],"columns":{"1e77a2f7-3336-4eee-956d-179435cd8e59":{"customLabel":true,"dataType":"number","isBucketed":true,"label":"status: Descending","operationType":"terms","params":{"accuracyMode":true,"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"82ccd43b-d671-4f41-a244-1c564e1205e4","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"size":10},"scale":"ordinal","sourceField":"status"},"82ccd43b-d671-4f41-a244-1c564e1205e4":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Count","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"}},"ignoreGlobalFilters":false,"incompleteColumns":{}}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"kuery","query":"type.keyword:\"NGINX\""},"visualization":{"layers":[{"categoryDisplay":"hide","emptySizeRatio":0.3,"layerId":"46665d69-712f-474b-841f-38e6d12c72a5","layerType":"data","legendDisplay":"show","legendMaxLines":1,"legendPosition":"right","legendSize":"auto","metrics":["82ccd43b-d671-4f41-a244-1c564e1205e4"],"nestedLegend":true,"numberDisplay":"percent","percentDecimals":0,"primaryGroups":["1e77a2f7-3336-4eee-956d-179435cd8e59"],"secondaryGroups":[],"showValuesInLegend":true,"truncateLegend":true}],"palette":{"name":"kibana_palette","type":"palette"},"shape":"donut"}},"title":"NGINX HTTP Status Code Pie - Top 10","visualizationType":"lnsPie"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"fec8aeab-83ac-42e3-81a8-36eac44a056f","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-46665d69-712f-474b-841f-38e6d12c72a5","type":"index-pattern"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"},{"id":"0185bb20-8ebc-11ec-82b5-d375cfa90394","name":"tag-ref-0185bb20-8ebc-11ec-82b5-d375cfa90394","type":"tag"}],"sort":[1767638649249,8589935709],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzIxNSwxXQ=="}
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"b3bfd297-5d09-4102-abe0-a59e5f0eb2c0":{"columnOrder":["9e2857a2-4c1c-4c12-b6af-84ec18afd379","8b746c79-c052-48d0-b2d4-4ed86ac5060f"],"columns":{"8b746c79-c052-48d0-b2d4-4ed86ac5060f":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Count","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"},"9e2857a2-4c1c-4c12-b6af-84ec18afd379":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"remote_user.keyword: Descending","operationType":"terms","params":{"accuracyMode":true,"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"8b746c79-c052-48d0-b2d4-4ed86ac5060f","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"size":10},"scale":"ordinal","sourceField":"remote_user.keyword"}},"ignoreGlobalFilters":false,"incompleteColumns":{}}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"kuery","query":"type : NGINX"},"visualization":{"layerId":"b3bfd297-5d09-4102-abe0-a59e5f0eb2c0","layerType":"data","maxFontSize":64,"minFontSize":16,"orientation":"single","palette":{"name":"kibana_palette","type":"palette"},"showLabel":false,"tagAccessor":"9e2857a2-4c1c-4c12-b6af-84ec18afd379","valueAccessor":"8b746c79-c052-48d0-b2d4-4ed86ac5060f"}},"title":"NGINX Username Tagcloud","visualizationType":"lnsTagcloud"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"d8f6e553-561c-450b-bf69-1430cef1d45f","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-b3bfd297-5d09-4102-abe0-a59e5f0eb2c0","type":"index-pattern"},{"id":"0185bb20-8ebc-11ec-82b5-d375cfa90394","name":"tag-ref-0185bb20-8ebc-11ec-82b5-d375cfa90394","type":"tag"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"}],"sort":[1767638649249,8589935713],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzIxNiwxXQ=="}
{"attributes":{"description":"NGINX Dashboard","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"type : NGINX\",\"language\":\"lucene\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":true,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":7,\"w\":24,\"h\":10,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"type\":\"lens\",\"gridData\":{\"x\":12,\"y\":27,\"w\":12,\"h\":10,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3\"},{\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":27,\"w\":12,\"h\":10,\"i\":\"4\"},\"panelIndex\":\"4\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4\"},{\"type\":\"lens\",\"gridData\":{\"x\":36,\"y\":27,\"w\":12,\"h\":10,\"i\":\"5\"},\"panelIndex\":\"5\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5\"},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":17,\"w\":16,\"h\":10,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6\"},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":37,\"w\":24,\"h\":17,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"},{\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":37,\"w\":24,\"h\":17,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_8\"},{\"type\":\"lens\",\"gridData\":{\"x\":32,\"y\":17,\"w\":16,\"h\":10,\"i\":\"13\"},\"panelIndex\":\"13\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_13\"},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":27,\"w\":12,\"h\":10,\"i\":\"14\"},\"panelIndex\":\"14\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_14\"},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":0,\"w\":14,\"h\":7,\"i\":\"15\"},\"panelIndex\":\"15\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_15\"},{\"type\":\"lens\",\"gridData\":{\"x\":16,\"y\":17,\"w\":16,\"h\":10,\"i\":\"16\"},\"panelIndex\":\"16\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_16\"},{\"type\":\"lens\",\"gridData\":{\"x\":14,\"y\":0,\"w\":10,\"h\":7,\"i\":\"2446c20a-9c43-425c-8159-c1172aca9ceb\"},\"panelIndex\":\"2446c20a-9c43-425c-8159-c1172aca9ceb\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_2446c20a-9c43-425c-8159-c1172aca9ceb\"},{\"type\":\"map\",\"gridData\":{\"x\":24,\"y\":0,\"w\":24,\"h\":17,\"i\":\"72688b87-0d6f-4e50-afb6-138d48150f7b\"},\"panelIndex\":\"72688b87-0d6f-4e50-afb6-138d48150f7b\",\"embeddableConfig\":{\"mapCenter\":{\"lat\":49.21691,\"lon\":8.7455,\"zoom\":5.19},\"mapBuffer\":{\"minLon\":-5.625,\"minLat\":45.08904,\"maxLon\":22.5,\"maxLat\":52.48278},\"isLayerTOCOpen\":false,\"openTOCDetails\":[],\"hiddenLayers\":[],\"enhancements\":{}},\"panelRefName\":\"panel_72688b87-0d6f-4e50-afb6-138d48150f7b\"}]","refreshInterval":{"pause":false,"value":60000},"timeFrom":"now-24h","timeRestore":true,"timeTo":"now","title":"NGINX","version":1},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"NGINX","managed":false,"references":[{"id":"aba07c94-4fa5-4929-bc8b-0e29b97cae10","name":"2:panel_2","type":"lens"},{"id":"ee6b007a-5812-41c0-ad23-0dc19fe982b6","name":"3:panel_3","type":"lens"},{"id":"fec8aeab-83ac-42e3-81a8-36eac44a056f","name":"4:panel_4","type":"lens"},{"id":"2f1fc729-10f9-4d37-aa86-f450d7651487","name":"5:panel_5","type":"lens"},{"id":"d8f6e553-561c-450b-bf69-1430cef1d45f","name":"6:panel_6","type":"lens"},{"id":"4455be61-2db2-4fb0-954d-2e851ff8fbd5","name":"7:panel_7","type":"lens"},{"id":"9fcdfd6e-245e-4758-bd7e-4a6742276cab","name":"8:panel_8","type":"lens"},{"id":"61def38f-2f46-4455-a7a2-70a538818c9e","name":"13:panel_13","type":"lens"},{"id":"033be6ae-c3a7-4da7-bacd-9c1b23bc3905","name":"14:panel_14","type":"lens"},{"id":"2c02fdfd-53fd-48be-9b20-741392462440","name":"15:panel_15","type":"l
{"attributes":{"columns":["_source"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}},\"require_field_match\":false,\"fragment_size\":2147483647},\"query\":{\"query\":{\"query_string\":{\"query\":\"type:\\\"NGINX\\\"\",\"analyze_wildcard\":true}},\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"tabs":[{"attributes":{"columns":["_source"],"hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}},\"require_field_match\":false,\"fragment_size\":2147483647},\"query\":{\"query\":{\"query_string\":{\"query\":\"type:\\\"NGINX\\\"\",\"analyze_wildcard\":true}},\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"version":1},"id":"a6b48835-b8a5-4234-b548-a80f3554287f","label":"Untitled"}],"title":"NGINX-Logs","version":1},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"NGINX-Logs","managed":false,"references":[{"id":"logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1767638649249,8589935731],"type":"search","typeMigrationVersion":"10.9.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzIxOCwxXQ=="}
{"attributes":{"columns":["_source"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}},\"require_field_match\":false,\"fragment_size\":2147483647},\"query\":{\"query\":{\"query_string\":{\"query\":\"type:\\\"P0f\\\"\",\"analyze_wildcard\":true}},\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"tabs":[{"attributes":{"columns":["_source"],"hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}},\"require_field_match\":false,\"fragment_size\":2147483647},\"query\":{\"query\":{\"query_string\":{\"query\":\"type:\\\"P0f\\\"\",\"analyze_wildcard\":true}},\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"version":1},"id":"b9a057fb-4930-46ad-98ca-489250585ae4","label":"Untitled"}],"title":"P0f-Logs","version":1},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"P0f-Logs","managed":false,"references":[{"id":"logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1767638649249,8589935733],"type":"search","typeMigrationVersion":"10.9.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzIxOSwxXQ=="}
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"b893a305-a537-45d5-84e1-b95ae63e0056":{"columnOrder":["86055e7e-548e-4d71-bb6d-f1a1f2dbd3f9","6f1c1709-0550-4d3a-b783-cef15c8858ac"],"columns":{"6f1c1709-0550-4d3a-b783-cef15c8858ac":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Count","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"},"86055e7e-548e-4d71-bb6d-f1a1f2dbd3f9":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"fileinfo.magic.keyword: Descending","operationType":"terms","params":{"accuracyMode":true,"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"6f1c1709-0550-4d3a-b783-cef15c8858ac","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"size":10},"scale":"ordinal","sourceField":"fileinfo.magic.keyword"}},"ignoreGlobalFilters":false,"incompleteColumns":{}}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"kuery","query":"type : Suricata"},"visualization":{"layers":[{"categoryDisplay":"hide","emptySizeRatio":0.3,"layerId":"b893a305-a537-45d5-84e1-b95ae63e0056","layerType":"data","legendDisplay":"show","legendMaxLines":1,"legendPosition":"right","legendSize":"auto","metrics":["6f1c1709-0550-4d3a-b783-cef15c8858ac"],"nestedLegend":true,"numberDisplay":"percent","percentDecimals":0,"primaryGroups":["86055e7e-548e-4d71-bb6d-f1a1f2dbd3f9"],"secondaryGroups":[],"showValuesInLegend":true,"truncateLegend":true}],"palette":{"name":"kibana_palette","type":"palette"},"shape":"donut"}},"title":"Suricata Fileinfo Magic - Top 10","visualizationType":"lnsPie"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"b23d9914-2668-4138-b784-13064bc61644","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-b893a305-a537-45d5-84e1-b95ae63e0056","type":"index-pattern"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"},{"id":"1324d6e0-8ebc-11ec-82b5-d375cfa90394","name":"tag-ref-1324d6e0-8ebc-11ec-82b5-d375cfa90394","type":"tag"}],"sort":[1767638649249,8589935737],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzIyMCwxXQ=="}
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"49a6492d-9441-4b1d-b642-4cb01c1fc4e0":{"columnOrder":["c8fba476-364d-4363-a45d-76f14347e026","724b0a60-ab07-4712-ac2a-f743539db301"],"columns":{"724b0a60-ab07-4712-ac2a-f743539db301":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Count","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"},"c8fba476-364d-4363-a45d-76f14347e026":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"http.hostname.keyword: Descending","operationType":"terms","params":{"accuracyMode":true,"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"724b0a60-ab07-4712-ac2a-f743539db301","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"size":10},"scale":"ordinal","sourceField":"http.hostname.keyword"}},"ignoreGlobalFilters":false,"incompleteColumns":{}}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"kuery","query":"type : Suricata"},"visualization":{"layers":[{"categoryDisplay":"hide","emptySizeRatio":0.3,"layerId":"49a6492d-9441-4b1d-b642-4cb01c1fc4e0","layerType":"data","legendDisplay":"show","legendMaxLines":1,"legendPosition":"right","legendSize":"auto","metrics":["724b0a60-ab07-4712-ac2a-f743539db301"],"nestedLegend":true,"numberDisplay":"percent","percentDecimals":0,"primaryGroups":["c8fba476-364d-4363-a45d-76f14347e026"],"secondaryGroups":[],"showValuesInLegend":true,"truncateLegend":true}],"palette":{"name":"kibana_palette","type":"palette"},"shape":"donut"}},"title":"Suricata HTTP Hostname Pie - Top 10","visualizationType":"lnsPie"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"d0055114-3221-4f8a-b8ba-69449eaab517","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-49a6492d-9441-4b1d-b642-4cb01c1fc4e0","type":"index-pattern"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"},{"id":"1324d6e0-8ebc-11ec-82b5-d375cfa90394","name":"tag-ref-1324d6e0-8ebc-11ec-82b5-d375cfa90394","type":"tag"}],"sort":[1767638649249,8589935741],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzIyMSwxXQ=="}
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"c43d0988-4d97-451e-9bae-c3fdbf31bb9d":{"columnOrder":["a215b7ee-8d19-4dfa-bb9f-149dd4e98248","0a0af41f-2589-4848-8598-70d7fbfcd817"],"columns":{"0a0af41f-2589-4848-8598-70d7fbfcd817":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Count","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"},"a215b7ee-8d19-4dfa-bb9f-149dd4e98248":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"http.http_method.keyword: Descending","operationType":"terms","params":{"accuracyMode":true,"exclude":[],"excludeIsRegex":false,"include":["GET|HEAD|POST|PUT|DELETE|CONNECT|OPTIONS|TRACE|PATCH"],"includeIsRegex":true,"missingBucket":false,"orderBy":{"columnId":"0a0af41f-2589-4848-8598-70d7fbfcd817","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"size":10},"scale":"ordinal","sourceField":"http.http_method.keyword"}},"ignoreGlobalFilters":false,"incompleteColumns":{}}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"kuery","query":"type : Suricata"},"visualization":{"layers":[{"categoryDisplay":"hide","emptySizeRatio":0.3,"layerId":"c43d0988-4d97-451e-9bae-c3fdbf31bb9d","layerType":"data","legendDisplay":"show","legendMaxLines":1,"legendPosition":"right","legendSize":"auto","metrics":["0a0af41f-2589-4848-8598-70d7fbfcd817"],"nestedLegend":true,"numberDisplay":"percent","percentDecimals":0,"primaryGroups":["a215b7ee-8d19-4dfa-bb9f-149dd4e98248"],"secondaryGroups":[],"showValuesInLegend":true,"truncateLegend":true}],"palette":{"name":"kibana_palette","type":"palette"},"shape":"donut"}},"title":"Suricata HTTP Method Pie - Top 10","visualizationType":"lnsPie"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"e01f9e83-1cb6-4424-8461-3f610a84f710","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-c43d0988-4d97-451e-9bae-c3fdbf31bb9d","type":"index-pattern"},{"id":"1324d6e0-8ebc-11ec-82b5-d375cfa90394","name":"tag-ref-1324d6e0-8ebc-11ec-82b5-d375cfa90394","type":"tag"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"}],"sort":[1767638649249,8589935745],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzIyMiwxXQ=="}
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"06ef89a2-234c-4a1b-9fc7-aa9423dbb3dd":{"columnOrder":["81812eb6-063d-4e13-9af4-3ff1909d4fa3","4cf3d4d5-62c4-4d76-bf8e-4828a3f3500a"],"columns":{"4cf3d4d5-62c4-4d76-bf8e-4828a3f3500a":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Count","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"},"81812eb6-063d-4e13-9af4-3ff1909d4fa3":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"Source IP","operationType":"terms","params":{"accuracyMode":true,"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"4cf3d4d5-62c4-4d76-bf8e-4828a3f3500a","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"size":10},"scale":"ordinal","sourceField":"src_ip.keyword"}},"ignoreGlobalFilters":false,"incompleteColumns":{}}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"kuery","query":"type : Suricata"},"visualization":{"columns":[{"alignment":"left","columnId":"4cf3d4d5-62c4-4d76-bf8e-4828a3f3500a"},{"alignment":"left","columnId":"81812eb6-063d-4e13-9af4-3ff1909d4fa3"}],"headerRowHeight":"single","layerId":"06ef89a2-234c-4a1b-9fc7-aa9423dbb3dd","layerType":"data","paging":{"enabled":true,"size":10},"rowHeight":"single"}},"title":"Suricata Source IP - Top 10","visualizationType":"lnsDatatable"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"b8814f7f-49fc-4c5e-8fd3-4e6baa9765da","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-06ef89a2-234c-4a1b-9fc7-aa9423dbb3dd","type":"index-pattern"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"},{"id":"1324d6e0-8ebc-11ec-82b5-d375cfa90394","name":"tag-ref-1324d6e0-8ebc-11ec-82b5-d375cfa90394","type":"tag"}],"sort":[1767638649249,8589935749],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzIyMywxXQ=="}
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"4e52bc52-2b98-4c38-aae2-b5b3cb86c739":{"columnOrder":["bae5f92d-53ce-452d-89e7-5500f699610b","526d8bf9-e709-4dd1-9556-620d66bc6a8e","99f66a5d-fe6d-407f-95a1-b1978a36b793"],"columns":{"526d8bf9-e709-4dd1-9556-620d66bc6a8e":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"ASN","operationType":"terms","params":{"accuracyMode":true,"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"99f66a5d-fe6d-407f-95a1-b1978a36b793","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"size":10},"scale":"ordinal","sourceField":"geoip.as_org.keyword"},"99f66a5d-fe6d-407f-95a1-b1978a36b793":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Count","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"},"bae5f92d-53ce-452d-89e7-5500f699610b":{"customLabel":true,"dataType":"number","isBucketed":true,"label":"AS","operationType":"terms","params":{"accuracyMode":true,"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"99f66a5d-fe6d-407f-95a1-b1978a36b793","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"size":10},"scale":"ordinal","sourceField":"geoip.asn"}},"ignoreGlobalFilters":false,"incompleteColumns":{}}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"kuery","query":"type : Suricata"},"visualization":{"columns":[{"alignment":"left","columnId":"99f66a5d-fe6d-407f-95a1-b1978a36b793"},{"alignment":"left","columnId":"bae5f92d-53ce-452d-89e7-5500f699610b"},{"alignment":"left","columnId":"526d8bf9-e709-4dd1-9556-620d66bc6a8e"}],"headerRowHeight":"single","layerId":"4e52bc52-2b98-4c38-aae2-b5b3cb86c739","layerType":"data","paging":{"enabled":true,"size":10},"rowHeight":"single"}},"title":"Suricata - AS/N - Top 10","visualizationType":"lnsDatatable"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"e2315026-8882-4e09-bb8b-d71255de8ec5","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-4e52bc52-2b98-4c38-aae2-b5b3cb86c739","type":"index-pattern"},{"id":"1324d6e0-8ebc-11ec-82b5-d375cfa90394","name":"tag-ref-1324d6e0-8ebc-11ec-82b5-d375cfa90394","type":"tag"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"}],"sort":[1767638649249,8589935753],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzIyNCwxXQ=="}
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"9b908d35-473c-4387-ab83-b20e71d3ca9e":{"columnOrder":["d3b02eed-5f65-4abe-808c-c059334b47e6","762ae17b-6510-4ef6-b574-33c3940d6015"],"columns":{"762ae17b-6510-4ef6-b574-33c3940d6015":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Count","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"},"d3b02eed-5f65-4abe-808c-c059334b47e6":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"ip_rep.keyword: Descending","operationType":"terms","params":{"accuracyMode":true,"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"762ae17b-6510-4ef6-b574-33c3940d6015","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"size":10},"scale":"ordinal","sourceField":"ip_rep.keyword"}},"ignoreGlobalFilters":false,"incompleteColumns":{}}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"kuery","query":"type : Suricata"},"visualization":{"layers":[{"categoryDisplay":"hide","emptySizeRatio":0.3,"layerId":"9b908d35-473c-4387-ab83-b20e71d3ca9e","layerType":"data","legendDisplay":"show","legendMaxLines":1,"legendPosition":"right","legendSize":"auto","metrics":["762ae17b-6510-4ef6-b574-33c3940d6015"],"nestedLegend":true,"numberDisplay":"percent","percentDecimals":0,"primaryGroups":["d3b02eed-5f65-4abe-808c-c059334b47e6"],"secondaryGroups":[],"showValuesInLegend":true,"truncateLegend":true}],"palette":{"name":"kibana_palette","type":"palette"},"shape":"donut"}},"title":"Suricata - Attacker Src IP Reputation","visualizationType":"lnsPie"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"c0edca03-2ed5-4904-8481-8c30fd63fbda","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-9b908d35-473c-4387-ab83-b20e71d3ca9e","type":"index-pattern"},{"id":"1324d6e0-8ebc-11ec-82b5-d375cfa90394","name":"tag-ref-1324d6e0-8ebc-11ec-82b5-d375cfa90394","type":"tag"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"}],"sort":[1767638649249,8589935757],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzIyNSwxXQ=="}
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"dea3fb83-71a1-47c4-b972-9307eb9b5bc6":{"columnOrder":["7b2fbb97-9543-4582-94db-ebf650d3d824","5c0c48be-d9b6-4092-901e-dca449010aa3","ebaf6c6b-9a17-44ac-a3f8-7903a0773399"],"columns":{"5c0c48be-d9b6-4092-901e-dca449010aa3":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"Source IP","operationType":"terms","params":{"accuracyMode":true,"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"ebaf6c6b-9a17-44ac-a3f8-7903a0773399","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"size":5},"scale":"ordinal","sourceField":"src_ip.keyword"},"7b2fbb97-9543-4582-94db-ebf650d3d824":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"JA4","operationType":"terms","params":{"accuracyMode":true,"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"ebaf6c6b-9a17-44ac-a3f8-7903a0773399","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"secondaryFields":[],"size":5},"scale":"ordinal","sourceField":"tls.ja4.keyword"},"ebaf6c6b-9a17-44ac-a3f8-7903a0773399":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Count","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"}},"ignoreGlobalFilters":false,"incompleteColumns":{}}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"kuery","query":"type : Suricata"},"visualization":{"layers":[{"categoryDisplay":"hide","emptySizeRatio":0.3,"layerId":"dea3fb83-71a1-47c4-b972-9307eb9b5bc6","layerType":"data","legendDisplay":"show","legendMaxLines":1,"legendPosition":"right","legendSize":"auto","legendStats":["value"],"metrics":["ebaf6c6b-9a17-44ac-a3f8-7903a0773399"],"nestedLegend":true,"numberDisplay":"percent","percentDecimals":0,"primaryGroups":["7b2fbb97-9543-4582-94db-ebf650d3d824","5c0c48be-d9b6-4092-901e-dca449010aa3"],"secondaryGroups":[],"truncateLegend":true}],"palette":{"name":"kibana_palette","type":"palette"},"shape":"donut"}},"title":"Suricata - IP / JA4 - Pie","visualizationType":"lnsPie"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"ba3f39b0-d55c-4824-8046-ad7e9655484f","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-dea3fb83-71a1-47c4-b972-9307eb9b5bc6","type":"index-pattern"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"},{"id":"1324d6e0-8ebc-11ec-82b5-d375cfa90394","name":"tag-ref-1324d6e0-8ebc-11ec-82b5-d375cfa90394","type":"tag"}],"sort":[1767638649249,8589935761],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzIyNiwxXQ=="}
{"attributes":{"controlGroupInput":{"chainingSystem":"HIERARCHICAL","controlStyle":"oneLine","ignoreParentSettingsJSON":"{\"ignoreFilters\":false,\"ignoreQuery\":false,\"ignoreTimerange\":false,\"ignoreValidations\":false}","panelsJSON":"{}","showApplySelections":false},"description":"Suricata Dashboard","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"type : Suricata\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":true,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":8,\"w\":24,\"h\":10,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"type\":\"lens\",\"gridData\":{\"x\":36,\"y\":28,\"w\":12,\"h\":10,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_9\"},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":38,\"w\":12,\"h\":10,\"i\":\"12\"},\"panelIndex\":\"12\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_12\"},{\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":28,\"w\":12,\"h\":10,\"i\":\"14\"},\"panelIndex\":\"14\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_14\"},{\"type\":\"lens\",\"gridData\":{\"x\":12,\"y\":28,\"w\":12,\"h\":10,\"i\":\"15\"},\"panelIndex\":\"15\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_15\"},{\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":38,\"w\":12,\"h\":10,\"i\":\"16\"},\"panelIndex\":\"16\",\"embeddableConfig\":{\"enhancements\":{},\"attributes\":{\"title\":\"Suricata HTTP Method Pie - Top 10\",\"description\":\"\",\"visualizationType\":\"lnsPie\",\"state\":{\"adHocDataViews\":{},\"datasourceStates\":{\"formBased\":{\"layers\":{\"c43d0988-4d97-451e-9bae-c3fdbf31bb9d\":{\"columnOrder\":[\"a215b7ee-8d19-4dfa-bb9f-149dd4e98248\",\"0a0af41f-2589-4848-8598-70d7fbfcd817\"],\"columns\":{\"0a0af41f-2589-4848-8598-70d7fbfcd817\":{\"customLabel\":true,\"dataType\":\"number\",\"isBucketed\":false,\"label\":\"Count\",\"operationType\":\"count\",\"params\":{\"emptyAsNull\":true},\"scale\":\"ratio\",\"sourceField\":\"___records___\"},\"a215b7ee-8d19-4dfa-bb9f-149dd4e98248\":{\"customLabel\":true,\"dataType\":\"string\",\"isBucketed\":true,\"label\":\"http.http_method.keyword: Descending\",\"operationType\":\"terms\",\"params\":{\"accuracyMode\":true,\"exclude\":[],\"excludeIsRegex\":false,\"include\":[\"GET|HEAD|POST|PUT|DELETE|CONNECT|OPTIONS|TRACE|PATCH\"],\"includeIsRegex\":true,\"missingBucket\":false,\"orderBy\":{\"columnId\":\"0a0af41f-2589-4848-8598-70d7fbfcd817\",\"type\":\"column\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"size\":10},\"scale\":\"ordinal\",\"sourceField\":\"http.http_method.keyword\"}},\"ignoreGlobalFilters\":false,\"incompleteColumns\":{}}}},\"indexpattern\":{\"layers\":{}},\"textBased\":{\"layers\":{}}},\"filters\":[],\"internalReferences\":[],\"query\":{\"language\":\"kuery\",\"query\":\"type : Suricata\"},\"visualization\":{\"layers\":[{\"categoryDisplay\":\"hide\",\"emptySizeRatio\":0.3,\"layerId\":\"c43d0988-4d97-451e-9bae-c3fdbf31bb9d\",\"layerType\":\"data\",\"legendDisplay\":\"show\",\"legendMaxLines\":1,\"legendPosition\":\"right\",\"legendSize\":\"auto\",\"metrics\":[\"0a0af41f-2589-4848-8598-70d7fbfcd817\"],\"nestedLegend\":true,\"numberDisplay\":\"percent\",\"percentDecimals\":0,\"primaryGroups\":[\"a215b7ee-8d19-4dfa-bb9f-149dd4e98248\"],\"secondaryGroups\":[],\"showValuesInLegend\":true,\"truncateLegend\":true}],\"palette\":{\"name\":\"kibana_palette\",\"type\":\"palette\"},\"shape\":\"donut\"}},\"references\":[{\"id\":\"logstash-*\",\"name\":\"indexpattern-datasource-layer-c43d0988-4d97-451e-9bae-c3fdbf31bb9d\",\"type\":\"index-pattern\"},{\"id\":\"1324d6e0-8ebc-11ec-82b5-d375cfa90394\",\"name\":\"tag-ref-1324d6e0-8ebc-11ec-82b5-d375cfa90394\",\"type\":\"tag\"},{\"id\":\"02526be0-8eba-11ec-82b5-d375cfa90394\",\"name\":\"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394\",\"type\":\"tag\"}],\"type\":\"l
{"attributes":{"columns":["_source"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}},\"require_field_match\":false,\"fragment_size\":2147483647},\"query\":{\"query\":{\"query_string\":{\"query\":\"type:\\\"Suricata\\\"\",\"analyze_wildcard\":true}},\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"tabs":[{"attributes":{"columns":["_source"],"hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"filter\":[],\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}},\"require_field_match\":false,\"fragment_size\":2147483647},\"query\":{\"query\":{\"query_string\":{\"query\":\"type:\\\"Suricata\\\"\",\"analyze_wildcard\":true}},\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"version":1},"id":"6f35b603-525d-4b39-8912-f9eb60dd221b","label":"Untitled"}],"title":"Suricata-Logs","version":1},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"Suricata-Logs","managed":false,"references":[{"id":"logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1767638649249,8589935790],"type":"search","typeMigrationVersion":"10.9.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzIyOCwxXQ=="}
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"b2de5a67-cd28-48f5-ae6d-32dd5b9861eb":{"columnOrder":["ef0e6e1c-dbe5-4600-a2b3-470b96af8b87","30d8a834-3d1c-4d7f-a318-1c539727d5ef"],"columns":{"30d8a834-3d1c-4d7f-a318-1c539727d5ef":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Count","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"},"ef0e6e1c-dbe5-4600-a2b3-470b96af8b87":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"request_method.keyword: Descending","operationType":"terms","params":{"accuracyMode":true,"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"30d8a834-3d1c-4d7f-a318-1c539727d5ef","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"size":5},"scale":"ordinal","sourceField":"request_method.keyword"}},"ignoreGlobalFilters":false,"incompleteColumns":{}}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"kuery","query":"type : Ipphoney"},"visualization":{"layers":[{"categoryDisplay":"hide","emptySizeRatio":0.3,"layerId":"b2de5a67-cd28-48f5-ae6d-32dd5b9861eb","layerType":"data","legendDisplay":"show","legendMaxLines":1,"legendPosition":"right","legendSize":"auto","metrics":["30d8a834-3d1c-4d7f-a318-1c539727d5ef"],"nestedLegend":true,"numberDisplay":"percent","percentDecimals":0,"primaryGroups":["ef0e6e1c-dbe5-4600-a2b3-470b96af8b87"],"secondaryGroups":[],"showValuesInLegend":true,"truncateLegend":true}],"palette":{"name":"kibana_palette","type":"palette"},"shape":"donut"}},"title":"Ipphoney - Request Method - Top 5","visualizationType":"lnsPie"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"a0389df9-a560-48ab-80ff-e986d5a2c4d1","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-b2de5a67-cd28-48f5-ae6d-32dd5b9861eb","type":"index-pattern"},{"id":"eb550950-8ebb-11ec-82b5-d375cfa90394","name":"tag-ref-eb550950-8ebb-11ec-82b5-d375cfa90394","type":"tag"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"}],"sort":[1767638649249,8589935794],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzIyOSwxXQ=="}
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"c033cec3-e553-43c3-9f97-f6bfff3f8e1e":{"columnOrder":["1f157382-27ad-4010-8800-70c35088db5d","a9d585ea-9c08-48cf-a351-217f11bd39e1"],"columns":{"1f157382-27ad-4010-8800-70c35088db5d":{"dataType":"string","isBucketed":true,"label":"Top 10 values of method.keyword","operationType":"terms","params":{"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"a9d585ea-9c08-48cf-a351-217f11bd39e1","type":"column"},"orderDirection":"desc","otherBucket":true,"parentFormat":{"id":"terms"},"size":10},"scale":"ordinal","sourceField":"method.keyword"},"a9d585ea-9c08-48cf-a351-217f11bd39e1":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Count","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"}},"ignoreGlobalFilters":false,"incompleteColumns":{}}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"kuery","query":"type : Go-pot"},"visualization":{"layers":[{"categoryDisplay":"hide","emptySizeRatio":0.3,"layerId":"c033cec3-e553-43c3-9f97-f6bfff3f8e1e","layerType":"data","legendDisplay":"show","legendMaxLines":1,"legendPosition":"right","legendSize":"auto","metrics":["a9d585ea-9c08-48cf-a351-217f11bd39e1"],"nestedLegend":true,"numberDisplay":"percent","percentDecimals":0,"primaryGroups":["1f157382-27ad-4010-8800-70c35088db5d"],"secondaryGroups":[],"showValuesInLegend":true,"truncateLegend":true}],"palette":{"name":"kibana_palette","type":"palette"},"shape":"donut"}},"title":"Go-pot - Method Pie - Top 10","visualizationType":"lnsPie"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"d7a0e8cc-a686-4161-9486-3d6743c59906","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-c033cec3-e553-43c3-9f97-f6bfff3f8e1e","type":"index-pattern"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"},{"id":"d3ab0b82-8c88-4968-aa32-23d9a867a6ca","name":"tag-ref-d3ab0b82-8c88-4968-aa32-23d9a867a6ca","type":"tag"}],"sort":[1767638649249,8589935798],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzIzMCwxXQ=="}
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"8d3c9890-e96c-4e94-b8dd-55ac1607b16b":{"columnOrder":["ef6a1d2e-967b-437d-8fee-f4d13b093f27","83b8d5e3-cf90-4d2e-8f91-0dde6cfb1bd4","c383ec5b-a153-4785-a149-2643cec79e3e","943d675e-cf3c-427e-9cb2-777500927983"],"columns":{"83b8d5e3-cf90-4d2e-8f91-0dde6cfb1bd4":{"dataType":"string","isBucketed":true,"label":"Top 10 values of phase.keyword","operationType":"terms","params":{"accuracyMode":true,"exclude":[],"excludeIsRegex":false,"include":["end"],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"943d675e-cf3c-427e-9cb2-777500927983","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"size":10},"scale":"ordinal","sourceField":"phase.keyword"},"943d675e-cf3c-427e-9cb2-777500927983":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Count","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"},"c383ec5b-a153-4785-a149-2643cec79e3e":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"Duration","operationType":"terms","params":{"accuracyMode":true,"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"943d675e-cf3c-427e-9cb2-777500927983","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"size":10},"scale":"ordinal","sourceField":"session_duration.keyword"},"ef6a1d2e-967b-437d-8fee-f4d13b093f27":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"Request Path","operationType":"terms","params":{"accuracyMode":true,"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"943d675e-cf3c-427e-9cb2-777500927983","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"secondaryFields":[],"size":10},"scale":"ordinal","sourceField":"path.keyword"}},"ignoreGlobalFilters":false,"incompleteColumns":{}}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"kuery","query":"type.keyword:\"Go-pot\""},"visualization":{"columns":[{"alignment":"left","columnId":"943d675e-cf3c-427e-9cb2-777500927983","hidden":true},{"columnId":"ef6a1d2e-967b-437d-8fee-f4d13b093f27","isMetric":false,"isTransposed":false},{"columnId":"83b8d5e3-cf90-4d2e-8f91-0dde6cfb1bd4","hidden":true,"isMetric":false,"isTransposed":false},{"columnId":"c383ec5b-a153-4785-a149-2643cec79e3e","isMetric":false,"isTransposed":false}],"headerRowHeight":"single","headerRowHeightLines":1,"layerId":"8d3c9890-e96c-4e94-b8dd-55ac1607b16b","layerType":"data","paging":{"enabled":false,"size":10},"rowHeight":"auto"}},"title":"Go-pot - HTTP Request Path Duration - Top 10","visualizationType":"lnsDatatable"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"d2ba144a-f050-4edb-a0bc-8d8024b8a3a1","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-8d3c9890-e96c-4e94-b8dd-55ac1607b16b","type":"index-pattern"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"},{"id":"d3ab0b82-8c88-4968-aa32-23d9a867a6ca","name":"tag-ref-d3ab0b82-8c88-4968-aa32-23d9a867a6ca","type":"tag"}],"sort":[1767638649249,8589935802],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzIzMSwxXQ=="}
{"attributes":{"controlGroupInput":{"chainingSystem":"HIERARCHICAL","controlStyle":"oneLine","ignoreParentSettingsJSON":"{\"ignoreFilters\":false,\"ignoreQuery\":false,\"ignoreTimerange\":false,\"ignoreValidations\":false}","panelsJSON":"{}","showApplySelections":false},"description":"Go-pot Dashboard","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"type : Go-pot\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":true,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":0,\"w\":14,\"h\":8,\"i\":\"de6d215e-1048-444c-80d4-f71cedcf5027\"},\"panelIndex\":\"de6d215e-1048-444c-80d4-f71cedcf5027\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_de6d215e-1048-444c-80d4-f71cedcf5027\"},{\"type\":\"lens\",\"gridData\":{\"x\":14,\"y\":0,\"w\":10,\"h\":8,\"i\":\"d5b6edee-42f4-4758-8b92-d0183010adb4\"},\"panelIndex\":\"d5b6edee-42f4-4758-8b92-d0183010adb4\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_d5b6edee-42f4-4758-8b92-d0183010adb4\"},{\"type\":\"map\",\"gridData\":{\"x\":24,\"y\":0,\"w\":24,\"h\":18,\"i\":\"3d03cfd6-8c35-4ca3-bc85-48dbf3e73c74\"},\"panelIndex\":\"3d03cfd6-8c35-4ca3-bc85-48dbf3e73c74\",\"embeddableConfig\":{\"mapCenter\":{\"lon\":1.83085,\"lat\":33.63243,\"zoom\":1.1},\"mapBuffer\":{\"minLon\":-180,\"minLat\":-66.51326,\"maxLon\":180,\"maxLat\":85.05113},\"isLayerTOCOpen\":false,\"openTOCDetails\":[],\"hiddenLayers\":[],\"enhancements\":{\"dynamicActions\":{\"events\":[]}}},\"panelRefName\":\"panel_3d03cfd6-8c35-4ca3-bc85-48dbf3e73c74\"},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":8,\"w\":24,\"h\":10,\"i\":\"05c25c78-df33-4696-9a44-1c803a54af74\"},\"panelIndex\":\"05c25c78-df33-4696-9a44-1c803a54af74\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_05c25c78-df33-4696-9a44-1c803a54af74\"},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":18,\"w\":12,\"h\":10,\"i\":\"abca3875-598c-418a-bdc9-973220f954a4\"},\"panelIndex\":\"abca3875-598c-418a-bdc9-973220f954a4\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_abca3875-598c-418a-bdc9-973220f954a4\"},{\"type\":\"lens\",\"gridData\":{\"x\":12,\"y\":18,\"w\":18,\"h\":10,\"i\":\"e8e6ed7e-da00-4af8-a50b-89c9574e27d2\"},\"panelIndex\":\"e8e6ed7e-da00-4af8-a50b-89c9574e27d2\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_e8e6ed7e-da00-4af8-a50b-89c9574e27d2\"},{\"type\":\"lens\",\"gridData\":{\"x\":30,\"y\":18,\"w\":18,\"h\":10,\"i\":\"a49cc49a-1b9b-4e39-8cc2-f350f76bb63b\"},\"panelIndex\":\"a49cc49a-1b9b-4e39-8cc2-f350f76bb63b\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_a49cc49a-1b9b-4e39-8cc2-f350f76bb63b\"},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":28,\"w\":12,\"h\":10,\"i\":\"524aa3e5-4090-4cc8-a105-3c667f7c02b5\"},\"panelIndex\":\"524aa3e5-4090-4cc8-a105-3c667f7c02b5\",\"embeddableConfig\":{\"enhancements\":{},\"attributes\":{\"title\":\"Go-pot - User Agent - Top 10\",\"description\":\"\",\"visualizationType\":\"lnsPie\",\"state\":{\"visualization\":{\"layers\":[{\"categoryDisplay\":\"hide\",\"emptySizeRatio\":0.3,\"layerId\":\"f5a94802-967f-41f4-8cff-ee049791281f\",\"layerType\":\"data\",\"legendDisplay\":\"show\",\"legendMaxLines\":1,\"legendPosition\":\"right\",\"legendSize\":\"auto\",\"metrics\":[\"6c32a844-7489-4493-8a9c-6fd17a2765b3\"],\"nestedLegend\":true,\"numberDisplay\":\"percent\",\"percentDecimals\":0,\"primaryGroups\":[\"b59251ab-f883-4762-b23b-4dc33e1df8b8\"],\"secondaryGroups\":[],\"showValuesInLegend\":true,\"truncateLegend\":true}],\"palette\":{\"name\":\"kibana_palette\",\"type\":\"palette\"},\"shape\":\"donut\"},\"query\":{\"language\":\"lucene\",\"query\":\"*\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"f5a94802-967f-41f4-8cff-ee049791281f\":{\"columnOrder\":[\"b59251ab-f883-4762-b23b-4dc33e1df8b8\",\"6c32a844-7489-4493-8a9c-6fd17a2765b3\"],\"columns\":{\"6c32a844-7489-4493-8a9c-6fd17a2765b3\":{\"customLabel\":true,\"dataType\":\"number\",\"isBuc
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"138f6c39-44d4-4918-9487-8504e12fb56f":{"columnOrder":["9f0e9b12-36d8-4994-80d4-2aaf5b83caab","c13e3f15-0099-4bc2-b889-8a477e061a50"],"columns":{"9f0e9b12-36d8-4994-80d4-2aaf5b83caab":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"level.keyword: Descending","operationType":"terms","params":{"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"c13e3f15-0099-4bc2-b889-8a477e061a50","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"size":10},"scale":"ordinal","sourceField":"level.keyword"},"c13e3f15-0099-4bc2-b889-8a477e061a50":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Count","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"}},"ignoreGlobalFilters":false,"incompleteColumns":{}}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"kuery","query":"type : CitrixHoneypot"},"visualization":{"layers":[{"categoryDisplay":"hide","emptySizeRatio":0.3,"layerId":"138f6c39-44d4-4918-9487-8504e12fb56f","layerType":"data","legendDisplay":"show","legendMaxLines":1,"legendPosition":"right","legendSize":"auto","metrics":["c13e3f15-0099-4bc2-b889-8a477e061a50"],"nestedLegend":true,"numberDisplay":"percent","percentDecimals":0,"primaryGroups":["9f0e9b12-36d8-4994-80d4-2aaf5b83caab"],"secondaryGroups":[],"showValuesInLegend":true,"truncateLegend":true}],"palette":{"name":"kibana_palette","type":"palette"},"shape":"donut"}},"title":"CitrixHoneypot Event Type","visualizationType":"lnsPie"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"ae5a2788-96e9-461d-ad6b-c95a6268ecfd","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-138f6c39-44d4-4918-9487-8504e12fb56f","type":"index-pattern"},{"id":"9299bc20-8ebb-11ec-82b5-d375cfa90394","name":"tag-ref-9299bc20-8ebb-11ec-82b5-d375cfa90394","type":"tag"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"}],"sort":[1767638649249,8589935827],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzIzMywxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"},"savedSearchRefName":"search_0","title":"Attacks per T-Pot Histogram","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Attacks per T-Pot Histogram\",\"type\":\"line\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Attacks\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"t-pot_hostname.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"\"},\"schema\":\"group\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"params\":{\"field\":\"@timestamp\",\"timeRange\":{\"from\":\"now-24h/h\",\"to\":\"now\"},\"useNormalizedEsInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"used_interval\":\"30m\",\"drop_partials\":true,\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\"Timestamp\"},\"schema\":\"segment\"}],\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"},\"valueAxis\":\"\"},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100,\"filter\":true,\"rotate\":0},\"title\":{\"text\":\"Timestamp\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"square root\",\"mode\":\"normal\",\"defaultYExtents\":false,\"setYExtents\":false},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"Attacks\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"line\",\"mode\":\"normal\",\"data\":{\"label\":\"Attacks\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"circlesRadius\":1}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"type\":\"line\",\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":false,\"fittingFunction\":\"zero\",\"labels\":{},\"radiusRatio\":9,\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"},\"truncateLegend\":true,\"maxLegendLines\":1,\"legendSize\":\"auto\"}}"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"b0b973e0-6d5e-11ec-a44d-8952f5c6570c","managed":false,"references":[{"id":"Honeypot-Logs","name":"search_0","type":"search"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"}],"sort":[1767638649249,8589935830],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzIzNCwxXQ=="}
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"8558b1bb-ff6d-496c-835a-f25e40627376":{"columnOrder":["bdbce8d3-4662-4ffc-8c82-dd7b870ddfda","4ce88ca1-a52a-4ae9-8ddc-333c0c104bb0"],"columns":{"4ce88ca1-a52a-4ae9-8ddc-333c0c104bb0":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Count","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"},"bdbce8d3-4662-4ffc-8c82-dd7b870ddfda":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"ipp_query.operation.keyword: Descending","operationType":"terms","params":{"accuracyMode":true,"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"4ce88ca1-a52a-4ae9-8ddc-333c0c104bb0","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"size":5},"scale":"ordinal","sourceField":"ipp_query.operation.keyword"}},"ignoreGlobalFilters":false,"incompleteColumns":{}}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"kuery","query":"type : Ipphoney"},"visualization":{"layers":[{"categoryDisplay":"hide","emptySizeRatio":0.3,"layerId":"8558b1bb-ff6d-496c-835a-f25e40627376","layerType":"data","legendDisplay":"show","legendMaxLines":1,"legendPosition":"right","legendSize":"auto","metrics":["4ce88ca1-a52a-4ae9-8ddc-333c0c104bb0"],"nestedLegend":false,"numberDisplay":"percent","percentDecimals":2,"primaryGroups":["bdbce8d3-4662-4ffc-8c82-dd7b870ddfda"],"secondaryGroups":[],"showValuesInLegend":true,"truncateLegend":true}],"palette":{"name":"kibana_palette","type":"palette"},"shape":"donut"}},"title":"Ipphoney - Event Types","visualizationType":"lnsPie"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"dcd0a5ef-36cb-4faa-8d94-b48112bdedc3","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-8558b1bb-ff6d-496c-835a-f25e40627376","type":"index-pattern"},{"id":"eb550950-8ebb-11ec-82b5-d375cfa90394","name":"tag-ref-eb550950-8ebb-11ec-82b5-d375cfa90394","type":"tag"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"}],"sort":[1767638649249,8589935834],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzIzNSwxXQ=="}
{"attributes":{"description":"Ipphoney Dashboard","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"type : Ipphoney\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":true,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":0,\"w\":14,\"h\":7,\"i\":\"6fb4436a-47e6-487b-be8d-abd1154d33fb\"},\"panelIndex\":\"6fb4436a-47e6-487b-be8d-abd1154d33fb\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6fb4436a-47e6-487b-be8d-abd1154d33fb\"},{\"type\":\"lens\",\"gridData\":{\"x\":14,\"y\":0,\"w\":10,\"h\":7,\"i\":\"5bed3fa2-f4f4-4ba1-aa99-1622ff36e43a\"},\"panelIndex\":\"5bed3fa2-f4f4-4ba1-aa99-1622ff36e43a\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_5bed3fa2-f4f4-4ba1-aa99-1622ff36e43a\"},{\"type\":\"map\",\"gridData\":{\"x\":24,\"y\":0,\"w\":24,\"h\":17,\"i\":\"5b92e172-bc67-4fa6-bb5f-736d0cc30ab1\"},\"panelIndex\":\"5b92e172-bc67-4fa6-bb5f-736d0cc30ab1\",\"embeddableConfig\":{\"mapCenter\":{\"lat\":16.78895,\"lon\":-0.93306,\"zoom\":0.72},\"mapBuffer\":{\"minLon\":-360,\"minLat\":-85.05113,\"maxLon\":360,\"maxLat\":85.05113},\"isLayerTOCOpen\":false,\"openTOCDetails\":[],\"hiddenLayers\":[],\"enhancements\":{}},\"panelRefName\":\"panel_5b92e172-bc67-4fa6-bb5f-736d0cc30ab1\"},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":7,\"w\":24,\"h\":10,\"i\":\"1b3aab9e-3062-4762-b78c-9b35bf5eeff5\"},\"panelIndex\":\"1b3aab9e-3062-4762-b78c-9b35bf5eeff5\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_1b3aab9e-3062-4762-b78c-9b35bf5eeff5\"},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":17,\"w\":12,\"h\":10,\"i\":\"f57d490b-ee08-4cc8-93e8-d6b2ba7179c3\"},\"panelIndex\":\"f57d490b-ee08-4cc8-93e8-d6b2ba7179c3\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_f57d490b-ee08-4cc8-93e8-d6b2ba7179c3\"},{\"type\":\"lens\",\"gridData\":{\"x\":12,\"y\":17,\"w\":12,\"h\":10,\"i\":\"596d5ec6-02a7-4f2a-926e-c54f950ab595\"},\"panelIndex\":\"596d5ec6-02a7-4f2a-926e-c54f950ab595\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_596d5ec6-02a7-4f2a-926e-c54f950ab595\"},{\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":17,\"w\":24,\"h\":10,\"i\":\"7fc427cb-01bb-4255-b44d-372e792b8f6f\"},\"panelIndex\":\"7fc427cb-01bb-4255-b44d-372e792b8f6f\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7fc427cb-01bb-4255-b44d-372e792b8f6f\"},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":27,\"w\":16,\"h\":10,\"i\":\"cde212cc-247b-4df2-9569-544a01ff28dc\"},\"panelIndex\":\"cde212cc-247b-4df2-9569-544a01ff28dc\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_cde212cc-247b-4df2-9569-544a01ff28dc\"},{\"type\":\"lens\",\"gridData\":{\"x\":16,\"y\":27,\"w\":16,\"h\":10,\"i\":\"596f1c69-cb42-47c8-967c-df75b28bb553\"},\"panelIndex\":\"596f1c69-cb42-47c8-967c-df75b28bb553\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_596f1c69-cb42-47c8-967c-df75b28bb553\"},{\"type\":\"lens\",\"gridData\":{\"x\":32,\"y\":27,\"w\":16,\"h\":10,\"i\":\"26c13dd8-a9a4-449e-9142-4a0a70c66632\"},\"panelIndex\":\"26c13dd8-a9a4-449e-9142-4a0a70c66632\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_26c13dd8-a9a4-449e-9142-4a0a70c66632\"},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":37,\"w\":16,\"h\":17,\"i\":\"0d8de6bd-e7ba-4613-b56d-583c6544b1dc\"},\"panelIndex\":\"0d8de6bd-e7ba-4613-b56d-583c6544b1dc\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0d8de6bd-e7ba-4613-b56d-583c6544b1dc\"},{\"type\":\"lens\",\"gridData\":{\"x\":16,\"y\":37,\"w\":12,\"h\":17,\"i\":\"d0fcd90b-7c25-4045-b3e1-315a4d5b2665\"},\"panelIndex\":\"d0fcd90b-7c25-4045-b3e1-315a4d5b2665\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_d0fcd90b-7c25-4045-b3e1-315a4d5b2665\"},{\"type\":\"lens\",\"gridData\":{\"x\":28,\"y\":37,\"w\":20,\"h\":17,\"i\":\"a6a1296e-e513-4eb6-9780-4226ede94ecc\"},\"panelIndex\":\"a6a1296e-e513-4eb6-9780-4226ede94ecc\
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"*\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"HTTP Request - Top 10 - Dynamic","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"HTTP Request - Top 10 - Dynamic\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"request_uri.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"exclude\":\"\",\"include\":\"\"},\"schema\":\"segment\"}],\"params\":{\"addTooltip\":true,\"isDonut\":true,\"legendPosition\":\"right\",\"shareYAxis\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100,\"percentDecimals\":0},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"nestedLegend\":true,\"truncateLegend\":true,\"maxLegendLines\":1,\"legendDisplay\":\"show\",\"legendSize\":\"auto\"}}"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"b9808500-5eb2-11ec-a5e0-c39c8f7484bc","managed":false,"references":[{"id":"logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"},{"id":"1fab5730-8f49-11ec-98cd-292aebe8beaf","name":"tag-ref-1fab5730-8f49-11ec-98cd-292aebe8beaf","type":"tag"}],"sort":[1767638649249,8589935854],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzIzNywxXQ=="}
{"attributes":{"columns":["_source"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"type:\\\"Medpot\\\"\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"tabs":[{"attributes":{"columns":["_source"],"hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"type:\\\"Medpot\\\"\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"version":1},"id":"f05c95dc-295d-4395-af4e-207b2b9733df","label":"Untitled"}],"title":"Medpot-Logs","version":1},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"baa53b00-b597-11e8-9a34-d951cebce834","managed":false,"references":[{"id":"logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1767638649249,8589935856],"type":"search","typeMigrationVersion":"10.9.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzIzOCwxXQ=="}
{"attributes":{"columns":[],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"type:\\\"Ddospot\\\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"tabs":[{"attributes":{"columns":[],"hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"type:\\\"Ddospot\\\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"version":1},"id":"6c3463af-b9d9-4289-be5c-4fd5f4b01543","label":"Untitled"}],"title":"Ddospot-Logs","version":1},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"bd083250-3738-11ec-a911-7f1b8f93d32e","managed":false,"references":[{"id":"logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1767638649249,8589935858],"type":"search","typeMigrationVersion":"10.9.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzIzOSwxXQ=="}
{"attributes":{"columns":[],"description":"","grid":{},"hideChart":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}},\"require_field_match\":false,\"fragment_size\":2147483647},\"query\":{\"query\":\"type:\\\"Log4pot\\\"\",\"language\":\"lucene\"},\"highlightAll\":true,\"version\":true,\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"tabs":[{"attributes":{"columns":[],"grid":{},"hideChart":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}},\"require_field_match\":false,\"fragment_size\":2147483647},\"query\":{\"query\":\"type:\\\"Log4pot\\\"\",\"language\":\"lucene\"},\"highlightAll\":true,\"version\":true,\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]]},"id":"fdb023ab-6a20-4bee-858c-cd4b4dda3306","label":"Untitled"}],"title":"Log4Pot-Logs"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"bea34970-5eb0-11ec-a5e0-c39c8f7484bc","managed":false,"references":[{"id":"logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1767638649249,8589935860],"type":"search","typeMigrationVersion":"10.9.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzI0MCwxXQ=="}
{"attributes":{"columns":["_source"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"type:\\\"Heralding\\\"\",\"language\":\"lucene\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"tabs":[{"attributes":{"columns":["_source"],"hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"type:\\\"Heralding\\\"\",\"language\":\"lucene\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"version":1},"id":"cf7fb6c7-fcad-4e55-88dc-aba3577b851a","label":"Untitled"}],"title":"Heralding-Logs","version":1},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"c2bea500-47ca-11e8-a905-f74bbc7cbd2d","managed":false,"references":[{"id":"logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1767638649249,8589935862],"type":"search","typeMigrationVersion":"10.9.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzI0MSwxXQ=="}
{"attributes":{"columns":[],"description":"","grid":{},"hideChart":false,"hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"type:\\\"Adbhoney\\\" OR type:\\\"Ciscoasa\\\" OR type:\\\"CitrixHoneypot\\\" OR type:\\\"ConPot\\\" OR type:\\\"Cowrie\\\" OR type:\\\"Ddospot\\\" OR type:\\\"Dicompot\\\" OR type:\\\"Dionaea\\\" OR type:\\\"ElasticPot\\\" OR type:\\\"Endlessh\\\" OR type:\\\"Glutton\\\" OR type:\\\"Hellpot\\\" OR type:\\\"Heralding\\\" OR type:\\\"Honeypots\\\" OR type:\\\"Honeytrap\\\" OR type: \\\"Ipphoney\\\" OR type:\\\"Log4pot\\\" OR type:\\\"Mailoney\\\" OR type:\\\"Medpot\\\" OR type:\\\"Redishoneypot\\\" OR type:\\\"Sentrypeer\\\" OR type:\\\"Tanner\\\" OR type:\\\"Wordpot\\\"\",\"language\":\"kuery\"},\"highlightAll\":true,\"version\":true,\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"tabs":[{"attributes":{"columns":[],"grid":{},"hideChart":false,"hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"type:\\\"Adbhoney\\\" OR type:\\\"Ciscoasa\\\" OR type:\\\"CitrixHoneypot\\\" OR type:\\\"ConPot\\\" OR type:\\\"Cowrie\\\" OR type:\\\"Ddospot\\\" OR type:\\\"Dicompot\\\" OR type:\\\"Dionaea\\\" OR type:\\\"ElasticPot\\\" OR type:\\\"Endlessh\\\" OR type:\\\"Glutton\\\" OR type:\\\"Hellpot\\\" OR type:\\\"Heralding\\\" OR type:\\\"Honeypots\\\" OR type:\\\"Honeytrap\\\" OR type: \\\"Ipphoney\\\" OR type:\\\"Log4pot\\\" OR type:\\\"Mailoney\\\" OR type:\\\"Medpot\\\" OR type:\\\"Redishoneypot\\\" OR type:\\\"Sentrypeer\\\" OR type:\\\"Tanner\\\" OR type:\\\"Wordpot\\\"\",\"language\":\"kuery\"},\"highlightAll\":true,\"version\":true,\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"version":1},"id":"5a58b6bf-89b7-46d3-9f98-323aa61f3432","label":"Untitled"}],"title":"T-Pot-Logs","version":1},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"c3b89bc0-69a7-11e7-bcac-d3ee6f9c26fd","managed":false,"references":[{"id":"logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1767638649249,8589935864],"type":"search","typeMigrationVersion":"10.9.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzI0MiwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"*\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Heatmap Destination Ports - Dynamic","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Heatmap Destination Ports - Dynamic\",\"type\":\"heatmap\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"dest_port\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Port\"},\"schema\":\"group\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"params\":{\"field\":\"@timestamp\",\"timeRange\":{\"from\":\"now-24h/h\",\"to\":\"now\"},\"useNormalizedEsInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"used_interval\":\"30m\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\"Timestamp\"},\"schema\":\"segment\"}],\"params\":{\"addTooltip\":true,\"addLegend\":true,\"enableHover\":false,\"legendPosition\":\"right\",\"times\":[],\"colorsNumber\":8,\"colorSchema\":\"Green to Red\",\"setColorRange\":false,\"colorsRange\":[],\"invertColors\":false,\"percentageMode\":false,\"valueAxes\":[{\"show\":false,\"id\":\"ValueAxis-1\",\"type\":\"value\",\"scale\":{\"type\":\"square root\",\"defaultYExtents\":false},\"labels\":{\"show\":false,\"rotate\":0,\"color\":\"#555\",\"overwriteColor\":false}}],\"type\":\"heatmap\",\"legendSize\":\"auto\"}}"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"c6425470-7326-11ec-a306-df2c9fd022ba","managed":false,"references":[{"id":"logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"},{"id":"1fab5730-8f49-11ec-98cd-292aebe8beaf","name":"tag-ref-1fab5730-8f49-11ec-98cd-292aebe8beaf","type":"tag"}],"sort":[1767638649249,8589935868],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzI0MywxXQ=="}
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"d49cc1e0-d1b0-40a0-8331-df6ab83efbf3":{"columnOrder":["7b84a5b4-4a7d-4fd3-b66f-0eb086e92645","8874b5fc-117b-4995-b14b-483aece73f4d"],"columns":{"7b84a5b4-4a7d-4fd3-b66f-0eb086e92645":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"msg.keyword: Descending","operationType":"terms","params":{"accuracyMode":true,"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"8874b5fc-117b-4995-b14b-483aece73f4d","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"size":5},"scale":"ordinal","sourceField":"msg.keyword"},"8874b5fc-117b-4995-b14b-483aece73f4d":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Count","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"}},"ignoreGlobalFilters":false,"incompleteColumns":{}}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"kuery","query":"type.keyword:\"Dicompot\""},"visualization":{"layers":[{"categoryDisplay":"hide","emptySizeRatio":0.3,"layerId":"d49cc1e0-d1b0-40a0-8331-df6ab83efbf3","layerType":"data","legendDisplay":"show","legendMaxLines":1,"legendPosition":"right","legendSize":"auto","metrics":["8874b5fc-117b-4995-b14b-483aece73f4d"],"nestedLegend":true,"numberDisplay":"percent","percentDecimals":0,"primaryGroups":["7b84a5b4-4a7d-4fd3-b66f-0eb086e92645"],"secondaryGroups":[],"showValuesInLegend":true,"truncateLegend":true}],"palette":{"name":"kibana_palette","type":"palette"},"shape":"donut"}},"title":"Dicompot - Message","visualizationType":"lnsPie"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"c6fb8565-1871-4b7f-a953-802b29eec601","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-d49cc1e0-d1b0-40a0-8331-df6ab83efbf3","type":"index-pattern"},{"id":"a9713540-8ebb-11ec-82b5-d375cfa90394","name":"tag-ref-a9713540-8ebb-11ec-82b5-d375cfa90394","type":"tag"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"}],"sort":[1767638649249,8589935872],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzI0NCwxXQ=="}
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"6c7bfa88-760b-49e8-a492-776e72195c2e":{"columnOrder":["5efa4adb-f504-4988-90f4-9fdfe6a2f89a","a53420c5-ea0b-4d7d-9b90-4891d317078a","feaa9e64-da14-45af-809d-93d44941f571"],"columns":{"5efa4adb-f504-4988-90f4-9fdfe6a2f89a":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"TLS JA3","operationType":"terms","params":{"accuracyMode":true,"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"feaa9e64-da14-45af-809d-93d44941f571","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"size":5},"scale":"ordinal","sourceField":"fatt_http.clientHeaderHash.keyword"},"a53420c5-ea0b-4d7d-9b90-4891d317078a":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"Source IP","operationType":"terms","params":{"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"feaa9e64-da14-45af-809d-93d44941f571","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"size":5},"scale":"ordinal","sourceField":"src_ip.keyword"},"feaa9e64-da14-45af-809d-93d44941f571":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Count","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"}},"ignoreGlobalFilters":false,"incompleteColumns":{}}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"kuery","query":"type : Fatt"},"visualization":{"layers":[{"categoryDisplay":"hide","emptySizeRatio":0.3,"layerId":"6c7bfa88-760b-49e8-a492-776e72195c2e","layerType":"data","legendDisplay":"show","legendMaxLines":1,"legendPosition":"right","legendSize":"auto","metrics":["feaa9e64-da14-45af-809d-93d44941f571"],"nestedLegend":true,"numberDisplay":"percent","percentDecimals":0,"primaryGroups":["5efa4adb-f504-4988-90f4-9fdfe6a2f89a","a53420c5-ea0b-4d7d-9b90-4891d317078a"],"secondaryGroups":[],"showValuesInLegend":true,"truncateLegend":true}],"palette":{"name":"kibana_palette","type":"palette"},"shape":"donut"}},"title":"Fatt - IP / HTTP Client Header Hash - Pie","visualizationType":"lnsPie"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"c7a9a17c-45e0-4ac6-aa2f-d080bf555844","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-6c7bfa88-760b-49e8-a492-776e72195c2e","type":"index-pattern"},{"id":"c2b98750-8ebb-11ec-82b5-d375cfa90394","name":"tag-ref-c2b98750-8ebb-11ec-82b5-d375cfa90394","type":"tag"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"}],"sort":[1767638649249,8589935876],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzI0NSwxXQ=="}
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"eae165e9-a074-46c2-85de-2ce0ada346a1":{"columnOrder":["8238de11-3e0d-4bd8-a90c-2512a436d5be","05d2058a-b682-4fca-8570-3ada3ef86b61"],"columns":{"05d2058a-b682-4fca-8570-3ada3ef86b61":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Count","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"},"8238de11-3e0d-4bd8-a90c-2512a436d5be":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"Filenames & Paths","operationType":"terms","params":{"accuracyMode":true,"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"05d2058a-b682-4fca-8570-3ada3ef86b61","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"size":5},"scale":"ordinal","sourceField":"fileinfo.filename.keyword"}},"ignoreGlobalFilters":false,"incompleteColumns":{}}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"kuery","query":"type.keyword:\"CitrixHoneypot\""},"visualization":{"columns":[{"alignment":"left","columnId":"05d2058a-b682-4fca-8570-3ada3ef86b61"},{"alignment":"left","columnId":"8238de11-3e0d-4bd8-a90c-2512a436d5be"}],"headerRowHeight":"single","layerId":"eae165e9-a074-46c2-85de-2ce0ada346a1","layerType":"data","paging":{"enabled":true,"size":10},"rowHeight":"single"}},"title":"CitrixHoneypot Filenames - Top 10","visualizationType":"lnsDatatable"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"ecab8231-29bd-4aa1-ac87-f2ccc8753428","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-eae165e9-a074-46c2-85de-2ce0ada346a1","type":"index-pattern"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"},{"id":"9299bc20-8ebb-11ec-82b5-d375cfa90394","name":"tag-ref-9299bc20-8ebb-11ec-82b5-d375cfa90394","type":"tag"}],"sort":[1767638649249,8589935880],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzI0NiwxXQ=="}
{"attributes":{"description":"CitrixHoneypot Dashboard","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"type : CitrixHoneypot\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":true,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":7,\"w\":24,\"h\":10,\"i\":\"68\"},\"panelIndex\":\"68\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_68\"},{\"type\":\"lens\",\"gridData\":{\"x\":11,\"y\":17,\"w\":11,\"h\":10,\"i\":\"72\"},\"panelIndex\":\"72\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_72\"},{\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":27,\"w\":24,\"h\":18,\"i\":\"77\"},\"panelIndex\":\"77\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_77\"},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":0,\"w\":14,\"h\":7,\"i\":\"0a65262f-099c-422c-ab55-6fb2a27be226\"},\"panelIndex\":\"0a65262f-099c-422c-ab55-6fb2a27be226\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0a65262f-099c-422c-ab55-6fb2a27be226\"},{\"type\":\"lens\",\"gridData\":{\"x\":14,\"y\":0,\"w\":10,\"h\":7,\"i\":\"2538c686-1576-4368-8276-790d06183765\"},\"panelIndex\":\"2538c686-1576-4368-8276-790d06183765\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true},\"panelRefName\":\"panel_2538c686-1576-4368-8276-790d06183765\"},{\"type\":\"map\",\"gridData\":{\"x\":24,\"y\":0,\"w\":24,\"h\":17,\"i\":\"bd870120-c63a-4e66-b979-70ce0b0ed412\"},\"panelIndex\":\"bd870120-c63a-4e66-b979-70ce0b0ed412\",\"embeddableConfig\":{\"mapCenter\":{\"lat\":18.27462,\"lon\":-0.486,\"zoom\":1.1},\"mapBuffer\":{\"minLon\":-180,\"minLat\":-66.51326,\"maxLon\":180,\"maxLat\":85.05113},\"isLayerTOCOpen\":false,\"openTOCDetails\":[],\"hiddenLayers\":[],\"enhancements\":{}},\"panelRefName\":\"panel_bd870120-c63a-4e66-b979-70ce0b0ed412\"},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":17,\"w\":11,\"h\":10,\"i\":\"0b9756c5-5eae-426f-9598-0169e99fcd54\"},\"panelIndex\":\"0b9756c5-5eae-426f-9598-0169e99fcd54\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0b9756c5-5eae-426f-9598-0169e99fcd54\"},{\"type\":\"lens\",\"gridData\":{\"x\":22,\"y\":17,\"w\":11,\"h\":10,\"i\":\"3787c23b-6fae-4b7d-bb9c-52d5b47340b2\"},\"panelIndex\":\"3787c23b-6fae-4b7d-bb9c-52d5b47340b2\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3787c23b-6fae-4b7d-bb9c-52d5b47340b2\"},{\"type\":\"lens\",\"gridData\":{\"x\":33,\"y\":17,\"w\":15,\"h\":10,\"i\":\"f24048fc-edde-4009-8455-3527aa73d0d5\"},\"panelIndex\":\"f24048fc-edde-4009-8455-3527aa73d0d5\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_f24048fc-edde-4009-8455-3527aa73d0d5\"},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":27,\"w\":16,\"h\":18,\"i\":\"34082fa4-e477-4b31-b4e9-7bcb5286c390\"},\"panelIndex\":\"34082fa4-e477-4b31-b4e9-7bcb5286c390\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_34082fa4-e477-4b31-b4e9-7bcb5286c390\"},{\"type\":\"lens\",\"gridData\":{\"x\":16,\"y\":27,\"w\":8,\"h\":18,\"i\":\"db07f2ba-7851-488b-b897-2c66e3dd0515\"},\"panelIndex\":\"db07f2ba-7851-488b-b897-2c66e3dd0515\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_db07f2ba-7851-488b-b897-2c66e3dd0515\"}]","refreshInterval":{"pause":false,"value":60000},"timeFrom":"now-24h/h","timeRestore":true,"timeTo":"now","title":"CitrixHoneypot","version":1},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"c88eeb00-3875-11ea-8891-53245875dffb","managed":false,"references":[{"id":"019074f3-7b20-4ef4-a2d2-ec3979c09aae","name":"68:panel_68","type":"lens"},{"id":"ae5a2788-96e9-461d-ad6b-c95a6268ecfd","name":"72:panel_72","type":"lens"},{"id":"ecab8231-29bd-4aa1-ac87-f2ccc8753428","name":"77:panel_77","type":"lens"},{"id":"c6fae7be-5ac1-428d-958a-eb1964375d3b","name":"0a65262f-099c-422c-ab55-6fb2a27be226:panel_0a65262f-099c-422c-ab55-6fb2a27be226","type":"lens"},{"id":"95a453e7-090e-477b-af3e-2bd66c2928a4","name":"2538c686-1576-
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"type.keyword:\\\"Hellpot\\\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Hellpot Duration and Bytes - Top 10","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Hellpot Duration and Bytes - Top 10\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Count\",\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"duration\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Duration\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"bytes.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Bytes Transferred\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"src_ip.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"count\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\",\"showToolbar\":false,\"autoFitRowToContent\":false}}"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"cfc5b630-3bf5-11ec-976b-63273d5357a4","managed":false,"references":[{"id":"logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"},{"id":"ca6de130-8ebb-11ec-82b5-d375cfa90394","name":"tag-ref-ca6de130-8ebb-11ec-82b5-d375cfa90394","type":"tag"}],"sort":[1767638649249,8589935898],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzI0OCwxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"type:\\\"Fatt\\\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Fatt Attacks","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Fatt Attacks\",\"type\":\"metric\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Attacks\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"src_ip.keyword\",\"customLabel\":\"Unique Src IPs\"},\"schema\":\"metric\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"fatt_http.clientHeaderOrder.keyword\",\"customLabel\":\"Unique HTTPs\"},\"schema\":\"metric\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"fatt_rdp.rdfp.keyword\",\"customLabel\":\"Unique RDFPs\"},\"schema\":\"metric\"},{\"id\":\"6\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"fatt_ssh.hassh.keyword\",\"customLabel\":\"Unique SSH HASSHs\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"fatt_tls.ja3s.keyword\",\"customLabel\":\"Unique JA3s\"},\"schema\":\"metric\"}],\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Yellow to Red\",\"metricColorMode\":\"Labels\",\"colorsRange\":[{\"from\":1,\"to\":10},{\"from\":11,\"to\":100},{\"from\":101,\"to\":1000},{\"from\":1001,\"to\":10000},{\"from\":10001,\"to\":100000},{\"from\":100001,\"to\":1000000},{\"from\":1000001,\"to\":10000000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":22}}}}"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"e8530df0-869f-11e9-bb05-e35ae47552fd","managed":false,"references":[{"id":"logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"},{"id":"c2b98750-8ebb-11ec-82b5-d375cfa90394","name":"tag-ref-c2b98750-8ebb-11ec-82b5-d375cfa90394","type":"tag"}],"sort":[1767638649249,8589935902],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzI0OSwxXQ=="}
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"d39d19e1-8b6a-4774-afdc-d1708ad90415":{"columnOrder":["4b884c63-d68c-44ef-9fbf-9259092f1dc0","5137ac2c-92fc-4b86-b89a-795118b994a3","5491ce26-22a5-40f3-a326-1d69278a646d"],"columns":{"4b884c63-d68c-44ef-9fbf-9259092f1dc0":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"TLS JA3","operationType":"terms","params":{"accuracyMode":true,"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"5491ce26-22a5-40f3-a326-1d69278a646d","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"size":5},"scale":"ordinal","sourceField":"fatt_tls.ja3s.keyword"},"5137ac2c-92fc-4b86-b89a-795118b994a3":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"Source IP","operationType":"terms","params":{"accuracyMode":true,"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"5491ce26-22a5-40f3-a326-1d69278a646d","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"size":5},"scale":"ordinal","sourceField":"src_ip.keyword"},"5491ce26-22a5-40f3-a326-1d69278a646d":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Count","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"}},"ignoreGlobalFilters":false,"incompleteColumns":{}}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"kuery","query":"type : Fatt"},"visualization":{"layers":[{"categoryDisplay":"hide","emptySizeRatio":0.3,"layerId":"d39d19e1-8b6a-4774-afdc-d1708ad90415","layerType":"data","legendDisplay":"show","legendMaxLines":1,"legendPosition":"right","legendSize":"auto","metrics":["5491ce26-22a5-40f3-a326-1d69278a646d"],"nestedLegend":true,"numberDisplay":"percent","percentDecimals":0,"primaryGroups":["4b884c63-d68c-44ef-9fbf-9259092f1dc0","5137ac2c-92fc-4b86-b89a-795118b994a3"],"secondaryGroups":[],"showValuesInLegend":true,"truncateLegend":true}],"palette":{"name":"kibana_palette","type":"palette"},"shape":"donut"}},"title":"Fatt - IP / TLS-JA3 - Pie","visualizationType":"lnsPie"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"d17807a7-37e9-46b3-a72e-b35e43c5ad1b","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-d39d19e1-8b6a-4774-afdc-d1708ad90415","type":"index-pattern"},{"id":"c2b98750-8ebb-11ec-82b5-d375cfa90394","name":"tag-ref-c2b98750-8ebb-11ec-82b5-d375cfa90394","type":"tag"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"}],"sort":[1767638649249,8589935906],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzI1MCwxXQ=="}
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"ccdf569d-36cc-4658-a939-1d131d14879a":{"columnOrder":["612e8644-6a72-4234-9cac-6e93fd3bf0dd","db6feb25-30d3-4b1d-94e8-79c1145d2c0e"],"columns":{"612e8644-6a72-4234-9cac-6e93fd3bf0dd":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"fatt_http.requestMethod.keyword: Descending","operationType":"terms","params":{"accuracyMode":true,"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"db6feb25-30d3-4b1d-94e8-79c1145d2c0e","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"size":10},"scale":"ordinal","sourceField":"fatt_http.requestMethod.keyword"},"db6feb25-30d3-4b1d-94e8-79c1145d2c0e":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Count","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"}},"ignoreGlobalFilters":false,"incompleteColumns":{}}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"kuery","query":"type : Fatt"},"visualization":{"layers":[{"categoryDisplay":"hide","emptySizeRatio":0.3,"layerId":"ccdf569d-36cc-4658-a939-1d131d14879a","layerType":"data","legendDisplay":"show","legendMaxLines":1,"legendPosition":"right","legendSize":"auto","metrics":["db6feb25-30d3-4b1d-94e8-79c1145d2c0e"],"nestedLegend":true,"numberDisplay":"percent","percentDecimals":0,"primaryGroups":["612e8644-6a72-4234-9cac-6e93fd3bf0dd"],"secondaryGroups":[],"showValuesInLegend":true,"truncateLegend":true}],"palette":{"name":"kibana_palette","type":"palette"},"shape":"donut"}},"title":"Fatt HTTP Request Method - Top 10","visualizationType":"lnsPie"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"d4baffc5-13d9-4ed3-beb3-7448dab8079d","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-ccdf569d-36cc-4658-a939-1d131d14879a","type":"index-pattern"},{"id":"c2b98750-8ebb-11ec-82b5-d375cfa90394","name":"tag-ref-c2b98750-8ebb-11ec-82b5-d375cfa90394","type":"tag"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"}],"sort":[1767638649249,8589935910],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzI1MSwxXQ=="}
{"attributes":{"description":"Fatt Dashboard","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"type : Fatt\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":true,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"type\":\"visualization\",\"gridData\":{\"x\":14,\"y\":0,\"w\":17,\"h\":8,\"i\":\"2\"},\"panelIndex\":\"2\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2\"},{\"type\":\"lens\",\"gridData\":{\"x\":32,\"y\":51,\"w\":16,\"h\":13,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_9\"},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":38,\"w\":16,\"h\":13,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_10\"},{\"type\":\"lens\",\"gridData\":{\"x\":32,\"y\":38,\"w\":16,\"h\":13,\"i\":\"12\"},\"panelIndex\":\"12\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_12\"},{\"type\":\"lens\",\"gridData\":{\"x\":16,\"y\":38,\"w\":16,\"h\":13,\"i\":\"13\"},\"panelIndex\":\"13\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_13\"},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":51,\"w\":16,\"h\":13,\"i\":\"14\"},\"panelIndex\":\"14\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_14\"},{\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":64,\"w\":24,\"h\":18,\"i\":\"17\"},\"panelIndex\":\"17\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_17\"},{\"type\":\"lens\",\"gridData\":{\"x\":36,\"y\":28,\"w\":12,\"h\":10,\"i\":\"19\"},\"panelIndex\":\"19\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_19\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":64,\"w\":24,\"h\":18,\"i\":\"20\"},\"panelIndex\":\"20\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_20\"},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":0,\"w\":14,\"h\":8,\"i\":\"2a8cc399-699b-4311-84ab-f2aa6a839dbe\"},\"panelIndex\":\"2a8cc399-699b-4311-84ab-f2aa6a839dbe\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2a8cc399-699b-4311-84ab-f2aa6a839dbe\"},{\"type\":\"map\",\"gridData\":{\"x\":31,\"y\":0,\"w\":17,\"h\":18,\"i\":\"a5575d61-0da7-4840-9b92-21040ad27548\"},\"panelIndex\":\"a5575d61-0da7-4840-9b92-21040ad27548\",\"embeddableConfig\":{\"mapCenter\":{\"lat\":27.08268,\"lon\":13.8898,\"zoom\":0.44},\"mapBuffer\":{\"minLon\":-180,\"minLat\":-85.05113,\"maxLon\":360,\"maxLat\":85.05113},\"isLayerTOCOpen\":false,\"openTOCDetails\":[],\"hiddenLayers\":[],\"enhancements\":{}},\"panelRefName\":\"panel_a5575d61-0da7-4840-9b92-21040ad27548\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":8,\"w\":31,\"h\":10,\"i\":\"59ccd7f3-1183-4136-8ecd-cdd8b70ad4f7\"},\"panelIndex\":\"59ccd7f3-1183-4136-8ecd-cdd8b70ad4f7\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_59ccd7f3-1183-4136-8ecd-cdd8b70ad4f7\"},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":18,\"w\":24,\"h\":10,\"i\":\"09fa7a3a-0229-46e1-93f8-a51e0f728f14\"},\"panelIndex\":\"09fa7a3a-0229-46e1-93f8-a51e0f728f14\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_09fa7a3a-0229-46e1-93f8-a51e0f728f14\"},{\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":18,\"w\":24,\"h\":10,\"i\":\"2204ad54-96b5-425e-949f-5be2d775969f\"},\"panelIndex\":\"2204ad54-96b5-425e-949f-5be2d775969f\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2204ad54-96b5-425e-949f-5be2d775969f\"},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":28,\"w\":12,\"h\":10,\"i\":\"0c52196c-6bff-42c2-ac63-ddd05b2c8326\"},\"panelIndex\":\"0c52196c-6bff-42c2-ac63-ddd05b2c8326\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0c52196c-6bff-42c2-ac63-ddd05b2c8326\"},{\"type\":\"lens\",\"gridData\":{\"x\":12,\"y\":28,\"w\":12,\"h\":10,\"i\":\"0cc3c4ef-a4c5-4c8d-bbb3-2f66c44e7b35\"},\"panelIndex\":\"0cc3c4ef-a4c5-4c8d-bbb3-2f66c44e7b35\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0cc3c4ef-a4c5-4c8d-b
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"e1cdfa91-5046-4a8e-bf37-77502e43e378":{"columnOrder":["68006f46-0f27-425c-a1ff-12f19ab63461","e068567e-1346-455f-ac5d-ef938df09f5a","c3d8c707-367e-4483-b658-c98cc8fb407a"],"columns":{"68006f46-0f27-425c-a1ff-12f19ab63461":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"geoip.country_name.keyword: Descending","operationType":"terms","params":{"accuracyMode":true,"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"c3d8c707-367e-4483-b658-c98cc8fb407a","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"size":5},"scale":"ordinal","sourceField":"geoip.country_name.keyword"},"c3d8c707-367e-4483-b658-c98cc8fb407a":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Attacks","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"},"e068567e-1346-455f-ac5d-ef938df09f5a":{"customLabel":true,"dataType":"date","isBucketed":true,"label":"Timestamp","operationType":"date_histogram","params":{"dropPartials":false,"includeEmptyRows":false,"interval":"auto"},"scale":"interval","sourceField":"@timestamp"}},"ignoreGlobalFilters":false,"incompleteColumns":{}}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"kuery","query":"type : Adbhoney Beelzebub Ciscoasa CitrixHoneypot ConPot Cowrie Ddospot Dicompot Dionaea ElasticPot Endlessh Galah Go-pot Glutton H0neytr4p Hellpot Heralding Honeyaml Honeytrap Honeypots Log4pot Ipphoney Mailoney Medpot Miniprint Redishoneypot Sentrypeer Tanner Wordpot"},"visualization":{"axisTitlesVisibilitySettings":{"x":false,"yLeft":false,"yRight":true},"curveType":"LINEAR","fittingFunction":"Zero","gridlinesVisibilitySettings":{"x":false,"yLeft":false,"yRight":true},"labelsOrientation":{"x":0,"yLeft":0,"yRight":-90},"layers":[{"accessors":["c3d8c707-367e-4483-b658-c98cc8fb407a"],"isHistogram":true,"layerId":"e1cdfa91-5046-4a8e-bf37-77502e43e378","layerType":"data","palette":{"name":"kibana_palette","type":"palette"},"seriesType":"area","simpleView":false,"splitAccessor":"68006f46-0f27-425c-a1ff-12f19ab63461","xAccessor":"e068567e-1346-455f-ac5d-ef938df09f5a","xScaleType":"time","yConfig":[{"axisMode":"left","forAccessor":"c3d8c707-367e-4483-b658-c98cc8fb407a"}]}],"legend":{"isVisible":true,"legendSize":"auto","maxLines":1,"position":"right","shouldTruncate":true,"showSingleSeries":true},"preferredSeriesType":"bar_stacked","showCurrentTimeMarker":false,"tickLabelsVisibilitySettings":{"x":true,"yLeft":true,"yRight":true},"valueLabels":"hide","valuesInLegend":false,"xTitle":"Timestamp","yLeftExtent":{"enforce":true,"mode":"full"},"yLeftScale":"sqrt","yRightScale":"linear","yTitle":"Attacks"}},"title":"Attacks by Country Histogram","visualizationType":"lnsXY"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"d1d1a3b0-2f19-40b1-99f5-efac53270780","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-e1cdfa91-5046-4a8e-bf37-77502e43e378","type":"index-pattern"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"}],"sort":[1767638649249,8589935936],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzI1MywxXQ=="}
{"attributes":{"columns":[],"description":"","grid":{},"hideChart":false,"isTextBasedQuery":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}},\"require_field_match\":false,\"fragment_size\":2147483647},\"query\":{\"query\":\"type:\\\"Galah\\\"\",\"language\":\"lucene\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"tabs":[{"attributes":{"columns":[],"grid":{},"hideChart":false,"isTextBasedQuery":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}},\"require_field_match\":false,\"fragment_size\":2147483647},\"query\":{\"query\":\"type:\\\"Galah\\\"\",\"language\":\"lucene\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"timeRestore":false},"id":"770c302c-d425-49ee-b0a3-f591c0e6107e","label":"Untitled"}],"timeRestore":false,"title":"Galah-Logs"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"d20830f8-0f74-4d5b-9e35-6930ebe89550","managed":false,"references":[{"id":"logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"bdc42668-bfaa-40ea-82de-02b382f9c0ae","name":"tag-ref-bdc42668-bfaa-40ea-82de-02b382f9c0ae","type":"tag"}],"sort":[1767638649249,8589935939],"type":"search","typeMigrationVersion":"10.9.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzI1NCwxXQ=="}
{"attributes":{"description":"Hellpot Dashboard","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"type : Hellpot\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":true,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":0,\"w\":14,\"h\":7,\"i\":\"02518a7c-a527-4ac5-8db4-9ebff539f839\"},\"panelIndex\":\"02518a7c-a527-4ac5-8db4-9ebff539f839\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_02518a7c-a527-4ac5-8db4-9ebff539f839\"},{\"type\":\"lens\",\"gridData\":{\"x\":14,\"y\":0,\"w\":10,\"h\":7,\"i\":\"c050d6cb-5f55-47db-8966-6e8b188c5101\"},\"panelIndex\":\"c050d6cb-5f55-47db-8966-6e8b188c5101\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true},\"panelRefName\":\"panel_c050d6cb-5f55-47db-8966-6e8b188c5101\"},{\"type\":\"map\",\"gridData\":{\"x\":24,\"y\":0,\"w\":24,\"h\":17,\"i\":\"90dd15e9-cae8-4828-bdf1-7905b03ad668\"},\"panelIndex\":\"90dd15e9-cae8-4828-bdf1-7905b03ad668\",\"embeddableConfig\":{\"mapCenter\":{\"lat\":38.36049,\"lon\":13.90008,\"zoom\":0.62},\"mapBuffer\":{\"minLon\":-360,\"minLat\":-85.05113,\"maxLon\":360,\"maxLat\":85.05113},\"isLayerTOCOpen\":false,\"openTOCDetails\":[],\"hiddenLayers\":[],\"enhancements\":{}},\"panelRefName\":\"panel_90dd15e9-cae8-4828-bdf1-7905b03ad668\"},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":7,\"w\":24,\"h\":10,\"i\":\"9e3095b0-a5b6-4462-8fce-b21f90ff214d\"},\"panelIndex\":\"9e3095b0-a5b6-4462-8fce-b21f90ff214d\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_9e3095b0-a5b6-4462-8fce-b21f90ff214d\"},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":17,\"w\":12,\"h\":10,\"i\":\"c0b72faf-e903-4126-9302-a22ff7125864\"},\"panelIndex\":\"c0b72faf-e903-4126-9302-a22ff7125864\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_c0b72faf-e903-4126-9302-a22ff7125864\"},{\"type\":\"lens\",\"gridData\":{\"x\":12,\"y\":17,\"w\":12,\"h\":10,\"i\":\"2c1b0e45-0ba2-4d7d-b0d1-bc624c7d3892\"},\"panelIndex\":\"2c1b0e45-0ba2-4d7d-b0d1-bc624c7d3892\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2c1b0e45-0ba2-4d7d-b0d1-bc624c7d3892\"},{\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":17,\"w\":24,\"h\":10,\"i\":\"6e7e0884-3148-4ee0-b3e5-4935082427ff\"},\"panelIndex\":\"6e7e0884-3148-4ee0-b3e5-4935082427ff\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_6e7e0884-3148-4ee0-b3e5-4935082427ff\"},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":27,\"w\":12,\"h\":18,\"i\":\"013eb0c3-ccfd-4c2e-91c6-6a17a8483f68\"},\"panelIndex\":\"013eb0c3-ccfd-4c2e-91c6-6a17a8483f68\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_013eb0c3-ccfd-4c2e-91c6-6a17a8483f68\"},{\"type\":\"lens\",\"gridData\":{\"x\":12,\"y\":27,\"w\":12,\"h\":18,\"i\":\"459eb194-9951-47bb-9f5a-2903e97dd8bc\"},\"panelIndex\":\"459eb194-9951-47bb-9f5a-2903e97dd8bc\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_459eb194-9951-47bb-9f5a-2903e97dd8bc\"},{\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":27,\"w\":12,\"h\":18,\"i\":\"d308c60f-2ccb-4820-a0fd-f630ea8bb446\"},\"panelIndex\":\"d308c60f-2ccb-4820-a0fd-f630ea8bb446\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_d308c60f-2ccb-4820-a0fd-f630ea8bb446\"},{\"type\":\"lens\",\"gridData\":{\"x\":36,\"y\":27,\"w\":12,\"h\":18,\"i\":\"2c4716fc-0875-461b-8256-d2c960454d97\"},\"panelIndex\":\"2c4716fc-0875-461b-8256-d2c960454d97\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2c4716fc-0875-461b-8256-d2c960454d97\"}]","refreshInterval":{"pause":false,"value":60000},"timeFrom":"now-24h","timeRestore":true,"timeTo":"now","title":"Hellpot","version":1},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"d5af0980-3bf4-11ec-976b-63273d5357a4","managed":false,"references":[{"id":"c6fae7be-5ac1-428d-958a-eb1964375d3b","name":"02518a7c-a527-4ac5-8db4-9ebff539f839:panel_02518a7c-a527-4ac5-8db4-9ebff539f839","type":"lens"},{"id":"95a453e7-090e-47
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"897405c9-f4c4-4b04-a528-1d8bcc993bc8":{"columnOrder":["31af8f3d-9021-44d4-9a32-ebc950aa5556","291471fc-640c-4394-9efe-18378cccabbf","522f559b-57d1-47d7-a2fb-80f5f2bea815"],"columns":{"291471fc-640c-4394-9efe-18378cccabbf":{"customLabel":true,"dataType":"date","isBucketed":true,"label":"Timestamp","operationType":"date_histogram","params":{"dropPartials":false,"includeEmptyRows":false,"interval":"auto"},"scale":"interval","sourceField":"@timestamp"},"31af8f3d-9021-44d4-9a32-ebc950aa5556":{"dataType":"number","isBucketed":true,"label":"Top 5 values of DestPort","operationType":"terms","params":{"accuracyMode":true,"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"522f559b-57d1-47d7-a2fb-80f5f2bea815","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"size":5},"scale":"ordinal","sourceField":"dest_port"},"522f559b-57d1-47d7-a2fb-80f5f2bea815":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Attacks","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"}},"ignoreGlobalFilters":false,"incompleteColumns":{}}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"kuery","query":"type : Adbhoney Beelzebub Ciscoasa CitrixHoneypot ConPot Cowrie Ddospot Dicompot Dionaea ElasticPot Endlessh Galah Go-pot Glutton H0neytr4p Hellpot Heralding Honeyaml Honeytrap Honeypots Log4pot Ipphoney Mailoney Medpot Miniprint Redishoneypot Sentrypeer Tanner Wordpot"},"visualization":{"axisTitlesVisibilitySettings":{"x":false,"yLeft":false,"yRight":true},"curveType":"CURVE_STEP_AFTER","emphasizeFitting":false,"endValue":"None","fillOpacity":0.3,"fittingFunction":"Zero","gridlinesVisibilitySettings":{"x":false,"yLeft":false,"yRight":true},"labelsOrientation":{"x":0,"yLeft":0,"yRight":-90},"layers":[{"accessors":["522f559b-57d1-47d7-a2fb-80f5f2bea815"],"isHistogram":true,"layerId":"897405c9-f4c4-4b04-a528-1d8bcc993bc8","layerType":"data","palette":{"name":"kibana_palette","type":"palette"},"seriesType":"area","simpleView":false,"splitAccessor":"31af8f3d-9021-44d4-9a32-ebc950aa5556","xAccessor":"291471fc-640c-4394-9efe-18378cccabbf","xScaleType":"time","yConfig":[{"axisMode":"left","forAccessor":"522f559b-57d1-47d7-a2fb-80f5f2bea815"}]}],"legend":{"isVisible":true,"legendSize":"auto","maxLines":1,"position":"right","shouldTruncate":true,"showSingleSeries":true},"preferredSeriesType":"bar_stacked","showCurrentTimeMarker":false,"tickLabelsVisibilitySettings":{"x":true,"yLeft":true,"yRight":true},"valueLabels":"hide","valuesInLegend":false,"xTitle":"Timestamp","yLeftExtent":{"enforce":true,"mode":"full"},"yLeftScale":"sqrt","yRightScale":"linear","yTitle":"Attacks"}},"title":"Attacks by Destination Port Histogram","visualizationType":"lnsXY"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"d772f5de-7b59-4046-9863-69b11133642c","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-897405c9-f4c4-4b04-a528-1d8bcc993bc8","type":"index-pattern"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"}],"sort":[1767638649249,8589935956],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzI1NiwxXQ=="}
{"attributes":{"columns":["_source"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"type:\\\"Tanner\\\"\",\"language\":\"lucene\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"tabs":[{"attributes":{"columns":["_source"],"hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"type:\\\"Tanner\\\"\",\"language\":\"lucene\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"version":1},"id":"7a86e182-d03d-4e68-bbae-1f70fa04e2a5","label":"Untitled"}],"title":"Tanner-Logs","version":1},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"d800f130-633f-11e8-be86-73985bedf977","managed":false,"references":[{"id":"logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1767638649249,8589935958],"type":"search","typeMigrationVersion":"10.9.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzI1NywxXQ=="}
{"attributes":{"columns":[],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"type:\\\"Redishoneypot\\\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"tabs":[{"attributes":{"columns":[],"hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"type:\\\"Redishoneypot\\\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"version":1},"id":"efb7e60e-acfe-4ff3-bcff-a71df1310f96","label":"Untitled"}],"title":"Redishoneypot-Logs","version":1},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"d92932c0-3c0d-11ec-b37b-416a7cc98388","managed":false,"references":[{"id":"logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1767638649249,8589935960],"type":"search","typeMigrationVersion":"10.9.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzI1OCwxXQ=="}
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"260847bc-71f6-47cf-adac-f9416bdf159a":{"columnOrder":["b86ce1d7-2d40-4b19-b753-8ec69b0d042e","b8a7f4d6-b1ae-46de-9625-be5428e94877"],"columns":{"b86ce1d7-2d40-4b19-b753-8ec69b0d042e":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"Honeypot Attacks - Top 10","operationType":"terms","params":{"accuracyMode":false,"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"b8a7f4d6-b1ae-46de-9625-be5428e94877","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"size":10},"scale":"ordinal","sourceField":"type.keyword"},"b8a7f4d6-b1ae-46de-9625-be5428e94877":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Attacks","operationType":"count","params":{"emptyAsNull":true,"format":{"id":"number","params":{"compact":false,"decimals":0}}},"scale":"ratio","sourceField":"___records___"}},"ignoreGlobalFilters":false,"incompleteColumns":{},"sampling":1},"ffdc50a5-09c6-43a0-868b-15452eb9c20e":{"columnOrder":["d5d6ad04-f615-45af-96e8-dc5197461951","40f6bba7-8f0b-47c2-85e6-754d3cffa9be","8042063d-7f38-4075-a2b5-c142ec211098"],"columns":{"40f6bba7-8f0b-47c2-85e6-754d3cffa9be":{"dataType":"date","isBucketed":true,"label":"@timestamp","operationType":"date_histogram","params":{"dropPartials":false,"includeEmptyRows":true,"interval":"auto"},"scale":"interval","sourceField":"@timestamp"},"8042063d-7f38-4075-a2b5-c142ec211098":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Attacks","operationType":"count","params":{"emptyAsNull":true,"format":{"id":"number","params":{"compact":false,"decimals":0}}},"scale":"ratio","sourceField":"___records___"},"d5d6ad04-f615-45af-96e8-dc5197461951":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"Honeypot Attacks - Top 10","operationType":"terms","params":{"accuracyMode":false,"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"8042063d-7f38-4075-a2b5-c142ec211098","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"size":10},"scale":"ordinal","sourceField":"type.keyword"}},"ignoreGlobalFilters":false,"incompleteColumns":{},"linkToLayers":["260847bc-71f6-47cf-adac-f9416bdf159a"],"sampling":1}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"kuery","query":"type : Adbhoney Ciscoasa CitrixHoneypot ConPot Cowrie Ddospot Dicompot Dionaea ElasticPot Endlessh Glutton Hellpot Heralding Honeytrap Honeypots Log4pot Ipphoney Mailoney Medpot Redishoneypot Sentrypeer Tanner Wordpot"},"visualization":{"breakdownByAccessor":"b86ce1d7-2d40-4b19-b753-8ec69b0d042e","collapseFn":"","icon":"empty","layerId":"260847bc-71f6-47cf-adac-f9416bdf159a","layerType":"data","maxCols":10,"metricAccessor":"b8a7f4d6-b1ae-46de-9625-be5428e94877","palette":{"name":"custom","params":{"colorStops":[{"color":"#8BB354","stop":0},{"color":"#DACB45","stop":5},{"color":"#E7664C","stop":30},{"color":"#C03F25","stop":55},{"color":"#982511","stop":80}],"continuity":"above","maxSteps":5,"name":"custom","progression":"fixed","rangeMax":null,"rangeMin":0,"rangeType":"percent","reverse":false,"steps":3,"stops":[{"color":"#8BB354","stop":5},{"color":"#DACB45","stop":30},{"color":"#E7664C","stop":55},{"color":"#C03F25","stop":80},{"color":"#982511","stop":100}]},"type":"palette"},"showBar":false,"trendlineBreakdownByAccessor":"d5d6ad04-f615-45af-96e8-dc5197461951","trendlineLayerId":"ffdc50a5-09c6-43a0-868b-15452eb9c20e","trendlineLayerType":"metricTrendline","trendlineMetricAccessor":"8042063d-7f38-4075-a2b5-c142ec211098","trendlineTimeAccessor":"40f6bba7-8f0b-47c2-85e6-754d3cffa9be"}},"title":"Honeypot Attacks - Top 10","visualizationType":"lnsMetric"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"dcad52ba-3b9c-42f2-997b-ca0ec5494a4a","managed":false,"references":[{"id":"logstash-*","
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"6333767c-a25b-4912-a8c6-1f1f8ffdd944":{"columnOrder":["b0a2dd03-a531-4cfd-a834-a4af4f303243","cc0737ce-5b69-47bd-ba11-7cb1fe00dcdf"],"columns":{"b0a2dd03-a531-4cfd-a834-a4af4f303243":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"Data","operationType":"terms","params":{"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"cc0737ce-5b69-47bd-ba11-7cb1fe00dcdf","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"size":20},"scale":"ordinal","sourceField":"data.keyword"},"cc0737ce-5b69-47bd-ba11-7cb1fe00dcdf":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Count","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"}},"ignoreGlobalFilters":false,"incompleteColumns":{}}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"kuery","query":"type.keyword:\"Mailoney\""},"visualization":{"columns":[{"alignment":"left","columnId":"cc0737ce-5b69-47bd-ba11-7cb1fe00dcdf"},{"alignment":"left","columnId":"b0a2dd03-a531-4cfd-a834-a4af4f303243"}],"headerRowHeight":"single","layerId":"6333767c-a25b-4912-a8c6-1f1f8ffdd944","layerType":"data","paging":{"enabled":true,"size":10},"rowHeight":"single"}},"title":"Mailoney Data - Top 20","visualizationType":"lnsDatatable"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"e41141d7-2026-4578-8d0e-92c38539a2e3","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-6333767c-a25b-4912-a8c6-1f1f8ffdd944","type":"index-pattern"},{"id":"f70cc300-8ebb-11ec-82b5-d375cfa90394","name":"tag-ref-f70cc300-8ebb-11ec-82b5-d375cfa90394","type":"tag"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"}],"sort":[1767638649249,8589935968],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzI2MCwxXQ=="}
{"attributes":{"description":"Mailoney Dashboard","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"type : Mailoney\",\"language\":\"lucene\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":true,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":27,\"w\":24,\"h\":18,\"i\":\"17\"},\"panelIndex\":\"17\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_17\"},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":45,\"w\":48,\"h\":17,\"i\":\"20\"},\"panelIndex\":\"20\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_20\"},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":0,\"w\":14,\"h\":7,\"i\":\"638c3b10-442a-4b66-87cd-6cbc30026389\"},\"panelIndex\":\"638c3b10-442a-4b66-87cd-6cbc30026389\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_638c3b10-442a-4b66-87cd-6cbc30026389\"},{\"type\":\"lens\",\"gridData\":{\"x\":14,\"y\":0,\"w\":10,\"h\":7,\"i\":\"cb729dd9-7dfe-4434-a6ee-4e76e7b91c5f\"},\"panelIndex\":\"cb729dd9-7dfe-4434-a6ee-4e76e7b91c5f\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_cb729dd9-7dfe-4434-a6ee-4e76e7b91c5f\"},{\"type\":\"map\",\"gridData\":{\"x\":24,\"y\":0,\"w\":24,\"h\":17,\"i\":\"40960079-34b0-4bbf-9b77-7efad5af4b18\"},\"panelIndex\":\"40960079-34b0-4bbf-9b77-7efad5af4b18\",\"embeddableConfig\":{\"mapCenter\":{\"lat\":26.7893,\"lon\":117.7756,\"zoom\":4.61},\"mapBuffer\":{\"minLon\":101.25,\"minLat\":11.1784,\"maxLon\":135,\"maxLat\":40.9799},\"isLayerTOCOpen\":false,\"openTOCDetails\":[],\"hiddenLayers\":[],\"enhancements\":{}},\"panelRefName\":\"panel_40960079-34b0-4bbf-9b77-7efad5af4b18\"},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":7,\"w\":24,\"h\":10,\"i\":\"8decb9c2-5b0c-4858-8164-5a27a1865fd3\"},\"panelIndex\":\"8decb9c2-5b0c-4858-8164-5a27a1865fd3\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_8decb9c2-5b0c-4858-8164-5a27a1865fd3\"},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":17,\"w\":12,\"h\":10,\"i\":\"e2fca610-d35d-4067-8053-39c9eb8737a3\"},\"panelIndex\":\"e2fca610-d35d-4067-8053-39c9eb8737a3\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_e2fca610-d35d-4067-8053-39c9eb8737a3\"},{\"type\":\"lens\",\"gridData\":{\"x\":12,\"y\":17,\"w\":12,\"h\":10,\"i\":\"4cb2d9f9-f7d3-4372-81f0-8ee3777d49ff\"},\"panelIndex\":\"4cb2d9f9-f7d3-4372-81f0-8ee3777d49ff\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4cb2d9f9-f7d3-4372-81f0-8ee3777d49ff\"},{\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":17,\"w\":24,\"h\":10,\"i\":\"0c562b77-3f0b-485c-b419-948d6c0149ff\"},\"panelIndex\":\"0c562b77-3f0b-485c-b419-948d6c0149ff\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_0c562b77-3f0b-485c-b419-948d6c0149ff\"},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":27,\"w\":12,\"h\":18,\"i\":\"687ca43d-5451-40e5-978b-6ab0e9361f49\"},\"panelIndex\":\"687ca43d-5451-40e5-978b-6ab0e9361f49\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_687ca43d-5451-40e5-978b-6ab0e9361f49\"},{\"type\":\"lens\",\"gridData\":{\"x\":12,\"y\":27,\"w\":12,\"h\":18,\"i\":\"5415f374-0882-4df6-a4bd-add292f36701\"},\"panelIndex\":\"5415f374-0882-4df6-a4bd-add292f36701\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_5415f374-0882-4df6-a4bd-add292f36701\"}]","refreshInterval":{"pause":false,"value":60000},"timeFrom":"now-24h","timeRestore":true,"timeTo":"now","title":"Mailoney","version":1},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"dd95c950-8b5d-11e7-ba35-0d8832ac304f","managed":false,"references":[{"id":"6478386e-a5d4-494a-9c11-e70e0360a832","name":"17:panel_17","type":"lens"},{"id":"e41141d7-2026-4578-8d0e-92c38539a2e3","name":"20:panel_20","type":"lens"},{"id":"c6fae7be-5ac1-428d-958a-eb1964375d3b","name":"638c3b10-442a-4b66-87cd-6cbc30026389:panel_638c3b10-442a-4b66-87cd-6cbc30026389","type":"lens"},{"id":"95a453e7-090e-477b-af3e-2bd66c2928a4","name":"cb729dd9-7d
{"attributes":{"columns":[],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"type:\\\"Hellpot\\\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"tabs":[{"attributes":{"columns":[],"hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"type:\\\"Hellpot\\\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"version":1},"id":"596bc3ce-5afd-48d7-8757-0f982ce77fa6","label":"Untitled"}],"title":"Hellpot-Logs","version":1},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"dfbeea50-3738-11ec-a911-7f1b8f93d32e","managed":false,"references":[{"id":"logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1767638649249,8589935984],"type":"search","typeMigrationVersion":"10.9.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzI2MiwxXQ=="}
{"attributes":{"columns":["_source"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"type:\\\"Fatt\\\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"tabs":[{"attributes":{"columns":["_source"],"hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"type:\\\"Fatt\\\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"version":1},"id":"47c8d63d-6b2f-4ba9-8496-64a45c071bcb","label":"Untitled"}],"title":"Fatt-Logs","version":1},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"e11820b0-8619-11e9-b550-15eb0c9cf8d9","managed":false,"references":[{"id":"logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1767638649249,8589935986],"type":"search","typeMigrationVersion":"10.9.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzI2MywxXQ=="}
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"0ca7e8b0-24aa-4c8d-8363-0544479abb01":{"columnOrder":["c4c4b64c-e2c3-496f-95a1-f644daaaed87"],"columns":{"c4c4b64c-e2c3-496f-95a1-f644daaaed87":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Attacks","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"}},"ignoreGlobalFilters":false,"incompleteColumns":{},"sampling":1},"14aaf619-3cf4-4e1c-b3fb-d82f883e61a7":{"columnOrder":["15c5137f-b46a-426c-b2e4-ddf028b54b2e","8c65af28-65a1-41d3-a316-ec61bfb797d5"],"columns":{"15c5137f-b46a-426c-b2e4-ddf028b54b2e":{"dataType":"date","isBucketed":true,"label":"@timestamp","operationType":"date_histogram","params":{"dropPartials":false,"includeEmptyRows":true,"interval":"auto"},"scale":"interval","sourceField":"@timestamp"},"8c65af28-65a1-41d3-a316-ec61bfb797d5":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Attacks","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"}},"ignoreGlobalFilters":false,"incompleteColumns":{},"linkToLayers":["0ca7e8b0-24aa-4c8d-8363-0544479abb01"],"sampling":1}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"kuery","query":"type : Adbhoney Ciscoasa CitrixHoneypot ConPot Cowrie Ddospot Dicompot Dionaea ElasticPot Endlessh Glutton Hellpot Heralding Honeytrap Honeypots Log4pot Ipphoney Mailoney Medpot Redishoneypot Sentrypeer Tanner Wordpot"},"visualization":{"icon":"globe","layerId":"0ca7e8b0-24aa-4c8d-8363-0544479abb01","layerType":"data","metricAccessor":"c4c4b64c-e2c3-496f-95a1-f644daaaed87","palette":{"name":"custom","params":{"colorStops":[{"color":"#8BB354","stop":null},{"color":"#DACB45","stop":20238.4},{"color":"#E7664C","stop":40476.8},{"color":"#C03F25","stop":60715.2},{"color":"#982511","stop":80953.6}],"continuity":"all","maxSteps":5,"name":"custom","progression":"fixed","rangeMax":null,"rangeMin":null,"rangeType":"number","reverse":false,"steps":3,"stops":[{"color":"#8BB354","stop":20238.4},{"color":"#DACB45","stop":40476.8},{"color":"#E7664C","stop":60715.2},{"color":"#C03F25","stop":80953.6},{"color":"#982511","stop":101192}]},"type":"palette"},"showBar":false,"trendlineLayerId":"14aaf619-3cf4-4e1c-b3fb-d82f883e61a7","trendlineLayerType":"metricTrendline","trendlineMetricAccessor":"8c65af28-65a1-41d3-a316-ec61bfb797d5","trendlineTimeAccessor":"15c5137f-b46a-426c-b2e4-ddf028b54b2e"}},"title":"Honeypot Attacks","visualizationType":"lnsMetric"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"e45a3213-9890-433e-864d-601adc85b372","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-0ca7e8b0-24aa-4c8d-8363-0544479abb01","type":"index-pattern"},{"id":"logstash-*","name":"indexpattern-datasource-layer-14aaf619-3cf4-4e1c-b3fb-d82f883e61a7","type":"index-pattern"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"}],"sort":[1767638649249,8589935990],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzI2NCwxXQ=="}
{"attributes":{"description":"Dicompot Dashboard","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"type : Dicompot\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":true,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":0,\"w\":14,\"h\":7,\"i\":\"9eba5ff8-755a-4a6f-94ec-f6bf7924f17b\"},\"panelIndex\":\"9eba5ff8-755a-4a6f-94ec-f6bf7924f17b\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_9eba5ff8-755a-4a6f-94ec-f6bf7924f17b\"},{\"type\":\"lens\",\"gridData\":{\"x\":14,\"y\":0,\"w\":10,\"h\":7,\"i\":\"118fe439-3252-4738-8abd-a23fd19a6d3e\"},\"panelIndex\":\"118fe439-3252-4738-8abd-a23fd19a6d3e\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true},\"panelRefName\":\"panel_118fe439-3252-4738-8abd-a23fd19a6d3e\"},{\"type\":\"map\",\"gridData\":{\"x\":24,\"y\":0,\"w\":24,\"h\":17,\"i\":\"d7e366cc-a658-4bef-a7b9-23dbb3074674\"},\"panelIndex\":\"d7e366cc-a658-4bef-a7b9-23dbb3074674\",\"embeddableConfig\":{\"mapCenter\":{\"lat\":20.96144,\"lon\":-12.12891,\"zoom\":2},\"mapBuffer\":{\"minLon\":-180,\"minLat\":-66.51326,\"maxLon\":90,\"maxLat\":66.51326},\"isLayerTOCOpen\":false,\"openTOCDetails\":[],\"hiddenLayers\":[],\"enhancements\":{}},\"panelRefName\":\"panel_d7e366cc-a658-4bef-a7b9-23dbb3074674\"},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":7,\"w\":24,\"h\":10,\"i\":\"8e774164-a24c-48cb-b641-0eba4a5a087c\"},\"panelIndex\":\"8e774164-a24c-48cb-b641-0eba4a5a087c\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_8e774164-a24c-48cb-b641-0eba4a5a087c\"},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":17,\"w\":12,\"h\":10,\"i\":\"48f3663c-ede8-4be1-a97a-f63455b27052\"},\"panelIndex\":\"48f3663c-ede8-4be1-a97a-f63455b27052\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_48f3663c-ede8-4be1-a97a-f63455b27052\"},{\"type\":\"lens\",\"gridData\":{\"x\":12,\"y\":17,\"w\":12,\"h\":10,\"i\":\"305f4ddf-273f-43df-9e3b-5dfc70562b24\"},\"panelIndex\":\"305f4ddf-273f-43df-9e3b-5dfc70562b24\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_305f4ddf-273f-43df-9e3b-5dfc70562b24\"},{\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":17,\"w\":24,\"h\":10,\"i\":\"84efdf6f-a822-42fa-b3b2-bcc27d4c14bb\"},\"panelIndex\":\"84efdf6f-a822-42fa-b3b2-bcc27d4c14bb\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_84efdf6f-a822-42fa-b3b2-bcc27d4c14bb\"},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":27,\"w\":12,\"h\":10,\"i\":\"efdee5a8-c43d-4927-bbab-a097fe88d393\"},\"panelIndex\":\"efdee5a8-c43d-4927-bbab-a097fe88d393\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_efdee5a8-c43d-4927-bbab-a097fe88d393\"},{\"type\":\"lens\",\"gridData\":{\"x\":12,\"y\":27,\"w\":16,\"h\":19,\"i\":\"7f3df14d-36bb-4df1-89dd-101d57e9f3ec\"},\"panelIndex\":\"7f3df14d-36bb-4df1-89dd-101d57e9f3ec\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7f3df14d-36bb-4df1-89dd-101d57e9f3ec\"},{\"type\":\"lens\",\"gridData\":{\"x\":28,\"y\":27,\"w\":10,\"h\":19,\"i\":\"7ec0d547-1080-4b65-970b-879cc019db65\"},\"panelIndex\":\"7ec0d547-1080-4b65-970b-879cc019db65\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7ec0d547-1080-4b65-970b-879cc019db65\"},{\"type\":\"lens\",\"gridData\":{\"x\":38,\"y\":27,\"w\":10,\"h\":19,\"i\":\"a88e07bf-7dd9-49fd-80b3-bba191f659cb\"},\"panelIndex\":\"a88e07bf-7dd9-49fd-80b3-bba191f659cb\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_a88e07bf-7dd9-49fd-80b3-bba191f659cb\"},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":37,\"w\":12,\"h\":9,\"i\":\"f70f461a-99d9-42ca-b2e1-b832f37e395a\"},\"panelIndex\":\"f70f461a-99d9-42ca-b2e1-b832f37e395a\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_f70f461a-99d9-42ca-b2e1-b832f37e395a\"}]","refreshInterval":{"pause":false,"value":60000},"timeFrom":"now-90d/d","timeRestore":true,"timeTo":"now","title":"Dicompot","version":1},"coreMigrationVersion":"8.8.0","crea
{"attributes":{"description":"","state":{"adHocDataViews":{},"datasourceStates":{"formBased":{"layers":{"53b84435-8dbc-4a4a-904f-38983e3db2d4":{"columnOrder":["c84dd9ec-6b5d-4981-b62b-4f4c0b15762f","5f9be20e-0aea-420d-9e25-a0f6e4247691"],"columns":{"5f9be20e-0aea-420d-9e25-a0f6e4247691":{"customLabel":true,"dataType":"number","isBucketed":false,"label":"Count","operationType":"count","params":{"emptyAsNull":true},"scale":"ratio","sourceField":"___records___"},"c84dd9ec-6b5d-4981-b62b-4f4c0b15762f":{"customLabel":true,"dataType":"string","isBucketed":true,"label":"headers.accept_encoding.keyword: Descending","operationType":"terms","params":{"accuracyMode":true,"exclude":[],"excludeIsRegex":false,"include":[],"includeIsRegex":false,"missingBucket":false,"orderBy":{"columnId":"5f9be20e-0aea-420d-9e25-a0f6e4247691","type":"column"},"orderDirection":"desc","otherBucket":false,"parentFormat":{"id":"terms"},"size":10},"scale":"ordinal","sourceField":"headers.accept_encoding.keyword"}},"ignoreGlobalFilters":false,"incompleteColumns":{}}}},"indexpattern":{"layers":{}},"textBased":{"layers":{}}},"filters":[],"internalReferences":[],"query":{"language":"kuery","query":"type : Tanner"},"visualization":{"layers":[{"categoryDisplay":"hide","emptySizeRatio":0.3,"layerId":"53b84435-8dbc-4a4a-904f-38983e3db2d4","layerType":"data","legendDisplay":"show","legendMaxLines":1,"legendPosition":"right","legendSize":"auto","metrics":["5f9be20e-0aea-420d-9e25-a0f6e4247691"],"nestedLegend":true,"numberDisplay":"percent","percentDecimals":0,"primaryGroups":["c84dd9ec-6b5d-4981-b62b-4f4c0b15762f"],"secondaryGroups":[],"showValuesInLegend":true,"truncateLegend":true}],"palette":{"name":"kibana_palette","type":"palette"},"shape":"donut"}},"title":"Tanner HTTP Encoding Pie - Top 10","visualizationType":"lnsPie"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"eb298386-8d85-4232-bac8-c89e3ea90a34","managed":false,"references":[{"id":"logstash-*","name":"indexpattern-datasource-layer-53b84435-8dbc-4a4a-904f-38983e3db2d4","type":"index-pattern"},{"id":"16459ee0-8ebc-11ec-82b5-d375cfa90394","name":"tag-ref-16459ee0-8ebc-11ec-82b5-d375cfa90394","type":"tag"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"}],"sort":[1767638649249,8589936009],"type":"lens","typeMigrationVersion":"10.1.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzI2NiwxXQ=="}
{"attributes":{"columns":[],"description":"","grid":{},"hideChart":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"type:\\\"Honeypots\\\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"tabs":[{"attributes":{"columns":[],"grid":{},"hideChart":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"type:\\\"Honeypots\\\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]]},"id":"644c59fa-a067-4f70-94ea-d8706f0c3fbb","label":"Untitled"}],"title":"Honeypots-Logs"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"f0ea3d80-7300-11ec-9e1e-29d5d4b58b2b","managed":false,"references":[{"id":"logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1767638649249,8589936011],"type":"search","typeMigrationVersion":"10.9.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzI2NywxXQ=="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"type:\\\"Adbhoney\\\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Adbhoney Samples - Top 10","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Adbhoney Samples - Top 10\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Count\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"outfile.keyword\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Captured Samples\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"showToolbar\":false,\"percentageCol\":\"\",\"autoFitRowToContent\":false}}"},"coreMigrationVersion":"8.8.0","created_at":"2026-01-05T18:44:09.249Z","id":"f1f14c10-fa3a-11e8-838f-fff066e21110","managed":false,"references":[{"id":"logstash-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"02526be0-8eba-11ec-82b5-d375cfa90394","name":"tag-ref-02526be0-8eba-11ec-82b5-d375cfa90394","type":"tag"},{"id":"858335c0-8ebb-11ec-82b5-d375cfa90394","name":"tag-ref-858335c0-8ebb-11ec-82b5-d375cfa90394","type":"tag"}],"sort":[1767638649249,8589936015],"type":"visualization","typeMigrationVersion":"8.5.0","updated_at":"2026-01-05T18:44:09.249Z","version":"WzI2OCwxXQ=="}
{"attributes":{"description":"Tanner Dashboard","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"type : Tanner\",\"language\":\"lucene\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":true,\"syncColors\":true,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":27,\"w\":16,\"h\":10,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_7\"},{\"type\":\"lens\",\"gridData\":{\"x\":32,\"y\":37,\"w\":16,\"h\":10,\"i\":\"8\"},\"panelIndex\":\"8\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_8\"},{\"type\":\"lens\",\"gridData\":{\"x\":16,\"y\":37,\"w\":16,\"h\":10,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_9\"},{\"type\":\"lens\",\"gridData\":{\"x\":32,\"y\":27,\"w\":16,\"h\":10,\"i\":\"12\"},\"panelIndex\":\"12\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_12\"},{\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":47,\"w\":24,\"h\":17,\"i\":\"13\"},\"panelIndex\":\"13\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_13\"},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":37,\"w\":16,\"h\":10,\"i\":\"14\"},\"panelIndex\":\"14\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_14\"},{\"type\":\"lens\",\"gridData\":{\"x\":16,\"y\":27,\"w\":16,\"h\":10,\"i\":\"15\"},\"panelIndex\":\"15\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_15\"},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":0,\"w\":14,\"h\":7,\"i\":\"878ae253-92bb-49dc-8b65-f15ce04b0bf2\"},\"panelIndex\":\"878ae253-92bb-49dc-8b65-f15ce04b0bf2\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_878ae253-92bb-49dc-8b65-f15ce04b0bf2\"},{\"type\":\"lens\",\"gridData\":{\"x\":14,\"y\":0,\"w\":10,\"h\":7,\"i\":\"f509d4b6-c046-4829-bd86-be9b70687e45\"},\"panelIndex\":\"f509d4b6-c046-4829-bd86-be9b70687e45\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true},\"panelRefName\":\"panel_f509d4b6-c046-4829-bd86-be9b70687e45\"},{\"type\":\"map\",\"gridData\":{\"x\":24,\"y\":0,\"w\":24,\"h\":17,\"i\":\"ef731b57-6fe5-4d34-ba1d-a277b86d2dbc\"},\"panelIndex\":\"ef731b57-6fe5-4d34-ba1d-a277b86d2dbc\",\"embeddableConfig\":{\"mapCenter\":{\"lat\":17.85176,\"lon\":13.36745,\"zoom\":0.98},\"mapBuffer\":{\"minLon\":-180,\"minLat\":-85.05113,\"maxLon\":360,\"maxLat\":85.05113},\"isLayerTOCOpen\":false,\"openTOCDetails\":[],\"hiddenLayers\":[],\"enhancements\":{}},\"panelRefName\":\"panel_ef731b57-6fe5-4d34-ba1d-a277b86d2dbc\"},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":7,\"w\":24,\"h\":10,\"i\":\"dd418c44-86ce-4091-ae18-77d696048757\"},\"panelIndex\":\"dd418c44-86ce-4091-ae18-77d696048757\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_dd418c44-86ce-4091-ae18-77d696048757\"},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":17,\"w\":12,\"h\":10,\"i\":\"37d21a25-08e4-4ee3-83c9-f60bd3c274c3\"},\"panelIndex\":\"37d21a25-08e4-4ee3-83c9-f60bd3c274c3\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_37d21a25-08e4-4ee3-83c9-f60bd3c274c3\"},{\"type\":\"lens\",\"gridData\":{\"x\":12,\"y\":17,\"w\":12,\"h\":10,\"i\":\"d5c100a5-51c2-4840-bde9-a68288d6915e\"},\"panelIndex\":\"d5c100a5-51c2-4840-bde9-a68288d6915e\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_d5c100a5-51c2-4840-bde9-a68288d6915e\"},{\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":17,\"w\":24,\"h\":10,\"i\":\"b9043190-8094-4691-9295-a2a4c36a31fc\"},\"panelIndex\":\"b9043190-8094-4691-9295-a2a4c36a31fc\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_b9043190-8094-4691-9295-a2a4c36a31fc\"},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":47,\"w\":12,\"h\":17,\"i\":\"291364cd-2eac-4e8b-81be-5e881ccf4c42\"},\"panelIndex\":\"291364cd-2eac-4e8b-81be-5e881ccf4c42\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_291364cd-2eac-4e8b-81be-5e881ccf4c42\"},{\"type\":\"lens\",\"gridData\":{\"x\":12,\"y\":47,\"w\
Reference in a new issue Copy permalink