mirror of
				https://github.com/telekom-security/tpotce.git
				synced 2025-10-24 17:24:44 +00:00 
			
		
		
		
	
		
			
				
	
	
		
			4589 lines
		
	
	
		
			No EOL
		
	
	
		
			529 KiB
		
	
	
	
		
			JSON
		
	
	
	
	
	
			
		
		
	
	
			4589 lines
		
	
	
		
			No EOL
		
	
	
		
			529 KiB
		
	
	
	
		
			JSON
		
	
	
	
	
	
| [
 | |
|   {
 | |
|     "_id": "29f51af0-4876-11e8-9b3d-f36e8d4f5cb2",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Heralding Protocols Histogram",
 | |
|       "visState": "{\"title\":\"Heralding Protocols Histogram\",\"type\":\"histogram\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{},\"type\":\"category\"}],\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"legendPosition\":\"right\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Events\"},\"drawLinesBetweenPoints\":true,\"interpolate\":\"step-after\",\"mode\":\"normal\",\"show\":\"true\",\"showCircles\":true,\"type\":\"area\",\"valueAxis\":\"ValueAxis-1\"}],\"times\":[],\"type\":\"histogram\",\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"square root\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"\"},\"type\":\"value\"}]},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Events\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"proto.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\"Timestamp\"}}]}",
 | |
|       "uiStateJSON": "{}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "c2bea500-47ca-11e8-a905-f74bbc7cbd2d",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "4e2887d0-8379-11e7-97dc-15d31af3c77f",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Honeytrap Heatmap",
 | |
|       "visState": "{\"title\":\"Honeytrap Heatmap\",\"type\":\"heatmap\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"enableHover\":false,\"legendPosition\":\"right\",\"times\":[],\"colorsNumber\":10,\"colorSchema\":\"Green to Red\",\"setColorRange\":false,\"colorsRange\":[],\"invertColors\":false,\"percentageMode\":false,\"valueAxes\":[{\"show\":false,\"id\":\"ValueAxis-1\",\"type\":\"value\",\"scale\":{\"type\":\"square root\",\"defaultYExtents\":false},\"labels\":{\"show\":false,\"rotate\":0,\"color\":\"#555\",\"overwriteColor\":false}}],\"type\":\"heatmap\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"dest_port\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination Port\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\"Timestamp\"}}]}",
 | |
|       "uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0 - 650\":\"rgb(0,104,55)\",\"650 - 1300\":\"rgb(26,151,80)\",\"1300 - 1950\":\"rgb(102,189,99)\",\"1950 - 2600\":\"rgb(166,217,106)\",\"2600 - 3250\":\"rgb(217,239,139)\",\"3250 - 3900\":\"rgb(255,255,190)\",\"3900 - 4550\":\"rgb(254,224,139)\",\"4550 - 5200\":\"rgb(253,174,97)\",\"5200 - 5850\":\"rgb(244,109,67)\",\"5850 - 6500\":\"rgb(214,47,39)\"}},\"spy\":{\"mode\":{\"name\":null,\"fill\":false}}}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "Honeytrap-Logs",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "54213440-8b56-11e7-b92d-d39e43e3de0f",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Rdpy Username Tagcloud",
 | |
|       "visState": "{\"title\":\"Rdpy Username Tagcloud\",\"type\":\"tagcloud\",\"params\":{\"textScale\":\"linear\",\"orientations\":1,\"fromDegree\":\"0\",\"toDegree\":\"0\",\"font\":\"serif\",\"fontStyle\":\"normal\",\"fontWeight\":\"normal\",\"timeInterval\":\"500\",\"spiral\":\"rectangular\",\"minFontSize\":16,\"maxFontSize\":64,\"scale\":\"linear\",\"orientation\":\"single\",\"hideLabel\":false,\"showLabel\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"username.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}",
 | |
|       "uiStateJSON": "{}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "aa750980-8ab5-11e7-8fef-33e989079c7d",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "56cdedf0-ec08-11e8-96db-ebfb2a58ccf6",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Username Tagcloud",
 | |
|       "visState": "{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{\"customLabel\":\"\"},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"customLabel\":\"\",\"field\":\"username.keyword\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":50},\"schema\":\"segment\",\"type\":\"terms\"}],\"params\":{\"font\":\"serif\",\"fontStyle\":\"normal\",\"fontWeight\":\"normal\",\"fromDegree\":\"0\",\"maxFontSize\":64,\"minFontSize\":16,\"orientation\":\"single\",\"orientations\":1,\"scale\":\"linear\",\"showLabel\":false,\"spiral\":\"rectangular\",\"textScale\":\"sqrt\",\"timeInterval\":\"500\",\"toDegree\":\"0\"},\"title\":\"Username Tagcloud\",\"type\":\"tagcloud\"}",
 | |
|       "uiStateJSON": "{}",
 | |
|       "description": "",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"query\":{\"language\":\"kuery\",\"query\":\"(type.keyword:\\\"Cowrie\\\" AND system:\\\"ssh\\\") OR type.keyword:\\\"Dionaea\\\" OR type.keyword:\\\"Heralding\\\" OR type.keyword:\\\"RDPY\\\"\"},\"filter\":[],\"index\":\"logstash-*\"}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "63d0bf60-e851-11e8-97df-bbc3de28ece0",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Glutton Attack Map",
 | |
|       "visState": "{\"title\":\"Glutton Attack Map\",\"type\":\"tile_map\",\"params\":{\"mapType\":\"Shaded Circle Markers\",\"isDesaturated\":false,\"addTooltip\":true,\"heatMaxZoom\":16,\"heatMinOpacity\":0.1,\"heatRadius\":25,\"heatBlur\":15,\"heatNormalizeData\":true,\"wms\":{\"enabled\":false,\"url\":\"http://ows.terrestris.de/osm/service\",\"options\":{\"version\":\"1.3.0\",\"layers\":\"OSM-WMS\",\"format\":\"image/png\",\"transparent\":true,\"attribution\":\"© <a href=\\\"http://www.openstreetmap.org/copyright\\\">OpenStreetMap</a> contributors\",\"styles\":\"\"},\"baseLayersAreLoaded\":{},\"tmsLayers\":[{\"id\":\"road_map\",\"url\":\"https://tiles.maps.elastic.co/v2/default/{z}/{x}/{y}.png?elastic_tile_service_tos=agree&my_app_name=kibana&my_app_version=6.4.3&license=9fb155de-424a-423c-a59a-07b920363565\",\"minZoom\":0,\"maxZoom\":18,\"attribution\":\"<p>© <a href=\\\"http://www.openstreetmap.org/copyright\\\">OpenStreetMap</a> contributors | <a href=\\\"https://www.elastic.co/elastic-maps-service\\\">Elastic Maps Service</a></p>
\",\"subdomains\":[]}],\"selectedTmsLayer\":{\"id\":\"road_map\",\"url\":\"https://tiles.maps.elastic.co/v2/default/{z}/{x}/{y}.png?elastic_tile_service_tos=agree&my_app_name=kibana&my_app_version=6.4.3&license=9fb155de-424a-423c-a59a-07b920363565\",\"minZoom\":0,\"maxZoom\":18,\"attribution\":\"<p>© <a href=\\\"http://www.openstreetmap.org/copyright\\\">OpenStreetMap</a> contributors | <a href=\\\"https://www.elastic.co/elastic-maps-service\\\">Elastic Maps Service</a></p>
\",\"subdomains\":[]}},\"legendPosition\":\"bottomright\",\"mapZoom\":2,\"mapCenter\":[0,0],\"colorSchema\":\"Yellow to Red\",\"heatClusterSize\":1.5},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"geohash_grid\",\"schema\":\"segment\",\"params\":{\"field\":\"geoip.location\",\"autoPrecision\":true,\"isFilteredByCollar\":true,\"useGeocentroid\":true,\"mapZoom\":2,\"mapCenter\":{\"lon\":0,\"lat\":-0.17578097424708533},\"precision\":2}}]}",
 | |
|       "uiStateJSON": "{}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "385ea460-ad22-11e8-942c-a39712fa9ddf",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "7c5959b0-4889-11e8-9b3d-f36e8d4f5cb2",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Heralding Password Tagcloud",
 | |
|       "visState": "{\"title\":\"Heralding Password Tagcloud\",\"type\":\"tagcloud\",\"params\":{\"scale\":\"linear\",\"orientation\":\"single\",\"minFontSize\":16,\"maxFontSize\":64,\"showLabel\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"password.keyword\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}",
 | |
|       "uiStateJSON": "{}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "c2bea500-47ca-11e8-a905-f74bbc7cbd2d",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "656df650-6357-11e8-be86-73985bedf977",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Tanner HTTP Encoding Pie - Top 10",
 | |
|       "visState": "{\"title\":\"Tanner HTTP Encoding Pie - Top 10\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":true,\"legendPosition\":\"right\",\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"headers.accept-encoding.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}]}",
 | |
|       "uiStateJSON": "{}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "d800f130-633f-11e8-be86-73985bedf977",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "7dcaa2b0-8596-11e7-a686-392ac617767d",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "NGINX Top Users Histogram",
 | |
|       "visState": "{\"title\":\"NGINX Top Users Histogram\",\"type\":\"area\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"Timestamp\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"square root\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"area\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"step-after\",\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\"Timestamp\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"remote_user.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"\"}}],\"listeners\":{}}",
 | |
|       "uiStateJSON": "{}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "NGINX-Logs",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "7e9a7d20-e858-11e8-97df-bbc3de28ece0",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Glutton Flow Direction",
 | |
|       "visState": "{\"title\":\"Glutton Flow Direction\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":true,\"legendPosition\":\"right\",\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"direction.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}",
 | |
|       "uiStateJSON": "{}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "385ea460-ad22-11e8-942c-a39712fa9ddf",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "a81cba70-e7fc-11e8-9ac4-13ecd4ad8d70",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Medpot Attack Map",
 | |
|       "visState": "{\"title\":\"Medpot Attack Map\",\"type\":\"tile_map\",\"params\":{\"mapType\":\"Shaded Circle Markers\",\"isDesaturated\":false,\"addTooltip\":true,\"heatMaxZoom\":16,\"heatMinOpacity\":0.1,\"heatRadius\":25,\"heatBlur\":15,\"heatNormalizeData\":true,\"wms\":{\"enabled\":false,\"url\":\"http://ows.terrestris.de/osm/service\",\"options\":{\"version\":\"1.3.0\",\"layers\":\"OSM-WMS\",\"format\":\"image/png\",\"transparent\":true,\"attribution\":\"© <a href=\\\"http://www.openstreetmap.org/copyright\\\">OpenStreetMap</a> contributors\",\"styles\":\"\"},\"baseLayersAreLoaded\":{},\"tmsLayers\":[{\"id\":\"road_map\",\"url\":\"https://tiles.maps.elastic.co/v2/default/{z}/{x}/{y}.png?elastic_tile_service_tos=agree&my_app_name=kibana&my_app_version=6.4.3&license=9fb155de-424a-423c-a59a-07b920363565\",\"minZoom\":0,\"maxZoom\":18,\"attribution\":\"<p>© <a href=\\\"http://www.openstreetmap.org/copyright\\\">OpenStreetMap</a> contributors | <a href=\\\"https://www.elastic.co/elastic-maps-service\\\">Elastic Maps Service</a></p>
\",\"subdomains\":[]}],\"selectedTmsLayer\":{\"id\":\"road_map\",\"url\":\"https://tiles.maps.elastic.co/v2/default/{z}/{x}/{y}.png?elastic_tile_service_tos=agree&my_app_name=kibana&my_app_version=6.4.3&license=9fb155de-424a-423c-a59a-07b920363565\",\"minZoom\":0,\"maxZoom\":18,\"attribution\":\"<p>© <a href=\\\"http://www.openstreetmap.org/copyright\\\">OpenStreetMap</a> contributors | <a href=\\\"https://www.elastic.co/elastic-maps-service\\\">Elastic Maps Service</a></p>
\",\"subdomains\":[]}},\"legendPosition\":\"bottomright\",\"mapZoom\":2,\"mapCenter\":[0,0],\"colorSchema\":\"Yellow to Red\",\"heatClusterSize\":1.5},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"geohash_grid\",\"schema\":\"segment\",\"params\":{\"field\":\"geoip.location\",\"autoPrecision\":true,\"isFilteredByCollar\":true,\"useGeocentroid\":true,\"mapZoom\":2,\"mapCenter\":{\"lon\":0,\"lat\":-0.17578097424708533},\"precision\":2}}]}",
 | |
|       "uiStateJSON": "{}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "baa53b00-b597-11e8-9a34-d951cebce834",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "87cf3b50-6357-11e8-be86-73985bedf977",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Tanner HTTP Language Pie - Top 10",
 | |
|       "visState": "{\"title\":\"Tanner HTTP Language Pie - Top 10\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":true,\"legendPosition\":\"right\",\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"headers.accept-language.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}]}",
 | |
|       "uiStateJSON": "{}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "d800f130-633f-11e8-be86-73985bedf977",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "9b89ddb0-ec07-11e8-96db-ebfb2a58ccf6",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Password Tagcloud",
 | |
|       "visState": "{\"title\":\"Password Tagcloud\",\"type\":\"tagcloud\",\"params\":{\"font\":\"serif\",\"fontStyle\":\"normal\",\"fontWeight\":\"normal\",\"fromDegree\":0,\"maxFontSize\":64,\"minFontSize\":16,\"orientation\":\"single\",\"orientations\":1,\"scale\":\"linear\",\"showLabel\":false,\"spiral\":\"rectangular\",\"textScale\":\"sqrt\",\"timeInterval\":500,\"toDegree\":0},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"password.keyword\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}",
 | |
|       "uiStateJSON": "{\"spy\":{\"mode\":{\"fill\":false,\"name\":null}}}",
 | |
|       "description": "",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"query\":{\"query\":\"(type:\\\"Cowrie\\\" AND system:\\\"ssh\\\") OR type:\\\"Dionaea\\\" OR type:\\\"Heralding\\\" OR type:\\\"RDPY\\\"\",\"language\":\"lucene\"},\"filter\":[],\"index\":\"logstash-*\"}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "946dc4d0-6352-11e8-be86-73985bedf977",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Tanner HTTP Method Pie - Top 10",
 | |
|       "visState": "{\"title\":\"Tanner HTTP Method Pie - Top 10\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"legendPosition\":\"right\",\"shareYAxis\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"method.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}]}",
 | |
|       "uiStateJSON": "{}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "d800f130-633f-11e8-be86-73985bedf977",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "94ae10e0-4871-11e8-9b3d-f36e8d4f5cb2",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Heralding Attack Map",
 | |
|       "visState": "{\"title\":\"Heralding Attack Map\",\"type\":\"tile_map\",\"params\":{\"mapType\":\"Shaded Circle Markers\",\"isDesaturated\":false,\"addTooltip\":true,\"heatClusterSize\":1.5,\"legendPosition\":\"bottomright\",\"mapZoom\":2,\"mapCenter\":[0,0],\"wms\":{\"enabled\":false,\"options\":{\"format\":\"image/png\",\"transparent\":true,\"layers\":\"OSM-WMS\",\"version\":\"1.3.0\",\"attribution\":\"© <a href=\\\"http://www.openstreetmap.org/copyright\\\">OpenStreetMap</a> contributors\"},\"baseLayersAreLoaded\":{},\"tmsLayers\":[{\"id\":\"road_map\",\"url\":\"https://tiles.maps.elastic.co/v2/default/{z}/{x}/{y}.png?elastic_tile_service_tos=agree&my_app_name=kibana&my_app_version=6.2.4\",\"minZoom\":0,\"maxZoom\":10,\"attribution\":\"<p>© <a href=\\\"http://www.openstreetmap.org/copyright\\\">OpenStreetMap</a> contributors | <a href=\\\"https://www.elastic.co/elastic-maps-service\\\">Elastic Maps Service</a></p>
\",\"subdomains\":[]}],\"selectedTmsLayer\":{\"id\":\"road_map\",\"url\":\"https://tiles.maps.elastic.co/v2/default/{z}/{x}/{y}.png?elastic_tile_service_tos=agree&my_app_name=kibana&my_app_version=6.2.4\",\"minZoom\":0,\"maxZoom\":10,\"attribution\":\"<p>© <a href=\\\"http://www.openstreetmap.org/copyright\\\">OpenStreetMap</a> contributors | <a href=\\\"https://www.elastic.co/elastic-maps-service\\\">Elastic Maps Service</a></p>
\",\"subdomains\":[]},\"url\":\"http://ows.terrestris.de/osm/service\"},\"colorSchema\":\"Yellow to Red\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"geohash_grid\",\"schema\":\"segment\",\"params\":{\"field\":\"geoip.location\",\"autoPrecision\":true,\"isFilteredByCollar\":true,\"useGeocentroid\":true,\"mapZoom\":2,\"mapCenter\":{\"lon\":0,\"lat\":-0.17578097424708533},\"precision\":2}}]}",
 | |
|       "uiStateJSON": "{}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "c2bea500-47ca-11e8-a905-f74bbc7cbd2d",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "895645f0-6356-11e8-be86-73985bedf977",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Tanner Detection Type Pie - Top 10",
 | |
|       "visState": "{\"title\":\"Tanner Detection Type Pie - Top 10\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"legendPosition\":\"right\",\"shareYAxis\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"response_msg.response.message.detection.name.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}]}",
 | |
|       "uiStateJSON": "{}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "d800f130-633f-11e8-be86-73985bedf977",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "c1c8a3a0-6352-11e8-be86-73985bedf977",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Tanner HTTP Hostname Pie - Top 10",
 | |
|       "visState": "{\"title\":\"Tanner HTTP Hostname Pie - Top 10\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"legendPosition\":\"right\",\"shareYAxis\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"headers.host.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}]}",
 | |
|       "uiStateJSON": "{}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "d800f130-633f-11e8-be86-73985bedf977",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "a6ccd530-6352-11e8-be86-73985bedf977",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Tanner HTTP User Agent Pie - Top 10",
 | |
|       "visState": "{\"title\":\"Tanner HTTP User Agent Pie - Top 10\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":true,\"legendPosition\":\"right\",\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"headers.user-agent.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}]}",
 | |
|       "uiStateJSON": "{}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "d800f130-633f-11e8-be86-73985bedf977",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "ConPot-Event-Type",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Conpot Event Type",
 | |
|       "visState": "{\"title\":\"Conpot Event Type\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"shareYAxis\":true,\"legendPosition\":\"right\",\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"event_type.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}",
 | |
|       "uiStateJSON": "{}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "ConPot-Logs",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "ConPot-Protocol",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Conpot Protocol",
 | |
|       "visState": "{\"title\":\"Conpot Protocol\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":true,\"legendPosition\":\"right\",\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"data_type.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}",
 | |
|       "uiStateJSON": "{}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "ConPot-Logs",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "Cowrie-Version-Pie-Top-10",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Cowrie Version Pie - Top 10",
 | |
|       "visState": "{\"title\":\"Cowrie Version Pie - Top 10\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"legendPosition\":\"right\",\"shareYAxis\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"version.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}",
 | |
|       "uiStateJSON": "{}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "Cowrie-Logs",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "Cowrie-Input-Top-10",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Cowrie Input - Top 10",
 | |
|       "visState": "{\"title\":\"Cowrie Input - Top 10\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"CNT\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"input.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Command Line Input\"}}],\"listeners\":{}}",
 | |
|       "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "Cowrie-Logs",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "Dionaea-Protocol",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Dionaea Protocol",
 | |
|       "visState": "{\"title\":\"Dionaea Protocol\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":true,\"legendPosition\":\"right\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"connection.protocol.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}",
 | |
|       "uiStateJSON": "{}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "Dionaea-Logs",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "Dionaea-Transport",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Dionaea Transport",
 | |
|       "visState": "{\"title\":\"Dionaea Transport\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":true,\"legendPosition\":\"right\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"connection.transport.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}",
 | |
|       "uiStateJSON": "{}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "Dionaea-Logs",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "Dionaea-Type",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Dionaea Type",
 | |
|       "visState": "{\"title\":\"Dionaea Type\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":true,\"legendPosition\":\"right\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"connection.type.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}",
 | |
|       "uiStateJSON": "{}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "Dionaea-Logs",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "a001a350-e85b-11e8-97df-bbc3de28ece0",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Glutton Payload Hex - Top 10",
 | |
|       "visState": "{\"title\":\"Glutton Payload Hex - Top 10\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"CNT\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"payload_hex.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Payload Hex\"}}]}",
 | |
|       "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "385ea460-ad22-11e8-942c-a39712fa9ddf",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "b8745000-4ad5-11e8-ab1b-fdef76c312f4",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Ciscoasa Attack Map",
 | |
|       "visState": "{\"title\":\"Ciscoasa Attack Map\",\"type\":\"tile_map\",\"params\":{\"mapType\":\"Shaded Circle Markers\",\"isDesaturated\":false,\"addTooltip\":true,\"heatClusterSize\":1.5,\"legendPosition\":\"bottomright\",\"mapZoom\":2,\"mapCenter\":[0,0],\"wms\":{\"enabled\":false,\"options\":{\"format\":\"image/png\",\"transparent\":true,\"layers\":\"OSM-WMS\",\"version\":\"1.3.0\",\"styles\":\"\",\"attribution\":\"© <a href=\\\"http://www.openstreetmap.org/copyright\\\">OpenStreetMap</a> contributors\"},\"baseLayersAreLoaded\":{},\"tmsLayers\":[{\"id\":\"road_map\",\"url\":\"https://tiles.maps.elastic.co/v2/default/{z}/{x}/{y}.png?elastic_tile_service_tos=agree&my_app_name=kibana&my_app_version=6.2.4\",\"minZoom\":0,\"maxZoom\":10,\"attribution\":\"<p>© <a href=\\\"http://www.openstreetmap.org/copyright\\\">OpenStreetMap</a> contributors | <a href=\\\"https://www.elastic.co/elastic-maps-service\\\">Elastic Maps Service</a></p>
\",\"subdomains\":[]}],\"selectedTmsLayer\":{\"id\":\"road_map\",\"url\":\"https://tiles.maps.elastic.co/v2/default/{z}/{x}/{y}.png?elastic_tile_service_tos=agree&my_app_name=kibana&my_app_version=6.2.4\",\"minZoom\":0,\"maxZoom\":10,\"attribution\":\"<p>© <a href=\\\"http://www.openstreetmap.org/copyright\\\">OpenStreetMap</a> contributors | <a href=\\\"https://www.elastic.co/elastic-maps-service\\\">Elastic Maps Service</a></p>
\",\"subdomains\":[]},\"url\":\"http://ows.terrestris.de/osm/service\"},\"colorSchema\":\"Yellow to Red\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"geohash_grid\",\"schema\":\"segment\",\"params\":{\"field\":\"geoip.location\",\"autoPrecision\":true,\"isFilteredByCollar\":true,\"useGeocentroid\":true,\"mapZoom\":2,\"mapCenter\":{\"lon\":2.4609375000000004,\"lat\":37.85750715625203},\"precision\":2}}]}",
 | |
|       "uiStateJSON": "{\"mapZoom\":2,\"mapCenter\":[37.782941450067156,2.458449960686267]}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "2934abc0-4ad4-11e8-ab1b-fdef76c312f4",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "c80e9ff0-e866-11e8-95af-236f09a02fdb",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Glutton Msg - Top 10",
 | |
|       "visState": "{\"title\":\"Glutton Msg - Top 10\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"CNT\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"msg.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Msg\"}}]}",
 | |
|       "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "385ea460-ad22-11e8-942c-a39712fa9ddf",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "bf6f6000-8598-11e7-8f60-4f4666b0a88e",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Suricata Events Bar",
 | |
|       "visState": "{\"title\":\"Suricata Events Bar\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":false,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":false,\"rotate\":90,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Suricata\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"BottomAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"square root\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Events\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true},{\"show\":true,\"mode\":\"normal\",\"type\":\"histogram\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"3\",\"label\":\"Unique Src IPs\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"type\":\"histogram\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Events\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"type.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Suricata\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"src_ip.keyword\",\"customLabel\":\"Unique Src IPs\"}}]}",
 | |
|       "uiStateJSON": "{}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "Suricata-Logs",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "cb2a3a00-8b56-11e7-b92d-d39e43e3de0f",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Rdpy Password Tagcloud",
 | |
|       "visState": "{\"title\":\"Rdpy Password Tagcloud\",\"type\":\"tagcloud\",\"params\":{\"textScale\":\"linear\",\"orientations\":1,\"fromDegree\":\"0\",\"toDegree\":\"0\",\"font\":\"serif\",\"fontStyle\":\"normal\",\"fontWeight\":\"normal\",\"timeInterval\":\"500\",\"spiral\":\"rectangular\",\"minFontSize\":16,\"maxFontSize\":64,\"scale\":\"linear\",\"orientation\":\"single\",\"showLabel\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"password.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}",
 | |
|       "uiStateJSON": "{}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "aa750980-8ab5-11e7-8fef-33e989079c7d",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "ConPot-Input-Top-10",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Conpot Input - Top 10",
 | |
|       "visState": "{\"title\":\"Conpot Input - Top 10\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"CNT\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"request.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Input\"}}]}",
 | |
|       "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "ConPot-Logs",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "c0916430-8b5e-11e7-ba35-0d8832ac304f",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Mailoney Attack Map",
 | |
|       "visState": "{\"title\":\"Mailoney Attack Map\",\"type\":\"tile_map\",\"params\":{\"mapType\":\"Shaded Circle Markers\",\"isDesaturated\":false,\"addTooltip\":true,\"heatMaxZoom\":16,\"heatMinOpacity\":0.1,\"heatRadius\":25,\"heatBlur\":15,\"heatNormalizeData\":true,\"wms\":{\"enabled\":false,\"url\":\"http://ows.terrestris.de/osm/service\",\"options\":{\"version\":\"1.3.0\",\"layers\":\"OSM-WMS\",\"format\":\"image/png\",\"transparent\":true,\"attribution\":\"© <a href=\\\"http://www.openstreetmap.org/copyright\\\">OpenStreetMap</a> contributors\",\"styles\":\"\"},\"baseLayersAreLoaded\":{},\"tmsLayers\":[{\"id\":\"road_map\",\"url\":\"https://tiles.maps.elastic.co/v2/default/{z}/{x}/{y}.png?elastic_tile_service_tos=agree&my_app_name=kibana&my_app_version=6.4.3&license=9fb155de-424a-423c-a59a-07b920363565\",\"minZoom\":0,\"maxZoom\":18,\"attribution\":\"<p>© <a href=\\\"http://www.openstreetmap.org/copyright\\\">OpenStreetMap</a> contributors | <a href=\\\"https://www.elastic.co/elastic-maps-service\\\">Elastic Maps Service</a></p>
\",\"subdomains\":[]}],\"selectedTmsLayer\":{\"id\":\"road_map\",\"url\":\"https://tiles.maps.elastic.co/v2/default/{z}/{x}/{y}.png?elastic_tile_service_tos=agree&my_app_name=kibana&my_app_version=6.4.3&license=9fb155de-424a-423c-a59a-07b920363565\",\"minZoom\":0,\"maxZoom\":18,\"attribution\":\"<p>© <a href=\\\"http://www.openstreetmap.org/copyright\\\">OpenStreetMap</a> contributors | <a href=\\\"https://www.elastic.co/elastic-maps-service\\\">Elastic Maps Service</a></p>
\",\"subdomains\":[]}},\"legendPosition\":\"bottomright\",\"mapZoom\":2,\"mapCenter\":[0,0],\"colorSchema\":\"Yellow to Red\",\"heatClusterSize\":1.5},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"geohash_grid\",\"schema\":\"segment\",\"params\":{\"field\":\"geoip.location\",\"autoPrecision\":true,\"isFilteredByCollar\":true,\"useGeocentroid\":true,\"mapZoom\":2,\"mapCenter\":{\"lon\":0,\"lat\":-0.17578097424708533},\"precision\":2}}]}",
 | |
|       "uiStateJSON": "{}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "9c35dd90-6977-11e7-9c11-8d9c11943fa0",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "Cowrie-Map",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Cowrie Attack Map",
 | |
|       "visState": "{\"title\":\"Cowrie Attack Map\",\"type\":\"tile_map\",\"params\":{\"mapType\":\"Shaded Circle Markers\",\"isDesaturated\":false,\"addTooltip\":true,\"heatMaxZoom\":16,\"heatMinOpacity\":0.1,\"heatRadius\":25,\"heatBlur\":15,\"heatNormalizeData\":true,\"wms\":{\"enabled\":false,\"url\":\"http://ows.terrestris.de/osm/service\",\"options\":{\"version\":\"1.3.0\",\"layers\":\"OSM-WMS\",\"format\":\"image/png\",\"transparent\":true,\"attribution\":\"© <a href=\\\"http://www.openstreetmap.org/copyright\\\">OpenStreetMap</a> contributors\",\"styles\":\"\"},\"baseLayersAreLoaded\":{},\"tmsLayers\":[{\"id\":\"road_map\",\"url\":\"https://tiles.maps.elastic.co/v2/default/{z}/{x}/{y}.png?elastic_tile_service_tos=agree&my_app_name=kibana&my_app_version=6.4.3&license=9fb155de-424a-423c-a59a-07b920363565\",\"minZoom\":0,\"maxZoom\":18,\"attribution\":\"<p>© <a href=\\\"http://www.openstreetmap.org/copyright\\\">OpenStreetMap</a> contributors | <a href=\\\"https://www.elastic.co/elastic-maps-service\\\">Elastic Maps Service</a></p>
\",\"subdomains\":[]}],\"selectedTmsLayer\":{\"id\":\"road_map\",\"url\":\"https://tiles.maps.elastic.co/v2/default/{z}/{x}/{y}.png?elastic_tile_service_tos=agree&my_app_name=kibana&my_app_version=6.4.3&license=9fb155de-424a-423c-a59a-07b920363565\",\"minZoom\":0,\"maxZoom\":18,\"attribution\":\"<p>© <a href=\\\"http://www.openstreetmap.org/copyright\\\">OpenStreetMap</a> contributors | <a href=\\\"https://www.elastic.co/elastic-maps-service\\\">Elastic Maps Service</a></p>
\",\"subdomains\":[]}},\"legendPosition\":\"bottomright\",\"mapZoom\":2,\"mapCenter\":[0,0],\"colorSchema\":\"Yellow to Red\",\"heatClusterSize\":1.5},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"geohash_grid\",\"schema\":\"segment\",\"params\":{\"field\":\"geoip.location\",\"autoPrecision\":true,\"isFilteredByCollar\":true,\"useGeocentroid\":true,\"mapZoom\":2,\"mapCenter\":{\"lon\":0,\"lat\":-0.17578097424708533},\"precision\":2}}]}",
 | |
|       "uiStateJSON": "{}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "Cowrie-Logs",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "ConPot-Map",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Conpot Attack Map",
 | |
|       "visState": "{\"title\":\"Conpot Attack Map\",\"type\":\"tile_map\",\"params\":{\"mapType\":\"Shaded Circle Markers\",\"isDesaturated\":false,\"addTooltip\":true,\"heatMaxZoom\":16,\"heatMinOpacity\":0.1,\"heatRadius\":25,\"heatBlur\":15,\"heatNormalizeData\":true,\"wms\":{\"enabled\":false,\"url\":\"http://ows.terrestris.de/osm/service\",\"options\":{\"version\":\"1.3.0\",\"layers\":\"OSM-WMS\",\"format\":\"image/png\",\"transparent\":true,\"attribution\":\"© <a href=\\\"http://www.openstreetmap.org/copyright\\\">OpenStreetMap</a> contributors\",\"styles\":\"\"},\"baseLayersAreLoaded\":{},\"tmsLayers\":[{\"id\":\"road_map\",\"url\":\"https://tiles.maps.elastic.co/v2/default/{z}/{x}/{y}.png?elastic_tile_service_tos=agree&my_app_name=kibana&my_app_version=6.4.3&license=9fb155de-424a-423c-a59a-07b920363565\",\"minZoom\":0,\"maxZoom\":18,\"attribution\":\"<p>© <a href=\\\"http://www.openstreetmap.org/copyright\\\">OpenStreetMap</a> contributors | <a href=\\\"https://www.elastic.co/elastic-maps-service\\\">Elastic Maps Service</a></p>
\",\"subdomains\":[]}],\"selectedTmsLayer\":{\"id\":\"road_map\",\"url\":\"https://tiles.maps.elastic.co/v2/default/{z}/{x}/{y}.png?elastic_tile_service_tos=agree&my_app_name=kibana&my_app_version=6.4.3&license=9fb155de-424a-423c-a59a-07b920363565\",\"minZoom\":0,\"maxZoom\":18,\"attribution\":\"<p>© <a href=\\\"http://www.openstreetmap.org/copyright\\\">OpenStreetMap</a> contributors | <a href=\\\"https://www.elastic.co/elastic-maps-service\\\">Elastic Maps Service</a></p>
\",\"subdomains\":[]}},\"legendPosition\":\"bottomright\",\"mapZoom\":2,\"mapCenter\":[0,0],\"colorSchema\":\"Yellow to Red\",\"heatClusterSize\":1.5},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"geohash_grid\",\"schema\":\"segment\",\"params\":{\"field\":\"geoip.location\",\"autoPrecision\":true,\"isFilteredByCollar\":true,\"useGeocentroid\":true,\"mapZoom\":2,\"mapCenter\":{\"lon\":0,\"lat\":-0.17578097424708533},\"precision\":2}}]}",
 | |
|       "uiStateJSON": "{}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "ConPot-Logs",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "ConPot-Response-Top-10",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Conpot Response - Top 10",
 | |
|       "visState": "{\"title\":\"Conpot Response - Top 10\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"CNT\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"response.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Response\"}}]}",
 | |
|       "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "ConPot-Logs",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "Cowrie-Password-Tagcloud-Large",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Cowrie Password Tagcloud",
 | |
|       "visState": "{\"title\":\"Cowrie Password Tagcloud\",\"type\":\"tagcloud\",\"params\":{\"textScale\":\"sqrt\",\"orientations\":1,\"fromDegree\":0,\"toDegree\":0,\"font\":\"serif\",\"fontStyle\":\"normal\",\"fontWeight\":\"normal\",\"timeInterval\":500,\"spiral\":\"rectangular\",\"minFontSize\":16,\"maxFontSize\":64,\"scale\":\"linear\",\"orientation\":\"single\",\"showLabel\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"password.keyword\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}",
 | |
|       "uiStateJSON": "{\"spy\":{\"mode\":{\"name\":null,\"fill\":false}}}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "Cowrie-Logs",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "Cowrie-Username-Tagcloud-Large",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Cowrie Username Tagcloud",
 | |
|       "visState": "{\"title\":\"Cowrie Username Tagcloud\",\"type\":\"tagcloud\",\"params\":{\"textScale\":\"sqrt\",\"orientations\":1,\"fromDegree\":\"0\",\"toDegree\":\"0\",\"font\":\"serif\",\"fontStyle\":\"normal\",\"fontWeight\":\"normal\",\"timeInterval\":\"500\",\"spiral\":\"rectangular\",\"minFontSize\":16,\"maxFontSize\":64,\"scale\":\"linear\",\"orientation\":\"single\",\"showLabel\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"username.keyword\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"\"}}]}",
 | |
|       "uiStateJSON": "{}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "Cowrie-Logs",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "Dionaea-Username-Tagcloud-Large",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Dionaea Username Tagcloud",
 | |
|       "visState": "{\"title\":\"Dionaea Username Tagcloud\",\"type\":\"tagcloud\",\"params\":{\"font\":\"serif\",\"fontStyle\":\"normal\",\"fontWeight\":\"normal\",\"fromDegree\":0,\"maxFontSize\":64,\"minFontSize\":16,\"orientations\":1,\"spiral\":\"rectangular\",\"textScale\":\"sqrt\",\"timeInterval\":500,\"toDegree\":0,\"scale\":\"linear\",\"orientation\":\"single\",\"showLabel\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"username.keyword\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}",
 | |
|       "uiStateJSON": "{}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "Dionaea-Logs",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "Dionaea-Password-Tagcloud-Large",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Dionaea Password Tagcloud",
 | |
|       "visState": "{\"title\":\"Dionaea Password Tagcloud\",\"type\":\"tagcloud\",\"params\":{\"textScale\":\"sqrt\",\"orientations\":1,\"fromDegree\":0,\"toDegree\":0,\"font\":\"serif\",\"fontStyle\":\"normal\",\"fontWeight\":\"normal\",\"timeInterval\":500,\"spiral\":\"rectangular\",\"minFontSize\":16,\"maxFontSize\":64,\"scale\":\"linear\",\"orientation\":\"single\",\"showLabel\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"password.keyword\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}",
 | |
|       "uiStateJSON": "{}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "Dionaea-Logs",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "e9e534d0-6356-11e8-be86-73985bedf977",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Tanner URI - Top 10",
 | |
|       "visState": "{\"title\":\"Tanner URI - Top 10\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"CNT\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"path.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"URI\"}}]}",
 | |
|       "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "d800f130-633f-11e8-be86-73985bedf977",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "e4b7cf40-8b52-11e7-b92d-d39e43e3de0f",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Rdpy Attack Map",
 | |
|       "visState": "{\"title\":\"Rdpy Attack Map\",\"type\":\"tile_map\",\"params\":{\"mapType\":\"Shaded Circle Markers\",\"isDesaturated\":false,\"addTooltip\":true,\"heatMaxZoom\":16,\"heatMinOpacity\":0.1,\"heatRadius\":25,\"heatBlur\":15,\"heatNormalizeData\":true,\"wms\":{\"enabled\":false,\"url\":\"http://ows.terrestris.de/osm/service\",\"options\":{\"version\":\"1.3.0\",\"layers\":\"OSM-WMS\",\"format\":\"image/png\",\"transparent\":true,\"attribution\":\"© <a href=\\\"http://www.openstreetmap.org/copyright\\\">OpenStreetMap</a> contributors\",\"styles\":\"\"},\"baseLayersAreLoaded\":{},\"tmsLayers\":[{\"id\":\"road_map\",\"url\":\"https://tiles.maps.elastic.co/v2/default/{z}/{x}/{y}.png?elastic_tile_service_tos=agree&my_app_name=kibana&my_app_version=6.4.3&license=9fb155de-424a-423c-a59a-07b920363565\",\"minZoom\":0,\"maxZoom\":18,\"attribution\":\"<p>© <a href=\\\"http://www.openstreetmap.org/copyright\\\">OpenStreetMap</a> contributors | <a href=\\\"https://www.elastic.co/elastic-maps-service\\\">Elastic Maps Service</a></p>
\",\"subdomains\":[]}],\"selectedTmsLayer\":{\"id\":\"road_map\",\"url\":\"https://tiles.maps.elastic.co/v2/default/{z}/{x}/{y}.png?elastic_tile_service_tos=agree&my_app_name=kibana&my_app_version=6.4.3&license=9fb155de-424a-423c-a59a-07b920363565\",\"minZoom\":0,\"maxZoom\":18,\"attribution\":\"<p>© <a href=\\\"http://www.openstreetmap.org/copyright\\\">OpenStreetMap</a> contributors | <a href=\\\"https://www.elastic.co/elastic-maps-service\\\">Elastic Maps Service</a></p>
\",\"subdomains\":[]}},\"legendPosition\":\"bottomright\",\"mapZoom\":2,\"mapCenter\":[0,0],\"colorSchema\":\"Yellow to Red\",\"heatClusterSize\":1.5},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"geohash_grid\",\"schema\":\"segment\",\"params\":{\"field\":\"geoip.location\",\"autoPrecision\":true,\"isFilteredByCollar\":true,\"useGeocentroid\":true,\"mapZoom\":2,\"mapCenter\":{\"lon\":0,\"lat\":-0.17578097424708533},\"precision\":2}}]}",
 | |
|       "uiStateJSON": "{}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "aa750980-8ab5-11e7-8fef-33e989079c7d",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "e624bc50-7dd6-11e7-bee2-c98307c16efa",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Suricata Alert Category Histogram",
 | |
|       "visState": "{\"title\":\"Suricata Alert Category Histogram\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"Timestamp\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"square root\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"type\":\"histogram\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"alert.category.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\"Timestamp\"}}]}",
 | |
|       "uiStateJSON": "{}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "Suricata-Logs",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "Glastopf-Map",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Glastopf Attack Map",
 | |
|       "visState": "{\"title\":\"Glastopf Attack Map\",\"type\":\"tile_map\",\"params\":{\"mapType\":\"Scaled Circle Markers\",\"isDesaturated\":false,\"addTooltip\":true,\"heatMaxZoom\":16,\"heatMinOpacity\":0.1,\"heatRadius\":25,\"heatBlur\":15,\"heatNormalizeData\":true,\"wms\":{\"enabled\":false,\"url\":\"http://ows.terrestris.de/osm/service\",\"options\":{\"version\":\"1.3.0\",\"layers\":\"OSM-WMS\",\"format\":\"image/png\",\"transparent\":true,\"attribution\":\"© <a href=\\\"http://www.openstreetmap.org/copyright\\\">OpenStreetMap</a> contributors\",\"styles\":\"\"},\"baseLayersAreLoaded\":{},\"tmsLayers\":[{\"id\":\"road_map\",\"url\":\"https://tiles.maps.elastic.co/v2/default/{z}/{x}/{y}.png?elastic_tile_service_tos=agree&my_app_name=kibana&my_app_version=6.4.3&license=9fb155de-424a-423c-a59a-07b920363565\",\"minZoom\":0,\"maxZoom\":18,\"attribution\":\"<p>© <a href=\\\"http://www.openstreetmap.org/copyright\\\">OpenStreetMap</a> contributors | <a href=\\\"https://www.elastic.co/elastic-maps-service\\\">Elastic Maps Service</a></p>
\",\"subdomains\":[]}],\"selectedTmsLayer\":{\"id\":\"road_map\",\"url\":\"https://tiles.maps.elastic.co/v2/default/{z}/{x}/{y}.png?elastic_tile_service_tos=agree&my_app_name=kibana&my_app_version=6.4.3&license=9fb155de-424a-423c-a59a-07b920363565\",\"minZoom\":0,\"maxZoom\":18,\"attribution\":\"<p>© <a href=\\\"http://www.openstreetmap.org/copyright\\\">OpenStreetMap</a> contributors | <a href=\\\"https://www.elastic.co/elastic-maps-service\\\">Elastic Maps Service</a></p>
\",\"subdomains\":[]}},\"legendPosition\":\"bottomright\",\"mapZoom\":2,\"mapCenter\":[0,0],\"colorSchema\":\"Yellow to Red\",\"heatClusterSize\":1.5},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"geohash_grid\",\"schema\":\"segment\",\"params\":{\"field\":\"geoip.location\",\"autoPrecision\":true,\"isFilteredByCollar\":true,\"useGeocentroid\":true,\"mapZoom\":2,\"mapCenter\":{\"lon\":0,\"lat\":-0.17578097424708533},\"precision\":2}}]}",
 | |
|       "uiStateJSON": "{}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "Glastopf-Logs",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "f8e24f20-634e-11e8-be86-73985bedf977",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Tanner Attack Map",
 | |
|       "visState": "{\"title\":\"Tanner Attack Map\",\"type\":\"tile_map\",\"params\":{\"mapType\":\"Shaded Circle Markers\",\"isDesaturated\":false,\"addTooltip\":true,\"heatMaxZoom\":16,\"heatMinOpacity\":0.1,\"heatRadius\":25,\"heatBlur\":15,\"heatNormalizeData\":true,\"wms\":{\"enabled\":false,\"url\":\"http://ows.terrestris.de/osm/service\",\"options\":{\"version\":\"1.3.0\",\"layers\":\"OSM-WMS\",\"format\":\"image/png\",\"transparent\":true,\"attribution\":\"© <a href=\\\"http://www.openstreetmap.org/copyright\\\">OpenStreetMap</a> contributors\",\"styles\":\"\"},\"baseLayersAreLoaded\":{},\"tmsLayers\":[{\"id\":\"road_map\",\"url\":\"https://tiles.maps.elastic.co/v2/default/{z}/{x}/{y}.png?elastic_tile_service_tos=agree&my_app_name=kibana&my_app_version=6.2.4\",\"minZoom\":0,\"maxZoom\":10,\"attribution\":\"<p>© <a href=\\\"http://www.openstreetmap.org/copyright\\\">OpenStreetMap</a> contributors | <a href=\\\"https://www.elastic.co/elastic-maps-service\\\">Elastic Maps Service</a></p>
\",\"subdomains\":[]}],\"selectedTmsLayer\":{\"id\":\"road_map\",\"url\":\"https://tiles.maps.elastic.co/v2/default/{z}/{x}/{y}.png?elastic_tile_service_tos=agree&my_app_name=kibana&my_app_version=6.2.4\",\"minZoom\":0,\"maxZoom\":10,\"attribution\":\"<p>© <a href=\\\"http://www.openstreetmap.org/copyright\\\">OpenStreetMap</a> contributors | <a href=\\\"https://www.elastic.co/elastic-maps-service\\\">Elastic Maps Service</a></p>
\",\"subdomains\":[]}},\"legendPosition\":\"bottomright\",\"mapZoom\":2,\"mapCenter\":[0,0],\"heatClusterSize\":1.5,\"colorSchema\":\"Yellow to Red\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"geohash_grid\",\"schema\":\"segment\",\"params\":{\"field\":\"geoip.location\",\"autoPrecision\":true,\"isFilteredByCollar\":true,\"useGeocentroid\":true,\"mapZoom\":2,\"mapCenter\":{\"lon\":0,\"lat\":-0.17578097424708533},\"precision\":2}}]}",
 | |
|       "uiStateJSON": "{}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "d800f130-633f-11e8-be86-73985bedf977",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "ElasticPot-Query-Top-10",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "ElasticPot Query - Top 10",
 | |
|       "visState": "{\"title\":\"ElasticPot Query - Top 10\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"CNT\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"honeypot.query.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Query\"}}],\"listeners\":{}}",
 | |
|       "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "ElasticPot-Logs",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "f4444100-e858-11e8-97df-bbc3de28ece0",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Glutton Handler",
 | |
|       "visState": "{\"title\":\"Glutton Handler\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":true,\"legendPosition\":\"right\",\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"handler.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}",
 | |
|       "uiStateJSON": "{}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "385ea460-ad22-11e8-942c-a39712fa9ddf",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[]}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "NGINX-HTTP-Method-Pie-Top-10",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "NGINX HTTP Method Pie - Top 10",
 | |
|       "visState": "{\"title\":\"NGINX HTTP Method Pie - Top 10\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":true,\"legendPosition\":\"right\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"request_method.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}",
 | |
|       "uiStateJSON": "{}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "NGINX-Logs",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "NGINX-Countries-Top-10",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "NGINX Countries - Top 10",
 | |
|       "visState": "{\"title\":\"NGINX Countries - Top 10\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":true,\"legendPosition\":\"right\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"geoip.country_name.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}",
 | |
|       "uiStateJSON": "{}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "NGINX-Logs",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "NGINX-HTTP-Status-Code-Pie-Top-10",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "NGINX HTTP Status Code Pie - Top 10",
 | |
|       "visState": "{\n  \"title\": \"NGINX HTTP Status Code Pie - Top 10\",\n  \"type\": \"pie\",\n  \"params\": {\n    \"shareYAxis\": true,\n    \"addTooltip\": true,\n    \"addLegend\": true,\n    \"isDonut\": true,\n    \"legendPosition\": \"right\"\n  },\n  \"aggs\": [\n    {\n      \"id\": \"1\",\n      \"enabled\": true,\n      \"type\": \"count\",\n      \"schema\": \"metric\",\n      \"params\": {}\n    },\n    {\n      \"id\": \"2\",\n      \"enabled\": true,\n      \"type\": \"terms\",\n      \"schema\": \"segment\",\n      \"params\": {\n        \"field\": \"status\",\n        \"size\": 10,\n        \"order\": \"desc\",\n        \"orderBy\": \"1\"\n      }\n    }\n  ],\n  \"listeners\": {}\n}",
 | |
|       "uiStateJSON": "{}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "NGINX-Logs",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "NGINX-HTTP-User-Agent-Pie-Top-10",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "NGINX HTTP User Agent Pie - Top 10",
 | |
|       "visState": "{\"title\":\"NGINX HTTP User Agent Pie - Top 10\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":true,\"legendPosition\":\"right\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"http_user_agent.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}",
 | |
|       "uiStateJSON": "{}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "NGINX-Logs",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "Suricata-SSH-Client-Software-Version-Pie-Top-10",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Suricata SSH Client Software Version Pie - Top 10",
 | |
|       "visState": "{\"title\":\"Suricata SSH Client Software Version Pie - Top 10\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":true,\"legendPosition\":\"right\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"ssh.client.software_version.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}",
 | |
|       "uiStateJSON": "{}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "Suricata-Logs",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "NGINX-Source-IP-Top-10",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "NGINX Source IP - Top 10",
 | |
|       "visState": "{\"title\":\"NGINX Source IP - Top 10\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"CNT\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"src_ip.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source IP\"}}],\"listeners\":{}}",
 | |
|       "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "NGINX-Logs",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "Suricata-HTTP-Hostname-Pie-Top-10",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Suricata HTTP Hostname Pie - Top 10",
 | |
|       "visState": "{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"field\":\"http.hostname.keyword\",\"order\":\"desc\",\"orderBy\":\"1\",\"size\":10},\"schema\":\"segment\",\"type\":\"terms\"}],\"listeners\":{},\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"legendPosition\":\"right\",\"shareYAxis\":true},\"title\":\"Suricata HTTP Hostname Pie - Top 10\",\"type\":\"pie\"}",
 | |
|       "uiStateJSON": "{}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "Suricata-Logs",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "Suricata-Fileinfo-Magic-Top-10",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Suricata Fileinfo Magic - Top 10",
 | |
|       "visState": "{\"title\":\"Suricata Fileinfo Magic - Top 10\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":true,\"legendPosition\":\"right\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"fileinfo.magic.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}",
 | |
|       "uiStateJSON": "{}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "Suricata-Logs",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "Suricata-Countries-Top-10",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Suricata Countries - Top 10",
 | |
|       "visState": "{\"title\":\"Suricata Countries - Top 10\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":true,\"legendPosition\":\"right\",\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"geoip.country_name.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}]}",
 | |
|       "uiStateJSON": "{}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "Suricata-Logs",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "Suricata-Source-IP-Top-10",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Suricata Source IP - Top 10",
 | |
|       "visState": "{\"title\":\"Suricata Source IP - Top 10\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"CNT\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"src_ip.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source IP\"}}],\"listeners\":{}}",
 | |
|       "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "Suricata-Logs",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "Suricata-HTTP-Method-Pie-Top-10",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Suricata HTTP Method Pie - Top 10",
 | |
|       "visState": "{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"field\":\"http.http_method.keyword\",\"order\":\"desc\",\"orderBy\":\"1\",\"size\":10},\"schema\":\"segment\",\"type\":\"terms\"}],\"listeners\":{},\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"legendPosition\":\"right\",\"shareYAxis\":true},\"title\":\"Suricata HTTP Method Pie - Top 10\",\"type\":\"pie\"}",
 | |
|       "uiStateJSON": "{}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "Suricata-Logs",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "P0f-OS-Top-10",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "P0f OS Distribution",
 | |
|       "visState": "{\"title\":\"P0f OS Distribution\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":true,\"legendPosition\":\"right\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"os.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}",
 | |
|       "uiStateJSON": "{}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "P0f-Logs",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "Suricata-HTTP-User-Agent-Pie-Top-10",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Suricata HTTP User Agent Pie - Top 10",
 | |
|       "visState": "{\"title\":\"Suricata HTTP User Agent Pie - Top 10\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":true,\"legendPosition\":\"right\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"http.http_user_agent.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}",
 | |
|       "uiStateJSON": "{}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "Suricata-Logs",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "Suricata-HTTP-Content-Type-Top-10",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Suricata HTTP Content Type - Top 10",
 | |
|       "visState": "{\"title\":\"Suricata HTTP Content Type - Top 10\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":true,\"legendPosition\":\"right\",\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":200}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"http.http_content_type.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}]}",
 | |
|       "uiStateJSON": "{}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "Suricata-Logs",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "ElasticPot-Map",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "ElasticPot Attack Map",
 | |
|       "visState": "{\"title\":\"ElasticPot Attack Map\",\"type\":\"tile_map\",\"params\":{\"mapType\":\"Shaded Circle Markers\",\"isDesaturated\":false,\"addTooltip\":true,\"heatMaxZoom\":16,\"heatMinOpacity\":0.1,\"heatRadius\":25,\"heatBlur\":15,\"heatNormalizeData\":true,\"wms\":{\"enabled\":false,\"url\":\"http://ows.terrestris.de/osm/service\",\"options\":{\"version\":\"1.3.0\",\"layers\":\"OSM-WMS\",\"format\":\"image/png\",\"transparent\":true,\"attribution\":\"© <a href=\\\"http://www.openstreetmap.org/copyright\\\">OpenStreetMap</a> contributors\",\"styles\":\"\"},\"baseLayersAreLoaded\":{},\"tmsLayers\":[{\"id\":\"road_map\",\"url\":\"https://tiles.maps.elastic.co/v2/default/{z}/{x}/{y}.png?elastic_tile_service_tos=agree&my_app_name=kibana&my_app_version=6.4.3&license=9fb155de-424a-423c-a59a-07b920363565\",\"minZoom\":0,\"maxZoom\":18,\"attribution\":\"<p>© <a href=\\\"http://www.openstreetmap.org/copyright\\\">OpenStreetMap</a> contributors | <a href=\\\"https://www.elastic.co/elastic-maps-service\\\">Elastic Maps Service</a></p>
\",\"subdomains\":[]}],\"selectedTmsLayer\":{\"id\":\"road_map\",\"url\":\"https://tiles.maps.elastic.co/v2/default/{z}/{x}/{y}.png?elastic_tile_service_tos=agree&my_app_name=kibana&my_app_version=6.4.3&license=9fb155de-424a-423c-a59a-07b920363565\",\"minZoom\":0,\"maxZoom\":18,\"attribution\":\"<p>© <a href=\\\"http://www.openstreetmap.org/copyright\\\">OpenStreetMap</a> contributors | <a href=\\\"https://www.elastic.co/elastic-maps-service\\\">Elastic Maps Service</a></p>
\",\"subdomains\":[]}},\"legendPosition\":\"bottomright\",\"mapZoom\":2,\"mapCenter\":[0,0],\"colorSchema\":\"Yellow to Red\",\"heatClusterSize\":1.5},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"geohash_grid\",\"schema\":\"segment\",\"params\":{\"field\":\"geoip.location\",\"autoPrecision\":true,\"isFilteredByCollar\":true,\"useGeocentroid\":true,\"mapZoom\":2,\"mapCenter\":{\"lon\":0,\"lat\":-0.17578097424708533},\"precision\":2}}]}",
 | |
|       "uiStateJSON": "{}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "ElasticPot-Logs",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "NGINX-Events-Histogram",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "NGINX Events Histogram",
 | |
|       "visState": "{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{\"customLabel\":\"Events\"},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"customInterval\":\"2h\",\"customLabel\":\"Timestamp\",\"extended_bounds\":{},\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1},\"schema\":\"segment\",\"type\":\"date_histogram\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"customLabel\":\"Unique Src IPs\",\"field\":\"src_ip.keyword\"},\"schema\":\"metric\",\"type\":\"cardinality\"}],\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Timestamp\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"right\",\"radiusRatio\":9,\"scale\":\"square root\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Events\"},\"drawLinesBetweenPoints\":true,\"mode\":\"normal\",\"show\":\"true\",\"showCircles\":true,\"type\":\"line\",\"valueAxis\":\"ValueAxis-1\"},{\"data\":{\"id\":\"3\",\"label\":\"Unique Src IPs\"},\"drawLinesBetweenPoints\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"mode\":\"normal\",\"show\":true,\"showCircles\":true,\"type\":\"line\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"shareYAxis\":true,\"showCircles\":true,\"smoothLines\":false,\"times\":[],\"type\":\"line\",\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"square root\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"\"},\"type\":\"value\"}],\"yAxis\":{}},\"title\":\"NGINX Events Histogram\",\"type\":\"line\"}",
 | |
|       "uiStateJSON": "{}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "NGINX-Logs",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[]}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "Honeytrap-Map",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Honeytrap Attack Map",
 | |
|       "visState": "{\"title\":\"Honeytrap Attack Map\",\"type\":\"tile_map\",\"params\":{\"mapType\":\"Shaded Circle Markers\",\"isDesaturated\":false,\"addTooltip\":true,\"heatMaxZoom\":16,\"heatMinOpacity\":0.1,\"heatRadius\":25,\"heatBlur\":15,\"heatNormalizeData\":true,\"wms\":{\"enabled\":false,\"url\":\"http://ows.terrestris.de/osm/service\",\"options\":{\"version\":\"1.3.0\",\"layers\":\"OSM-WMS\",\"format\":\"image/png\",\"transparent\":true,\"attribution\":\"© <a href=\\\"http://www.openstreetmap.org/copyright\\\">OpenStreetMap</a> contributors\",\"styles\":\"\"},\"baseLayersAreLoaded\":{},\"tmsLayers\":[{\"id\":\"road_map\",\"url\":\"https://tiles.maps.elastic.co/v2/default/{z}/{x}/{y}.png?elastic_tile_service_tos=agree&my_app_name=kibana&my_app_version=6.4.3&license=9fb155de-424a-423c-a59a-07b920363565\",\"minZoom\":0,\"maxZoom\":18,\"attribution\":\"<p>© <a href=\\\"http://www.openstreetmap.org/copyright\\\">OpenStreetMap</a> contributors | <a href=\\\"https://www.elastic.co/elastic-maps-service\\\">Elastic Maps Service</a></p>
\",\"subdomains\":[]}],\"selectedTmsLayer\":{\"id\":\"road_map\",\"url\":\"https://tiles.maps.elastic.co/v2/default/{z}/{x}/{y}.png?elastic_tile_service_tos=agree&my_app_name=kibana&my_app_version=6.4.3&license=9fb155de-424a-423c-a59a-07b920363565\",\"minZoom\":0,\"maxZoom\":18,\"attribution\":\"<p>© <a href=\\\"http://www.openstreetmap.org/copyright\\\">OpenStreetMap</a> contributors | <a href=\\\"https://www.elastic.co/elastic-maps-service\\\">Elastic Maps Service</a></p>
\",\"subdomains\":[]}},\"legendPosition\":\"bottomright\",\"mapZoom\":2,\"mapCenter\":[0,0],\"colorSchema\":\"Yellow to Red\",\"heatClusterSize\":1.5},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"geohash_grid\",\"schema\":\"segment\",\"params\":{\"field\":\"geoip.location\",\"autoPrecision\":true,\"isFilteredByCollar\":true,\"useGeocentroid\":true,\"mapZoom\":2,\"mapCenter\":{\"lon\":0,\"lat\":-0.17578097424708533},\"precision\":2}}]}",
 | |
|       "uiStateJSON": "{}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "Honeytrap-Logs",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "NGINX-Events-by-Country-Histogram",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "NGINX Events by Country Histogram",
 | |
|       "visState": "{\"title\":\"NGINX Events by Country Histogram\",\"type\":\"area\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Timestamp\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"right\",\"radiusRatio\":9,\"scale\":\"square root\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"drawLinesBetweenPoints\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"mode\":\"normal\",\"show\":\"true\",\"showCircles\":true,\"type\":\"area\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"shareYAxis\":true,\"showCircles\":true,\"smoothLines\":false,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"square root\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"\"},\"type\":\"value\"}],\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"geoip.country_name.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\"Timestamp\"}}],\"listeners\":{}}",
 | |
|       "uiStateJSON": "{}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "NGINX-Logs",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "Suricata-Events-by-Country-Histogram",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Suricata Events by Country Histogram",
 | |
|       "visState": "{\"title\":\"Suricata Events by Country Histogram\",\"type\":\"area\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Timestamp\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"right\",\"radiusRatio\":9,\"scale\":\"square root\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"drawLinesBetweenPoints\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"mode\":\"normal\",\"show\":\"true\",\"showCircles\":true,\"type\":\"area\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"shareYAxis\":true,\"showCircles\":true,\"smoothLines\":false,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"square root\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"\"},\"type\":\"value\"}],\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"geoip.country_name.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\"Timestamp\"}}],\"listeners\":{}}",
 | |
|       "uiStateJSON": "{}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "Suricata-Logs",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "Suricata-Events-Histogram",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Suricata Events Histogram",
 | |
|       "visState": "{\"title\":\"Suricata Events Histogram\",\"type\":\"line\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Timestamp\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"right\",\"radiusRatio\":9,\"scale\":\"square root\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Events\"},\"drawLinesBetweenPoints\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"mode\":\"normal\",\"show\":\"true\",\"showCircles\":true,\"type\":\"line\",\"valueAxis\":\"ValueAxis-1\"},{\"data\":{\"id\":\"3\",\"label\":\"Unique Src IPs\"},\"drawLinesBetweenPoints\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"mode\":\"normal\",\"show\":true,\"showCircles\":true,\"type\":\"line\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"shareYAxis\":true,\"showCircles\":true,\"smoothLines\":false,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"square root\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"\"},\"type\":\"value\"}],\"yAxis\":{},\"type\":\"line\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Events\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\"Timestamp\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"src_ip.keyword\",\"customLabel\":\"Unique Src IPs\"}}]}",
 | |
|       "uiStateJSON": "{}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "Suricata-Logs",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "Suricata-Alert-Signature-Top-10",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Suricata Alert Signature - Top 10",
 | |
|       "visState": "{\"title\":\"Suricata Alert Signature - Top 10\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"CNT\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"alert.signature_id\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"ID\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"alert.signature.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Description\"}}],\"listeners\":{}}",
 | |
|       "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "Suricata-Logs",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "NGINX-Map",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "NGINX Attack Map",
 | |
|       "visState": "{\"title\":\"NGINX Attack Map\",\"type\":\"tile_map\",\"params\":{\"mapType\":\"Shaded Circle Markers\",\"isDesaturated\":false,\"addTooltip\":true,\"heatMaxZoom\":16,\"heatMinOpacity\":0.1,\"heatRadius\":25,\"heatBlur\":15,\"heatNormalizeData\":true,\"wms\":{\"enabled\":false,\"url\":\"http://ows.terrestris.de/osm/service\",\"options\":{\"version\":\"1.3.0\",\"layers\":\"OSM-WMS\",\"format\":\"image/png\",\"transparent\":true,\"attribution\":\"© <a href=\\\"http://www.openstreetmap.org/copyright\\\">OpenStreetMap</a> contributors\",\"styles\":\"\"},\"baseLayersAreLoaded\":{},\"tmsLayers\":[{\"id\":\"road_map\",\"url\":\"https://tiles.maps.elastic.co/v2/default/{z}/{x}/{y}.png?elastic_tile_service_tos=agree&my_app_name=kibana&my_app_version=6.4.3&license=9fb155de-424a-423c-a59a-07b920363565\",\"minZoom\":0,\"maxZoom\":18,\"attribution\":\"<p>© <a href=\\\"http://www.openstreetmap.org/copyright\\\">OpenStreetMap</a> contributors | <a href=\\\"https://www.elastic.co/elastic-maps-service\\\">Elastic Maps Service</a></p>
\",\"subdomains\":[]}],\"selectedTmsLayer\":{\"id\":\"road_map\",\"url\":\"https://tiles.maps.elastic.co/v2/default/{z}/{x}/{y}.png?elastic_tile_service_tos=agree&my_app_name=kibana&my_app_version=6.4.3&license=9fb155de-424a-423c-a59a-07b920363565\",\"minZoom\":0,\"maxZoom\":18,\"attribution\":\"<p>© <a href=\\\"http://www.openstreetmap.org/copyright\\\">OpenStreetMap</a> contributors | <a href=\\\"https://www.elastic.co/elastic-maps-service\\\">Elastic Maps Service</a></p>
\",\"subdomains\":[]}},\"legendPosition\":\"bottomright\",\"mapZoom\":2,\"mapCenter\":[0,0],\"colorSchema\":\"Yellow to Red\",\"heatClusterSize\":1.5},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"geohash_grid\",\"schema\":\"segment\",\"params\":{\"field\":\"geoip.location\",\"autoPrecision\":true,\"isFilteredByCollar\":true,\"useGeocentroid\":true,\"mapZoom\":2,\"mapCenter\":{\"lon\":0,\"lat\":-0.17578097424708533},\"precision\":2}}]}",
 | |
|       "uiStateJSON": "{}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "NGINX-Logs",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "NGINX-Username-Tagcloud",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "NGINX Username Tagcloud",
 | |
|       "visState": "{\"title\":\"NGINX Username Tagcloud\",\"type\":\"tagcloud\",\"params\":{\"textScale\":\"linear\",\"orientations\":1,\"fromDegree\":0,\"toDegree\":0,\"font\":\"serif\",\"fontStyle\":\"normal\",\"fontWeight\":\"normal\",\"timeInterval\":500,\"spiral\":\"rectangular\",\"minFontSize\":16,\"maxFontSize\":64,\"scale\":\"linear\",\"orientation\":\"single\",\"showLabel\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"remote_user.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}",
 | |
|       "uiStateJSON": "{}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "NGINX-Logs",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "Suricata-Map",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Suricata Attack Map",
 | |
|       "visState": "{\"title\":\"Suricata Attack Map\",\"type\":\"tile_map\",\"params\":{\"mapType\":\"Shaded Circle Markers\",\"isDesaturated\":false,\"addTooltip\":true,\"heatMaxZoom\":16,\"heatMinOpacity\":0.1,\"heatRadius\":25,\"heatBlur\":15,\"heatNormalizeData\":true,\"wms\":{\"enabled\":false,\"url\":\"http://ows.terrestris.de/osm/service\",\"options\":{\"version\":\"1.3.0\",\"layers\":\"OSM-WMS\",\"format\":\"image/png\",\"transparent\":true,\"attribution\":\"© <a href=\\\"http://www.openstreetmap.org/copyright\\\">OpenStreetMap</a> contributors\",\"styles\":\"\"},\"baseLayersAreLoaded\":{},\"tmsLayers\":[{\"id\":\"road_map\",\"url\":\"https://tiles.maps.elastic.co/v2/default/{z}/{x}/{y}.png?elastic_tile_service_tos=agree&my_app_name=kibana&my_app_version=6.4.3&license=9fb155de-424a-423c-a59a-07b920363565\",\"minZoom\":0,\"maxZoom\":18,\"attribution\":\"<p>© <a href=\\\"http://www.openstreetmap.org/copyright\\\">OpenStreetMap</a> contributors | <a href=\\\"https://www.elastic.co/elastic-maps-service\\\">Elastic Maps Service</a></p>
\",\"subdomains\":[]}],\"selectedTmsLayer\":{\"id\":\"road_map\",\"url\":\"https://tiles.maps.elastic.co/v2/default/{z}/{x}/{y}.png?elastic_tile_service_tos=agree&my_app_name=kibana&my_app_version=6.4.3&license=9fb155de-424a-423c-a59a-07b920363565\",\"minZoom\":0,\"maxZoom\":18,\"attribution\":\"<p>© <a href=\\\"http://www.openstreetmap.org/copyright\\\">OpenStreetMap</a> contributors | <a href=\\\"https://www.elastic.co/elastic-maps-service\\\">Elastic Maps Service</a></p>
\",\"subdomains\":[]}},\"legendPosition\":\"bottomright\",\"mapZoom\":2,\"mapCenter\":[0,0],\"colorSchema\":\"Yellow to Red\",\"heatClusterSize\":1.5},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"geohash_grid\",\"schema\":\"segment\",\"params\":{\"field\":\"geoip.location\",\"autoPrecision\":true,\"isFilteredByCollar\":true,\"useGeocentroid\":true,\"mapZoom\":2,\"mapCenter\":{\"lon\":0,\"lat\":-0.17578097424708533},\"precision\":2}}]}",
 | |
|       "uiStateJSON": "{}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "Suricata-Logs",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "logstash-*",
 | |
|     "_type": "index-pattern",
 | |
|     "_source": {
 | |
|       "title": "logstash-*",
 | |
|       "timeFieldName": "@timestamp",
 | |
|       "fields": "[{\"name\":\"@timestamp\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"@version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ConnectionResetError\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ConnectionResetError.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"NameError\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"NameError.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ValueError\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ValueError.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_index\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_source\",\"type\":\"_source\",\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"alert.action\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"alert.action.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"alert.category\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"alert.category.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"alert.cve_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"alert.cve_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"alert.gid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"alert.rev\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"alert.severity\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"alert.signature\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"alert.signature.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"alert.signature_id\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"app\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"app.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"app_proto\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"app_proto.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"arch\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"arch.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"attack_connection.payload.data_hex\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"attack_connection.payload.data_hex.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"attack_connection.payload.length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"attack_connection.payload.md5_hash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"attack_connection.payload.md5_hash.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"attack_connection.payload.sha512_hash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"attack_connection.payload.sha512_hash.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"attack_connection.protocol\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"attack_connection.protocol.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"auth_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"auth_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"body_bytes_sent\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"body_bytes_sent.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"compCS\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"compCS.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"connection.protocol\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"connection.protocol.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"connection.transport\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"connection.transport.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"connection.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"connection.type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"cookies. cockpit\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"cookies. cockpit.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"cookies. sess_uuid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"cookies. sess_uuid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"cookies.cookie\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"cookies.cookie.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"cookies.path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"cookies.path.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"cookies.sess_uuid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"cookies.sess_uuid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"data_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"data_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dest_ip\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dest_ip.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dest_port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"destfile\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"destfile.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"direction\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"direction.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dist\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dist.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.id\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.rrname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dns.rrname.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.rrtype\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dns.rrtype.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.tx_id\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"dns.type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"download_count\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"download_tries\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"duration\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"email.body_md5\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"email.body_md5.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"email.date\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"email.date.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"email.from\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"email.from.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"email.message_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"email.message_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"email.received\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"email.received.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"email.reply_to\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"email.reply_to.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"email.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"email.status.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"email.subject\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"email.subject.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"email.subject_md5\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"email.subject_md5.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"email.to\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"email.to.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"email.x_mailer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"email.x_mailer.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"encCS\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"encCS.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"end_time\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"event_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"eventid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"eventid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"fileinfo.filename\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"fileinfo.filename.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"fileinfo.gaps\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"fileinfo.magic\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"fileinfo.magic.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"fileinfo.md5\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"fileinfo.md5.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"fileinfo.size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"fileinfo.state\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"fileinfo.state.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"fileinfo.stored\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"fileinfo.tx_id\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"fingerprint\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"fingerprint.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow_id\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ftp.commands.arguments\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ftp.commands.arguments.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ftp.commands.command\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ftp.commands.command.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"geoip.as_org\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"geoip.as_org.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"geoip.asn\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"geoip.city_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"geoip.city_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"geoip.continent_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"geoip.continent_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"geoip.country_code2\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"geoip.country_code2.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"geoip.country_code3\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"geoip.country_code3.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"geoip.country_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"geoip.country_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"geoip.dma_code\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"geoip.ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"geoip.latitude\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"geoip.location\",\"type\":\"geo_point\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"geoip.longitude\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"geoip.postal_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"geoip.postal_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"geoip.region_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"geoip.region_code.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"geoip.region_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"geoip.region_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"geoip.timezone\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"geoip.timezone.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"handle\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"handle.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"handler\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"handler.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"headers.accept\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"headers.accept-charset\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"headers.accept-charset.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"headers.accept-encoding\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"headers.accept-encoding.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"headers.accept-language\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"headers.accept-language.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"headers.accept.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"headers.authorization\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"headers.authorization.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"headers.cache-control\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"headers.cache-control.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"headers.connection\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"headers.connection.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"headers.content-length\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"headers.content-length.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"headers.content-type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"headers.content-type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"headers.cookie\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"headers.cookie.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"headers.dnt\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"headers.dnt.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"headers.expires\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"headers.expires.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"headers.from\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"headers.from.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"headers.host\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"headers.host.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"headers.icy-metadata\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"headers.icy-metadata.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"headers.if\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"headers.if-modified-since\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"headers.if-modified-since.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"headers.if.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"headers.keep-alive\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"headers.keep-alive.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"headers.max-forwards\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"headers.max-forwards.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"headers.mime-version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"headers.mime-version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"headers.origin\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"headers.origin.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"headers.pragma\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"headers.pragma.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"headers.proxy-connection\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"headers.proxy-connection.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"headers.range\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"headers.range.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"headers.referer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"headers.referer.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"headers.tagid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"headers.tagid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"headers.te\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"headers.te.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"headers.upgrade-insecure-requests\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"headers.upgrade-insecure-requests.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"headers.user-agent\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"headers.user-agent.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"headers.via\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"headers.via.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"headers.x-forwarded-for\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"headers.x-forwarded-for.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"headers.x-insight\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"headers.x-insight.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"headers.x-loop-control\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"headers.x-loop-control.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"headers.x-vermeer-content-type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"headers.x-vermeer-content-type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"headers.x-via\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"headers.x-via.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"height\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"honeypot.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"honeypot.name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"honeypot.nodeid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"honeypot.nodeid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"honeypot.postdata\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"honeypot.postdata.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"honeypot.query\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"honeypot.query.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"honeypot.raw\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"honeypot.raw.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"host\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"host.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"hostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"hostname.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.accept_encoding\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"http.accept_encoding.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.accept_language\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"http.accept_language.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.authorization\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"http.authorization.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.from\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"http.from.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.hostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"http.hostname.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.http_content_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"http.http_content_type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.http_method\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"http.http_method.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.http_refer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"http.http_refer.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.http_user_agent\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"http.http_user_agent.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.protocol\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"http.protocol.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.redirect\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"http.redirect.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.status\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.url\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"http.url.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.via\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"http.via.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.xff\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"http.xff.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http_method\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"http_method.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http_referrer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"http_referrer.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http_uri\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"http_uri.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http_user_agent\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"http_user_agent.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"icmp_code\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"icmp_type\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"in_iface\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"in_iface.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"input\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"input.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ip_rep\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ip_rep.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"isError\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"is_virtual\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"kexAlgs\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"kexAlgs.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"key\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"key.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"keyAlgs\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"keyAlgs.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"lang\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"lang.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"langCS\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"langCS.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"level\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"level.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"link\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"link.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"login.password\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"login.password.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"login.username\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"login.username.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"macCS\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"macCS.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"messageBadHTTP/0.9requesttype(\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"messageBadHTTP/0.9requesttype(.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"method\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"method.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"mod\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"mod.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"msg\",\"type\":\"string\",\"count\":2,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"msg.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"operation_mode\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"os\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"os.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"outfile\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"outfile.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"params\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"params.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"password\",\"type\":\"string\",\"count\":1,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"password.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"path\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"path.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"payload_hex\",\"type\":\"string\",\"count\":2,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"payload_hex.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"payload_printable\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"payload_printable.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"post_data.-7\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"post_data.-7.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"post_data.-77\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"post_data.-77.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"post_data.0\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"post_data.0.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"post_data.0o0\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"post_data.0o0.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"post_data.1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"post_data.1.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"post_data.123\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"post_data.123.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"post_data.123456\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"post_data.123456.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"post_data.180217\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"post_data.180217.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"post_data.1989\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"post_data.1989.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"post_data.2\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"post_data.2.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"post_data.23051831\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"post_data.23051831.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"post_data.258\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"post_data.258.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"post_data.321\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"post_data.321.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"post_data.4\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"post_data.4.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"post_data.4875\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"post_data.4875.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"post_data.5\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"post_data.5.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"post_data.520\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"post_data.520.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"post_data.5201314\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"post_data.5201314.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"post_data.905\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"post_data.905.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"post_data.92\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"post_data.92.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"post_data.a\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"post_data.a.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"post_data.aaaa\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"post_data.aaaa.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"post_data.adc\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"post_data.adc.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"post_data.admin\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"post_data.admin.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"post_data.ajax\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"post_data.ajax.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"post_data.ak10\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"post_data.ak10.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"post_data.angge\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"post_data.angge.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"post_data.aotu177\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"post_data.aotu177.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"post_data.authenticity_token\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"post_data.authenticity_token.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"post_data.aw\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"post_data.aw.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"post_data.axa\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"post_data.axa.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"post_data.bbs\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"post_data.bbs.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"post_data.blog_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"post_data.blog_name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"post_data.byshanhun\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"post_data.byshanhun.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"post_data.c\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"post_data.c.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"post_data.caonma\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"post_data.caonma.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"post_data.cc123\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"post_data.cc123.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"post_data.cc1362308\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"post_data.cc1362308.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"post_data.cmd\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"post_data.cmd.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"post_data.cnm\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"post_data.cnm.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"post_data.commit\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"post_data.commit.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"post_data.conflg\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"post_data.conflg.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"post_data.daoen\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"post_data.daoen.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"post_data.diyworld\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"post_data.diyworld.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"post_data.email\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"post_data.email.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"post_data.email_confirmation\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"post_data.email_confirmation.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"post_data.erwa\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"post_data.erwa.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"post_data.eval\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"post_data.eval.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"post_data.excerpt\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"post_data.excerpt.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"post_data.f11\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"post_data.f11.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"post_data.feixiang\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"post_data.feixiang.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"post_data.firstname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"post_data.firstname.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"post_data.form_build_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"post_data.form_build_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"post_data.form_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"post_data.form_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"post_data.fusheng\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"post_data.fusheng.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"post_data.godkey\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"post_data.godkey.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"post_data.h\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"post_data.h.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"post_data.hacker\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"post_data.hacker.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"post_data.hello\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"post_data.hello.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"post_data.hide_mail\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"post_data.hide_mail.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"post_data.hm\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"post_data.hm.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"post_data.js\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"post_data.js.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"post_data.json\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"post_data.json.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"post_data.king\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"post_data.king.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"post_data.l\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"post_data.l.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"post_data.language\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"post_data.language.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"post_data.lastname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"post_data.lastname.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"post_data.leng\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"post_data.leng.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"post_data.lindex\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"post_data.lindex.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"post_data.login\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"post_data.login.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"post_data.lz\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"post_data.lz.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"post_data.m\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"post_data.m.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"post_data.mail\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"post_data.mail.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"post_data.miao\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"post_data.miao.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"post_data.mmp\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"post_data.mmp.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"post_data.mx\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"post_data.mx.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"post_data.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"post_data.name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"post_data.nidie\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"post_data.nidie.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"post_data.none\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"post_data.none.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"post_data.nuoxi\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"post_data.nuoxi.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"post_data.op\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"post_data.op.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"post_data.p1\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"post_data.p1.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"post_data.pass\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"post_data.pass.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"post_data.password\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"post_data.password.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"post_data.password_confirmation\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"post_data.password_confirmation.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"post_data.ppx\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"post_data.ppx.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"post_data.q\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"post_data.q.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"post_data.qiurong\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"post_data.qiurong.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"post_data.qw\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"post_data.qw.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"post_data.qwer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"post_data.qwer.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"post_data.remember_me\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"post_data.remember_me.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"post_data.requesttoken\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"post_data.requesttoken.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"post_data.sdf\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"post_data.sdf.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"post_data.sean\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"post_data.sean.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"post_data.sha\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"post_data.sha.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"post_data.submit\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"post_data.submit.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"post_data.timezone\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"post_data.timezone-offset\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"post_data.timezone-offset.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"post_data.timezone.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"post_data.title\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"post_data.title.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"post_data.tomkey\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"post_data.tomkey.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"post_data.url\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"post_data.url.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"post_data.user\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"post_data.user.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"post_data.username\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"post_data.username.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"post_data.utf8\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"post_data.utf8.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"post_data.value\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"post_data.value.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"post_data.wanan\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"post_data.wanan.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"post_data.weixiao\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"post_data.weixiao.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"post_data.wen\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"post_data.wen.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"post_data.x\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"post_data.x.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"post_data.xiao\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"post_data.xiao.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"post_data.xiaodai\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"post_data.xiaodai.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"post_data.xiaoer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"post_data.xiaoer.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"post_data.xiaopang\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"post_data.xiaopang.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"post_data.xx\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"post_data.xx.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"post_data.zuo\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"post_data.zuo.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"proto\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"proto.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"protocol\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"protocol.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"proxy_connection.local_ip\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"proxy_connection.local_ip.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"proxy_connection.local_port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"proxy_connection.payload.data_hex\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"proxy_connection.payload.data_hex.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"proxy_connection.payload.length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"proxy_connection.payload.md5_hash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"proxy_connection.payload.md5_hash.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"proxy_connection.payload.sha512_hash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"proxy_connection.payload.sha512_hash.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"proxy_connection.protocol\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"proxy_connection.protocol.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"proxy_connection.remote_ip\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"proxy_connection.remote_ip.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"proxy_connection.remote_port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"public_ip\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"public_ip.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"query\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"query.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"raw_freq\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"raw_freq.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"raw_hits\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"raw_hits.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"raw_mtu\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"raw_mtu.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"raw_sig\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"raw_sig.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"reason\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"reason.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"remote_user\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"remote_user.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"request\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"request.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"request_method\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"request_method.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"request_time\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"request_time.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"response\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"response.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"response_msg.response.message.detection.name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"response_msg.response.message.detection.name.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"response_msg.response.message.detection.order\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"response_msg.response.message.detection.payload.headers.email\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"response_msg.response.message.detection.payload.headers.email.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"response_msg.response.message.detection.payload.headers.value\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"response_msg.response.message.detection.payload.headers.value.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"response_msg.response.message.detection.payload.page\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"response_msg.response.message.detection.payload.page.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"response_msg.response.message.detection.payload.value\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"response_msg.response.message.detection.payload.value.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"response_msg.response.message.detection.type\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"response_msg.response.message.detection.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"response_msg.response.message.detection.version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"response_msg.response.message.sess_uuid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"response_msg.response.message.sess_uuid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"response_msg.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"response_msg.version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sensor\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sensor.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sensorID\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sensorID.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"sensorid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"sensorid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"session\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"session.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"session_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"session_id.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"shasum\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"shasum.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"smtp.helo\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smtp.helo.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"smtp.mail_from\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smtp.mail_from.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"smtp.rcpt_to\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smtp.rcpt_to.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"smtp_input\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"smtp_input.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"src_hostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"src_hostname.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"src_ip\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"src_ip.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"src_port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ssh.client.proto_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssh.client.proto_version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ssh.client.software_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssh.client.software_version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ssh.server.proto_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssh.server.proto_version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ssh.server.software_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssh.server.software_version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ssl.SSLError\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ssl.SSLError.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"start_time\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"status\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stream\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"struct.error\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"struct.error.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"subject\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"subject.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"system\",\"type\":\"string\",\"count\":1,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"system.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"t-pot_hostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"t-pot_hostname.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"t-pot_ip_ext\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"t-pot_ip_ext.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"t-pot_ip_int\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"t-pot_ip_int.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tags\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tags.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"timestamp\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tls.fingerprint\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tls.fingerprint.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tls.issuerdn\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tls.issuerdn.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tls.notafter\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tls.notbefore\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tls.serial\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tls.serial.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tls.session_resumed\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tls.sni\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tls.sni.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tls.subject\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tls.subject.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tls.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tls.version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ttylog\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"ttylog.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tunnel.depth\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tunnel.dest_ip\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tunnel.dest_ip.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tunnel.dest_port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tunnel.proto\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tunnel.proto.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tunnel.src_ip\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"tunnel.src_ip.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tunnel.src_port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tx_id\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"type\",\"type\":\"string\",\"count\":1,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"type.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"uptime\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"uptime.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"url\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"url.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"username\",\"type\":\"string\",\"count\":1,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"username.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"uuid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"uuid.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"v=self.send(byte_view.count\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"v=self.send(byte_view.count.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"value\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"value.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"version.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"vnc_handshake\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"vnc_handshake.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"width\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"xff\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"xff.keyword\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true}]",
 | |
|       "fieldFormatMap": "{\"src_ip\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"https://www.talosintelligence.com/reputation_center/lookup?search={{value}}\",\"labelTemplate\":\"{{value}}\"}},\"dst_ip\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"https://www.talosintelligence.com/reputation_center/lookup?search={{value}}\",\"labelTemplate\":\"{{value}}\"}},\"dest_port\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"http://www.speedguide.net/port.php?port={{value}}\",\"labelTemplate\":\"{{value}}\"}},\"src_port\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"http://www.speedguide.net/port.php?port={{value}}\",\"labelTemplate\":\"{{value}}\"}},\"proxy_connection.local_port\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"http://www.speedguide.net/port.php?port={{value}}\",\"labelTemplate\":\"{{value}}\"}},\"proxy_connection.remote_port\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"http://www.speedguide.net/port.php?port={{value}}\",\"labelTemplate\":\"{{value}}\"}},\"alert.signature_id\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"http://doc.emergingthreats.net/bin/view/Main/{{value}}\",\"labelTemplate\":\"{{value}}\"}},\"dest_ip\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"https://www.talosintelligence.com/reputation_center/lookup?search={{value}}\",\"labelTemplate\":\"{{value}}\"}},\"geoip.ip\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"http://www.senderbase.org/lookup/?search_string={{value}}\",\"labelTemplate\":\"{{value}}\"}},\"proxy_connection.local_ip\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"http://www.senderbase.org/lookup/?search_string={{value}}\",\"labelTemplate\":\"{{value}}\"}},\"proxy_connection.remote_ip\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"http://www.senderbase.org/lookup/?search_string={{value}}\",\"labelTemplate\":\"{{value}}\"}},\"geoip.country_name\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"https://en.wikipedia.org/w/index.php?search={{value}}&title=Special:Search&go=Go\",\"labelTemplate\":\"{{value}}\"}},\"geoip.real_region_name\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"https://en.wikipedia.org/w/index.php?search={{value}}&title=Special:Search&go=Go\",\"labelTemplate\":\"{{value}}\"}},\"geoip.city_name\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"https://en.wikipedia.org/w/index.php?search={{value}}&title=Special:Search&go=Go\",\"labelTemplate\":\"{{value}}\"}},\"geoip.number\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"http://mxtoolbox.com/SuperTool.aspx?action=asn%3a{{value}}&run=toolpage\",\"labelTemplate\":\"{{value}}\"}},\"status\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"https://httpstatuses.com/{{value}}\",\"labelTemplate\":\"{{value}}\"}},\"http.status\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"https://httpstatuses.com/{{value}}\",\"labelTemplate\":\"{{value}}\"}},\"dns.rrname\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"http://www.senderbase.org/lookup/?search_string={{value}}\",\"labelTemplate\":\"{{value}}\"}},\"http_user_agent\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"http://ua.theafh.net/list.php?s={{value}}&include=yes&class=abr&do=desc\",\"labelTemplate\":\"{{value}}\"}},\"http.http_user_agent\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"http://ua.theafh.net/list.php?s={{value}}&include=yes&class=abr&do=desc\",\"labelTemplate\":\"{{value}}\"}},\"os\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"https://duckduckgo.com/?q={{value}}&t=h_&ia=web\",\"labelTemplate\":\"{{value}}\"}},\"link\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"https://duckduckgo.com/?q={{value}}&t=h_&ia=web\",\"labelTemplate\":\"{{value}}\"}},\"event_type\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"https://duckduckgo.com/?q={{value}}&t=h_&ia=web\",\"labelTemplate\":\"{{value}}\"}},\"tls.sni\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"https://www.ssllabs.com/ssltest/analyze.html?d={{value}}\",\"labelTemplate\":\"{{value}}\"}},\"tls.version\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"https://duckduckgo.com/?q={{value}}&t=h_&ia=web\",\"labelTemplate\":\"{{value}}\"}},\"src_ip.raw\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"http://www.senderbase.org/lookup/?search_string={{value}}\",\"labelTemplate\":\"{{value}}\"}},\"http_user_agent.raw\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"http://ua.theafh.net/list.php?s={{value}}&include=yes&class=abr&do=desc\",\"labelTemplate\":\"{{value}}\"}},\"geoip.country_name.raw\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"https://en.wikipedia.org/w/index.php?search={{value}}&title=Special:Search&go=Go\",\"labelTemplate\":\"{{value}}\"}},\"geoip.city_name.raw\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"https://en.wikipedia.org/w/index.php?search={{value}}&title=Special:Search&go=Go\",\"labelTemplate\":\"{{value}}\"}},\"status.raw\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"https://httpstatuses.com/{{value}}\",\"labelTemplate\":\"{{value}}\"}},\"geoip.number.raw\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"http://mxtoolbox.com/SuperTool.aspx?action=asn%3a{{value}}&run=toolpage\",\"labelTemplate\":\"{{value}}\"}},\"geoip.asn.raw\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"https://duckduckgo.com/?q={{value}}&t=h_&ia=web\",\"labelTemplate\":\"{{value}}\"}},\"geoip.real_region_name.raw\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"https://en.wikipedia.org/w/index.php?search={{value}}&title=Special:Search&go=Go\",\"labelTemplate\":\"{{value}}\"}},\"event_type.raw\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"https://duckduckgo.com/?q={{value}}&t=h_&ia=web\",\"labelTemplate\":\"{{value}}\"}},\"dest_ip.raw\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"http://www.senderbase.org/lookup/?search_string={{value}}\",\"labelTemplate\":\"{{value}}\"}},\"proxy_connection.remote_ip.raw\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"http://www.senderbase.org/lookup/?search_string={{value}}\",\"labelTemplate\":\"{{value}}\"}},\"proxy_connection.local_ip.raw\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"http://www.senderbase.org/lookup/?search_string={{value}}\",\"labelTemplate\":\"{{value}}\"}},\"dst_ip.raw\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"http://www.senderbase.org/lookup/?search_string={{value}}\",\"labelTemplate\":\"{{value}}\"}},\"os.raw\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"https://duckduckgo.com/?q={{value}}&t=h_&ia=web\",\"labelTemplate\":\"{{value}}\"}},\"link.raw\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"https://duckduckgo.com/?q={{value}}&t=h_&ia=web\",\"labelTemplate\":\"{{value}}\"}},\"tls.version.raw\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"https://duckduckgo.com/?q={{value}}&t=h_&ia=web\",\"labelTemplate\":\"{{value}}\"}},\"dns.rrname.raw\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"http://www.senderbase.org/lookup/?search_string={{value}}\",\"labelTemplate\":\"{{value}}\"}},\"tls.sni.raw\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"https://www.ssllabs.com/ssltest/analyze.html?d={{value}}\",\"labelTemplate\":\"{{value}}\"}},\"http.http_user_agent.raw\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"http://ua.theafh.net/list.php?s={{value}}&include=yes&class=abr&do=desc\",\"labelTemplate\":\"{{value}}\"}},\"alert.cve_id.keyword\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"https://www.cvedetails.com/cve/{{value}}\",\"labelTemplate\":\"{{value}}\"}},\"src_ip.keyword\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"https://www.talosintelligence.com/reputation_center/lookup?search={{value}}\",\"labelTemplate\":\"{{value}}\"}},\"geoip.asn\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"https://mxtoolbox.com/SuperTool.aspx?action=asn%3a{{value}}\",\"labelTemplate\":\"{{value}}\"}}}"
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "NGINX",
 | |
|     "_type": "dashboard",
 | |
|     "_source": {
 | |
|       "title": "NGINX",
 | |
|       "hits": 0,
 | |
|       "description": "NGINX Dashboard",
 | |
|       "panelsJSON": "[{\"gridData\":{\"x\":0,\"y\":6,\"w\":24,\"h\":11,\"i\":\"2\"},\"id\":\"NGINX-Events-Histogram\",\"panelIndex\":\"2\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"gridData\":{\"x\":12,\"y\":28,\"w\":12,\"h\":11,\"i\":\"3\"},\"id\":\"NGINX-HTTP-Method-Pie-Top-10\",\"panelIndex\":\"3\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"gridData\":{\"x\":24,\"y\":28,\"w\":12,\"h\":11,\"i\":\"4\"},\"id\":\"NGINX-HTTP-Status-Code-Pie-Top-10\",\"panelIndex\":\"4\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"gridData\":{\"x\":36,\"y\":28,\"w\":12,\"h\":11,\"i\":\"5\"},\"id\":\"NGINX-HTTP-User-Agent-Pie-Top-10\",\"panelIndex\":\"5\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"gridData\":{\"x\":0,\"y\":17,\"w\":16,\"h\":11,\"i\":\"6\"},\"id\":\"NGINX-Username-Tagcloud\",\"panelIndex\":\"6\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"x\":0,\"y\":39,\"w\":24,\"h\":20,\"i\":\"7\"},\"id\":\"NGINX-ASN-Top-10\",\"panelIndex\":\"7\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"x\":24,\"y\":39,\"w\":24,\"h\":20,\"i\":\"8\"},\"id\":\"NGINX-Source-IP-Top-10\",\"panelIndex\":\"8\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"embeddableConfig\":{\"mapCenter\":[30.14512718337613,-0.87890625],\"mapZoom\":2},\"gridData\":{\"x\":24,\"y\":0,\"w\":24,\"h\":17,\"i\":\"9\"},\"id\":\"NGINX-Map\",\"panelIndex\":\"9\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"gridData\":{\"x\":32,\"y\":17,\"w\":16,\"h\":11,\"i\":\"13\"},\"id\":\"NGINX-Events-by-Country-Histogram\",\"panelIndex\":\"13\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"gridData\":{\"x\":0,\"y\":28,\"w\":12,\"h\":11,\"i\":\"14\"},\"id\":\"NGINX-Countries-Top-10\",\"panelIndex\":\"14\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"gridData\":{\"x\":0,\"y\":0,\"w\":14,\"h\":6,\"i\":\"15\"},\"id\":\"51ca6ee0-80d5-11e7-ab37-eb92b1bfb573\",\"panelIndex\":\"15\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"gridData\":{\"x\":16,\"y\":17,\"w\":16,\"h\":11,\"i\":\"16\"},\"id\":\"7dcaa2b0-8596-11e7-a686-392ac617767d\",\"panelIndex\":\"16\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"gridData\":{\"x\":14,\"y\":0,\"w\":10,\"h\":6,\"i\":\"17\"},\"version\":\"6.4.3\",\"panelIndex\":\"17\",\"type\":\"visualization\",\"id\":\"07581df0-e752-11e8-b4a6-215b0b97c069\",\"embeddableConfig\":{}}]",
 | |
|       "optionsJSON": "{\"darkTheme\":true,\"useMargins\":true}",
 | |
|       "version": 1,
 | |
|       "timeRestore": false,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\"}}}}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "Suricata",
 | |
|     "_type": "dashboard",
 | |
|     "_source": {
 | |
|       "title": "Suricata",
 | |
|       "hits": 0,
 | |
|       "description": "Suricata Dashboard",
 | |
|       "panelsJSON": "[{\"gridData\":{\"h\":11,\"i\":\"2\",\"w\":24,\"x\":0,\"y\":6},\"id\":\"Suricata-Events-Histogram\",\"panelIndex\":\"2\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"gridData\":{\"h\":11,\"i\":\"9\",\"w\":12,\"x\":36,\"y\":28},\"id\":\"Suricata-Countries-Top-10\",\"panelIndex\":\"9\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"gridData\":{\"h\":11,\"i\":\"12\",\"w\":12,\"x\":0,\"y\":39},\"id\":\"Suricata-Fileinfo-Magic-Top-10\",\"panelIndex\":\"12\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"gridData\":{\"h\":11,\"i\":\"14\",\"w\":12,\"x\":24,\"y\":28},\"id\":\"Suricata-HTTP-Content-Type-Top-10\",\"panelIndex\":\"14\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"gridData\":{\"h\":11,\"i\":\"15\",\"w\":12,\"x\":12,\"y\":28},\"id\":\"Suricata-HTTP-Hostname-Pie-Top-10\",\"panelIndex\":\"15\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"gridData\":{\"h\":11,\"i\":\"16\",\"w\":12,\"x\":24,\"y\":39},\"id\":\"Suricata-HTTP-Method-Pie-Top-10\",\"panelIndex\":\"16\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"gridData\":{\"h\":11,\"i\":\"18\",\"w\":12,\"x\":12,\"y\":39},\"id\":\"Suricata-HTTP-User-Agent-Pie-Top-10\",\"panelIndex\":\"18\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"gridData\":{\"h\":11,\"i\":\"19\",\"w\":12,\"x\":36,\"y\":39},\"id\":\"Suricata-SSH-Client-Software-Version-Pie-Top-10\",\"panelIndex\":\"19\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"gridData\":{\"h\":11,\"i\":\"22\",\"w\":16,\"x\":32,\"y\":17},\"id\":\"Suricata-Events-by-Country-Histogram\",\"panelIndex\":\"22\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"embeddableConfig\":{\"mapCenter\":[28.613459424004414,-3.33984375],\"mapZoom\":2},\"gridData\":{\"h\":17,\"i\":\"23\",\"w\":24,\"x\":24,\"y\":0},\"id\":\"Suricata-Map\",\"panelIndex\":\"23\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"h\":20,\"i\":\"24\",\"w\":8,\"x\":12,\"y\":50},\"id\":\"Suricata-Source-IP-Top-10\",\"panelIndex\":\"24\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"h\":20,\"i\":\"25\",\"w\":12,\"x\":0,\"y\":50},\"id\":\"Suricata-ASN-Top-10\",\"panelIndex\":\"25\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"h\":20,\"i\":\"26\",\"w\":20,\"x\":28,\"y\":50},\"id\":\"Suricata-Alert-Signature-Top-10\",\"panelIndex\":\"26\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"gridData\":{\"h\":11,\"i\":\"27\",\"w\":16,\"x\":0,\"y\":17},\"id\":\"e624bc50-7dd6-11e7-bee2-c98307c16efa\",\"panelIndex\":\"27\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"gridData\":{\"h\":6,\"i\":\"28\",\"w\":14,\"x\":0,\"y\":0},\"id\":\"bf6f6000-8598-11e7-8f60-4f4666b0a88e\",\"panelIndex\":\"28\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"gridData\":{\"h\":11,\"i\":\"29\",\"w\":16,\"x\":16,\"y\":17},\"id\":\"0e230290-859b-11e7-8f60-4f4666b0a88e\",\"panelIndex\":\"29\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"gridData\":{\"h\":11,\"i\":\"30\",\"w\":12,\"x\":0,\"y\":28},\"id\":\"b1a7f8d0-859b-11e7-8f60-4f4666b0a88e\",\"panelIndex\":\"30\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"h\":20,\"i\":\"31\",\"w\":8,\"x\":20,\"y\":50},\"id\":\"1a097850-7c22-11e7-aa1e-6bf93670d67b\",\"panelIndex\":\"31\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":6,\"i\":\"32\",\"w\":10,\"x\":14,\"y\":0},\"id\":\"4a60fe20-e75f-11e8-803c-59c072645505\",\"panelIndex\":\"32\",\"type\":\"visualization\",\"version\":\"6.4.3\"}]",
 | |
|       "optionsJSON": "{\"darkTheme\":true,\"useMargins\":true}",
 | |
|       "version": 1,
 | |
|       "timeRestore": false,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\"}}}}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "ElasticPot",
 | |
|     "_type": "dashboard",
 | |
|     "_source": {
 | |
|       "title": "ElasticPot",
 | |
|       "hits": 0,
 | |
|       "description": "ElasticPot Dashboard",
 | |
|       "panelsJSON": "[{\"gridData\":{\"x\":0,\"y\":6,\"w\":24,\"h\":11,\"i\":\"2\"},\"id\":\"ElasticPot-Events-Histogram\",\"panelIndex\":\"2\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"gridData\":{\"x\":12,\"y\":17,\"w\":12,\"h\":11,\"i\":\"3\"},\"id\":\"ElasticPot-Countries-Top-10\",\"panelIndex\":\"3\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"gridData\":{\"x\":24,\"y\":17,\"w\":24,\"h\":11,\"i\":\"4\"},\"id\":\"ElasticPot-Events-by-Country-Histogram\",\"panelIndex\":\"4\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"embeddableConfig\":{\"mapCenter\":[28.92163128242129,1.7578125000000002],\"mapZoom\":2},\"gridData\":{\"x\":24,\"y\":0,\"w\":24,\"h\":17,\"i\":\"5\"},\"id\":\"ElasticPot-Map\",\"panelIndex\":\"5\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"asc\"}}}},\"gridData\":{\"x\":16,\"y\":28,\"w\":12,\"h\":20,\"i\":\"6\"},\"id\":\"ElasticPot-Source-IP-Top-10\",\"panelIndex\":\"6\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"x\":0,\"y\":28,\"w\":16,\"h\":20,\"i\":\"7\"},\"id\":\"ElasticPot-ASN-Top-10\",\"panelIndex\":\"7\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"x\":28,\"y\":28,\"w\":20,\"h\":20,\"i\":\"9\"},\"id\":\"ElasticPot-Query-Top-10\",\"panelIndex\":\"9\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"gridData\":{\"x\":0,\"y\":0,\"w\":14,\"h\":6,\"i\":\"10\"},\"id\":\"d01a6390-827e-11e7-afbf-a7491fba5d8a\",\"panelIndex\":\"10\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"gridData\":{\"x\":0,\"y\":17,\"w\":12,\"h\":11,\"i\":\"11\"},\"id\":\"59b9dd60-827f-11e7-afbf-a7491fba5d8a\",\"panelIndex\":\"11\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":14,\"y\":0,\"w\":10,\"h\":6,\"i\":\"12\"},\"id\":\"3814c570-e68e-11e8-b727-735f5b0e1502\",\"panelIndex\":\"12\",\"type\":\"visualization\",\"version\":\"6.4.3\"}]",
 | |
|       "optionsJSON": "{\"darkTheme\":true,\"useMargins\":true}",
 | |
|       "version": 1,
 | |
|       "timeRestore": false,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\"}}}}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "83b11b50-e850-11e8-97df-bbc3de28ece0",
 | |
|     "_type": "dashboard",
 | |
|     "_source": {
 | |
|       "title": "Glutton",
 | |
|       "hits": 0,
 | |
|       "description": "Glutton Dashboard",
 | |
|       "panelsJSON": "[{\"embeddableConfig\":{},\"gridData\":{\"x\":30,\"y\":17,\"w\":18,\"h\":11,\"i\":\"16\"},\"id\":\"e055e240-e851-11e8-97df-bbc3de28ece0\",\"panelIndex\":\"16\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":12,\"y\":39,\"w\":36,\"h\":11,\"i\":\"17\"},\"id\":\"133801c0-e852-11e8-97df-bbc3de28ece0\",\"panelIndex\":\"17\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":6,\"w\":24,\"h\":11,\"i\":\"18\"},\"id\":\"50aa1940-e851-11e8-97df-bbc3de28ece0\",\"panelIndex\":\"18\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":12,\"y\":17,\"w\":18,\"h\":11,\"i\":\"19\"},\"id\":\"9d251bd0-e851-11e8-97df-bbc3de28ece0\",\"panelIndex\":\"19\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":0,\"w\":14,\"h\":6,\"i\":\"20\"},\"id\":\"32814dd0-e851-11e8-97df-bbc3de28ece0\",\"panelIndex\":\"20\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"embeddableConfig\":{\"mapCenter\":[29.53522956294847,-3.1640625000000004],\"mapZoom\":2},\"gridData\":{\"x\":24,\"y\":0,\"w\":24,\"h\":17,\"i\":\"21\"},\"id\":\"63d0bf60-e851-11e8-97df-bbc3de28ece0\",\"panelIndex\":\"21\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":14,\"y\":0,\"w\":10,\"h\":6,\"i\":\"22\"},\"id\":\"3f646820-e851-11e8-97df-bbc3de28ece0\",\"panelIndex\":\"22\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":28,\"w\":12,\"h\":11,\"i\":\"23\"},\"id\":\"f66b9200-e851-11e8-97df-bbc3de28ece0\",\"panelIndex\":\"23\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":36,\"y\":28,\"w\":12,\"h\":11,\"i\":\"24\"},\"id\":\"0464b030-e852-11e8-97df-bbc3de28ece0\",\"panelIndex\":\"24\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":17,\"w\":12,\"h\":11,\"i\":\"25\"},\"id\":\"7e6121d0-e851-11e8-97df-bbc3de28ece0\",\"panelIndex\":\"25\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":50,\"w\":12,\"h\":20,\"i\":\"26\"},\"id\":\"21c65b10-e852-11e8-97df-bbc3de28ece0\",\"panelIndex\":\"26\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":12,\"y\":50,\"w\":12,\"h\":20,\"i\":\"27\"},\"id\":\"41d04290-e852-11e8-97df-bbc3de28ece0\",\"panelIndex\":\"27\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":12,\"y\":28,\"w\":12,\"h\":11,\"i\":\"28\"},\"id\":\"7e9a7d20-e858-11e8-97df-bbc3de28ece0\",\"panelIndex\":\"28\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":24,\"y\":28,\"w\":12,\"h\":11,\"i\":\"29\"},\"id\":\"f4444100-e858-11e8-97df-bbc3de28ece0\",\"panelIndex\":\"29\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":39,\"w\":12,\"h\":11,\"i\":\"30\"},\"id\":\"160f9cb0-e85b-11e8-97df-bbc3de28ece0\",\"panelIndex\":\"30\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":70,\"w\":48,\"h\":20,\"i\":\"31\"},\"id\":\"a001a350-e85b-11e8-97df-bbc3de28ece0\",\"panelIndex\":\"31\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"gridData\":{\"x\":24,\"y\":50,\"w\":24,\"h\":20,\"i\":\"32\"},\"version\":\"6.4.3\",\"panelIndex\":\"32\",\"type\":\"visualization\",\"id\":\"c80e9ff0-e866-11e8-95af-236f09a02fdb\",\"embeddableConfig\":{}}]",
 | |
|       "optionsJSON": "{\"darkTheme\":true,\"useMargins\":true}",
 | |
|       "version": 1,
 | |
|       "timeRestore": false,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\"}}}}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "14ebefd0-488f-11e8-9b3d-f36e8d4f5cb2",
 | |
|     "_type": "dashboard",
 | |
|     "_source": {
 | |
|       "title": "Heralding",
 | |
|       "hits": 0,
 | |
|       "description": "Heralding Dashboard",
 | |
|       "panelsJSON": "[{\"gridData\":{\"h\":6,\"i\":\"1\",\"w\":14,\"x\":0,\"y\":0},\"id\":\"2cf90930-47d3-11e8-a905-f74bbc7cbd2d\",\"panelIndex\":\"1\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"gridData\":{\"h\":11,\"i\":\"2\",\"w\":24,\"x\":0,\"y\":6},\"id\":\"d3bb9bd0-4863-11e8-9b3d-f36e8d4f5cb2\",\"panelIndex\":\"2\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"gridData\":{\"h\":11,\"i\":\"3\",\"w\":24,\"x\":24,\"y\":17},\"id\":\"d0dbe890-4870-11e8-9b3d-f36e8d4f5cb2\",\"panelIndex\":\"3\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"embeddableConfig\":{\"mapCenter\":[25.799891182088334,16.875000000000004],\"mapZoom\":2},\"gridData\":{\"h\":17,\"i\":\"4\",\"w\":24,\"x\":24,\"y\":0},\"id\":\"94ae10e0-4871-11e8-9b3d-f36e8d4f5cb2\",\"panelIndex\":\"4\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"gridData\":{\"h\":11,\"i\":\"5\",\"w\":24,\"x\":0,\"y\":17},\"id\":\"29f51af0-4876-11e8-9b3d-f36e8d4f5cb2\",\"panelIndex\":\"5\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"gridData\":{\"h\":11,\"i\":\"6\",\"w\":16,\"x\":0,\"y\":28},\"id\":\"eca8e580-4877-11e8-9b3d-f36e8d4f5cb2\",\"panelIndex\":\"6\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"gridData\":{\"h\":11,\"i\":\"7\",\"w\":16,\"x\":16,\"y\":28},\"id\":\"e1969e20-4878-11e8-9b3d-f36e8d4f5cb2\",\"panelIndex\":\"7\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"gridData\":{\"h\":11,\"i\":\"8\",\"w\":16,\"x\":32,\"y\":28},\"id\":\"864b2f30-4883-11e8-9b3d-f36e8d4f5cb2\",\"panelIndex\":\"8\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"gridData\":{\"h\":16,\"i\":\"10\",\"w\":24,\"x\":24,\"y\":39},\"id\":\"7c5959b0-4889-11e8-9b3d-f36e8d4f5cb2\",\"panelIndex\":\"10\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"gridData\":{\"h\":16,\"i\":\"11\",\"w\":24,\"x\":0,\"y\":39},\"id\":\"1268af10-4889-11e8-9b3d-f36e8d4f5cb2\",\"panelIndex\":\"11\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"gridData\":{\"h\":20,\"i\":\"12\",\"w\":12,\"x\":0,\"y\":55},\"id\":\"21ad1c80-488a-11e8-9b3d-f36e8d4f5cb2\",\"panelIndex\":\"12\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"gridData\":{\"h\":20,\"i\":\"13\",\"w\":12,\"x\":12,\"y\":55},\"id\":\"844f33f0-488a-11e8-9b3d-f36e8d4f5cb2\",\"panelIndex\":\"13\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"gridData\":{\"h\":20,\"i\":\"14\",\"w\":24,\"x\":24,\"y\":55},\"id\":\"124a1140-488e-11e8-9b3d-f36e8d4f5cb2\",\"panelIndex\":\"14\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":6,\"i\":\"15\",\"w\":10,\"x\":14,\"y\":0},\"id\":\"d500a3c0-e6b8-11e8-b727-735f5b0e1502\",\"panelIndex\":\"15\",\"type\":\"visualization\",\"version\":\"6.4.3\"}]",
 | |
|       "optionsJSON": "{\"darkTheme\":true,\"hidePanelTitles\":false,\"useMargins\":true}",
 | |
|       "version": 1,
 | |
|       "timeRestore": false,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[],\"highlightAll\":true,\"version\":true}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "Dionaea",
 | |
|     "_type": "dashboard",
 | |
|     "_source": {
 | |
|       "title": "Dionaea",
 | |
|       "hits": 0,
 | |
|       "description": "Dionaea Dashboard",
 | |
|       "panelsJSON": "[{\"gridData\":{\"x\":0,\"y\":6,\"w\":24,\"h\":11,\"i\":\"2\"},\"id\":\"Dionaea-Events-Histogram\",\"panelIndex\":\"2\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"gridData\":{\"x\":22,\"y\":28,\"w\":11,\"h\":11,\"i\":\"3\"},\"id\":\"Dionaea-Destination-Ports-Top-10\",\"panelIndex\":\"3\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"gridData\":{\"x\":11,\"y\":17,\"w\":11,\"h\":11,\"i\":\"4\"},\"id\":\"Dionaea-Protocol\",\"panelIndex\":\"4\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"gridData\":{\"x\":24,\"y\":39,\"w\":24,\"h\":13,\"i\":\"8\"},\"id\":\"Dionaea-Password-Tagcloud-Large\",\"panelIndex\":\"8\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"embeddableConfig\":{\"vis\":{\"legendOpen\":true}},\"gridData\":{\"x\":33,\"y\":17,\"w\":15,\"h\":11,\"i\":\"10\"},\"id\":\"Dionaea-Events-by-Country-Histogram\",\"panelIndex\":\"10\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"embeddableConfig\":{\"mapCenter\":[26.073274367159797,8.357599969021976],\"mapZoom\":2},\"gridData\":{\"x\":24,\"y\":0,\"w\":24,\"h\":17,\"i\":\"11\"},\"id\":\"Dionaea-Map\",\"panelIndex\":\"11\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"x\":0,\"y\":52,\"w\":24,\"h\":20,\"i\":\"12\"},\"id\":\"Dionaea-ASN-Top-10\",\"panelIndex\":\"12\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"x\":24,\"y\":52,\"w\":24,\"h\":20,\"i\":\"13\"},\"id\":\"Dionaea-Source-IP-Top-10\",\"panelIndex\":\"13\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"gridData\":{\"x\":0,\"y\":0,\"w\":14,\"h\":6,\"i\":\"14\"},\"id\":\"b9343070-80e9-11e7-a689-67e589a14a8a\",\"panelIndex\":\"14\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"gridData\":{\"x\":0,\"y\":17,\"w\":11,\"h\":11,\"i\":\"15\"},\"id\":\"cf8d0e40-80ea-11e7-a689-67e589a14a8a\",\"panelIndex\":\"15\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"gridData\":{\"x\":22,\"y\":17,\"w\":11,\"h\":11,\"i\":\"16\"},\"id\":\"Dionaea-Countries-Top-10\",\"panelIndex\":\"16\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"gridData\":{\"x\":0,\"y\":28,\"w\":11,\"h\":11,\"i\":\"17\"},\"id\":\"Dionaea-Type\",\"panelIndex\":\"17\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"gridData\":{\"x\":11,\"y\":28,\"w\":11,\"h\":11,\"i\":\"18\"},\"id\":\"Dionaea-Transport\",\"panelIndex\":\"18\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"embeddableConfig\":{\"vis\":{\"legendOpen\":true}},\"gridData\":{\"x\":33,\"y\":28,\"w\":15,\"h\":11,\"i\":\"19\"},\"id\":\"7e33e3d0-810c-11e7-8413-9fe5e30ade77\",\"panelIndex\":\"19\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":14,\"y\":0,\"w\":10,\"h\":6,\"i\":\"20\"},\"id\":\"465d9810-e5cf-11e8-b72a-b734d2b55cd4\",\"panelIndex\":\"20\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":39,\"w\":24,\"h\":13,\"i\":\"21\"},\"id\":\"Dionaea-Username-Tagcloud-Large\",\"panelIndex\":\"21\",\"type\":\"visualization\",\"version\":\"6.4.3\"}]",
 | |
|       "optionsJSON": "{\"darkTheme\":true,\"useMargins\":true}",
 | |
|       "version": 1,
 | |
|       "timeRestore": false,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\"}}}}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "Glastopf",
 | |
|     "_type": "dashboard",
 | |
|     "_source": {
 | |
|       "title": "Glastopf",
 | |
|       "hits": 0,
 | |
|       "description": "Glastopf Dashboard",
 | |
|       "panelsJSON": "[{\"gridData\":{\"h\":11,\"i\":\"2\",\"w\":24,\"x\":0,\"y\":6},\"id\":\"Glastopf-Events-Histogram\",\"panelIndex\":\"2\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"gridData\":{\"h\":11,\"i\":\"3\",\"w\":16,\"x\":16,\"y\":17},\"id\":\"Glastopf-Countries-Top-10\",\"panelIndex\":\"3\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"embeddableConfig\":{\"mapCenter\":[27.994401411046148,-6.679687500000001],\"mapZoom\":2},\"gridData\":{\"h\":17,\"i\":\"5\",\"w\":24,\"x\":24,\"y\":0},\"id\":\"Glastopf-Map\",\"panelIndex\":\"5\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"h\":20,\"i\":\"6\",\"w\":24,\"x\":24,\"y\":28},\"id\":\"Glastop-Source-IP-Top-10\",\"panelIndex\":\"6\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"h\":20,\"i\":\"7\",\"w\":24,\"x\":0,\"y\":28},\"id\":\"Glastopf-ASN-Top-10\",\"panelIndex\":\"7\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"gridData\":{\"h\":11,\"i\":\"9\",\"w\":16,\"x\":32,\"y\":17},\"id\":\"Glastopf-Events-by-Country-Histogram\",\"panelIndex\":\"9\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"gridData\":{\"h\":6,\"i\":\"10\",\"w\":14,\"x\":0,\"y\":0},\"id\":\"307afd60-82a9-11e7-bcbe-2b6958a9c888\",\"panelIndex\":\"10\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"gridData\":{\"h\":11,\"i\":\"11\",\"w\":16,\"x\":0,\"y\":17},\"id\":\"59509e90-8590-11e7-a686-392ac617767d\",\"panelIndex\":\"11\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":6,\"i\":\"12\",\"w\":10,\"x\":14,\"y\":0},\"id\":\"409907c0-e6b5-11e8-b727-735f5b0e1502\",\"panelIndex\":\"12\",\"type\":\"visualization\",\"version\":\"6.4.3\"}]",
 | |
|       "optionsJSON": "{\"darkTheme\":true,\"useMargins\":true}",
 | |
|       "version": 1,
 | |
|       "timeRestore": false,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\"}}}}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "ConPot",
 | |
|     "_type": "dashboard",
 | |
|     "_source": {
 | |
|       "title": "Conpot",
 | |
|       "hits": 0,
 | |
|       "description": "Conpot Dashboard",
 | |
|       "panelsJSON": "[{\"gridData\":{\"h\":11,\"i\":\"2\",\"w\":24,\"x\":0,\"y\":6},\"id\":\"ConPot-Events-Histogram\",\"panelIndex\":\"2\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"gridData\":{\"h\":11,\"i\":\"3\",\"w\":12,\"x\":12,\"y\":17},\"id\":\"ConPot-Countries-Top-10\",\"panelIndex\":\"3\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"gridData\":{\"h\":11,\"i\":\"4\",\"w\":12,\"x\":0,\"y\":28},\"id\":\"ConPot-Event-Type\",\"panelIndex\":\"4\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"gridData\":{\"h\":11,\"i\":\"5\",\"w\":12,\"x\":12,\"y\":28},\"id\":\"ConPot-Protocol\",\"panelIndex\":\"5\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"gridData\":{\"h\":11,\"i\":\"6\",\"w\":24,\"x\":24,\"y\":17},\"id\":\"ConPot-Events-by-Country-Histogram\",\"panelIndex\":\"6\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"h\":21,\"i\":\"7\",\"w\":12,\"x\":24,\"y\":39},\"id\":\"ConPot-Input-Top-10\",\"panelIndex\":\"7\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"h\":21,\"i\":\"8\",\"w\":12,\"x\":36,\"y\":39},\"id\":\"ConPot-Response-Top-10\",\"panelIndex\":\"8\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"h\":21,\"i\":\"11\",\"w\":12,\"x\":0,\"y\":39},\"id\":\"ConPot-ASN-Top-10\",\"panelIndex\":\"11\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"gridData\":{\"h\":11,\"i\":\"14\",\"w\":12,\"x\":0,\"y\":17},\"id\":\"ffb284f0-80cd-11e7-ab37-eb92b1bfb573\",\"panelIndex\":\"14\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"h\":21,\"i\":\"15\",\"w\":12,\"x\":12,\"y\":39},\"id\":\"082111a0-80cf-11e7-ab37-eb92b1bfb573\",\"panelIndex\":\"15\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"gridData\":{\"h\":6,\"i\":\"16\",\"w\":13,\"x\":0,\"y\":0},\"id\":\"62fde9a0-858d-11e7-a686-392ac617767d\",\"panelIndex\":\"16\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"embeddableConfig\":{\"mapCenter\":[35.746512259918504,-16.171875000000004],\"mapZoom\":2},\"gridData\":{\"h\":17,\"i\":\"17\",\"w\":24,\"x\":24,\"y\":0},\"id\":\"ConPot-Map\",\"panelIndex\":\"17\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":6,\"i\":\"18\",\"w\":11,\"x\":13,\"y\":0},\"id\":\"10e765a0-e51e-11e8-8a75-d5f374dbaebe\",\"panelIndex\":\"18\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":11,\"i\":\"19\",\"w\":24,\"x\":24,\"y\":28},\"id\":\"a427e6c0-e521-11e8-8a75-d5f374dbaebe\",\"panelIndex\":\"19\",\"type\":\"visualization\",\"version\":\"6.4.3\"}]",
 | |
|       "optionsJSON": "{\"darkTheme\":true,\"hidePanelTitles\":false,\"useMargins\":true}",
 | |
|       "version": 1,
 | |
|       "timeRestore": false,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\"}}}}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "faeb1340-6355-11e8-be86-73985bedf977",
 | |
|     "_type": "dashboard",
 | |
|     "_source": {
 | |
|       "title": "Tanner",
 | |
|       "hits": 0,
 | |
|       "description": "Tanner Dashboard",
 | |
|       "panelsJSON": "[{\"gridData\":{\"x\":0,\"y\":50,\"w\":12,\"h\":20,\"i\":\"1\"},\"id\":\"06628c70-6352-11e8-be86-73985bedf977\",\"panelIndex\":\"1\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"embeddableConfig\":{\"mapCenter\":[36.03133177633189,4.218750000000001],\"mapZoom\":2},\"gridData\":{\"x\":24,\"y\":0,\"w\":24,\"h\":17,\"i\":\"2\"},\"id\":\"f8e24f20-634e-11e8-be86-73985bedf977\",\"panelIndex\":\"2\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"gridData\":{\"x\":12,\"y\":17,\"w\":12,\"h\":11,\"i\":\"3\"},\"id\":\"d968d5e0-6350-11e8-be86-73985bedf977\",\"panelIndex\":\"3\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"gridData\":{\"x\":0,\"y\":0,\"w\":14,\"h\":6,\"i\":\"4\"},\"id\":\"5014cee0-634e-11e8-be86-73985bedf977\",\"panelIndex\":\"4\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"gridData\":{\"x\":0,\"y\":6,\"w\":24,\"h\":11,\"i\":\"5\"},\"id\":\"77bf1310-634e-11e8-be86-73985bedf977\",\"panelIndex\":\"5\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"gridData\":{\"x\":24,\"y\":17,\"w\":24,\"h\":11,\"i\":\"6\"},\"id\":\"6ee57da0-634f-11e8-be86-73985bedf977\",\"panelIndex\":\"6\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"gridData\":{\"x\":0,\"y\":28,\"w\":16,\"h\":11,\"i\":\"7\"},\"id\":\"c1c8a3a0-6352-11e8-be86-73985bedf977\",\"panelIndex\":\"7\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"gridData\":{\"x\":32,\"y\":39,\"w\":16,\"h\":11,\"i\":\"8\"},\"id\":\"946dc4d0-6352-11e8-be86-73985bedf977\",\"panelIndex\":\"8\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"gridData\":{\"x\":16,\"y\":39,\"w\":16,\"h\":11,\"i\":\"9\"},\"id\":\"a6ccd530-6352-11e8-be86-73985bedf977\",\"panelIndex\":\"9\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"gridData\":{\"x\":12,\"y\":50,\"w\":12,\"h\":20,\"i\":\"10\"},\"id\":\"Cowrie-Source-IP-Top-10\",\"panelIndex\":\"10\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"gridData\":{\"x\":0,\"y\":17,\"w\":12,\"h\":11,\"i\":\"11\"},\"id\":\"a51e9ae0-6350-11e8-be86-73985bedf977\",\"panelIndex\":\"11\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"gridData\":{\"x\":32,\"y\":28,\"w\":16,\"h\":11,\"i\":\"12\"},\"id\":\"895645f0-6356-11e8-be86-73985bedf977\",\"panelIndex\":\"12\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"gridData\":{\"x\":24,\"y\":50,\"w\":24,\"h\":20,\"i\":\"13\"},\"id\":\"e9e534d0-6356-11e8-be86-73985bedf977\",\"panelIndex\":\"13\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"gridData\":{\"x\":0,\"y\":39,\"w\":16,\"h\":11,\"i\":\"14\"},\"id\":\"87cf3b50-6357-11e8-be86-73985bedf977\",\"panelIndex\":\"14\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"gridData\":{\"x\":16,\"y\":28,\"w\":16,\"h\":11,\"i\":\"15\"},\"id\":\"656df650-6357-11e8-be86-73985bedf977\",\"panelIndex\":\"15\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"gridData\":{\"x\":14,\"y\":0,\"w\":10,\"h\":6,\"i\":\"16\"},\"version\":\"6.4.3\",\"panelIndex\":\"16\",\"type\":\"visualization\",\"id\":\"535b0c80-e761-11e8-803c-59c072645505\",\"embeddableConfig\":{}}]",
 | |
|       "optionsJSON": "{\"darkTheme\":true,\"hidePanelTitles\":false,\"useMargins\":true}",
 | |
|       "version": 1,
 | |
|       "timeRestore": false,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[],\"highlightAll\":true,\"version\":true}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "e05aac20-8b51-11e7-b92d-d39e43e3de0f",
 | |
|     "_type": "dashboard",
 | |
|     "_source": {
 | |
|       "title": "Rdpy",
 | |
|       "hits": 0,
 | |
|       "description": "Rdpy Dashboard",
 | |
|       "panelsJSON": "[{\"gridData\":{\"x\":0,\"y\":0,\"w\":15,\"h\":6,\"i\":\"10\"},\"id\":\"0de24040-8b52-11e7-b92d-d39e43e3de0f\",\"panelIndex\":\"10\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"gridData\":{\"x\":0,\"y\":6,\"w\":24,\"h\":11,\"i\":\"11\"},\"id\":\"c90f1f00-8b52-11e7-b92d-d39e43e3de0f\",\"panelIndex\":\"11\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"gridData\":{\"x\":24,\"y\":17,\"w\":24,\"h\":11,\"i\":\"12\"},\"id\":\"da489b20-8b52-11e7-b92d-d39e43e3de0f\",\"panelIndex\":\"12\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"embeddableConfig\":{\"mapCenter\":[30.44867367928756,-5.44921875],\"mapZoom\":2},\"gridData\":{\"x\":24,\"y\":0,\"w\":24,\"h\":17,\"i\":\"13\"},\"id\":\"e4b7cf40-8b52-11e7-b92d-d39e43e3de0f\",\"panelIndex\":\"13\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"gridData\":{\"x\":0,\"y\":17,\"w\":12,\"h\":11,\"i\":\"14\"},\"id\":\"051c59e0-8b53-11e7-b92d-d39e43e3de0f\",\"panelIndex\":\"14\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"gridData\":{\"x\":12,\"y\":17,\"w\":12,\"h\":11,\"i\":\"15\"},\"id\":\"51c331f0-8b54-11e7-b92d-d39e43e3de0f\",\"panelIndex\":\"15\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"x\":0,\"y\":39,\"w\":24,\"h\":20,\"i\":\"16\"},\"id\":\"73364660-8b54-11e7-b92d-d39e43e3de0f\",\"panelIndex\":\"16\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"x\":24,\"y\":39,\"w\":24,\"h\":20,\"i\":\"17\"},\"id\":\"874be060-8b54-11e7-b92d-d39e43e3de0f\",\"panelIndex\":\"17\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"gridData\":{\"x\":0,\"y\":28,\"w\":24,\"h\":11,\"i\":\"18\"},\"id\":\"54213440-8b56-11e7-b92d-d39e43e3de0f\",\"panelIndex\":\"18\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"gridData\":{\"x\":24,\"y\":28,\"w\":24,\"h\":11,\"i\":\"19\"},\"id\":\"cb2a3a00-8b56-11e7-b92d-d39e43e3de0f\",\"panelIndex\":\"19\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":15,\"y\":0,\"w\":9,\"h\":6,\"i\":\"20\"},\"id\":\"94e13130-e756-11e8-b4a6-215b0b97c069\",\"panelIndex\":\"20\",\"type\":\"visualization\",\"version\":\"6.4.3\"}]",
 | |
|       "optionsJSON": "{\"darkTheme\":true,\"useMargins\":true}",
 | |
|       "version": 1,
 | |
|       "timeRestore": false,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"match_all\":{}}}}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "c41d55e0-79f7-11e8-b925-695a48057e49",
 | |
|     "_type": "dashboard",
 | |
|     "_source": {
 | |
|       "title": ">T-Pot",
 | |
|       "hits": 0,
 | |
|       "description": "T-Pot Dashboard",
 | |
|       "panelsJSON": "[{\"embeddableConfig\":{\"vis\":{\"legendOpen\":true}},\"gridData\":{\"x\":11,\"y\":22,\"w\":11,\"h\":11,\"i\":\"9\"},\"id\":\"P0f-OS-Top-10\",\"panelIndex\":\"9\",\"type\":\"visualization\",\"version\":\"6.3.0\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"x\":28,\"y\":48,\"w\":20,\"h\":21,\"i\":\"21\"},\"id\":\"Suricata-Alert-Signature-Top-10\",\"panelIndex\":\"21\",\"type\":\"visualization\",\"version\":\"6.3.0\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"x\":20,\"y\":48,\"w\":8,\"h\":21,\"i\":\"38\"},\"id\":\"1a097850-7c22-11e7-aa1e-6bf93670d67b\",\"panelIndex\":\"38\",\"type\":\"visualization\",\"version\":\"6.3.0\"},{\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"gridData\":{\"x\":22,\"y\":22,\"w\":13,\"h\":11,\"i\":\"43\"},\"id\":\"e624bc50-7dd6-11e7-bee2-c98307c16efa\",\"panelIndex\":\"43\",\"type\":\"visualization\",\"version\":\"6.3.0\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"x\":0,\"y\":48,\"w\":12,\"h\":21,\"i\":\"44\"},\"id\":\"d94ff2a0-7ec2-11e7-a286-9f03beba6417\",\"panelIndex\":\"44\",\"type\":\"visualization\",\"version\":\"6.3.0\"},{\"gridData\":{\"x\":11,\"y\":11,\"w\":11,\"h\":11,\"i\":\"45\"},\"id\":\"50d82860-7ea0-11e7-a286-9f03beba6417\",\"panelIndex\":\"45\",\"type\":\"visualization\",\"version\":\"6.3.0\"},{\"embeddableConfig\":{\"spy\":{\"mode\":{\"fill\":false,\"name\":null}},\"vis\":{\"legendOpen\":false}},\"gridData\":{\"x\":35,\"y\":22,\"w\":13,\"h\":11,\"i\":\"46\"},\"id\":\"7b61a6a0-7ebf-11e7-a286-9f03beba6417\",\"panelIndex\":\"46\",\"type\":\"visualization\",\"version\":\"6.3.0\"},{\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"gridData\":{\"x\":0,\"y\":0,\"w\":22,\"h\":11,\"i\":\"47\"},\"id\":\"87428ba0-7e9d-11e7-a286-9f03beba6417\",\"panelIndex\":\"47\",\"type\":\"visualization\",\"version\":\"6.3.0\"},{\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"gridData\":{\"x\":22,\"y\":0,\"w\":13,\"h\":11,\"i\":\"48\"},\"id\":\"762f66c0-7e9e-11e7-a286-9f03beba6417\",\"panelIndex\":\"48\",\"type\":\"visualization\",\"version\":\"6.3.0\"},{\"gridData\":{\"x\":0,\"y\":11,\"w\":11,\"h\":11,\"i\":\"49\"},\"id\":\"0d947000-7ebd-11e7-a286-9f03beba6417\",\"panelIndex\":\"49\",\"type\":\"visualization\",\"version\":\"6.3.0\"},{\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"gridData\":{\"x\":35,\"y\":11,\"w\":13,\"h\":11,\"i\":\"50\"},\"id\":\"885928c0-7ebe-11e7-a286-9f03beba6417\",\"panelIndex\":\"50\",\"type\":\"visualization\",\"version\":\"6.3.0\"},{\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"gridData\":{\"x\":22,\"y\":11,\"w\":13,\"h\":11,\"i\":\"51\"},\"id\":\"ef227eb0-7e9d-11e7-a286-9f03beba6417\",\"panelIndex\":\"51\",\"type\":\"visualization\",\"version\":\"6.3.0\"},{\"embeddableConfig\":{\"mapCenter\":[24.5271348225978,-5.273437500000001],\"mapZoom\":1},\"gridData\":{\"x\":35,\"y\":0,\"w\":13,\"h\":11,\"i\":\"52\"},\"id\":\"d1aa9740-7e9e-11e7-a286-9f03beba6417\",\"panelIndex\":\"52\",\"type\":\"visualization\",\"version\":\"6.3.0\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"x\":12,\"y\":48,\"w\":8,\"h\":21,\"i\":\"53\"},\"id\":\"772cb2b0-7ec3-11e7-a7c8-5f38ad5bf75f\",\"panelIndex\":\"53\",\"type\":\"visualization\",\"version\":\"6.3.0\"},{\"embeddableConfig\":{\"vis\":{\"legendOpen\":true}},\"gridData\":{\"x\":0,\"y\":22,\"w\":11,\"h\":11,\"i\":\"54\"},\"id\":\"349c11c0-7ea0-11e7-a286-9f03beba6417\",\"panelIndex\":\"54\",\"type\":\"visualization\",\"version\":\"6.3.0\"},{\"gridData\":{\"x\":0,\"y\":33,\"w\":22,\"h\":15,\"i\":\"55\"},\"id\":\"f1a19000-7ebf-11e7-a286-9f03beba6417\",\"panelIndex\":\"55\",\"type\":\"visualization\",\"version\":\"6.3.0\"},{\"gridData\":{\"x\":22,\"y\":33,\"w\":13,\"h\":15,\"i\":\"56\"},\"version\":\"6.4.3\",\"panelIndex\":\"56\",\"type\":\"visualization\",\"id\":\"56cdedf0-ec08-11e8-96db-ebfb2a58ccf6\",\"embeddableConfig\":{}},{\"gridData\":{\"x\":35,\"y\":33,\"w\":13,\"h\":15,\"i\":\"57\"},\"version\":\"6.4.3\",\"panelIndex\":\"57\",\"type\":\"visualization\",\"id\":\"9b89ddb0-ec07-11e8-96db-ebfb2a58ccf6\",\"embeddableConfig\":{}}]",
 | |
|       "optionsJSON": "{\"darkTheme\":true,\"useMargins\":true}",
 | |
|       "version": 1,
 | |
|       "timeRestore": false,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\"}}}}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "Cowrie",
 | |
|     "_type": "dashboard",
 | |
|     "_source": {
 | |
|       "title": "Cowrie",
 | |
|       "hits": 0,
 | |
|       "description": "Cowrie Dashboard",
 | |
|       "panelsJSON": "[{\"embeddableConfig\":{\"vis\":{\"legendOpen\":true}},\"gridData\":{\"x\":0,\"y\":6,\"w\":24,\"h\":11,\"i\":\"22\"},\"id\":\"Cowrie-Events-Histogram\",\"panelIndex\":\"22\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"gridData\":{\"x\":24,\"y\":28,\"w\":12,\"h\":11,\"i\":\"28\"},\"id\":\"Cowrie-Countries-Top-10\",\"panelIndex\":\"28\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"embeddableConfig\":{\"vis\":{\"legendOpen\":true}},\"gridData\":{\"x\":32,\"y\":17,\"w\":16,\"h\":11,\"i\":\"29\"},\"id\":\"Cowrie-Events-by-Country-Histogram\",\"panelIndex\":\"29\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"gridData\":{\"x\":12,\"y\":28,\"w\":12,\"h\":11,\"i\":\"31\"},\"id\":\"Cowrie-Version-Pie-Top-10\",\"panelIndex\":\"31\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"gridData\":{\"x\":0,\"y\":39,\"w\":24,\"h\":16,\"i\":\"34\"},\"id\":\"Cowrie-Username-Tagcloud-Large\",\"panelIndex\":\"34\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"gridData\":{\"x\":24,\"y\":39,\"w\":24,\"h\":16,\"i\":\"35\"},\"id\":\"Cowrie-Password-Tagcloud-Large\",\"panelIndex\":\"35\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"embeddableConfig\":{\"mapCenter\":[24.84656534821976,6.855468750000001],\"mapZoom\":2},\"gridData\":{\"x\":24,\"y\":0,\"w\":24,\"h\":17,\"i\":\"36\"},\"id\":\"Cowrie-Map\",\"panelIndex\":\"36\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"x\":24,\"y\":55,\"w\":24,\"h\":20,\"i\":\"37\"},\"id\":\"Cowrie-Input-Top-10\",\"panelIndex\":\"37\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"x\":0,\"y\":55,\"w\":16,\"h\":20,\"i\":\"39\"},\"id\":\"Cowrie-ASN-Top-10\",\"panelIndex\":\"39\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"gridData\":{\"x\":36,\"y\":28,\"w\":12,\"h\":11,\"i\":\"43\"},\"id\":\"Cowrie-Ports-Pie\",\"panelIndex\":\"43\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"embeddableConfig\":{\"vis\":{\"legendOpen\":true}},\"gridData\":{\"x\":0,\"y\":0,\"w\":14,\"h\":6,\"i\":\"44\"},\"id\":\"c1ef91c0-7dc2-11e7-8268-ed048f6272e0\",\"panelIndex\":\"44\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"gridData\":{\"x\":0,\"y\":28,\"w\":12,\"h\":11,\"i\":\"45\"},\"id\":\"bf39e000-80d5-11e7-ba6f-4542711dd148\",\"panelIndex\":\"45\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"embeddableConfig\":{\"vis\":{\"legendOpen\":true}},\"gridData\":{\"x\":0,\"y\":17,\"w\":16,\"h\":11,\"i\":\"46\"},\"id\":\"f28b8c60-80e4-11e7-ba6f-4542711dd148\",\"panelIndex\":\"46\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"embeddableConfig\":{\"vis\":{\"legendOpen\":true}},\"gridData\":{\"x\":16,\"y\":17,\"w\":16,\"h\":11,\"i\":\"47\"},\"id\":\"2a6803f0-80e7-11e7-a689-67e589a14a8a\",\"panelIndex\":\"47\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":14,\"y\":0,\"w\":10,\"h\":6,\"i\":\"48\"},\"id\":\"45e32dc0-dec5-11e8-87cf-239397d2b8d3\",\"panelIndex\":\"48\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"gridData\":{\"x\":16,\"y\":55,\"w\":8,\"h\":20,\"i\":\"49\"},\"version\":\"6.4.3\",\"panelIndex\":\"49\",\"type\":\"visualization\",\"id\":\"48d3dad0-e725-11e8-b4a6-215b0b97c069\",\"embeddableConfig\":{}}]",
 | |
|       "optionsJSON": "{\"darkTheme\":true,\"useMargins\":true}",
 | |
|       "version": 1,
 | |
|       "timeRestore": false,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\"}}}}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "Honeytrap",
 | |
|     "_type": "dashboard",
 | |
|     "_source": {
 | |
|       "title": "Honeytrap",
 | |
|       "hits": 0,
 | |
|       "description": "Honeytrap Dashboard",
 | |
|       "panelsJSON": "[{\"gridData\":{\"h\":11,\"i\":\"2\",\"w\":24,\"x\":0,\"y\":6},\"id\":\"Honeytrap-Events-Histogram\",\"panelIndex\":\"2\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"gridData\":{\"h\":11,\"i\":\"5\",\"w\":12,\"x\":12,\"y\":28},\"id\":\"Honeytrap-Countries-Top-10\",\"panelIndex\":\"5\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"gridData\":{\"h\":11,\"i\":\"6\",\"w\":18,\"x\":30,\"y\":17},\"id\":\"Honeytrap-Events-by-Country-Histogram\",\"panelIndex\":\"6\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"gridData\":{\"h\":11,\"i\":\"7\",\"w\":12,\"x\":0,\"y\":17},\"id\":\"Honeytrap-Destination-Ports-Top-10\",\"panelIndex\":\"7\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"embeddableConfig\":{\"mapCenter\":[28.613459424004414,-3.69140625],\"mapZoom\":2},\"gridData\":{\"h\":17,\"i\":\"8\",\"w\":24,\"x\":24,\"y\":0},\"id\":\"Honeytrap-Map\",\"panelIndex\":\"8\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"h\":20,\"i\":\"9\",\"w\":24,\"x\":24,\"y\":39},\"id\":\"Honeytrap-Source-IP-Top-10\",\"panelIndex\":\"9\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"h\":20,\"i\":\"10\",\"w\":24,\"x\":0,\"y\":39},\"id\":\"Honeytrap-ASN-Top-10\",\"panelIndex\":\"10\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"gridData\":{\"h\":6,\"i\":\"11\",\"w\":14,\"x\":0,\"y\":0},\"id\":\"6ee70b90-8374-11e7-9adb-2955c2136c8c\",\"panelIndex\":\"11\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"gridData\":{\"h\":11,\"i\":\"12\",\"w\":18,\"x\":12,\"y\":17},\"id\":\"ec53e470-8376-11e7-9adb-2955c2136c8c\",\"panelIndex\":\"12\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"gridData\":{\"h\":11,\"i\":\"13\",\"w\":12,\"x\":0,\"y\":28},\"id\":\"576a3cb0-82ae-11e7-bcbe-2b6958a9c888\",\"panelIndex\":\"13\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 450\":\"rgb(255,255,204)\",\"1350 - 1800\":\"rgb(254,201,101)\",\"1800 - 2250\":\"rgb(254,171,73)\",\"2250 - 2700\":\"rgb(253,141,60)\",\"2700 - 3150\":\"rgb(252,91,46)\",\"3150 - 3600\":\"rgb(237,47,34)\",\"3600 - 4050\":\"rgb(212,16,32)\",\"4050 - 4500\":\"rgb(176,0,38)\",\"450 - 900\":\"rgb(255,241,170)\",\"900 - 1350\":\"rgb(254,225,135)\"}}},\"gridData\":{\"h\":11,\"i\":\"14\",\"w\":24,\"x\":24,\"y\":28},\"id\":\"4e2887d0-8379-11e7-97dc-15d31af3c77f\",\"panelIndex\":\"14\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":6,\"i\":\"15\",\"w\":10,\"x\":14,\"y\":0},\"id\":\"f5e74220-e725-11e8-b4a6-215b0b97c069\",\"panelIndex\":\"15\",\"type\":\"visualization\",\"version\":\"6.4.3\"}]",
 | |
|       "optionsJSON": "{\"darkTheme\":true,\"useMargins\":true}",
 | |
|       "version": 1,
 | |
|       "timeRestore": false,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\"}}}}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "dd95c950-8b5d-11e7-ba35-0d8832ac304f",
 | |
|     "_type": "dashboard",
 | |
|     "_source": {
 | |
|       "title": "Mailoney",
 | |
|       "hits": 0,
 | |
|       "description": "Mailoney Dashboard",
 | |
|       "panelsJSON": "[{\"gridData\":{\"h\":6,\"i\":\"10\",\"w\":14,\"x\":0,\"y\":0},\"id\":\"5234de80-8b5f-11e7-b92d-d39e43e3de0f\",\"panelIndex\":\"10\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"gridData\":{\"h\":11,\"i\":\"11\",\"w\":24,\"x\":0,\"y\":6},\"id\":\"63672eb0-8b5f-11e7-b92d-d39e43e3de0f\",\"panelIndex\":\"11\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"gridData\":{\"h\":11,\"i\":\"12\",\"w\":24,\"x\":24,\"y\":17},\"id\":\"88d899e0-8b5f-11e7-b92d-d39e43e3de0f\",\"panelIndex\":\"12\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"gridData\":{\"h\":11,\"i\":\"13\",\"w\":12,\"x\":12,\"y\":17},\"id\":\"cac48440-8b5f-11e7-b92d-d39e43e3de0f\",\"panelIndex\":\"13\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"gridData\":{\"h\":11,\"i\":\"14\",\"w\":12,\"x\":0,\"y\":17},\"id\":\"d2405e70-8b5e-11e7-ba35-0d8832ac304f\",\"panelIndex\":\"14\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"h\":20,\"i\":\"15\",\"w\":12,\"x\":0,\"y\":28},\"id\":\"ad6dcb50-8b5e-11e7-ba35-0d8832ac304f\",\"panelIndex\":\"15\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"h\":20,\"i\":\"16\",\"w\":12,\"x\":12,\"y\":28},\"id\":\"ba9d6280-8b5f-11e7-b92d-d39e43e3de0f\",\"panelIndex\":\"16\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"h\":20,\"i\":\"17\",\"w\":24,\"x\":24,\"y\":28},\"id\":\"0169b450-8b62-11e7-ba35-0d8832ac304f\",\"panelIndex\":\"17\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"embeddableConfig\":{\"mapCenter\":[29.22889003019423,-7.207031249999999],\"mapZoom\":2},\"gridData\":{\"h\":17,\"i\":\"18\",\"w\":24,\"x\":24,\"y\":0},\"id\":\"c0916430-8b5e-11e7-ba35-0d8832ac304f\",\"panelIndex\":\"18\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":6,\"i\":\"19\",\"w\":10,\"x\":14,\"y\":0},\"id\":\"f2742de0-e745-11e8-b4a6-215b0b97c069\",\"panelIndex\":\"19\",\"type\":\"visualization\",\"version\":\"6.4.3\"}]",
 | |
|       "optionsJSON": "{\"darkTheme\":true,\"useMargins\":true}",
 | |
|       "version": 1,
 | |
|       "timeRestore": false,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"match_all\":{}}}}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "133801c0-e852-11e8-97df-bbc3de28ece0",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Glutton Heatmap",
 | |
|       "visState": "{\n  \"title\": \"Glutton Heatmap\",\n  \"type\": \"heatmap\",\n  \"params\": {\n    \"addTooltip\": true,\n    \"addLegend\": true,\n    \"enableHover\": false,\n    \"legendPosition\": \"right\",\n    \"times\": [],\n    \"colorsNumber\": 10,\n    \"colorSchema\": \"Green to Red\",\n    \"setColorRange\": false,\n    \"colorsRange\": [],\n    \"invertColors\": false,\n    \"percentageMode\": false,\n    \"valueAxes\": [\n      {\n        \"show\": false,\n        \"id\": \"ValueAxis-1\",\n        \"type\": \"value\",\n        \"scale\": {\n          \"type\": \"square root\",\n          \"defaultYExtents\": false\n        },\n        \"labels\": {\n          \"show\": false,\n          \"rotate\": 0,\n          \"color\": \"#555\",\n          \"overwriteColor\": false\n        }\n      }\n    ],\n    \"type\": \"heatmap\"\n  },\n  \"aggs\": [\n    {\n      \"id\": \"1\",\n      \"enabled\": true,\n      \"type\": \"count\",\n      \"schema\": \"metric\",\n      \"params\": {}\n    },\n    {\n      \"id\": \"3\",\n      \"enabled\": true,\n      \"type\": \"terms\",\n      \"schema\": \"group\",\n      \"params\": {\n        \"field\": \"dest_port\",\n        \"size\": 10,\n        \"order\": \"desc\",\n        \"orderBy\": \"1\",\n        \"otherBucket\": false,\n        \"otherBucketLabel\": \"Other\",\n        \"missingBucket\": false,\n        \"missingBucketLabel\": \"Missing\",\n        \"customLabel\": \"Destination Port\"\n      }\n    },\n    {\n      \"id\": \"2\",\n      \"enabled\": true,\n      \"type\": \"date_histogram\",\n      \"schema\": \"segment\",\n      \"params\": {\n        \"field\": \"@timestamp\",\n        \"interval\": \"auto\",\n        \"customInterval\": \"2h\",\n        \"min_doc_count\": 1,\n        \"extended_bounds\": {},\n        \"customLabel\": \"Timestamp\"\n      }\n    }\n  ]\n}",
 | |
|       "uiStateJSON": "{\n  \"vis\": {\n    \"defaultColors\": {\n      \"0 - 500\": \"rgb(0,104,55)\",\n      \"500 - 1000\": \"rgb(26,151,80)\",\n      \"1000 - 1500\": \"rgb(102,189,99)\",\n      \"1500 - 2000\": \"rgb(166,217,106)\",\n      \"2000 - 2500\": \"rgb(217,239,139)\",\n      \"2500 - 3000\": \"rgb(255,255,190)\",\n      \"3000 - 3500\": \"rgb(254,224,139)\",\n      \"3500 - 4000\": \"rgb(253,174,97)\",\n      \"4000 - 4500\": \"rgb(244,109,67)\",\n      \"4500 - 5000\": \"rgb(214,47,39)\"\n    }\n  },\n  \"spy\": {\n    \"mode\": {\n      \"name\": null,\n      \"fill\": false\n    }\n  }\n}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "385ea460-ad22-11e8-942c-a39712fa9ddf",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\n  \"query\": {\n    \"query\": \"\",\n    \"language\": \"lucene\"\n  },\n  \"filter\": []\n}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "1a097850-7c22-11e7-aa1e-6bf93670d67b",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Suricata CVE - Top 10",
 | |
|       "visState": "{\"title\":\"Suricata CVE - Top 10\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"CNT\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"alert.cve_id.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"CVE ID\"}}],\"listeners\":{}}",
 | |
|       "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "Suricata-Logs",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "124a1140-488e-11e8-9b3d-f36e8d4f5cb2",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Heralding Top Credentials Per Protocol",
 | |
|       "visState": "{\"title\":\"Heralding Top Credentials Per Protocol\",\"type\":\"table\",\"params\":{\"perPage\":100,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"CNT\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"proto.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Protocol\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"username.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":3,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Username\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"password.keyword\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":3,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Password\"}}]}",
 | |
|       "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":null}}}}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "c2bea500-47ca-11e8-a905-f74bbc7cbd2d",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "0e230290-859b-11e7-8f60-4f4666b0a88e",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Suricata Destination Ports Histogram",
 | |
|       "visState": "{\"title\":\"Suricata Destination Ports Histogram\",\"type\":\"area\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"Timestamp\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"square root\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"area\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"step-after\",\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"dest_port\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\"Timestamp\"}}],\"listeners\":{}}",
 | |
|       "uiStateJSON": "{}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "Suricata-Logs",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "2fc62270-e872-11e8-a876-6bccfb9086f2",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Medpot Data - Top 10",
 | |
|       "visState": "{\"title\":\"Medpot Data - Top 10\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"CNT\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"data.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Data\"}}]}",
 | |
|       "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "baa53b00-b597-11e8-9a34-d951cebce834",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "1268af10-4889-11e8-9b3d-f36e8d4f5cb2",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Heralding Username Tagcloud",
 | |
|       "visState": "{\"title\":\"Heralding Username Tagcloud\",\"type\":\"tagcloud\",\"params\":{\"scale\":\"linear\",\"orientation\":\"single\",\"minFontSize\":16,\"maxFontSize\":64,\"showLabel\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"username.keyword\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}",
 | |
|       "uiStateJSON": "{}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "c2bea500-47ca-11e8-a905-f74bbc7cbd2d",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "0169b450-8b62-11e7-ba35-0d8832ac304f",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Mailoney SMTP Input - Top 10",
 | |
|       "visState": "{\"title\":\"Mailoney SMTP Input - Top 10\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"CNT\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"smtp_input.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"SMTP Input\"}}]}",
 | |
|       "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "9c35dd90-6977-11e7-9c11-8d9c11943fa0",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "160f9cb0-e85b-11e8-97df-bbc3de28ece0",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Glutton Method",
 | |
|       "visState": "{\"title\":\"Glutton Method\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":true,\"legendPosition\":\"right\",\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"method.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}",
 | |
|       "uiStateJSON": "{}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "385ea460-ad22-11e8-942c-a39712fa9ddf",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "Dionaea-Map",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Dionaea Attack Map",
 | |
|       "visState": "{\"title\":\"Dionaea Attack Map\",\"type\":\"tile_map\",\"params\":{\"mapType\":\"Shaded Circle Markers\",\"isDesaturated\":false,\"addTooltip\":true,\"heatMaxZoom\":16,\"heatMinOpacity\":0.1,\"heatRadius\":25,\"heatBlur\":15,\"heatNormalizeData\":true,\"wms\":{\"enabled\":false,\"url\":\"http://ows.terrestris.de/osm/service\",\"options\":{\"version\":\"1.3.0\",\"layers\":\"OSM-WMS\",\"format\":\"image/png\",\"transparent\":true,\"attribution\":\"© <a href=\\\"http://www.openstreetmap.org/copyright\\\">OpenStreetMap</a> contributors\",\"styles\":\"\"},\"baseLayersAreLoaded\":{},\"tmsLayers\":[{\"id\":\"road_map\",\"url\":\"https://tiles.maps.elastic.co/v2/default/{z}/{x}/{y}.png?elastic_tile_service_tos=agree&my_app_name=kibana&my_app_version=6.4.3&license=9fb155de-424a-423c-a59a-07b920363565\",\"minZoom\":0,\"maxZoom\":18,\"attribution\":\"<p>© <a href=\\\"http://www.openstreetmap.org/copyright\\\">OpenStreetMap</a> contributors | <a href=\\\"https://www.elastic.co/elastic-maps-service\\\">Elastic Maps Service</a></p>
\",\"subdomains\":[]}],\"selectedTmsLayer\":{\"id\":\"road_map\",\"url\":\"https://tiles.maps.elastic.co/v2/default/{z}/{x}/{y}.png?elastic_tile_service_tos=agree&my_app_name=kibana&my_app_version=6.4.3&license=9fb155de-424a-423c-a59a-07b920363565\",\"minZoom\":0,\"maxZoom\":18,\"attribution\":\"<p>© <a href=\\\"http://www.openstreetmap.org/copyright\\\">OpenStreetMap</a> contributors | <a href=\\\"https://www.elastic.co/elastic-maps-service\\\">Elastic Maps Service</a></p>
\",\"subdomains\":[]}},\"legendPosition\":\"bottomright\",\"mapZoom\":2,\"mapCenter\":[0,0],\"colorSchema\":\"Yellow to Red\",\"heatClusterSize\":1.5},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"geohash_grid\",\"schema\":\"segment\",\"params\":{\"field\":\"geoip.location\",\"autoPrecision\":true,\"isFilteredByCollar\":true,\"useGeocentroid\":true,\"mapZoom\":2,\"mapCenter\":{\"lon\":0,\"lat\":-0.17578097424708533},\"precision\":2}}]}",
 | |
|       "uiStateJSON": "{}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "Dionaea-Logs",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "Dionaea-Logs",
 | |
|     "_type": "search",
 | |
|     "_source": {
 | |
|       "title": "Dionaea-Logs",
 | |
|       "description": "",
 | |
|       "hits": 0,
 | |
|       "columns": [
 | |
|         "_source"
 | |
|       ],
 | |
|       "sort": [
 | |
|         "@timestamp",
 | |
|         "desc"
 | |
|       ],
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"index\":\"logstash-*\",\"filter\":[],\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}},\"require_field_match\":false,\"fragment_size\":2147483647},\"query\":{\"query\":{\"query_string\":{\"query\":\"type:\\\"Dionaea\\\"\",\"analyze_wildcard\":true}},\"language\":\"lucene\"}}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "Cowrie-Logs",
 | |
|     "_type": "search",
 | |
|     "_source": {
 | |
|       "title": "Cowrie-Logs",
 | |
|       "description": "",
 | |
|       "hits": 0,
 | |
|       "columns": [
 | |
|         "_source"
 | |
|       ],
 | |
|       "sort": [
 | |
|         "@timestamp",
 | |
|         "desc"
 | |
|       ],
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"index\":\"logstash-*\",\"filter\":[],\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}},\"require_field_match\":false,\"fragment_size\":2147483647},\"query\":{\"query\":{\"query_string\":{\"query\":\"type:\\\"Cowrie\\\"\",\"analyze_wildcard\":true}},\"language\":\"lucene\"}}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "Honeypot-Logs",
 | |
|     "_type": "search",
 | |
|     "_source": {
 | |
|       "title": "Honeypot-Logs",
 | |
|       "description": "",
 | |
|       "hits": 0,
 | |
|       "columns": [
 | |
|         "_source"
 | |
|       ],
 | |
|       "sort": [
 | |
|         "@timestamp",
 | |
|         "desc"
 | |
|       ],
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"index\":\"logstash-*\",\"filter\":[],\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}},\"require_field_match\":false,\"fragment_size\":2147483647},\"query\":{\"language\":\"lucene\",\"query\":\"type:\\\"Ciscoasa\\\" OR type:\\\"ConPot\\\" OR type:\\\"Cowrie\\\" OR type:\\\"Dionaea\\\" OR type:\\\"ElasticPot\\\" OR type:\\\"Glastopf\\\" OR type:\\\"Glutton\\\" OR type:\\\"Heralding\\\" OR type:\\\"Honeytrap\\\" OR type:\\\"Mailoney\\\" OR type:\\\"Medpot\\\" OR type:\\\"Rdpy\\\" OR type:\\\"Tanner\\\"\"},\"highlightAll\":true,\"version\":true}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "d800f130-633f-11e8-be86-73985bedf977",
 | |
|     "_type": "search",
 | |
|     "_source": {
 | |
|       "title": "Tanner-Logs",
 | |
|       "description": "",
 | |
|       "hits": 0,
 | |
|       "columns": [
 | |
|         "_source"
 | |
|       ],
 | |
|       "sort": [
 | |
|         "@timestamp",
 | |
|         "desc"
 | |
|       ],
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"index\":\"logstash-*\",\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"type:\\\"Tanner\\\"\",\"language\":\"lucene\"},\"filter\":[]}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "Honeytrap-Logs",
 | |
|     "_type": "search",
 | |
|     "_source": {
 | |
|       "title": "Honeytrap-Logs",
 | |
|       "description": "",
 | |
|       "hits": 0,
 | |
|       "columns": [
 | |
|         "_source"
 | |
|       ],
 | |
|       "sort": [
 | |
|         "@timestamp",
 | |
|         "desc"
 | |
|       ],
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"index\":\"logstash-*\",\"filter\":[],\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}},\"require_field_match\":false,\"fragment_size\":2147483647},\"query\":{\"query\":{\"query_string\":{\"query\":\"type:\\\"Honeytrap\\\"\",\"analyze_wildcard\":true}},\"language\":\"lucene\"}}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "385ea460-ad22-11e8-942c-a39712fa9ddf",
 | |
|     "_type": "search",
 | |
|     "_source": {
 | |
|       "title": "Glutton-Logs",
 | |
|       "description": "",
 | |
|       "hits": 0,
 | |
|       "columns": [
 | |
|         "_source"
 | |
|       ],
 | |
|       "sort": [
 | |
|         "@timestamp",
 | |
|         "desc"
 | |
|       ],
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"index\":\"logstash-*\",\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"type:\\\"Glutton\\\"\",\"language\":\"lucene\"},\"filter\":[]}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "NGINX-Logs",
 | |
|     "_type": "search",
 | |
|     "_source": {
 | |
|       "title": "NGINX-Logs",
 | |
|       "description": "",
 | |
|       "hits": 0,
 | |
|       "columns": [
 | |
|         "_source"
 | |
|       ],
 | |
|       "sort": [
 | |
|         "@timestamp",
 | |
|         "desc"
 | |
|       ],
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"index\":\"logstash-*\",\"filter\":[],\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}},\"require_field_match\":false,\"fragment_size\":2147483647},\"query\":{\"query\":{\"query_string\":{\"query\":\"type:\\\"NGINX\\\"\",\"analyze_wildcard\":true}},\"language\":\"lucene\"}}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "ConPot-Logs",
 | |
|     "_type": "search",
 | |
|     "_source": {
 | |
|       "title": "ConPot-Logs",
 | |
|       "description": "",
 | |
|       "hits": 0,
 | |
|       "columns": [
 | |
|         "_source"
 | |
|       ],
 | |
|       "sort": [
 | |
|         "@timestamp",
 | |
|         "desc"
 | |
|       ],
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"index\":\"logstash-*\",\"filter\":[],\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}},\"require_field_match\":false,\"fragment_size\":2147483647},\"query\":{\"query\":{\"query_string\":{\"query\":\"type:\\\"ConPot\\\"\",\"analyze_wildcard\":true}},\"language\":\"lucene\"}}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "aa750980-8ab5-11e7-8fef-33e989079c7d",
 | |
|     "_type": "search",
 | |
|     "_source": {
 | |
|       "title": "Rdpy-Logs",
 | |
|       "description": "",
 | |
|       "hits": 0,
 | |
|       "columns": [
 | |
|         "_source"
 | |
|       ],
 | |
|       "sort": [
 | |
|         "@timestamp",
 | |
|         "desc"
 | |
|       ],
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"index\":\"logstash-*\",\"highlightAll\":true,\"version\":true,\"query\":{\"query\":{\"query_string\":{\"query\":\"type:\\\"Rdpy\\\"\",\"analyze_wildcard\":true}},\"language\":\"lucene\"},\"filter\":[]}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "3290fa70-69a2-11e7-bcac-d3ee6f9c26fd",
 | |
|     "_type": "search",
 | |
|     "_source": {
 | |
|       "title": "NSM-Logs",
 | |
|       "description": "",
 | |
|       "hits": 0,
 | |
|       "columns": [
 | |
|         "_source"
 | |
|       ],
 | |
|       "sort": [
 | |
|         "@timestamp",
 | |
|         "desc"
 | |
|       ],
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"index\":\"logstash-*\",\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query\":{\"query_string\":{\"query\":\"type:\\\"Suricata\\\" OR type:\\\"p0f\\\"\",\"analyze_wildcard\":true}},\"language\":\"lucene\"}}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "2934abc0-4ad4-11e8-ab1b-fdef76c312f4",
 | |
|     "_type": "search",
 | |
|     "_source": {
 | |
|       "title": "Ciscoasa-Logs",
 | |
|       "description": "",
 | |
|       "hits": 0,
 | |
|       "columns": [
 | |
|         "_source"
 | |
|       ],
 | |
|       "sort": [
 | |
|         "@timestamp",
 | |
|         "desc"
 | |
|       ],
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"index\":\"logstash-*\",\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"type:\\\"Ciscoasa\\\"\",\"language\":\"lucene\"},\"filter\":[]}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "9c35dd90-6977-11e7-9c11-8d9c11943fa0",
 | |
|     "_type": "search",
 | |
|     "_source": {
 | |
|       "title": "Mailoney-Logs",
 | |
|       "description": "",
 | |
|       "hits": 0,
 | |
|       "columns": [
 | |
|         "_source"
 | |
|       ],
 | |
|       "sort": [
 | |
|         "@timestamp",
 | |
|         "desc"
 | |
|       ],
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"index\":\"logstash-*\",\"highlightAll\":true,\"version\":true,\"query\":{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"type:\\\"Mailoney\\\"\",\"default_field\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "ElasticPot-Logs",
 | |
|     "_type": "search",
 | |
|     "_source": {
 | |
|       "title": "ElasticPot-Logs",
 | |
|       "description": "",
 | |
|       "hits": 0,
 | |
|       "columns": [
 | |
|         "_source"
 | |
|       ],
 | |
|       "sort": [
 | |
|         "@timestamp",
 | |
|         "desc"
 | |
|       ],
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"index\":\"logstash-*\",\"filter\":[],\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}},\"require_field_match\":false,\"fragment_size\":2147483647},\"query\":{\"query\":{\"query_string\":{\"query\":\"type:\\\"ElasticPot\\\"\",\"analyze_wildcard\":true}},\"language\":\"lucene\"}}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "Suricata-Logs",
 | |
|     "_type": "search",
 | |
|     "_source": {
 | |
|       "title": "Suricata-Logs",
 | |
|       "description": "",
 | |
|       "hits": 0,
 | |
|       "columns": [
 | |
|         "_source"
 | |
|       ],
 | |
|       "sort": [
 | |
|         "@timestamp",
 | |
|         "desc"
 | |
|       ],
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"index\":\"logstash-*\",\"filter\":[],\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}},\"require_field_match\":false,\"fragment_size\":2147483647},\"query\":{\"query\":{\"query_string\":{\"query\":\"type:\\\"Suricata\\\"\",\"analyze_wildcard\":true}},\"language\":\"lucene\"}}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "Glastopf-Logs",
 | |
|     "_type": "search",
 | |
|     "_source": {
 | |
|       "title": "Glastopf-Logs",
 | |
|       "description": "",
 | |
|       "hits": 0,
 | |
|       "columns": [
 | |
|         "_source"
 | |
|       ],
 | |
|       "sort": [
 | |
|         "@timestamp",
 | |
|         "desc"
 | |
|       ],
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"index\":\"logstash-*\",\"filter\":[],\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}},\"require_field_match\":false,\"fragment_size\":2147483647},\"query\":{\"query\":{\"query_string\":{\"query\":\"type:\\\"Glastopf\\\"\",\"analyze_wildcard\":true}},\"language\":\"lucene\"}}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "P0f-Logs",
 | |
|     "_type": "search",
 | |
|     "_source": {
 | |
|       "title": "P0f-Logs",
 | |
|       "description": "",
 | |
|       "hits": 0,
 | |
|       "columns": [
 | |
|         "_source"
 | |
|       ],
 | |
|       "sort": [
 | |
|         "@timestamp",
 | |
|         "desc"
 | |
|       ],
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"index\":\"logstash-*\",\"filter\":[],\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}},\"require_field_match\":false,\"fragment_size\":2147483647},\"query\":{\"query\":{\"query_string\":{\"query\":\"type:\\\"P0f\\\"\",\"analyze_wildcard\":true}},\"language\":\"lucene\"}}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "baa53b00-b597-11e8-9a34-d951cebce834",
 | |
|     "_type": "search",
 | |
|     "_source": {
 | |
|       "title": "Medpot-Logs",
 | |
|       "description": "",
 | |
|       "hits": 0,
 | |
|       "columns": [
 | |
|         "_source"
 | |
|       ],
 | |
|       "sort": [
 | |
|         "@timestamp",
 | |
|         "desc"
 | |
|       ],
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"index\":\"logstash-*\",\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"type:\\\"Medpot\\\"\"},\"filter\":[]}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "c2bea500-47ca-11e8-a905-f74bbc7cbd2d",
 | |
|     "_type": "search",
 | |
|     "_source": {
 | |
|       "title": "Heralding-Logs",
 | |
|       "description": "",
 | |
|       "hits": 0,
 | |
|       "columns": [
 | |
|         "_source"
 | |
|       ],
 | |
|       "sort": [
 | |
|         "@timestamp",
 | |
|         "desc"
 | |
|       ],
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"index\":\"logstash-*\",\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"type:\\\"Heralding\\\"\",\"language\":\"lucene\"},\"filter\":[]}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "c3b89bc0-69a7-11e7-bcac-d3ee6f9c26fd",
 | |
|     "_type": "search",
 | |
|     "_source": {
 | |
|       "title": "T-Pot-Logs",
 | |
|       "description": "",
 | |
|       "hits": 0,
 | |
|       "columns": [
 | |
|         "_source"
 | |
|       ],
 | |
|       "sort": [
 | |
|         "@timestamp",
 | |
|         "desc"
 | |
|       ],
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"index\":\"logstash-*\",\"query\":{\"language\":\"lucene\",\"query\":\"type:\\\"Ciscoasa\\\" OR type:\\\"ConPot\\\" OR type:\\\"Cowrie\\\" OR type:\\\"Dionaea\\\" OR type:\\\"ElasticPot\\\" OR type:\\\"Glastopf\\\" OR type:\\\"Glutton\\\" OR type:\\\"Heralding\\\" OR type:\\\"Honeytrap\\\" OR type:\\\"Mailoney\\\" OR type:\\\"Medpot\\\" OR type:\\\"P0f\\\" OR type:\\\"Rdpy\\\" OR type:\\\"Suricata\\\" OR type:\\\"Tanner\\\"\"},\"highlightAll\":true,\"version\":true,\"filter\":[]}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "48f595c0-e7f8-11e8-9ac4-13ecd4ad8d70",
 | |
|     "_type": "dashboard",
 | |
|     "_source": {
 | |
|       "title": "Medpot",
 | |
|       "hits": 0,
 | |
|       "description": "Medpot Dashboard",
 | |
|       "panelsJSON": "[{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":0,\"w\":14,\"h\":6,\"i\":\"13\"},\"id\":\"65fdfd10-e7f8-11e8-9ac4-13ecd4ad8d70\",\"panelIndex\":\"13\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":14,\"y\":0,\"w\":10,\"h\":6,\"i\":\"14\"},\"id\":\"17130490-e7fb-11e8-9ac4-13ecd4ad8d70\",\"panelIndex\":\"14\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":6,\"w\":24,\"h\":11,\"i\":\"15\"},\"id\":\"554c9550-e7fb-11e8-9ac4-13ecd4ad8d70\",\"panelIndex\":\"15\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"embeddableConfig\":{\"mapCenter\":[32.84267363195431,-5.273437500000001],\"mapZoom\":2},\"gridData\":{\"x\":24,\"y\":0,\"w\":24,\"h\":17,\"i\":\"16\"},\"id\":\"a81cba70-e7fc-11e8-9ac4-13ecd4ad8d70\",\"panelIndex\":\"16\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":17,\"w\":12,\"h\":11,\"i\":\"17\"},\"id\":\"099c23d0-e7fd-11e8-9ac4-13ecd4ad8d70\",\"panelIndex\":\"17\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":12,\"y\":17,\"w\":12,\"h\":11,\"i\":\"18\"},\"id\":\"15b696f0-e7fd-11e8-9ac4-13ecd4ad8d70\",\"panelIndex\":\"18\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":24,\"y\":17,\"w\":24,\"h\":11,\"i\":\"19\"},\"id\":\"490b4e60-e7fd-11e8-9ac4-13ecd4ad8d70\",\"panelIndex\":\"19\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":28,\"w\":12,\"h\":20,\"i\":\"20\"},\"id\":\"5b69e990-e7fd-11e8-9ac4-13ecd4ad8d70\",\"panelIndex\":\"20\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":12,\"y\":28,\"w\":12,\"h\":20,\"i\":\"21\"},\"id\":\"e3f00420-e7fd-11e8-9ac4-13ecd4ad8d70\",\"panelIndex\":\"21\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"gridData\":{\"x\":24,\"y\":28,\"w\":24,\"h\":20,\"i\":\"22\"},\"version\":\"6.4.3\",\"panelIndex\":\"22\",\"type\":\"visualization\",\"id\":\"2fc62270-e872-11e8-a876-6bccfb9086f2\",\"embeddableConfig\":{}}]",
 | |
|       "optionsJSON": "{\"darkTheme\":true,\"useMargins\":true}",
 | |
|       "version": 1,
 | |
|       "timeRestore": false,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\"}}}}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "d1aa9740-7e9e-11e7-a286-9f03beba6417",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Honeypot Attack Map",
 | |
|       "visState": "{\"title\":\"Honeypot Attack Map\",\"type\":\"tile_map\",\"params\":{\"mapType\":\"Shaded Circle Markers\",\"isDesaturated\":false,\"addTooltip\":true,\"heatMaxZoom\":0,\"heatMinOpacity\":0.1,\"heatRadius\":25,\"heatBlur\":15,\"legendPosition\":\"bottomright\",\"mapZoom\":2,\"mapCenter\":[0,0],\"wms\":{\"enabled\":false,\"url\":\"http://ows.terrestris.de/osm/service\",\"options\":{\"version\":\"1.3.0\",\"layers\":\"OSM-WMS\",\"format\":\"image/png\",\"transparent\":true,\"attribution\":\"© <a href=\\\"http://www.openstreetmap.org/copyright\\\">OpenStreetMap</a> contributors\",\"styles\":\"\"},\"baseLayersAreLoaded\":{},\"tmsLayers\":[{\"id\":\"road_map\",\"url\":\"https://tiles.maps.elastic.co/v2/default/{z}/{x}/{y}.png?elastic_tile_service_tos=agree&my_app_name=kibana&my_app_version=6.4.2&license=9fb155de-424a-423c-a59a-07b920363565\",\"minZoom\":0,\"maxZoom\":18,\"attribution\":\"<p>© <a href=\\\"http://www.openstreetmap.org/copyright\\\">OpenStreetMap</a> contributors | <a href=\\\"https://www.elastic.co/elastic-maps-service\\\">Elastic Maps Service</a></p>
\",\"subdomains\":[]}],\"selectedTmsLayer\":{\"id\":\"road_map\",\"url\":\"https://tiles.maps.elastic.co/v2/default/{z}/{x}/{y}.png?elastic_tile_service_tos=agree&my_app_name=kibana&my_app_version=6.4.2&license=9fb155de-424a-423c-a59a-07b920363565\",\"minZoom\":0,\"maxZoom\":18,\"attribution\":\"<p>© <a href=\\\"http://www.openstreetmap.org/copyright\\\">OpenStreetMap</a> contributors | <a href=\\\"https://www.elastic.co/elastic-maps-service\\\">Elastic Maps Service</a></p>
\",\"subdomains\":[]}},\"colorSchema\":\"Yellow to Red\",\"heatClusterSize\":1.5},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"geohash_grid\",\"schema\":\"segment\",\"params\":{\"field\":\"geoip.location\",\"autoPrecision\":true,\"isFilteredByCollar\":true,\"useGeocentroid\":true,\"mapZoom\":2,\"mapCenter\":{\"lon\":0,\"lat\":-0.17578097424708533},\"precision\":3}}]}",
 | |
|       "uiStateJSON": "{}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "Honeypot-Logs",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "885928c0-7ebe-11e7-a286-9f03beba6417",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Attacks by Country Histogram",
 | |
|       "visState": "{\"title\":\"Attacks by Country Histogram\",\"type\":\"area\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"Timestamp\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"square root\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"area\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"top\",\"times\":[],\"addTimeMarker\":false,\"type\":\"area\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"geoip.country_name.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\"Timestamp\"}}]}",
 | |
|       "uiStateJSON": "{}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "Honeypot-Logs",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "d94ff2a0-7ec2-11e7-a286-9f03beba6417",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Attacker AS/N - Top 10",
 | |
|       "visState": "{\"title\":\"Attacker AS/N - Top 10\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"CNT\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"geoip.asn\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"AS\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"geoip.as_org.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"ASN\"}}]}",
 | |
|       "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "Honeypot-Logs",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "e77bc660-e9d3-11e8-be2c-8fd05c77f582",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Honeypot Attacks - Top 10",
 | |
|       "visState": "{\"title\":\"Honeypot Attacks - Top 10\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":21}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Attacks\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"type.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}",
 | |
|       "uiStateJSON": "{}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "Honeypot-Logs",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "772cb2b0-7ec3-11e7-a7c8-5f38ad5bf75f",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Attacker Source IP - Top 10",
 | |
|       "visState": "{\"title\":\"Attacker Source IP - Top 10\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"CNT\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"src_ip.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"}}]}",
 | |
|       "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "Honeypot-Logs",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "f1a19000-7ebf-11e7-a286-9f03beba6417",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Attacks by Country and Port",
 | |
|       "visState": "{\"title\":\"Attacks by Country and Port\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"top\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"split\",\"params\":{\"field\":\"geoip.country_name.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"\",\"row\":false}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"dest_port\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"\"}}]}",
 | |
|       "uiStateJSON": "{}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "Honeypot-Logs",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "50d82860-7ea0-11e7-a286-9f03beba6417",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Attacks by Country",
 | |
|       "visState": "{\"title\":\"Attacks by Country\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"geoip.country_name.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}",
 | |
|       "uiStateJSON": "{}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "Honeypot-Logs",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "8d4e8300-ebde-11e8-9675-1b303bfb38ef",
 | |
|     "_type": "dashboard",
 | |
|     "_source": {
 | |
|       "title": ">T-Pot Test",
 | |
|       "hits": 0,
 | |
|       "description": "T-Pot Dashboard",
 | |
|       "panelsJSON": "[{\"embeddableConfig\":{\"vis\":{\"legendOpen\":true}},\"gridData\":{\"h\":15,\"i\":\"9\",\"w\":12,\"x\":24,\"y\":37},\"id\":\"P0f-OS-Top-10\",\"panelIndex\":\"9\",\"type\":\"visualization\",\"version\":\"6.3.0\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"h\":29,\"i\":\"21\",\"w\":20,\"x\":28,\"y\":86},\"id\":\"Suricata-Alert-Signature-Top-10\",\"panelIndex\":\"21\",\"type\":\"visualization\",\"version\":\"6.3.0\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"h\":29,\"i\":\"38\",\"w\":8,\"x\":20,\"y\":86},\"id\":\"1a097850-7c22-11e7-aa1e-6bf93670d67b\",\"panelIndex\":\"38\",\"type\":\"visualization\",\"version\":\"6.3.0\"},{\"embeddableConfig\":{\"vis\":{\"legendOpen\":true}},\"gridData\":{\"h\":15,\"i\":\"43\",\"w\":24,\"x\":24,\"y\":52},\"id\":\"e624bc50-7dd6-11e7-bee2-c98307c16efa\",\"panelIndex\":\"43\",\"type\":\"visualization\",\"version\":\"6.3.0\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"h\":29,\"i\":\"44\",\"w\":12,\"x\":0,\"y\":86},\"id\":\"d94ff2a0-7ec2-11e7-a286-9f03beba6417\",\"panelIndex\":\"44\",\"type\":\"visualization\",\"version\":\"6.3.0\"},{\"gridData\":{\"h\":15,\"i\":\"45\",\"w\":12,\"x\":36,\"y\":37},\"id\":\"50d82860-7ea0-11e7-a286-9f03beba6417\",\"panelIndex\":\"45\",\"type\":\"visualization\",\"version\":\"6.3.0\"},{\"embeddableConfig\":{\"spy\":{\"mode\":{\"fill\":false,\"name\":null}},\"vis\":{\"legendOpen\":true}},\"gridData\":{\"h\":15,\"i\":\"46\",\"w\":16,\"x\":0,\"y\":22},\"id\":\"7b61a6a0-7ebf-11e7-a286-9f03beba6417\",\"panelIndex\":\"46\",\"type\":\"visualization\",\"version\":\"6.3.0\"},{\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"gridData\":{\"h\":15,\"i\":\"47\",\"w\":16,\"x\":0,\"y\":7},\"id\":\"87428ba0-7e9d-11e7-a286-9f03beba6417\",\"panelIndex\":\"47\",\"type\":\"visualization\",\"version\":\"6.3.0\"},{\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"gridData\":{\"h\":15,\"i\":\"48\",\"w\":16,\"x\":16,\"y\":7},\"id\":\"762f66c0-7e9e-11e7-a286-9f03beba6417\",\"panelIndex\":\"48\",\"type\":\"visualization\",\"version\":\"6.3.0\"},{\"gridData\":{\"h\":15,\"i\":\"49\",\"w\":12,\"x\":12,\"y\":37},\"id\":\"0d947000-7ebd-11e7-a286-9f03beba6417\",\"panelIndex\":\"49\",\"type\":\"visualization\",\"version\":\"6.3.0\"},{\"embeddableConfig\":{\"vis\":{\"legendOpen\":true}},\"gridData\":{\"h\":15,\"i\":\"50\",\"w\":16,\"x\":32,\"y\":22},\"id\":\"885928c0-7ebe-11e7-a286-9f03beba6417\",\"panelIndex\":\"50\",\"type\":\"visualization\",\"version\":\"6.3.0\"},{\"embeddableConfig\":{\"vis\":{\"legendOpen\":true}},\"gridData\":{\"h\":15,\"i\":\"51\",\"w\":16,\"x\":16,\"y\":22},\"id\":\"ef227eb0-7e9d-11e7-a286-9f03beba6417\",\"panelIndex\":\"51\",\"type\":\"visualization\",\"version\":\"6.3.0\"},{\"embeddableConfig\":{\"mapCenter\":[24.5271348225978,-5.273437500000001],\"mapZoom\":1},\"gridData\":{\"h\":15,\"i\":\"52\",\"w\":16,\"x\":32,\"y\":7},\"id\":\"d1aa9740-7e9e-11e7-a286-9f03beba6417\",\"panelIndex\":\"52\",\"type\":\"visualization\",\"version\":\"6.3.0\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"h\":29,\"i\":\"53\",\"w\":8,\"x\":12,\"y\":86},\"id\":\"772cb2b0-7ec3-11e7-a7c8-5f38ad5bf75f\",\"panelIndex\":\"53\",\"type\":\"visualization\",\"version\":\"6.3.0\"},{\"embeddableConfig\":{\"vis\":{\"legendOpen\":true}},\"gridData\":{\"h\":15,\"i\":\"54\",\"w\":12,\"x\":0,\"y\":37},\"id\":\"349c11c0-7ea0-11e7-a286-9f03beba6417\",\"panelIndex\":\"54\",\"type\":\"visualization\",\"version\":\"6.3.0\"},{\"embeddableConfig\":{\"vis\":{\"legendOpen\":true}},\"gridData\":{\"h\":15,\"i\":\"55\",\"w\":24,\"x\":0,\"y\":52},\"id\":\"f1a19000-7ebf-11e7-a286-9f03beba6417\",\"panelIndex\":\"55\",\"type\":\"visualization\",\"version\":\"6.3.0\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":7,\"i\":\"56\",\"w\":48,\"x\":0,\"y\":0},\"id\":\"e77bc660-e9d3-11e8-be2c-8fd05c77f582\",\"panelIndex\":\"56\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"57\",\"w\":24,\"x\":0,\"y\":67},\"id\":\"56cdedf0-ec08-11e8-96db-ebfb2a58ccf6\",\"panelIndex\":\"57\",\"type\":\"visualization\",\"version\":\"6.4.3\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":19,\"i\":\"58\",\"w\":24,\"x\":24,\"y\":67},\"id\":\"9b89ddb0-ec07-11e8-96db-ebfb2a58ccf6\",\"panelIndex\":\"58\",\"type\":\"visualization\",\"version\":\"6.4.3\"}]",
 | |
|       "optionsJSON": "{\"darkTheme\":true,\"useMargins\":false}",
 | |
|       "version": 1,
 | |
|       "timeRestore": false,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\"}}}}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "7b61a6a0-7ebf-11e7-a286-9f03beba6417",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Attacks by Destination Port Histogram",
 | |
|       "visState": "{\"title\":\"Attacks by Destination Port Histogram\",\"type\":\"area\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"Timestamp\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"square root\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"area\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"step-after\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"top\",\"times\":[],\"addTimeMarker\":false,\"type\":\"area\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"dest_port\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\"Timestamp\"}}]}",
 | |
|       "uiStateJSON": "{\"spy\":{\"mode\":{\"name\":null,\"fill\":false}}}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "Honeypot-Logs",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "ef227eb0-7e9d-11e7-a286-9f03beba6417",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Attacks by Honeypot Histogram",
 | |
|       "visState": "{\"title\":\"Attacks by Honeypot Histogram\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"Timestamp\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"square root\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"line\",\"mode\":\"normal\",\"data\":{\"label\":\"Attacks\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"top\",\"times\":[],\"addTimeMarker\":false,\"type\":\"line\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Attacks\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"type.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\"Timestamp\"}}]}",
 | |
|       "uiStateJSON": "{}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "Honeypot-Logs",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "762f66c0-7e9e-11e7-a286-9f03beba6417",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Honeypot Attacks Histogram",
 | |
|       "visState": "{\"title\":\"Honeypot Attacks Histogram\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"Timestamp\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"square root\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"line\",\"mode\":\"normal\",\"data\":{\"label\":\"Attacks\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2},{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"3\",\"label\":\"Unique Source IPs\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"type\":\"line\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Attacks\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\"Timestamp\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"src_ip.keyword\",\"customLabel\":\"Unique Source IPs\"}}]}",
 | |
|       "uiStateJSON": "{}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "Honeypot-Logs",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "87428ba0-7e9d-11e7-a286-9f03beba6417",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Honeypot Attacks Bar",
 | |
|       "visState": "{\"title\":\"Honeypot Attacks Bar\",\"type\":\"histogram\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"filter\":false,\"rotate\":75,\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Honeypots\"},\"type\":\"category\"}],\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"legendPosition\":\"right\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Attacks\"},\"drawLinesBetweenPoints\":true,\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"times\":[],\"type\":\"histogram\",\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"square root\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"\"},\"type\":\"value\"}]},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Attacks\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"type.keyword\",\"size\":15,\"order\":\"asc\",\"orderBy\":\"_key\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Honeypots\"}}]}",
 | |
|       "uiStateJSON": "{}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "Honeypot-Logs",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "15f2c000-4ad5-11e8-ab1b-fdef76c312f4",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Ciscoasa Attacks Bar",
 | |
|       "visState": "{\"title\":\"Ciscoasa Attacks Bar\",\"type\":\"horizontal_bar\",\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":false,\"rotate\":90,\"filter\":false,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"square root\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Attacks\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true},{\"show\":true,\"mode\":\"normal\",\"type\":\"histogram\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"data\":{\"id\":\"2\",\"label\":\"Unique Src IPs\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Attacks\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"src_ip.keyword\",\"customLabel\":\"Unique Src IPs\"}}]}",
 | |
|       "uiStateJSON": "{}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "2934abc0-4ad4-11e8-ab1b-fdef76c312f4",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "3f646820-e851-11e8-97df-bbc3de28ece0",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Glutton Attacks",
 | |
|       "visState": "{\"title\":\"Glutton Attacks\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":24}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Attacks\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"src_ip.keyword\",\"customLabel\":\"Unique Src IPs\"}}]}",
 | |
|       "uiStateJSON": "{}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "385ea460-ad22-11e8-942c-a39712fa9ddf",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[],\"index\":\"logstash-*\"}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "79a71e90-dec1-11e8-87cf-239397d2b8d3",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Ciscoasa Attacks",
 | |
|       "visState": "{\"title\":\"Ciscoasa Attacks\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":24}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Attacks\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"src_ip.keyword\",\"customLabel\":\"Unique Src IPs\"}}]}",
 | |
|       "uiStateJSON": "{}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "2934abc0-4ad4-11e8-ab1b-fdef76c312f4",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "0d947000-7ebd-11e7-a286-9f03beba6417",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Attacks by Honeypot",
 | |
|       "visState": "{\"title\":\"Attacks by Honeypot\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"type.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}",
 | |
|       "uiStateJSON": "{}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "Honeypot-Logs",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "54d8c6a0-dec0-11e8-87cf-239397d2b8d3",
 | |
|     "_type": "dashboard",
 | |
|     "_source": {
 | |
|       "title": "Ciscoasa",
 | |
|       "hits": 0,
 | |
|       "description": "Ciscoasa Dashboard",
 | |
|       "panelsJSON": "[{\"embeddableConfig\":{\"vis\":{\"legendOpen\":true}},\"gridData\":{\"h\":6,\"i\":\"1\",\"w\":14,\"x\":0,\"y\":0},\"id\":\"15f2c000-4ad5-11e8-ab1b-fdef76c312f4\",\"panelIndex\":\"1\",\"type\":\"visualization\",\"version\":\"6.4.2\"},{\"embeddableConfig\":{\"vis\":{\"legendOpen\":true}},\"gridData\":{\"h\":11,\"i\":\"2\",\"w\":24,\"x\":0,\"y\":6},\"id\":\"8a455850-4ad5-11e8-ab1b-fdef76c312f4\",\"panelIndex\":\"2\",\"type\":\"visualization\",\"version\":\"6.4.2\"},{\"embeddableConfig\":{\"vis\":{\"legendOpen\":true}},\"gridData\":{\"h\":11,\"i\":\"3\",\"w\":24,\"x\":24,\"y\":17},\"id\":\"a72ec5f0-4ad5-11e8-ab1b-fdef76c312f4\",\"panelIndex\":\"3\",\"type\":\"visualization\",\"version\":\"6.4.2\"},{\"gridData\":{\"h\":11,\"i\":\"5\",\"w\":12,\"x\":0,\"y\":17},\"id\":\"d77bbba0-4ad5-11e8-ab1b-fdef76c312f4\",\"panelIndex\":\"5\",\"type\":\"visualization\",\"version\":\"6.4.2\"},{\"gridData\":{\"h\":11,\"i\":\"6\",\"w\":12,\"x\":12,\"y\":17},\"id\":\"fe02b580-4ad5-11e8-ab1b-fdef76c312f4\",\"panelIndex\":\"6\",\"type\":\"visualization\",\"version\":\"6.4.2\"},{\"gridData\":{\"h\":20,\"i\":\"7\",\"w\":24,\"x\":24,\"y\":28},\"id\":\"1a80b720-4ad6-11e8-ab1b-fdef76c312f4\",\"panelIndex\":\"7\",\"type\":\"visualization\",\"version\":\"6.4.2\"},{\"gridData\":{\"h\":20,\"i\":\"8\",\"w\":24,\"x\":0,\"y\":28},\"id\":\"2a543aa0-4ad6-11e8-ab1b-fdef76c312f4\",\"panelIndex\":\"8\",\"type\":\"visualization\",\"version\":\"6.4.2\"},{\"embeddableConfig\":{\"mapCenter\":[42.032974332441405,0.703125],\"mapZoom\":2},\"gridData\":{\"h\":17,\"i\":\"9\",\"w\":24,\"x\":24,\"y\":0},\"id\":\"b8745000-4ad5-11e8-ab1b-fdef76c312f4\",\"panelIndex\":\"9\",\"type\":\"visualization\",\"version\":\"6.4.2\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":6,\"i\":\"10\",\"w\":10,\"x\":14,\"y\":0},\"id\":\"79a71e90-dec1-11e8-87cf-239397d2b8d3\",\"panelIndex\":\"10\",\"type\":\"visualization\",\"version\":\"6.4.2\"}]",
 | |
|       "optionsJSON": "{\"darkTheme\":true,\"hidePanelTitles\":false,\"useMargins\":true}",
 | |
|       "version": 1,
 | |
|       "timeRestore": false,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[],\"highlightAll\":true,\"version\":true}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "d500a3c0-e6b8-11e8-b727-735f5b0e1502",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Heralding Attacks",
 | |
|       "visState": "{\"title\":\"Heralding Attacks\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":24}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Attacks\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"src_ip.keyword\",\"customLabel\":\"Unique Src IPs\"}}]}",
 | |
|       "uiStateJSON": "{}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "c2bea500-47ca-11e8-a905-f74bbc7cbd2d",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[],\"index\":\"logstash-*\"}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "f2742de0-e745-11e8-b4a6-215b0b97c069",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Mailoney Attacks",
 | |
|       "visState": "{\"title\":\"Mailoney Attacks\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":24}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Attacks\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"src_ip.keyword\",\"customLabel\":\"Unique Src IPs\"}}]}",
 | |
|       "uiStateJSON": "{}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "9c35dd90-6977-11e7-9c11-8d9c11943fa0",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[],\"index\":\"logstash-*\"}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "535b0c80-e761-11e8-803c-59c072645505",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Tanner Attacks",
 | |
|       "visState": "{\"title\":\"Tanner Attacks\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":24}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Attacks\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"src_ip.keyword\",\"customLabel\":\"Unique Src IPs\"}}]}",
 | |
|       "uiStateJSON": "{}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "d800f130-633f-11e8-be86-73985bedf977",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[],\"index\":\"logstash-*\"}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "94e13130-e756-11e8-b4a6-215b0b97c069",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Rdpy Attacks",
 | |
|       "visState": "{\"title\":\"Rdpy Attacks\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":24}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Attacks\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"src_ip.keyword\",\"customLabel\":\"Unique Src IPs\"}}]}",
 | |
|       "uiStateJSON": "{}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "aa750980-8ab5-11e7-8fef-33e989079c7d",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[],\"index\":\"logstash-*\"}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "f5e74220-e725-11e8-b4a6-215b0b97c069",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Honeytrap Attacks",
 | |
|       "visState": "{\"title\":\"Honeytrap Attacks\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":24}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Attacks\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"src_ip.keyword\",\"customLabel\":\"Unique Src IPs\"}}]}",
 | |
|       "uiStateJSON": "{}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "Honeytrap-Logs",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[],\"index\":\"logstash-*\"}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "409907c0-e6b5-11e8-b727-735f5b0e1502",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Glastopf Attacks",
 | |
|       "visState": "{\"title\":\"Glastopf Attacks\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":24}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Attacks\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"src_ip.keyword\",\"customLabel\":\"Unique Src IPs\"}}]}",
 | |
|       "uiStateJSON": "{}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "Glastopf-Logs",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[],\"index\":\"logstash-*\"}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "465d9810-e5cf-11e8-b72a-b734d2b55cd4",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Dionaea Attacks",
 | |
|       "visState": "{\"title\":\"Dionaea Attacks\",\"type\":\"metric\",\"params\":{\"addLegend\":false,\"addTooltip\":true,\"metric\":{\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"invertColors\":false,\"labels\":{\"show\":true},\"metricColorMode\":\"None\",\"percentageMode\":false,\"style\":{\"bgColor\":false,\"bgFill\":\"#000\",\"fontSize\":24,\"labelColor\":false,\"subText\":\"\"},\"useRanges\":false},\"type\":\"metric\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Attacks\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"src_ip.keyword\",\"customLabel\":\"Unique Src IPs\"}}]}",
 | |
|       "uiStateJSON": "{}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "Dionaea-Logs",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[],\"index\":\"logstash-*\"}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "45e32dc0-dec5-11e8-87cf-239397d2b8d3",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Cowrie Attacks",
 | |
|       "visState": "{\"title\":\"Cowrie Attacks\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":24}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Attacks\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"src_ip.keyword\",\"customLabel\":\"Unique Src IPs\"}}]}",
 | |
|       "uiStateJSON": "{}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "Cowrie-Logs",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[],\"index\":\"logstash-*\"}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "32814dd0-e851-11e8-97df-bbc3de28ece0",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Glutton Attacks Bar",
 | |
|       "visState": "{\"title\":\"Glutton Attacks Bar\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":false,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":false,\"rotate\":90,\"filter\":false,\"truncate\":200},\"title\":{\"text\":\"Honeytrap\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"BottomAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"square root\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Attacks\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true},{\"show\":true,\"mode\":\"normal\",\"type\":\"histogram\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"3\",\"label\":\"Unique Src IPs\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"type\":\"histogram\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Attacks\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"type.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"src_ip.keyword\",\"customLabel\":\"Unique Src IPs\"}}]}",
 | |
|       "uiStateJSON": "{}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "385ea460-ad22-11e8-942c-a39712fa9ddf",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "5234de80-8b5f-11e7-b92d-d39e43e3de0f",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Mailoney Attacks Bar",
 | |
|       "visState": "{\"title\":\"Mailoney Attacks Bar\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":false,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":false,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{\"text\":\"Mailoney\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"BottomAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"square root\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Attacks\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true},{\"show\":true,\"mode\":\"normal\",\"type\":\"histogram\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"3\",\"label\":\"Unique Src IPs\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"type\":\"histogram\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Attacks\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"type.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Mailoney\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"src_ip.keyword\",\"customLabel\":\"Unique Src IPs\"}}]}",
 | |
|       "uiStateJSON": "{}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "9c35dd90-6977-11e7-9c11-8d9c11943fa0",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "51ca6ee0-80d5-11e7-ab37-eb92b1bfb573",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "NGINX Events Bar",
 | |
|       "visState": "{\"title\":\"NGINX Events Bar\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":false,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":false,\"rotate\":90,\"filter\":false,\"truncate\":200},\"title\":{\"text\":\"NGINX\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"BottomAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"square root\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Events\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true},{\"show\":true,\"mode\":\"normal\",\"type\":\"histogram\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"3\",\"label\":\"Unique Src IPs\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"type\":\"histogram\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Events\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"type.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"NGINX\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"src_ip.keyword\",\"customLabel\":\"Unique Src IPs\"}}]}",
 | |
|       "uiStateJSON": "{}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "NGINX-Logs",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "5014cee0-634e-11e8-be86-73985bedf977",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Tanner Attacks Bar",
 | |
|       "visState": "{\"title\":\"Tanner Attacks Bar\",\"type\":\"horizontal_bar\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"filter\":false,\"rotate\":90,\"show\":false,\"truncate\":200},\"position\":\"left\",\"scale\":{\"type\":\"linear\"},\"show\":false,\"style\":{},\"title\":{},\"type\":\"category\"}],\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"legendPosition\":\"right\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Attacks\"},\"drawLinesBetweenPoints\":true,\"mode\":\"normal\",\"show\":true,\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"},{\"data\":{\"id\":\"2\",\"label\":\"Unique Src IPs\"},\"drawLinesBetweenPoints\":true,\"mode\":\"normal\",\"show\":true,\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"times\":[],\"type\":\"histogram\",\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":true,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"bottom\",\"scale\":{\"mode\":\"normal\",\"type\":\"square root\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"\"},\"type\":\"value\"}]},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Attacks\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"src_ip.keyword\",\"customLabel\":\"Unique Src IPs\"}}]}",
 | |
|       "uiStateJSON": "{}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "d800f130-633f-11e8-be86-73985bedf977",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "17130490-e7fb-11e8-9ac4-13ecd4ad8d70",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Medpot Attacks",
 | |
|       "visState": "{\"title\":\"Medpot Attacks\",\"type\":\"metric\",\"params\":{\"addLegend\":false,\"addTooltip\":true,\"metric\":{\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"invertColors\":false,\"labels\":{\"show\":true},\"metricColorMode\":\"None\",\"percentageMode\":false,\"style\":{\"bgColor\":false,\"bgFill\":\"#000\",\"fontSize\":24,\"labelColor\":false,\"subText\":\"\"},\"useRanges\":false},\"type\":\"metric\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Attacks\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"src_ip.keyword\",\"customLabel\":\"Unique Src IPs\"}}]}",
 | |
|       "uiStateJSON": "{}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "baa53b00-b597-11e8-9a34-d951cebce834",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[],\"index\":\"logstash-*\"}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "3814c570-e68e-11e8-b727-735f5b0e1502",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "ElasticPot Attacks",
 | |
|       "visState": "{\"title\":\"ElasticPot Attacks\",\"type\":\"metric\",\"params\":{\"addLegend\":false,\"addTooltip\":true,\"metric\":{\"colorSchema\":\"Green to Red\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"invertColors\":false,\"labels\":{\"show\":true},\"metricColorMode\":\"None\",\"percentageMode\":false,\"style\":{\"bgColor\":false,\"bgFill\":\"#000\",\"fontSize\":24,\"labelColor\":false,\"subText\":\"\"},\"useRanges\":false},\"type\":\"metric\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Attacks\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"src_ip.keyword\",\"customLabel\":\"Unique Src IPs\"}}]}",
 | |
|       "uiStateJSON": "{}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "ElasticPot-Logs",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[],\"index\":\"logstash-*\"}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "4a60fe20-e75f-11e8-803c-59c072645505",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Suricata Events",
 | |
|       "visState": "{\"title\":\"Suricata Events\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":24}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Events\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"src_ip.keyword\",\"customLabel\":\"Unique Src IPs\"}}]}",
 | |
|       "uiStateJSON": "{}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "Suricata-Logs",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[],\"index\":\"logstash-*\"}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "07581df0-e752-11e8-b4a6-215b0b97c069",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "NGINX Events",
 | |
|       "visState": "{\"title\":\"NGINX Events\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":24}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Events\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"src_ip.keyword\",\"customLabel\":\"Unique Src IPs\"}}]}",
 | |
|       "uiStateJSON": "{}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "NGINX-Logs",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[],\"index\":\"logstash-*\"}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "10e765a0-e51e-11e8-8a75-d5f374dbaebe",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Conpot Attacks",
 | |
|       "visState": "{\"title\":\"Conpot Attacks\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":24}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Attacks\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"src_ip.keyword\",\"customLabel\":\"Unique Src IPs\"}}]}",
 | |
|       "uiStateJSON": "{}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "ConPot-Logs",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "65fdfd10-e7f8-11e8-9ac4-13ecd4ad8d70",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Medpot Attacks Bar",
 | |
|       "visState": "{\"title\":\"Medpot Attacks Bar\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":false,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":false,\"rotate\":90,\"filter\":false,\"truncate\":200},\"title\":{\"text\":\"ElasticPot\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"BottomAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"square root\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Attacks\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true},{\"show\":true,\"mode\":\"normal\",\"type\":\"histogram\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"3\",\"label\":\"Unique Src IPs\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"type\":\"histogram\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Attacks\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"type.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"ElasticPot\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"src_ip.keyword\",\"customLabel\":\"Unique Src IPs\"}}]}",
 | |
|       "uiStateJSON": "{}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "baa53b00-b597-11e8-9a34-d951cebce834",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "0de24040-8b52-11e7-b92d-d39e43e3de0f",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Rdpy Attacks Bar",
 | |
|       "visState": "{\"title\":\"Rdpy Attacks Bar\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":false,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":false,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{\"text\":\"Rdpy\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"BottomAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"square root\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Attacks\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true},{\"show\":true,\"mode\":\"normal\",\"type\":\"histogram\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"3\",\"label\":\"Unique Src IPs\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"type\":\"histogram\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Attacks\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"type.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Rdpy\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"src_ip.keyword\",\"customLabel\":\"Unique Src IPs\"}}]}",
 | |
|       "uiStateJSON": "{}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "aa750980-8ab5-11e7-8fef-33e989079c7d",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "d01a6390-827e-11e7-afbf-a7491fba5d8a",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "ElasticPot Attacks Bar",
 | |
|       "visState": "{\"title\":\"ElasticPot Attacks Bar\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":false,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":false,\"rotate\":90,\"filter\":false,\"truncate\":200},\"title\":{\"text\":\"ElasticPot\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"BottomAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"square root\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Attacks\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true},{\"show\":true,\"mode\":\"normal\",\"type\":\"histogram\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"3\",\"label\":\"Unique Src IPs\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"type\":\"histogram\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Attacks\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"type.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"ElasticPot\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"src_ip.keyword\",\"customLabel\":\"Unique Src IPs\"}}]}",
 | |
|       "uiStateJSON": "{}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "ElasticPot-Logs",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "6ee70b90-8374-11e7-9adb-2955c2136c8c",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Honeytrap Attacks Bar",
 | |
|       "visState": "{\"title\":\"Honeytrap Attacks Bar\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":false,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":false,\"rotate\":90,\"filter\":false,\"truncate\":200},\"title\":{\"text\":\"Honeytrap\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"BottomAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"square root\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Attacks\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true},{\"show\":true,\"mode\":\"normal\",\"type\":\"histogram\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"3\",\"label\":\"Unique Src IPs\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"type\":\"histogram\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Attacks\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"type.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"src_ip.keyword\",\"customLabel\":\"Unique Src IPs\"}}]}",
 | |
|       "uiStateJSON": "{}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "Honeytrap-Logs",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "307afd60-82a9-11e7-bcbe-2b6958a9c888",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Glastopf Attacks Bar",
 | |
|       "visState": "{\"title\":\"Glastopf Attacks Bar\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":false,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":false,\"rotate\":90,\"filter\":false,\"truncate\":200},\"title\":{\"text\":\"Glastopf\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"BottomAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"square root\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Attacks\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true},{\"show\":true,\"mode\":\"normal\",\"type\":\"histogram\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"3\",\"label\":\"Unique Src IPs\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"type\":\"histogram\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Attacks\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"type.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"src_ip.keyword\",\"customLabel\":\"Unique Src IPs\"}}]}",
 | |
|       "uiStateJSON": "{}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "Glastopf-Logs",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "62fde9a0-858d-11e7-a686-392ac617767d",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Conpot Attacks Bar",
 | |
|       "visState": "{\"title\":\"Conpot Attacks Bar\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":false,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":false,\"rotate\":90,\"filter\":false,\"truncate\":200},\"title\":{\"text\":\"ConPot\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"BottomAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"square root\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Attacks\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true},{\"show\":true,\"mode\":\"normal\",\"type\":\"histogram\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"3\",\"label\":\"Unique Src IPs\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"type\":\"histogram\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Attacks\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"type.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Conpot\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"src_ip.keyword\",\"customLabel\":\"Unique Src IPs\"}}]}",
 | |
|       "uiStateJSON": "{}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "ConPot-Logs",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "b9343070-80e9-11e7-a689-67e589a14a8a",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Dionaea Attacks Bar",
 | |
|       "visState": "{\"title\":\"Dionaea Attacks Bar\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":false,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":false,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{\"text\":\"Dionaea\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"BottomAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"square root\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Attacks\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true},{\"show\":true,\"mode\":\"normal\",\"type\":\"histogram\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"3\",\"label\":\"Unique Src IPs\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"type\":\"histogram\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Attacks\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"type.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Dionaea\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"src_ip.keyword\",\"customLabel\":\"Unique Src IPs\"}}]}",
 | |
|       "uiStateJSON": "{}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "Dionaea-Logs",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "c1ef91c0-7dc2-11e7-8268-ed048f6272e0",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Cowrie Attacks Bar",
 | |
|       "visState": "{\"title\":\"Cowrie Attacks Bar\",\"type\":\"histogram\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":false,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":false,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{\"text\":\"Cowrie\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"BottomAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"square root\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Attacks\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true},{\"show\":true,\"mode\":\"normal\",\"type\":\"histogram\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"3\",\"label\":\"Unique Src IPs\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"type\":\"histogram\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Attacks\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"type.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Cowrie\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"src_ip.keyword\",\"customLabel\":\"Unique Src IPs\"}}]}",
 | |
|       "uiStateJSON": "{}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "Cowrie-Logs",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "2cf90930-47d3-11e8-a905-f74bbc7cbd2d",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Heralding Attacks Bar",
 | |
|       "visState": "{\"title\":\"Heralding Attacks Bar\",\"type\":\"horizontal_bar\",\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":false,\"rotate\":90,\"filter\":false,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"square root\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Attacks\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true},{\"show\":true,\"mode\":\"normal\",\"type\":\"histogram\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"data\":{\"id\":\"2\",\"label\":\"Unique Src IPs\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Attacks\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"src_ip.keyword\",\"customLabel\":\"Unique Src IPs\"}}]}",
 | |
|       "uiStateJSON": "{}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "c2bea500-47ca-11e8-a905-f74bbc7cbd2d",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "cac48440-8b5f-11e7-b92d-d39e43e3de0f",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Mailoney - Attacker Src IP Reputation",
 | |
|       "visState": "{\"title\":\"Mailoney - Attacker Src IP Reputation\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"legendPosition\":\"right\",\"shareYAxis\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"ip_rep.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}",
 | |
|       "uiStateJSON": "{}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "9c35dd90-6977-11e7-9c11-8d9c11943fa0",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "a51e9ae0-6350-11e8-be86-73985bedf977",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Tanner - Attacker Src IP Reputation",
 | |
|       "visState": "{\"title\":\"Tanner - Attacker Src IP Reputation\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"legendPosition\":\"right\",\"shareYAxis\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"ip_rep.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}",
 | |
|       "uiStateJSON": "{}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "d800f130-633f-11e8-be86-73985bedf977",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "d77bbba0-4ad5-11e8-ab1b-fdef76c312f4",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Ciscoasa - Attacker Src IP Reputation",
 | |
|       "visState": "{\"title\":\"Ciscoasa - Attacker Src IP Reputation\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"ip_rep.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}",
 | |
|       "uiStateJSON": "{}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "2934abc0-4ad4-11e8-ab1b-fdef76c312f4",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "59b9dd60-827f-11e7-afbf-a7491fba5d8a",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "ElasticPot - Attacker Src IP Reputation",
 | |
|       "visState": "{\"title\":\"ElasticPot - Attacker Src IP Reputation\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"legendPosition\":\"right\",\"shareYAxis\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"ip_rep.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}",
 | |
|       "uiStateJSON": "{}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "ElasticPot-Logs",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "576a3cb0-82ae-11e7-bcbe-2b6958a9c888",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Honeytrap - Attacker Src IP Reputation",
 | |
|       "visState": "{\"title\":\"Honeytrap - Attacker Src IP Reputation\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"legendPosition\":\"right\",\"shareYAxis\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"ip_rep.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}",
 | |
|       "uiStateJSON": "{}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "Honeytrap-Logs",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "b1a7f8d0-859b-11e7-8f60-4f4666b0a88e",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Suricata - Attacker Src IP Reputation",
 | |
|       "visState": "{\"title\":\"Suricata - Attacker Src IP Reputation\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"legendPosition\":\"right\",\"shareYAxis\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"ip_rep.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}",
 | |
|       "uiStateJSON": "{}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "Suricata-Logs",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "cf8d0e40-80ea-11e7-a689-67e589a14a8a",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Dionaea - Attacker Src IP Reputation",
 | |
|       "visState": "{\"title\":\"Dionaea - Attacker Src IP Reputation\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"legendPosition\":\"right\",\"shareYAxis\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"ip_rep.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}",
 | |
|       "uiStateJSON": "{}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "Dionaea-Logs",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "bf39e000-80d5-11e7-ba6f-4542711dd148",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Cowrie - Attacker Src IP Reputation",
 | |
|       "visState": "{\"title\":\"Cowrie - Attacker Src IP Reputation\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"legendPosition\":\"right\",\"shareYAxis\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"ip_rep.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}",
 | |
|       "uiStateJSON": "{}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "Cowrie-Logs",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "59509e90-8590-11e7-a686-392ac617767d",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Glastopf - Attacker Src IP Reputation",
 | |
|       "visState": "{\"title\":\"Glastopf - Attacker Src IP Reputation\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"legendPosition\":\"right\",\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"ip_rep.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}",
 | |
|       "uiStateJSON": "{}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "Glastopf-Logs",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "ElasticPot-Events-Histogram",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "ElasticPot Attacks Histogram",
 | |
|       "visState": "{\"title\":\"ElasticPot Attacks Histogram\",\"type\":\"line\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Timestamp\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"right\",\"radiusRatio\":9,\"scale\":\"square root\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Attacks\"},\"drawLinesBetweenPoints\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"mode\":\"normal\",\"show\":\"true\",\"showCircles\":true,\"type\":\"line\",\"valueAxis\":\"ValueAxis-1\"},{\"data\":{\"id\":\"3\",\"label\":\"Unique Src IPs\"},\"drawLinesBetweenPoints\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"mode\":\"normal\",\"show\":true,\"showCircles\":true,\"type\":\"line\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"shareYAxis\":true,\"showCircles\":true,\"smoothLines\":false,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"square root\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"\"},\"type\":\"value\"}],\"yAxis\":{},\"type\":\"line\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Attacks\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\"Timestamp\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"src_ip.keyword\",\"customLabel\":\"Unique Src IPs\"}}]}",
 | |
|       "uiStateJSON": "{}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "ElasticPot-Logs",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "Glastopf-Events-Histogram",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Glastopf Attacks Histogram",
 | |
|       "visState": "{\"title\":\"Glastopf Attacks Histogram\",\"type\":\"line\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Timestamp\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"right\",\"radiusRatio\":9,\"scale\":\"square root\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Attacks\"},\"drawLinesBetweenPoints\":true,\"mode\":\"normal\",\"show\":\"true\",\"showCircles\":true,\"type\":\"line\",\"valueAxis\":\"ValueAxis-1\",\"interpolate\":\"linear\",\"lineWidth\":2},{\"data\":{\"id\":\"3\",\"label\":\"Unique Src IPs\"},\"drawLinesBetweenPoints\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"mode\":\"normal\",\"show\":true,\"showCircles\":true,\"type\":\"line\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"shareYAxis\":true,\"showCircles\":true,\"smoothLines\":false,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"square root\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"\"},\"type\":\"value\"}],\"yAxis\":{},\"type\":\"line\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Attacks\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\"Timestamp\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"src_ip.keyword\",\"customLabel\":\"Unique Src IPs\"}}]}",
 | |
|       "uiStateJSON": "{}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "Glastopf-Logs",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "Honeytrap-Events-Histogram",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Honeytrap Attacks Histogram",
 | |
|       "visState": "{\"title\":\"Honeytrap Attacks Histogram\",\"type\":\"line\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Timestamp\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"right\",\"radiusRatio\":9,\"scale\":\"square root\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Attacks\"},\"drawLinesBetweenPoints\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"mode\":\"normal\",\"show\":\"true\",\"showCircles\":true,\"type\":\"line\",\"valueAxis\":\"ValueAxis-1\"},{\"data\":{\"id\":\"2\",\"label\":\"Unique Src IPs\"},\"drawLinesBetweenPoints\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"mode\":\"normal\",\"show\":true,\"showCircles\":true,\"type\":\"line\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"shareYAxis\":true,\"showCircles\":true,\"smoothLines\":false,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"square root\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"\"},\"type\":\"value\"}],\"yAxis\":{},\"type\":\"line\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Attacks\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"src_ip.keyword\",\"customLabel\":\"Unique Src IPs\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\"Timestamp\"}}]}",
 | |
|       "uiStateJSON": "{}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "Honeytrap-Logs",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "f66b9200-e851-11e8-97df-bbc3de28ece0",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Glutton - Attacker Src IP Reputation",
 | |
|       "visState": "{\"title\":\"Glutton - Attacker Src IP Reputation\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"legendPosition\":\"right\",\"shareYAxis\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"ip_rep.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}",
 | |
|       "uiStateJSON": "{}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "385ea460-ad22-11e8-942c-a39712fa9ddf",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "099c23d0-e7fd-11e8-9ac4-13ecd4ad8d70",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Medpot - Attacker Src IP Reputation",
 | |
|       "visState": "{\"title\":\"Medpot - Attacker Src IP Reputation\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"legendPosition\":\"right\",\"shareYAxis\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"ip_rep.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}",
 | |
|       "uiStateJSON": "{}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "baa53b00-b597-11e8-9a34-d951cebce834",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "051c59e0-8b53-11e7-b92d-d39e43e3de0f",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Rdpy - Attacker Src IP Reputation",
 | |
|       "visState": "{\"title\":\"Rdpy - Attacker Src IP Reputation\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"legendPosition\":\"right\",\"shareYAxis\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"ip_rep.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}",
 | |
|       "uiStateJSON": "{}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "aa750980-8ab5-11e7-8fef-33e989079c7d",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "eca8e580-4877-11e8-9b3d-f36e8d4f5cb2",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Heralding - Attacker Src IP Reputation",
 | |
|       "visState": "{\"title\":\"Heralding - Attacker Src IP Reputation\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"ip_rep.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}",
 | |
|       "uiStateJSON": "{}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "c2bea500-47ca-11e8-a905-f74bbc7cbd2d",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "ffb284f0-80cd-11e7-ab37-eb92b1bfb573",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Conpot - Attacker Src IP Reputation",
 | |
|       "visState": "{\"title\":\"Conpot - Attacker Src IP Reputation\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"shareYAxis\":true,\"type\":\"pie\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"ip_rep.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}",
 | |
|       "uiStateJSON": "{}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "ConPot-Logs",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[]}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "349c11c0-7ea0-11e7-a286-9f03beba6417",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Attacker Src IP Reputation",
 | |
|       "visState": "{\"title\":\"Attacker Src IP Reputation\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"ip_rep.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}",
 | |
|       "uiStateJSON": "{}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "Honeypot-Logs",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "63672eb0-8b5f-11e7-b92d-d39e43e3de0f",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Mailoney Attacks Histogram",
 | |
|       "visState": "{\"title\":\"Mailoney Attacks Histogram\",\"type\":\"line\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"filter\":true,\"rotate\":0,\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Timestamp\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"right\",\"radiusRatio\":9,\"scale\":\"square root\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Attacks\"},\"drawLinesBetweenPoints\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"mode\":\"normal\",\"show\":true,\"showCircles\":true,\"type\":\"line\",\"valueAxis\":\"ValueAxis-1\"},{\"data\":{\"id\":\"3\",\"label\":\"Unique Src IPs\"},\"drawLinesBetweenPoints\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"mode\":\"normal\",\"show\":true,\"showCircles\":true,\"type\":\"line\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"shareYAxis\":true,\"showCircles\":true,\"smoothLines\":false,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"square root\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"\"},\"type\":\"value\"}],\"yAxis\":{},\"type\":\"line\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Attacks\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"src_ip.keyword\",\"customLabel\":\"Unique Src IPs\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\"Timestamp\"}}]}",
 | |
|       "uiStateJSON": "{\"vis\":{\"legendOpen\":true}}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "9c35dd90-6977-11e7-9c11-8d9c11943fa0",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "c90f1f00-8b52-11e7-b92d-d39e43e3de0f",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Rdpy Attacks Histogram",
 | |
|       "visState": "{\"title\":\"Rdpy Attacks Histogram\",\"type\":\"line\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"filter\":true,\"rotate\":0,\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Timestamp\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"right\",\"radiusRatio\":9,\"scale\":\"square root\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Attacks\"},\"drawLinesBetweenPoints\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"mode\":\"normal\",\"show\":true,\"showCircles\":true,\"type\":\"line\",\"valueAxis\":\"ValueAxis-1\"},{\"data\":{\"id\":\"3\",\"label\":\"Unique Src IPs\"},\"drawLinesBetweenPoints\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"mode\":\"normal\",\"show\":true,\"showCircles\":true,\"type\":\"line\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"shareYAxis\":true,\"showCircles\":true,\"smoothLines\":false,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"square root\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"\"},\"type\":\"value\"}],\"yAxis\":{},\"type\":\"line\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Attacks\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"src_ip.keyword\",\"customLabel\":\"Unique Src IPs\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\"Timestamp\"}}]}",
 | |
|       "uiStateJSON": "{\"vis\":{\"legendOpen\":true}}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "aa750980-8ab5-11e7-8fef-33e989079c7d",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "77bf1310-634e-11e8-be86-73985bedf977",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Tanner Attacks Histogram",
 | |
|       "visState": "{\"title\":\"Tanner Attacks Histogram\",\"type\":\"line\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"filter\":true,\"rotate\":0,\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Timestamp\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"right\",\"radiusRatio\":9,\"scale\":\"square root\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Attacks\"},\"drawLinesBetweenPoints\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"mode\":\"normal\",\"show\":true,\"showCircles\":true,\"type\":\"line\",\"valueAxis\":\"ValueAxis-1\"},{\"data\":{\"id\":\"3\",\"label\":\"Unique Src IPs\"},\"drawLinesBetweenPoints\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"mode\":\"normal\",\"show\":true,\"showCircles\":true,\"type\":\"line\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"shareYAxis\":true,\"showCircles\":true,\"smoothLines\":false,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"square root\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"\"},\"type\":\"value\"}],\"yAxis\":{},\"type\":\"line\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Attacks\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"src_ip.keyword\",\"customLabel\":\"Unique Src IPs\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\"Timestamp\"}}]}",
 | |
|       "uiStateJSON": "{\"vis\":{\"legendOpen\":true}}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "d800f130-633f-11e8-be86-73985bedf977",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "8a455850-4ad5-11e8-ab1b-fdef76c312f4",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Ciscoasa Attacks Histogram",
 | |
|       "visState": "{\"title\":\"Ciscoasa Attacks Histogram\",\"type\":\"line\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{},\"type\":\"category\"}],\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"},\"valueAxis\":null},\"legendPosition\":\"right\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Attacks\"},\"drawLinesBetweenPoints\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"mode\":\"normal\",\"show\":\"true\",\"showCircles\":true,\"type\":\"line\",\"valueAxis\":\"ValueAxis-1\"},{\"data\":{\"id\":\"2\",\"label\":\"Unique Src IPs\"},\"drawLinesBetweenPoints\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"mode\":\"normal\",\"show\":true,\"showCircles\":true,\"type\":\"line\",\"valueAxis\":\"ValueAxis-1\"}],\"times\":[],\"type\":\"line\",\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"square root\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"\"},\"type\":\"value\"}]},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Attacks\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"src_ip.keyword\",\"customLabel\":\"Unique Src IPs\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\"Timestamp\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"filters\",\"schema\":\"group\",\"params\":{\"filters\":[{\"input\":{\"query\":\"*\"},\"label\":\"All\"},{\"input\":{\"query\":\"src_port:*\"},\"label\":\"Exploit\"}]}}]}",
 | |
|       "uiStateJSON": "{}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "2934abc0-4ad4-11e8-ab1b-fdef76c312f4",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":\"\"}}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "554c9550-e7fb-11e8-9ac4-13ecd4ad8d70",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Medpot Attacks Histogram",
 | |
|       "visState": "{\"title\":\"Medpot Attacks Histogram\",\"type\":\"line\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Timestamp\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"right\",\"radiusRatio\":9,\"scale\":\"square root\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Attacks\"},\"drawLinesBetweenPoints\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"mode\":\"normal\",\"show\":\"true\",\"showCircles\":true,\"type\":\"line\",\"valueAxis\":\"ValueAxis-1\"},{\"data\":{\"id\":\"3\",\"label\":\"Unique Src IPs\"},\"drawLinesBetweenPoints\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"mode\":\"normal\",\"show\":true,\"showCircles\":true,\"type\":\"line\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"shareYAxis\":true,\"showCircles\":true,\"smoothLines\":false,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"square root\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"\"},\"type\":\"value\"}],\"yAxis\":{},\"type\":\"line\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Attacks\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\"Timestamp\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"src_ip.keyword\",\"customLabel\":\"Unique Src IPs\"}}]}",
 | |
|       "uiStateJSON": "{}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "baa53b00-b597-11e8-9a34-d951cebce834",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "Cowrie-Events-Histogram",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Cowrie Attacks Histogram",
 | |
|       "visState": "{\"title\":\"Cowrie Attacks Histogram\",\"type\":\"line\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"filter\":true,\"rotate\":0,\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Timestamp\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"right\",\"radiusRatio\":9,\"scale\":\"square root\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Attacks\"},\"drawLinesBetweenPoints\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"mode\":\"normal\",\"show\":true,\"showCircles\":true,\"type\":\"line\",\"valueAxis\":\"ValueAxis-1\"},{\"data\":{\"id\":\"3\",\"label\":\"Unique Src IPs\"},\"drawLinesBetweenPoints\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"mode\":\"normal\",\"show\":true,\"showCircles\":true,\"type\":\"line\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"shareYAxis\":true,\"showCircles\":true,\"smoothLines\":false,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"square root\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"\"},\"type\":\"value\"}],\"yAxis\":{},\"type\":\"line\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Attacks\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"src_ip.keyword\",\"customLabel\":\"Unique Src IPs\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\"Timestamp\"}}]}",
 | |
|       "uiStateJSON": "{\"vis\":{\"legendOpen\":true}}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "Cowrie-Logs",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "Dionaea-Events-Histogram",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Dionaea Attacks Histogram",
 | |
|       "visState": "{\"title\":\"Dionaea Attacks Histogram\",\"type\":\"line\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Timestamp\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"right\",\"radiusRatio\":9,\"scale\":\"square root\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Attacks\"},\"drawLinesBetweenPoints\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"mode\":\"normal\",\"show\":true,\"showCircles\":true,\"type\":\"line\",\"valueAxis\":\"ValueAxis-1\"},{\"data\":{\"id\":\"3\",\"label\":\"Unique Src IPs\"},\"drawLinesBetweenPoints\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"mode\":\"normal\",\"show\":true,\"showCircles\":true,\"type\":\"line\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"shareYAxis\":true,\"showCircles\":true,\"smoothLines\":false,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"square root\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"\"},\"type\":\"value\"}],\"yAxis\":{},\"type\":\"line\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Attacks\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\"Timestamp\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"src_ip.keyword\",\"customLabel\":\"Unique Src IPs\"}}]}",
 | |
|       "uiStateJSON": "{}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "Dionaea-Logs",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "ConPot-Events-Histogram",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Conpot Attacks Histogram",
 | |
|       "visState": "{\"title\":\"Conpot Attacks Histogram\",\"type\":\"line\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Timestamp\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"right\",\"radiusRatio\":9,\"scale\":\"square root\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Attacks\"},\"drawLinesBetweenPoints\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"mode\":\"normal\",\"show\":\"true\",\"showCircles\":true,\"type\":\"line\",\"valueAxis\":\"ValueAxis-1\"},{\"data\":{\"id\":\"3\",\"label\":\"Unique Src IPs\"},\"drawLinesBetweenPoints\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"mode\":\"normal\",\"show\":true,\"showCircles\":true,\"type\":\"line\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"shareYAxis\":true,\"showCircles\":true,\"smoothLines\":false,\"times\":[],\"type\":\"line\",\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"square root\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"\"},\"type\":\"value\"}],\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Attacks\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\"Timestamp\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"src_ip.keyword\",\"customLabel\":\"Unique Src IPs\"}}]}",
 | |
|       "uiStateJSON": "{}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "ConPot-Logs",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[]}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "d3bb9bd0-4863-11e8-9b3d-f36e8d4f5cb2",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Heralding Attacks Histogram",
 | |
|       "visState": "{\"title\":\"Heralding Attacks Histogram\",\"type\":\"line\",\"params\":{\"type\":\"line\",\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"},\"valueAxis\":null},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100,\"filter\":false},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"square root\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"line\",\"mode\":\"normal\",\"data\":{\"label\":\"Attacks\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2},{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"2\",\"label\":\"Unique Src IPs\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Attacks\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"src_ip.keyword\",\"customLabel\":\"Unique Src IPs\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\"Timestamp\"}}]}",
 | |
|       "uiStateJSON": "{}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "c2bea500-47ca-11e8-a905-f74bbc7cbd2d",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "50aa1940-e851-11e8-97df-bbc3de28ece0",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Glutton Attacks Histogram",
 | |
|       "visState": "{\"title\":\"Glutton Attacks Histogram\",\"type\":\"line\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Timestamp\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"right\",\"radiusRatio\":9,\"scale\":\"square root\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Attacks\"},\"drawLinesBetweenPoints\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"mode\":\"normal\",\"show\":\"true\",\"showCircles\":true,\"type\":\"line\",\"valueAxis\":\"ValueAxis-1\"},{\"data\":{\"id\":\"2\",\"label\":\"Unique Src IPs\"},\"drawLinesBetweenPoints\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"mode\":\"normal\",\"show\":true,\"showCircles\":true,\"type\":\"line\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"shareYAxis\":true,\"showCircles\":true,\"smoothLines\":false,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"square root\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"\"},\"type\":\"value\"}],\"yAxis\":{},\"type\":\"line\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Attacks\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"src_ip.keyword\",\"customLabel\":\"Unique Src IPs\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\"Timestamp\"}}]}",
 | |
|       "uiStateJSON": "{}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "385ea460-ad22-11e8-942c-a39712fa9ddf",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "d2405e70-8b5e-11e7-ba35-0d8832ac304f",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Mailoney - Attacks by Country",
 | |
|       "visState": "{\"title\":\"Mailoney - Attacks by Country\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":true,\"legendPosition\":\"right\",\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"geoip.country_name.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}",
 | |
|       "uiStateJSON": "{}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "9c35dd90-6977-11e7-9c11-8d9c11943fa0",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "51c331f0-8b54-11e7-b92d-d39e43e3de0f",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Rdpy - Attacks by Country",
 | |
|       "visState": "{\"title\":\"Rdpy - Attacks by Country\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":true,\"legendPosition\":\"right\",\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"geoip.country_name.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}",
 | |
|       "uiStateJSON": "{}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "aa750980-8ab5-11e7-8fef-33e989079c7d",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "d968d5e0-6350-11e8-be86-73985bedf977",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Tanner - Attacks by Country",
 | |
|       "visState": "{\"title\":\"Tanner - Attacks by Country\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":true,\"legendPosition\":\"right\",\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"geoip.country_name.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}",
 | |
|       "uiStateJSON": "{}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "d800f130-633f-11e8-be86-73985bedf977",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "e1969e20-4878-11e8-9b3d-f36e8d4f5cb2",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Heralding - Attacks by Country",
 | |
|       "visState": "{\"title\":\"Heralding - Attacks by Country\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"geoip.country_name.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}",
 | |
|       "uiStateJSON": "{}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "c2bea500-47ca-11e8-a905-f74bbc7cbd2d",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "ElasticPot-Countries-Top-10",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "ElasticPot - Attacks by Country",
 | |
|       "visState": "{\"title\":\"ElasticPot - Attacks by Country\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":true,\"legendPosition\":\"right\",\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"geoip.country_name.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}",
 | |
|       "uiStateJSON": "{}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "ElasticPot-Logs",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "Dionaea-Countries-Top-10",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Dionaea - Attacks by Country",
 | |
|       "visState": "{\"title\":\"Dionaea - Attacks by Country\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":true,\"legendPosition\":\"right\",\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"geoip.country_name.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}",
 | |
|       "uiStateJSON": "{}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "Dionaea-Logs",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "ConPot-Countries-Top-10",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Conpot - Attacks by Country",
 | |
|       "visState": "{\"title\":\"Conpot - Attacks by Country\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":true,\"legendPosition\":\"right\",\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"geoip.country_name.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}",
 | |
|       "uiStateJSON": "{}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "ConPot-Logs",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "Cowrie-Countries-Top-10",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Cowrie - Attacks by Country",
 | |
|       "visState": "{\"title\":\"Cowrie - Attacks by Country\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":true,\"legendPosition\":\"right\",\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"geoip.country_name.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}",
 | |
|       "uiStateJSON": "{}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "Cowrie-Logs",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "88d899e0-8b5f-11e7-b92d-d39e43e3de0f",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Mailoney - Attacks by Country Histogram",
 | |
|       "visState": "{\"title\":\"Mailoney - Attacks by Country Histogram\",\"type\":\"area\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"filter\":true,\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Timestamp\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"right\",\"radiusRatio\":9,\"scale\":\"square root\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Events\"},\"drawLinesBetweenPoints\":true,\"interpolate\":\"linear\",\"mode\":\"normal\",\"show\":\"true\",\"showCircles\":true,\"type\":\"area\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"shareYAxis\":true,\"showCircles\":true,\"smoothLines\":false,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"square root\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"\"},\"type\":\"value\"}],\"yAxis\":{},\"type\":\"area\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Events\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"geoip.country_name.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\"Timestamp\"}}]}",
 | |
|       "uiStateJSON": "{}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "9c35dd90-6977-11e7-9c11-8d9c11943fa0",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "0464b030-e852-11e8-97df-bbc3de28ece0",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Glutton - Attacks by Country",
 | |
|       "visState": "{\"title\":\"Glutton - Attacks by Country\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":true,\"legendPosition\":\"right\",\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"geoip.country_name.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}",
 | |
|       "uiStateJSON": "{}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "385ea460-ad22-11e8-942c-a39712fa9ddf",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "15b696f0-e7fd-11e8-9ac4-13ecd4ad8d70",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Medpot - Attacks by Country",
 | |
|       "visState": "{\"title\":\"Medpot - Attacks by Country\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":true,\"legendPosition\":\"right\",\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"geoip.country_name.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}",
 | |
|       "uiStateJSON": "{}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "baa53b00-b597-11e8-9a34-d951cebce834",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "fe02b580-4ad5-11e8-ab1b-fdef76c312f4",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Ciscoasa - Attacks by Country",
 | |
|       "visState": "{\"title\":\"Ciscoasa - Attacks by Country\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"geoip.country_name.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}",
 | |
|       "uiStateJSON": "{}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "2934abc0-4ad4-11e8-ab1b-fdef76c312f4",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "Honeytrap-Countries-Top-10",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Honeytrap - Attacks by Country",
 | |
|       "visState": "{\"title\":\"Honeytrap - Attacks by Country\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":true,\"legendPosition\":\"right\",\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"geoip.country_name.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}",
 | |
|       "uiStateJSON": "{}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "Honeytrap-Logs",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "Glastopf-Countries-Top-10",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Glastopf - Attacks by Country",
 | |
|       "visState": "{\"title\":\"Glastopf - Attacks by Country\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":true,\"legendPosition\":\"right\",\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"geoip.country_name.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}",
 | |
|       "uiStateJSON": "{}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "Glastopf-Logs",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "e055e240-e851-11e8-97df-bbc3de28ece0",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Glutton - Attacks by Country Histogram",
 | |
|       "visState": "{\"title\":\"Glutton - Attacks by Country Histogram\",\"type\":\"area\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Timestamp\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"right\",\"radiusRatio\":9,\"scale\":\"square root\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Attacks\"},\"drawLinesBetweenPoints\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"mode\":\"normal\",\"show\":\"true\",\"showCircles\":true,\"type\":\"area\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"shareYAxis\":true,\"showCircles\":true,\"smoothLines\":false,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"square root\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"\"},\"type\":\"value\"}],\"yAxis\":{},\"type\":\"area\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Attacks\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"geoip.country_name.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\"Timestamp\"}}]}",
 | |
|       "uiStateJSON": "{}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "385ea460-ad22-11e8-942c-a39712fa9ddf",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "490b4e60-e7fd-11e8-9ac4-13ecd4ad8d70",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Medpot - Attacks by Country Histogram",
 | |
|       "visState": "{\"title\":\"Medpot - Attacks by Country Histogram\",\"type\":\"area\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Timestamp\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"right\",\"radiusRatio\":9,\"scale\":\"square root\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Attacks\"},\"drawLinesBetweenPoints\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"mode\":\"normal\",\"show\":\"true\",\"showCircles\":true,\"type\":\"area\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"shareYAxis\":true,\"showCircles\":true,\"smoothLines\":false,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"square root\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Attacks\"},\"type\":\"value\"}],\"yAxis\":{},\"type\":\"area\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Attacks\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"geoip.country_name.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\"Timestamp\"}}]}",
 | |
|       "uiStateJSON": "{}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "baa53b00-b597-11e8-9a34-d951cebce834",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "6ee57da0-634f-11e8-be86-73985bedf977",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Tanner - Attacks by Country Histogram",
 | |
|       "visState": "{\"title\":\"Tanner - Attacks by Country Histogram\",\"type\":\"area\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"filter\":true,\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Timestamp\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"right\",\"radiusRatio\":9,\"scale\":\"square root\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Attacks\"},\"drawLinesBetweenPoints\":true,\"mode\":\"normal\",\"show\":\"true\",\"showCircles\":true,\"type\":\"area\",\"valueAxis\":\"ValueAxis-1\",\"interpolate\":\"linear\",\"lineWidth\":2}],\"setYExtents\":false,\"shareYAxis\":true,\"showCircles\":true,\"smoothLines\":false,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"square root\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"\"},\"type\":\"value\"}],\"yAxis\":{},\"type\":\"area\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Attacks\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"geoip.country_name.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\"Timestamp\"}}]}",
 | |
|       "uiStateJSON": "{}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "d800f130-633f-11e8-be86-73985bedf977",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "da489b20-8b52-11e7-b92d-d39e43e3de0f",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Rdpy - Attacks by Country Histogram",
 | |
|       "visState": "{\"title\":\"Rdpy - Attacks by Country Histogram\",\"type\":\"area\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"filter\":true,\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Timestamp\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"right\",\"radiusRatio\":9,\"scale\":\"square root\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Attacks\"},\"drawLinesBetweenPoints\":true,\"interpolate\":\"linear\",\"mode\":\"normal\",\"show\":\"true\",\"showCircles\":true,\"type\":\"area\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"shareYAxis\":true,\"showCircles\":true,\"smoothLines\":false,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"square root\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"\"},\"type\":\"value\"}],\"yAxis\":{},\"type\":\"area\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Attacks\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"geoip.country_name.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\"Timestamp\"}}]}",
 | |
|       "uiStateJSON": "{}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "aa750980-8ab5-11e7-8fef-33e989079c7d",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "ElasticPot-Events-by-Country-Histogram",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "ElasticPot - Attacks by Country Histogram",
 | |
|       "visState": "{\"title\":\"ElasticPot - Attacks by Country Histogram\",\"type\":\"area\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Timestamp\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"right\",\"radiusRatio\":9,\"scale\":\"square root\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Attacks\"},\"drawLinesBetweenPoints\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"mode\":\"normal\",\"show\":\"true\",\"showCircles\":true,\"type\":\"area\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"shareYAxis\":true,\"showCircles\":true,\"smoothLines\":false,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"square root\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"\"},\"type\":\"value\"}],\"yAxis\":{},\"type\":\"area\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Attacks\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"geoip.country_name.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\"Timestamp\"}}]}",
 | |
|       "uiStateJSON": "{}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "ElasticPot-Logs",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "ConPot-Events-by-Country-Histogram",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Conpot - Attacks by Country Histogram",
 | |
|       "visState": "{\"title\":\"Conpot - Attacks by Country Histogram\",\"type\":\"area\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Timestamp\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"right\",\"radiusRatio\":9,\"scale\":\"square root\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Attacks\"},\"drawLinesBetweenPoints\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"mode\":\"normal\",\"show\":\"true\",\"showCircles\":true,\"type\":\"area\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"shareYAxis\":true,\"showCircles\":true,\"smoothLines\":false,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"square root\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"\"},\"type\":\"value\"}],\"yAxis\":{},\"type\":\"area\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Attacks\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"geoip.country_name.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\"Timestamp\"}}]}",
 | |
|       "uiStateJSON": "{}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "ConPot-Logs",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "Cowrie-Events-by-Country-Histogram",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Cowrie - Attacks by Country Histogram",
 | |
|       "visState": "{\"title\":\"Cowrie - Attacks by Country Histogram\",\"type\":\"area\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"filter\":true,\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Timestamp\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"right\",\"radiusRatio\":9,\"scale\":\"square root\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Attacks\"},\"drawLinesBetweenPoints\":true,\"mode\":\"normal\",\"show\":\"true\",\"showCircles\":true,\"type\":\"area\",\"valueAxis\":\"ValueAxis-1\",\"interpolate\":\"linear\",\"lineWidth\":2}],\"setYExtents\":false,\"shareYAxis\":true,\"showCircles\":true,\"smoothLines\":false,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"square root\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"\"},\"type\":\"value\"}],\"yAxis\":{},\"type\":\"area\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Attacks\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"geoip.country_name.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\"Timestamp\"}}]}",
 | |
|       "uiStateJSON": "{}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "Cowrie-Logs",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "d0dbe890-4870-11e8-9b3d-f36e8d4f5cb2",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Heralding - Attacks by Country Histogram",
 | |
|       "visState": "{\"title\":\"Heralding - Attacks by Country Histogram\",\"type\":\"area\",\"params\":{\"type\":\"area\",\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"square root\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"area\",\"mode\":\"normal\",\"data\":{\"label\":\"Attacks\",\"id\":\"1\"},\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Attacks\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"geoip.country_name.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\"Timestamp\"}}]}",
 | |
|       "uiStateJSON": "{}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "c2bea500-47ca-11e8-a905-f74bbc7cbd2d",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "a72ec5f0-4ad5-11e8-ab1b-fdef76c312f4",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Ciscoasa - Attacks by Country Histogram",
 | |
|       "visState": "{\"title\":\"Ciscoasa - Attacks by Country Histogram\",\"type\":\"area\",\"params\":{\"type\":\"area\",\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"square root\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"area\",\"mode\":\"normal\",\"data\":{\"label\":\"Attacks\",\"id\":\"1\"},\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Attacks\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"geoip.country_name.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\"Timestamp\"}}]}",
 | |
|       "uiStateJSON": "{}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "2934abc0-4ad4-11e8-ab1b-fdef76c312f4",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "Honeytrap-Events-by-Country-Histogram",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Honeytrap - Attacks by Country Histogram",
 | |
|       "visState": "{\"title\":\"Honeytrap - Attacks by Country Histogram\",\"type\":\"area\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Timestamp\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"right\",\"radiusRatio\":9,\"scale\":\"square root\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Attacks\"},\"drawLinesBetweenPoints\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"mode\":\"normal\",\"show\":\"true\",\"showCircles\":true,\"type\":\"area\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"shareYAxis\":true,\"showCircles\":true,\"smoothLines\":false,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"square root\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"\"},\"type\":\"value\"}],\"yAxis\":{},\"type\":\"area\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Attacks\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"geoip.country_name.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\"Timestamp\"}}]}",
 | |
|       "uiStateJSON": "{}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "Honeytrap-Logs",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "Glastopf-Events-by-Country-Histogram",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Glastopf - Attacks by Country Histogram",
 | |
|       "visState": "{\"title\":\"Glastopf - Attacks by Country Histogram\",\"type\":\"area\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Timestamp\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"right\",\"radiusRatio\":9,\"scale\":\"square root\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Attacks\"},\"drawLinesBetweenPoints\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"mode\":\"normal\",\"show\":\"true\",\"showCircles\":true,\"type\":\"area\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"shareYAxis\":true,\"showCircles\":true,\"smoothLines\":false,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"square root\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"\"},\"type\":\"value\"}],\"yAxis\":{},\"type\":\"area\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Attacks\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"geoip.country_name.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\"Timestamp\"}}]}",
 | |
|       "uiStateJSON": "{}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "Glastopf-Logs",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "Dionaea-Events-by-Country-Histogram",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Dionaea - Attacks by Country Histogram",
 | |
|       "visState": "{\"title\":\"Dionaea - Attacks by Country Histogram\",\"type\":\"area\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Timestamp\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"right\",\"radiusRatio\":9,\"scale\":\"square root\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Attacks\"},\"drawLinesBetweenPoints\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"mode\":\"normal\",\"show\":\"true\",\"showCircles\":true,\"type\":\"area\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"shareYAxis\":true,\"showCircles\":true,\"smoothLines\":false,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"square root\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"\"},\"type\":\"value\"}],\"yAxis\":{},\"type\":\"area\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Attacks\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"geoip.country_name.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\"Timestamp\"}}]}",
 | |
|       "uiStateJSON": "{}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "Dionaea-Logs",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "2a543aa0-4ad6-11e8-ab1b-fdef76c312f4",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Ciscoasa - Attacker Src IP - Top 10",
 | |
|       "visState": "{\"title\":\"Ciscoasa - Attacker Src IP - Top 10\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"CNT\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"src_ip.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"}}]}",
 | |
|       "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "2934abc0-4ad4-11e8-ab1b-fdef76c312f4",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "082111a0-80cf-11e7-ab37-eb92b1bfb573",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Conpot - Attacker Src IP - Top 10",
 | |
|       "visState": "{\"title\":\"Conpot - Attacker Src IP - Top 10\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"CNT\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"src_ip.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"}}]}",
 | |
|       "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "ConPot-Logs",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "ElasticPot-Source-IP-Top-10",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "ElasticPot - Attacker Src IP - Top 10",
 | |
|       "visState": "{\"title\":\"ElasticPot - Attacker Src IP - Top 10\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"CNT\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"src_ip.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"}}]}",
 | |
|       "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "ElasticPot-Logs",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "Honeytrap-Source-IP-Top-10",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Honeytrap - Attacker Src IP - Top 10",
 | |
|       "visState": "{\"title\":\"Honeytrap - Attacker Src IP - Top 10\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"CNT\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"src_ip.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"}}]}",
 | |
|       "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "Honeytrap-Logs",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "Glastop-Source-IP-Top-10",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Glastopf - Attacker Src IP - Top 10",
 | |
|       "visState": "{\"title\":\"Glastopf - Attacker Src IP - Top 10\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"CNT\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"src_ip.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"}}]}",
 | |
|       "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "Glastopf-Logs",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "Dionaea-Source-IP-Top-10",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Dionaea - Attacker Src IP - Top 10",
 | |
|       "visState": "{\"title\":\"Dionaea - Attacker Src IP - Top 10\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"CNT\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"src_ip.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"}}]}",
 | |
|       "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "Dionaea-Logs",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "21ad1c80-488a-11e8-9b3d-f36e8d4f5cb2",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Heralding - Attacker AS/N - Top 10",
 | |
|       "visState": "{\"title\":\"Heralding - Attacker AS/N - Top 10\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"CNT\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"geoip.asn\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"AS\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"geoip.as_org.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"ASN\"}}]}",
 | |
|       "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "c2bea500-47ca-11e8-a905-f74bbc7cbd2d",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "844f33f0-488a-11e8-9b3d-f36e8d4f5cb2",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Heralding - Attacker Src IP - Top 10",
 | |
|       "visState": "{\"title\":\"Heralding - Attacker Src IP - Top 10\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"CNT\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"src_ip.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"}}]}",
 | |
|       "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "c2bea500-47ca-11e8-a905-f74bbc7cbd2d",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "ba9d6280-8b5f-11e7-b92d-d39e43e3de0f",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Mailoney - Attacker Src IP - Top 10",
 | |
|       "visState": "{\"title\":\"Mailoney - Attacker Src IP - Top 10\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"CNT\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"src_ip.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"}}]}",
 | |
|       "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "9c35dd90-6977-11e7-9c11-8d9c11943fa0",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "41d04290-e852-11e8-97df-bbc3de28ece0",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Glutton - Attacker Src IP - Top 10",
 | |
|       "visState": "{\"title\":\"Glutton - Attacker Src IP - Top 10\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"CNT\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"src_ip.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"}}]}",
 | |
|       "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "385ea460-ad22-11e8-942c-a39712fa9ddf",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "e3f00420-e7fd-11e8-9ac4-13ecd4ad8d70",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Medpot - Attacker Src IP - Top 10",
 | |
|       "visState": "{\"title\":\"Medpot - Attacker Src IP - Top 10\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"CNT\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"src_ip.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"}}]}",
 | |
|       "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "baa53b00-b597-11e8-9a34-d951cebce834",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "874be060-8b54-11e7-b92d-d39e43e3de0f",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Rdpy - Attacker Src IP - Top 10",
 | |
|       "visState": "{\"title\":\"Rdpy - Attacker Src IP - Top 10\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"CNT\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"src_ip.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"}}]}",
 | |
|       "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "aa750980-8ab5-11e7-8fef-33e989079c7d",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "Cowrie-Source-IP-Top-10",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Tanner - Attacker Src IP - Top 10",
 | |
|       "visState": "{\"title\":\"Tanner - Attacker Src IP - Top 10\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"CNT\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"src_ip.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"}}]}",
 | |
|       "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "d800f130-633f-11e8-be86-73985bedf977",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "48d3dad0-e725-11e8-b4a6-215b0b97c069",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Cowrie - Attacker Src IP - Top 10",
 | |
|       "visState": "{\"title\":\"Cowrie - Attacker Src IP - Top 10\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"CNT\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"src_ip.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"}}]}",
 | |
|       "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "Cowrie-Logs",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "ad6dcb50-8b5e-11e7-ba35-0d8832ac304f",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Mailoney - Attacker AS/N - Top 10",
 | |
|       "visState": "{\"title\":\"Mailoney - Attacker AS/N - Top 10\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"CNT\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"geoip.asn\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"AS\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"geoip.as_org.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"ASN\"}}]}",
 | |
|       "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "9c35dd90-6977-11e7-9c11-8d9c11943fa0",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "21c65b10-e852-11e8-97df-bbc3de28ece0",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Glutton - Attacker AS/N - Top 10",
 | |
|       "visState": "{\"title\":\"Glutton - Attacker AS/N - Top 10\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"CNT\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"geoip.asn\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"AS\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"geoip.as_org.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"ASN\"}}]}",
 | |
|       "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "385ea460-ad22-11e8-942c-a39712fa9ddf",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "5b69e990-e7fd-11e8-9ac4-13ecd4ad8d70",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Medpot - Attacker AS/N - Top 10",
 | |
|       "visState": "{\"title\":\"Medpot - Attacker AS/N - Top 10\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"CNT\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"geoip.asn\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"AS\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"geoip.as_org.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"ASN\"}}]}",
 | |
|       "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "baa53b00-b597-11e8-9a34-d951cebce834",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "73364660-8b54-11e7-b92d-d39e43e3de0f",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Rdpy - Attacker AS/N - Top 10",
 | |
|       "visState": "{\"title\":\"Rdpy - Attacker AS/N - Top 10\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"CNT\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"geoip.asn\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"AS\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"geoip.as_org.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"ASN\"}}]}",
 | |
|       "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "aa750980-8ab5-11e7-8fef-33e989079c7d",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "ElasticPot-ASN-Top-10",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "ElasticPot - Attacker AS/N - Top 10",
 | |
|       "visState": "{\"title\":\"ElasticPot - Attacker AS/N - Top 10\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"CNT\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"geoip.asn\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"AS\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"geoip.as_org.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"ASN\"}}]}",
 | |
|       "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "ElasticPot-Logs",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "Honeytrap-ASN-Top-10",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Honeytrap - Attacker AS/N - Top 10",
 | |
|       "visState": "{\"title\":\"Honeytrap - Attacker AS/N - Top 10\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"CNT\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"geoip.asn\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"AS\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"geoip.as_org.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"ASN\"}}]}",
 | |
|       "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "Honeytrap-Logs",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "Glastopf-ASN-Top-10",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Glastopf - Attacker AS/N - Top 10",
 | |
|       "visState": "{\"title\":\"Glastopf - Attacker AS/N - Top 10\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"CNT\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"geoip.asn\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"AS\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"geoip.as_org.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"ASN\"}}]}",
 | |
|       "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "Glastopf-Logs",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "ConPot-ASN-Top-10",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Conpot - Attacker AS/N - Top 10",
 | |
|       "visState": "{\"title\":\"Conpot - Attacker AS/N - Top 10\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"CNT\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"geoip.asn\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"AS\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"geoip.as_org.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"ASN\"}}]}",
 | |
|       "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "ConPot-Logs",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "Cowrie-ASN-Top-10",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Cowrie - Attacker AS/N - Top 10",
 | |
|       "visState": "{\"title\":\"Cowrie - Attacker AS/N - Top 10\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"CNT\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"geoip.asn\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"AS\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"geoip.as_org.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"ASN\"}}]}",
 | |
|       "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "Cowrie-Logs",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "a427e6c0-e521-11e8-8a75-d5f374dbaebe",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Conpot - Attacks by Destination Ports Histogram",
 | |
|       "visState": "{\"title\":\"Conpot - Attacks by Destination Ports Histogram\",\"type\":\"area\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 30 seconds\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"square root\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"area\",\"mode\":\"normal\",\"data\":{\"label\":\"Attacks\",\"id\":\"1\"},\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"step-after\",\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"type\":\"area\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Attacks\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"dest_port\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\"Timestamp\"}}]}",
 | |
|       "uiStateJSON": "{}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "ConPot-Logs",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "2a6803f0-80e7-11e7-a689-67e589a14a8a",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Cowrie - Attacks by Destination Ports Histogram",
 | |
|       "visState": "{\"title\":\"Cowrie - Attacks by Destination Ports Histogram\",\"type\":\"area\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"@timestamp per 30 seconds\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"square root\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"area\",\"mode\":\"normal\",\"data\":{\"label\":\"Attacks\",\"id\":\"1\"},\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"step-after\",\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"type\":\"area\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Attacks\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"dest_port\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\"Timestamp\"}}]}",
 | |
|       "uiStateJSON": "{}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "Cowrie-Logs",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "f28b8c60-80e4-11e7-ba6f-4542711dd148",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Cowrie - Attacks by Destination Ports Histogram Incoming",
 | |
|       "visState": "{\"title\":\"Cowrie - Attacks by Destination Ports Histogram Incoming\",\"type\":\"area\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"Timestamp\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"square root\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"area\",\"mode\":\"normal\",\"data\":{\"label\":\"Attacks\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"step-after\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"type\":\"area\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Attacks\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"filters\",\"schema\":\"group\",\"params\":{\"filters\":[{\"input\":{\"query\":\"dest_port:22\"},\"label\":\"SSH\"},{\"input\":{\"query\":\"dest_port:23\"},\"label\":\"Telnet\"}]}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\"Timestamp\"}}]}",
 | |
|       "uiStateJSON": "{}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "Cowrie-Logs",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "1a80b720-4ad6-11e8-ab1b-fdef76c312f4",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Ciscoasa - Attacker AS/N - Top 10",
 | |
|       "visState": "{\"title\":\"Ciscoasa - Attacker AS/N - Top 10\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"CNT\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"geoip.asn\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"AS\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"geoip.as_org.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"ASN\"}}]}",
 | |
|       "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "2934abc0-4ad4-11e8-ab1b-fdef76c312f4",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "06628c70-6352-11e8-be86-73985bedf977",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Tanner - Attacker AS/N - Top 10",
 | |
|       "visState": "{\"title\":\"Tanner - Attacker AS/N - Top 10\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"CNT\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"geoip.asn\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"AS\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"geoip.as_org.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"ASN\"}}]}",
 | |
|       "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "d800f130-633f-11e8-be86-73985bedf977",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "Dionaea-ASN-Top-10",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Dionaea - Attacker AS/N - Top 10",
 | |
|       "visState": "{\"title\":\"Dionaea - Attacker AS/N - Top 10\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"CNT\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"geoip.asn\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"ASN\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"geoip.as_org.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"AS\"}}]}",
 | |
|       "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "Dionaea-Logs",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "Suricata-ASN-Top-10",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Suricata - AS/N - Top 10",
 | |
|       "visState": "{\"title\":\"Suricata - AS/N - Top 10\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"CNT\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"geoip.asn\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"AS\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"geoip.as_org.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"ASN\"}}]}",
 | |
|       "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "Suricata-Logs",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "NGINX-ASN-Top-10",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "NGINX - AS/N - Top 10",
 | |
|       "visState": "{\"title\":\"NGINX - AS/N - Top 10\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"CNT\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"geoip.asn\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"AS\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"geoip.as_org.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"ASN\"}}]}",
 | |
|       "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "NGINX-Logs",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "Cowrie-Ports-Pie",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Cowrie - Attacks by Port",
 | |
|       "visState": "{\"title\":\"Cowrie - Attacks by Port\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"legendPosition\":\"right\",\"shareYAxis\":true,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"filters\",\"schema\":\"segment\",\"params\":{\"filters\":[{\"input\":{\"query\":\"dest_port:22\"},\"label\":\"SSH\"},{\"input\":{\"query\":\"dest_port:23\"},\"label\":\"Telnet\"}]}}]}",
 | |
|       "uiStateJSON": "{}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "Cowrie-Logs",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "7e33e3d0-810c-11e7-8413-9fe5e30ade77",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Dionaea - Attacks by Destination Ports Histogram",
 | |
|       "visState": "{\"title\":\"Dionaea - Attacks by Destination Ports Histogram\",\"type\":\"area\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"Timestamp\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"square root\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"area\",\"mode\":\"normal\",\"data\":{\"label\":\"Attacks\",\"id\":\"1\"},\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"step-after\",\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"type\":\"area\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Attacks\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"dest_port\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\"Timestamp\"}}]}",
 | |
|       "uiStateJSON": "{}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "Dionaea-Logs",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "Dionaea-Destination-Ports-Top-10",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Dionaea - Attacks by Port",
 | |
|       "visState": "{\"title\":\"Dionaea - Attacks by Port\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":true,\"legendPosition\":\"right\",\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Attacks\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"dest_port\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}",
 | |
|       "uiStateJSON": "{}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "Dionaea-Logs",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "7e6121d0-e851-11e8-97df-bbc3de28ece0",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Glutton - Attacks by Port",
 | |
|       "visState": "{\"title\":\"Glutton - Attacks by Port\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":true,\"legendPosition\":\"right\",\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Attacks\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"dest_port\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}",
 | |
|       "uiStateJSON": "{}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "385ea460-ad22-11e8-942c-a39712fa9ddf",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "9d251bd0-e851-11e8-97df-bbc3de28ece0",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Glutton - Attacks by Destination Ports Histogram",
 | |
|       "visState": "{\"title\":\"Glutton - Attacks by Destination Ports Histogram\",\"type\":\"area\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"Timestamp\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"square root\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"area\",\"mode\":\"normal\",\"data\":{\"label\":\"Attacks\",\"id\":\"1\"},\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"step-after\",\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"type\":\"area\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Attacks\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"dest_port\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\"Timestamp\"}}]}",
 | |
|       "uiStateJSON": "{}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "385ea460-ad22-11e8-942c-a39712fa9ddf",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "864b2f30-4883-11e8-9b3d-f36e8d4f5cb2",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Heralding - Attacks by Port",
 | |
|       "visState": "{\"title\":\"Heralding - Attacks by Port\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Attacks\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"dest_port\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}",
 | |
|       "uiStateJSON": "{}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "c2bea500-47ca-11e8-a905-f74bbc7cbd2d",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "ec53e470-8376-11e7-9adb-2955c2136c8c",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Honeytrap - Attacks by Destination Ports Histogram",
 | |
|       "visState": "{\"title\":\"Honeytrap - Attacks by Destination Ports Histogram\",\"type\":\"area\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"Timestamp\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"square root\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"area\",\"mode\":\"normal\",\"data\":{\"label\":\"Attacks\",\"id\":\"1\"},\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"step-after\",\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"type\":\"area\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Attacks\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"dest_port\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\"Timestamp\"}}]}",
 | |
|       "uiStateJSON": "{}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "Honeytrap-Logs",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   },
 | |
|   {
 | |
|     "_id": "Honeytrap-Destination-Ports-Top-10",
 | |
|     "_type": "visualization",
 | |
|     "_source": {
 | |
|       "title": "Honeytrap - Attacks by Port",
 | |
|       "visState": "{\"title\":\"Honeytrap - Attacks by Port\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":true,\"legendPosition\":\"right\",\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"dest_port\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}",
 | |
|       "uiStateJSON": "{}",
 | |
|       "description": "",
 | |
|       "savedSearchId": "Honeytrap-Logs",
 | |
|       "version": 1,
 | |
|       "kibanaSavedObjectMeta": {
 | |
|         "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
 | |
|       }
 | |
|     },
 | |
|     "_meta": {
 | |
|       "savedObjectVersion": 2
 | |
|     }
 | |
|   }
 | |
| ] | 
