mirror of
https://github.com/telekom-security/tpotce.git
synced 2025-04-28 19:28:50 +00:00
2372 lines
No EOL
149 KiB
JSON
2372 lines
No EOL
149 KiB
JSON
[
|
|
{
|
|
"_id": "Cowrie",
|
|
"_type": "dashboard",
|
|
"_source": {
|
|
"title": "Cowrie",
|
|
"hits": 0,
|
|
"description": "",
|
|
"panelsJSON": "[{\"col\":1,\"id\":\"Cowrie-Event-Counter\",\"panelIndex\":1,\"row\":1,\"size_x\":2,\"size_y\":3,\"type\":\"visualization\"},{\"col\":5,\"id\":\"Cowrie-Events-Histogram\",\"panelIndex\":22,\"row\":1,\"size_x\":8,\"size_y\":3,\"type\":\"visualization\"},{\"col\":1,\"id\":\"Cowrie-Cipher-Suites-Top-10\",\"panelIndex\":24,\"row\":4,\"size_x\":4,\"size_y\":3,\"type\":\"visualization\"},{\"col\":5,\"id\":\"Cowrie-Countries-Top-10\",\"panelIndex\":28,\"row\":4,\"size_x\":4,\"size_y\":3,\"type\":\"visualization\"},{\"col\":1,\"id\":\"Cowrie-Events-by-Country-Histogram\",\"panelIndex\":29,\"row\":11,\"size_x\":12,\"size_y\":3,\"type\":\"visualization\"},{\"col\":9,\"id\":\"Cowrie-Version-Pie-Top-10\",\"panelIndex\":31,\"row\":4,\"size_x\":4,\"size_y\":3,\"type\":\"visualization\"},{\"col\":3,\"id\":\"Cowrie-Unique-Session-Counter\",\"panelIndex\":33,\"row\":1,\"size_x\":2,\"size_y\":3,\"type\":\"visualization\"},{\"col\":1,\"id\":\"Cowrie-Username-Tagcloud-Large\",\"panelIndex\":34,\"row\":7,\"size_x\":6,\"size_y\":4,\"type\":\"visualization\"},{\"col\":7,\"id\":\"Cowrie-Password-Tagcloud-Large\",\"panelIndex\":35,\"row\":7,\"size_x\":6,\"size_y\":4,\"type\":\"visualization\"},{\"col\":1,\"id\":\"Cowrie-Map\",\"panelIndex\":36,\"row\":14,\"size_x\":12,\"size_y\":7,\"type\":\"visualization\"},{\"col\":1,\"id\":\"Cowrie-Input-Top-10\",\"panelIndex\":37,\"row\":21,\"size_x\":4,\"size_y\":6,\"type\":\"visualization\"},{\"col\":5,\"id\":\"Cowrie-Source-IP-Top-10\",\"panelIndex\":38,\"row\":21,\"size_x\":4,\"size_y\":6,\"type\":\"visualization\"},{\"col\":9,\"id\":\"Cowrie-ASN-Top-10\",\"panelIndex\":39,\"row\":21,\"size_x\":4,\"size_y\":6,\"type\":\"visualization\"},{\"id\":\"Cowrie-Logs\",\"type\":\"search\",\"panelIndex\":40,\"size_x\":12,\"size_y\":7,\"col\":1,\"row\":27,\"columns\":[\"_source\"],\"sort\":[\"@timestamp\",\"desc\"]}]",
|
|
"optionsJSON": "{\"darkTheme\":true}",
|
|
"uiStateJSON": "{}",
|
|
"version": 1,
|
|
"timeRestore": true,
|
|
"timeTo": "now",
|
|
"timeFrom": "now-24h",
|
|
"kibanaSavedObjectMeta": {
|
|
"searchSourceJSON": "{\"filter\":[{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}}}]}"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"_id": "eMobility",
|
|
"_type": "dashboard",
|
|
"_source": {
|
|
"title": "eMobility",
|
|
"hits": 0,
|
|
"description": "",
|
|
"panelsJSON": "[{\"col\":1,\"id\":\"eMobility-Event-Counter\",\"panelIndex\":1,\"row\":1,\"size_x\":4,\"size_y\":3,\"type\":\"visualization\"},{\"col\":5,\"id\":\"eMobility-Events-Histogram\",\"panelIndex\":2,\"row\":1,\"size_x\":8,\"size_y\":3,\"type\":\"visualization\"},{\"col\":1,\"id\":\"eMobility-Countries-Top-10\",\"panelIndex\":3,\"row\":4,\"size_x\":4,\"size_y\":3,\"type\":\"visualization\"},{\"col\":5,\"id\":\"eMobility-Events-by-Country-Histogram\",\"panelIndex\":4,\"row\":4,\"size_x\":8,\"size_y\":3,\"type\":\"visualization\"},{\"col\":1,\"id\":\"eMobility-Map\",\"panelIndex\":5,\"row\":7,\"size_x\":12,\"size_y\":7,\"type\":\"visualization\"},{\"col\":1,\"id\":\"eMobility-Source-IP-Top-10\",\"panelIndex\":6,\"row\":14,\"size_x\":6,\"size_y\":6,\"type\":\"visualization\"},{\"col\":7,\"id\":\"eMobility-ASN-Top-10\",\"panelIndex\":7,\"row\":14,\"size_x\":6,\"size_y\":6,\"type\":\"visualization\"},{\"col\":1,\"columns\":[\"_source\"],\"id\":\"eMobility-Logs\",\"panelIndex\":8,\"row\":20,\"size_x\":12,\"size_y\":7,\"sort\":[\"@timestamp\",\"desc\"],\"type\":\"search\"}]",
|
|
"optionsJSON": "{\"darkTheme\":true}",
|
|
"uiStateJSON": "{}",
|
|
"version": 1,
|
|
"timeRestore": true,
|
|
"timeTo": "now",
|
|
"timeFrom": "now-24h",
|
|
"kibanaSavedObjectMeta": {
|
|
"searchSourceJSON": "{\"filter\":[{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}}}]}"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"_id": "Suricata",
|
|
"_type": "dashboard",
|
|
"_source": {
|
|
"title": "Suricata",
|
|
"hits": 0,
|
|
"description": "",
|
|
"panelsJSON": "[{\"col\":1,\"id\":\"Suricata-Event-Counter\",\"panelIndex\":1,\"row\":1,\"size_x\":3,\"size_y\":3,\"type\":\"visualization\"},{\"col\":4,\"id\":\"Suricata-Events-Histogram\",\"panelIndex\":2,\"row\":1,\"size_x\":9,\"size_y\":3,\"type\":\"visualization\"},{\"col\":1,\"id\":\"Suricata-Destination-Ports-Histogram\",\"panelIndex\":3,\"row\":4,\"size_x\":12,\"size_y\":3,\"type\":\"visualization\"},{\"col\":1,\"id\":\"Suricata-Alert-Category-Histogram-Top-10\",\"panelIndex\":4,\"row\":7,\"size_x\":12,\"size_y\":3,\"type\":\"visualization\"},{\"col\":4,\"id\":\"Suricata-Countries-Top-10\",\"panelIndex\":9,\"row\":13,\"size_x\":3,\"size_y\":3,\"type\":\"visualization\"},{\"col\":7,\"id\":\"Suricata-Fileinfo-Magic-Top-10\",\"panelIndex\":12,\"row\":13,\"size_x\":3,\"size_y\":3,\"type\":\"visualization\"},{\"col\":1,\"id\":\"Suricata-HTTP-Content-Type-Top-10\",\"panelIndex\":14,\"row\":10,\"size_x\":3,\"size_y\":3,\"type\":\"visualization\"},{\"col\":4,\"id\":\"Suricata-HTTP-Hostname-Pie-Top-10\",\"panelIndex\":15,\"row\":10,\"size_x\":3,\"size_y\":3,\"type\":\"visualization\"},{\"col\":7,\"id\":\"Suricata-HTTP-Method-Pie-Top-10\",\"panelIndex\":16,\"row\":10,\"size_x\":3,\"size_y\":3,\"type\":\"visualization\"},{\"col\":10,\"id\":\"Suricata-HTTP-User-Agent-Pie-Top-10\",\"panelIndex\":18,\"row\":10,\"size_x\":3,\"size_y\":3,\"type\":\"visualization\"},{\"col\":10,\"id\":\"Suricata-SSH-Client-Software-Version-Pie-Top-10\",\"panelIndex\":19,\"row\":13,\"size_x\":3,\"size_y\":3,\"type\":\"visualization\"},{\"col\":1,\"id\":\"Suricata-TLS-Version\",\"panelIndex\":20,\"row\":13,\"size_x\":3,\"size_y\":3,\"type\":\"visualization\"},{\"col\":1,\"id\":\"Suricata-Events-by-Country-Histogram\",\"panelIndex\":22,\"row\":16,\"size_x\":12,\"size_y\":3,\"type\":\"visualization\"},{\"col\":1,\"id\":\"Suricata-Map\",\"panelIndex\":23,\"row\":19,\"size_x\":12,\"size_y\":7,\"type\":\"visualization\"},{\"col\":1,\"id\":\"Suricata-Source-IP-Top-10\",\"panelIndex\":24,\"row\":26,\"size_x\":4,\"size_y\":6,\"type\":\"visualization\"},{\"col\":5,\"id\":\"Suricata-ASN-Top-10\",\"panelIndex\":25,\"row\":26,\"size_x\":4,\"size_y\":6,\"type\":\"visualization\"},{\"col\":9,\"id\":\"Suricata-Alert-Signature-Top-10\",\"panelIndex\":26,\"row\":26,\"size_x\":4,\"size_y\":6,\"type\":\"visualization\"},{\"col\":1,\"columns\":[\"_source\"],\"id\":\"Suricata-Logs\",\"panelIndex\":27,\"row\":32,\"size_x\":12,\"size_y\":6,\"sort\":[\"@timestamp\",\"desc\"],\"type\":\"search\"}]",
|
|
"optionsJSON": "{\"darkTheme\":true}",
|
|
"uiStateJSON": "{}",
|
|
"version": 1,
|
|
"timeRestore": true,
|
|
"timeTo": "now",
|
|
"timeFrom": "now-24h",
|
|
"kibanaSavedObjectMeta": {
|
|
"searchSourceJSON": "{\"filter\":[{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}}}]}"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"_id": "T-Pot-Industrial",
|
|
"_type": "dashboard",
|
|
"_source": {
|
|
"title": ">T-Pot - Industrial",
|
|
"hits": 0,
|
|
"description": "",
|
|
"panelsJSON": "[\n {\n \"col\": 9,\n \"id\": \"Suricata-Event-Counter\",\n \"panelIndex\": 6,\n \"row\": 1,\n \"size_x\": 4,\n \"size_y\": 2,\n \"type\": \"visualization\"\n },\n {\n \"col\": 1,\n \"id\": \"ConPot-Event-Counter\",\n \"panelIndex\": 7,\n \"row\": 1,\n \"size_x\": 4,\n \"size_y\": 2,\n \"type\": \"visualization\"\n },\n {\n \"col\": 5,\n \"id\": \"eMobility-Event-Counter\",\n \"panelIndex\": 9,\n \"row\": 1,\n \"size_x\": 4,\n \"size_y\": 2,\n \"type\": \"visualization\"\n },\n {\n \"col\": 1,\n \"id\": \"Honeypot-Events-Histogram\",\n \"panelIndex\": 10,\n \"row\": 3,\n \"size_x\": 12,\n \"size_y\": 3,\n \"type\": \"visualization\"\n },\n {\n \"col\": 1,\n \"id\": \"Honeypot-Destination-Ports-Histogram\",\n \"panelIndex\": 11,\n \"row\": 6,\n \"size_x\": 12,\n \"size_y\": 3,\n \"type\": \"visualization\"\n },\n {\n \"col\": 1,\n \"id\": \"P0f-OS-Top-10\",\n \"panelIndex\": 12,\n \"row\": 9,\n \"size_x\": 3,\n \"size_y\": 3,\n \"type\": \"visualization\"\n },\n {\n \"col\": 4,\n \"id\": \"Honeypot-Events\",\n \"panelIndex\": 13,\n \"row\": 9,\n \"size_x\": 3,\n \"size_y\": 3,\n \"type\": \"visualization\"\n },\n {\n \"col\": 7,\n \"id\": \"Honeypot-Countries-Top-10\",\n \"panelIndex\": 14,\n \"row\": 9,\n \"size_x\": 3,\n \"size_y\": 3,\n \"type\": \"visualization\"\n },\n {\n \"col\": 10,\n \"id\": \"Cowrie-Password-Tagcloud\",\n \"panelIndex\": 15,\n \"row\": 9,\n \"size_x\": 3,\n \"size_y\": 3,\n \"type\": \"visualization\"\n },\n {\n \"col\": 1,\n \"id\": \"Suricata-Alert-Category-Histogram-Top-10\",\n \"panelIndex\": 16,\n \"row\": 12,\n \"size_x\": 12,\n \"size_y\": 3,\n \"type\": \"visualization\"\n },\n {\n \"col\": 1,\n \"id\": \"Honeypot-Events-by-Country-Histogram\",\n \"panelIndex\": 17,\n \"row\": 15,\n \"size_x\": 12,\n \"size_y\": 3,\n \"type\": \"visualization\"\n },\n {\n \"col\": 1,\n \"id\": \"Honeypot-Map\",\n \"panelIndex\": 18,\n \"row\": 18,\n \"size_x\": 12,\n \"size_y\": 7,\n \"type\": \"visualization\"\n },\n {\n \"col\": 1,\n \"id\": \"Honeypot-by-Country-and-Port\",\n \"panelIndex\": 19,\n \"row\": 25,\n \"size_x\": 12,\n \"size_y\": 4,\n \"type\": \"visualization\"\n },\n {\n \"col\": 1,\n \"id\": \"Honeypot-Source-IP-Top-10\",\n \"panelIndex\": 20,\n \"row\": 29,\n \"size_x\": 4,\n \"size_y\": 7,\n \"type\": \"visualization\"\n },\n {\n \"col\": 5,\n \"id\": \"Honeypot-ASN-Top-10\",\n \"panelIndex\": 21,\n \"row\": 29,\n \"size_x\": 4,\n \"size_y\": 7,\n \"type\": \"visualization\"\n },\n {\n \"col\": 9,\n \"id\": \"Suricata-Alert-Signature-Top-10\",\n \"panelIndex\": 22,\n \"row\": 29,\n \"size_x\": 4,\n \"size_y\": 7,\n \"type\": \"visualization\"\n },\n {\n \"col\": 1,\n \"columns\": [\n \"_source\"\n ],\n \"id\": \"Honeypot-Logs\",\n \"panelIndex\": 23,\n \"row\": 36,\n \"size_x\": 12,\n \"size_y\": 7,\n \"sort\": [\n \"@timestamp\",\n \"desc\"\n ],\n \"type\": \"search\"\n }\n]",
|
|
"optionsJSON": "{\n \"darkTheme\": true\n}",
|
|
"uiStateJSON": "{}",
|
|
"version": 1,
|
|
"timeRestore": true,
|
|
"timeTo": "now",
|
|
"timeFrom": "now-24h",
|
|
"kibanaSavedObjectMeta": {
|
|
"searchSourceJSON": "{\"filter\":[{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}}}]}"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"_id": "Honeytrap",
|
|
"_type": "dashboard",
|
|
"_source": {
|
|
"title": "Honeytrap",
|
|
"hits": 0,
|
|
"description": "",
|
|
"panelsJSON": "[{\"col\":1,\"id\":\"Honeytrap-Event-Counter\",\"panelIndex\":1,\"row\":1,\"size_x\":3,\"size_y\":3,\"type\":\"visualization\"},{\"col\":4,\"id\":\"Honeytrap-Events-Histogram\",\"panelIndex\":2,\"row\":1,\"size_x\":9,\"size_y\":3,\"type\":\"visualization\"},{\"col\":1,\"id\":\"Honeytrap-Countries-Top-10\",\"panelIndex\":3,\"row\":4,\"size_x\":3,\"size_y\":3,\"type\":\"visualization\"},{\"col\":4,\"id\":\"Honeytrap-Destination-Ports-Histogram\",\"panelIndex\":4,\"row\":4,\"size_x\":9,\"size_y\":3,\"type\":\"visualization\"},{\"col\":1,\"id\":\"Honeytrap-Destination-Ports-Top-10\",\"panelIndex\":5,\"row\":7,\"size_x\":3,\"size_y\":3,\"type\":\"visualization\"},{\"col\":4,\"id\":\"Honeytrap-Events-by-Country-Histogram\",\"panelIndex\":6,\"row\":7,\"size_x\":9,\"size_y\":3,\"type\":\"visualization\"},{\"col\":1,\"id\":\"Honeytrap-Map\",\"panelIndex\":7,\"row\":10,\"size_x\":12,\"size_y\":7,\"type\":\"visualization\"},{\"id\":\"Honeytrap-ASN-Top-10\",\"type\":\"visualization\",\"panelIndex\":8,\"size_x\":6,\"size_y\":5,\"col\":7,\"row\":17},{\"id\":\"Honeytrap-Source-IP-Top-10\",\"type\":\"visualization\",\"panelIndex\":9,\"size_x\":6,\"size_y\":5,\"col\":1,\"row\":17},{\"id\":\"Honeytrap-Logs\",\"type\":\"search\",\"panelIndex\":10,\"size_x\":12,\"size_y\":7,\"col\":1,\"row\":22,\"columns\":[\"_source\"],\"sort\":[\"@timestamp\",\"desc\"]}]",
|
|
"optionsJSON": "{\"darkTheme\":true}",
|
|
"uiStateJSON": "{}",
|
|
"version": 1,
|
|
"timeRestore": true,
|
|
"timeTo": "now",
|
|
"timeFrom": "now-24h",
|
|
"kibanaSavedObjectMeta": {
|
|
"searchSourceJSON": "{\"filter\":[{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}}}]}"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"_id": "ConPot",
|
|
"_type": "dashboard",
|
|
"_source": {
|
|
"title": "ConPot",
|
|
"hits": 0,
|
|
"description": "",
|
|
"panelsJSON": "[{\"col\":1,\"id\":\"ConPot-Event-Counter\",\"panelIndex\":9,\"row\":1,\"size_x\":3,\"size_y\":3,\"type\":\"visualization\"},{\"col\":1,\"id\":\"ConPot-Countries-Top-10\",\"panelIndex\":10,\"row\":4,\"size_x\":6,\"size_y\":4,\"type\":\"visualization\"},{\"col\":4,\"id\":\"ConPot-Events-Histogram\",\"panelIndex\":11,\"row\":1,\"size_x\":9,\"size_y\":3,\"type\":\"visualization\"},{\"col\":1,\"id\":\"ConPot-Events-by-Country-Histogram\",\"panelIndex\":12,\"row\":8,\"size_x\":12,\"size_y\":3,\"type\":\"visualization\"},{\"col\":1,\"id\":\"ConPot-Map\",\"panelIndex\":13,\"row\":11,\"size_x\":12,\"size_y\":7,\"type\":\"visualization\"},{\"col\":1,\"columns\":[\"_source\"],\"id\":\"ConPot-Logs\",\"panelIndex\":14,\"row\":24,\"size_x\":12,\"size_y\":7,\"sort\":[\"@timestamp\",\"desc\"],\"type\":\"search\"},{\"col\":1,\"id\":\"ConPot-Source-IP-Top-10\",\"panelIndex\":15,\"row\":18,\"size_x\":6,\"size_y\":6,\"type\":\"visualization\"},{\"col\":7,\"id\":\"ConPot-Protocol\",\"panelIndex\":16,\"row\":4,\"size_x\":6,\"size_y\":4,\"type\":\"visualization\"},{\"id\":\"ConPot-ASN-Top-10\",\"type\":\"visualization\",\"panelIndex\":17,\"size_x\":6,\"size_y\":6,\"col\":7,\"row\":18}]",
|
|
"optionsJSON": "{\"darkTheme\":true}",
|
|
"uiStateJSON": "{}",
|
|
"version": 1,
|
|
"timeRestore": true,
|
|
"timeTo": "now",
|
|
"timeFrom": "now-24h",
|
|
"kibanaSavedObjectMeta": {
|
|
"searchSourceJSON": "{\"filter\":[{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}}}]}"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"_id": ">T-Pot-Everything",
|
|
"_type": "dashboard",
|
|
"_source": {
|
|
"title": ">T-Pot - Everything",
|
|
"hits": 0,
|
|
"description": "",
|
|
"panelsJSON": "[{\"col\":4,\"id\":\"Cowrie-Event-Counter\",\"panelIndex\":1,\"row\":1,\"size_x\":3,\"size_y\":2,\"type\":\"visualization\"},{\"col\":7,\"id\":\"Dionaea-Event-Counter\",\"panelIndex\":2,\"row\":1,\"size_x\":3,\"size_y\":2,\"type\":\"visualization\"},{\"col\":10,\"id\":\"ElasticPot-Event-Counter\",\"panelIndex\":3,\"row\":1,\"size_x\":3,\"size_y\":2,\"type\":\"visualization\"},{\"col\":4,\"id\":\"Glastopf-Event-Counter\",\"panelIndex\":4,\"row\":3,\"size_x\":3,\"size_y\":2,\"type\":\"visualization\"},{\"col\":7,\"id\":\"Honeytrap-Event-Counter\",\"panelIndex\":5,\"row\":3,\"size_x\":3,\"size_y\":2,\"type\":\"visualization\"},{\"col\":10,\"id\":\"Suricata-Event-Counter\",\"panelIndex\":6,\"row\":3,\"size_x\":3,\"size_y\":2,\"type\":\"visualization\"},{\"col\":1,\"id\":\"ConPot-Event-Counter\",\"panelIndex\":7,\"row\":1,\"size_x\":3,\"size_y\":2,\"type\":\"visualization\"},{\"col\":1,\"id\":\"eMobility-Event-Counter\",\"panelIndex\":9,\"row\":3,\"size_x\":3,\"size_y\":2,\"type\":\"visualization\"},{\"col\":1,\"id\":\"Honeypot-Events-Histogram\",\"panelIndex\":10,\"row\":5,\"size_x\":12,\"size_y\":3,\"type\":\"visualization\"},{\"col\":1,\"id\":\"Honeypot-Destination-Ports-Histogram\",\"panelIndex\":11,\"row\":8,\"size_x\":12,\"size_y\":3,\"type\":\"visualization\"},{\"col\":1,\"id\":\"P0f-OS-Top-10\",\"panelIndex\":12,\"row\":11,\"size_x\":3,\"size_y\":3,\"type\":\"visualization\"},{\"col\":4,\"id\":\"Honeypot-Events\",\"panelIndex\":13,\"row\":11,\"size_x\":3,\"size_y\":3,\"type\":\"visualization\"},{\"col\":7,\"id\":\"Honeypot-Countries-Top-10\",\"panelIndex\":14,\"row\":11,\"size_x\":3,\"size_y\":3,\"type\":\"visualization\"},{\"col\":10,\"id\":\"Cowrie-Password-Tagcloud\",\"panelIndex\":15,\"row\":11,\"size_x\":3,\"size_y\":3,\"type\":\"visualization\"},{\"id\":\"Suricata-Alert-Category-Histogram-Top-10\",\"type\":\"visualization\",\"panelIndex\":16,\"size_x\":12,\"size_y\":3,\"col\":1,\"row\":14},{\"id\":\"Honeypot-Events-by-Country-Histogram\",\"type\":\"visualization\",\"panelIndex\":17,\"size_x\":12,\"size_y\":3,\"col\":1,\"row\":17},{\"id\":\"Honeypot-Map\",\"type\":\"visualization\",\"panelIndex\":18,\"size_x\":12,\"size_y\":7,\"col\":1,\"row\":20},{\"id\":\"Honeypot-by-Country-and-Port\",\"type\":\"visualization\",\"panelIndex\":19,\"size_x\":12,\"size_y\":4,\"col\":1,\"row\":27},{\"id\":\"Honeypot-Source-IP-Top-10\",\"type\":\"visualization\",\"panelIndex\":20,\"size_x\":4,\"size_y\":7,\"col\":1,\"row\":31},{\"id\":\"Honeypot-ASN-Top-10\",\"type\":\"visualization\",\"panelIndex\":21,\"size_x\":4,\"size_y\":7,\"col\":5,\"row\":31},{\"id\":\"Suricata-Alert-Signature-Top-10\",\"type\":\"visualization\",\"panelIndex\":22,\"size_x\":4,\"size_y\":7,\"col\":9,\"row\":31},{\"id\":\"Honeypot-Logs\",\"type\":\"search\",\"panelIndex\":23,\"size_x\":12,\"size_y\":7,\"col\":1,\"row\":38,\"columns\":[\"_source\"],\"sort\":[\"@timestamp\",\"desc\"]}]",
|
|
"optionsJSON": "{\"darkTheme\":true}",
|
|
"uiStateJSON": "{}",
|
|
"version": 1,
|
|
"timeRestore": true,
|
|
"timeTo": "now",
|
|
"timeFrom": "now-24h",
|
|
"kibanaSavedObjectMeta": {
|
|
"searchSourceJSON": "{\"filter\":[{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}}}]}"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"_id": "T-Pot-Standard",
|
|
"_type": "dashboard",
|
|
"_source": {
|
|
"title": ">T-Pot - Standard",
|
|
"hits": 0,
|
|
"description": "",
|
|
"panelsJSON": "[\n {\n \"col\": 1,\n \"id\": \"Cowrie-Event-Counter\",\n \"panelIndex\": 1,\n \"row\": 1,\n \"size_x\": 2,\n \"size_y\": 2,\n \"type\": \"visualization\"\n },\n {\n \"col\": 3,\n \"id\": \"Dionaea-Event-Counter\",\n \"panelIndex\": 2,\n \"row\": 1,\n \"size_x\": 2,\n \"size_y\": 2,\n \"type\": \"visualization\"\n },\n {\n \"col\": 5,\n \"id\": \"ElasticPot-Event-Counter\",\n \"panelIndex\": 3,\n \"row\": 1,\n \"size_x\": 2,\n \"size_y\": 2,\n \"type\": \"visualization\"\n },\n {\n \"col\": 7,\n \"id\": \"Glastopf-Event-Counter\",\n \"panelIndex\": 4,\n \"row\": 1,\n \"size_x\": 2,\n \"size_y\": 2,\n \"type\": \"visualization\"\n },\n {\n \"col\": 9,\n \"id\": \"Honeytrap-Event-Counter\",\n \"panelIndex\": 5,\n \"row\": 1,\n \"size_x\": 2,\n \"size_y\": 2,\n \"type\": \"visualization\"\n },\n {\n \"col\": 11,\n \"id\": \"Suricata-Event-Counter\",\n \"panelIndex\": 6,\n \"row\": 1,\n \"size_x\": 2,\n \"size_y\": 2,\n \"type\": \"visualization\"\n },\n {\n \"col\": 1,\n \"id\": \"Honeypot-Events-Histogram\",\n \"panelIndex\": 7,\n \"row\": 3,\n \"size_x\": 12,\n \"size_y\": 3,\n \"type\": \"visualization\"\n },\n {\n \"col\": 1,\n \"id\": \"P0f-OS-Top-10\",\n \"panelIndex\": 8,\n \"row\": 9,\n \"size_x\": 3,\n \"size_y\": 3,\n \"type\": \"visualization\"\n },\n {\n \"col\": 4,\n \"id\": \"Honeypot-Events\",\n \"panelIndex\": 9,\n \"row\": 9,\n \"size_x\": 3,\n \"size_y\": 3,\n \"type\": \"visualization\"\n },\n {\n \"col\": 7,\n \"id\": \"Honeypot-Countries-Top-10\",\n \"panelIndex\": 10,\n \"row\": 9,\n \"size_x\": 3,\n \"size_y\": 3,\n \"type\": \"visualization\"\n },\n {\n \"col\": 10,\n \"id\": \"Cowrie-Password-Tagcloud\",\n \"panelIndex\": 12,\n \"row\": 9,\n \"size_x\": 3,\n \"size_y\": 3,\n \"type\": \"visualization\"\n },\n {\n \"col\": 1,\n \"id\": \"Honeypot-by-Country-and-Port\",\n \"panelIndex\": 13,\n \"row\": 25,\n \"size_x\": 12,\n \"size_y\": 4,\n \"type\": \"visualization\"\n },\n {\n \"col\": 1,\n \"id\": \"Suricata-Alert-Category-Histogram-Top-10\",\n \"panelIndex\": 14,\n \"row\": 12,\n \"size_x\": 12,\n \"size_y\": 3,\n \"type\": \"visualization\"\n },\n {\n \"col\": 1,\n \"id\": \"Honeypot-Destination-Ports-Histogram\",\n \"panelIndex\": 15,\n \"row\": 6,\n \"size_x\": 12,\n \"size_y\": 3,\n \"type\": \"visualization\"\n },\n {\n \"col\": 1,\n \"id\": \"Honeypot-Events-by-Country-Histogram\",\n \"panelIndex\": 16,\n \"row\": 15,\n \"size_x\": 12,\n \"size_y\": 3,\n \"type\": \"visualization\"\n },\n {\n \"col\": 1,\n \"id\": \"Honeypot-Map\",\n \"panelIndex\": 17,\n \"row\": 18,\n \"size_x\": 12,\n \"size_y\": 7,\n \"type\": \"visualization\"\n },\n {\n \"col\": 1,\n \"columns\": [\n \"_source\"\n ],\n \"id\": \"Honeypot-Logs\",\n \"panelIndex\": 18,\n \"row\": 35,\n \"size_x\": 12,\n \"size_y\": 7,\n \"sort\": [\n \"@timestamp\",\n \"desc\"\n ],\n \"type\": \"search\"\n },\n {\n \"col\": 1,\n \"id\": \"Honeypot-Source-IP-Top-10\",\n \"panelIndex\": 19,\n \"row\": 29,\n \"size_x\": 4,\n \"size_y\": 6,\n \"type\": \"visualization\"\n },\n {\n \"col\": 5,\n \"id\": \"Honeypot-ASN-Top-10\",\n \"panelIndex\": 20,\n \"row\": 29,\n \"size_x\": 4,\n \"size_y\": 6,\n \"type\": \"visualization\"\n },\n {\n \"col\": 9,\n \"id\": \"Suricata-Alert-Signature-Top-10\",\n \"panelIndex\": 21,\n \"row\": 29,\n \"size_x\": 4,\n \"size_y\": 6,\n \"type\": \"visualization\"\n }\n]",
|
|
"optionsJSON": "{\n \"darkTheme\": true\n}",
|
|
"uiStateJSON": "{}",
|
|
"version": 1,
|
|
"timeRestore": true,
|
|
"timeTo": "now",
|
|
"timeFrom": "now-24h",
|
|
"kibanaSavedObjectMeta": {
|
|
"searchSourceJSON": "{\"filter\":[{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}}}]}"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"_id": "Dionaea",
|
|
"_type": "dashboard",
|
|
"_source": {
|
|
"title": "Dionaea",
|
|
"hits": 0,
|
|
"description": "",
|
|
"panelsJSON": "[{\"col\":1,\"id\":\"Dionaea-Event-Counter\",\"panelIndex\":1,\"row\":1,\"size_x\":3,\"size_y\":3,\"type\":\"visualization\"},{\"id\":\"Dionaea-Events-Histogram\",\"type\":\"visualization\",\"panelIndex\":2,\"size_x\":9,\"size_y\":3,\"col\":4,\"row\":1},{\"id\":\"Dionaea-Countries-Top-10\",\"type\":\"visualization\",\"panelIndex\":3,\"size_x\":3,\"size_y\":3,\"col\":1,\"row\":4},{\"id\":\"Dionaea-Destination-Ports-Top-10\",\"type\":\"visualization\",\"panelIndex\":4,\"size_x\":3,\"size_y\":3,\"col\":1,\"row\":7},{\"id\":\"Dionaea-Destination-Ports-Histogram\",\"type\":\"visualization\",\"panelIndex\":5,\"size_x\":9,\"size_y\":3,\"col\":4,\"row\":4},{\"id\":\"Dionaea-Events-by-Country-Histogram\",\"type\":\"visualization\",\"panelIndex\":6,\"size_x\":9,\"size_y\":3,\"col\":4,\"row\":7},{\"id\":\"Dionaea-Map\",\"type\":\"visualization\",\"panelIndex\":7,\"size_x\":12,\"size_y\":7,\"col\":1,\"row\":10},{\"id\":\"Dionaea-Source-IP-Top-10\",\"type\":\"visualization\",\"panelIndex\":8,\"size_x\":6,\"size_y\":6,\"col\":1,\"row\":17},{\"id\":\"Dionaea-ASN-Top-10\",\"type\":\"visualization\",\"panelIndex\":9,\"size_x\":6,\"size_y\":6,\"col\":7,\"row\":17},{\"id\":\"Dionaea-Logs\",\"type\":\"search\",\"panelIndex\":10,\"size_x\":12,\"size_y\":7,\"col\":1,\"row\":23,\"columns\":[\"_source\"],\"sort\":[\"@timestamp\",\"desc\"]}]",
|
|
"optionsJSON": "{\"darkTheme\":true}",
|
|
"uiStateJSON": "{}",
|
|
"version": 1,
|
|
"timeRestore": true,
|
|
"timeTo": "now",
|
|
"timeFrom": "now-24h",
|
|
"kibanaSavedObjectMeta": {
|
|
"searchSourceJSON": "{\"filter\":[{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}}}]}"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"_id": "Glastopf",
|
|
"_type": "dashboard",
|
|
"_source": {
|
|
"title": "Glastopf",
|
|
"hits": 0,
|
|
"description": "",
|
|
"panelsJSON": "[{\"col\":1,\"id\":\"Glastopf-Event-Counter\",\"panelIndex\":1,\"row\":1,\"size_x\":4,\"size_y\":3,\"type\":\"visualization\"},{\"id\":\"Glastopf-Events-Histogram\",\"type\":\"visualization\",\"panelIndex\":2,\"size_x\":8,\"size_y\":3,\"col\":5,\"row\":1},{\"id\":\"Glastopf-Countries-Top-10\",\"type\":\"visualization\",\"panelIndex\":3,\"size_x\":4,\"size_y\":3,\"col\":1,\"row\":4},{\"id\":\"Glastop-Events-by-Country-Histogram\",\"type\":\"visualization\",\"panelIndex\":4,\"size_x\":8,\"size_y\":3,\"col\":5,\"row\":4},{\"id\":\"Glastopf-Map\",\"type\":\"visualization\",\"panelIndex\":5,\"size_x\":12,\"size_y\":7,\"col\":1,\"row\":7},{\"id\":\"Glastop-Source-IP-Top-10\",\"type\":\"visualization\",\"panelIndex\":6,\"size_x\":6,\"size_y\":5,\"col\":1,\"row\":14},{\"id\":\"Glastopf-ASN-Top-10\",\"type\":\"visualization\",\"panelIndex\":7,\"size_x\":6,\"size_y\":5,\"col\":7,\"row\":14},{\"id\":\"Glastopf-Logs\",\"type\":\"search\",\"panelIndex\":8,\"size_x\":12,\"size_y\":7,\"col\":1,\"row\":19,\"columns\":[\"_source\"],\"sort\":[\"@timestamp\",\"desc\"]}]",
|
|
"optionsJSON": "{\"darkTheme\":true}",
|
|
"uiStateJSON": "{}",
|
|
"version": 1,
|
|
"timeRestore": true,
|
|
"timeTo": "now",
|
|
"timeFrom": "now-24h",
|
|
"kibanaSavedObjectMeta": {
|
|
"searchSourceJSON": "{\"filter\":[{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}}}]}"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"_id": "ElasticPot",
|
|
"_type": "dashboard",
|
|
"_source": {
|
|
"title": "ElasticPot",
|
|
"hits": 0,
|
|
"description": "",
|
|
"panelsJSON": "[{\"col\":1,\"id\":\"ElasticPot-Event-Counter\",\"panelIndex\":1,\"row\":1,\"size_x\":4,\"size_y\":3,\"type\":\"visualization\"},{\"col\":5,\"id\":\"ElasticPot-Events-Histogram\",\"panelIndex\":2,\"row\":1,\"size_x\":8,\"size_y\":3,\"type\":\"visualization\"},{\"col\":1,\"id\":\"ElasticPot-Countries-Top-10\",\"panelIndex\":3,\"row\":4,\"size_x\":4,\"size_y\":3,\"type\":\"visualization\"},{\"col\":5,\"id\":\"ElasticPot-Events-by-Country-Histogram\",\"panelIndex\":4,\"row\":4,\"size_x\":8,\"size_y\":3,\"type\":\"visualization\"},{\"col\":1,\"id\":\"ElasticPot-Map\",\"panelIndex\":5,\"row\":7,\"size_x\":12,\"size_y\":7,\"type\":\"visualization\"},{\"col\":1,\"id\":\"ElasticPot-Source-IP-Top-10\",\"panelIndex\":6,\"row\":14,\"size_x\":6,\"size_y\":6,\"type\":\"visualization\"},{\"col\":7,\"id\":\"ElasticPot-ASN-Top-10\",\"panelIndex\":7,\"row\":14,\"size_x\":6,\"size_y\":6,\"type\":\"visualization\"},{\"id\":\"ElasticPot-Logs\",\"type\":\"search\",\"panelIndex\":8,\"size_x\":12,\"size_y\":7,\"col\":1,\"row\":20,\"columns\":[\"_source\"],\"sort\":[\"@timestamp\",\"desc\"]}]",
|
|
"optionsJSON": "{\"darkTheme\":true}",
|
|
"uiStateJSON": "{}",
|
|
"version": 1,
|
|
"timeRestore": true,
|
|
"timeTo": "now",
|
|
"timeFrom": "now-24h",
|
|
"kibanaSavedObjectMeta": {
|
|
"searchSourceJSON": "{\"filter\":[{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}}}]}"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"_id": "Syslog",
|
|
"_type": "dashboard",
|
|
"_source": {
|
|
"title": "Syslog",
|
|
"hits": 0,
|
|
"description": "",
|
|
"panelsJSON": "[{\"col\":1,\"id\":\"Syslog-Events-Histogram\",\"panelIndex\":1,\"row\":1,\"size_x\":12,\"size_y\":3,\"type\":\"visualization\"},{\"col\":1,\"id\":\"Syslog-SSH-Events-Histogram\",\"panelIndex\":2,\"row\":4,\"size_x\":12,\"size_y\":3,\"type\":\"visualization\"},{\"col\":1,\"id\":\"Syslog-Countries-Top-10\",\"panelIndex\":3,\"row\":7,\"size_x\":4,\"size_y\":3,\"type\":\"visualization\"},{\"col\":1,\"id\":\"Syslog-Events-by-Country-Histogram\",\"panelIndex\":4,\"row\":10,\"size_x\":12,\"size_y\":3,\"type\":\"visualization\"},{\"col\":5,\"id\":\"Syslog-Program-Top-10\",\"panelIndex\":6,\"row\":7,\"size_x\":4,\"size_y\":3,\"type\":\"visualization\"},{\"col\":1,\"columns\":[\"_source\"],\"id\":\"Syslog-Logs\",\"panelIndex\":7,\"row\":26,\"size_x\":12,\"size_y\":7,\"sort\":[\"@timestamp\",\"desc\"],\"type\":\"search\"},{\"col\":1,\"id\":\"Syslog-Map\",\"panelIndex\":8,\"row\":13,\"size_x\":12,\"size_y\":7,\"type\":\"visualization\"},{\"col\":7,\"id\":\"Syslog-ASN-Top-10\",\"panelIndex\":9,\"row\":20,\"size_x\":6,\"size_y\":6,\"type\":\"visualization\"},{\"col\":1,\"id\":\"Syslog-Source-IP-Top-10\",\"panelIndex\":10,\"row\":20,\"size_x\":6,\"size_y\":6,\"type\":\"visualization\"},{\"col\":9,\"id\":\"Syslog-Username-Tagcloud\",\"panelIndex\":11,\"row\":7,\"size_x\":4,\"size_y\":3,\"type\":\"visualization\"}]",
|
|
"optionsJSON": "{\"darkTheme\":true}",
|
|
"uiStateJSON": "{}",
|
|
"version": 1,
|
|
"timeRestore": true,
|
|
"timeTo": "now",
|
|
"timeFrom": "now-24h",
|
|
"kibanaSavedObjectMeta": {
|
|
"searchSourceJSON": "{\"filter\":[{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}}}]}"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"_id": "Default",
|
|
"_type": "dashboard",
|
|
"_source": {
|
|
"title": "Default",
|
|
"hits": 0,
|
|
"description": "",
|
|
"panelsJSON": "[{\"id\":\"Info-Welcome-to-your-shiny-new-T-Pot-installation!\",\"type\":\"visualization\",\"panelIndex\":1,\"size_x\":12,\"size_y\":1,\"col\":1,\"row\":1}]",
|
|
"optionsJSON": "{\"darkTheme\":true}",
|
|
"uiStateJSON": "{}",
|
|
"version": 1,
|
|
"timeRestore": true,
|
|
"timeTo": "now",
|
|
"timeFrom": "now-24h",
|
|
"kibanaSavedObjectMeta": {
|
|
"searchSourceJSON": "{\"filter\":[{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}}}]}"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"_id": "ElasticPot-Logs",
|
|
"_type": "search",
|
|
"_source": {
|
|
"title": "ElasticPot-Logs",
|
|
"description": "",
|
|
"hits": 0,
|
|
"columns": [
|
|
"_source"
|
|
],
|
|
"sort": [
|
|
"@timestamp",
|
|
"desc"
|
|
],
|
|
"version": 1,
|
|
"kibanaSavedObjectMeta": {
|
|
"searchSourceJSON": "{\n \"index\": \"logstash-*\",\n \"filter\": [],\n \"highlight\": {\n \"pre_tags\": [\n \"@kibana-highlighted-field@\"\n ],\n \"post_tags\": [\n \"@/kibana-highlighted-field@\"\n ],\n \"fields\": {\n \"*\": {}\n },\n \"require_field_match\": false,\n \"fragment_size\": 2147483647\n },\n \"query\": {\n \"query_string\": {\n \"query\": \"type.raw:\\\"ElasticPot\\\"\",\n \"analyze_wildcard\": true\n }\n }\n}"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"_id": "Dionaea-Logs",
|
|
"_type": "search",
|
|
"_source": {
|
|
"title": "Dionaea-Logs",
|
|
"description": "",
|
|
"hits": 0,
|
|
"columns": [
|
|
"_source"
|
|
],
|
|
"sort": [
|
|
"@timestamp",
|
|
"desc"
|
|
],
|
|
"version": 1,
|
|
"kibanaSavedObjectMeta": {
|
|
"searchSourceJSON": "{\n \"index\": \"logstash-*\",\n \"filter\": [],\n \"highlight\": {\n \"pre_tags\": [\n \"@kibana-highlighted-field@\"\n ],\n \"post_tags\": [\n \"@/kibana-highlighted-field@\"\n ],\n \"fields\": {\n \"*\": {}\n },\n \"require_field_match\": false,\n \"fragment_size\": 2147483647\n },\n \"query\": {\n \"query_string\": {\n \"query\": \"type.raw:\\\"Dionaea\\\"\",\n \"analyze_wildcard\": true\n }\n }\n}"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"_id": "Cowrie-Logs",
|
|
"_type": "search",
|
|
"_source": {
|
|
"title": "Cowrie-Logs",
|
|
"description": "",
|
|
"hits": 0,
|
|
"columns": [
|
|
"_source"
|
|
],
|
|
"sort": [
|
|
"@timestamp",
|
|
"desc"
|
|
],
|
|
"version": 1,
|
|
"kibanaSavedObjectMeta": {
|
|
"searchSourceJSON": "{\n \"index\": \"logstash-*\",\n \"filter\": [],\n \"highlight\": {\n \"pre_tags\": [\n \"@kibana-highlighted-field@\"\n ],\n \"post_tags\": [\n \"@/kibana-highlighted-field@\"\n ],\n \"fields\": {\n \"*\": {}\n },\n \"require_field_match\": false,\n \"fragment_size\": 2147483647\n },\n \"query\": {\n \"query_string\": {\n \"query\": \"type.raw:\\\"Cowrie\\\"\",\n \"analyze_wildcard\": true\n }\n }\n}"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"_id": "ConPot-Logs",
|
|
"_type": "search",
|
|
"_source": {
|
|
"title": "ConPot-Logs",
|
|
"description": "",
|
|
"hits": 0,
|
|
"columns": [
|
|
"_source"
|
|
],
|
|
"sort": [
|
|
"@timestamp",
|
|
"desc"
|
|
],
|
|
"version": 1,
|
|
"kibanaSavedObjectMeta": {
|
|
"searchSourceJSON": "{\n \"index\": \"logstash-*\",\n \"filter\": [],\n \"highlight\": {\n \"pre_tags\": [\n \"@kibana-highlighted-field@\"\n ],\n \"post_tags\": [\n \"@/kibana-highlighted-field@\"\n ],\n \"fields\": {\n \"*\": {}\n },\n \"require_field_match\": false,\n \"fragment_size\": 2147483647\n },\n \"query\": {\n \"query_string\": {\n \"query\": \"type.raw:\\\"ConPot\\\"\",\n \"analyze_wildcard\": true\n }\n }\n}"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"_id": "Honeypot-Logs",
|
|
"_type": "search",
|
|
"_source": {
|
|
"title": "Honeypot-Logs",
|
|
"description": "",
|
|
"hits": 0,
|
|
"columns": [
|
|
"_source"
|
|
],
|
|
"sort": [
|
|
"@timestamp",
|
|
"desc"
|
|
],
|
|
"version": 1,
|
|
"kibanaSavedObjectMeta": {
|
|
"searchSourceJSON": "{\n \"index\": \"logstash-*\",\n \"filter\": [],\n \"highlight\": {\n \"pre_tags\": [\n \"@kibana-highlighted-field@\"\n ],\n \"post_tags\": [\n \"@/kibana-highlighted-field@\"\n ],\n \"fields\": {\n \"*\": {}\n },\n \"require_field_match\": false,\n \"fragment_size\": 2147483647\n },\n \"query\": {\n \"query_string\": {\n \"query\": \"type.raw:\\\"ConPot\\\" OR type.raw:\\\"Cowrie\\\" OR type.raw:\\\"Dionaea\\\" OR type.raw:\\\"ElasticPot\\\" OR type.raw:\\\"eMobility\\\" OR type.raw:\\\"Glastopf\\\" OR type.raw:\\\"Honeytrap\\\"\",\n \"analyze_wildcard\": true\n }\n }\n}"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"_id": "Honeytrap-Logs",
|
|
"_type": "search",
|
|
"_source": {
|
|
"title": "Honeytrap-Logs",
|
|
"description": "",
|
|
"hits": 0,
|
|
"columns": [
|
|
"_source"
|
|
],
|
|
"sort": [
|
|
"@timestamp",
|
|
"desc"
|
|
],
|
|
"version": 1,
|
|
"kibanaSavedObjectMeta": {
|
|
"searchSourceJSON": "{\n \"index\": \"logstash-*\",\n \"filter\": [],\n \"highlight\": {\n \"pre_tags\": [\n \"@kibana-highlighted-field@\"\n ],\n \"post_tags\": [\n \"@/kibana-highlighted-field@\"\n ],\n \"fields\": {\n \"*\": {}\n },\n \"require_field_match\": false,\n \"fragment_size\": 2147483647\n },\n \"query\": {\n \"query_string\": {\n \"query\": \"type.raw:\\\"Honeytrap\\\"\",\n \"analyze_wildcard\": true\n }\n }\n}"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"_id": "eMobility-Logs",
|
|
"_type": "search",
|
|
"_source": {
|
|
"title": "eMobility-Logs",
|
|
"description": "",
|
|
"hits": 0,
|
|
"columns": [
|
|
"_source"
|
|
],
|
|
"sort": [
|
|
"@timestamp",
|
|
"desc"
|
|
],
|
|
"version": 1,
|
|
"kibanaSavedObjectMeta": {
|
|
"searchSourceJSON": "{\n \"index\": \"logstash-*\",\n \"filter\": [],\n \"highlight\": {\n \"pre_tags\": [\n \"@kibana-highlighted-field@\"\n ],\n \"post_tags\": [\n \"@/kibana-highlighted-field@\"\n ],\n \"fields\": {\n \"*\": {}\n },\n \"require_field_match\": false,\n \"fragment_size\": 2147483647\n },\n \"query\": {\n \"query_string\": {\n \"query\": \"type.raw:\\\"eMobility\\\"\",\n \"analyze_wildcard\": true\n }\n }\n}"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"_id": "Glastopf-Logs",
|
|
"_type": "search",
|
|
"_source": {
|
|
"title": "Glastopf-Logs",
|
|
"description": "",
|
|
"hits": 0,
|
|
"columns": [
|
|
"_source"
|
|
],
|
|
"sort": [
|
|
"@timestamp",
|
|
"desc"
|
|
],
|
|
"version": 1,
|
|
"kibanaSavedObjectMeta": {
|
|
"searchSourceJSON": "{\n \"index\": \"logstash-*\",\n \"filter\": [],\n \"highlight\": {\n \"pre_tags\": [\n \"@kibana-highlighted-field@\"\n ],\n \"post_tags\": [\n \"@/kibana-highlighted-field@\"\n ],\n \"fields\": {\n \"*\": {}\n },\n \"require_field_match\": false,\n \"fragment_size\": 2147483647\n },\n \"query\": {\n \"query_string\": {\n \"query\": \"type.raw:\\\"Glastopf\\\"\",\n \"analyze_wildcard\": true\n }\n }\n}"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"_id": "Suricata-Logs",
|
|
"_type": "search",
|
|
"_source": {
|
|
"title": "Suricata-Logs",
|
|
"description": "",
|
|
"hits": 0,
|
|
"columns": [
|
|
"_source"
|
|
],
|
|
"sort": [
|
|
"@timestamp",
|
|
"desc"
|
|
],
|
|
"version": 1,
|
|
"kibanaSavedObjectMeta": {
|
|
"searchSourceJSON": "{\n \"index\": \"logstash-*\",\n \"filter\": [],\n \"highlight\": {\n \"pre_tags\": [\n \"@kibana-highlighted-field@\"\n ],\n \"post_tags\": [\n \"@/kibana-highlighted-field@\"\n ],\n \"fields\": {\n \"*\": {}\n },\n \"require_field_match\": false,\n \"fragment_size\": 2147483647\n },\n \"query\": {\n \"query_string\": {\n \"query\": \"type.raw:\\\"Suricata\\\"\",\n \"analyze_wildcard\": true\n }\n }\n}"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"_id": "Syslog-Logs",
|
|
"_type": "search",
|
|
"_source": {
|
|
"title": "Syslog-Logs",
|
|
"description": "",
|
|
"hits": 0,
|
|
"columns": [
|
|
"_source"
|
|
],
|
|
"sort": [
|
|
"@timestamp",
|
|
"desc"
|
|
],
|
|
"version": 1,
|
|
"kibanaSavedObjectMeta": {
|
|
"searchSourceJSON": "{\n \"index\": \"logstash-*\",\n \"query\": {\n \"query_string\": {\n \"analyze_wildcard\": true,\n \"query\": \"type.raw:\\\"Syslog\\\"\"\n }\n },\n \"filter\": [],\n \"highlight\": {\n \"pre_tags\": [\n \"@kibana-highlighted-field@\"\n ],\n \"post_tags\": [\n \"@/kibana-highlighted-field@\"\n ],\n \"fields\": {\n \"*\": {}\n },\n \"require_field_match\": false,\n \"fragment_size\": 2147483647\n }\n}"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"_id": "P0f-Logs",
|
|
"_type": "search",
|
|
"_source": {
|
|
"title": "P0f-Logs",
|
|
"description": "",
|
|
"hits": 0,
|
|
"columns": [
|
|
"_source"
|
|
],
|
|
"sort": [
|
|
"@timestamp",
|
|
"desc"
|
|
],
|
|
"version": 1,
|
|
"kibanaSavedObjectMeta": {
|
|
"searchSourceJSON": "{\n \"index\": \"logstash-*\",\n \"filter\": [],\n \"highlight\": {\n \"pre_tags\": [\n \"@kibana-highlighted-field@\"\n ],\n \"post_tags\": [\n \"@/kibana-highlighted-field@\"\n ],\n \"fields\": {\n \"*\": {}\n },\n \"require_field_match\": false,\n \"fragment_size\": 2147483647\n },\n \"query\": {\n \"query_string\": {\n \"query\": \"type.raw:\\\"P0f\\\"\",\n \"analyze_wildcard\": true\n }\n }\n}"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"_id": "Suricata-SSH-Server-Software-Version-Pie-Top-10",
|
|
"_type": "visualization",
|
|
"_source": {
|
|
"title": "Suricata - SSH Server Software Version Pie - Top 10",
|
|
"visState": "{\"title\":\"Suricata - SSH Server Software Version Pie - Top 10\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"ssh.server.software_version.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}",
|
|
"uiStateJSON": "{}",
|
|
"description": "",
|
|
"savedSearchId": "Suricata-Logs",
|
|
"version": 1,
|
|
"kibanaSavedObjectMeta": {
|
|
"searchSourceJSON": "{\"filter\":[]}"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"_id": "Suricata-SSH-Server-Protocol-Version",
|
|
"_type": "visualization",
|
|
"_source": {
|
|
"title": "Suricata - SSH Server Protocol Version",
|
|
"visState": "{\"title\":\"Suricata - SSH Server Protocol Version\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"ssh.server.proto_version.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}",
|
|
"uiStateJSON": "{}",
|
|
"description": "",
|
|
"savedSearchId": "Suricata-Logs",
|
|
"version": 1,
|
|
"kibanaSavedObjectMeta": {
|
|
"searchSourceJSON": "{\"filter\":[]}"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"_id": "Suricata-HTTP-Referrer-Top-10",
|
|
"_type": "visualization",
|
|
"_source": {
|
|
"title": "Suricata - HTTP Referrer - Top 10",
|
|
"visState": "{\"title\":\"Suricata - HTTP Referrer - Top 10\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"http.http_refer.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}",
|
|
"uiStateJSON": "{}",
|
|
"description": "",
|
|
"savedSearchId": "Suricata-Logs",
|
|
"version": 1,
|
|
"kibanaSavedObjectMeta": {
|
|
"searchSourceJSON": "{\"filter\":[]}"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"_id": "ElasticPot-Map",
|
|
"_type": "visualization",
|
|
"_source": {
|
|
"title": "ElasticPot - Map",
|
|
"visState": "{\"title\":\"ElasticPot - Map\",\"type\":\"tile_map\",\"params\":{\"mapType\":\"Shaded Circle Markers\",\"isDesaturated\":true,\"addTooltip\":true,\"heatMaxZoom\":16,\"heatMinOpacity\":0.1,\"heatRadius\":25,\"heatBlur\":15,\"heatNormalizeData\":true,\"wms\":{\"enabled\":false,\"url\":\"https://basemap.nationalmap.gov/arcgis/services/USGSTopo/MapServer/WMSServer\",\"options\":{\"version\":\"1.3.0\",\"layers\":\"0\",\"format\":\"image/png\",\"transparent\":true,\"attribution\":\"Maps provided by USGS\",\"styles\":\"\"}}},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"geohash_grid\",\"schema\":\"segment\",\"params\":{\"field\":\"geoip.location\",\"autoPrecision\":true,\"precision\":2}}],\"listeners\":{}}",
|
|
"uiStateJSON": "{}",
|
|
"description": "",
|
|
"savedSearchId": "ElasticPot-Logs",
|
|
"version": 1,
|
|
"kibanaSavedObjectMeta": {
|
|
"searchSourceJSON": "{\"filter\":[]}"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"_id": "ConPot-Map",
|
|
"_type": "visualization",
|
|
"_source": {
|
|
"title": "ConPot - Map",
|
|
"visState": "{\"title\":\"ConPot - Map\",\"type\":\"tile_map\",\"params\":{\"mapType\":\"Shaded Circle Markers\",\"isDesaturated\":true,\"addTooltip\":true,\"heatMaxZoom\":16,\"heatMinOpacity\":0.1,\"heatRadius\":25,\"heatBlur\":15,\"heatNormalizeData\":true,\"wms\":{\"enabled\":false,\"url\":\"https://basemap.nationalmap.gov/arcgis/services/USGSTopo/MapServer/WMSServer\",\"options\":{\"version\":\"1.3.0\",\"layers\":\"0\",\"format\":\"image/png\",\"transparent\":true,\"attribution\":\"Maps provided by USGS\",\"styles\":\"\"}}},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"geohash_grid\",\"schema\":\"segment\",\"params\":{\"field\":\"geoip.location\",\"autoPrecision\":true,\"precision\":2}}],\"listeners\":{}}",
|
|
"uiStateJSON": "{}",
|
|
"description": "",
|
|
"savedSearchId": "ConPot-Logs",
|
|
"version": 1,
|
|
"kibanaSavedObjectMeta": {
|
|
"searchSourceJSON": "{\"filter\":[]}"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"_id": "Suricata-SSH-Client-Software-Version-Pie-Top-10",
|
|
"_type": "visualization",
|
|
"_source": {
|
|
"title": "Suricata - SSH Client Software Version Pie - Top 10",
|
|
"visState": "{\"title\":\"Suricata - SSH Client Software Version Pie - Top 10\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"ssh.client.software_version.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}",
|
|
"uiStateJSON": "{}",
|
|
"description": "",
|
|
"savedSearchId": "Suricata-Logs",
|
|
"version": 1,
|
|
"kibanaSavedObjectMeta": {
|
|
"searchSourceJSON": "{\"filter\":[]}"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"_id": "Glastopf-Map",
|
|
"_type": "visualization",
|
|
"_source": {
|
|
"title": "Glastopf - Map",
|
|
"visState": "{\"title\":\"Glastopf - Map\",\"type\":\"tile_map\",\"params\":{\"mapType\":\"Shaded Circle Markers\",\"isDesaturated\":true,\"addTooltip\":true,\"heatMaxZoom\":16,\"heatMinOpacity\":0.1,\"heatRadius\":25,\"heatBlur\":15,\"heatNormalizeData\":true,\"wms\":{\"enabled\":false,\"url\":\"https://basemap.nationalmap.gov/arcgis/services/USGSTopo/MapServer/WMSServer\",\"options\":{\"version\":\"1.3.0\",\"layers\":\"0\",\"format\":\"image/png\",\"transparent\":true,\"attribution\":\"Maps provided by USGS\",\"styles\":\"\"}}},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"geohash_grid\",\"schema\":\"segment\",\"params\":{\"field\":\"geoip.location\",\"autoPrecision\":true,\"precision\":2}}],\"listeners\":{}}",
|
|
"uiStateJSON": "{}",
|
|
"description": "",
|
|
"savedSearchId": "Glastopf-Logs",
|
|
"version": 1,
|
|
"kibanaSavedObjectMeta": {
|
|
"searchSourceJSON": "{\"filter\":[]}"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"_id": "Honeytrap-Map",
|
|
"_type": "visualization",
|
|
"_source": {
|
|
"title": "Honeytrap - Map",
|
|
"visState": "{\"title\":\"Honeytrap - Map\",\"type\":\"tile_map\",\"params\":{\"mapType\":\"Shaded Circle Markers\",\"isDesaturated\":true,\"addTooltip\":true,\"heatMaxZoom\":16,\"heatMinOpacity\":0.1,\"heatRadius\":25,\"heatBlur\":15,\"heatNormalizeData\":true,\"wms\":{\"enabled\":false,\"url\":\"https://basemap.nationalmap.gov/arcgis/services/USGSTopo/MapServer/WMSServer\",\"options\":{\"version\":\"1.3.0\",\"layers\":\"0\",\"format\":\"image/png\",\"transparent\":true,\"attribution\":\"Maps provided by USGS\",\"styles\":\"\"}}},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"geohash_grid\",\"schema\":\"segment\",\"params\":{\"field\":\"geoip.location\",\"autoPrecision\":true,\"precision\":2}}],\"listeners\":{}}",
|
|
"uiStateJSON": "{}",
|
|
"description": "",
|
|
"savedSearchId": "Honeytrap-Logs",
|
|
"version": 1,
|
|
"kibanaSavedObjectMeta": {
|
|
"searchSourceJSON": "{\"filter\":[]}"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"_id": "Cowrie-Source-IP-Top-10",
|
|
"_type": "visualization",
|
|
"_source": {
|
|
"title": "Cowrie - Source IP - Top 10",
|
|
"visState": "{\"title\":\"Cowrie - Source IP - Top 10\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"src_ip.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}",
|
|
"uiStateJSON": "{}",
|
|
"description": "",
|
|
"savedSearchId": "Cowrie-Logs",
|
|
"version": 1,
|
|
"kibanaSavedObjectMeta": {
|
|
"searchSourceJSON": "{\"filter\":[]}"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"_id": "Cowrie-Cipher-Suites-Top-10",
|
|
"_type": "visualization",
|
|
"_source": {
|
|
"title": "Cowrie - Encryption Ciphers - Top 10",
|
|
"visState": "{\"title\":\"Cowrie - Encryption Ciphers - Top 10\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"encCS.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}",
|
|
"uiStateJSON": "{}",
|
|
"description": "",
|
|
"savedSearchId": "Cowrie-Logs",
|
|
"version": 1,
|
|
"kibanaSavedObjectMeta": {
|
|
"searchSourceJSON": "{\"filter\":[]}"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"_id": "Cowrie-Version-Table-Top-10",
|
|
"_type": "visualization",
|
|
"_source": {
|
|
"title": "Cowrie - Version Table - Top 10",
|
|
"visState": "{\"title\":\"Cowrie - Version Table - Top 10\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"version.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}",
|
|
"uiStateJSON": "{}",
|
|
"description": "",
|
|
"savedSearchId": "Cowrie-Logs",
|
|
"version": 1,
|
|
"kibanaSavedObjectMeta": {
|
|
"searchSourceJSON": "{\"filter\":[]}"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"_id": "Cowrie-Version-Pie-Top-10",
|
|
"_type": "visualization",
|
|
"_source": {
|
|
"title": "Cowrie - Version Pie - Top 10",
|
|
"visState": "{\"title\":\"Cowrie - Version Pie - Top 10\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"version.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}",
|
|
"uiStateJSON": "{}",
|
|
"description": "",
|
|
"savedSearchId": "Cowrie-Logs",
|
|
"version": 1,
|
|
"kibanaSavedObjectMeta": {
|
|
"searchSourceJSON": "{\"filter\":[]}"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"_id": "Cowrie-Input-Top-10",
|
|
"_type": "visualization",
|
|
"_source": {
|
|
"title": "Cowrie - Input - Top 10",
|
|
"visState": "{\"title\":\"Cowrie - Input - Top 10\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"input.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}",
|
|
"uiStateJSON": "{}",
|
|
"description": "",
|
|
"savedSearchId": "Cowrie-Logs",
|
|
"version": 1,
|
|
"kibanaSavedObjectMeta": {
|
|
"searchSourceJSON": "{\"filter\":[]}"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"_id": "ConPot-Events-by-Country-Histogram",
|
|
"_type": "visualization",
|
|
"_source": {
|
|
"title": "ConPot - Events by Country Histogram",
|
|
"visState": "{\"title\":\"ConPot - Events by Country Histogram\",\"type\":\"line\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"showCircles\":true,\"smoothLines\":false,\"interpolate\":\"linear\",\"scale\":\"square root\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"geoip.country_name.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"2\",\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}",
|
|
"uiStateJSON": "{}",
|
|
"description": "",
|
|
"savedSearchId": "ConPot-Logs",
|
|
"version": 1,
|
|
"kibanaSavedObjectMeta": {
|
|
"searchSourceJSON": "{\"filter\":[]}"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"_id": "Suricata-Events-Histogram",
|
|
"_type": "visualization",
|
|
"_source": {
|
|
"title": "Suricata - Events Histogram",
|
|
"visState": "{\"title\":\"Suricata - Events Histogram\",\"type\":\"line\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"showCircles\":true,\"smoothLines\":false,\"interpolate\":\"linear\",\"scale\":\"square root\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"src_ip.raw\"}}],\"listeners\":{}}",
|
|
"uiStateJSON": "{}",
|
|
"description": "",
|
|
"savedSearchId": "Suricata-Logs",
|
|
"version": 1,
|
|
"kibanaSavedObjectMeta": {
|
|
"searchSourceJSON": "{\"filter\":[]}"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"_id": "Suricata-DNS-Type-Top-10",
|
|
"_type": "visualization",
|
|
"_source": {
|
|
"title": "Suricata - DNS Type",
|
|
"visState": "{\"title\":\"Suricata - DNS Type\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"dns.type.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}",
|
|
"uiStateJSON": "{}",
|
|
"description": "",
|
|
"savedSearchId": "Suricata-Logs",
|
|
"version": 1,
|
|
"kibanaSavedObjectMeta": {
|
|
"searchSourceJSON": "{\"filter\":[]}"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"_id": "Dionaea-Events-Histogram",
|
|
"_type": "visualization",
|
|
"_source": {
|
|
"title": "Dionaea - Events Histogram",
|
|
"visState": "{\"title\":\"Dionaea - Events Histogram\",\"type\":\"line\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"showCircles\":true,\"smoothLines\":false,\"interpolate\":\"linear\",\"scale\":\"square root\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"src_ip.raw\"}}],\"listeners\":{}}",
|
|
"uiStateJSON": "{}",
|
|
"description": "",
|
|
"savedSearchId": "Dionaea-Logs",
|
|
"version": 1,
|
|
"kibanaSavedObjectMeta": {
|
|
"searchSourceJSON": "{\"filter\":[]}"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"_id": "Dionaea-Events-by-Country-Histogram",
|
|
"_type": "visualization",
|
|
"_source": {
|
|
"title": "Dionaea - Events by Country Histogram",
|
|
"visState": "{\"title\":\"Dionaea - Events by Country Histogram\",\"type\":\"line\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"showCircles\":true,\"smoothLines\":false,\"interpolate\":\"linear\",\"scale\":\"square root\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"geoip.country_name.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"2\",\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}",
|
|
"uiStateJSON": "{}",
|
|
"description": "",
|
|
"savedSearchId": "Dionaea-Logs",
|
|
"version": 1,
|
|
"kibanaSavedObjectMeta": {
|
|
"searchSourceJSON": "{\"filter\":[]}"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"_id": "Dionaea-Destination-Ports-Histogram",
|
|
"_type": "visualization",
|
|
"_source": {
|
|
"title": "Dionaea - Destination Ports Histogram",
|
|
"visState": "{\"title\":\"Dionaea - Destination Ports Histogram\",\"type\":\"histogram\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"scale\":\"linear\",\"mode\":\"stacked\",\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"dest_port\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"2\",\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}",
|
|
"uiStateJSON": "{}",
|
|
"description": "",
|
|
"savedSearchId": "Dionaea-Logs",
|
|
"version": 1,
|
|
"kibanaSavedObjectMeta": {
|
|
"searchSourceJSON": "{\"filter\":[]}"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"_id": "Dionaea-Destination-Ports-Top-10",
|
|
"_type": "visualization",
|
|
"_source": {
|
|
"title": "Dionaea - Destination Ports - Top 10",
|
|
"visState": "{\"title\":\"Dionaea - Destination Ports - Top 10\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"dest_port\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}",
|
|
"uiStateJSON": "{}",
|
|
"description": "",
|
|
"savedSearchId": "Dionaea-Logs",
|
|
"version": 1,
|
|
"kibanaSavedObjectMeta": {
|
|
"searchSourceJSON": "{\"filter\":[]}"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"_id": "Dionaea-Source-IP-Top-10",
|
|
"_type": "visualization",
|
|
"_source": {
|
|
"title": "Dionaea - Source IP - Top 10",
|
|
"visState": "{\"title\":\"Dionaea - Source IP - Top 10\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"src_ip.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}",
|
|
"uiStateJSON": "{}",
|
|
"description": "",
|
|
"savedSearchId": "Dionaea-Logs",
|
|
"version": 1,
|
|
"kibanaSavedObjectMeta": {
|
|
"searchSourceJSON": "{\"filter\":[]}"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"_id": "Glastop-Events-by-Country-Histogram",
|
|
"_type": "visualization",
|
|
"_source": {
|
|
"title": "Glastopf - Events by Country Histogram",
|
|
"visState": "{\"title\":\"Glastopf - Events by Country Histogram\",\"type\":\"line\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"showCircles\":true,\"smoothLines\":false,\"interpolate\":\"linear\",\"scale\":\"square root\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"geoip.country_name.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"2\",\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}",
|
|
"uiStateJSON": "{}",
|
|
"description": "",
|
|
"savedSearchId": "Glastopf-Logs",
|
|
"version": 1,
|
|
"kibanaSavedObjectMeta": {
|
|
"searchSourceJSON": "{\"filter\":[]}"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"_id": "ElasticPot-Events-by-Country-Histogram",
|
|
"_type": "visualization",
|
|
"_source": {
|
|
"title": "ElasticPot - Events by Country Histogram",
|
|
"visState": "{\"title\":\"ElasticPot - Events by Country Histogram\",\"type\":\"line\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"showCircles\":true,\"smoothLines\":false,\"interpolate\":\"linear\",\"scale\":\"square root\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"geoip.country_name.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"2\",\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}",
|
|
"uiStateJSON": "{}",
|
|
"description": "",
|
|
"savedSearchId": "ElasticPot-Logs",
|
|
"version": 1,
|
|
"kibanaSavedObjectMeta": {
|
|
"searchSourceJSON": "{\"filter\":[]}"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"_id": "Glastopf-Events-Histogram",
|
|
"_type": "visualization",
|
|
"_source": {
|
|
"title": "Glastopf - Events Histogram",
|
|
"visState": "{\"title\":\"Glastopf - Events Histogram\",\"type\":\"line\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"showCircles\":true,\"smoothLines\":false,\"interpolate\":\"linear\",\"scale\":\"square root\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"src_ip.raw\"}}],\"listeners\":{}}",
|
|
"uiStateJSON": "{}",
|
|
"description": "",
|
|
"savedSearchId": "Glastopf-Logs",
|
|
"version": 1,
|
|
"kibanaSavedObjectMeta": {
|
|
"searchSourceJSON": "{\"filter\":[]}"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"_id": "Glastopf-ASN-Top-10",
|
|
"_type": "visualization",
|
|
"_source": {
|
|
"title": "Glastopf - ASN - Top 10",
|
|
"visState": "{\"title\":\"Glastopf - ASN - Top 10\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"geoip.number.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"3\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"geoip.asn.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}",
|
|
"uiStateJSON": "{}",
|
|
"description": "",
|
|
"savedSearchId": "Glastopf-Logs",
|
|
"version": 1,
|
|
"kibanaSavedObjectMeta": {
|
|
"searchSourceJSON": "{\"filter\":[]}"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"_id": "Glastopf-Countries-Top-10",
|
|
"_type": "visualization",
|
|
"_source": {
|
|
"title": "Glastopf - Countries - Top 10",
|
|
"visState": "{\"title\":\"Glastopf - Countries - Top 10\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"geoip.country_name.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}",
|
|
"uiStateJSON": "{}",
|
|
"description": "",
|
|
"savedSearchId": "Glastopf-Logs",
|
|
"version": 1,
|
|
"kibanaSavedObjectMeta": {
|
|
"searchSourceJSON": "{\"filter\":[]}"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"_id": "Glastop-Source-IP-Top-10",
|
|
"_type": "visualization",
|
|
"_source": {
|
|
"title": "Glastopf - Source IP - Top 10",
|
|
"visState": "{\"title\":\"Glastopf - Source IP - Top 10\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"src_ip.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}",
|
|
"uiStateJSON": "{}",
|
|
"description": "",
|
|
"savedSearchId": "Glastopf-Logs",
|
|
"version": 1,
|
|
"kibanaSavedObjectMeta": {
|
|
"searchSourceJSON": "{\"filter\":[]}"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"_id": "Honeytrap-Events-by-Country-Histogram",
|
|
"_type": "visualization",
|
|
"_source": {
|
|
"title": "Honeytrap - Events by Country Histogram",
|
|
"visState": "{\"title\":\"Honeytrap - Events by Country Histogram\",\"type\":\"line\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"showCircles\":true,\"smoothLines\":false,\"interpolate\":\"linear\",\"scale\":\"square root\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"geoip.country_name.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"2\",\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}",
|
|
"uiStateJSON": "{}",
|
|
"description": "",
|
|
"savedSearchId": "Honeytrap-Logs",
|
|
"version": 1,
|
|
"kibanaSavedObjectMeta": {
|
|
"searchSourceJSON": "{\"filter\":[]}"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"_id": "Glastopf-Event-Counter",
|
|
"_type": "visualization",
|
|
"_source": {
|
|
"title": "Glastopf - Event Counter",
|
|
"visState": "{\"title\":\"Glastopf - Event Counter\",\"type\":\"metric\",\"params\":{\"fontSize\":\"48\"},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}",
|
|
"uiStateJSON": "{}",
|
|
"description": "",
|
|
"savedSearchId": "Glastopf-Logs",
|
|
"version": 1,
|
|
"kibanaSavedObjectMeta": {
|
|
"searchSourceJSON": "{\"filter\":[]}"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"_id": "eMobility-Events-by-Country-Histogram",
|
|
"_type": "visualization",
|
|
"_source": {
|
|
"title": "eMobility - Events by Country Histogram",
|
|
"visState": "{\"title\":\"eMobility - Events by Country Histogram\",\"type\":\"line\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"showCircles\":true,\"smoothLines\":false,\"interpolate\":\"linear\",\"scale\":\"square root\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"geoip.country_name.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"2\",\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}",
|
|
"uiStateJSON": "{}",
|
|
"description": "",
|
|
"savedSearchId": "eMobility-Logs",
|
|
"version": 1,
|
|
"kibanaSavedObjectMeta": {
|
|
"searchSourceJSON": "{\"filter\":[]}"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"_id": "eMobility-Countries-Top-10",
|
|
"_type": "visualization",
|
|
"_source": {
|
|
"title": "eMobility - Countries - Top 10",
|
|
"visState": "{\"title\":\"eMobility - Countries - Top 10\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"geoip.country_name.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}",
|
|
"uiStateJSON": "{}",
|
|
"description": "",
|
|
"savedSearchId": "eMobility-Logs",
|
|
"version": 1,
|
|
"kibanaSavedObjectMeta": {
|
|
"searchSourceJSON": "{\"filter\":[]}"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"_id": "Cowrie-Usernames-Top-10",
|
|
"_type": "visualization",
|
|
"_source": {
|
|
"title": "Cowrie - Usernames - Top 10",
|
|
"visState": "{\"title\":\"Cowrie - Usernames - Top 10\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"username.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}",
|
|
"uiStateJSON": "{}",
|
|
"description": "",
|
|
"savedSearchId": "Cowrie-Logs",
|
|
"version": 1,
|
|
"kibanaSavedObjectMeta": {
|
|
"searchSourceJSON": "{\"filter\":[]}"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"_id": "Honeypot-Destination-Ports-Histogram",
|
|
"_type": "visualization",
|
|
"_source": {
|
|
"title": "Honeypot Destination Ports Histogram",
|
|
"visState": "{\"title\":\"Honeypot Destination Ports Histogram\",\"type\":\"histogram\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"scale\":\"linear\",\"mode\":\"stacked\",\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"dest_port\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"2\",\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}",
|
|
"uiStateJSON": "{}",
|
|
"description": "",
|
|
"savedSearchId": "Honeypot-Logs",
|
|
"version": 1,
|
|
"kibanaSavedObjectMeta": {
|
|
"searchSourceJSON": "{\"filter\":[]}"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"_id": "Honeypot-Countries-Top-10",
|
|
"_type": "visualization",
|
|
"_source": {
|
|
"title": "Honeypot Countries - Top 10",
|
|
"visState": "{\"title\":\"Honeypot Countries - Top 10\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"geoip.country_name.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}",
|
|
"uiStateJSON": "{}",
|
|
"description": "",
|
|
"savedSearchId": "Honeypot-Logs",
|
|
"version": 1,
|
|
"kibanaSavedObjectMeta": {
|
|
"searchSourceJSON": "{\"filter\":[]}"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"_id": "Honeypot-Map",
|
|
"_type": "visualization",
|
|
"_source": {
|
|
"title": "Honeypot Map",
|
|
"visState": "{\"title\":\"Honeypot Map\",\"type\":\"tile_map\",\"params\":{\"mapType\":\"Shaded Circle Markers\",\"isDesaturated\":true,\"addTooltip\":true,\"heatMaxZoom\":16,\"heatMinOpacity\":0.1,\"heatRadius\":25,\"heatBlur\":15,\"heatNormalizeData\":true,\"wms\":{\"enabled\":false,\"url\":\"https://basemap.nationalmap.gov/arcgis/services/USGSTopo/MapServer/WMSServer\",\"options\":{\"version\":\"1.3.0\",\"layers\":\"0\",\"format\":\"image/png\",\"transparent\":true,\"attribution\":\"Maps provided by USGS\",\"styles\":\"\"}}},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"geohash_grid\",\"schema\":\"segment\",\"params\":{\"field\":\"geoip.location\",\"autoPrecision\":true,\"mapZoom\":2,\"mapCenter\":[0.17578097424708533,0],\"precision\":2}}],\"listeners\":{}}",
|
|
"uiStateJSON": "{}",
|
|
"description": "",
|
|
"savedSearchId": "Honeypot-Logs",
|
|
"version": 1,
|
|
"kibanaSavedObjectMeta": {
|
|
"searchSourceJSON": "{\"filter\":[]}"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"_id": "Honeypot-by-Country-and-Port",
|
|
"_type": "visualization",
|
|
"_source": {
|
|
"title": "Honeypot by Country and Port",
|
|
"visState": "{\"title\":\"Honeypot by Country and Port\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"shareYAxis\":true},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"split\",\"params\":{\"field\":\"geoip.country_name.raw\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"row\":false}},{\"id\":\"3\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"dest_port\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}",
|
|
"uiStateJSON": "{}",
|
|
"description": "",
|
|
"savedSearchId": "Honeypot-Logs",
|
|
"version": 1,
|
|
"kibanaSavedObjectMeta": {
|
|
"searchSourceJSON": "{\"filter\":[]}"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"_id": "Suricata-Alert-Signature-Histogram-Top-10",
|
|
"_type": "visualization",
|
|
"_source": {
|
|
"title": "Suricata - Alert Signature Histogram - Top 10",
|
|
"visState": "{\"title\":\"Suricata - Alert Signature Histogram - Top 10\",\"type\":\"line\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"showCircles\":true,\"smoothLines\":false,\"interpolate\":\"linear\",\"scale\":\"square root\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"alert.signature.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}",
|
|
"uiStateJSON": "{}",
|
|
"description": "",
|
|
"savedSearchId": "Suricata-Logs",
|
|
"version": 1,
|
|
"kibanaSavedObjectMeta": {
|
|
"searchSourceJSON": "{\"filter\":[]}"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"_id": "Suricata-Alert-Signature-Bar-Chart-Top-10",
|
|
"_type": "visualization",
|
|
"_source": {
|
|
"title": "Suricata - Alert Signature Bar Chart - Top 10",
|
|
"visState": "{\"title\":\"Suricata - Alert Signature Bar Chart - Top 10\",\"type\":\"histogram\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"scale\":\"linear\",\"mode\":\"stacked\",\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"alert.signature.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"2\",\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}",
|
|
"uiStateJSON": "{}",
|
|
"description": "",
|
|
"savedSearchId": "Suricata-Logs",
|
|
"version": 1,
|
|
"kibanaSavedObjectMeta": {
|
|
"searchSourceJSON": "{\"filter\":[]}"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"_id": "Suricata-Countries-Top-10",
|
|
"_type": "visualization",
|
|
"_source": {
|
|
"title": "Suricata - Countries - Top 10",
|
|
"visState": "{\"title\":\"Suricata - Countries - Top 10\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"geoip.country_name.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}",
|
|
"uiStateJSON": "{}",
|
|
"description": "",
|
|
"savedSearchId": "Suricata-Logs",
|
|
"version": 1,
|
|
"kibanaSavedObjectMeta": {
|
|
"searchSourceJSON": "{\"filter\":[]}"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"_id": "Suricata-Destination-IP-Top-10",
|
|
"_type": "visualization",
|
|
"_source": {
|
|
"title": "Suricata - Destination IP - Top 10",
|
|
"visState": "{\"title\":\"Suricata - Destination IP - Top 10\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dest_ip.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}",
|
|
"uiStateJSON": "{}",
|
|
"description": "",
|
|
"savedSearchId": "Suricata-Logs",
|
|
"version": 1,
|
|
"kibanaSavedObjectMeta": {
|
|
"searchSourceJSON": "{\"filter\":[]}"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"_id": "Suricata-HTTP-Content-Type-Top-10",
|
|
"_type": "visualization",
|
|
"_source": {
|
|
"title": "Suricata - HTTP Content Type - Top 10",
|
|
"visState": "{\"title\":\"Suricata - HTTP Content Type - Top 10\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"http.http_content_type.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}",
|
|
"uiStateJSON": "{}",
|
|
"description": "",
|
|
"savedSearchId": "Suricata-Logs",
|
|
"version": 1,
|
|
"kibanaSavedObjectMeta": {
|
|
"searchSourceJSON": "{\"filter\":[]}"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"_id": "Suricata-Alert-Signature-by-Country",
|
|
"_type": "visualization",
|
|
"_source": {
|
|
"title": "Suricata - Alert Signature by Country",
|
|
"visState": "{\"title\":\"Suricata - Alert Signature by Country\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"split\",\"params\":{\"field\":\"geoip.country_name.raw\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"row\":false}},{\"id\":\"3\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"alert.signature.raw\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}",
|
|
"uiStateJSON": "{}",
|
|
"description": "",
|
|
"savedSearchId": "Suricata-Logs",
|
|
"version": 1,
|
|
"kibanaSavedObjectMeta": {
|
|
"searchSourceJSON": "{\"filter\":[]}"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"_id": "Honeytrap-Event-Counter",
|
|
"_type": "visualization",
|
|
"_source": {
|
|
"title": "Honeytrap - Event Counter",
|
|
"visState": "{\"title\":\"Honeytrap - Event Counter\",\"type\":\"metric\",\"params\":{\"fontSize\":\"48\"},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}",
|
|
"uiStateJSON": "{}",
|
|
"description": "",
|
|
"savedSearchId": "Honeytrap-Logs",
|
|
"version": 1,
|
|
"kibanaSavedObjectMeta": {
|
|
"searchSourceJSON": "{\"filter\":[]}"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"_id": "Honeypot-ASN-Top-10",
|
|
"_type": "visualization",
|
|
"_source": {
|
|
"title": "Honeypot ASN - Top 10",
|
|
"visState": "{\"title\":\"Honeypot ASN - Top 10\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"geoip.number.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"3\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"geoip.asn.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}",
|
|
"uiStateJSON": "{}",
|
|
"description": "",
|
|
"savedSearchId": "Honeypot-Logs",
|
|
"version": 1,
|
|
"kibanaSavedObjectMeta": {
|
|
"searchSourceJSON": "{\"filter\":[]}"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"_id": "eMobility-Source-IP-Top-10",
|
|
"_type": "visualization",
|
|
"_source": {
|
|
"title": "eMobility - Source IP - Top 10",
|
|
"visState": "{\"title\":\"eMobility - Source IP - Top 10\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"src_ip.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}",
|
|
"uiStateJSON": "{}",
|
|
"description": "",
|
|
"savedSearchId": "eMobility-Logs",
|
|
"version": 1,
|
|
"kibanaSavedObjectMeta": {
|
|
"searchSourceJSON": "{\"filter\":[]}"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"_id": "Honeypot-Destination-Ports-Top-10",
|
|
"_type": "visualization",
|
|
"_source": {
|
|
"title": "Honeypot Destination Ports - Top 10",
|
|
"visState": "{\"title\":\"Honeypot Destination Ports - Top 10\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"dest_port\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}",
|
|
"uiStateJSON": "{}",
|
|
"description": "",
|
|
"savedSearchId": "Honeypot-Logs",
|
|
"version": 1,
|
|
"kibanaSavedObjectMeta": {
|
|
"searchSourceJSON": "{\"filter\":[]}"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"_id": "Honeypot-Events",
|
|
"_type": "visualization",
|
|
"_source": {
|
|
"title": "Honeypot Events",
|
|
"visState": "{\"title\":\"Honeypot Events\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"type.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}",
|
|
"uiStateJSON": "{}",
|
|
"description": "",
|
|
"savedSearchId": "Honeypot-Logs",
|
|
"version": 1,
|
|
"kibanaSavedObjectMeta": {
|
|
"searchSourceJSON": "{\"filter\":[]}"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"_id": "eMobility-Map",
|
|
"_type": "visualization",
|
|
"_source": {
|
|
"title": "eMobility - Map",
|
|
"visState": "{\"title\":\"eMobility - Map\",\"type\":\"tile_map\",\"params\":{\"mapType\":\"Shaded Circle Markers\",\"isDesaturated\":true,\"addTooltip\":true,\"heatMaxZoom\":16,\"heatMinOpacity\":0.1,\"heatRadius\":25,\"heatBlur\":15,\"heatNormalizeData\":true,\"wms\":{\"enabled\":false,\"url\":\"https://basemap.nationalmap.gov/arcgis/services/USGSTopo/MapServer/WMSServer\",\"options\":{\"version\":\"1.3.0\",\"layers\":\"0\",\"format\":\"image/png\",\"transparent\":true,\"attribution\":\"Maps provided by USGS\",\"styles\":\"\"}}},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"geohash_grid\",\"schema\":\"segment\",\"params\":{\"field\":\"geoip.location\",\"autoPrecision\":true,\"precision\":2}}],\"listeners\":{}}",
|
|
"uiStateJSON": "{}",
|
|
"description": "",
|
|
"savedSearchId": "eMobility-Logs",
|
|
"version": 1,
|
|
"kibanaSavedObjectMeta": {
|
|
"searchSourceJSON": "{\"filter\":[]}"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"_id": "Honeypot-by-Port-per-Honeypot",
|
|
"_type": "visualization",
|
|
"_source": {
|
|
"title": "Honeypot by Port per Honeypot",
|
|
"visState": "{\"title\":\"Honeypot by Port per Honeypot\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"shareYAxis\":true},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"split\",\"params\":{\"field\":\"type.raw\",\"size\":7,\"order\":\"desc\",\"orderBy\":\"1\",\"row\":false}},{\"id\":\"3\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"dest_port\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}",
|
|
"uiStateJSON": "{}",
|
|
"description": "",
|
|
"savedSearchId": "Honeypot-Logs",
|
|
"version": 1,
|
|
"kibanaSavedObjectMeta": {
|
|
"searchSourceJSON": "{\"filter\":[]}"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"_id": "Honeypot-Source-IP-Top-10",
|
|
"_type": "visualization",
|
|
"_source": {
|
|
"title": "Honeypot Source IP - Top 10",
|
|
"visState": "{\"title\":\"Honeypot Source IP - Top 10\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"src_ip.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}",
|
|
"uiStateJSON": "{}",
|
|
"description": "",
|
|
"savedSearchId": "Honeypot-Logs",
|
|
"version": 1,
|
|
"kibanaSavedObjectMeta": {
|
|
"searchSourceJSON": "{\"filter\":[]}"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"_id": "Suricata-Alert-Category-Histogram-Top-10",
|
|
"_type": "visualization",
|
|
"_source": {
|
|
"title": "Suricata - Alert Category Histogram - Top 10",
|
|
"visState": "{\"title\":\"Suricata - Alert Category Histogram - Top 10\",\"type\":\"area\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"smoothLines\":true,\"scale\":\"linear\",\"interpolate\":\"linear\",\"mode\":\"overlap\",\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"alert.category.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"2\",\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}",
|
|
"uiStateJSON": "{}",
|
|
"description": "",
|
|
"savedSearchId": "Suricata-Logs",
|
|
"version": 1,
|
|
"kibanaSavedObjectMeta": {
|
|
"searchSourceJSON": "{\"filter\":[]}"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"_id": "P0f-OS-Tagcloud",
|
|
"_type": "visualization",
|
|
"_source": {
|
|
"title": "P0f - OS Tagcloud",
|
|
"visState": "{\"title\":\"P0f - OS Tagcloud\",\"type\":\"tagcloud\",\"params\":{\"textScale\":\"linear\",\"orientations\":1,\"fromDegree\":0,\"toDegree\":0,\"font\":\"serif\",\"fontStyle\":\"normal\",\"fontWeight\":\"normal\",\"timeInterval\":500,\"spiral\":\"archimedean\",\"minFontSize\":18,\"maxFontSize\":72},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"os.raw\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}",
|
|
"uiStateJSON": "{}",
|
|
"description": "",
|
|
"savedSearchId": "P0f-Logs",
|
|
"version": 1,
|
|
"kibanaSavedObjectMeta": {
|
|
"searchSourceJSON": "{\"filter\":[]}"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"_id": "Suricata-HTTP-User-Agent-Pie-Top-10",
|
|
"_type": "visualization",
|
|
"_source": {
|
|
"title": "Suricata - HTTP User Agent Pie - Top 10",
|
|
"visState": "{\"title\":\"Suricata - HTTP User Agent Pie - Top 10\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"http.http_user_agent.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}",
|
|
"uiStateJSON": "{}",
|
|
"description": "",
|
|
"savedSearchId": "Suricata-Logs",
|
|
"version": 1,
|
|
"kibanaSavedObjectMeta": {
|
|
"searchSourceJSON": "{\"filter\":[]}"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"_id": "eMobility-Event-Counter",
|
|
"_type": "visualization",
|
|
"_source": {
|
|
"title": "eMobility - Event Counter",
|
|
"visState": "{\"title\":\"eMobility - Event Counter\",\"type\":\"metric\",\"params\":{\"fontSize\":\"48\"},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}",
|
|
"uiStateJSON": "{}",
|
|
"description": "",
|
|
"savedSearchId": "eMobility-Logs",
|
|
"version": 1,
|
|
"kibanaSavedObjectMeta": {
|
|
"searchSourceJSON": "{\"filter\":[]}"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"_id": "Suricata-Event-Counter",
|
|
"_type": "visualization",
|
|
"_source": {
|
|
"title": "Suricata - Event Counter",
|
|
"visState": "{\"title\":\"Suricata - Event Counter\",\"type\":\"metric\",\"params\":{\"fontSize\":\"48\"},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}",
|
|
"uiStateJSON": "{}",
|
|
"description": "",
|
|
"savedSearchId": "Suricata-Logs",
|
|
"version": 1,
|
|
"kibanaSavedObjectMeta": {
|
|
"searchSourceJSON": "{\"filter\":[]}"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"_id": "Dionaea-Event-Counter",
|
|
"_type": "visualization",
|
|
"_source": {
|
|
"title": "Dionaea - Event Counter",
|
|
"visState": "{\"title\":\"Dionaea - Event Counter\",\"type\":\"metric\",\"params\":{\"fontSize\":\"48\"},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}",
|
|
"uiStateJSON": "{}",
|
|
"description": "",
|
|
"savedSearchId": "Dionaea-Logs",
|
|
"version": 1,
|
|
"kibanaSavedObjectMeta": {
|
|
"searchSourceJSON": "{\"filter\":[]}"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"_id": "Cowrie-Event-Counter",
|
|
"_type": "visualization",
|
|
"_source": {
|
|
"title": "Cowrie - Event Counter",
|
|
"visState": "{\"title\":\"Cowrie - Event Counter\",\"type\":\"metric\",\"params\":{\"fontSize\":\"48\"},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}",
|
|
"uiStateJSON": "{}",
|
|
"description": "",
|
|
"savedSearchId": "Cowrie-Logs",
|
|
"version": 1,
|
|
"kibanaSavedObjectMeta": {
|
|
"searchSourceJSON": "{\"filter\":[]}"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"_id": "P0f-Event-Counter",
|
|
"_type": "visualization",
|
|
"_source": {
|
|
"title": "P0f - Event Counter",
|
|
"visState": "{\"title\":\"P0f - Event Counter\",\"type\":\"metric\",\"params\":{\"fontSize\":\"48\"},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}",
|
|
"uiStateJSON": "{}",
|
|
"description": "",
|
|
"savedSearchId": "P0f-Logs",
|
|
"version": 1,
|
|
"kibanaSavedObjectMeta": {
|
|
"searchSourceJSON": "{\"filter\":[]}"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"_id": "eMobility-ASN-Top-10",
|
|
"_type": "visualization",
|
|
"_source": {
|
|
"title": "eMobility - ASN - Top 10",
|
|
"visState": "{\"title\":\"eMobility - ASN - Top 10\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"geoip.number.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"3\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"geoip.asn.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}",
|
|
"uiStateJSON": "{}",
|
|
"description": "",
|
|
"savedSearchId": "eMobility-Logs",
|
|
"version": 1,
|
|
"kibanaSavedObjectMeta": {
|
|
"searchSourceJSON": "{\"filter\":[]}"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"_id": "Cowrie-Passwords-Top-10",
|
|
"_type": "visualization",
|
|
"_source": {
|
|
"title": "Cowrie - Passwords - Top 10",
|
|
"visState": "{\"title\":\"Cowrie - Passwords - Top 10\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"password.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}",
|
|
"uiStateJSON": "{}",
|
|
"description": "",
|
|
"savedSearchId": "Cowrie-Logs",
|
|
"version": 1,
|
|
"kibanaSavedObjectMeta": {
|
|
"searchSourceJSON": "{\"filter\":[]}"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"_id": "ConPot-Event-Counter",
|
|
"_type": "visualization",
|
|
"_source": {
|
|
"title": "ConPot - Event Counter",
|
|
"visState": "{\"title\":\"ConPot - Event Counter\",\"type\":\"metric\",\"params\":{\"fontSize\":\"48\"},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}",
|
|
"uiStateJSON": "{}",
|
|
"description": "",
|
|
"savedSearchId": "ConPot-Logs",
|
|
"version": 1,
|
|
"kibanaSavedObjectMeta": {
|
|
"searchSourceJSON": "{\"filter\":[]}"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"_id": "Honeypot-Events-by-Country-Histogram",
|
|
"_type": "visualization",
|
|
"_source": {
|
|
"title": "Honeypot Events by Country Histogram",
|
|
"visState": "{\"title\":\"Honeypot Events by Country Histogram\",\"type\":\"line\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"showCircles\":true,\"smoothLines\":false,\"interpolate\":\"linear\",\"scale\":\"square root\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"geoip.country_name.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"2\",\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}",
|
|
"uiStateJSON": "{}",
|
|
"description": "",
|
|
"savedSearchId": "Honeypot-Logs",
|
|
"version": 1,
|
|
"kibanaSavedObjectMeta": {
|
|
"searchSourceJSON": "{\"filter\":[]}"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"_id": "Suricata-Fileinfo-Magic-Top-10",
|
|
"_type": "visualization",
|
|
"_source": {
|
|
"title": "Suricata - Fileinfo Magic - Top 10",
|
|
"visState": "{\"title\":\"Suricata - Fileinfo Magic - Top 10\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"fileinfo.magic.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}",
|
|
"uiStateJSON": "{}",
|
|
"description": "",
|
|
"savedSearchId": "Suricata-Logs",
|
|
"version": 1,
|
|
"kibanaSavedObjectMeta": {
|
|
"searchSourceJSON": "{\"filter\":[]}"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"_id": "Suricata-Alert-Signature-Top-10",
|
|
"_type": "visualization",
|
|
"_source": {
|
|
"title": "Suricata - Alert Signature - Top 10",
|
|
"visState": "{\"title\":\"Suricata - Alert Signature - Top 10\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"alert.signature.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"3\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"alert.signature_id\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}",
|
|
"uiStateJSON": "{}",
|
|
"description": "",
|
|
"savedSearchId": "Suricata-Logs",
|
|
"version": 1,
|
|
"kibanaSavedObjectMeta": {
|
|
"searchSourceJSON": "{\"filter\":[]}"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"_id": "Suricata-HTTP-Hostname-Top-10",
|
|
"_type": "visualization",
|
|
"_source": {
|
|
"title": "Suricata - HTTP Hostname - Top 10",
|
|
"visState": "{\"title\":\"Suricata - HTTP Hostname - Top 10\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"http.hostname.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}",
|
|
"uiStateJSON": "{}",
|
|
"description": "",
|
|
"savedSearchId": "Suricata-Logs",
|
|
"version": 1,
|
|
"kibanaSavedObjectMeta": {
|
|
"searchSourceJSON": "{\"filter\":[]}"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"_id": "Suricata-TLS-Server-Name-Indication-Top-10",
|
|
"_type": "visualization",
|
|
"_source": {
|
|
"title": "Suricata - TLS Server Name Indication - Top 10",
|
|
"visState": "{\"title\":\"Suricata - TLS Server Name Indication - Top 10\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"tls.sni.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}",
|
|
"uiStateJSON": "{}",
|
|
"description": "",
|
|
"savedSearchId": "Suricata-Logs",
|
|
"version": 1,
|
|
"kibanaSavedObjectMeta": {
|
|
"searchSourceJSON": "{\"filter\":[]}"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"_id": "Suricata-SSH-Server-Software-Version-Top-10",
|
|
"_type": "visualization",
|
|
"_source": {
|
|
"title": "Suricata - SSH Server Software Version - Top 10",
|
|
"visState": "{\"title\":\"Suricata - SSH Server Software Version - Top 10\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"ssh.server.software_version.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}",
|
|
"uiStateJSON": "{}",
|
|
"description": "",
|
|
"savedSearchId": "Suricata-Logs",
|
|
"version": 1,
|
|
"kibanaSavedObjectMeta": {
|
|
"searchSourceJSON": "{\"filter\":[]}"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"_id": "Suricata-SSH-Client-Software-Version-Top-10",
|
|
"_type": "visualization",
|
|
"_source": {
|
|
"title": "Suricata - SSH Client Software Version - Top 10",
|
|
"visState": "{\"title\":\"Suricata - SSH Client Software Version - Top 10\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"ssh.client.software_version.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}",
|
|
"uiStateJSON": "{}",
|
|
"description": "",
|
|
"savedSearchId": "Suricata-Logs",
|
|
"version": 1,
|
|
"kibanaSavedObjectMeta": {
|
|
"searchSourceJSON": "{\"filter\":[]}"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"_id": "Suricata-HTTP-Accept-Encoding",
|
|
"_type": "visualization",
|
|
"_source": {
|
|
"title": "Suricata - HTTP Accept Encoding",
|
|
"visState": "{\"title\":\"Suricata - HTTP Accept Encoding\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"http.accept_encoding.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}",
|
|
"uiStateJSON": "{}",
|
|
"description": "",
|
|
"savedSearchId": "Suricata-Logs",
|
|
"version": 1,
|
|
"kibanaSavedObjectMeta": {
|
|
"searchSourceJSON": "{\"filter\":[]}"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"_id": "Suricata-TLS-Issuer-Top-10",
|
|
"_type": "visualization",
|
|
"_source": {
|
|
"title": "Suricata - TLS Issuer - Top 10",
|
|
"visState": "{\"title\":\"Suricata - TLS Issuer - Top 10\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"tls.issuerdn.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}",
|
|
"uiStateJSON": "{}",
|
|
"description": "",
|
|
"savedSearchId": "Suricata-Logs",
|
|
"version": 1,
|
|
"kibanaSavedObjectMeta": {
|
|
"searchSourceJSON": "{\"filter\":[]}"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"_id": "Info-Welcome-to-your-shiny-new-T-Pot-installation!",
|
|
"_type": "visualization",
|
|
"_source": {
|
|
"title": "Info - Welcome to your shiny new T-Pot installation!",
|
|
"visState": "{\"title\":\"Info - Welcome to your shiny new T-Pot installation!\",\"type\":\"markdown\",\"params\":{\"markdown\":\"Get started by loading a dashboard and saving it as \\\"Default\\\".\"},\"aggs\":[],\"listeners\":{}}",
|
|
"uiStateJSON": "{}",
|
|
"description": "",
|
|
"version": 1,
|
|
"kibanaSavedObjectMeta": {
|
|
"searchSourceJSON": "{\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"_id": "Honeytrap-Events-Histogram",
|
|
"_type": "visualization",
|
|
"_source": {
|
|
"title": "Honeytrap - Events Histogram",
|
|
"visState": "{\"title\":\"Honeytrap - Events Histogram\",\"type\":\"line\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"showCircles\":true,\"smoothLines\":false,\"interpolate\":\"linear\",\"scale\":\"square root\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"src_ip.raw\"}}],\"listeners\":{}}",
|
|
"uiStateJSON": "{}",
|
|
"description": "",
|
|
"savedSearchId": "Honeytrap-Logs",
|
|
"version": 1,
|
|
"kibanaSavedObjectMeta": {
|
|
"searchSourceJSON": "{\"filter\":[]}"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"_id": "Honeytrap-ASN-Top-10",
|
|
"_type": "visualization",
|
|
"_source": {
|
|
"title": "Honeytrap - ASN - Top 10",
|
|
"visState": "{\"title\":\"Honeytrap - ASN - Top 10\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"geoip.number.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"3\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"geoip.asn.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}",
|
|
"uiStateJSON": "{}",
|
|
"description": "",
|
|
"savedSearchId": "Honeytrap-Logs",
|
|
"version": 1,
|
|
"kibanaSavedObjectMeta": {
|
|
"searchSourceJSON": "{\"filter\":[]}"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"_id": "Honeytrap-Destination-Ports-Top-10",
|
|
"_type": "visualization",
|
|
"_source": {
|
|
"title": "Honeytrap - Destination Ports - Top 10",
|
|
"visState": "{\"title\":\"Honeytrap - Destination Ports - Top 10\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"dest_port\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}",
|
|
"uiStateJSON": "{}",
|
|
"description": "",
|
|
"savedSearchId": "Honeytrap-Logs",
|
|
"version": 1,
|
|
"kibanaSavedObjectMeta": {
|
|
"searchSourceJSON": "{\"filter\":[]}"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"_id": "Honeytrap-Destination-Ports-Histogram",
|
|
"_type": "visualization",
|
|
"_source": {
|
|
"title": "Honeytrap - Destination Ports Histogram",
|
|
"visState": "{\"aggs\":[{\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"id\":\"3\",\"params\":{\"field\":\"dest_port\",\"order\":\"desc\",\"orderBy\":\"1\",\"size\":10},\"schema\":\"group\",\"type\":\"terms\"},{\"id\":\"2\",\"params\":{\"customInterval\":\"2h\",\"extended_bounds\":{},\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1},\"schema\":\"segment\",\"type\":\"date_histogram\"}],\"listeners\":{},\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"defaultYExtents\":false,\"mode\":\"stacked\",\"scale\":\"linear\",\"setYExtents\":false,\"shareYAxis\":true,\"times\":[],\"yAxis\":{}},\"title\":\"Honeytrap - Destination Ports Histogram\",\"type\":\"histogram\"}",
|
|
"uiStateJSON": "{}",
|
|
"description": "",
|
|
"savedSearchId": "Honeytrap-Logs",
|
|
"version": 1,
|
|
"kibanaSavedObjectMeta": {
|
|
"searchSourceJSON": "{\"filter\":[]}"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"_id": "ElasticPot-Event-Counter",
|
|
"_type": "visualization",
|
|
"_source": {
|
|
"title": "ElasticPot - Event Counter",
|
|
"visState": "{\"title\":\"ElasticPot - Event Counter\",\"type\":\"metric\",\"params\":{\"fontSize\":\"48\"},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}",
|
|
"uiStateJSON": "{}",
|
|
"description": "",
|
|
"savedSearchId": "ElasticPot-Logs",
|
|
"version": 1,
|
|
"kibanaSavedObjectMeta": {
|
|
"searchSourceJSON": "{\"filter\":[]}"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"_id": "Suricata-HTTP-User-Agent-Top-10",
|
|
"_type": "visualization",
|
|
"_source": {
|
|
"title": "Suricata - HTTP User Agent - Top 10",
|
|
"visState": "{\"title\":\"Suricata - HTTP User Agent - Top 10\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"http.http_user_agent.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}",
|
|
"uiStateJSON": "{}",
|
|
"description": "",
|
|
"savedSearchId": "Suricata-Logs",
|
|
"version": 1,
|
|
"kibanaSavedObjectMeta": {
|
|
"searchSourceJSON": "{\"filter\":[]}"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"_id": "Suricata-DNS-Name-Top-10",
|
|
"_type": "visualization",
|
|
"_source": {
|
|
"title": "Suricata - DNS Name - Top 10",
|
|
"visState": "{\"title\":\"Suricata - DNS Name - Top 10\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dns.rrname.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}",
|
|
"uiStateJSON": "{}",
|
|
"description": "",
|
|
"savedSearchId": "Suricata-Logs",
|
|
"version": 1,
|
|
"kibanaSavedObjectMeta": {
|
|
"searchSourceJSON": "{\"filter\":[]}"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"_id": "Suricata-HTTP-Hostname-Pie-Top-10",
|
|
"_type": "visualization",
|
|
"_source": {
|
|
"title": "Suricata - HTTP Hostname Pie - Top 10",
|
|
"visState": "{\"title\":\"Suricata - HTTP Hostname Pie - Top 10\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"http.hostname.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}",
|
|
"uiStateJSON": "{}",
|
|
"description": "",
|
|
"savedSearchId": "Suricata-Logs",
|
|
"version": 1,
|
|
"kibanaSavedObjectMeta": {
|
|
"searchSourceJSON": "{\"filter\":[]}"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"_id": "Suricata-HTTP-Method-Pie-Top-10",
|
|
"_type": "visualization",
|
|
"_source": {
|
|
"title": "Suricata - HTTP Method Pie - Top 10",
|
|
"visState": "{\"title\":\"Suricata - HTTP Method Pie - Top 10\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"http.http_method.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}",
|
|
"uiStateJSON": "{}",
|
|
"description": "",
|
|
"savedSearchId": "Suricata-Logs",
|
|
"version": 1,
|
|
"kibanaSavedObjectMeta": {
|
|
"searchSourceJSON": "{\"filter\":[]}"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"_id": "Suricata-HTTP-Protocol",
|
|
"_type": "visualization",
|
|
"_source": {
|
|
"title": "Suricata - HTTP Protocol",
|
|
"visState": "{\"title\":\"Suricata - HTTP Protocol\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"http.protocol.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}",
|
|
"uiStateJSON": "{}",
|
|
"description": "",
|
|
"savedSearchId": "Suricata-Logs",
|
|
"version": 1,
|
|
"kibanaSavedObjectMeta": {
|
|
"searchSourceJSON": "{\"filter\":[]}"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"_id": "Suricata-Map",
|
|
"_type": "visualization",
|
|
"_source": {
|
|
"title": "Suricata - Map",
|
|
"visState": "{\"title\":\"Suricata - Map\",\"type\":\"tile_map\",\"params\":{\"mapType\":\"Shaded Circle Markers\",\"isDesaturated\":true,\"addTooltip\":true,\"heatMaxZoom\":16,\"heatMinOpacity\":0.1,\"heatRadius\":25,\"heatBlur\":15,\"heatNormalizeData\":true,\"wms\":{\"enabled\":false,\"url\":\"https://basemap.nationalmap.gov/arcgis/services/USGSTopo/MapServer/WMSServer\",\"options\":{\"version\":\"1.3.0\",\"layers\":\"0\",\"format\":\"image/png\",\"transparent\":true,\"attribution\":\"Maps provided by USGS\",\"styles\":\"\"}}},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"geohash_grid\",\"schema\":\"segment\",\"params\":{\"field\":\"geoip.location\",\"autoPrecision\":true,\"precision\":2}}],\"listeners\":{}}",
|
|
"uiStateJSON": "{}",
|
|
"description": "",
|
|
"savedSearchId": "Suricata-Logs",
|
|
"version": 1,
|
|
"kibanaSavedObjectMeta": {
|
|
"searchSourceJSON": "{\"filter\":[]}"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"_id": "Dionaea-Map",
|
|
"_type": "visualization",
|
|
"_source": {
|
|
"title": "Dionaea - Map",
|
|
"visState": "{\"title\":\"Dionaea - Map\",\"type\":\"tile_map\",\"params\":{\"mapType\":\"Shaded Circle Markers\",\"isDesaturated\":true,\"addTooltip\":true,\"heatMaxZoom\":16,\"heatMinOpacity\":0.1,\"heatRadius\":25,\"heatBlur\":15,\"heatNormalizeData\":true,\"wms\":{\"enabled\":false,\"url\":\"https://basemap.nationalmap.gov/arcgis/services/USGSTopo/MapServer/WMSServer\",\"options\":{\"version\":\"1.3.0\",\"layers\":\"0\",\"format\":\"image/png\",\"transparent\":true,\"attribution\":\"Maps provided by USGS\",\"styles\":\"\"}}},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"geohash_grid\",\"schema\":\"segment\",\"params\":{\"field\":\"geoip.location\",\"autoPrecision\":true,\"precision\":2}}],\"listeners\":{}}",
|
|
"uiStateJSON": "{}",
|
|
"description": "",
|
|
"savedSearchId": "Dionaea-Logs",
|
|
"version": 1,
|
|
"kibanaSavedObjectMeta": {
|
|
"searchSourceJSON": "{\"filter\":[]}"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"_id": "Cowrie-Map",
|
|
"_type": "visualization",
|
|
"_source": {
|
|
"title": "Cowrie - Map",
|
|
"visState": "{\"title\":\"Cowrie - Map\",\"type\":\"tile_map\",\"params\":{\"mapType\":\"Shaded Circle Markers\",\"isDesaturated\":true,\"addTooltip\":true,\"heatMaxZoom\":16,\"heatMinOpacity\":0.1,\"heatRadius\":25,\"heatBlur\":15,\"heatNormalizeData\":true,\"wms\":{\"enabled\":false,\"url\":\"https://basemap.nationalmap.gov/arcgis/services/USGSTopo/MapServer/WMSServer\",\"options\":{\"version\":\"1.3.0\",\"layers\":\"0\",\"format\":\"image/png\",\"transparent\":true,\"attribution\":\"Maps provided by USGS\",\"styles\":\"\"}}},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"geohash_grid\",\"schema\":\"segment\",\"params\":{\"field\":\"geoip.location\",\"autoPrecision\":true,\"precision\":2}}],\"listeners\":{}}",
|
|
"uiStateJSON": "{}",
|
|
"description": "",
|
|
"savedSearchId": "Cowrie-Logs",
|
|
"version": 1,
|
|
"kibanaSavedObjectMeta": {
|
|
"searchSourceJSON": "{\"filter\":[]}"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"_id": "Suricata-ASN-Top-10",
|
|
"_type": "visualization",
|
|
"_source": {
|
|
"title": "Suricata - ASN - Top 10",
|
|
"visState": "{\"title\":\"Suricata - ASN - Top 10\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"geoip.number.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"3\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"geoip.asn.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}",
|
|
"uiStateJSON": "{}",
|
|
"description": "",
|
|
"savedSearchId": "Suricata-Logs",
|
|
"version": 1,
|
|
"kibanaSavedObjectMeta": {
|
|
"searchSourceJSON": "{\"filter\":[]}"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"_id": "Suricata-Source-IP-Top-10",
|
|
"_type": "visualization",
|
|
"_source": {
|
|
"title": "Suricata - Source IP - Top 10",
|
|
"visState": "{\"title\":\"Suricata - Source IP - Top 10\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"src_ip.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}",
|
|
"uiStateJSON": "{}",
|
|
"description": "",
|
|
"savedSearchId": "Suricata-Logs",
|
|
"version": 1,
|
|
"kibanaSavedObjectMeta": {
|
|
"searchSourceJSON": "{\"filter\":[]}"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"_id": "P0f-Map",
|
|
"_type": "visualization",
|
|
"_source": {
|
|
"title": "P0f - Map",
|
|
"visState": "{\"title\":\"P0f - Map\",\"type\":\"tile_map\",\"params\":{\"mapType\":\"Shaded Circle Markers\",\"isDesaturated\":true,\"addTooltip\":true,\"heatMaxZoom\":16,\"heatMinOpacity\":0.1,\"heatRadius\":25,\"heatBlur\":15,\"heatNormalizeData\":true,\"wms\":{\"enabled\":false,\"url\":\"https://basemap.nationalmap.gov/arcgis/services/USGSTopo/MapServer/WMSServer\",\"options\":{\"version\":\"1.3.0\",\"layers\":\"0\",\"format\":\"image/png\",\"transparent\":true,\"attribution\":\"Maps provided by USGS\",\"styles\":\"\"}}},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"geohash_grid\",\"schema\":\"segment\",\"params\":{\"field\":\"geoip.location\",\"autoPrecision\":true,\"precision\":2}}],\"listeners\":{}}",
|
|
"uiStateJSON": "{}",
|
|
"description": "",
|
|
"savedSearchId": "P0f-Logs",
|
|
"version": 1,
|
|
"kibanaSavedObjectMeta": {
|
|
"searchSourceJSON": "{\"filter\":[]}"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"_id": "Cowrie-ASN-Top-10",
|
|
"_type": "visualization",
|
|
"_source": {
|
|
"title": "Cowrie - ASN - Top 10",
|
|
"visState": "{\"title\":\"Cowrie - ASN - Top 10\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"geoip.number.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"geoip.asn.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}",
|
|
"uiStateJSON": "{}",
|
|
"description": "",
|
|
"savedSearchId": "Cowrie-Logs",
|
|
"version": 1,
|
|
"kibanaSavedObjectMeta": {
|
|
"searchSourceJSON": "{\"filter\":[]}"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"_id": "P0f-OS-Top-10",
|
|
"_type": "visualization",
|
|
"_source": {
|
|
"title": "P0f - OS - Top 10",
|
|
"visState": "{\"title\":\"P0f - OS - Top 10\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"os.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}",
|
|
"uiStateJSON": "{}",
|
|
"description": "",
|
|
"savedSearchId": "P0f-Logs",
|
|
"version": 1,
|
|
"kibanaSavedObjectMeta": {
|
|
"searchSourceJSON": "{\"filter\":[]}"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"_id": "Cowrie-Events-by-Country-Histogram",
|
|
"_type": "visualization",
|
|
"_source": {
|
|
"title": "Cowrie - Events by Country Histogram",
|
|
"visState": "{\"title\":\"Cowrie - Events by Country Histogram\",\"type\":\"line\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"showCircles\":true,\"smoothLines\":false,\"interpolate\":\"linear\",\"scale\":\"square root\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"geoip.country_name.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"2\",\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}",
|
|
"uiStateJSON": "{}",
|
|
"description": "",
|
|
"savedSearchId": "Cowrie-Logs",
|
|
"version": 1,
|
|
"kibanaSavedObjectMeta": {
|
|
"searchSourceJSON": "{\"filter\":[]}"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"_id": "Honeypot-Events-Histogram",
|
|
"_type": "visualization",
|
|
"_source": {
|
|
"title": "Honeypot Events Histogram",
|
|
"visState": "{\"title\":\"Honeypot Events Histogram\",\"type\":\"line\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"showCircles\":true,\"smoothLines\":false,\"interpolate\":\"linear\",\"scale\":\"square root\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"type.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"2\",\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}",
|
|
"uiStateJSON": "{}",
|
|
"description": "",
|
|
"savedSearchId": "Honeypot-Logs",
|
|
"version": 1,
|
|
"kibanaSavedObjectMeta": {
|
|
"searchSourceJSON": "{\"filter\":[]}"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"_id": "Cowrie-Countries-Top-10",
|
|
"_type": "visualization",
|
|
"_source": {
|
|
"title": "Cowrie - Countries - Top 10",
|
|
"visState": "{\"title\":\"Cowrie - Countries - Top 10\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"geoip.country_name.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}",
|
|
"uiStateJSON": "{}",
|
|
"description": "",
|
|
"savedSearchId": "Cowrie-Logs",
|
|
"version": 1,
|
|
"kibanaSavedObjectMeta": {
|
|
"searchSourceJSON": "{\"filter\":[]}"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"_id": "Cowrie-Events-Histogram",
|
|
"_type": "visualization",
|
|
"_source": {
|
|
"title": "Cowrie - Events Histogram",
|
|
"visState": "{\"title\":\"Cowrie - Events Histogram\",\"type\":\"line\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"showCircles\":true,\"smoothLines\":false,\"interpolate\":\"linear\",\"scale\":\"square root\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"session.raw\"}}],\"listeners\":{}}",
|
|
"uiStateJSON": "{\"vis\":{\"legendOpen\":true}}",
|
|
"description": "",
|
|
"savedSearchId": "Cowrie-Logs",
|
|
"version": 1,
|
|
"kibanaSavedObjectMeta": {
|
|
"searchSourceJSON": "{\"filter\":[]}"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"_id": "Cowrie-Username-Tagcloud-Large",
|
|
"_type": "visualization",
|
|
"_source": {
|
|
"title": "Cowrie - Username Tagcloud - Large",
|
|
"visState": "{\"title\":\"Cowrie - Username Tagcloud - Large\",\"type\":\"tagcloud\",\"params\":{\"textScale\":\"sqrt\",\"orientations\":1,\"fromDegree\":\"0\",\"toDegree\":\"0\",\"font\":\"serif\",\"fontStyle\":\"normal\",\"fontWeight\":\"normal\",\"timeInterval\":\"500\",\"spiral\":\"rectangular\",\"minFontSize\":18,\"maxFontSize\":72},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"username.raw\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}",
|
|
"uiStateJSON": "{}",
|
|
"description": "",
|
|
"savedSearchId": "Cowrie-Logs",
|
|
"version": 1,
|
|
"kibanaSavedObjectMeta": {
|
|
"searchSourceJSON": "{\"filter\":[]}"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"_id": "Cowrie-Username-Tagcloud",
|
|
"_type": "visualization",
|
|
"_source": {
|
|
"title": "Cowrie - Username Tagcloud",
|
|
"visState": "{\"title\":\"Cowrie - Username Tagcloud\",\"type\":\"tagcloud\",\"params\":{\"textScale\":\"linear\",\"orientations\":1,\"fromDegree\":\"0\",\"toDegree\":\"0\",\"font\":\"serif\",\"fontStyle\":\"normal\",\"fontWeight\":\"normal\",\"timeInterval\":\"500\",\"spiral\":\"rectangular\",\"minFontSize\":18,\"maxFontSize\":72},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"username.raw\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}",
|
|
"uiStateJSON": "{}",
|
|
"description": "",
|
|
"savedSearchId": "Cowrie-Logs",
|
|
"version": 1,
|
|
"kibanaSavedObjectMeta": {
|
|
"searchSourceJSON": "{\"filter\":[]}"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"_id": "Cowrie-Password-Tagcloud",
|
|
"_type": "visualization",
|
|
"_source": {
|
|
"title": "Cowrie - Password Tagcloud",
|
|
"visState": "{\"title\":\"Cowrie - Password Tagcloud\",\"type\":\"tagcloud\",\"params\":{\"textScale\":\"linear\",\"orientations\":1,\"fromDegree\":\"0\",\"toDegree\":\"0\",\"font\":\"serif\",\"fontStyle\":\"normal\",\"fontWeight\":\"normal\",\"timeInterval\":\"500\",\"spiral\":\"rectangular\",\"minFontSize\":\"18\",\"maxFontSize\":\"72\"},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"password.raw\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}",
|
|
"uiStateJSON": "{}",
|
|
"description": "",
|
|
"savedSearchId": "Cowrie-Logs",
|
|
"version": 1,
|
|
"kibanaSavedObjectMeta": {
|
|
"searchSourceJSON": "{\"filter\":[]}"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"_id": "Cowrie-Password-Tagcloud-Large",
|
|
"_type": "visualization",
|
|
"_source": {
|
|
"title": "Cowrie - Password Tagcloud - Large",
|
|
"visState": "{\"title\":\"Cowrie - Password Tagcloud - Large\",\"type\":\"tagcloud\",\"params\":{\"textScale\":\"sqrt\",\"orientations\":1,\"fromDegree\":\"0\",\"toDegree\":\"0\",\"font\":\"serif\",\"fontStyle\":\"normal\",\"fontWeight\":\"normal\",\"timeInterval\":\"500\",\"spiral\":\"rectangular\",\"minFontSize\":\"18\",\"maxFontSize\":\"72\"},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"password.raw\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}",
|
|
"uiStateJSON": "{}",
|
|
"description": "",
|
|
"savedSearchId": "Cowrie-Logs",
|
|
"version": 1,
|
|
"kibanaSavedObjectMeta": {
|
|
"searchSourceJSON": "{\"filter\":[]}"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"_id": "Cowrie-Unique-Session-Counter",
|
|
"_type": "visualization",
|
|
"_source": {
|
|
"title": "Cowrie - Unique Session Counter",
|
|
"visState": "{\"title\":\"Cowrie - Unique Session Counter\",\"type\":\"metric\",\"params\":{\"fontSize\":\"48\"},\"aggs\":[{\"id\":\"1\",\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"session.raw\"}}],\"listeners\":{}}",
|
|
"uiStateJSON": "{}",
|
|
"description": "",
|
|
"savedSearchId": "Cowrie-Logs",
|
|
"version": 1,
|
|
"kibanaSavedObjectMeta": {
|
|
"searchSourceJSON": "{\"filter\":[]}"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"_id": "ConPot-Events-Histogram",
|
|
"_type": "visualization",
|
|
"_source": {
|
|
"title": "ConPot - Events Histogram",
|
|
"visState": "{\"title\":\"ConPot - Events Histogram\",\"type\":\"line\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"showCircles\":true,\"smoothLines\":false,\"interpolate\":\"linear\",\"scale\":\"square root\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"type.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"2\",\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"4\",\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"src_ip.raw\"}}],\"listeners\":{}}",
|
|
"uiStateJSON": "{}",
|
|
"description": "",
|
|
"savedSearchId": "ConPot-Logs",
|
|
"version": 1,
|
|
"kibanaSavedObjectMeta": {
|
|
"searchSourceJSON": "{\"filter\":[]}"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"_id": "eMobility-Events-Histogram",
|
|
"_type": "visualization",
|
|
"_source": {
|
|
"title": "eMobility - Events Histogram",
|
|
"visState": "{\"title\":\"eMobility - Events Histogram\",\"type\":\"line\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"showCircles\":true,\"smoothLines\":false,\"interpolate\":\"linear\",\"scale\":\"square root\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"src_ip.raw\"}}],\"listeners\":{}}",
|
|
"uiStateJSON": "{\"vis\":{\"legendOpen\":true}}",
|
|
"description": "",
|
|
"savedSearchId": "eMobility-Logs",
|
|
"version": 1,
|
|
"kibanaSavedObjectMeta": {
|
|
"searchSourceJSON": "{\"filter\":[]}"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"_id": "Suricata-Events-by-Country-Histogram",
|
|
"_type": "visualization",
|
|
"_source": {
|
|
"title": "Suricata - Events by Country Histogram",
|
|
"visState": "{\"title\":\"Suricata - Events by Country Histogram\",\"type\":\"line\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"showCircles\":true,\"smoothLines\":false,\"interpolate\":\"linear\",\"scale\":\"square root\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"geoip.country_name.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"2\",\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}",
|
|
"uiStateJSON": "{}",
|
|
"description": "",
|
|
"savedSearchId": "Suricata-Logs",
|
|
"version": 1,
|
|
"kibanaSavedObjectMeta": {
|
|
"searchSourceJSON": "{\"filter\":[]}"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"_id": "ConPot-ASN-Top-10",
|
|
"_type": "visualization",
|
|
"_source": {
|
|
"title": "ConPot - ASN - Top 10",
|
|
"visState": "{\"title\":\"ConPot - ASN - Top 10\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"geoip.number.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"geoip.asn.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}",
|
|
"uiStateJSON": "{}",
|
|
"description": "",
|
|
"savedSearchId": "ConPot-Logs",
|
|
"version": 1,
|
|
"kibanaSavedObjectMeta": {
|
|
"searchSourceJSON": "{\"filter\":[]}"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"_id": "Suricata-Destination-Ports-Histogram",
|
|
"_type": "visualization",
|
|
"_source": {
|
|
"title": "Suricata - Destination Ports Histogram",
|
|
"visState": "{\"title\":\"Suricata - Destination Ports Histogram\",\"type\":\"histogram\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"scale\":\"linear\",\"mode\":\"stacked\",\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"dest_port\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"2\",\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}",
|
|
"uiStateJSON": "{}",
|
|
"description": "",
|
|
"savedSearchId": "Suricata-Logs",
|
|
"version": 1,
|
|
"kibanaSavedObjectMeta": {
|
|
"searchSourceJSON": "{\"filter\":[]}"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"_id": "ConPot-Source-IP-Top-10",
|
|
"_type": "visualization",
|
|
"_source": {
|
|
"title": "ConPot - Source IP - Top 10",
|
|
"visState": "{\"title\":\"ConPot - Source IP - Top 10\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"src_ip.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}",
|
|
"uiStateJSON": "{}",
|
|
"description": "",
|
|
"savedSearchId": "ConPot-Logs",
|
|
"version": 1,
|
|
"kibanaSavedObjectMeta": {
|
|
"searchSourceJSON": "{\"filter\":[]}"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"_id": "ConPot-Countries-Top-10",
|
|
"_type": "visualization",
|
|
"_source": {
|
|
"title": "ConPot - Countries - Top 10",
|
|
"visState": "{\"title\":\"ConPot - Countries - Top 10\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"geoip.country_name.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}",
|
|
"uiStateJSON": "{}",
|
|
"description": "",
|
|
"savedSearchId": "ConPot-Logs",
|
|
"version": 1,
|
|
"kibanaSavedObjectMeta": {
|
|
"searchSourceJSON": "{\"filter\":[]}"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"_id": "Suricata-DNS-RType-Top-10",
|
|
"_type": "visualization",
|
|
"_source": {
|
|
"title": "Suricata - DNS RType",
|
|
"visState": "{\"title\":\"Suricata - DNS RType\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"dns.rrtype.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}",
|
|
"uiStateJSON": "{}",
|
|
"description": "",
|
|
"savedSearchId": "Suricata-Logs",
|
|
"version": 1,
|
|
"kibanaSavedObjectMeta": {
|
|
"searchSourceJSON": "{\"filter\":[]}"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"_id": "Suricata-TLS-Version",
|
|
"_type": "visualization",
|
|
"_source": {
|
|
"title": "Suricata - TLS Version",
|
|
"visState": "{\"title\":\"Suricata - TLS Version\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"tls.version.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}",
|
|
"uiStateJSON": "{}",
|
|
"description": "",
|
|
"savedSearchId": "Suricata-Logs",
|
|
"version": 1,
|
|
"kibanaSavedObjectMeta": {
|
|
"searchSourceJSON": "{\"filter\":[]}"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"_id": "Dionaea-Countries-Top-10",
|
|
"_type": "visualization",
|
|
"_source": {
|
|
"title": "Dionaea - Countries - Top 10",
|
|
"visState": "{\"title\":\"Dionaea - Countries - Top 10\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"geoip.country_name.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}",
|
|
"uiStateJSON": "{}",
|
|
"description": "",
|
|
"savedSearchId": "Dionaea-Logs",
|
|
"version": 1,
|
|
"kibanaSavedObjectMeta": {
|
|
"searchSourceJSON": "{\"filter\":[]}"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"_id": "ElasticPot-ASN-Top-10",
|
|
"_type": "visualization",
|
|
"_source": {
|
|
"title": "ElasticPot - ASN - Top 10",
|
|
"visState": "{\"title\":\"ElasticPot - ASN - Top 10\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"geoip.number.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"geoip.asn.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}",
|
|
"uiStateJSON": "{}",
|
|
"description": "",
|
|
"savedSearchId": "ElasticPot-Logs",
|
|
"version": 1,
|
|
"kibanaSavedObjectMeta": {
|
|
"searchSourceJSON": "{\"filter\":[]}"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"_id": "ElasticPot-Events-Histogram",
|
|
"_type": "visualization",
|
|
"_source": {
|
|
"title": "ElasticPot - Events Histogram",
|
|
"visState": "{\"title\":\"ElasticPot - Events Histogram\",\"type\":\"line\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"showCircles\":true,\"smoothLines\":false,\"interpolate\":\"linear\",\"scale\":\"square root\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"src_ip.raw\"}}],\"listeners\":{}}",
|
|
"uiStateJSON": "{}",
|
|
"description": "",
|
|
"savedSearchId": "ElasticPot-Logs",
|
|
"version": 1,
|
|
"kibanaSavedObjectMeta": {
|
|
"searchSourceJSON": "{\"filter\":[]}"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"_id": "Dionaea-ASN-Top-10",
|
|
"_type": "visualization",
|
|
"_source": {
|
|
"title": "Dionaea - ASN - Top 10",
|
|
"visState": "{\"title\":\"Dionaea - ASN - Top 10\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"geoip.number.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"3\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"geoip.asn.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}",
|
|
"uiStateJSON": "{}",
|
|
"description": "",
|
|
"savedSearchId": "Dionaea-Logs",
|
|
"version": 1,
|
|
"kibanaSavedObjectMeta": {
|
|
"searchSourceJSON": "{\"filter\":[]}"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"_id": "ElasticPot-Countries-Top-10",
|
|
"_type": "visualization",
|
|
"_source": {
|
|
"title": "ElasticPot - Countries - Top 10",
|
|
"visState": "{\"title\":\"ElasticPot - Countries - Top 10\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"geoip.country_name.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}",
|
|
"uiStateJSON": "{}",
|
|
"description": "",
|
|
"savedSearchId": "ElasticPot-Logs",
|
|
"version": 1,
|
|
"kibanaSavedObjectMeta": {
|
|
"searchSourceJSON": "{\"filter\":[]}"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"_id": "ElasticPot-Source-IP-Top-10",
|
|
"_type": "visualization",
|
|
"_source": {
|
|
"title": "ElasticPot - Source IP - Top 10",
|
|
"visState": "{\"title\":\"ElasticPot - Source IP - Top 10\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"src_ip.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}",
|
|
"uiStateJSON": "{}",
|
|
"description": "",
|
|
"savedSearchId": "ElasticPot-Logs",
|
|
"version": 1,
|
|
"kibanaSavedObjectMeta": {
|
|
"searchSourceJSON": "{\"filter\":[]}"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"_id": "Honeytrap-Countries-Top-10",
|
|
"_type": "visualization",
|
|
"_source": {
|
|
"title": "Honeytrap - Countries - Top 10",
|
|
"visState": "{\"title\":\"Honeytrap - Countries - Top 10\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"geoip.country_name.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}",
|
|
"uiStateJSON": "{}",
|
|
"description": "",
|
|
"savedSearchId": "Honeytrap-Logs",
|
|
"version": 1,
|
|
"kibanaSavedObjectMeta": {
|
|
"searchSourceJSON": "{\"filter\":[]}"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"_id": "Syslog-SSH-Events-Histogram",
|
|
"_type": "visualization",
|
|
"_source": {
|
|
"title": "Syslog - SSH Events Histogram",
|
|
"visState": "{\"aggs\":[{\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"id\":\"2\",\"params\":{\"customInterval\":\"2h\",\"extended_bounds\":{},\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1},\"schema\":\"segment\",\"type\":\"date_histogram\"},{\"id\":\"3\",\"params\":{\"field\":\"tags.raw\",\"order\":\"desc\",\"orderBy\":\"1\",\"size\":10},\"schema\":\"group\",\"type\":\"terms\"}],\"listeners\":{},\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"defaultYExtents\":false,\"mode\":\"stacked\",\"scale\":\"linear\",\"setYExtents\":false,\"shareYAxis\":true,\"times\":[],\"yAxis\":{}},\"title\":\"Syslog - SSH Events Histogram\",\"type\":\"histogram\"}",
|
|
"uiStateJSON": "{}",
|
|
"description": "",
|
|
"savedSearchId": "Syslog-Logs",
|
|
"version": 1,
|
|
"kibanaSavedObjectMeta": {
|
|
"searchSourceJSON": "{\"filter\":[]}"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"_id": "Syslog-Program-Top-10",
|
|
"_type": "visualization",
|
|
"_source": {
|
|
"title": "Syslog - Program - Top 10",
|
|
"visState": "{\"title\":\"Syslog - Program - Top 10\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"program.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}",
|
|
"uiStateJSON": "{}",
|
|
"description": "",
|
|
"savedSearchId": "Syslog-Logs",
|
|
"version": 1,
|
|
"kibanaSavedObjectMeta": {
|
|
"searchSourceJSON": "{\"filter\":[]}"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"_id": "Syslog-Source-IP-Top-10",
|
|
"_type": "visualization",
|
|
"_source": {
|
|
"title": "Syslog - Source IP - Top 10",
|
|
"visState": "{\"aggs\":[{\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"id\":\"2\",\"params\":{\"field\":\"src_ip.raw\",\"order\":\"desc\",\"orderBy\":\"1\",\"size\":10},\"schema\":\"bucket\",\"type\":\"terms\"}],\"listeners\":{},\"params\":{\"perPage\":10,\"showMeticsAtAllLevels\":false,\"showPartialRows\":false},\"title\":\"Syslog - Source IP - Top 10\",\"type\":\"table\"}",
|
|
"uiStateJSON": "{}",
|
|
"description": "",
|
|
"savedSearchId": "Syslog-Logs",
|
|
"version": 1,
|
|
"kibanaSavedObjectMeta": {
|
|
"searchSourceJSON": "{\"filter\":[]}"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"_id": "Syslog-ASN-Top-10",
|
|
"_type": "visualization",
|
|
"_source": {
|
|
"title": "Syslog - ASN - Top 10",
|
|
"visState": "{\"aggs\":[{\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"id\":\"3\",\"params\":{\"field\":\"geoip.number.raw\",\"order\":\"desc\",\"orderBy\":\"1\",\"size\":10},\"schema\":\"bucket\",\"type\":\"terms\"},{\"id\":\"2\",\"params\":{\"field\":\"geoip.asn.raw\",\"order\":\"desc\",\"orderBy\":\"1\",\"size\":10},\"schema\":\"bucket\",\"type\":\"terms\"}],\"listeners\":{},\"params\":{\"perPage\":10,\"showMeticsAtAllLevels\":false,\"showPartialRows\":false},\"title\":\"Syslog - ASN - Top 10\",\"type\":\"table\"}",
|
|
"uiStateJSON": "{}",
|
|
"description": "",
|
|
"savedSearchId": "Syslog-Logs",
|
|
"version": 1,
|
|
"kibanaSavedObjectMeta": {
|
|
"searchSourceJSON": "{\"filter\":[]}"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"_id": "Syslog-Map",
|
|
"_type": "visualization",
|
|
"_source": {
|
|
"title": "Syslog - Map",
|
|
"visState": "{\"aggs\":[{\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"id\":\"2\",\"params\":{\"autoPrecision\":true,\"field\":\"geoip.location\",\"precision\":2},\"schema\":\"segment\",\"type\":\"geohash_grid\"}],\"listeners\":{},\"params\":{\"addTooltip\":true,\"heatBlur\":15,\"heatMaxZoom\":16,\"heatMinOpacity\":0.1,\"heatNormalizeData\":true,\"heatRadius\":25,\"isDesaturated\":true,\"mapType\":\"Shaded Circle Markers\",\"wms\":{\"enabled\":false,\"options\":{\"attribution\":\"Maps provided by USGS\",\"format\":\"image/png\",\"layers\":\"0\",\"styles\":\"\",\"transparent\":true,\"version\":\"1.3.0\"},\"url\":\"https://basemap.nationalmap.gov/arcgis/services/USGSTopo/MapServer/WMSServer\"}},\"title\":\"Syslog - Map\",\"type\":\"tile_map\"}",
|
|
"uiStateJSON": "{}",
|
|
"description": "",
|
|
"savedSearchId": "Syslog-Logs",
|
|
"version": 1,
|
|
"kibanaSavedObjectMeta": {
|
|
"searchSourceJSON": "{\"filter\":[]}"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"_id": "Syslog-Username-Tagcloud",
|
|
"_type": "visualization",
|
|
"_source": {
|
|
"title": "Syslog - Username Tagcloud",
|
|
"visState": "{\"title\":\"Syslog - Username Tagcloud\",\"type\":\"tagcloud\",\"params\":{\"font\":\"serif\",\"fontStyle\":\"normal\",\"fontWeight\":\"normal\",\"fromDegree\":0,\"maxFontSize\":72,\"minFontSize\":18,\"orientations\":1,\"spiral\":\"archimedean\",\"textScale\":\"linear\",\"timeInterval\":500,\"toDegree\":0},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"username.raw\",\"size\":25,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}",
|
|
"uiStateJSON": "{}",
|
|
"description": "",
|
|
"savedSearchId": "Syslog-Logs",
|
|
"version": 1,
|
|
"kibanaSavedObjectMeta": {
|
|
"searchSourceJSON": "{\"filter\":[]}"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"_id": "P0f-OS-Distribution",
|
|
"_type": "visualization",
|
|
"_source": {
|
|
"title": "P0f - OS Distribution",
|
|
"visState": "{\"title\":\"P0f - OS Distribution\",\"type\":\"histogram\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"scale\":\"linear\",\"mode\":\"stacked\",\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"3\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"os.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"2\"}},{\"id\":\"2\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}",
|
|
"uiStateJSON": "{\"vis\":{\"legendOpen\":false}}",
|
|
"description": "",
|
|
"savedSearchId": "P0f-Logs",
|
|
"version": 1,
|
|
"kibanaSavedObjectMeta": {
|
|
"searchSourceJSON": "{\"index\":\"logstash-*\",\"filter\":[]}"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"_id": "Honeytrap-Source-IP-Top-10",
|
|
"_type": "visualization",
|
|
"_source": {
|
|
"title": "Honeytrap - Source IP - Top 10",
|
|
"visState": "{\"title\":\"Honeytrap - Source IP - Top 10\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"src_ip.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}",
|
|
"uiStateJSON": "{}",
|
|
"description": "",
|
|
"savedSearchId": "Honeytrap-Logs",
|
|
"version": 1,
|
|
"kibanaSavedObjectMeta": {
|
|
"searchSourceJSON": "{\"filter\":[]}"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"_id": "Syslog-Event-Counter",
|
|
"_type": "visualization",
|
|
"_source": {
|
|
"title": "Syslog - Event Counter",
|
|
"visState": "{\"aggs\":[{\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"}],\"listeners\":{},\"params\":{\"fontSize\":\"48\"},\"title\":\"Syslog - Event Counter\",\"type\":\"metric\"}",
|
|
"uiStateJSON": "{}",
|
|
"description": "",
|
|
"savedSearchId": "Syslog-Logs",
|
|
"version": 1,
|
|
"kibanaSavedObjectMeta": {
|
|
"searchSourceJSON": "{\"filter\":[]}"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"_id": "Syslog-Events-by-Country-Histogram",
|
|
"_type": "visualization",
|
|
"_source": {
|
|
"title": "Syslog - Events by Country Histogram",
|
|
"visState": "{\"aggs\":[{\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"id\":\"3\",\"params\":{\"field\":\"geoip.country_name.raw\",\"order\":\"desc\",\"orderBy\":\"1\",\"size\":10},\"schema\":\"group\",\"type\":\"terms\"},{\"id\":\"2\",\"params\":{\"customInterval\":\"2h\",\"extended_bounds\":{},\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1},\"schema\":\"segment\",\"type\":\"date_histogram\"}],\"listeners\":{},\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"interpolate\":\"linear\",\"radiusRatio\":9,\"scale\":\"square root\",\"setYExtents\":false,\"shareYAxis\":true,\"showCircles\":true,\"smoothLines\":false,\"times\":[],\"yAxis\":{}},\"title\":\"Syslog - Events by Country Histogram\",\"type\":\"line\"}",
|
|
"uiStateJSON": "{}",
|
|
"description": "",
|
|
"savedSearchId": "Syslog-Logs",
|
|
"version": 1,
|
|
"kibanaSavedObjectMeta": {
|
|
"searchSourceJSON": "{\"filter\":[]}"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"_id": "Syslog-Events-Histogram",
|
|
"_type": "visualization",
|
|
"_source": {
|
|
"title": "Syslog - Events Histogram",
|
|
"visState": "{\"aggs\":[{\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"id\":\"3\",\"params\":{\"field\":\"program.raw\",\"order\":\"desc\",\"orderBy\":\"1\",\"size\":10},\"schema\":\"group\",\"type\":\"terms\"},{\"id\":\"2\",\"params\":{\"customInterval\":\"2h\",\"extended_bounds\":{},\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1},\"schema\":\"segment\",\"type\":\"date_histogram\"}],\"listeners\":{},\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"interpolate\":\"linear\",\"radiusRatio\":9,\"scale\":\"square root\",\"setYExtents\":false,\"shareYAxis\":true,\"showCircles\":true,\"smoothLines\":false,\"times\":[],\"yAxis\":{}},\"title\":\"Syslog - Events Histogram\",\"type\":\"line\"}",
|
|
"uiStateJSON": "{}",
|
|
"description": "",
|
|
"savedSearchId": "Syslog-Logs",
|
|
"version": 1,
|
|
"kibanaSavedObjectMeta": {
|
|
"searchSourceJSON": "{\"filter\":[]}"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"_id": "Syslog-Countries-Top-10",
|
|
"_type": "visualization",
|
|
"_source": {
|
|
"title": "Syslog - Countries - Top 10",
|
|
"visState": "{\"aggs\":[{\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"id\":\"2\",\"params\":{\"field\":\"geoip.country_name.raw\",\"order\":\"desc\",\"orderBy\":\"1\",\"size\":10},\"schema\":\"segment\",\"type\":\"terms\"}],\"listeners\":{},\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"shareYAxis\":true},\"title\":\"Syslog - Countries - Top 10\",\"type\":\"pie\"}",
|
|
"uiStateJSON": "{}",
|
|
"description": "",
|
|
"savedSearchId": "Syslog-Logs",
|
|
"version": 1,
|
|
"kibanaSavedObjectMeta": {
|
|
"searchSourceJSON": "{\"filter\":[]}"
|
|
}
|
|
}
|
|
},
|
|
{
|
|
"_id": "ConPot-Protocol",
|
|
"_type": "visualization",
|
|
"_source": {
|
|
"title": "ConPot - Protocol",
|
|
"visState": "{\"title\":\"ConPot - Protocol\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"proto.raw\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}",
|
|
"uiStateJSON": "{}",
|
|
"description": "",
|
|
"version": 1,
|
|
"kibanaSavedObjectMeta": {
|
|
"searchSourceJSON": "{\"filter\":[],\"index\":\"logstash-*\",\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}},\"require_field_match\":false,\"fragment_size\":2147483647},\"query\":{\"query_string\":{\"query\":\"type.raw:\\\"ConPot\\\" NOT proto.raw:\\\"response\\\"\",\"analyze_wildcard\":true}}}"
|
|
}
|
|
}
|
|
}
|
|
] |