trinitor/DetectionLab
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

added Malcolm

Browse Source
This commit is contained in:
Trinitor
2021-08-06 10:35:01 +02:00
parent f043730066
commit 70f1922e80
751 changed files with 195277 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

744
Vagrant/resources/malcolm/kibana/dashboards/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb.json Normal file
View File

@@ -0,0 +1,744 @@
{
"version": "7.10.0",
"objects": [
{
"id": "7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb",
"type": "dashboard",
"namespaces": [
"default"
],
"updated_at": "2021-02-11T18:36:07.545Z",
"version": "WzM0NjUsMV0=",
"attributes": {
"title": "SSL",
"hits": 0,
"description": "",
"panelsJSON": "[{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":27,\"i\":\"1\"},\"panelIndex\":\"1\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":16,\"y\":0,\"w\":32,\"h\":8,\"i\":\"3\"},\"panelIndex\":\"3\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":63,\"w\":30,\"h\":20,\"i\":\"6\"},\"panelIndex\":\"6\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}},\"table\":null},\"panelRefName\":\"panel_2\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":37,\"y\":8,\"w\":11,\"h\":19,\"i\":\"7\"},\"panelIndex\":\"7\",\"embeddableConfig\":{},\"panelRefName\":\"panel_3\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":101,\"w\":13,\"h\":18,\"i\":\"9\"},\"panelIndex\":\"9\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":27,\"y\":101,\"w\":9,\"h\":18,\"i\":\"10\"},\"panelIndex\":\"10\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_5\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":13,\"y\":101,\"w\":14,\"h\":18,\"i\":\"11\"},\"panelIndex\":\"11\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"panelRefName\":\"panel_6\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":19,\"y\":45,\"w\":29,\"h\":18,\"i\":\"12\"},\"panelIndex\":\"12\",\"embeddableConfig\":{\"table\":null,\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}},\"panelRefName\":\"panel_7\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":8,\"y\":8,\"w\":16,\"h\":19,\"i\":\"14\"},\"panelIndex\":\"14\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":45,\"w\":19,\"h\":18,\"i\":\"19\"},\"panelIndex\":\"19\",\"embeddableConfig\":{\"table\":null,\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}},\"panelRefName\":\"panel_9\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":8,\"i\":\"20\"},\"panelIndex\":\"20\",\"embeddableConfig\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"panelRefName\":\"panel_10\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":12,\"y\":27,\"w\":36,\"h\":18,\"i\":\"21\"},\"panelIndex\":\"21\",\"embeddableConfig\":{\"table\":null,\"vis\":{\"params\":{\"sort\":{\"columnIndex\":4,\"direction\":\"desc\"}}}},\"panelRefName\":\"panel_11\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":83,\"w\":24,\"h\":18,\"i\":\"22\"},\"panelIndex\":\"22\",\"embeddableConfig\":{},\"panelRefName\":\"panel_12\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":24,\"y\":83,\"w\":24,\"h\":18,\"i\":\"23\"},\"panelIndex\":\"23\",\"embeddableConfig\":{},\"panelRefName\":\"panel_13\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":24,\"y\":8,\"w\":13,\"h\":19,\"i\":\"e57b69c8-34a0-4b5a-9146-f81034ce74fe\"},\"panelIndex\":\"e57b69c8-34a0-4b5a-9146-f81034ce74fe\",\"embeddableConfig\":{},\"panelRefName\":\"panel_14\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":27,\"w\":12,\"h\":18,\"i\":\"078aaedd-22fb-4a22-ad5b-b81403587fde\"},\"panelIndex\":\"078aaedd-22fb-4a22-ad5b-b81403587fde\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_15\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":30,\"y\":63,\"w\":18,\"h\":20,\"i\":\"c151c3a5-c079-4d3b-8a31-da338b974e44\"},\"panelIndex\":\"c151c3a5-c079-4d3b-8a31-da338b974e44\",\"embeddableConfig\":{\"vis\":{\"legendOpen\":false}},\"panelRefName\":\"panel_16\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":36,\"y\":101,\"w\":12,\"h\":18,\"i\":\"cd6004c4-d604-4503-a4a2-d1c38e852279\"},\"panelIndex\":\"cd6004c4-d604-4503-a4a2-d1c38e852279\",\"embeddableConfig\":{},\"panelRefName\":\"panel_17\"},{\"version\":\"7.10.0\",\"gridData\":{\"x\":0,\"y\":119,\"w\":48,\"h\":43,\"i\":\"bbcebabc-0baf-4b15-ad17-fc7633b9b8b8\"},\"panelIndex\":\"bbcebabc-0baf-4b15-ad17-fc7633b9b8b8\",\"embeddableConfig\":{},\"panelRefName\":\"panel_18\"}]",
"optionsJSON": "{\"useMargins\":true}",
"version": 1,
"timeRestore": false,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"default_field\":\"*\",\"query\":\"*\",\"time_zone\":\"America/Boise\"}}},\"filter\":[]}"
}
},
"references": [
{
"name": "panel_0",
"type": "visualization",
"id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3"
},
{
"name": "panel_1",
"type": "visualization",
"id": "dc0b1b11-52da-4cc0-bddf-db127bd6cfee"
},
{
"name": "panel_2",
"type": "visualization",
"id": "d988522e-b3a8-4d74-98d4-96aff3e0f3f9"
},
{
"name": "panel_3",
"type": "visualization",
"id": "20fa1fd0-f204-499d-996f-e41e1ee3d40f"
},
{
"name": "panel_4",
"type": "visualization",
"id": "df8bd09c-064c-45b3-8d54-9797ccb58d74"
},
{
"name": "panel_5",
"type": "visualization",
"id": "f81fe18d-c2ff-4757-9de3-8b943a759169"
},
{
"name": "panel_6",
"type": "visualization",
"id": "b50ee1a8-d83d-46bf-9ba2-419d089d4797"
},
{
"name": "panel_7",
"type": "visualization",
"id": "8486949c-3592-4831-9020-59bfd968ccfa"
},
{
"name": "panel_8",
"type": "visualization",
"id": "d7a673bc-4a11-423b-acd3-a446425551c1"
},
{
"name": "panel_9",
"type": "visualization",
"id": "f821c7fe-0dd3-4c3c-b5df-77b926f4007a"
},
{
"name": "panel_10",
"type": "visualization",
"id": "AWDHElRWxQT5EBNmq4lz"
},
{
"name": "panel_11",
"type": "visualization",
"id": "1567ea7f-8d0e-470b-adbf-f605dd68bdce"
},
{
"name": "panel_12",
"type": "visualization",
"id": "371b06d0-72a1-11e9-b0f3-590266f42743"
},
{
"name": "panel_13",
"type": "visualization",
"id": "bdda87a0-72a0-11e9-b0f3-590266f42743"
},
{
"name": "panel_14",
"type": "visualization",
"id": "fa696510-4e9b-11ea-b504-97aa449f6abc"
},
{
"name": "panel_15",
"type": "visualization",
"id": "41325860-4dd6-11ea-8336-d3388483188b"
},
{
"name": "panel_16",
"type": "visualization",
"id": "9c20d940-4dd6-11ea-8336-d3388483188b"
},
{
"name": "panel_17",
"type": "visualization",
"id": "f13ba720-4dd6-11ea-8336-d3388483188b"
},
{
"name": "panel_18",
"type": "search",
"id": "b945a684-0841-4e86-87aa-0f1af6fb6579"
}
],
"migrationVersion": {
"dashboard": "7.9.3"
}
},
{
"id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3",
"type": "visualization",
"namespaces": [
"default"
],
"updated_at": "2021-02-10T21:25:09.616Z",
"version": "Wzg3MiwxXQ==",
"attributes": {
"title": "Zeek Logs",
"visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/dashboards#/view/0ad3d7c2-3441-485e-9dfe-dbb22e84e576) \\n[Security Overview](/kibana/app/dashboards#/view/95479950-41f2-11ea-88fa-7151df485405) \\n[ICS/IoT Security Overview](/kibana/app/dashboards#/view/4a4bde20-4760-11ea-949c-bbb5a9feecbf) \\n[Connections](/kibana/app/dashboards#/view/abdd7550-2c7c-40dc-947e-f6d186a158c4) \\n[Actions and Results](/kibana/app/dashboards#/view/a33e0a50-afcd-11ea-993f-b7d8522a8bed) \\n[Files](/kibana/app/dashboards#/view/9ee51f94-3316-4fc5-bd89-93a52af69714) \\n[Executables](/kibana/app/dashboards#/view/0a490422-0ce9-44bf-9a2d-19329ddde8c3) \\n[Software](/kibana/app/dashboards#/view/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85) \\n[Notices](/kibana/app/dashboards#/view/f1f09567-fc7f-450b-a341-19d2f2bb468b) \\n[Weird](/kibana/app/dashboards#/view/1fff49f6-0199-4a0f-820b-721aff9ff1f1) \\n[Signatures](/kibana/app/dashboards#/view/665d1610-523d-11e9-a30e-e3576242f3ed) \\n[Intel Feeds](/kibana/app/dashboards#/view/36ed695f-edcc-47c1-b0ec-50d20c93ce0f) \\n[↪ Arkime](/sessions) \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/dashboards#/view/432af556-c5c0-4cc3-8166-b274b4e3a406) ● [DHCP](/kibana/app/dashboards#/view/2d98bb8e-214c-4374-837b-20e1bcd63a5e) ● [DNS](/kibana/app/dashboards#/view/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9) ● [FTP](/kibana/app/dashboards#/view/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](/kibana/app/dashboards#/view/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48) ● [HTTP](/kibana/app/dashboards#/view/37041ee1-79c0-4684-a436-3173b0e89876) ● [IRC](/kibana/app/dashboards#/view/76f2f912-80da-44cd-ab66-6a73c8344cc3) ● [Kerberos](/kibana/app/dashboards#/view/82da3101-2a9c-4ae2-bb61-d447a3fbe673) ● [LDAP](/kibana/app/dashboards#/view/05e3e000-f118-11e9-acda-83a8e29e1a24) ● [MySQL](/kibana/app/dashboards#/view/50ced171-1b10-4c3f-8b67-2db9635661a6) ● [NTLM](/kibana/app/dashboards#/view/543118a9-02d7-43fe-b669-b8652177fc37) ● [NTP](/kibana/app/dashboards#/view/af5df620-eeb6-11e9-bdef-65a192b7f586) ● [QUIC](/kibana/app/dashboards#/view/11ddd980-e388-11e9-b568-cf17de8e860c) ● [RADIUS](/kibana/app/dashboards#/view/ae79b7d1-4281-4095-b2f6-fa7eafda9970) ● [RDP](/kibana/app/dashboards#/view/7f41913f-cba8-43f5-82a8-241b7ead03e0) ● [RFB](/kibana/app/dashboards#/view/f77bf097-18a8-465c-b634-eb2acc7a4f26) ● [SIP](/kibana/app/dashboards#/view/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa) ● [SMB](/kibana/app/dashboards#/view/42e831b9-41a9-4f35-8b7d-e1566d368773) ● [SMTP](/kibana/app/dashboards#/view/bb827f8e-639e-468c-93c8-9f5bc132eb8f) ● [SNMP](/kibana/app/dashboards#/view/4e5f106e-c60a-4226-8f64-d534abb912ab) ● [SSH](/kibana/app/dashboards#/view/caef3ade-d289-4d05-a511-149f3e97f238) ● [SSL](/kibana/app/dashboards#/view/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/dashboards#/view/024062a6-48d6-498f-a91a-3bf2da3a3cd3) ● [Syslog](/kibana/app/dashboards#/view/92985909-dc29-4533-9e80-d3182a0ecf1d) ● [TDS](/kibana/app/dashboards#/view/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/dashboards#/view/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/dashboards#/view/fa141950-ef89-11e9-b38a-2db3ee640e88) ● [Telnet / rlogin / rsh](/kibana/app/dashboards#/view/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2) ● [Tunnels](/kibana/app/dashboards#/view/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/dashboards#/view/2bec1490-eb94-11e9-a384-0fcf32210194) ● [BSAP](/kibana/app/dashboards#/view/ca5799a0-56b5-11eb-b749-576de068f8ad) ● [DNP3](/kibana/app/dashboards#/view/870a5862-6c26-4a08-99fd-0c06cda85ba3) ● [EtherCAT](/kibana/app/dashboards#/view/4a073440-b286-11eb-a4d4-09fa12a6ebd4) ● [EtherNet/IP](/kibana/app/dashboards#/view/29a1b290-eb98-11e9-a384-0fcf32210194) ● [Modbus](/kibana/app/dashboards#/view/152f29dc-51a2-4f53-93e9-6e92765567b8) ● [MQTT](/kibana/app/dashboards#/view/87a32f90-ef58-11e9-974e-9d600036d105) ● [PROFINET](/kibana/app/dashboards#/view/a7514350-eba6-11e9-a384-0fcf32210194) ● [S7comm](/kibana/app/dashboards#/view/e76d05c0-eb9f-11e9-a384-0fcf32210194) ● [Best Guess](/kibana/app/dashboards#/view/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
"uiStateJSON": "{}",
"description": "",
"version": 1,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"query\":{\"query\":{\"query_string\":{\"query\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}"
}
},
"references": [],
"migrationVersion": {
"visualization": "7.10.0"
}
},
{
"id": "dc0b1b11-52da-4cc0-bddf-db127bd6cfee",
"type": "visualization",
"namespaces": [
"default"
],
"updated_at": "2021-02-10T21:24:39.113Z",
"version": "WzU0MCwxXQ==",
"attributes": {
"visState": "{\"title\":\"SSL - Log Count Over Time\",\"type\":\"line\",\"params\":{\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{\"text\":\"firstPacket per 12 hours\"}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"mode\":\"normal\",\"type\":\"line\",\"drawLinesBetweenPoints\":true,\"showCircles\":true,\"interpolate\":\"linear\",\"lineWidth\":2,\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"valueAxis\":\"ValueAxis-1\"}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"firstPacket\",\"interval\":\"auto\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}",
"description": "",
"title": "SSL - Log Count Over Time",
"uiStateJSON": "{}",
"version": 1,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"filter\":[]}"
},
"savedSearchRefName": "search_0"
},
"references": [
{
"type": "search",
"name": "search_0",
"id": "b945a684-0841-4e86-87aa-0f1af6fb6579"
}
],
"migrationVersion": {
"visualization": "7.10.0"
}
},
{
"id": "d988522e-b3a8-4d74-98d4-96aff3e0f3f9",
"type": "visualization",
"namespaces": [
"default"
],
"updated_at": "2021-02-10T21:24:39.113Z",
"version": "WzU0MSwxXQ==",
"attributes": {
"visState": "{\"title\":\"SSL - Certificate Subject\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_ssl.subject_full\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Subject\"}}],\"listeners\":{}}",
"description": "",
"title": "SSL - Certificate Subject",
"uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
"version": 1,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"filter\":[]}"
},
"savedSearchRefName": "search_0"
},
"references": [
{
"type": "search",
"name": "search_0",
"id": "b945a684-0841-4e86-87aa-0f1af6fb6579"
}
],
"migrationVersion": {
"visualization": "7.10.0"
}
},
{
"id": "20fa1fd0-f204-499d-996f-e41e1ee3d40f",
"type": "visualization",
"namespaces": [
"default"
],
"updated_at": "2021-02-10T21:24:39.113Z",
"version": "WzU0MiwxXQ==",
"attributes": {
"title": "SSL - Version",
"visState": "{\"title\":\"SSL - Version\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"isDonut\":false,\"type\":\"pie\",\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"zeek_ssl.ssl_version: Descending\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek_ssl.ssl_version\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}",
"uiStateJSON": "{}",
"description": "",
"version": 1,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"
},
"savedSearchRefName": "search_0"
},
"references": [
{
"name": "search_0",
"type": "search",
"id": "b945a684-0841-4e86-87aa-0f1af6fb6579"
}
],
"migrationVersion": {
"visualization": "7.10.0"
}
},
{
"id": "df8bd09c-064c-45b3-8d54-9797ccb58d74",
"type": "visualization",
"namespaces": [
"default"
],
"updated_at": "2021-02-10T21:24:39.113Z",
"version": "WzU0MywxXQ==",
"attributes": {
"visState": "{\"title\":\"SSL - Source IP Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"srcIp\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}",
"description": "",
"title": "SSL - Source IP Address",
"uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
"version": 1,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"filter\":[]}"
},
"savedSearchRefName": "search_0"
},
"references": [
{
"type": "search",
"name": "search_0",
"id": "b945a684-0841-4e86-87aa-0f1af6fb6579"
}
],
"migrationVersion": {
"visualization": "7.10.0"
}
},
{
"id": "f81fe18d-c2ff-4757-9de3-8b943a759169",
"type": "visualization",
"namespaces": [
"default"
],
"updated_at": "2021-02-10T21:24:39.113Z",
"version": "WzU0NCwxXQ==",
"attributes": {
"visState": "{\"title\":\"SSL - Destination Port\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dstPort\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}],\"listeners\":{}}",
"description": "",
"title": "SSL - Destination Port",
"uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
"version": 1,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"filter\":[]}"
},
"savedSearchRefName": "search_0"
},
"references": [
{
"type": "search",
"name": "search_0",
"id": "b945a684-0841-4e86-87aa-0f1af6fb6579"
}
],
"migrationVersion": {
"visualization": "7.10.0"
}
},
{
"id": "b50ee1a8-d83d-46bf-9ba2-419d089d4797",
"type": "visualization",
"namespaces": [
"default"
],
"updated_at": "2021-02-10T21:24:39.113Z",
"version": "WzU0NSwxXQ==",
"attributes": {
"visState": "{\"title\":\"SSL - Destination Address\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dstIp\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Address\"}}],\"listeners\":{}}",
"description": "",
"title": "SSL - Destination Address",
"uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
"version": 1,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"filter\":[]}"
},
"savedSearchRefName": "search_0"
},
"references": [
{
"type": "search",
"name": "search_0",
"id": "b945a684-0841-4e86-87aa-0f1af6fb6579"
}
],
"migrationVersion": {
"visualization": "7.10.0"
}
},
{
"id": "8486949c-3592-4831-9020-59bfd968ccfa",
"type": "visualization",
"namespaces": [
"default"
],
"updated_at": "2021-02-10T21:24:39.113Z",
"version": "WzU0NiwxXQ==",
"attributes": {
"title": "SSL - Server",
"visState": "{\"title\":\"SSL - Server\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Server\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"number\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Randomness Score (method 1)\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_ssl.server_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.freq_score_v1\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Randomness Score (method 1)\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek.freq_score_v2\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Randomness Score (method 2)\"}}]}",
"uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}",
"description": "",
"version": 1,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"filter\":[]}"
},
"savedSearchRefName": "search_0"
},
"references": [
{
"name": "search_0",
"type": "search",
"id": "b945a684-0841-4e86-87aa-0f1af6fb6579"
}
],
"migrationVersion": {
"visualization": "7.10.0"
}
},
{
"id": "d7a673bc-4a11-423b-acd3-a446425551c1",
"type": "visualization",
"namespaces": [
"default"
],
"updated_at": "2021-02-10T21:24:39.113Z",
"version": "WzU0NywxXQ==",
"attributes": {
"title": "SSL - Destination Country",
"visState": "{\"title\":\"SSL - Destination Country\",\"type\":\"histogram\",\"params\":{\"addLegend\":false,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"zeek.destination_geo.country_name: Descending\"},\"type\":\"category\"}],\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"right\",\"radiusRatio\":9,\"scale\":\"linear\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"drawLinesBetweenPoints\":true,\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"histogram\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"showCircles\":true,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Count\"},\"type\":\"value\"}],\"type\":\"histogram\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek.destination_geo.country_name\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\"}}]}",
"uiStateJSON": "{}",
"description": "",
"version": 1,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"
},
"savedSearchRefName": "search_0"
},
"references": [
{
"type": "search",
"name": "search_0",
"id": "b945a684-0841-4e86-87aa-0f1af6fb6579"
}
],
"migrationVersion": {
"visualization": "7.10.0"
}
},
{
"id": "f821c7fe-0dd3-4c3c-b5df-77b926f4007a",
"type": "visualization",
"namespaces": [
"default"
],
"updated_at": "2021-02-10T21:24:39.113Z",
"version": "WzU0OCwxXQ==",
"attributes": {
"visState": "{\"title\":\"SSL - Validation Status\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_ssl.validation_status\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Validation Status\"}}],\"listeners\":{}}",
"description": "",
"title": "SSL - Validation Status",
"uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
"version": 1,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"filter\":[]}"
},
"savedSearchRefName": "search_0"
},
"references": [
{
"type": "search",
"name": "search_0",
"id": "b945a684-0841-4e86-87aa-0f1af6fb6579"
}
],
"migrationVersion": {
"visualization": "7.10.0"
}
},
{
"id": "AWDHElRWxQT5EBNmq4lz",
"type": "visualization",
"namespaces": [
"default"
],
"updated_at": "2021-02-10T21:24:39.113Z",
"version": "WzU0OSwxXQ==",
"attributes": {
"title": "SSL - Log Count",
"visState": "{\"title\":\"SSL - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"gauge\",\"gauge\":{\"verticalSplit\":false,\"autoExtend\":false,\"percentageMode\":false,\"gaugeType\":\"Metric\",\"gaugeStyle\":\"Full\",\"backStyle\":\"Full\",\"orientation\":\"vertical\",\"colorSchema\":\"Green to Red\",\"gaugeColorMode\":\"None\",\"useRange\":false,\"colorsRange\":[{\"from\":0,\"to\":100}],\"invertColors\":false,\"labels\":{\"show\":false,\"color\":\"black\"},\"scale\":{\"show\":false,\"labels\":false,\"color\":\"#333\",\"width\":2},\"type\":\"simple\",\"style\":{\"fontSize\":\"30\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"bgFill\":\"#FB9E00\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}],\"listeners\":{}}",
"uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}",
"description": "",
"version": 1,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"filter\":[]}"
},
"savedSearchRefName": "search_0"
},
"references": [
{
"type": "search",
"name": "search_0",
"id": "b945a684-0841-4e86-87aa-0f1af6fb6579"
}
],
"migrationVersion": {
"visualization": "7.10.0"
}
},
{
"id": "1567ea7f-8d0e-470b-adbf-f605dd68bdce",
"type": "visualization",
"namespaces": [
"default"
],
"updated_at": "2021-02-10T21:24:39.113Z",
"version": "WzU1MCwxXQ==",
"attributes": {
"title": "SSL - Summary",
"visState": "{\"title\":\"SSL - Summary\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_ssl.server_name\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Server Name\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_ssl.subject.CN\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Common Name\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_ssl.validation_status\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Validation Status\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_ssl.ssl_version\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"TLS Version\"}}]}",
"uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
"description": "",
"version": 1,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"
},
"savedSearchRefName": "search_0"
},
"references": [
{
"type": "search",
"name": "search_0",
"id": "b945a684-0841-4e86-87aa-0f1af6fb6579"
}
],
"migrationVersion": {
"visualization": "7.10.0"
}
},
{
"id": "371b06d0-72a1-11e9-b0f3-590266f42743",
"type": "visualization",
"namespaces": [
"default"
],
"updated_at": "2021-02-10T21:24:39.113Z",
"version": "WzU1MSwxXQ==",
"attributes": {
"title": "SSL - Client JA3 Lookup",
"visState": "{\"title\":\"SSL - Client JA3 Lookup\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_ssl.ja3_desc\",\"size\":500,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client JA3 Lookup\"}}]}",
"uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
"description": "",
"version": 1,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
},
"savedSearchRefName": "search_0"
},
"references": [
{
"type": "search",
"name": "search_0",
"id": "b945a684-0841-4e86-87aa-0f1af6fb6579"
}
],
"migrationVersion": {
"visualization": "7.10.0"
}
},
{
"id": "bdda87a0-72a0-11e9-b0f3-590266f42743",
"type": "visualization",
"namespaces": [
"default"
],
"updated_at": "2021-02-10T21:24:39.113Z",
"version": "WzU1MiwxXQ==",
"attributes": {
"title": "SSL - Server JA3 Lookup",
"visState": "{\"title\":\"SSL - Server JA3 Lookup\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_ssl.ja3s_desc\",\"size\":500,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server JA3 Lookup\"}}]}",
"uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
"description": "",
"version": 1,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
},
"savedSearchRefName": "search_0"
},
"references": [
{
"type": "search",
"name": "search_0",
"id": "b945a684-0841-4e86-87aa-0f1af6fb6579"
}
],
"migrationVersion": {
"visualization": "7.10.0"
}
},
{
"id": "fa696510-4e9b-11ea-b504-97aa449f6abc",
"type": "visualization",
"namespaces": [
"default"
],
"updated_at": "2021-02-10T21:24:39.113Z",
"version": "WzU1MywxXQ==",
"attributes": {
"title": "SSL - Relevant Notices",
"visState": "{\"title\":\"SSL - Relevant Notices\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":4,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Notice Category\",\"aggType\":\"terms\"},{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Notice Subcategory\",\"aggType\":\"terms\"},{\"accessor\":2,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"ip\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"-\"}},\"params\":{},\"label\":\"Source IP\",\"aggType\":\"terms\"},{\"accessor\":3,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"ip\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"1\"}},\"params\":{},\"label\":\"Destination IP\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_notice.category\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Notice Category\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_notice.sub_category\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Notice Subcategory\"}}]}",
"uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}",
"description": "",
"version": 1,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"query\":{\"query\":\"zeek_notice.category:(SSL OR CVE_2020_0601)\",\"language\":\"lucene\"},\"filter\":[]}"
},
"savedSearchRefName": "search_0"
},
"references": [
{
"name": "search_0",
"type": "search",
"id": "8f003748-a6f8-4244-9d4e-e38e4a48da4c"
}
],
"migrationVersion": {
"visualization": "7.10.0"
}
},
{
"id": "41325860-4dd6-11ea-8336-d3388483188b",
"type": "visualization",
"namespaces": [
"default"
],
"updated_at": "2021-02-10T21:24:39.113Z",
"version": "WzU1NCwxXQ==",
"attributes": {
"title": "SSL - Connection Established",
"visState": "{\"title\":\"SSL - Connection Established\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"isDonut\":true,\"labels\":{\"show\":true,\"values\":false,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Established\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek_ssl.established\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Established\"}}]}",
"uiStateJSON": "{}",
"description": "",
"version": 1,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{}"
},
"savedSearchRefName": "search_0"
},
"references": [
{
"name": "search_0",
"type": "search",
"id": "b945a684-0841-4e86-87aa-0f1af6fb6579"
}
],
"migrationVersion": {
"visualization": "7.10.0"
}
},
{
"id": "9c20d940-4dd6-11ea-8336-d3388483188b",
"type": "visualization",
"namespaces": [
"default"
],
"updated_at": "2021-02-10T21:24:39.113Z",
"version": "WzU1NSwxXQ==",
"attributes": {
"title": "SSL - Elliptic Curve",
"visState": "{\"title\":\"SSL - Elliptic Curve\",\"type\":\"horizontal_bar\",\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"square root\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"},\"dimensions\":{\"x\":{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Elliptic Curve\",\"aggType\":\"terms\"},\"y\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek_ssl.curve\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Elliptic Curve\"}}]}",
"uiStateJSON": "{}",
"description": "",
"version": 1,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{}"
},
"savedSearchRefName": "search_0"
},
"references": [
{
"name": "search_0",
"type": "search",
"id": "b945a684-0841-4e86-87aa-0f1af6fb6579"
}
],
"migrationVersion": {
"visualization": "7.10.0"
}
},
{
"id": "f13ba720-4dd6-11ea-8336-d3388483188b",
"type": "visualization",
"namespaces": [
"default"
],
"updated_at": "2021-02-10T21:24:39.113Z",
"version": "WzU1NiwxXQ==",
"attributes": {
"title": "SSL - Next Protocol",
"visState": "{\"title\":\"SSL - Next Protocol\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":0,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_ssl.next_protocol\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Next Protocol\"}}]}",
"uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}",
"description": "",
"version": 1,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{}"
},
"savedSearchRefName": "search_0"
},
"references": [
{
"name": "search_0",
"type": "search",
"id": "b945a684-0841-4e86-87aa-0f1af6fb6579"
}
],
"migrationVersion": {
"visualization": "7.10.0"
}
},
{
"id": "b945a684-0841-4e86-87aa-0f1af6fb6579",
"type": "search",
"namespaces": [
"default"
],
"updated_at": "2021-02-10T21:24:39.113Z",
"version": "WzU1NywxXQ==",
"attributes": {
"title": "SSL - Logs",
"description": "",
"hits": 0,
"columns": [
"srcIp",
"dstIp",
"dstPort",
"zeek_ssl.server_name",
"zeek_ssl.validation_status",
"zeek_ssl.established",
"zeek.uid"
],
"sort": [
[
"firstPacket",
"desc"
]
],
"version": 1,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query\":{\"query_string\":{\"query\":\"zeek.logType:ssl\",\"analyze_wildcard\":true}},\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
}
},
"references": [
{
"name": "kibanaSavedObjectMeta.searchSourceJSON.index",
"type": "index-pattern",
"id": "sessions2-*"
}
],
"migrationVersion": {
"search": "7.9.3"
}
},
{
"id": "8f003748-a6f8-4244-9d4e-e38e4a48da4c",
"type": "search",
"namespaces": [
"default"
],
"updated_at": "2021-02-10T21:25:06.578Z",
"version": "Wzg0OCwxXQ==",
"attributes": {
"title": "Notices - Logs",
"description": "",
"hits": 0,
"columns": [
"zeek_notice.category",
"zeek_notice.sub_category",
"zeek_notice.msg",
"srcIp",
"dstIp",
"zeek.uid"
],
"sort": [
[
"firstPacket",
"desc"
]
],
"version": 1,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"zeek.logType:notice\",\"default_field\":\"*\"}}},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
}
},
"references": [
{
"name": "kibanaSavedObjectMeta.searchSourceJSON.index",
"type": "index-pattern",
"id": "sessions2-*"
}
],
"migrationVersion": {
"search": "7.9.3"
}
}
]
}