trinitor/DetectionLab
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Files
master
DetectionLab/Vagrant/resources/malcolm/kibana/dashboards/152f29dc-51a2-4f53-93e9-6e92765567b8.json
Trinitor 70f1922e80 added Malcolm
2021-08-06 10:35:01 +02:00

718 lines
45 KiB
JSON
Raw Permalink Blame History

{
"version": "7.10.0",
"objects": [
{
"id": "152f29dc-51a2-4f53-93e9-6e92765567b8",
"type": "dashboard",
"namespaces": [
"default"
],
"updated_at": "2021-02-11T14:57:58.862Z",
"version": "WzE3MDMsMV0=",
"attributes": {
"title": "Modbus",
"hits": 0,
"description": "Dashboard for the Modbus Protocol",
"panelsJSON": "[{\"version\":\"7.10.0\",\"gridData\":{\"h\":27,\"i\":\"2\",\"w\":8,\"x\":0,\"y\":0},\"panelIndex\":\"2\",\"embeddableConfig\":{},\"panelRefName\":\"panel_0\"},{\"version\":\"7.10.0\",\"gridData\":{\"h\":18,\"i\":\"11\",\"w\":18,\"x\":8,\"y\":22},\"panelIndex\":\"11\",\"embeddableConfig\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"asc\"}},\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}},\"panelRefName\":\"panel_1\"},{\"version\":\"7.10.0\",\"gridData\":{\"h\":18,\"i\":\"14\",\"w\":48,\"x\":0,\"y\":96},\"panelIndex\":\"14\",\"embeddableConfig\":{},\"panelRefName\":\"panel_2\"},{\"version\":\"7.10.0\",\"gridData\":{\"h\":19,\"i\":\"15\",\"w\":10,\"x\":0,\"y\":58},\"panelIndex\":\"15\",\"embeddableConfig\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"asc\"}},\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}},\"panelRefName\":\"panel_3\"},{\"version\":\"7.10.0\",\"gridData\":{\"h\":19,\"i\":\"16\",\"w\":11,\"x\":10,\"y\":58},\"panelIndex\":\"16\",\"embeddableConfig\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"asc\"}},\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}},\"panelRefName\":\"panel_4\"},{\"version\":\"7.10.0\",\"gridData\":{\"h\":18,\"i\":\"18\",\"w\":21,\"x\":0,\"y\":40},\"panelIndex\":\"18\",\"embeddableConfig\":{},\"panelRefName\":\"panel_5\"},{\"version\":\"7.10.0\",\"gridData\":{\"h\":13,\"i\":\"19\",\"w\":8,\"x\":0,\"y\":27},\"panelIndex\":\"19\",\"embeddableConfig\":{\"legendOpen\":true,\"vis\":{\"legendOpen\":true},\"table\":null},\"panelRefName\":\"panel_6\"},{\"version\":\"7.10.0\",\"gridData\":{\"h\":22,\"i\":\"90799aa8-a1f5-4f22-8ebd-fcc89d16f6de\",\"w\":10,\"x\":8,\"y\":0},\"panelIndex\":\"90799aa8-a1f5-4f22-8ebd-fcc89d16f6de\",\"embeddableConfig\":{},\"panelRefName\":\"panel_7\"},{\"version\":\"7.10.0\",\"gridData\":{\"h\":22,\"i\":\"218010cf-a0d9-4864-815b-f562bb67949d\",\"w\":30,\"x\":18,\"y\":0},\"panelIndex\":\"218010cf-a0d9-4864-815b-f562bb67949d\",\"embeddableConfig\":{},\"panelRefName\":\"panel_8\"},{\"version\":\"7.10.0\",\"gridData\":{\"h\":18,\"i\":\"94289b59-62a3-49ac-9847-de4b42858ae6\",\"w\":22,\"x\":26,\"y\":22},\"panelIndex\":\"94289b59-62a3-49ac-9847-de4b42858ae6\",\"embeddableConfig\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"asc\"}},\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}},\"panelRefName\":\"panel_9\"},{\"version\":\"7.10.0\",\"gridData\":{\"h\":37,\"i\":\"f8941a7d-be4b-4782-b72b-808645d02139\",\"w\":27,\"x\":21,\"y\":40},\"panelIndex\":\"f8941a7d-be4b-4782-b72b-808645d02139\",\"embeddableConfig\":{},\"panelRefName\":\"panel_10\"},{\"version\":\"7.10.0\",\"gridData\":{\"h\":19,\"i\":\"502f22a6-2e5c-44dd-afa8-39309464f3f2\",\"w\":24,\"x\":24,\"y\":77},\"panelIndex\":\"502f22a6-2e5c-44dd-afa8-39309464f3f2\",\"embeddableConfig\":{\"params\":{\"sort\":{\"columnIndex\":5,\"direction\":\"asc\"}},\"vis\":{\"params\":{\"sort\":{\"columnIndex\":5,\"direction\":\"desc\"}}}},\"panelRefName\":\"panel_11\"},{\"version\":\"7.10.0\",\"gridData\":{\"h\":19,\"i\":\"c0d7fb2c-a651-4054-b4cd-026d9f34ad44\",\"w\":24,\"x\":0,\"y\":77},\"panelIndex\":\"c0d7fb2c-a651-4054-b4cd-026d9f34ad44\",\"embeddableConfig\":{\"params\":{\"sort\":{\"columnIndex\":4,\"direction\":\"asc\"}},\"vis\":{\"params\":{\"sort\":{\"columnIndex\":4,\"direction\":\"desc\"}}}},\"panelRefName\":\"panel_12\"},{\"version\":\"7.10.0\",\"gridData\":{\"h\":19,\"i\":\"1d1b2b12-c510-4b9e-9fbe-b65a2946fe13\",\"w\":48,\"x\":0,\"y\":114},\"panelIndex\":\"1d1b2b12-c510-4b9e-9fbe-b65a2946fe13\",\"embeddableConfig\":{\"sort\":[[\"firstPacket\",\"asc\"]]},\"panelRefName\":\"panel_13\"},{\"version\":\"7.10.0\",\"gridData\":{\"h\":19,\"i\":\"99311c07-fbae-4197-ab3f-f8ddf89deefc\",\"w\":48,\"x\":0,\"y\":133},\"panelIndex\":\"99311c07-fbae-4197-ab3f-f8ddf89deefc\",\"embeddableConfig\":{},\"panelRefName\":\"panel_14\"},{\"version\":\"7.10.0\",\"gridData\":{\"h\":20,\"i\":\"f50e3c18-31ce-482f-b6a0-c99215b5b5e9\",\"w\":48,\"x\":0,\"y\":152},\"panelIndex\":\"f50e3c18-31ce-482f-b6a0-c99215b5b5e9\",\"embeddableConfig\":{},\"panelRefName\":\"panel_15\"}]",
"optionsJSON": "{\"useMargins\":true}",
"version": 1,
"timeRestore": false,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"*\"},\"filter\":[]}"
}
},
"references": [
{
"name": "panel_0",
"type": "visualization",
"id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3"
},
{
"name": "panel_1",
"type": "visualization",
"id": "e8463b80-6e08-48c2-8101-33739452d61b"
},
{
"name": "panel_2",
"type": "search",
"id": "6dd45620-ef5d-11e9-974e-9d600036d105"
},
{
"name": "panel_3",
"type": "visualization",
"id": "9b9be400-ef5e-11e9-974e-9d600036d105"
},
{
"name": "panel_4",
"type": "visualization",
"id": "b84b7cf0-ef5e-11e9-974e-9d600036d105"
},
{
"name": "panel_5",
"type": "visualization",
"id": "3e847130-ef75-11e9-91bd-23d686ac8389"
},
{
"name": "panel_6",
"type": "visualization",
"id": "b66427e0-ef75-11e9-91bd-23d686ac8389"
},
{
"name": "panel_7",
"type": "visualization",
"id": "39dd5680-e3c9-11ea-b05f-2302f75ab2c8"
},
{
"name": "panel_8",
"type": "visualization",
"id": "9d53fc00-e3c9-11ea-b05f-2302f75ab2c8"
},
{
"name": "panel_9",
"type": "visualization",
"id": "54a9c5a0-e3cb-11ea-b05f-2302f75ab2c8"
},
{
"name": "panel_10",
"type": "visualization",
"id": "a8851d60-5684-11eb-a702-bff6ecd13bea"
},
{
"name": "panel_11",
"type": "visualization",
"id": "94118e70-e3d1-11ea-8def-e34cb979819b"
},
{
"name": "panel_12",
"type": "visualization",
"id": "d0dc3070-e3d2-11ea-8def-e34cb979819b"
},
{
"name": "panel_13",
"type": "search",
"id": "1cfb4e10-e0b7-11ea-8a49-0d5868b09681"
},
{
"name": "panel_14",
"type": "search",
"id": "10e72aa0-0816-11eb-987d-c591a71f172b"
},
{
"name": "panel_15",
"type": "search",
"id": "3ac0f900-0816-11eb-987d-c591a71f172b"
}
],
"migrationVersion": {
"dashboard": "7.9.3"
}
},
{
"id": "df9e399b-efa5-4e33-b0ac-a7668a8ac2b3",
"type": "visualization",
"namespaces": [
"default"
],
"updated_at": "2021-02-10T21:25:09.616Z",
"version": "Wzg3MiwxXQ==",
"attributes": {
"title": "Zeek Logs",
"visState": "{\"title\":\"Zeek Logs\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### General\\n[Overview](/kibana/app/dashboards#/view/0ad3d7c2-3441-485e-9dfe-dbb22e84e576) \\n[Security Overview](/kibana/app/dashboards#/view/95479950-41f2-11ea-88fa-7151df485405) \\n[ICS/IoT Security Overview](/kibana/app/dashboards#/view/4a4bde20-4760-11ea-949c-bbb5a9feecbf) \\n[Connections](/kibana/app/dashboards#/view/abdd7550-2c7c-40dc-947e-f6d186a158c4) \\n[Actions and Results](/kibana/app/dashboards#/view/a33e0a50-afcd-11ea-993f-b7d8522a8bed) \\n[Files](/kibana/app/dashboards#/view/9ee51f94-3316-4fc5-bd89-93a52af69714) \\n[Executables](/kibana/app/dashboards#/view/0a490422-0ce9-44bf-9a2d-19329ddde8c3) \\n[Software](/kibana/app/dashboards#/view/87d990cc-9e0b-41e5-b8fe-b10ae1da0c85) \\n[Notices](/kibana/app/dashboards#/view/f1f09567-fc7f-450b-a341-19d2f2bb468b) \\n[Weird](/kibana/app/dashboards#/view/1fff49f6-0199-4a0f-820b-721aff9ff1f1) \\n[Signatures](/kibana/app/dashboards#/view/665d1610-523d-11e9-a30e-e3576242f3ed) \\n[Intel Feeds](/kibana/app/dashboards#/view/36ed695f-edcc-47c1-b0ec-50d20c93ce0f) \\n[↪ Arkime](/sessions) \\n\\n### Common Protocols\\n[DCE/RPC](/kibana/app/dashboards#/view/432af556-c5c0-4cc3-8166-b274b4e3a406) ● [DHCP](/kibana/app/dashboards#/view/2d98bb8e-214c-4374-837b-20e1bcd63a5e) ● [DNS](/kibana/app/dashboards#/view/2cf94cd0-ecab-40a5-95a7-8419f3a39cd9) ● [FTP](/kibana/app/dashboards#/view/078b9aa5-9bd4-4f02-ae5e-cf80fa6f887b) / [TFTP](/kibana/app/dashboards#/view/bf5efbb0-60f1-11eb-9d60-dbf0411cfc48) ● [HTTP](/kibana/app/dashboards#/view/37041ee1-79c0-4684-a436-3173b0e89876) ● [IRC](/kibana/app/dashboards#/view/76f2f912-80da-44cd-ab66-6a73c8344cc3) ● [Kerberos](/kibana/app/dashboards#/view/82da3101-2a9c-4ae2-bb61-d447a3fbe673) ● [LDAP](/kibana/app/dashboards#/view/05e3e000-f118-11e9-acda-83a8e29e1a24) ● [MySQL](/kibana/app/dashboards#/view/50ced171-1b10-4c3f-8b67-2db9635661a6) ● [NTLM](/kibana/app/dashboards#/view/543118a9-02d7-43fe-b669-b8652177fc37) ● [NTP](/kibana/app/dashboards#/view/af5df620-eeb6-11e9-bdef-65a192b7f586) ● [QUIC](/kibana/app/dashboards#/view/11ddd980-e388-11e9-b568-cf17de8e860c) ● [RADIUS](/kibana/app/dashboards#/view/ae79b7d1-4281-4095-b2f6-fa7eafda9970) ● [RDP](/kibana/app/dashboards#/view/7f41913f-cba8-43f5-82a8-241b7ead03e0) ● [RFB](/kibana/app/dashboards#/view/f77bf097-18a8-465c-b634-eb2acc7a4f26) ● [SIP](/kibana/app/dashboards#/view/0b2354ae-0fe9-4fd9-b156-1c3870e5c7aa) ● [SMB](/kibana/app/dashboards#/view/42e831b9-41a9-4f35-8b7d-e1566d368773) ● [SMTP](/kibana/app/dashboards#/view/bb827f8e-639e-468c-93c8-9f5bc132eb8f) ● [SNMP](/kibana/app/dashboards#/view/4e5f106e-c60a-4226-8f64-d534abb912ab) ● [SSH](/kibana/app/dashboards#/view/caef3ade-d289-4d05-a511-149f3e97f238) ● [SSL](/kibana/app/dashboards#/view/7f77b58a-df3e-4cc2-b782-fd7f8bad8ffb) / [X.509 Certificates](/kibana/app/dashboards#/view/024062a6-48d6-498f-a91a-3bf2da3a3cd3) ● [Syslog](/kibana/app/dashboards#/view/92985909-dc29-4533-9e80-d3182a0ecf1d) ● [TDS](/kibana/app/dashboards#/view/bed185a0-ef82-11e9-b38a-2db3ee640e88) / [TDS RPC](/kibana/app/dashboards#/view/32587740-ef88-11e9-b38a-2db3ee640e88) / [TDS SQL](/kibana/app/dashboards#/view/fa141950-ef89-11e9-b38a-2db3ee640e88) ● [Telnet / rlogin / rsh](/kibana/app/dashboards#/view/c2549e10-7f2e-11ea-9f8a-1fe1327e2cd2) ● [Tunnels](/kibana/app/dashboards#/view/11be6381-beef-40a7-bdce-88c5398392fc)\\n\\n### ICS/IoT Protocols\\n[BACnet](/kibana/app/dashboards#/view/2bec1490-eb94-11e9-a384-0fcf32210194) ● [BSAP](/kibana/app/dashboards#/view/ca5799a0-56b5-11eb-b749-576de068f8ad) ● [DNP3](/kibana/app/dashboards#/view/870a5862-6c26-4a08-99fd-0c06cda85ba3) ● [EtherCAT](/kibana/app/dashboards#/view/4a073440-b286-11eb-a4d4-09fa12a6ebd4) ● [EtherNet/IP](/kibana/app/dashboards#/view/29a1b290-eb98-11e9-a384-0fcf32210194) ● [Modbus](/kibana/app/dashboards#/view/152f29dc-51a2-4f53-93e9-6e92765567b8) ● [MQTT](/kibana/app/dashboards#/view/87a32f90-ef58-11e9-974e-9d600036d105) ● [PROFINET](/kibana/app/dashboards#/view/a7514350-eba6-11e9-a384-0fcf32210194) ● [S7comm](/kibana/app/dashboards#/view/e76d05c0-eb9f-11e9-a384-0fcf32210194) ● [Best Guess](/kibana/app/dashboards#/view/12e3a130-d83b-11eb-a0b0-f328ce09b0b7)\",\"type\":\"markdown\",\"fontSize\":10,\"openLinksInNewTab\":false},\"aggs\":[]}",
"uiStateJSON": "{}",
"description": "",
"version": 1,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"query\":{\"query\":{\"query_string\":{\"query\":\"*\"}},\"language\":\"lucene\"},\"filter\":[]}"
}
},
"references": [],
"migrationVersion": {
"visualization": "7.10.0"
}
},
{
"id": "e8463b80-6e08-48c2-8101-33739452d61b",
"type": "visualization",
"namespaces": [
"default"
],
"updated_at": "2021-02-10T21:24:15.000Z",
"version": "WzIwNCwxXQ==",
"attributes": {
"title": "Modbus - Functions",
"visState": "{\"title\":\"Modbus - Functions\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false,\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Function\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_modbus.func\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Modbus Function\"}}]}",
"uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
"description": "Modbus Function Codes",
"version": 1,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"}}"
},
"savedSearchRefName": "search_0"
},
"references": [
{
"name": "search_0",
"type": "search",
"id": "126f6846-e50a-4cae-9703-80ac172a2098"
}
],
"migrationVersion": {
"visualization": "7.10.0"
}
},
{
"id": "6dd45620-ef5d-11e9-974e-9d600036d105",
"type": "search",
"namespaces": [
"default"
],
"updated_at": "2021-02-10T21:24:15.000Z",
"version": "WzIwNSwxXQ==",
"attributes": {
"title": "Modbus - Logs",
"description": "",
"hits": 0,
"columns": [
"srcIp",
"dstIp",
"dstPort",
"zeek_modbus.func",
"zeek_modbus.exception",
"zeek.uid"
],
"sort": [
[
"firstPacket",
"desc"
]
],
"version": 1,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"zeek.logType:(\\\"modbus\\\")\",\"language\":\"lucene\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
}
},
"references": [
{
"name": "kibanaSavedObjectMeta.searchSourceJSON.index",
"type": "index-pattern",
"id": "sessions2-*"
}
],
"migrationVersion": {
"search": "7.9.3"
}
},
{
"id": "9b9be400-ef5e-11e9-974e-9d600036d105",
"type": "visualization",
"namespaces": [
"default"
],
"updated_at": "2021-02-10T21:24:15.000Z",
"version": "WzIwNiwxXQ==",
"attributes": {
"title": "Modbus - Source IP",
"visState": "{\"title\":\"Modbus - Source IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"srcIp\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source IP\"}}]}",
"uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
"description": "Source IP Addresses from modbus.log",
"version": 1,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
},
"savedSearchRefName": "search_0"
},
"references": [
{
"name": "search_0",
"type": "search",
"id": "6dd45620-ef5d-11e9-974e-9d600036d105"
}
],
"migrationVersion": {
"visualization": "7.10.0"
}
},
{
"id": "b84b7cf0-ef5e-11e9-974e-9d600036d105",
"type": "visualization",
"namespaces": [
"default"
],
"updated_at": "2021-02-10T21:24:15.000Z",
"version": "WzIwNywxXQ==",
"attributes": {
"title": "Modbus - Destination IP",
"visState": "{\"title\":\"Modbus - Destination IP\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Destination Port\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dstIp\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination IP\"}}]}",
"uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}",
"description": "Destination IP Addresses from modbus.log",
"version": 1,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
},
"savedSearchRefName": "search_0"
},
"references": [
{
"name": "search_0",
"type": "search",
"id": "6dd45620-ef5d-11e9-974e-9d600036d105"
}
],
"migrationVersion": {
"visualization": "7.10.0"
}
},
{
"id": "3e847130-ef75-11e9-91bd-23d686ac8389",
"type": "visualization",
"namespaces": [
"default"
],
"updated_at": "2021-02-10T21:24:15.000Z",
"version": "WzIwOCwxXQ==",
"attributes": {
"title": "Modbus - Observed Masters and Slaves",
"visState": "{\"title\":\"Modbus - Observed Masters and Slaves\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Times Observed\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_known_modbus.device_type\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Device Type\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"srcIp\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"}}]}",
"uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}",
"description": "Modbus observed master and slave devices",
"version": 1,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
},
"savedSearchRefName": "search_0"
},
"references": [
{
"name": "search_0",
"type": "search",
"id": "da7d99a0-ef74-11e9-91bd-23d686ac8389"
}
],
"migrationVersion": {
"visualization": "7.10.0"
}
},
{
"id": "b66427e0-ef75-11e9-91bd-23d686ac8389",
"type": "visualization",
"namespaces": [
"default"
],
"updated_at": "2021-02-10T21:24:15.000Z",
"version": "WzIwOSwxXQ==",
"attributes": {
"title": "Modbus - Observed Master/Slave Ratio",
"visState": "{\"title\":\"Modbus - Observed Master/Slave Ratio\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"dimensions\":{\"metric\":{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"},\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Modbus Role\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek_known_modbus.device_type\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Modbus Role\"}}]}",
"uiStateJSON": "{\"vis\":{\"legendOpen\":true}}",
"description": "Modbus Observed Masters and Slaves Chart",
"version": 1,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
},
"savedSearchRefName": "search_0"
},
"references": [
{
"name": "search_0",
"type": "search",
"id": "da7d99a0-ef74-11e9-91bd-23d686ac8389"
}
],
"migrationVersion": {
"visualization": "7.10.0"
}
},
{
"id": "39dd5680-e3c9-11ea-b05f-2302f75ab2c8",
"type": "visualization",
"namespaces": [
"default"
],
"updated_at": "2021-02-10T21:24:15.000Z",
"version": "WzIxMCwxXQ==",
"attributes": {
"title": "Modbus - Log Count",
"visState": "{\"title\":\"Modbus - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":36}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Log Count\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"zeek.logType\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Log Type\"}}]}",
"uiStateJSON": "{}",
"description": "Count of Modbus logs including Modbus Detailed and Modbus Register Change",
"version": 1,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"query\":{\"query\":\"zeek.logType:*modbus*\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
}
},
"references": [
{
"name": "kibanaSavedObjectMeta.searchSourceJSON.index",
"type": "index-pattern",
"id": "sessions2-*"
}
],
"migrationVersion": {
"visualization": "7.10.0"
}
},
{
"id": "9d53fc00-e3c9-11ea-b05f-2302f75ab2c8",
"type": "visualization",
"namespaces": [
"default"
],
"updated_at": "2021-02-10T21:24:15.000Z",
"version": "WzIxMSwxXQ==",
"attributes": {
"title": "Modbus - Logs Over Time",
"visState": "{\"title\":\"Modbus - Logs Over Time\",\"type\":\"histogram\",\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"square root\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"times\":[],\"addTimeMarker\":false,\"labels\":{\"show\":false},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"},\"dimensions\":{\"x\":{\"accessor\":0,\"format\":{\"id\":\"date\",\"params\":{\"pattern\":\"YYYY\"}},\"params\":{\"date\":true,\"interval\":\"P365D\",\"intervalESValue\":365,\"intervalESUnit\":\"d\",\"format\":\"YYYY\",\"bounds\":{\"min\":\"1971-01-14T16:33:54.363Z\",\"max\":\"2021-01-14T16:33:54.363Z\"}},\"label\":\"firstPacket per 365 days\",\"aggType\":\"date_histogram\"},\"y\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"series\":[{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Log Type\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"firstPacket\",\"timeRange\":{\"from\":\"now-50y\",\"to\":\"now\"},\"useNormalizedEsInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"zeek.logType\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Log Type\"}}]}",
"uiStateJSON": "{\"vis\":{\"legendOpen\":true}}",
"description": "Modbus Logs over Time",
"version": 1,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"query\":{\"query\":\"zeek.logType:*modbus*\",\"language\":\"lucene\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
}
},
"references": [
{
"name": "kibanaSavedObjectMeta.searchSourceJSON.index",
"type": "index-pattern",
"id": "sessions2-*"
}
],
"migrationVersion": {
"visualization": "7.10.0"
}
},
{
"id": "54a9c5a0-e3cb-11ea-b05f-2302f75ab2c8",
"type": "visualization",
"namespaces": [
"default"
],
"updated_at": "2021-02-10T21:24:15.000Z",
"version": "WzIxMiwxXQ==",
"attributes": {
"title": "Modbus - Exceptions",
"visState": "{\"title\":\"Modbus - Exceptions\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":1,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Modbus Exception\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_modbus.func\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Function\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_modbus.exception\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Exception\"}}]}",
"uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
"description": "Modbus Exception Codes",
"version": 1,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{}"
},
"savedSearchRefName": "search_0"
},
"references": [
{
"name": "search_0",
"type": "search",
"id": "126f6846-e50a-4cae-9703-80ac172a2098"
}
],
"migrationVersion": {
"visualization": "7.10.0"
}
},
{
"id": "a8851d60-5684-11eb-a702-bff6ecd13bea",
"type": "visualization",
"namespaces": [
"default"
],
"updated_at": "2021-02-10T21:24:15.000Z",
"version": "WzIxMywxXQ==",
"attributes": {
"title": "Modbus Detailed - Request and Response",
"visState": "{\"title\":\"Modbus Detailed - Request and Response\",\"type\":\"horizontal_bar\",\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":200},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"square root\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"times\":[],\"addTimeMarker\":false,\"labels\":{},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"},\"dimensions\":{\"x\":{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Unknown\"}},\"params\":{},\"label\":\"zeek_modbus_detailed.network_direction: Descending\",\"aggType\":\"terms\"}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"zeek_modbus_detailed.func\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"Unknown\",\"customLabel\":\"Function\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"zeek_modbus_detailed.network_direction\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}",
"uiStateJSON": "{\"vis\":{\"legendOpen\":true}}",
"description": "",
"version": 1,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{}"
},
"savedSearchRefName": "search_0"
},
"references": [
{
"name": "search_0",
"type": "search",
"id": "1cfb4e10-e0b7-11ea-8a49-0d5868b09681"
}
],
"migrationVersion": {
"visualization": "7.10.0"
}
},
{
"id": "94118e70-e3d1-11ea-8def-e34cb979819b",
"type": "visualization",
"namespaces": [
"default"
],
"updated_at": "2021-02-10T21:24:15.000Z",
"version": "WzIxNCwxXQ==",
"attributes": {
"title": "Modbus - Writes",
"visState": "{\"title\":\"Modbus - Writes\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":3,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Values\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_modbus_detailed.func\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Function\"}},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dstIp\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_modbus_detailed.unit_id\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Unit ID\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_modbus_detailed.address\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":false,\"otherBucketLabel\":\"-\",\"missingBucket\":false,\"missingBucketLabel\":\"-\",\"customLabel\":\"Address\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_modbus_detailed.values\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":false,\"otherBucketLabel\":\"-\",\"missingBucket\":false,\"missingBucketLabel\":\"-\",\"customLabel\":\"Values\"}}]}",
"uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
"description": "Modbus write register and write coil overview from modbus_detailed.log",
"version": 1,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"query\":{\"query\":\"zeek_modbus_detailed.network_direction:(\\\"request\\\")\",\"language\":\"lucene\"},\"filter\":[]}"
},
"savedSearchRefName": "search_0"
},
"references": [
{
"name": "search_0",
"type": "search",
"id": "1cfb4e10-e0b7-11ea-8a49-0d5868b09681"
}
],
"migrationVersion": {
"visualization": "7.10.0"
}
},
{
"id": "d0dc3070-e3d2-11ea-8def-e34cb979819b",
"type": "visualization",
"namespaces": [
"default"
],
"updated_at": "2021-02-10T21:24:15.000Z",
"version": "WzIxNSwxXQ==",
"attributes": {
"title": "Modbus - Reads",
"visState": "{\"title\":\"Modbus - Reads\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"dimensions\":{\"metrics\":[{\"accessor\":5,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"buckets\":[{\"accessor\":0,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"drilldown\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\"}},\"params\":{},\"label\":\"Values\",\"aggType\":\"terms\"}]}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_modbus_detailed.func\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Function\"}},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dstIp\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_modbus_detailed.unit_id\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"Unit ID\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"zeek_modbus_detailed.values\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":200,\"otherBucket\":false,\"otherBucketLabel\":\"-\",\"missingBucket\":false,\"missingBucketLabel\":\"-\",\"customLabel\":\"Values\"}}]}",
"uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
"description": "Modbus read holding registers, input registers, discrete inputs, and coils overview from modbus_detailed.log",
"version": 1,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"query\":{\"query\":\"zeek_modbus_detailed.network_direction:(\\\"response\\\") AND zeek_modbus_detailed.func:(\\\"READ_DISCRETE_INPUTS\\\" OR \\\"READ_COILS\\\" OR \\\"READ_HOLDING_REGISTERS\\\" OR \\\"READ_INPUT_REGISTERS\\\")\",\"language\":\"lucene\"},\"filter\":[]}"
},
"savedSearchRefName": "search_0"
},
"references": [
{
"name": "search_0",
"type": "search",
"id": "1cfb4e10-e0b7-11ea-8a49-0d5868b09681"
}
],
"migrationVersion": {
"visualization": "7.10.0"
}
},
{
"id": "1cfb4e10-e0b7-11ea-8a49-0d5868b09681",
"type": "search",
"namespaces": [
"default"
],
"updated_at": "2021-02-10T21:24:15.000Z",
"version": "WzIxNiwxXQ==",
"attributes": {
"title": "Modbus - Detailed",
"description": "",
"hits": 0,
"columns": [
"srcIp",
"dstIp",
"zeek_modbus_detailed.func",
"zeek_modbus_detailed.network_direction",
"zeek_modbus_detailed.unit_id",
"zeek_modbus_detailed.address",
"zeek_modbus_detailed.quantity",
"zeek_modbus_detailed.values"
],
"sort": [
[
"firstPacket",
"desc"
]
],
"version": 1,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"zeek.logType:\\\"modbus_detailed\\\"\",\"language\":\"lucene\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
}
},
"references": [
{
"name": "kibanaSavedObjectMeta.searchSourceJSON.index",
"type": "index-pattern",
"id": "sessions2-*"
}
],
"migrationVersion": {
"search": "7.9.3"
}
},
{
"id": "10e72aa0-0816-11eb-987d-c591a71f172b",
"type": "search",
"namespaces": [
"default"
],
"updated_at": "2021-02-10T21:24:15.000Z",
"version": "WzIxNywxXQ==",
"attributes": {
"title": "Modbus - Mask Write",
"description": "",
"hits": 0,
"columns": [
"srcIp",
"dstIp",
"zeek_modbus_mask_write_register.network_direction",
"zeek_modbus_mask_write_register.func",
"zeek_modbus_mask_write_register.unit_id",
"zeek_modbus_mask_write_register.address",
"zeek_modbus_mask_write_register.and_mask",
"zeek_modbus_mask_write_register.or_mask"
],
"sort": [
[
"firstPacket",
"desc"
]
],
"version": 1,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"zeek.logType:\\\"modbus_mask_write_register\\\"\",\"language\":\"lucene\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
}
},
"references": [
{
"name": "kibanaSavedObjectMeta.searchSourceJSON.index",
"type": "index-pattern",
"id": "sessions2-*"
}
],
"migrationVersion": {
"search": "7.9.3"
}
},
{
"id": "3ac0f900-0816-11eb-987d-c591a71f172b",
"type": "search",
"namespaces": [
"default"
],
"updated_at": "2021-02-10T21:24:15.000Z",
"version": "WzIxOCwxXQ==",
"attributes": {
"title": "Modbus - Read Write Multiple",
"description": "",
"hits": 0,
"columns": [
"srcIp",
"dstIp",
"zeek_modbus_read_write_multiple_registers.network_direction",
"zeek_modbus_read_write_multiple_registers.func",
"zeek_modbus_read_write_multiple_registers.unit_id",
"zeek_modbus_read_write_multiple_registers.write_start_address",
"zeek_modbus_read_write_multiple_registers.write_registers",
"zeek_modbus_read_write_multiple_registers.read_start_address",
"zeek_modbus_read_write_multiple_registers.read_registers"
],
"sort": [
[
"firstPacket",
"desc"
]
],
"version": 1,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"zeek.logType:\\\"modbus_read_write_multiple_registers\\\"\",\"language\":\"lucene\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
}
},
"references": [
{
"name": "kibanaSavedObjectMeta.searchSourceJSON.index",
"type": "index-pattern",
"id": "sessions2-*"
}
],
"migrationVersion": {
"search": "7.9.3"
}
},
{
"id": "126f6846-e50a-4cae-9703-80ac172a2098",
"type": "search",
"namespaces": [
"default"
],
"updated_at": "2021-02-10T21:24:15.000Z",
"version": "WzIxOSwxXQ==",
"attributes": {
"title": "Modbus - Logs",
"description": "",
"hits": 0,
"columns": [
"srcIp",
"dstIp",
"dstPort",
"zeek_modbus.func",
"zeek_modbus.exception",
"zeek.uid"
],
"sort": [
[
"firstPacket",
"desc"
]
],
"version": 1,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"filter\":[],\"query\":{\"query\":{\"query_string\":{\"query\":\"zeek.logType:modbus\",\"analyze_wildcard\":true,\"default_field\":\"*\"}},\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
}
},
"references": [
{
"name": "kibanaSavedObjectMeta.searchSourceJSON.index",
"type": "index-pattern",
"id": "sessions2-*"
}
],
"migrationVersion": {
"search": "7.9.3"
}
},
{
"id": "da7d99a0-ef74-11e9-91bd-23d686ac8389",
"type": "search",
"namespaces": [
"default"
],
"updated_at": "2021-02-10T21:24:15.000Z",
"version": "WzIyMCwxXQ==",
"attributes": {
"title": "Modbus - Known Masters and Slaves Logs",
"description": "",
"hits": 0,
"columns": [
"srcIp",
"zeek_known_modbus.device_type",
"zeek.uid"
],
"sort": [
[
"firstPacket",
"desc"
]
],
"version": 1,
"kibanaSavedObjectMeta": {
"searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"zeek.logType:\\\"known_modbus\\\"\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
}
},
"references": [
{
"name": "kibanaSavedObjectMeta.searchSourceJSON.index",
"type": "index-pattern",
"id": "sessions2-*"
}
],
"migrationVersion": {
"search": "7.9.3"
}
}
]
}
Reference in New Issue View Git Blame Copy Permalink