metron-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From l...@apache.org
Subject [3/7] incubator-metron git commit: METRON-427 Create Ambari Management Pack for Metron Installation closes apache/incubator-metron#266
Date Mon, 26 Sep 2016 14:05:06 GMT
http://git-wip-us.apache.org/repos/asf/incubator-metron/blob/125dbef1/metron-deployment/packaging/ambari/src/main/resources/common-services/INDEXING/0.2.0BETA/package/scripts/commands.py
----------------------------------------------------------------------
diff --git a/metron-deployment/packaging/ambari/src/main/resources/common-services/INDEXING/0.2.0BETA/package/scripts/commands.py b/metron-deployment/packaging/ambari/src/main/resources/common-services/INDEXING/0.2.0BETA/package/scripts/commands.py
deleted file mode 100755
index a9a86c0..0000000
--- a/metron-deployment/packaging/ambari/src/main/resources/common-services/INDEXING/0.2.0BETA/package/scripts/commands.py
+++ /dev/null
@@ -1,146 +0,0 @@
-#!/usr/bin/env python
-"""
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements.  See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership.  The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License.  You may obtain a copy of the License at
-    http://www.apache.org/licenses/LICENSE-2.0
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-"""
-
-import os
-import subprocess
-import time
-
-from resource_management.core.logger import Logger
-from resource_management.core.resources.system import Execute, File
-
-
-# Wrap major operations and functionality in this class
-class Commands:
-    __params = None
-    __configured = False
-
-    def __init__(self, params):
-        if params is None:
-            raise ValueError("params argument is required for initialization")
-        self.__params = params
-        self.__configured = os.path.isfile(self.__params.configured_flag_file)
-
-    def is_configured(self):
-        return self.__configured
-
-    def set_configured(self):
-        File(self.__params.configured_flag_file,
-             content="",
-             owner=self.__params.metron_user,
-             mode=0775)
-
-    def setup_repo(self):
-        def local_repo():
-            Logger.info("Setting up local repo")
-            Execute("yum -y install createrepo")
-            Execute("createrepo /localrepo")
-            Execute("chmod -R o-w+r /localrepo")
-            Execute("echo \"[METRON-0.2.0BETA]\n"
-                    "name=Metron 0.2.0BETA packages\n"
-                    "baseurl=file:///localrepo\n"
-                    "gpgcheck=0\n"
-                    "enabled=1\" > /etc/yum.repos.d/local.repo")
-
-        def remote_repo():
-            print('Using remote repo')
-
-        yum_repo_types = {
-            'local': local_repo,
-            'remote': remote_repo
-        }
-        repo_type = self.__params.yum_repo_type
-        if repo_type in yum_repo_types:
-            yum_repo_types[repo_type]()
-        else:
-            raise ValueError("Unsupported repo type '{}'".format(repo_type))
-
-    def init_kafka_topics(self):
-        Logger.info('Creating Kafka topics')
-        command_template = """{}/kafka-topics.sh \
-                                    --zookeeper {} \
-                                    --create \
-                                    --topic {} \
-                                    --partitions {} \
-                                    --replication-factor {} \
-                                    --config retention.bytes={}"""
-        num_partitions = 1
-        replication_factor = 1
-        retention_gigabytes = 10
-        retention_bytes = retention_gigabytes * 1024 * 1024 * 1024
-        Logger.info("Creating topics for indexing")
-
-        Logger.info("Creating topic'{}'".format(self.__params.metron_indexing_topology))
-        Execute(command_template.format(self.__params.kafka_bin_dir,
-                                        self.__params.zookeeper_quorum,
-                                        self.__params.metron_indexing_topology,
-                                        num_partitions,
-                                        replication_factor,
-                                        retention_bytes))
-        Logger.info("Done creating Kafka topics")
-
-    def start_indexing_topology(self):
-        Logger.info("Starting Metron indexing topology: {}".format(self.__params.metron_indexing_topology))
-        start_cmd_template = """{}/bin/start_elasticsearch_topology.sh \
-                                        -s {} \
-                                        -z {}"""
-        Logger.info('Starting ' + self.__params.metron_indexing_topology)
-        Execute(start_cmd_template.format(self.__params.metron_home, self.__params.metron_indexing_topology, self.__params.zookeeper_quorum))
-
-        Logger.info('Finished starting indexing topology')
-
-    def stop_indexing_topology(self):
-        Logger.info('Stopping ' + self.__params.metron_indexing_topology)
-        stop_cmd = 'storm kill ' + self.__params.metron_indexing_topology
-        Execute(stop_cmd)
-        Logger.info('Done stopping indexing topologies')
-
-    def restart_indexing_topology(self):
-        Logger.info('Restarting the indexing topologies')
-        self.stop_indexing_topology()
-
-        # Wait for old topology to be cleaned up by Storm, before starting again.
-        retries = 0
-        topology_active = self.is_topology_active()
-        while topology_active and retries < 3:
-            Logger.info('Existing topology still active. Will wait and retry')
-            time.sleep(40)
-            topology_active = self.is_topology_active()
-            retries += 1
-
-        if not topology_active:
-            self.start_indexing_topology()
-            Logger.info('Done restarting the indexing topologies')
-        else:
-            Logger.warning('Retries exhausted. Existing topology not cleaned up.  Aborting topology start.')
-
-    def is_topology_active(self):
-        cmd_retrieve = "storm list | grep 'indexing'"
-
-        proc = subprocess.Popen(cmd_retrieve, stdout=subprocess.PIPE, stderr=subprocess.PIPE, shell=True)
-        (stdout, stderr) = proc.communicate()
-        Logger.info("Retrieval response is: %s" % stdout)
-        Logger.warning("Error response is: %s" % stderr)
-
-        fields = stdout.split()
-        if len(fields) < 2:
-            Logger.warning("Indexing topology is not running")
-            return False
-
-        # Get the second column, which is status. We already know first column is indexing)
-        status = stdout.split()[1]
-        running_status_set = ['ACTIVE', 'REBALANCING']
-        return status in running_status_set

http://git-wip-us.apache.org/repos/asf/incubator-metron/blob/125dbef1/metron-deployment/packaging/ambari/src/main/resources/common-services/INDEXING/0.2.0BETA/package/scripts/indexing_master.py
----------------------------------------------------------------------
diff --git a/metron-deployment/packaging/ambari/src/main/resources/common-services/INDEXING/0.2.0BETA/package/scripts/indexing_master.py b/metron-deployment/packaging/ambari/src/main/resources/common-services/INDEXING/0.2.0BETA/package/scripts/indexing_master.py
deleted file mode 100755
index bfae19a..0000000
--- a/metron-deployment/packaging/ambari/src/main/resources/common-services/INDEXING/0.2.0BETA/package/scripts/indexing_master.py
+++ /dev/null
@@ -1,71 +0,0 @@
-"""
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements.  See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership.  The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License.  You may obtain a copy of the License at
-    http://www.apache.org/licenses/LICENSE-2.0
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-"""
-
-from resource_management.core.exceptions import ComponentIsNotRunning
-from resource_management.core.logger import Logger
-from resource_management.libraries.script import Script
-
-from commands import Commands
-
-
-class Indexing(Script):
-    def install(self, env):
-        import params
-        env.set_params(params)
-        commands = Commands(params)
-        commands.setup_repo()
-        Logger.info('Install RPM packages')
-        self.install_packages(env)
-
-    def start(self, env, upgrade_type=None):
-        import params
-        env.set_params(params)
-        commands = Commands(params)
-        if not commands.is_configured():
-            commands.init_kafka_topics()
-            commands.set_configured()
-
-        commands.start_indexing_topology()
-
-    def stop(self, env, upgrade_type=None):
-        import params
-        env.set_params(params)
-        commands = Commands(params)
-        commands.stop_indexing_topology()
-
-    def status(self, env):
-        import status_params
-        env.set_params(status_params)
-        commands = Commands(status_params)
-
-        if not commands.is_topology_active():
-            raise ComponentIsNotRunning()
-
-    def restart(self, env):
-        import params
-        env.set_params(params)
-        commands = Commands(params)
-        commands.restart_indexing_topology()
-
-    def kafkabuild(self, env, upgrade_type=None):
-        import params
-        env.set_params(params)
-        commands = Commands(params)
-        commands.init_kafka_topics()
-
-
-if __name__ == "__main__":
-    Indexing().execute()

http://git-wip-us.apache.org/repos/asf/incubator-metron/blob/125dbef1/metron-deployment/packaging/ambari/src/main/resources/common-services/INDEXING/0.2.0BETA/package/scripts/params.py
----------------------------------------------------------------------
diff --git a/metron-deployment/packaging/ambari/src/main/resources/common-services/INDEXING/0.2.0BETA/package/scripts/params.py b/metron-deployment/packaging/ambari/src/main/resources/common-services/INDEXING/0.2.0BETA/package/scripts/params.py
deleted file mode 100755
index 6440005..0000000
--- a/metron-deployment/packaging/ambari/src/main/resources/common-services/INDEXING/0.2.0BETA/package/scripts/params.py
+++ /dev/null
@@ -1,29 +0,0 @@
-#!/usr/bin/env python
-"""
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements.  See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership.  The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License.  You may obtain a copy of the License at
-    http://www.apache.org/licenses/LICENSE-2.0
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-"""
-from ambari_commons import OSCheck
-from resource_management.libraries.functions.default import default
-from resource_management.libraries.functions.expect import expect
-
-if OSCheck.is_windows_family():
-    pass
-else:
-    from params_linux import *
-
-java_home = config['hostLevelParams']['java_home']
-java_version = expect("/hostLevelParams/java_version", int)
-
-host_sys_prepped = default("/hostLevelParams/host_sys_prepped", False)

http://git-wip-us.apache.org/repos/asf/incubator-metron/blob/125dbef1/metron-deployment/packaging/ambari/src/main/resources/common-services/INDEXING/0.2.0BETA/package/scripts/params_linux.py
----------------------------------------------------------------------
diff --git a/metron-deployment/packaging/ambari/src/main/resources/common-services/INDEXING/0.2.0BETA/package/scripts/params_linux.py b/metron-deployment/packaging/ambari/src/main/resources/common-services/INDEXING/0.2.0BETA/package/scripts/params_linux.py
deleted file mode 100755
index 86a0359..0000000
--- a/metron-deployment/packaging/ambari/src/main/resources/common-services/INDEXING/0.2.0BETA/package/scripts/params_linux.py
+++ /dev/null
@@ -1,70 +0,0 @@
-#!/usr/bin/env python
-"""
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements.  See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership.  The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License.  You may obtain a copy of the License at
-    http://www.apache.org/licenses/LICENSE-2.0
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-"""
-
-import os
-
-from resource_management.libraries.functions import conf_select
-from resource_management.libraries.functions import stack_select
-from resource_management.libraries.functions.default import default
-from resource_management.libraries.script import Script
-
-# Server configurations
-config = Script.get_config()
-
-hostname = config['hostname']
-metron_home = config['configurations']['metron-indexing']['metron_home']
-metron_indexing_topology = config['configurations']['metron-indexing']['metron_indexing_topology']
-yum_repo_type = 'local'
-metron_user = config['configurations']['metron-indexing']['metron_user']
-
-metron_config_path = metron_home + '/config'
-configured_flag_file = metron_config_path + '/metron_indexing_is_configured'
-
-# Hadoop params
-hadoop_home_dir = stack_select.get_hadoop_dir("home")
-hadoop_bin_dir = stack_select.get_hadoop_dir("bin")
-hadoop_conf_dir = conf_select.get_hadoop_conf_dir()
-
-# Zookeeper
-zk_hosts = default("/clusterHostInfo/zookeeper_hosts", [])
-has_zk_host = not len(zk_hosts) == 0
-zookeeper_quorum = None
-if has_zk_host:
-    if 'zoo.cfg' in config['configurations'] and 'clientPort' in config['configurations']['zoo.cfg']:
-        zookeeper_clientPort = config['configurations']['zoo.cfg']['clientPort']
-    else:
-        zookeeper_clientPort = '2181'
-    zookeeper_quorum = (':' + zookeeper_clientPort + ',').join(config['clusterHostInfo']['zookeeper_hosts'])
-    # last port config
-    zookeeper_quorum += ':' + zookeeper_clientPort
-
-# Kafka
-stack_root = Script.get_stack_root()
-kafka_home = os.path.join(stack_root, "current", "kafka-broker")
-kafka_bin_dir = os.path.join(kafka_home, "bin")
-metron_indexing_topic_retention = config['configurations']['metron-indexing']['metron_indexing_topic_retention']
-
-kafka_hosts = default("/clusterHostInfo/kafka_broker_hosts", [])
-has_kafka_host = not len(kafka_hosts) == 0
-kafka_brokers = None
-if has_kafka_host:
-    if 'port' in config['configurations']['kafka-broker']:
-        kafka_broker_port = config['configurations']['kafka-broker']['port']
-    else:
-        kafka_broker_port = '6667'
-    kafka_brokers = (':' + kafka_broker_port + ',').join(config['clusterHostInfo']['kafka_broker_hosts'])
-    kafka_brokers += ':' + kafka_broker_port

http://git-wip-us.apache.org/repos/asf/incubator-metron/blob/125dbef1/metron-deployment/packaging/ambari/src/main/resources/common-services/INDEXING/0.2.0BETA/package/scripts/params_windows.py
----------------------------------------------------------------------
diff --git a/metron-deployment/packaging/ambari/src/main/resources/common-services/INDEXING/0.2.0BETA/package/scripts/params_windows.py b/metron-deployment/packaging/ambari/src/main/resources/common-services/INDEXING/0.2.0BETA/package/scripts/params_windows.py
deleted file mode 100755
index b5828d2..0000000
--- a/metron-deployment/packaging/ambari/src/main/resources/common-services/INDEXING/0.2.0BETA/package/scripts/params_windows.py
+++ /dev/null
@@ -1,17 +0,0 @@
-"""
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements.  See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership.  The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License.  You may obtain a copy of the License at
-    http://www.apache.org/licenses/LICENSE-2.0
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-"""
-
-raise NotImplementedError

http://git-wip-us.apache.org/repos/asf/incubator-metron/blob/125dbef1/metron-deployment/packaging/ambari/src/main/resources/common-services/INDEXING/0.2.0BETA/package/scripts/service_check.py
----------------------------------------------------------------------
diff --git a/metron-deployment/packaging/ambari/src/main/resources/common-services/INDEXING/0.2.0BETA/package/scripts/service_check.py b/metron-deployment/packaging/ambari/src/main/resources/common-services/INDEXING/0.2.0BETA/package/scripts/service_check.py
deleted file mode 100755
index c02d695..0000000
--- a/metron-deployment/packaging/ambari/src/main/resources/common-services/INDEXING/0.2.0BETA/package/scripts/service_check.py
+++ /dev/null
@@ -1,37 +0,0 @@
-#!/usr/bin/env python
-"""
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements.  See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership.  The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License.  You may obtain a copy of the License at
-    http://www.apache.org/licenses/LICENSE-2.0
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-"""
-from __future__ import print_function
-
-from resource_management.libraries.script import Script
-
-from commands import Commands
-
-
-class ServiceCheck(Script):
-    def service_check(self, env):
-        import params
-        env.set_params(params)
-
-        commands = Commands(params)
-        if commands.is_topology_active():
-            exit(0)
-        else:
-            exit(1)
-
-
-if __name__ == "__main__":
-    ServiceCheck().execute()

http://git-wip-us.apache.org/repos/asf/incubator-metron/blob/125dbef1/metron-deployment/packaging/ambari/src/main/resources/common-services/INDEXING/0.2.0BETA/package/scripts/status_params.py
----------------------------------------------------------------------
diff --git a/metron-deployment/packaging/ambari/src/main/resources/common-services/INDEXING/0.2.0BETA/package/scripts/status_params.py b/metron-deployment/packaging/ambari/src/main/resources/common-services/INDEXING/0.2.0BETA/package/scripts/status_params.py
deleted file mode 100755
index 30aed60..0000000
--- a/metron-deployment/packaging/ambari/src/main/resources/common-services/INDEXING/0.2.0BETA/package/scripts/status_params.py
+++ /dev/null
@@ -1,19 +0,0 @@
-#!/usr/bin/env python
-"""
-Licensed to the Apache Software Foundation (ASF) under one
-or more contributor license agreements.  See the NOTICE file
-distributed with this work for additional information
-regarding copyright ownership.  The ASF licenses this file
-to you under the Apache License, Version 2.0 (the
-"License"); you may not use this file except in compliance
-with the License.  You may obtain a copy of the License at
-    http://www.apache.org/licenses/LICENSE-2.0
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.
-"""
-
-metron_indexing_topology = 'indexing'
-configured_flag_file = ""

http://git-wip-us.apache.org/repos/asf/incubator-metron/blob/125dbef1/metron-deployment/packaging/ambari/src/main/resources/common-services/INDEXING/0.2.0BETA/quicklinks/quicklinks.json
----------------------------------------------------------------------
diff --git a/metron-deployment/packaging/ambari/src/main/resources/common-services/INDEXING/0.2.0BETA/quicklinks/quicklinks.json b/metron-deployment/packaging/ambari/src/main/resources/common-services/INDEXING/0.2.0BETA/quicklinks/quicklinks.json
deleted file mode 100755
index ee1b225..0000000
--- a/metron-deployment/packaging/ambari/src/main/resources/common-services/INDEXING/0.2.0BETA/quicklinks/quicklinks.json
+++ /dev/null
@@ -1,28 +0,0 @@
-{
-  "name": "default",
-  "description": "default quick links configuration",
-  "configuration": {
-    "protocol":
-    {
-      "type":"HTTP_ONLY"
-    },
-
-    "links": [
-      {
-        "name": "storm_ui",
-        "label": "Storm UI",
-        "requires_user_name": "false",
-        "component_name": "STORM_UI_SERVER",
-        "url":"%@://%@:%@/",
-        "port":{
-          "http_property": "ui.port",
-          "http_default_port": "8744",
-          "https_property": "ui.port",
-          "https_default_port": "8744",
-          "regex": "^(\\d+)$",
-          "site": "storm-site"
-        }
-      }
-    ]
-  }
-}

http://git-wip-us.apache.org/repos/asf/incubator-metron/blob/125dbef1/metron-deployment/packaging/ambari/src/main/resources/common-services/KIBANA/4.5.1/configuration/kibana-env.xml
----------------------------------------------------------------------
diff --git a/metron-deployment/packaging/ambari/src/main/resources/common-services/KIBANA/4.5.1/configuration/kibana-env.xml b/metron-deployment/packaging/ambari/src/main/resources/common-services/KIBANA/4.5.1/configuration/kibana-env.xml
deleted file mode 100755
index 972945d..0000000
--- a/metron-deployment/packaging/ambari/src/main/resources/common-services/KIBANA/4.5.1/configuration/kibana-env.xml
+++ /dev/null
@@ -1,54 +0,0 @@
-<?xml version="1.0"?>
-<?xml-stylesheet type="text/xsl" href="configuration.xsl"?>
-<!--
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
--->
-<configuration>
-  <property>
-    <name>kibana_user</name>
-    <value>kibana</value>
-    <property-type>USER</property-type>
-    <description></description>
-  </property>
-  <property>
-    <name>user_group</name>
-    <value>kibana</value>
-    <property-type>GROUP</property-type>
-    <description></description>
-  </property>
-  <property require-input="true">
-    <name>kibana_log_dir</name>
-    <value>/var/log/kibana</value>
-    <description>Log directory for Kibana</description>
-  </property>
-  <property require-input="true">
-    <name>kibana_pid_dir</name>
-    <value>/var/run/kibana</value>
-    <description>PID directory for Kibana</description>
-  </property>
-  <property require-input="true">
-    <name>kibana_es_url</name>
-    <value></value>
-    <description>The Elasticsearch instance to use for all your queries. (http://eshost:9200)</description>
-  </property>
-  <property require-input="true">
-    <name>kibana_server_port</name>
-    <value>5000</value>
-    <description>Kibana back end server port to use.</description>
-  </property>
-</configuration>

http://git-wip-us.apache.org/repos/asf/incubator-metron/blob/125dbef1/metron-deployment/packaging/ambari/src/main/resources/common-services/KIBANA/4.5.1/configuration/kibana-site.xml
----------------------------------------------------------------------
diff --git a/metron-deployment/packaging/ambari/src/main/resources/common-services/KIBANA/4.5.1/configuration/kibana-site.xml b/metron-deployment/packaging/ambari/src/main/resources/common-services/KIBANA/4.5.1/configuration/kibana-site.xml
deleted file mode 100755
index c546e2c..0000000
--- a/metron-deployment/packaging/ambari/src/main/resources/common-services/KIBANA/4.5.1/configuration/kibana-site.xml
+++ /dev/null
@@ -1,112 +0,0 @@
-<?xml version="1.0"?>
-<?xml-stylesheet type="text/xsl" href="configuration.xsl"?>
-<!--
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
--->
-<configuration>
-    <!-- kibana.yml -->
-    <property>
-        <name>content</name>
-        <display-name>kibana.yml template</display-name>
-        <description>This is the jinja template for kibana.yml file</description>
-        <value>
-# Kibana is served by a back end server. This controls which port to use.
-server.port: {{ kibana_port }}
-
-# The host to bind the server to.
-# server.host: "0.0.0.0"
-
-# If you are running kibana behind a proxy, and want to mount it at a path,
-# specify that path here. The basePath can't end in a slash.
-# server.basePath: ""
-
-# The maximum payload size in bytes on incoming server requests.
-# server.maxPayloadBytes: 1048576
-
-# The Elasticsearch instance to use for all your queries.
-elasticsearch.url: {{ es_url }}
-
-# preserve_elasticsearch_host true will send the hostname specified in `elasticsearch`. If you set it to false,
-# then the host you use to connect to *this* Kibana instance will be sent.
-# elasticsearch.preserveHost: true
-
-# Kibana uses an index in Elasticsearch to store saved searches, visualizations
-# and dashboards. It will create a new index if it doesn't already exist.
-# kibana.index: ".kibana"
-
-# The default application to load.
-# kibana.defaultAppId: "discover"
-
-# If your Elasticsearch is protected with basic auth, these are the user credentials
-# used by the Kibana server to perform maintenance on the kibana_index at startup. Your Kibana
-# users will still need to authenticate with Elasticsearch (which is proxied through
-# the Kibana server)
-# elasticsearch.username: "user"
-# elasticsearch.password: "pass"
-
-# SSL for outgoing requests from the Kibana Server to the browser (PEM formatted)
-# server.ssl.cert: /path/to/your/server.crt
-# server.ssl.key: /path/to/your/server.key
-
-# Optional setting to validate that your Elasticsearch backend uses the same key files (PEM formatted)
-# elasticsearch.ssl.cert: /path/to/your/client.crt
-# elasticsearch.ssl.key: /path/to/your/client.key
-
-# If you need to provide a CA certificate for your Elasticsearch instance, put
-# the path of the pem file here.
-# elasticsearch.ssl.ca: /path/to/your/CA.pem
-
-# Set to false to have a complete disregard for the validity of the SSL
-# certificate.
-# elasticsearch.ssl.verify: true
-
-# Time in milliseconds to wait for elasticsearch to respond to pings, defaults to
-# request_timeout setting
-# elasticsearch.pingTimeout: 1500
-
-# Time in milliseconds to wait for responses from the back end or elasticsearch.
-# This must be > 0
-# elasticsearch.requestTimeout: 30000
-
-# Time in milliseconds for Elasticsearch to wait for responses from shards.
-# Set to 0 to disable.
-# elasticsearch.shardTimeout: 0
-
-# Time in milliseconds to wait for Elasticsearch at Kibana startup before retrying
-# elasticsearch.startupTimeout: 5000
-
-# Set the path to where you would like the process id file to be created.
-# pid.file: /var/run/kibana.pid
-
-# If you would like to send the log output to a file you can set the path below.
-logging.dest: {{ log_dir }}/kibana.log
-
-# Set this to true to suppress all logging output.
-# logging.silent: false
-
-# Set this to true to suppress all logging output except for error messages.
-# logging.quiet: false
-
-# Set this to true to log all events, including system usage information and all requests.
-# logging.verbose: false
-        </value>
-        <value-attributes>
-            <type>content</type>
-        </value-attributes>
-    </property>
-</configuration>

http://git-wip-us.apache.org/repos/asf/incubator-metron/blob/125dbef1/metron-deployment/packaging/ambari/src/main/resources/common-services/KIBANA/4.5.1/metainfo.xml
----------------------------------------------------------------------
diff --git a/metron-deployment/packaging/ambari/src/main/resources/common-services/KIBANA/4.5.1/metainfo.xml b/metron-deployment/packaging/ambari/src/main/resources/common-services/KIBANA/4.5.1/metainfo.xml
deleted file mode 100755
index d14afbf..0000000
--- a/metron-deployment/packaging/ambari/src/main/resources/common-services/KIBANA/4.5.1/metainfo.xml
+++ /dev/null
@@ -1,75 +0,0 @@
-<?xml version="1.0"?>
-<!--
-   Licensed to the Apache Software Foundation (ASF) under one or more
-   contributor license agreements.  See the NOTICE file distributed with
-   this work for additional information regarding copyright ownership.
-   The ASF licenses this file to You under the Apache License, Version 2.0
-   (the "License"); you may not use this file except in compliance with
-   the License.  You may obtain a copy of the License at
-
-       http://www.apache.org/licenses/LICENSE-2.0
-
-   Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License.
--->
-<metainfo>
-    <schemaVersion>2.0</schemaVersion>
-    <services>
-        <service>
-            <name>KIBANA</name>
-            <displayName>Kibana</displayName>
-            <comment>Kibana Dashboard</comment>
-            <version>4.5.1</version>
-            <components>
-                <component>
-                    <name>KIBANA_MASTER</name>
-                    <displayName>Kibana Server</displayName>
-                    <category>MASTER</category>
-                    <cardinality>1</cardinality>
-                    <commandScript>
-                        <script>scripts/kibana_master.py</script>
-                        <scriptType>PYTHON</scriptType>
-                        <timeout>600</timeout>
-                    </commandScript>
-                    <customCommands>
-                        <customCommand>
-                            <name>LOADTEMPLATE</name>
-                            <background>false</background>
-                            <commandScript>
-                                <script>scripts/kibana_master.py</script>
-                                <scriptType>PYTHON</scriptType>
-                            </commandScript>
-                        </customCommand>
-                    </customCommands>
-                </component>
-            </components>
-            <osSpecifics>
-                <osSpecific>
-                    <osFamily>any</osFamily>
-                    <packages>
-                        <package>
-                            <name>python-elasticsearch</name>
-                        </package>
-                        <package>
-                            <name>kibana-4.5.1</name>
-                        </package>
-                    </packages>
-                </osSpecific>
-            </osSpecifics>
-            <configuration-dependencies>
-                <config-type>kibana-env</config-type>
-                <config-type>kibana-site</config-type>
-            </configuration-dependencies>
-            <restartRequiredAfterChange>true</restartRequiredAfterChange>
-            <quickLinksConfigurations>
-                <quickLinksConfiguration>
-                    <fileName>quicklinks.json</fileName>
-                    <default>true</default>
-                </quickLinksConfiguration>
-            </quickLinksConfigurations>
-        </service>
-    </services>
-</metainfo>

http://git-wip-us.apache.org/repos/asf/incubator-metron/blob/125dbef1/metron-deployment/packaging/ambari/src/main/resources/common-services/KIBANA/4.5.1/package/scripts/dashboard/__init__.py
----------------------------------------------------------------------
diff --git a/metron-deployment/packaging/ambari/src/main/resources/common-services/KIBANA/4.5.1/package/scripts/dashboard/__init__.py b/metron-deployment/packaging/ambari/src/main/resources/common-services/KIBANA/4.5.1/package/scripts/dashboard/__init__.py
deleted file mode 100755
index 8d2bad8..0000000
--- a/metron-deployment/packaging/ambari/src/main/resources/common-services/KIBANA/4.5.1/package/scripts/dashboard/__init__.py
+++ /dev/null
@@ -1,16 +0,0 @@
-#
-#  Licensed to the Apache Software Foundation (ASF) under one or more
-#  contributor license agreements.  See the NOTICE file distributed with
-#  this work for additional information regarding copyright ownership.
-#  The ASF licenses this file to You under the Apache License, Version 2.0
-#  (the "License"); you may not use this file except in compliance with
-#  the License.  You may obtain a copy of the License at
-#
-#      http://www.apache.org/licenses/LICENSE-2.0
-#
-#  Unless required by applicable law or agreed to in writing, software
-#  distributed under the License is distributed on an "AS IS" BASIS,
-#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#  See the License for the specific language governing permissions and
-#  limitations under the License.
-#
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/incubator-metron/blob/125dbef1/metron-deployment/packaging/ambari/src/main/resources/common-services/KIBANA/4.5.1/package/scripts/dashboard/dashboard.p
----------------------------------------------------------------------
diff --git a/metron-deployment/packaging/ambari/src/main/resources/common-services/KIBANA/4.5.1/package/scripts/dashboard/dashboard.p b/metron-deployment/packaging/ambari/src/main/resources/common-services/KIBANA/4.5.1/package/scripts/dashboard/dashboard.p
deleted file mode 100755
index 8327eb8..0000000
--- a/metron-deployment/packaging/ambari/src/main/resources/common-services/KIBANA/4.5.1/package/scripts/dashboard/dashboard.p
+++ /dev/null
@@ -1,1539 +0,0 @@
-(lp1
-(dp2
-V_score
-p3
-F1
-sV_type
-p4
-Vvisualization
-p5
-sV_id
-p6
-VWeb-Request-Type
-p7
-sV_source
-p8
-(dp9
-VvisState
-p10
-V{"title":"Web Request Type","type":"pie","params":{"shareYAxis":true,"addTooltip":true,"addLegend":true,"isDonut":false},"aggs":[{"id":"1","type":"count","schema":"metric","params":{}},{"id":"2","type":"terms","schema":"segment","params":{"field":"method","size":5,"order":"desc","orderBy":"1"}}],"listeners":{}}
-p11
-sVdescription
-p12
-V
-sVtitle
-p13
-VWeb Request Type
-p14
-sVuiStateJSON
-p15
-V{}
-p16
-sVversion
-p17
-I1
-sVsavedSearchId
-p18
-Vweb-search
-p19
-sVkibanaSavedObjectMeta
-p20
-(dp21
-VsearchSourceJSON
-p22
-V{"filter":[]}
-p23
-sssV_index
-p24
-V.kibana
-p25
-sa(dp26
-V_score
-p27
-F1
-sV_type
-p28
-Vvisualization
-p29
-sV_id
-p30
-VTop-Snort-Alerts-by-Source
-p31
-sV_source
-p32
-(dp33
-VvisState
-p34
-V{"title":"Top Snort Alerts by Source","type":"table","params":{"perPage":10,"showPartialRows":false,"showMeticsAtAllLevels":false},"aggs":[{"id":"1","type":"count","schema":"metric","params":{}},{"id":"2","type":"terms","schema":"bucket","params":{"field":"ip_src_addr","size":10,"order":"desc","orderBy":"1","customLabel":"Source IP"}}],"listeners":{}}
-p35
-sVdescription
-p36
-V
-sVtitle
-p37
-VTop Snort Alerts by Source
-p38
-sVuiStateJSON
-p39
-V{}
-p40
-sVversion
-p41
-I1
-sVkibanaSavedObjectMeta
-p42
-(dp43
-VsearchSourceJSON
-p44
-V{"index":"snort*","query":{"query_string":{"query":"*","analyze_wildcard":true}},"filter":[]}
-p45
-sssV_index
-p46
-V.kibana
-p47
-sa(dp48
-V_score
-p49
-F1
-sV_type
-p50
-Vvisualization
-p51
-sV_id
-p52
-VWelcome
-p53
-sV_source
-p54
-(dp55
-VvisState
-p56
-V{"title":"Welcome to Apache Metron","type":"markdown","params":{"markdown":"This dashboard enables the validation of Apache Metron and the end-to-end functioning of its default sensor suite.  The default sensor suite includes [Snort](https://www.snort.org/), [Bro](https://www.bro.org/), and [YAF](https://tools.netsa.cert.org/yaf/).  One of Apache Metron's primary goals is to simplify the onboarding of additional sources of telemetry.  In a production deployment these default sensors should be replaced with ones applicable to the target environment.\u005cn\u005cnApache Metron enables disparate sources of telemetry to all be viewed under a 'single pane of glass.'  Telemetry from each of the default sensors can be searched, aggregated, summarized, and viewed within this dashboard. This dashboard should be used as a springboard upon which to create your own customized dashboards.\u005cn\u005cnThe panels below highlight the volume and variety of events that are currently being consumed 
 by Apache Metron."},"aggs":[],"listeners":{}}
-p57
-sVdescription
-p58
-V
-sVtitle
-p59
-VWelcome to Apache Metron
-p60
-sVuiStateJSON
-p61
-V{}
-p62
-sVversion
-p63
-I1
-sVkibanaSavedObjectMeta
-p64
-(dp65
-VsearchSourceJSON
-p66
-V{"query":{"query_string":{"analyze_wildcard":true,"query":"*"}},"filter":[]}
-p67
-sssV_index
-p68
-V.kibana
-p69
-sa(dp70
-V_score
-p71
-F1
-sV_type
-p72
-Vsearch
-p73
-sV_id
-p74
-Vsnort-search
-p75
-sV_source
-p76
-(dp77
-Vsort
-p78
-(lp79
-Vtimestamp
-p80
-aVdesc
-p81
-asVhits
-p82
-I0
-sVdescription
-p83
-V
-sVtitle
-p84
-VSnort Alerts
-p85
-sVversion
-p86
-I1
-sVkibanaSavedObjectMeta
-p87
-(dp88
-VsearchSourceJSON
-p89
-V{"index":"snort*","query":{"query_string":{"analyze_wildcard":true,"query":"*"}},"filter":[],"highlight":{"pre_tags":["@kibana-highlighted-field@"],"post_tags":["@/kibana-highlighted-field@"],"fields":{"*":{}},"require_field_match":false,"fragment_size":2147483647}}
-p90
-ssVcolumns
-p91
-(lp92
-Vmsg
-p93
-aVsig_id
-p94
-aVip_src_addr
-p95
-aVip_src_port
-p96
-aVip_dst_addr
-p97
-aVip_dst_port
-p98
-assV_index
-p99
-V.kibana
-p100
-sa(dp101
-V_score
-p102
-F1
-sV_type
-p103
-Vsearch
-p104
-sV_id
-p105
-Vyaf-search
-p106
-sV_source
-p107
-(dp108
-Vsort
-p109
-(lp110
-Vtimestamp
-p111
-aVdesc
-p112
-asVhits
-p113
-I0
-sVdescription
-p114
-V
-sVtitle
-p115
-VYAF
-p116
-sVversion
-p117
-I1
-sVkibanaSavedObjectMeta
-p118
-(dp119
-VsearchSourceJSON
-p120
-V{"index":"yaf*","filter":[],"highlight":{"pre_tags":["@kibana-highlighted-field@"],"post_tags":["@/kibana-highlighted-field@"],"fields":{"*":{}},"require_field_match":false,"fragment_size":2147483647},"query":{"query_string":{"query":"*","analyze_wildcard":true}}}
-p121
-ssVcolumns
-p122
-(lp123
-Vip_src_addr
-p124
-aVip_src_port
-p125
-aVip_dst_addr
-p126
-aVip_dst_port
-p127
-aVprotocol
-p128
-aVduration
-p129
-aVpkt
-p130
-assV_index
-p131
-V.kibana
-p132
-sa(dp133
-V_score
-p134
-F1
-sV_type
-p135
-Vconfig
-p136
-sV_id
-p137
-V4.5.1
-p138
-sV_source
-p139
-(dp140
-VbuildNum
-p141
-I9892
-sVdefaultIndex
-p142
-Vbro*
-p143
-ssV_index
-p144
-V.kibana
-p145
-sa(dp146
-V_score
-p147
-F1
-sV_type
-p148
-Vindex-pattern
-p149
-sV_id
-p150
-Vbro*
-p151
-sV_source
-p152
-(dp153
-Vfields
-p154
-V[{"name":"TTLs","type":"number","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"qclass_name","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"bro_timestamp","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":true,"doc_values":false},{"name":"enrichments:geo:ip_dst_addr:location_point","type":"geo_point","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"answers","type":"ip","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"enrichmentjoinbolt:joiner:ts","type":"date","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"adapter:geoadapter:begin:ts","type":"date","count":1,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"resp_mime_types","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":true,"doc_values":false},{"name":"prot
 ocol","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"original_string","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":true,"doc_values":false},{"name":"adapter:threatinteladapter:end:ts","type":"date","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"host","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"adapter:geoadapter:end:ts","type":"date","count":1,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"AA","type":"boolean","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"method","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"enrichmentsplitterbolt:splitter:end:ts","type":"date","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"query","type":"string","count":0,"s
 cripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"enrichments:geo:ip_dst_addr:city","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"rcode","type":"number","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"adapter:hostfromjsonlistadapter:begin:ts","type":"date","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"orig_mime_types","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":true,"doc_values":false},{"name":"RA","type":"boolean","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"RD","type":"boolean","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"orig_fuids","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":true,"doc_values":false},{"name":"proto","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false
 ,"doc_values":true},{"name":"adapter:threatinteladapter:begin:ts","type":"date","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"_source","type":"_source","count":0,"scripted":false,"indexed":false,"analyzed":false,"doc_values":false},{"name":"enrichments:geo:ip_dst_addr:country","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"response_body_len","type":"number","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"enrichments:geo:ip_dst_addr:locID","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"qtype_name","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"status_code","type":"number","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"_index","type":"string","count":0,"scripted":false,"indexed":false,"analyzed":false,
 "doc_values":false},{"name":"ip_dst_port","type":"number","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"enrichments:geo:ip_dst_addr:dmaCode","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"threatinteljoinbolt:joiner:ts","type":"date","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"rejected","type":"boolean","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"qtype","type":"number","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"enrichmentsplitterbolt:splitter:begin:ts","type":"date","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"trans_id","type":"number","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"enrichments:geo:ip_dst_addr:latitude","type":"number","count":0,"scripted":false,"indexed":true,"ana
 lyzed":false,"doc_values":true},{"name":"uid","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"source:type","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"trans_depth","type":"number","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"ip_dst_addr","type":"ip","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"adapter:hostfromjsonlistadapter:end:ts","type":"date","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"Z","type":"number","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"ip_src_addr","type":"ip","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"threatintelsplitterbolt:splitter:end:ts","type":"date","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"enr
 ichments:geo:ip_dst_addr:longitude","type":"number","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"user_agent","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":true,"doc_values":false},{"name":"qclass","type":"number","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"timestamp","type":"date","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"resp_fuids","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":true,"doc_values":false},{"name":"request_body_len","type":"number","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"enrichments:geo:ip_dst_addr:postalCode","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"uri","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"rcode_name","type":"string","coun
 t":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"TC","type":"boolean","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"referrer","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"ip_src_port","type":"number","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"status_msg","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"threatintelsplitterbolt:splitter:begin:ts","type":"date","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"_id","type":"string","count":0,"scripted":false,"indexed":false,"analyzed":false,"doc_values":false},{"name":"_type","type":"string","count":1,"scripted":false,"indexed":false,"analyzed":false,"doc_values":false},{"name":"_score","type":"number","count":2,"scripted":false,"indexed":false,"analyzed":false,"doc_values":
 false}]
-p155
-sVtimeFieldName
-p156
-Vtimestamp
-p157
-sVtitle
-p158
-Vbro*
-p159
-ssV_index
-p160
-V.kibana
-p161
-sa(dp162
-V_score
-p163
-F1
-sV_type
-p164
-Vvisualization
-p165
-sV_id
-p166
-VFlow-Duration
-p167
-sV_source
-p168
-(dp169
-VvisState
-p170
-V{"title":"Flow Duration","type":"area","params":{"shareYAxis":true,"addTooltip":true,"addLegend":true,"smoothLines":false,"scale":"linear","interpolate":"linear","mode":"stacked","times":[],"addTimeMarker":false,"defaultYExtents":false,"setYExtents":false,"yAxis":{}},"aggs":[{"id":"1","type":"count","schema":"metric","params":{}},{"id":"2","type":"histogram","schema":"segment","params":{"field":"duration","interval":10,"extended_bounds":{},"customLabel":"Flow Duration (seconds)"}}],"listeners":{}}
-p171
-sVdescription
-p172
-V
-sVtitle
-p173
-VFlow Duration
-p174
-sVuiStateJSON
-p175
-V{"vis":{"legendOpen":false}}
-p176
-sVversion
-p177
-I1
-sVkibanaSavedObjectMeta
-p178
-(dp179
-VsearchSourceJSON
-p180
-V{"index":"yaf*","query":{"query_string":{"query":"*","analyze_wildcard":true}},"filter":[]}
-p181
-sssV_index
-p182
-V.kibana
-p183
-sa(dp184
-V_score
-p185
-F1
-sV_type
-p186
-Vvisualization
-p187
-sV_id
-p188
-VEvents
-p189
-sV_source
-p190
-(dp191
-VvisState
-p192
-V{"title":"Events","type":"histogram","params":{"shareYAxis":true,"addTooltip":true,"addLegend":true,"scale":"linear","mode":"stacked","times":[],"addTimeMarker":false,"defaultYExtents":false,"setYExtents":false,"yAxis":{}},"aggs":[{"id":"1","type":"count","schema":"metric","params":{}},{"id":"2","type":"date_histogram","schema":"segment","params":{"field":"timestamp","interval":"auto","customInterval":"2h","min_doc_count":1,"extended_bounds":{}}},{"id":"3","type":"terms","schema":"group","params":{"field":"source:type","size":5,"order":"desc","orderBy":"1"}}],"listeners":{}}
-p193
-sVdescription
-p194
-V
-sVtitle
-p195
-VEvents
-p196
-sVuiStateJSON
-p197
-V{"vis":{"legendOpen":false}}
-p198
-sVversion
-p199
-I1
-sVkibanaSavedObjectMeta
-p200
-(dp201
-VsearchSourceJSON
-p202
-V{"index":["yaf*", "bro*", "snort*"],"query":{"query_string":{"query":"*","analyze_wildcard":true}},"filter":[]}
-p203
-sssV_index
-p204
-V.kibana
-p205
-sa(dp206
-V_score
-p207
-F1
-sV_type
-p208
-Vvisualization
-p209
-sV_id
-p210
-VWeb-Request-Header
-p211
-sV_source
-p212
-(dp213
-VvisState
-p214
-V{"title":"Web Request Header","type":"markdown","params":{"markdown":"The [Bro Network Security Monitor](https://www.bro.org/) is extracting application-level information from raw network packets.  In this example, Bro is extracting HTTP(S) requests being made over the network. "},"aggs":[],"listeners":{}}
-p215
-sVdescription
-p216
-V
-sVtitle
-p217
-VWeb Request Header
-p218
-sVuiStateJSON
-p219
-V{}
-p220
-sVversion
-p221
-I1
-sVkibanaSavedObjectMeta
-p222
-(dp223
-VsearchSourceJSON
-p224
-V{"query":{"query_string":{"query":"*","analyze_wildcard":true}},"filter":[]}
-p225
-sssV_index
-p226
-V.kibana
-p227
-sa(dp228
-V_score
-p229
-F1
-sV_type
-p230
-Vvisualization
-p231
-sV_id
-p232
-VTop-Alerts-By-Host
-p233
-sV_source
-p234
-(dp235
-VvisState
-p236
-V{"title":"New Visualization","type":"table","params":{"perPage":10,"showPartialRows":false,"showMeticsAtAllLevels":false},"aggs":[{"id":"1","type":"count","schema":"metric","params":{}},{"id":"2","type":"terms","schema":"bucket","params":{"field":"ip_src_addr","size":5,"order":"desc","orderBy":"1","customLabel":"Source"}},{"id":"3","type":"terms","schema":"bucket","params":{"field":"ip_dst_addr","size":5,"order":"desc","orderBy":"1","customLabel":"Destination"}}],"listeners":{}}
-p237
-sVdescription
-p238
-V
-sVtitle
-p239
-VTop Alerts By Host
-p240
-sVuiStateJSON
-p241
-V{}
-p242
-sVversion
-p243
-I1
-sVsavedSearchId
-p244
-Vsnort-search
-p245
-sVkibanaSavedObjectMeta
-p246
-(dp247
-VsearchSourceJSON
-p248
-V{"filter":[]}
-p249
-sssV_index
-p250
-V.kibana
-p251
-sa(dp252
-V_score
-p253
-F1
-sV_type
-p254
-Vvisualization
-p255
-sV_id
-p256
-VYAF-Flow(s)
-p257
-sV_source
-p258
-(dp259
-VvisState
-p260
-V{"title":"YAF Flows","type":"metric","params":{"handleNoResults":true,"fontSize":60},"aggs":[{"id":"1","type":"count","schema":"metric","params":{}}],"listeners":{}}
-p261
-sVdescription
-p262
-V
-sVtitle
-p263
-VYAF Flows
-p264
-sVuiStateJSON
-p265
-V{}
-p266
-sVversion
-p267
-I1
-sVkibanaSavedObjectMeta
-p268
-(dp269
-VsearchSourceJSON
-p270
-V{"index":"yaf*","query":{"query_string":{"query":"*","analyze_wildcard":true}},"filter":[]}
-p271
-sssV_index
-p272
-V.kibana
-p273
-sa(dp274
-V_score
-p275
-F1
-sV_type
-p276
-Vvisualization
-p277
-sV_id
-p278
-VTop-DNS-Query
-p279
-sV_source
-p280
-(dp281
-VvisState
-p282
-V{"title":"Top DNS Query","type":"table","params":{"perPage":10,"showPartialRows":false,"showMeticsAtAllLevels":false},"aggs":[{"id":"1","type":"count","schema":"metric","params":{}},{"id":"2","type":"terms","schema":"bucket","params":{"field":"query","size":10,"order":"desc","orderBy":"1"}}],"listeners":{}}
-p283
-sVdescription
-p284
-V
-sVtitle
-p285
-VTop DNS Query
-p286
-sVuiStateJSON
-p287
-V{}
-p288
-sVversion
-p289
-I1
-sVkibanaSavedObjectMeta
-p290
-(dp291
-VsearchSourceJSON
-p292
-V{"index":"bro*","query":{"query_string":{"query":"*","analyze_wildcard":true}},"filter":[]}
-p293
-sssV_index
-p294
-V.kibana
-p295
-sa(dp296
-V_score
-p297
-F1
-sV_type
-p298
-Vvisualization
-p299
-sV_id
-p300
-VTotal-Events
-p301
-sV_source
-p302
-(dp303
-VvisState
-p304
-V{"title":"Event Count","type":"metric","params":{"handleNoResults":true,"fontSize":60},"aggs":[{"id":"1","type":"count","schema":"metric","params":{"customLabel":"Events"}}],"listeners":{}}
-p305
-sVdescription
-p306
-V
-sVtitle
-p307
-VEvent Count
-p308
-sVuiStateJSON
-p309
-V{}
-p310
-sVversion
-p311
-I1
-sVkibanaSavedObjectMeta
-p312
-(dp313
-VsearchSourceJSON
-p314
-V{"index":["yaf*", "bro*", "snort*"],"query":{"query_string":{"query":"*","analyze_wildcard":true}},"filter":[]}
-p315
-sssV_index
-p316
-V.kibana
-p317
-sa(dp318
-V_score
-p319
-F1
-sV_type
-p320
-Vvisualization
-p321
-sV_id
-p322
-VEvent-Types
-p323
-sV_source
-p324
-(dp325
-VvisState
-p326
-V{"title":"Event Sources","type":"pie","params":{"shareYAxis":true,"addTooltip":true,"addLegend":true,"isDonut":false},"aggs":[{"id":"1","type":"count","schema":"metric","params":{}},{"id":"2","type":"terms","schema":"segment","params":{"field":"source:type","size":10,"order":"desc","orderBy":"1"}}],"listeners":{}}
-p327
-sVdescription
-p328
-V
-sVtitle
-p329
-VEvent Sources
-p330
-sVuiStateJSON
-p331
-V{}
-p332
-sVversion
-p333
-I1
-sVkibanaSavedObjectMeta
-p334
-(dp335
-VsearchSourceJSON
-p336
-V{"index":["yaf*", "bro*", "snort*"],"query":{"query_string":{"query":"*","analyze_wildcard":true}},"filter":[]}
-p337
-sssV_index
-p338
-V.kibana
-p339
-sa(dp340
-V_score
-p341
-F1
-sV_type
-p342
-Vvisualization
-p343
-sV_id
-p344
-VUnique-Location(s)
-p345
-sV_source
-p346
-(dp347
-VvisState
-p348
-V{"title":"Geo-IP Locations","type":"metric","params":{"handleNoResults":true,"fontSize":60},"aggs":[{"id":"1","type":"cardinality","schema":"metric","params":{"field":"enrichments:geo:ip_src_addr:locID","customLabel":"Unique Location(s)"}}],"listeners":{}}
-p349
-sVdescription
-p350
-V
-sVtitle
-p351
-VGeo-IP Locations
-p352
-sVuiStateJSON
-p353
-V{}
-p354
-sVversion
-p355
-I1
-sVkibanaSavedObjectMeta
-p356
-(dp357
-VsearchSourceJSON
-p358
-V{"index":["yaf*", "bro*", "snort*"],"query":{"query_string":{"query":"*","analyze_wildcard":true}},"filter":[]}
-p359
-sssV_index
-p360
-V.kibana
-p361
-sa(dp362
-V_score
-p363
-F1
-sV_type
-p364
-Vvisualization
-p365
-sV_id
-p366
-VSnort-Header
-p367
-sV_source
-p368
-(dp369
-VvisState
-p370
-V{"title":"Snort","type":"markdown","params":{"markdown":"[Snort](https://www.snort.org/) is a Network Intrusion Detection System (NIDS) that is being used to generate alerts identifying known bad events.  Snort relies on a fixed set of rules that act as signatures for identifying abnormal events."},"aggs":[],"listeners":{}}
-p371
-sVdescription
-p372
-V
-sVtitle
-p373
-VSnort
-p374
-sVuiStateJSON
-p375
-V{}
-p376
-sVversion
-p377
-I1
-sVkibanaSavedObjectMeta
-p378
-(dp379
-VsearchSourceJSON
-p380
-V{"query":{"query_string":{"query":"*","analyze_wildcard":true}},"filter":[]}
-p381
-sssV_index
-p382
-V.kibana
-p383
-sa(dp384
-V_score
-p385
-F1
-sV_type
-p386
-Vdashboard
-p387
-sV_id
-p388
-VMetron-Dashboard
-p389
-sV_source
-p390
-(dp391
-Vhits
-p392
-I0
-sVtimeRestore
-p393
-I00
-sVdescription
-p394
-V
-sVtitle
-p395
-VMetron Dashboard
-p396
-sVuiStateJSON
-p397
-V{"P-23":{"spy":{"mode":{"name":null,"fill":false}}},"P-34":{"vis":{"legendOpen":false}}}
-p398
-sVpanelsJSON
-p399
-V[{"col":1,"id":"Welcome","panelIndex":30,"row":1,"size_x":11,"size_y":2,"type":"visualization"},{"col":1,"id":"Total-Events","panelIndex":6,"row":3,"size_x":3,"size_y":2,"type":"visualization"},{"col":4,"id":"Events","panelIndex":16,"row":3,"size_x":8,"size_y":4,"type":"visualization"},{"col":1,"id":"Event-Types","panelIndex":15,"row":5,"size_x":3,"size_y":2,"type":"visualization"},{"col":1,"id":"Location-Header","panelIndex":24,"row":7,"size_x":3,"size_y":2,"type":"visualization"},{"col":1,"id":"Unique-Location(s)","panelIndex":23,"row":9,"size_x":3,"size_y":2,"type":"visualization"},{"col":4,"id":"Flow-Locations","panelIndex":32,"row":7,"size_x":8,"size_y":6,"type":"visualization"},{"col":1,"id":"Country","panelIndex":8,"row":11,"size_x":3,"size_y":2,"type":"visualization"},{"col":1,"id":"YAF-Flows-Header","panelIndex":27,"row":13,"size_x":3,"size_y":2,"type":"visualization"},{"col":1,"id":"YAF-Flow(s)","panelIndex":21,"row":15,"size_x":3,"size_y":2,"type":"visualization"},{"col"
 :4,"columns":["ip_src_addr","ip_src_port","ip_dst_addr","ip_dst_port","protocol","duration","pkt"],"id":"yaf-search","panelIndex":20,"row":13,"size_x":8,"size_y":6,"sort":["duration","desc"],"type":"search"},{"col":1,"id":"Flow-Duration","panelIndex":31,"row":17,"size_x":3,"size_y":2,"type":"visualization"},{"col":1,"id":"Snort-Header","panelIndex":25,"row":19,"size_x":3,"size_y":2,"type":"visualization"},{"col":4,"columns":["msg","sig_id","ip_src_addr","ip_src_port","ip_dst_addr","ip_dst_port"],"id":"snort-search","panelIndex":3,"row":19,"size_x":8,"size_y":6,"sort":["timestamp","desc"],"type":"search"},{"col":1,"id":"Snort-Alert-Types","panelIndex":10,"row":21,"size_x":3,"size_y":2,"type":"visualization"},{"col":1,"id":"Top-Alerts-By-Host","panelIndex":19,"row":23,"size_x":3,"size_y":2,"type":"visualization"},{"col":1,"id":"Web-Request-Header","panelIndex":26,"row":25,"size_x":3,"size_y":2,"type":"visualization"},{"col":4,"columns":["method","host","uri","referrer","user_agent","i
 p_src_addr","ip_dst_addr"],"id":"web-search","panelIndex":4,"row":25,"size_x":8,"size_y":6,"sort":["timestamp","desc"],"type":"search"},{"col":1,"id":"HTTP(S)-Requests","panelIndex":17,"row":27,"size_x":3,"size_y":2,"type":"visualization"},{"col":1,"id":"DNS-Requests-Header","panelIndex":29,"row":31,"size_x":3,"size_y":2,"type":"visualization"},{"col":4,"columns":["query","qtype_name","answers","ip_src_addr","ip_dst_addr"],"id":"dns-search","panelIndex":5,"row":31,"size_x":8,"size_y":6,"sort":["timestamp","desc"],"type":"search"},{"col":1,"id":"DNS-Request(s)","panelIndex":14,"row":33,"size_x":3,"size_y":2,"type":"visualization"},{"col":1,"id":"Web-Request-Type","panelIndex":33,"row":29,"size_x":3,"size_y":2,"type":"visualization"}]
-p400
-sVoptionsJSON
-p401
-V{"darkTheme":false}
-p402
-sVversion
-p403
-I1
-sVkibanaSavedObjectMeta
-p404
-(dp405
-VsearchSourceJSON
-p406
-V{"filter":[{"query":{"query_string":{"analyze_wildcard":true,"query":"*"}}}]}
-p407
-sssV_index
-p408
-V.kibana
-p409
-sa(dp410
-V_score
-p411
-F1
-sV_type
-p412
-Vvisualization
-p413
-sV_id
-p414
-VSnort-Alert-Types
-p415
-sV_source
-p416
-(dp417
-VvisState
-p418
-V{"title":"Snort Alert Types","type":"metric","params":{"handleNoResults":true,"fontSize":60},"aggs":[{"id":"1","type":"cardinality","schema":"metric","params":{"field":"sig_id","customLabel":"Alert Type(s)"}}],"listeners":{}}
-p419
-sVdescription
-p420
-V
-sVtitle
-p421
-VSnort Alert Types
-p422
-sVuiStateJSON
-p423
-V{}
-p424
-sVversion
-p425
-I1
-sVkibanaSavedObjectMeta
-p426
-(dp427
-VsearchSourceJSON
-p428
-V{"index":"snort*","query":{"query_string":{"query":"*","analyze_wildcard":true}},"filter":[]}
-p429
-sssV_index
-p430
-V.kibana
-p431
-sa(dp432
-V_score
-p433
-F1
-sV_type
-p434
-Vvisualization
-p435
-sV_id
-p436
-VFrequent-DNS-Queries
-p437
-sV_source
-p438
-(dp439
-VvisState
-p440
-V{"title":"Frequent DNS Requests","type":"table","params":{"perPage":10,"showPartialRows":false,"showMeticsAtAllLevels":false},"aggs":[{"id":"1","type":"count","schema":"metric","params":{}},{"id":"2","type":"terms","schema":"bucket","params":{"field":"query","size":5,"order":"desc","orderBy":"1"}}],"listeners":{}}
-p441
-sVdescription
-p442
-V
-sVtitle
-p443
-VFrequent DNS Requests
-p444
-sVuiStateJSON
-p445
-V{}
-p446
-sVversion
-p447
-I1
-sVkibanaSavedObjectMeta
-p448
-(dp449
-VsearchSourceJSON
-p450
-V{"index":"bro*","query":{"query_string":{"query":"*","analyze_wildcard":true}},"filter":[]}
-p451
-sssV_index
-p452
-V.kibana
-p453
-sa(dp454
-V_score
-p455
-F1
-sV_type
-p456
-Vvisualization
-p457
-sV_id
-p458
-VLocation-Header
-p459
-sV_source
-p460
-(dp461
-VvisState
-p462
-V{"title":"Enrichment","type":"markdown","params":{"markdown":"Apache Metron can perform real-time enrichment of telemetry data as it is consumed. To highlight this feature, all of the IP address fields collected from the default sensor suite were used to perform geo-ip lookups.  This data was then used to pinpoint each location on the map."},"aggs":[],"listeners":{}}
-p463
-sVdescription
-p464
-V
-sVtitle
-p465
-VEnrichment
-p466
-sVuiStateJSON
-p467
-V{}
-p468
-sVversion
-p469
-I1
-sVkibanaSavedObjectMeta
-p470
-(dp471
-VsearchSourceJSON
-p472
-V{"query":{"query_string":{"query":"*","analyze_wildcard":true}},"filter":[]}
-p473
-sssV_index
-p474
-V.kibana
-p475
-sa(dp476
-V_score
-p477
-F1
-sV_type
-p478
-Vsearch
-p479
-sV_id
-p480
-Vweb-search
-p481
-sV_source
-p482
-(dp483
-Vsort
-p484
-(lp485
-Vtimestamp
-p486
-aVdesc
-p487
-asVhits
-p488
-I0
-sVdescription
-p489
-V
-sVtitle
-p490
-VWeb Requests
-p491
-sVversion
-p492
-I1
-sVkibanaSavedObjectMeta
-p493
-(dp494
-VsearchSourceJSON
-p495
-V{"index":"bro*","query":{"query_string":{"query":"protocol: http OR protocol: https","analyze_wildcard":true}},"filter":[],"highlight":{"pre_tags":["@kibana-highlighted-field@"],"post_tags":["@/kibana-highlighted-field@"],"fields":{"*":{}},"require_field_match":false,"fragment_size":2147483647}}
-p496
-ssVcolumns
-p497
-(lp498
-Vmethod
-p499
-aVhost
-p500
-aVuri
-p501
-aVreferrer
-p502
-aVip_src_addr
-p503
-aVip_dst_addr
-p504
-assV_index
-p505
-V.kibana
-p506
-sa(dp507
-V_score
-p508
-F1
-sV_type
-p509
-Vindex-pattern
-p510
-sV_id
-p511
-Vsnort*
-p512
-sV_source
-p513
-(dp514
-Vfields
-p515
-V[{"name":"msg","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":true,"doc_values":false},{"name":"enrichments:geo:ip_dst_addr:location_point","type":"geo_point","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"dgmlen","type":"number","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"enrichments:geo:ip_src_addr:longitude","type":"number","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"enrichmentjoinbolt:joiner:ts","type":"date","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"enrichments:geo:ip_src_addr:dmaCode","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"adapter:geoadapter:begin:ts","type":"date","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"tcpack","type":"string","count":0,"scripted":false,"indexed":true,"analyze
 d":true,"doc_values":false},{"name":"protocol","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"adapter:threatinteladapter:end:ts","type":"date","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"enrichments:geo:ip_src_addr:locID","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"original_string","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":true,"doc_values":false},{"name":"adapter:geoadapter:end:ts","type":"date","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"id","type":"number","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"enrichments:geo:ip_src_addr:location_point","type":"geo_point","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"enrichmentsplitterbolt:splitter:end:ts","type":"date","count":0,"scr
 ipted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"enrichments:geo:ip_dst_addr:city","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"adapter:hostfromjsonlistadapter:begin:ts","type":"date","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"enrichments:geo:ip_src_addr:postalCode","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"ethlen","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"threat:triage:level","type":"number","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"tcpflags","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":true,"doc_values":false},{"name":"adapter:threatinteladapter:begin:ts","type":"date","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"_source","type"
 :"_source","count":0,"scripted":false,"indexed":false,"analyzed":false,"doc_values":false},{"name":"enrichments:geo:ip_dst_addr:country","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"enrichments:geo:ip_dst_addr:locID","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"_index","type":"string","count":0,"scripted":false,"indexed":false,"analyzed":false,"doc_values":false},{"name":"ip_dst_port","type":"number","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"threatinteljoinbolt:joiner:ts","type":"date","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"enrichments:geo:ip_dst_addr:dmaCode","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"sig_rev","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":true,"doc_values":false},{"name":"ethsrc
 ","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"tcpseq","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":true,"doc_values":false},{"name":"enrichmentsplitterbolt:splitter:begin:ts","type":"date","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"tcpwindow","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":true,"doc_values":false},{"name":"enrichments:geo:ip_dst_addr:latitude","type":"number","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"source:type","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"ip_dst_addr","type":"ip","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"adapter:hostfromjsonlistadapter:end:ts","type":"date","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"tos","type":"n
 umber","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"ip_src_addr","type":"ip","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"threatintelsplitterbolt:splitter:end:ts","type":"date","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"enrichments:geo:ip_src_addr:latitude","type":"number","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"enrichments:geo:ip_dst_addr:longitude","type":"number","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"timestamp","type":"date","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"ethdst","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"enrichments:geo:ip_dst_addr:postalCode","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"
 is_alert","type":"boolean","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"enrichments:geo:ip_src_addr:country","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"ttl","type":"number","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"iplen","type":"number","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"ip_src_port","type":"number","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"threatintelsplitterbolt:splitter:begin:ts","type":"date","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"sig_id","type":"number","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"sig_generator","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"enrichments:geo:ip_src_addr:city","t
 ype":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"_id","type":"string","count":0,"scripted":false,"indexed":false,"analyzed":false,"doc_values":false},{"name":"_type","type":"string","count":0,"scripted":false,"indexed":false,"analyzed":false,"doc_values":false},{"name":"_score","type":"number","count":0,"scripted":false,"indexed":false,"analyzed":false,"doc_values":false}]
-p516
-sVtimeFieldName
-p517
-Vtimestamp
-p518
-sVtitle
-p519
-Vsnort*
-p520
-ssV_index
-p521
-V.kibana
-p522
-sa(dp523
-V_score
-p524
-F1
-sV_type
-p525
-Vindex-pattern
-p526
-sV_id
-p527
-Vyaf*
-p528
-sV_source
-p529
-(dp530
-Vfields
-p531
-V[{"name":"enrichments:geo:ip_dst_addr:location_point","type":"geo_point","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"isn","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"enrichmentjoinbolt:joiner:ts","type":"date","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"dip","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"adapter:geoadapter:begin:ts","type":"date","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"dp","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"protocol","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":true,"doc_values":false},{"name":"rpkt","type":"number","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"original_string","type":"strin
 g","count":0,"scripted":false,"indexed":true,"analyzed":true,"doc_values":false},{"name":"adapter:threatinteladapter:end:ts","type":"date","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"adapter:geoadapter:end:ts","type":"date","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"tag","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"app","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"oct","type":"number","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"end_reason","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":true,"doc_values":false},{"name":"enrichmentsplitterbolt:splitter:end:ts","type":"date","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"enrichments:geo:ip_dst_addr:city","type":"string","count":0,"sc
 ripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"adapter:hostfromjsonlistadapter:begin:ts","type":"date","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"start_time","type":"date","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"riflags","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":true,"doc_values":false},{"name":"proto","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"adapter:threatinteladapter:begin:ts","type":"date","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"_source","type":"_source","count":0,"scripted":false,"indexed":false,"analyzed":false,"doc_values":false},{"name":"enrichments:geo:ip_dst_addr:country","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"enrichments:geo:ip_dst_addr:locID","type":"string","
 count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"iflags","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"_index","type":"string","count":0,"scripted":false,"indexed":false,"analyzed":false,"doc_values":false},{"name":"ip_dst_port","type":"number","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"enrichments:geo:ip_dst_addr:dmaCode","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"threatinteljoinbolt:joiner:ts","type":"date","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"uflags","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"enrichmentsplitterbolt:splitter:begin:ts","type":"date","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"enrichments:geo:ip_dst_addr:latitude","type":
 "number","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"duration","type":"number","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"source:type","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"ip_dst_addr","type":"ip","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"pkt","type":"number","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"adapter:hostfromjsonlistadapter:end:ts","type":"date","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"ruflags","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"roct","type":"number","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"sip","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_value
 s":true},{"name":"sp","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"ip_src_addr","type":"ip","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"rtag","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"threatintelsplitterbolt:splitter:end:ts","type":"date","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"enrichments:geo:ip_dst_addr:longitude","type":"number","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"timestamp","type":"date","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"end-reason","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":true,"doc_values":false},{"name":"risn","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"end_time","type":"date","count"
 :0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"enrichments:geo:ip_dst_addr:postalCode","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"rtt","type":"number","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"ip_src_port","type":"number","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"threatintelsplitterbolt:splitter:begin:ts","type":"date","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"_id","type":"string","count":0,"scripted":false,"indexed":false,"analyzed":false,"doc_values":false},{"name":"_type","type":"string","count":0,"scripted":false,"indexed":false,"analyzed":false,"doc_values":false},{"name":"_score","type":"number","count":0,"scripted":false,"indexed":false,"analyzed":false,"doc_values":false}]
-p532
-sVtimeFieldName
-p533
-Vtimestamp
-p534
-sVtitle
-p535
-Vyaf*
-p536
-ssV_index
-p537
-V.kibana
-p538
-sa(dp539
-V_score
-p540
-F1
-sV_type
-p541
-Vvisualization
-p542
-sV_id
-p543
-VDNS-Request(s)
-p544
-sV_source
-p545
-(dp546
-VvisState
-p547
-V{"title":"DNS Requests","type":"metric","params":{"handleNoResults":true,"fontSize":60},"aggs":[{"id":"1","type":"count","schema":"metric","params":{}}],"listeners":{}}
-p548
-sVdescription
-p549
-V
-sVtitle
-p550
-VDNS Requests
-p551
-sVuiStateJSON
-p552
-V{}
-p553
-sVversion
-p554
-I1
-sVsavedSearchId
-p555
-Vdns-search
-p556
-sVkibanaSavedObjectMeta
-p557
-(dp558
-VsearchSourceJSON
-p559
-V{"filter":[]}
-p560
-sssV_index
-p561
-V.kibana
-p562
-sa(dp563
-V_score
-p564
-F1
-sV_type
-p565
-Vvisualization
-p566
-sV_id
-p567
-VHTTP(S)-Requests
-p568
-sV_source
-p569
-(dp570
-VvisState
-p571
-V{"title":"Web Requests","type":"metric","params":{"handleNoResults":true,"fontSize":60},"aggs":[{"id":"1","type":"count","schema":"metric","params":{}}],"listeners":{}}
-p572
-sVdescription
-p573
-V
-sVtitle
-p574
-VWeb Requests
-p575
-sVuiStateJSON
-p576
-V{}
-p577
-sVversion
-p578
-I1
-sVsavedSearchId
-p579
-Vweb-search
-p580
-sVkibanaSavedObjectMeta
-p581
-(dp582
-VsearchSourceJSON
-p583
-V{"filter":[]}
-p584
-sssV_index
-p585
-V.kibana
-p586
-sa(dp587
-V_score
-p588
-F1
-sV_type
-p589
-Vsearch
-p590
-sV_id
-p591
-Vdns-search
-p592
-sV_source
-p593
-(dp594
-Vsort
-p595
-(lp596
-Vtimestamp
-p597
-aVdesc
-p598
-asVhits
-p599
-I0
-sVdescription
-p600
-V
-sVtitle
-p601
-VDNS Requests
-p602
-sVversion
-p603
-I1
-sVkibanaSavedObjectMeta
-p604
-(dp605
-VsearchSourceJSON
-p606
-V{"index":"bro*","query":{"query_string":{"query":"protocol: dns","analyze_wildcard":true}},"filter":[],"highlight":{"pre_tags":["@kibana-highlighted-field@"],"post_tags":["@/kibana-highlighted-field@"],"fields":{"*":{}},"require_field_match":false,"fragment_size":2147483647}}
-p607
-ssVcolumns
-p608
-(lp609
-Vquery
-p610
-aVqtype_name
-p611
-aVanswers
-p612
-aVip_src_addr
-p613
-aVip_dst_addr
-p614
-assV_index
-p615
-V.kibana
-p616
-sa(dp617
-V_score
-p618
-F1
-sV_type
-p619
-Vvisualization
-p620
-sV_id
-p621
-VFlow-Locations
-p622
-sV_source
-p623
-(dp624
-VvisState
-p625
-V{"title":"New Visualization","type":"tile_map","params":{"mapType":"Scaled Circle Markers","isDesaturated":true,"addTooltip":true,"heatMaxZoom":16,"heatMinOpacity":0.1,"heatRadius":25,"heatBlur":15,"heatNormalizeData":true,"wms":{"enabled":false,"url":"https://basemap.nationalmap.gov/arcgis/services/USGSTopo/MapServer/WMSServer","options":{"version":"1.3.0","layers":"0","format":"image/png","transparent":true,"attribution":"Maps provided by USGS","styles":""}}},"aggs":[{"id":"1","type":"count","schema":"metric","params":{}},{"id":"2","type":"geohash_grid","schema":"segment","params":{"field":"enrichments:geo:ip_dst_addr:location_point","autoPrecision":true,"precision":2}}],"listeners":{}}
-p626
-sVdescription
-p627
-V
-sVtitle
-p628
-VFlow Locations
-p629
-sVuiStateJSON
-p630
-V{}
-p631
-sVversion
-p632
-I1
-sVkibanaSavedObjectMeta
-p633
-(dp634
-VsearchSourceJSON
-p635
-V{"index":["yaf*", "bro*", "snort*"],"query":{"query_string":{"query":"*","analyze_wildcard":true}},"filter":[]}
-p636
-sssV_index
-p637
-V.kibana
-p638
-sa(dp639
-V_score
-p640
-F1
-sV_type
-p641
-Vvisualization
-p642
-sV_id
-p643
-VUnusual-Referrers
-p644
-sV_source
-p645
-(dp646
-VvisState
-p647
-V{"title":"Unusual Referrers","type":"table","params":{"perPage":10,"showPartialRows":false,"showMeticsAtAllLevels":false},"aggs":[{"id":"1","type":"count","schema":"metric","params":{}},{"id":"2","type":"significant_terms","schema":"bucket","params":{"field":"referrer","size":5,"customLabel":"Top 5 Unusual Referrers"}}],"listeners":{}}
-p648
-sVdescription
-p649
-V
-sVtitle
-p650
-VUnusual Referrers
-p651
-sVuiStateJSON
-p652
-V{}
-p653
-sVversion
-p654
-I1
-sVsavedSearchId
-p655
-Vweb-search
-p656
-sVkibanaSavedObjectMeta
-p657
-(dp658
-VsearchSourceJSON
-p659
-V{"filter":[]}
-p660
-sssV_index
-p661
-V.kibana
-p662
-sa(dp663
-V_score
-p664
-F1
-sV_type
-p665
-Vvisualization
-p666
-sV_id
-p667
-VFrequent-DNS-Requests
-p668
-sV_source
-p669
-(dp670
-VvisState
-p671
-V{"title":"Frequent DNS Requests","type":"table","params":{"perPage":10,"showPartialRows":false,"showMeticsAtAllLevels":false},"aggs":[{"id":"1","type":"count","schema":"metric","params":{}},{"id":"2","type":"terms","schema":"bucket","params":{"field":"query","size":5,"order":"desc","orderBy":"1","customLabel":"DNS Query"}}],"listeners":{}}
-p672
-sVdescription
-p673
-V
-sVtitle
-p674
-VFrequent DNS Requests
-p675
-sVuiStateJSON
-p676
-V{}
-p677
-sVversion
-p678
-I1
-sVkibanaSavedObjectMeta
-p679
-(dp680
-VsearchSourceJSON
-p681
-V{"index":"bro*","query":{"query_string":{"query":"*","analyze_wildcard":true}},"filter":[]}
-p682
-sssV_index
-p683
-V.kibana
-p684
-sa(dp685
-V_score
-p686
-F1
-sV_type
-p687
-Vvisualization
-p688
-sV_id
-p689
-VCountry
-p690
-sV_source
-p691
-(dp692
-VvisState
-p693
-V{"title":"By Country","type":"pie","params":{"shareYAxis":true,"addTooltip":true,"addLegend":true,"isDonut":false},"aggs":[{"id":"1","type":"count","schema":"metric","params":{}},{"id":"2","type":"terms","schema":"segment","params":{"field":"enrichments:geo:ip_src_addr:country","size":5,"order":"desc","orderBy":"1"}}],"listeners":{}}
-p694
-sVdescription
-p695
-V
-sVtitle
-p696
-VBy Country
-p697
-sVuiStateJSON
-p698
-V{}
-p699
-sVversion
-p700
-I1
-sVkibanaSavedObjectMeta
-p701
-(dp702
-VsearchSourceJSON
-p703
-V{"index":["yaf*", "bro*", "snort*"],"query":{"query_string":{"query":"*","analyze_wildcard":true}},"filter":[]}
-p704
-sssV_index
-p705
-V.kibana
-p706
-sa(dp707
-V_score
-p708
-F1
-sV_type
-p709
-Vvisualization
-p710
-sV_id
-p711
-VTop-Destinations
-p712
-sV_source
-p713
-(dp714
-VvisState
-p715
-V{"title":"Top Destinations","type":"table","params":{"perPage":10,"showPartialRows":false,"showMeticsAtAllLevels":false},"aggs":[{"id":"1","type":"count","schema":"metric","params":{}},{"id":"2","type":"terms","schema":"bucket","params":{"field":"ip_dst_addr","size":10,"order":"desc","orderBy":"1","customLabel":"Destination IP"}}],"listeners":{}}
-p716
-sVdescription
-p717
-V
-sVtitle
-p718
-VTop Destinations
-p719
-sVuiStateJSON
-p720
-V{}
-p721
-sVversion
-p722
-I1
-sVkibanaSavedObjectMeta
-p723
-(dp724
-VsearchSourceJSON
-p725
-V{"index":["yaf*", "bro*", "snort*"],"query":{"query_string":{"query":"*","analyze_wildcard":true}},"filter":[]}
-p726
-sssV_index
-p727
-V.kibana
-p728
-sa(dp729
-V_score
-p730
-F1
-sV_type
-p731
-Vvisualization
-p732
-sV_id
-p733
-VDNS-Requests-Header
-p734
-sV_source
-p735
-(dp736
-VvisState
-p737
-V{"aggs":[],"listeners":{},"params":{"markdown":"[Bro](https://www.bro.org/) is extracting DNS requests and responses being made over the network. Understanding who is making those requests, the frequency, and types can provide a deep understanding of the actors present on the network."},"title":"DNS Requests","type":"markdown"}
-p738
-sVdescription
-p739
-V
-sVtitle
-p740
-VDNS Requests
-p741
-sVuiStateJSON
-p742
-V{}
-p743
-sVversion
-p744
-I1
-sVkibanaSavedObjectMeta
-p745
-(dp746
-VsearchSourceJSON
-p747
-V{"query":{"query_string":{"analyze_wildcard":true,"query":"*"}},"filter":[]}
-p748
-sssV_index
-p749
-V.kibana
-p750
-sa(dp751
-V_score
-p752
-F1
-sV_type
-p753
-Vvisualization
-p754
-sV_id
-p755
-VYAF-Flows-Header
-p756
-sV_source
-p757
-(dp758
-VvisState
-p759
-V{"title":"YAF","type":"markdown","params":{"markdown":"[YAF](https://tools.netsa.cert.org/yaf/yaf.html) can be used to generate Netflow-like flow records.  These flow records provide significant visibility of the actors communicating over the target network."},"aggs":[],"listeners":{}}
-p760
-sVdescription
-p761
-V
-sVtitle
-p762
-VYAF
-p763
-sVuiStateJSON
-p764
-V{}
-p765
-sVversion
-p766
-I1
-sVkibanaSavedObjectMeta
-p767
-(dp768
-VsearchSourceJSON
-p769
-V{"query":{"query_string":{"analyze_wildcard":true,"query":"*"}},"filter":[]}
-p770
-sssV_index
-p771
-V.kibana
-p772
-sa.
\ No newline at end of file


Mime
View raw message