metron-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From l...@apache.org
Subject incubator-metron git commit: METRON-903 Create a connections report in Zeppelin (justinleet) closes apache/incubator-metron#556
Date Thu, 04 May 2017 11:56:37 GMT
Repository: incubator-metron
Updated Branches:
  refs/heads/master 1d27a32d5 -> 38d26d432


METRON-903 Create a connections report in Zeppelin (justinleet) closes apache/incubator-metron#556


Project: http://git-wip-us.apache.org/repos/asf/incubator-metron/repo
Commit: http://git-wip-us.apache.org/repos/asf/incubator-metron/commit/38d26d43
Tree: http://git-wip-us.apache.org/repos/asf/incubator-metron/tree/38d26d43
Diff: http://git-wip-us.apache.org/repos/asf/incubator-metron/diff/38d26d43

Branch: refs/heads/master
Commit: 38d26d4328eee058b3515dae38e02565a4669f4e
Parents: 1d27a32
Author: justinleet <justinjleet@gmail.com>
Authored: Thu May 4 07:55:52 2017 -0400
Committer: leet <leet@apache.org>
Committed: Thu May 4 07:55:52 2017 -0400

----------------------------------------------------------------------
 metron-deployment/packaging/docker/rpm-docker/SPECS/metron.spec   | 3 +++
 .../src/main/config/zeppelin/metron/metron-connection-report.json | 1 +
 2 files changed, 4 insertions(+)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/incubator-metron/blob/38d26d43/metron-deployment/packaging/docker/rpm-docker/SPECS/metron.spec
----------------------------------------------------------------------
diff --git a/metron-deployment/packaging/docker/rpm-docker/SPECS/metron.spec b/metron-deployment/packaging/docker/rpm-docker/SPECS/metron.spec
index c435c6c..eb30cac 100644
--- a/metron-deployment/packaging/docker/rpm-docker/SPECS/metron.spec
+++ b/metron-deployment/packaging/docker/rpm-docker/SPECS/metron.spec
@@ -264,6 +264,7 @@ This package installs the Metron Indexing files
 %{metron_home}/config/zookeeper/indexing/asa.json
 %{metron_home}/config/zookeeper/indexing/error.json
 %{metron_home}/config/zeppelin/metron/metron-yaf-telemetry.json
+%{metron_home}/config/zeppelin/metron/metron-connection-report.json
 
 # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
@@ -365,6 +366,8 @@ This package installs the Metron Management UI %{metron_home}
 # ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 %changelog
+* Fri Apr 28 2017 Apache Metron <dev@metron.apache.org> - 0.4.0
+- Add Zeppelin Connection Report Dashboard
 * Thu Jan 19 2017 Justin Leet <justinjleet@gmail.com> - 0.3.1
 - Replace GeoIP files with new implementation
 * Thu Nov 03 2016 David Lyle <dlyle65535@gmail.com> - 0.2.1

http://git-wip-us.apache.org/repos/asf/incubator-metron/blob/38d26d43/metron-platform/metron-indexing/src/main/config/zeppelin/metron/metron-connection-report.json
----------------------------------------------------------------------
diff --git a/metron-platform/metron-indexing/src/main/config/zeppelin/metron/metron-connection-report.json
b/metron-platform/metron-indexing/src/main/config/zeppelin/metron/metron-connection-report.json
new file mode 100644
index 0000000..0f14d5c
--- /dev/null
+++ b/metron-platform/metron-indexing/src/main/config/zeppelin/metron/metron-connection-report.json
@@ -0,0 +1 @@
+{"paragraphs":[{"text":"%spark.sql\n\n#\n# load the Yaf telemetry that has been archived
by Metron\n#\ncreate temporary table yaf\n  using org.apache.spark.sql.json\n  options (path
\"hdfs:///apps/metron/indexing/indexed/yaf\")","dateUpdated":"2017-05-02T00:17:09+0000","config":{"colWidth":12,"graph":{"mode":"table","height":300,"optionOpen":false,"keys":[],"values":[],"groups":[],"scatter":{}},"enabled":true,"editorMode":"ace/mode/sql"},"settings":{"params":{},"forms":{}},"jobName":"paragraph_1493670038892_607547570","id":"20170428-112507_2084067902","result":{"code":"SUCCESS","type":"TEXT","msg":""},"dateCreated":"2017-05-01T08:20:38+0000","dateStarted":"2017-05-02T00:17:09+0000","dateFinished":"2017-05-02T00:17:10+0000","status":"FINISHED","progressUpdateIntervalMs":500,"$$hashKey":"object:109","focus":true},{"text":"%spark.sql\n\n#\n#
load the Bro telemetry that has been archived by Metron\n#\ncreate temporary table bro\n 
using org.apache.spark.sql.json\n  options (path \"hd
 fs:///apps/metron/indexing/indexed/bro\")","dateUpdated":"2017-05-02T00:17:09+0000","config":{"colWidth":12,"graph":{"mode":"table","height":300,"optionOpen":false,"keys":[],"values":[],"groups":[],"scatter":{}},"enabled":true,"editorMode":"ace/mode/sql"},"settings":{"params":{},"forms":{}},"jobName":"paragraph_1493670038899_618705289","id":"20170428-112518_1452220159","result":{"code":"SUCCESS","type":"TEXT","msg":""},"dateCreated":"2017-05-01T08:20:38+0000","dateStarted":"2017-05-02T00:17:09+0000","dateFinished":"2017-05-02T00:17:10+0000","status":"FINISHED","progressUpdateIntervalMs":500,"$$hashKey":"object:110","focus":true},{"text":"%spark.sql\n\n#\n#
load the Snort telemetry that has been archived by Metron\n#\ncreate temporary table snort\n
 using org.apache.spark.sql.json\n  options (path \"hdfs:///apps/metron/indexing/indexed/snort\")","dateUpdated":"2017-05-02T00:17:09+0000","config":{"colWidth":12,"graph":{"mode":"table","height":300,"optionOpen":false,"keys":[],"values":
 [],"groups":[],"scatter":{}},"enabled":true,"editorMode":"ace/mode/sql"},"settings":{"params":{},"forms":{}},"jobName":"paragraph_1493670038899_618705289","id":"20170428-112536_146360703","result":{"code":"SUCCESS","type":"TEXT","msg":""},"dateCreated":"2017-05-01T08:20:38+0000","dateStarted":"2017-05-02T00:17:10+0000","dateFinished":"2017-05-02T00:17:11+0000","status":"FINISHED","progressUpdateIntervalMs":500,"$$hashKey":"object:111","focus":true},{"text":"%md\n\n###
Top Connections - Yaf\n\nThe number of connections made between IPs, ordered from highest
to lowest.\n\nThis may be filtered by a providing a start and end filter, along with a date_format
as specified by [Customizing Formats](http://docs.oracle.com/javase/tutorial/i18n/format/simpleDateFormat.html).\nThe
default format is yyyy-MM-dd HH:mm:ss","dateUpdated":"2017-05-02T11:39:56+0000","config":{"colWidth":12,"editorMode":"ace/mode/scala","graph":{"mode":"table","height":300,"optionOpen":false,"keys":[],"values":[],"grou
 ps":[],"scatter":{}},"enabled":true},"settings":{"params":{},"forms":{}},"jobName":"paragraph_1493670038902_617551042","id":"20170428-124415_505253984","result":{"code":"SUCCESS","type":"HTML","msg":"<h3>Top
Connections - Yaf</h3>\n<p>The number of connections made between IPs, ordered
from highest to lowest.</p>\n<p>This may be filtered by a providing a start and
end filter, along with a date_format as specified by <a href=\"http://docs.oracle.com/javase/tutorial/i18n/format/simpleDateFormat.html\">Customizing
Formats</a>\n<br  />The default format is yyyy-MM-dd HH:mm:ss</p>\n"},"dateCreated":"2017-05-01T08:20:38+0000","dateStarted":"2017-05-02T00:17:09+0000","dateFinished":"2017-05-02T00:17:12+0000","status":"FINISHED","progressUpdateIntervalMs":500,"$$hashKey":"object:112"},{"text":"%spark.sql\n\nSELECT\n
   ip_src_addr,\n    ip_dst_addr,\n    COUNT(*) AS count\nFROM\n    yaf\nWHERE timestamp BETWEEN\n
   (unix_timestamp(CASE WHEN '${start}' = '' then '1900-01-01 00:00:00' else '
 ${start}' END, '${date_format=yyyy-MM-dd HH:mm:ss}') * 1000) AND\n    (unix_timestamp(CASE
WHEN '${end}' = '' then from_unixtime(unix_timestamp()) else '${end}' END, '${date_format=yyyy-MM-dd
HH:mm:ss}') * 1000)\nGROUP BY ip_src_addr, ip_dst_addr\nORDER BY COUNT(*) DESC\n\n","dateUpdated":"2017-05-02T00:17:09+0000","config":{"colWidth":12,"editorMode":"ace/mode/sql","graph":{"mode":"table","height":300,"optionOpen":false,"keys":[{"name":"ip_src_addr","index":0,"aggr":"sum"}],"values":[{"name":"ip_dst_addr","index":1,"aggr":"sum"}],"groups":[],"scatter":{"xAxis":{"name":"ip_src_addr","index":0,"aggr":"sum"},"yAxis":{"name":"ip_dst_addr","index":1,"aggr":"sum"}}},"enabled":true},"settings":{"params":{"start":"","end":"","date_format":"yyyy-MM-dd
HH:mm:ss","yyyy-MM-dd HH:mm:ss":""},"forms":{"start":{"name":"start","defaultValue":"","hidden":false},"date_format":{"name":"date_format","defaultValue":"yyyy-MM-dd
HH:mm:ss","hidden":false},"end":{"name":"end","defaultValue":"","hidden":fals
 e}}},"jobName":"paragraph_1493670038902_617551042","id":"20170428-112604_1206608049","result":{"code":"SUCCESS","type":"TABLE","msg":"ip_src_addr\tip_dst_addr\tcount\n62.75.195.236\t192.168.138.158\t210\n192.168.66.1\t192.168.66.121\t182\n192.168.66.121\t192.168.66.1\t131\n192.168.138.158\t62.75.195.236\t112\n192.168.138.158\t95.163.121.204\t37\n72.34.49.86\t192.168.138.158\t37\n192.168.138.158\t72.34.49.86\t28\n95.163.121.204\t192.168.138.158\t27\n192.168.138.158\t204.152.254.221\t16\n204.152.254.221\t192.168.138.158\t14\n192.168.138.158\t188.165.164.184\t7\n192.168.138.158\t192.168.138.2\t6\n192.168.138.2\t192.168.138.158\t4\n188.165.164.184\t192.168.138.158\t3\n192.168.66.1\t224.0.0.251\t1\n","comment":"","msgTable":[[{"key":"ip_dst_addr","value":"62.75.195.236"},{"key":"ip_dst_addr","value":"192.168.138.158"},{"key":"ip_dst_addr","value":"210"}],[{"key":"count","value":"192.168.66.1"},{"key":"count","value":"192.168.66.121"},{"key":"count","value":"182"}],[{"value":"192.168.66.1
 21"},{"value":"192.168.66.1"},{"value":"131"}],[{"value":"192.168.138.158"},{"value":"62.75.195.236"},{"value":"112"}],[{"value":"192.168.138.158"},{"value":"95.163.121.204"},{"value":"37"}],[{"value":"72.34.49.86"},{"value":"192.168.138.158"},{"value":"37"}],[{"value":"192.168.138.158"},{"value":"72.34.49.86"},{"value":"28"}],[{"value":"95.163.121.204"},{"value":"192.168.138.158"},{"value":"27"}],[{"value":"192.168.138.158"},{"value":"204.152.254.221"},{"value":"16"}],[{"value":"204.152.254.221"},{"value":"192.168.138.158"},{"value":"14"}],[{"value":"192.168.138.158"},{"value":"188.165.164.184"},{"value":"7"}],[{"value":"192.168.138.158"},{"value":"192.168.138.2"},{"value":"6"}],[{"value":"192.168.138.2"},{"value":"192.168.138.158"},{"value":"4"}],[{"value":"188.165.164.184"},{"value":"192.168.138.158"},{"value":"3"}],[{"value":"192.168.66.1"},{"value":"224.0.0.251"},{"value":"1"}]],"columnNames":[{"name":"ip_src_addr","index":0,"aggr":"sum"},{"name":"ip_dst_addr","index":1,"aggr":
 "sum"},{"name":"count","index":2,"aggr":"sum"}],"rows":[["62.75.195.236","192.168.138.158","210"],["192.168.66.1","192.168.66.121","182"],["192.168.66.121","192.168.66.1","131"],["192.168.138.158","62.75.195.236","112"],["192.168.138.158","95.163.121.204","37"],["72.34.49.86","192.168.138.158","37"],["192.168.138.158","72.34.49.86","28"],["95.163.121.204","192.168.138.158","27"],["192.168.138.158","204.152.254.221","16"],["204.152.254.221","192.168.138.158","14"],["192.168.138.158","188.165.164.184","7"],["192.168.138.158","192.168.138.2","6"],["192.168.138.2","192.168.138.158","4"],["188.165.164.184","192.168.138.158","3"],["192.168.66.1","224.0.0.251","1"]]},"dateCreated":"2017-05-01T08:20:38+0000","dateStarted":"2017-05-02T00:17:11+0000","dateFinished":"2017-05-02T00:17:14+0000","status":"FINISHED","progressUpdateIntervalMs":500,"$$hashKey":"object:113"},{"config":{"colWidth":12,"graph":{"mode":"table","height":300,"optionOpen":false,"keys":[],"values":[],"groups":[],"scatter":{}
 },"enabled":true},"settings":{"params":{},"forms":{}},"jobName":"paragraph_1493684751112_1504866931","id":"20170502-002551_1551961648","dateCreated":"2017-05-02T00:25:51+0000","status":"FINISHED","progressUpdateIntervalMs":500,"focus":true,"$$hashKey":"object:2780","dateUpdated":"2017-05-02T11:20:23+0000","dateFinished":"2017-05-02T11:19:43+0000","dateStarted":"2017-05-02T11:19:43+0000","result":{"code":"SUCCESS","type":"HTML","msg":"<h3>Connections
Histogram - Yaf</h3>\n<p>A histogram of connections made between IPs, binned into
groups of time with a configurable lookback.</p>\n<p>This may be filtered by a
providing a start and end filter, along with a date_format as specified by <a href=\"http://docs.oracle.com/javase/tutorial/i18n/format/simpleDateFormat.html\">Customizing
Formats</a>\n<br  />The default format is yyyy-MM-dd HH:mm:ss</p>\n"},"text":"%md\n\n###
Connections Histogram - Yaf\n\nA histogram of connections made between IPs, binned into configurable
groups of time.\n\nT
 his may be filtered by a providing a start and end filter, along with a date_format as specified
by [Customizing Formats](http://docs.oracle.com/javase/tutorial/i18n/format/simpleDateFormat.html)\nThe
default format is yyyy-MM-dd HH:mm:ss"},{"text":"%spark\nimport org.apache.spark.sql.Row\nimport
scala.concurrent.duration._\nimport java.util.concurrent.TimeUnit\n\nval timeunits = Seq((\"SECONDS\",
\"Seconds\"), (\"MINUTES\", \"Minutes\"), (\"HOURS\", \"Hours\"), (\"DAYS\", \"Days\"))\nval
sourceIp = z.input(\"SourceIp\").toString\nval destIp = z.input(\"DestIp\").toString\nval
start = z.input(\"start\").toString\nval end = z.input(\"end\").toString\nval date_format
= z.input(\"date_format\", \"yyyy-MM-dd HH:mm:ss\")\nval durationAmount = z.input(\"BinSize\",
\"5\").toString.toInt\nval durationUnit = z.select(\"BinUnit\", \"MINUTES\", timeunits).toString\nval
durationSize = Duration.create(durationAmount, TimeUnit.valueOf(durationUnit)).toMillis\n\nval
results = sqlContext.sql(\ns\"\
 "\"SELECT\n    CONCAT(from_unixtime(($durationSize*FLOOR(timestamp/$durationSize))/1000))
AS time,\n    COUNT(*) AS count\nFROM\n    yaf\nWHERE\n    ip_src_addr = '$sourceIp' AND\n
   ip_dst_addr = '$destIp' AND\n    timestamp BETWEEN\n    (unix_timestamp(CASE WHEN '$start'
= '' then '1900-01-01 00:00:00' else '$start' END, '$date_format') * 1000) AND\n    (unix_timestamp(CASE
WHEN '$end' = '' then from_unixtime(unix_timestamp()) else '$end' END, '$date_format') * 1000)\nGROUP
BY FLOOR(timestamp/$durationSize)\n\"\"\").map {\n   case Row(time: String, count: Long) =>
{\n\t\ttime + \"\\t\" + count\n   }\n  }.collect()\n\nprint(\"%table time\\tcount\\n\" + results.mkString(\"\\n\"))","dateUpdated":"2017-05-02T12:53:25+0000","config":{"colWidth":12,"graph":{"mode":"multiBarChart","height":300,"optionOpen":false,"keys":[{"name":"time","index":0,"aggr":"sum"}],"values":[{"name":"count","index":1,"aggr":"sum"}],"groups":[],"scatter":{"yAxis":{"name":"count","index":1,"aggr":"sum"}}},"enab
 led":true,"editorMode":"ace/mode/scala","tableHide":false,"editorHide":false},"settings":{"params":{"SourceIp":"62.75.195.236","DestIp":"192.168.138.158","LookBackAmount":"24","LookBackUnit":"MINUTES","BinSize":"1","BinUnit":"MINUTES","start":"","end":"","date_format":"yyyy-MM-dd
HH:mm:ss"},"forms":{"SourceIp":{"name":"SourceIp","displayName":"SourceIp","type":"input","defaultValue":"","hidden":false},"DestIp":{"name":"DestIp","displayName":"DestIp","type":"input","defaultValue":"","hidden":false},"start":{"name":"start","displayName":"start","type":"input","defaultValue":"","hidden":false},"end":{"name":"end","displayName":"end","type":"input","defaultValue":"","hidden":false},"date_format":{"name":"date_format","displayName":"date_format","type":"input","defaultValue":"yyyy-MM-dd
HH:mm:ss","hidden":false},"BinSize":{"name":"BinSize","displayName":"BinSize","type":"input","defaultValue":5,"hidden":false},"BinUnit":{"name":"BinUnit","displayName":"BinUnit","type":"select","defaultVa
 lue":"MINUTES","options":[{"value":"SECONDS","displayName":"Seconds","$$hashKey":"object:4090"},{"value":"MINUTES","displayName":"Minutes","$$hashKey":"object:4091"},{"value":"HOURS","displayName":"Hours","$$hashKey":"object:4092"},{"value":"DAYS","displayName":"Days","$$hashKey":"object:4093"}],"hidden":false}}},"jobName":"paragraph_1493672984960_2113296590","id":"20170501-210944_251279181","result":{"code":"SUCCESS","type":"TABLE","msg":"time\tcount\n2017-05-01
20:37:00\t2\n2017-05-01 20:38:00\t7\n2017-05-01 20:39:00\t18\n2017-05-01 20:40:00\t30\n2017-05-01
20:41:00\t15\n2017-05-01 20:42:00\t30\n2017-05-01 20:43:00\t27\n2017-05-01 20:44:00\t26\n2017-05-01
20:45:00\t39\n2017-05-01 20:46:00\t16","comment":"","msgTable":[[{"key":"count","value":"2017-05-01
20:37:00"},{"key":"count","value":"2"}],[{"value":"2017-05-01 20:38:00"},{"value":"7"}],[{"value":"2017-05-01
20:39:00"},{"value":"18"}],[{"value":"2017-05-01 20:40:00"},{"value":"30"}],[{"value":"2017-05-01
20:41:00"},{"value":"15
 "}],[{"value":"2017-05-01 20:42:00"},{"value":"30"}],[{"value":"2017-05-01 20:43:00"},{"value":"27"}],[{"value":"2017-05-01
20:44:00"},{"value":"26"}],[{"value":"2017-05-01 20:45:00"},{"value":"39"}],[{"value":"2017-05-01
20:46:00"},{"value":"16"}]],"columnNames":[{"name":"time","index":0,"aggr":"sum"},{"name":"count","index":1,"aggr":"sum"}],"rows":[["2017-05-01
20:37:00","2"],["2017-05-01 20:38:00","7"],["2017-05-01 20:39:00","18"],["2017-05-01 20:40:00","30"],["2017-05-01
20:41:00","15"],["2017-05-01 20:42:00","30"],["2017-05-01 20:43:00","27"],["2017-05-01 20:44:00","26"],["2017-05-01
20:45:00","39"],["2017-05-01 20:46:00","16"]]},"dateCreated":"2017-05-01T09:09:44+0000","dateStarted":"2017-05-02T11:19:39+0000","dateFinished":"2017-05-02T11:19:47+0000","status":"FINISHED","progressUpdateIntervalMs":500,"$$hashKey":"object:114","focus":true},{"text":"%md\n\n###
Top Requests - Bro DNS\n\nThe number of DNS requests made between IPs, ordered from highest
to lowest.\n\nThis may be fi
 ltered by a providing a start and end filter, along with a date_format as specified by  [Customizing
Formats](http://docs.oracle.com/javase/tutorial/i18n/format/simpleDateFormat.html)\nThe default
format is yyyy-MM-dd HH:mm:ss","dateUpdated":"2017-05-02T12:59:13+0000","config":{"colWidth":12,"graph":{"mode":"table","height":300,"optionOpen":false,"keys":[],"values":[],"groups":[],"scatter":{}},"enabled":true,"editorMode":"ace/mode/markdown"},"settings":{"params":{},"forms":{}},"jobName":"paragraph_1493670038902_617551042","id":"20170428-124500_925401848","result":{"code":"SUCCESS","type":"HTML","msg":"<h3>Top
Requests - Bro DNS</h3>\n<p>The number of DNS queries made between IPs, ordered
from highest to lowest.</p>\n<p>This may be filtered by a providing a start and
end filter, along with a date_format as specified by  <a href=\"http://docs.oracle.com/javase/tutorial/i18n/format/simpleDateFormat.html\">Customizing
Formats</a>\n<br  />The default format is yyyy-MM-dd HH:mm:ss</p>\n"}
 ,"dateCreated":"2017-05-01T08:20:38+0000","dateStarted":"2017-05-02T00:17:12+0000","dateFinished":"2017-05-02T00:17:12+0000","status":"FINISHED","progressUpdateIntervalMs":500,"$$hashKey":"object:115"},{"text":"%spark.sql\n\nSELECT\n
   ip_src_addr,\n    ip_dst_addr,\n    COUNT(*) AS count\nFROM\n    bro\nWHERE timestamp BETWEEN\n
   (unix_timestamp(CASE WHEN '${start}' = '' then '1900-01-01 00:00:00' else '${start}' END,
'${date_format=yyyy-MM-dd HH:mm:ss}') * 1000) AND\n    (unix_timestamp(CASE WHEN '${end}'
= '' then from_unixtime(unix_timestamp()) else '${end}' END, '${date_format=yyyy-MM-dd HH:mm:ss}')
* 1000) AND\n    protocol = 'dns'\nGROUP BY ip_src_addr, ip_dst_addr\nORDER BY COUNT(*) DESC\n
   \n    ","dateUpdated":"2017-05-02T00:17:10+0000","config":{"colWidth":12,"graph":{"mode":"table","height":300,"optionOpen":false,"keys":[{"name":"ip_src_addr","index":0,"aggr":"sum"}],"values":[{"name":"ip_dst_addr","index":1,"aggr":"sum"}],"groups":[],"scatter":{"xAxis":{"name":"ip_
 src_addr","index":0,"aggr":"sum"},"yAxis":{"name":"ip_dst_addr","index":1,"aggr":"sum"}}},"enabled":true,"editorMode":"ace/mode/sql"},"settings":{"params":{"start":"","end":"","date_format":"yyyy-MM-dd
HH:mm:ss","yyyy-MM-dd HH:mm:ss":""},"forms":{"start":{"name":"start","defaultValue":"","hidden":false},"date_format":{"name":"date_format","defaultValue":"yyyy-MM-dd
HH:mm:ss","hidden":false},"end":{"name":"end","defaultValue":"","hidden":false}}},"jobName":"paragraph_1493670038902_617551042","id":"20170428-114040_87496728","result":{"code":"SUCCESS","type":"TABLE","msg":"ip_src_addr\tip_dst_addr\tcount\n192.168.138.158\t192.168.138.2\t78\n192.168.66.1\t224.0.0.251\t53\n","comment":"","msgTable":[[{"key":"ip_dst_addr","value":"192.168.138.158"},{"key":"ip_dst_addr","value":"192.168.138.2"},{"key":"ip_dst_addr","value":"78"}],[{"key":"count","value":"192.168.66.1"},{"key":"count","value":"224.0.0.251"},{"key":"count","value":"53"}]],"columnNames":[{"name":"ip_src_addr","index":0,"aggr"
 :"sum"},{"name":"ip_dst_addr","index":1,"aggr":"sum"},{"name":"count","index":2,"aggr":"sum"}],"rows":[["192.168.138.158","192.168.138.2","78"],["192.168.66.1","224.0.0.251","53"]]},"dateCreated":"2017-05-01T08:20:38+0000","dateStarted":"2017-05-02T00:17:14+0000","dateFinished":"2017-05-02T00:17:20+0000","status":"FINISHED","progressUpdateIntervalMs":500,"$$hashKey":"object:116"},{"config":{"colWidth":12,"graph":{"mode":"table","height":300,"optionOpen":false,"keys":[],"values":[],"groups":[],"scatter":{}},"enabled":true,"editorMode":"ace/mode/scala"},"settings":{"params":{},"forms":{}},"jobName":"paragraph_1493729863774_-980328101","id":"20170502-125743_777301519","dateCreated":"2017-05-02T12:57:43+0000","status":"FINISHED","progressUpdateIntervalMs":500,"focus":true,"$$hashKey":"object:4571","text":"%md\n\n###
Requests Histogram - Bro DNS\n\nA histogram of DNS requests made between IPs, binned into
configurable groups of time.\n\nThis may be filtered by a providing a start and end
  filter, along with a date_format as specified by [Customizing Formats](http://docs.oracle.com/javase/tutorial/i18n/format/simpleDateFormat.html)\nThe
default format is yyyy-MM-dd HH:mm:ss","dateUpdated":"2017-05-02T12:59:10+0000","dateFinished":"2017-05-02T12:59:10+0000","dateStarted":"2017-05-02T12:59:10+0000","result":{"code":"SUCCESS","type":"HTML","msg":"<h3>Requests
Histogram - Bro DNS</h3>\n<p>A histogram of DNS requests made between IPs, binned
into configurable groups of time.</p>\n<p>This may be filtered by a providing
a start and end filter, along with a date_format as specified by <a href=\"http://docs.oracle.com/javase/tutorial/i18n/format/simpleDateFormat.html\">Customizing
Formats</a>\n<br  />The default format is yyyy-MM-dd HH:mm:ss</p>\n"}},{"config":{"colWidth":12,"graph":{"mode":"multiBarChart","height":300,"optionOpen":false,"keys":[{"name":"time","index":0,"aggr":"sum"}],"values":[{"name":"count","index":1,"aggr":"sum"}],"groups":[],"scatter":{"xAxis":{"name":"t
 ime","index":0,"aggr":"sum"},"yAxis":{"name":"count","index":1,"aggr":"sum"}}},"enabled":true,"editorMode":"ace/mode/scala"},"settings":{"params":{"SourceIp":"192.168.138.158","DestIp":"192.168.138.2","start":"","end":"","date_format":"yyyy-MM-dd
HH:mm:ss","BinSize":"1","BinUnit":"MINUTES"},"forms":{"SourceIp":{"name":"SourceIp","displayName":"SourceIp","type":"input","defaultValue":"","hidden":false},"DestIp":{"name":"DestIp","displayName":"DestIp","type":"input","defaultValue":"","hidden":false},"start":{"name":"start","displayName":"start","type":"input","defaultValue":"","hidden":false},"end":{"name":"end","displayName":"end","type":"input","defaultValue":"","hidden":false},"date_format":{"name":"date_format","displayName":"date_format","type":"input","defaultValue":"yyyy-MM-dd
HH:mm:ss","hidden":false},"BinSize":{"name":"BinSize","displayName":"BinSize","type":"input","defaultValue":"5","hidden":false},"BinUnit":{"name":"BinUnit","displayName":"BinUnit","type":"select","default
 Value":"MINUTES","options":[{"value":"SECONDS","displayName":"Seconds","$$hashKey":"object:4133"},{"value":"MINUTES","displayName":"Minutes","$$hashKey":"object:4134"},{"value":"HOURS","displayName":"Hours","$$hashKey":"object:4135"},{"value":"DAYS","displayName":"Days","$$hashKey":"object:4136"}],"hidden":false}}},"jobName":"paragraph_1493729434074_-1929699562","id":"20170502-125034_1944008091","dateCreated":"2017-05-02T12:50:34+0000","status":"FINISHED","progressUpdateIntervalMs":500,"focus":true,"$$hashKey":"object:3683","text":"%spark\nimport
org.apache.spark.sql.Row\nimport scala.concurrent.duration._\nimport java.util.concurrent.TimeUnit\n\nval
timeunits = Seq((\"SECONDS\", \"Seconds\"), (\"MINUTES\", \"Minutes\"), (\"HOURS\", \"Hours\"),
(\"DAYS\", \"Days\"))\nval sourceIp = z.input(\"SourceIp\").toString\nval destIp = z.input(\"DestIp\").toString\nval
start = z.input(\"start\").toString\nval end = z.input(\"end\").toString\nval date_format
= z.input(\"date_format\", \"yyyy-M
 M-dd HH:mm:ss\")\nval durationAmount = z.input(\"BinSize\", \"5\").toString.toInt\nval durationUnit
= z.select(\"BinUnit\", \"MINUTES\", timeunits).toString\nval durationSize = Duration.create(durationAmount,
TimeUnit.valueOf(durationUnit)).toMillis\n\nval results = sqlContext.sql(\ns\"\"\"SELECT\n
   CONCAT(from_unixtime(($durationSize*FLOOR(timestamp/$durationSize))/1000)) AS time,\n 
  COUNT(*) AS count\nFROM\n    bro\nWHERE\n    ip_src_addr = '$sourceIp' AND\n    ip_dst_addr
= '$destIp' AND\n    timestamp BETWEEN\n    (unix_timestamp(CASE WHEN '$start' = '' then '1900-01-01
00:00:00' else '$start' END, '$date_format') * 1000) AND\n    (unix_timestamp(CASE WHEN '$end'
= '' then from_unixtime(unix_timestamp()) else '$end' END, '$date_format') * 1000) AND\n 
  protocol = 'dns'\nGROUP BY FLOOR(timestamp/$durationSize)\n\"\"\").map {\n   case Row(time:
String, count: Long) => {\n\t\ttime + \"\\t\" + count\n   }\n  }.collect()\n\nprint(\"%table
time\\tcount\\n\" + results.mkString(\"\
 \n\"))","dateUpdated":"2017-05-02T12:53:24+0000","dateFinished":"2017-05-02T12:53:33+0000","dateStarted":"2017-05-02T12:53:24+0000","result":{"code":"SUCCESS","type":"TABLE","msg":"time\tcount\n2017-05-01
20:02:00\t4\n2017-05-01 20:03:00\t15\n2017-05-01 20:04:00\t21\n2017-05-01 20:05:00\t18\n2017-05-01
20:06:00\t17\n2017-05-01 20:07:00\t3","comment":"","msgTable":[[{"key":"count","value":"2017-05-01
20:02:00"},{"key":"count","value":"4"}],[{"value":"2017-05-01 20:03:00"},{"value":"15"}],[{"value":"2017-05-01
20:04:00"},{"value":"21"}],[{"value":"2017-05-01 20:05:00"},{"value":"18"}],[{"value":"2017-05-01
20:06:00"},{"value":"17"}],[{"value":"2017-05-01 20:07:00"},{"value":"3"}]],"columnNames":[{"name":"time","index":0,"aggr":"sum"},{"name":"count","index":1,"aggr":"sum"}],"rows":[["2017-05-01
20:02:00","4"],["2017-05-01 20:03:00","15"],["2017-05-01 20:04:00","21"],["2017-05-01 20:05:00","18"],["2017-05-01
20:06:00","17"],["2017-05-01 20:07:00","3"]]}},{"text":"%md\n\n### Top Request
 s - Bro HTTP\n\nThe number of HTTP requests made between IPs, ordered from highest to lowest.\n\nThis
may be filtered by a providing a start and end filter, along with a date_format as specified
by  [Customizing Formats](http://docs.oracle.com/javase/tutorial/i18n/format/simpleDateFormat.html)\nThe
default format is yyyy-MM-dd HH:mm:ss","dateUpdated":"2017-05-02T00:17:10+0000","config":{"colWidth":12,"editorMode":"ace/mode/scala","graph":{"mode":"table","height":86,"optionOpen":false,"keys":[],"values":[],"groups":[],"scatter":{}},"enabled":true},"settings":{"params":{},"forms":{}},"jobName":"paragraph_1493670038900_616781544","id":"20170428-123858_1869250606","result":{"code":"SUCCESS","type":"HTML","msg":"<h3>Top
Requests - Bro HTTP</h3>\n<p>The number of HTTP requests made between IPs, ordered
from highest to lowest.</p>\n<p>This may be filtered by a providing a start and
end filter, along with a date_format as specified by  <a href=\"http://docs.oracle.com/javase/tutorial/i18n/f
 ormat/simpleDateFormat.html\">Customizing Formats</a>\n<br  />The default
format is yyyy-MM-dd HH:mm:ss</p>\n"},"dateCreated":"2017-05-01T08:20:38+0000","dateStarted":"2017-05-02T00:17:12+0000","dateFinished":"2017-05-02T00:17:12+0000","status":"FINISHED","progressUpdateIntervalMs":500,"$$hashKey":"object:117"},{"text":"%spark.sql\n\nSELECT\n
   ip_src_addr,\n    ip_dst_addr,\n    COUNT(*) AS count\nFROM\n    bro\nWHERE timestamp BETWEEN\n
   (unix_timestamp(CASE WHEN '${start}' = '' then '1900-01-01 00:00:00' else '${start}' END,
'${date_format=yyyy-MM-dd HH:mm:ss}') * 1000) AND\n    (unix_timestamp(CASE WHEN '${end}'
= '' then from_unixtime(unix_timestamp()) else '${end}' END, '${date_format=yyyy-MM-dd HH:mm:ss}')
* 1000) AND\n    protocol = 'http'\nGROUP BY ip_src_addr, ip_dst_addr\nORDER BY COUNT(*) DESC\n","dateUpdated":"2017-05-02T00:17:10+0000","config":{"colWidth":12,"editorMode":"ace/mode/scala","graph":{"mode":"table","height":278,"optionOpen":false,"keys":[{"name":"ip_src
 _addr","index":0,"aggr":"sum"}],"values":[{"name":"ip_dst_addr","index":1,"aggr":"sum"}],"groups":[],"scatter":{"xAxis":{"name":"ip_src_addr","index":0,"aggr":"sum"},"yAxis":{"name":"ip_dst_addr","index":1,"aggr":"sum"}}},"enabled":true},"settings":{"params":{"start":"","date_format":"yyyy-MM-dd
HH:mm:ss","end":""},"forms":{"start":{"name":"start","defaultValue":"","hidden":false},"date_format":{"name":"date_format","defaultValue":"yyyy-MM-dd
HH:mm:ss","hidden":false},"end":{"name":"end","defaultValue":"","hidden":false}}},"jobName":"paragraph_1493670038900_616781544","id":"20170428-123208_869982701","result":{"code":"SUCCESS","type":"TABLE","msg":"ip_src_addr\tip_dst_addr\tcount\n192.168.138.158\t95.163.121.204\t208\n192.168.66.1\t192.168.66.121\t147\n192.168.138.158\t62.75.195.236\t107\n192.168.138.158\t72.34.49.86\t44\n192.168.138.158\t204.152.254.221\t36\n192.168.138.158\t188.165.164.184\t17\n","comment":"","msgTable":[[{"key":"ip_dst_addr","value":"192.168.138.158"},{"key":"ip_
 dst_addr","value":"95.163.121.204"},{"key":"ip_dst_addr","value":"208"}],[{"key":"count","value":"192.168.66.1"},{"key":"count","value":"192.168.66.121"},{"key":"count","value":"147"}],[{"value":"192.168.138.158"},{"value":"62.75.195.236"},{"value":"107"}],[{"value":"192.168.138.158"},{"value":"72.34.49.86"},{"value":"44"}],[{"value":"192.168.138.158"},{"value":"204.152.254.221"},{"value":"36"}],[{"value":"192.168.138.158"},{"value":"188.165.164.184"},{"value":"17"}]],"columnNames":[{"name":"ip_src_addr","index":0,"aggr":"sum"},{"name":"ip_dst_addr","index":1,"aggr":"sum"},{"name":"count","index":2,"aggr":"sum"}],"rows":[["192.168.138.158","95.163.121.204","208"],["192.168.66.1","192.168.66.121","147"],["192.168.138.158","62.75.195.236","107"],["192.168.138.158","72.34.49.86","44"],["192.168.138.158","204.152.254.221","36"],["192.168.138.158","188.165.164.184","17"]]},"dateCreated":"2017-05-01T08:20:38+0000","dateStarted":"2017-05-02T00:17:19+0000","dateFinished":"2017-05-02T00:17:2
 1+0000","status":"FINISHED","progressUpdateIntervalMs":500,"$$hashKey":"object:118"},{"config":{"colWidth":12,"graph":{"mode":"table","height":300,"optionOpen":false,"keys":[],"values":[],"groups":[],"scatter":{}},"enabled":true,"editorMode":"ace/mode/scala"},"settings":{"params":{},"forms":{}},"jobName":"paragraph_1493729961028_741593438","id":"20170502-125921_2097846713","dateCreated":"2017-05-02T12:59:21+0000","status":"FINISHED","progressUpdateIntervalMs":500,"focus":true,"$$hashKey":"object:4649","text":"%md\n\n###
Requests Histogram - Bro HTTP\n\nA histogram of HTTP requests made between IPs, binned into
configurable groups of time.\n\nThis may be filtered by a providing a start and end filter,
along with a date_format as specified by [Customizing Formats](http://docs.oracle.com/javase/tutorial/i18n/format/simpleDateFormat.html)\nThe
default format is yyyy-MM-dd HH:mm:ss","dateUpdated":"2017-05-02T13:00:10+0000","dateFinished":"2017-05-02T13:00:10+0000","dateStarted":"2017-05-
 02T13:00:10+0000","result":{"code":"SUCCESS","type":"HTML","msg":"<h3>Requests Histogram
- Bro HTTP</h3>\n<p>A histogram of HTTP requests made between IPs, binned into
configurable groups of time.</p>\n<p>This may be filtered by a providing a start
and end filter, along with a date_format as specified by <a href=\"http://docs.oracle.com/javase/tutorial/i18n/format/simpleDateFormat.html\">Customizing
Formats</a>\n<br  />The default format is yyyy-MM-dd HH:mm:ss</p>\n"}},{"config":{"colWidth":12,"graph":{"mode":"multiBarChart","height":300,"optionOpen":false,"keys":[{"name":"time","index":0,"aggr":"sum"}],"values":[{"name":"count","index":1,"aggr":"sum"}],"groups":[],"scatter":{"xAxis":{"name":"time","index":0,"aggr":"sum"},"yAxis":{"name":"count","index":1,"aggr":"sum"}}},"enabled":true,"editorMode":"ace/mode/scala"},"settings":{"params":{"SourceIp":"192.168.138.158","DestIp":"95.163.121.204","start":"","end":"","date_format":"yyyy-MM-dd
HH:mm:ss","BinSize":"1","BinUnit":"MINUTES"},"
 forms":{"SourceIp":{"name":"SourceIp","displayName":"SourceIp","type":"input","defaultValue":"","hidden":false},"DestIp":{"name":"DestIp","displayName":"DestIp","type":"input","defaultValue":"","hidden":false},"start":{"name":"start","displayName":"start","type":"input","defaultValue":"","hidden":false},"end":{"name":"end","displayName":"end","type":"input","defaultValue":"","hidden":false},"date_format":{"name":"date_format","displayName":"date_format","type":"input","defaultValue":"yyyy-MM-dd
HH:mm:ss","hidden":false},"BinSize":{"name":"BinSize","displayName":"BinSize","type":"input","defaultValue":"5","hidden":false},"BinUnit":{"name":"BinUnit","displayName":"BinUnit","type":"select","defaultValue":"MINUTES","options":[{"value":"SECONDS","displayName":"Seconds","$$hashKey":"object:4331"},{"value":"MINUTES","displayName":"Minutes","$$hashKey":"object:4332"},{"value":"HOURS","displayName":"Hours","$$hashKey":"object:4333"},{"value":"DAYS","displayName":"Days","$$hashKey":"object:43
 34"}],"hidden":false}}},"jobName":"paragraph_1493729623175_-771160972","id":"20170502-125343_190565024","dateCreated":"2017-05-02T12:53:43+0000","status":"FINISHED","progressUpdateIntervalMs":500,"focus":true,"$$hashKey":"object:4137","text":"%spark\nimport
org.apache.spark.sql.Row\nimport scala.concurrent.duration._\nimport java.util.concurrent.TimeUnit\n\nval
timeunits = Seq((\"SECONDS\", \"Seconds\"), (\"MINUTES\", \"Minutes\"), (\"HOURS\", \"Hours\"),
(\"DAYS\", \"Days\"))\nval sourceIp = z.input(\"SourceIp\").toString\nval destIp = z.input(\"DestIp\").toString\nval
start = z.input(\"start\").toString\nval end = z.input(\"end\").toString\nval date_format
= z.input(\"date_format\", \"yyyy-MM-dd HH:mm:ss\")\nval durationAmount = z.input(\"BinSize\",
\"5\").toString.toInt\nval durationUnit = z.select(\"BinUnit\", \"MINUTES\", timeunits).toString\nval
durationSize = Duration.create(durationAmount, TimeUnit.valueOf(durationUnit)).toMillis\n\nval
results = sqlContext.sql(\ns\"\"\"SELE
 CT\n    CONCAT(from_unixtime(($durationSize*FLOOR(timestamp/$durationSize))/1000)) AS time,\n
   COUNT(*) AS count\nFROM\n    bro\nWHERE\n    ip_src_addr = '$sourceIp' AND\n    ip_dst_addr
= '$destIp' AND\n    timestamp BETWEEN\n    (unix_timestamp(CASE WHEN '$start' = '' then '1900-01-01
00:00:00' else '$start' END, '$date_format') * 1000) AND\n    (unix_timestamp(CASE WHEN '$end'
= '' then from_unixtime(unix_timestamp()) else '$end' END, '$date_format') * 1000) AND\n 
  protocol = 'http'\nGROUP BY FLOOR(timestamp/$durationSize)\n\"\"\").map {\n   case Row(time:
String, count: Long) => {\n\t\ttime + \"\\t\" + count\n   }\n  }.collect()\n\nprint(\"%table
time\\tcount\\n\" + results.mkString(\"\\n\"))","dateUpdated":"2017-05-02T12:54:35+0000","dateFinished":"2017-05-02T12:54:31+0000","dateStarted":"2017-05-02T12:54:22+0000","result":{"code":"SUCCESS","type":"TABLE","msg":"time\tcount\n2017-05-01
20:02:00\t10\n2017-05-01 20:03:00\t39\n2017-05-01 20:04:00\t48\n2017-05-01 20:05:00\t58\n
 2017-05-01 20:06:00\t43\n2017-05-01 20:07:00\t10","comment":"","msgTable":[[{"key":"count","value":"2017-05-01
20:02:00"},{"key":"count","value":"10"}],[{"value":"2017-05-01 20:03:00"},{"value":"39"}],[{"value":"2017-05-01
20:04:00"},{"value":"48"}],[{"value":"2017-05-01 20:05:00"},{"value":"58"}],[{"value":"2017-05-01
20:06:00"},{"value":"43"}],[{"value":"2017-05-01 20:07:00"},{"value":"10"}]],"columnNames":[{"name":"time","index":0,"aggr":"sum"},{"name":"count","index":1,"aggr":"sum"}],"rows":[["2017-05-01
20:02:00","10"],["2017-05-01 20:03:00","39"],["2017-05-01 20:04:00","48"],["2017-05-01 20:05:00","58"],["2017-05-01
20:06:00","43"],["2017-05-01 20:07:00","10"]]}},{"text":"%md\n\n### Top Alerts - Snort\n\nThe
number of alerts triggered between IPs, ordered from highest to lowest.\n\nThis may be filtered
by a providing a start and end filter, along with a date_format as specified by [Customizing
Formats](http://docs.oracle.com/javase/tutorial/i18n/format/simpleDateFormat.html)\n
 The default format is yyyy-MM-dd HH:mm:ss","dateUpdated":"2017-05-02T00:17:10+0000","config":{"colWidth":12,"graph":{"mode":"table","height":300,"optionOpen":false,"keys":[],"values":[],"groups":[],"scatter":{}},"enabled":true,"editorMode":"ace/mode/markdown"},"settings":{"params":{},"forms":{}},"jobName":"paragraph_1493670038903_617166293","id":"20170428-124511_1307410313","result":{"code":"SUCCESS","type":"HTML","msg":"<h3>Top
Alerts - Snort</h3>\n<p>The number of alerts triggered between IPs, ordered from
highest to lowest.</p>\n<p>This may be filtered by a providing a start and end
filter, along with a date_format as specified by <a href=\"http://docs.oracle.com/javase/tutorial/i18n/format/simpleDateFormat.html\">Customizing
Formats</a>\n<br  />The default format is yyyy-MM-dd HH:mm:ss</p>\n"},"dateCreated":"2017-05-01T08:20:38+0000","dateStarted":"2017-05-02T00:17:12+0000","dateFinished":"2017-05-02T00:17:12+0000","status":"FINISHED","progressUpdateIntervalMs":500,"$$hashKey":"
 object:119"},{"text":"%spark.sql\n\nSELECT\n    ip_src_addr,\n    ip_dst_addr,\n    COUNT(*)
AS count\nFROM\n    snort\nWHERE timestamp BETWEEN\n    (unix_timestamp(CASE WHEN '${start}'
= '' then '1900-01-01 00:00:00' else '${start}' END, '${date_format=yyyy-MM-dd HH:mm:ss}')
* 1000) AND\n    (unix_timestamp(CASE WHEN '${end}' = '' then from_unixtime(unix_timestamp())
else '${end}' END, '${date_format=yyyy-MM-dd HH:mm:ss}') * 1000)\nGROUP BY ip_src_addr, ip_dst_addr\nORDER
BY COUNT(*) DESC\n    ","dateUpdated":"2017-05-02T00:17:10+0000","config":{"colWidth":12,"editorMode":"ace/mode/scala","graph":{"mode":"table","height":300,"optionOpen":false,"keys":[],"values":[],"groups":[],"scatter":{}},"enabled":true},"settings":{"params":{"date_format":"yyyy-MM-dd
HH:mm:ss","start":"","end":""},"forms":{"start":{"name":"start","defaultValue":"","hidden":false},"date_format":{"name":"date_format","defaultValue":"yyyy-MM-dd
HH:mm:ss","hidden":false},"end":{"name":"end","defaultValue":"","hidden
 ":false}}},"jobName":"paragraph_1493670038903_617166293","id":"20170428-123118_1636321684","result":{"code":"SUCCESS","type":"TABLE","msg":"ip_src_addr\tip_dst_addr\tcount\n192.168.66.1\t192.168.66.121\t227\n62.75.195.236\t192.168.138.158\t174\n192.168.138.158\t62.75.195.236\t81\n192.168.66.121\t192.168.66.1\t60\n192.168.138.158\t95.163.121.204\t30\n72.34.49.86\t192.168.138.158\t29\n95.163.121.204\t192.168.138.158\t26\n192.168.138.158\t72.34.49.86\t25\n192.168.138.158\t204.152.254.221\t14\n204.152.254.221\t192.168.138.158\t14\n","comment":"","msgTable":[[{"key":"ip_dst_addr","value":"192.168.66.1"},{"key":"ip_dst_addr","value":"192.168.66.121"},{"key":"ip_dst_addr","value":"227"}],[{"key":"count","value":"62.75.195.236"},{"key":"count","value":"192.168.138.158"},{"key":"count","value":"174"}],[{"value":"192.168.138.158"},{"value":"62.75.195.236"},{"value":"81"}],[{"value":"192.168.66.121"},{"value":"192.168.66.1"},{"value":"60"}],[{"value":"192.168.138.158"},{"value":"95.163.121.204
 "},{"value":"30"}],[{"value":"72.34.49.86"},{"value":"192.168.138.158"},{"value":"29"}],[{"value":"95.163.121.204"},{"value":"192.168.138.158"},{"value":"26"}],[{"value":"192.168.138.158"},{"value":"72.34.49.86"},{"value":"25"}],[{"value":"192.168.138.158"},{"value":"204.152.254.221"},{"value":"14"}],[{"value":"204.152.254.221"},{"value":"192.168.138.158"},{"value":"14"}]],"columnNames":[{"name":"ip_src_addr","index":0,"aggr":"sum"},{"name":"ip_dst_addr","index":1,"aggr":"sum"},{"name":"count","index":2,"aggr":"sum"}],"rows":[["192.168.66.1","192.168.66.121","227"],["62.75.195.236","192.168.138.158","174"],["192.168.138.158","62.75.195.236","81"],["192.168.66.121","192.168.66.1","60"],["192.168.138.158","95.163.121.204","30"],["72.34.49.86","192.168.138.158","29"],["95.163.121.204","192.168.138.158","26"],["192.168.138.158","72.34.49.86","25"],["192.168.138.158","204.152.254.221","14"],["204.152.254.221","192.168.138.158","14"]]},"dateCreated":"2017-05-01T08:20:38+0000","dateStarted
 ":"2017-05-02T00:17:21+0000","dateFinished":"2017-05-02T00:17:23+0000","status":"FINISHED","progressUpdateIntervalMs":500,"$$hashKey":"object:120"},{"config":{"colWidth":12,"graph":{"mode":"table","height":300,"optionOpen":false,"keys":[],"values":[],"groups":[],"scatter":{}},"enabled":true,"editorMode":"ace/mode/scala"},"settings":{"params":{},"forms":{}},"jobName":"paragraph_1493729982351_281449077","id":"20170502-125942_58259658","dateCreated":"2017-05-02T12:59:42+0000","status":"FINISHED","progressUpdateIntervalMs":500,"focus":true,"$$hashKey":"object:4719","text":"%md\n\n###
Alerts Histogram - Snort\n\nA histogram of alerts triggered between IPs, binned into configurable
groups of time.\n\nThis may be filtered by a providing a start and end filter, along with
a date_format as specified by [Customizing Formats](http://docs.oracle.com/javase/tutorial/i18n/format/simpleDateFormat.html)\nThe
default format is yyyy-MM-dd HH:mm:ss","dateUpdated":"2017-05-02T13:00:05+0000","dateFinish
 ed":"2017-05-02T13:00:05+0000","dateStarted":"2017-05-02T13:00:05+0000","result":{"code":"SUCCESS","type":"HTML","msg":"<h3>Alerts
Histogram - Snort</h3>\n<p>A histogram of alerts triggered between IPs, binned
into configurable groups of time.</p>\n<p>This may be filtered by a providing
a start and end filter, along with a date_format as specified by <a href=\"http://docs.oracle.com/javase/tutorial/i18n/format/simpleDateFormat.html\">Customizing
Formats</a>\n<br  />The default format is yyyy-MM-dd HH:mm:ss</p>\n"}},{"config":{"colWidth":12,"graph":{"mode":"multiBarChart","height":300,"optionOpen":false,"keys":[{"name":"time","index":0,"aggr":"sum"}],"values":[{"name":"count","index":1,"aggr":"sum"}],"groups":[],"scatter":{"xAxis":{"name":"time","index":0,"aggr":"sum"},"yAxis":{"name":"count","index":1,"aggr":"sum"}}},"enabled":true,"editorMode":"ace/mode/scala"},"settings":{"params":{"SourceIp":"192.168.66.1","DestIp":"192.168.66.121","start":"","end":"","date_format":"yyyy-MM-dd
HH
 :mm:ss","BinSize":"1","BinUnit":"MINUTES"},"forms":{"SourceIp":{"name":"SourceIp","displayName":"SourceIp","type":"input","defaultValue":"","hidden":false},"DestIp":{"name":"DestIp","displayName":"DestIp","type":"input","defaultValue":"","hidden":false},"start":{"name":"start","displayName":"start","type":"input","defaultValue":"","hidden":false},"end":{"name":"end","displayName":"end","type":"input","defaultValue":"","hidden":false},"date_format":{"name":"date_format","displayName":"date_format","type":"input","defaultValue":"yyyy-MM-dd
HH:mm:ss","hidden":false},"BinSize":{"name":"BinSize","displayName":"BinSize","type":"input","defaultValue":"5","hidden":false},"BinUnit":{"name":"BinUnit","displayName":"BinUnit","type":"select","defaultValue":"MINUTES","options":[{"value":"SECONDS","displayName":"Seconds","$$hashKey":"object:4567"},{"value":"MINUTES","displayName":"Minutes","$$hashKey":"object:4568"},{"value":"HOURS","displayName":"Hours","$$hashKey":"object:4569"},{"value":"DAYS"
 ,"displayName":"Days","$$hashKey":"object:4570"}],"hidden":false}}},"jobName":"paragraph_1493729702158_612719525","id":"20170502-125502_1681465417","dateCreated":"2017-05-02T12:55:02+0000","status":"FINISHED","progressUpdateIntervalMs":500,"focus":true,"$$hashKey":"object:4366","text":"%spark\nimport
org.apache.spark.sql.Row\nimport scala.concurrent.duration._\nimport java.util.concurrent.TimeUnit\n\nval
timeunits = Seq((\"SECONDS\", \"Seconds\"), (\"MINUTES\", \"Minutes\"), (\"HOURS\", \"Hours\"),
(\"DAYS\", \"Days\"))\nval sourceIp = z.input(\"SourceIp\").toString\nval destIp = z.input(\"DestIp\").toString\nval
start = z.input(\"start\").toString\nval end = z.input(\"end\").toString\nval date_format
= z.input(\"date_format\", \"yyyy-MM-dd HH:mm:ss\")\nval durationAmount = z.input(\"BinSize\",
\"5\").toString.toInt\nval durationUnit = z.select(\"BinUnit\", \"MINUTES\", timeunits).toString\nval
durationSize = Duration.create(durationAmount, TimeUnit.valueOf(durationUnit)).toMillis\n
 \nval results = sqlContext.sql(\ns\"\"\"SELECT\n    CONCAT(from_unixtime(($durationSize*FLOOR(timestamp/$durationSize))/1000))
AS time,\n    COUNT(*) AS count\nFROM\n    snort\nWHERE\n    ip_src_addr = '$sourceIp' AND\n
   ip_dst_addr = '$destIp' AND\n    timestamp BETWEEN\n    (unix_timestamp(CASE WHEN '$start'
= '' then '1900-01-01 00:00:00' else '$start' END, '$date_format') * 1000) AND\n    (unix_timestamp(CASE
WHEN '$end' = '' then from_unixtime(unix_timestamp()) else '$end' END, '$date_format') * 1000)\nGROUP
BY FLOOR(timestamp/$durationSize)\n\"\"\").map {\n   case Row(time: String, count: Long) =>
{\n\t\ttime + \"\\t\" + count\n   }\n  }.collect()\n\nprint(\"%table time\\tcount\\n\" + results.mkString(\"\\n\"))","dateUpdated":"2017-05-02T12:55:54+0000","dateFinished":"2017-05-02T12:56:04+0000","dateStarted":"2017-05-02T12:55:54+0000","result":{"code":"SUCCESS","type":"TABLE","msg":"time\tcount\n2017-05-01
20:02:00\t4\n2017-05-01 20:03:00\t27\n2017-05-01 20:04:00\t47\n2017-05
 -01 20:05:00\t68\n2017-05-01 20:06:00\t56\n2017-05-01 20:07:00\t25","comment":"","msgTable":[[{"key":"count","value":"2017-05-01
20:02:00"},{"key":"count","value":"4"}],[{"value":"2017-05-01 20:03:00"},{"value":"27"}],[{"value":"2017-05-01
20:04:00"},{"value":"47"}],[{"value":"2017-05-01 20:05:00"},{"value":"68"}],[{"value":"2017-05-01
20:06:00"},{"value":"56"}],[{"value":"2017-05-01 20:07:00"},{"value":"25"}]],"columnNames":[{"name":"time","index":0,"aggr":"sum"},{"name":"count","index":1,"aggr":"sum"}],"rows":[["2017-05-01
20:02:00","4"],["2017-05-01 20:03:00","27"],["2017-05-01 20:04:00","47"],["2017-05-01 20:05:00","68"],["2017-05-01
20:06:00","56"],["2017-05-01 20:07:00","25"]]}},{"dateUpdated":"2017-05-02T00:17:10+0000","config":{"colWidth":12,"graph":{"mode":"table","height":300,"optionOpen":false,"keys":[],"values":[],"groups":[],"scatter":{}},"enabled":true,"editorMode":"ace/mode/scala"},"settings":{"params":{},"forms":{}},"jobName":"paragraph_1493670038903_617166293","id":
 "20170428-112735_164601815","result":{"code":"SUCCESS","type":"TEXT","msg":""},"dateCreated":"2017-05-01T08:20:38+0000","dateStarted":"2017-05-02T00:17:22+0000","dateFinished":"2017-05-02T00:17:23+0000","status":"FINISHED","progressUpdateIntervalMs":500,"$$hashKey":"object:121"}],"name":"Metron
- Connection Report","id":"2CJ36HA8C","angularObjects":{"2CFJZNPTR:shared_process":[],"2CHQEKJX6:shared_process":[],"2CGXQM678:shared_process":[],"2CHVX3RDD:shared_process":[],"2CFCW5XXT:shared_process":[],"2CFQKHR9K:shared_process":[]},"config":{"looknfeel":"default"},"info":{}}
\ No newline at end of file



Mime
View raw message