metron-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From mmiklav...@apache.org
Subject [08/10] metron git commit: METRON-939: Upgrade ElasticSearch and Kibana (mmiklavc via mmiklavc) closes apache/metron#840
Date Mon, 08 Jan 2018 19:10:15 GMT
http://git-wip-us.apache.org/repos/asf/metron/blob/e8213918/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/KIBANA/4.5.1/configuration/kibana-site.xml
----------------------------------------------------------------------
diff --git a/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/KIBANA/4.5.1/configuration/kibana-site.xml b/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/KIBANA/4.5.1/configuration/kibana-site.xml
deleted file mode 100755
index 4373d14..0000000
--- a/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/KIBANA/4.5.1/configuration/kibana-site.xml
+++ /dev/null
@@ -1,112 +0,0 @@
-<?xml version="1.0"?>
-<?xml-stylesheet type="text/xsl" href="configuration.xsl"?>
-<!--
- * Licensed to the Apache Software Foundation (ASF) under one
- * or more contributor license agreements.  See the NOTICE file
- * distributed with this work for additional information
- * regarding copyright ownership.  The ASF licenses this file
- * to you under the Apache License, Version 2.0 (the
- * "License"); you may not use this file except in compliance
- * with the License.  You may obtain a copy of the License at
- *
- *     http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
--->
-<configuration>
-    <!-- kibana.yml -->
-    <property>
-        <name>content</name>
-        <display-name>kibana.yml template</display-name>
-        <description>This is the jinja template for kibana.yml file</description>
-        <value>
-# Kibana is served by a back end server. This controls which port to use.
-server.port: {{ kibana_port }}
-
-# The host to bind the server to.
-# server.host: "0.0.0.0"
-
-# If you are running kibana behind a proxy, and want to mount it at a path,
-# specify that path here. The basePath can't end in a slash.
-# server.basePath: ""
-
-# The maximum payload size in bytes on incoming server requests.
-# server.maxPayloadBytes: 1048576
-
-# The Elasticsearch instance to use for all your queries.
-elasticsearch.url: {{ es_url }}
-
-# preserve_elasticsearch_host true will send the hostname specified in `elasticsearch`. If you set it to false,
-# then the host you use to connect to *this* Kibana instance will be sent.
-# elasticsearch.preserveHost: true
-
-# Kibana uses an index in Elasticsearch to store saved searches, visualizations
-# and dashboards. It will create a new index if it doesn't already exist.
-# kibana.index: ".kibana"
-
-# The default application to load.
-kibana.defaultAppId: "{{ kibana_default_application }}"
-
-# If your Elasticsearch is protected with basic auth, these are the user credentials
-# used by the Kibana server to perform maintenance on the kibana_index at startup. Your Kibana
-# users will still need to authenticate with Elasticsearch (which is proxied through
-# the Kibana server)
-# elasticsearch.username: "user"
-# elasticsearch.password: "pass"
-
-# SSL for outgoing requests from the Kibana Server to the browser (PEM formatted)
-# server.ssl.cert: /path/to/your/server.crt
-# server.ssl.key: /path/to/your/server.key
-
-# Optional setting to validate that your Elasticsearch backend uses the same key files (PEM formatted)
-# elasticsearch.ssl.cert: /path/to/your/client.crt
-# elasticsearch.ssl.key: /path/to/your/client.key
-
-# If you need to provide a CA certificate for your Elasticsearch instance, put
-# the path of the pem file here.
-# elasticsearch.ssl.ca: /path/to/your/CA.pem
-
-# Set to false to have a complete disregard for the validity of the SSL
-# certificate.
-# elasticsearch.ssl.verify: true
-
-# Time in milliseconds to wait for elasticsearch to respond to pings, defaults to
-# request_timeout setting
-# elasticsearch.pingTimeout: 1500
-
-# Time in milliseconds to wait for responses from the back end or elasticsearch.
-# This must be > 0
-# elasticsearch.requestTimeout: 30000
-
-# Time in milliseconds for Elasticsearch to wait for responses from shards.
-# Set to 0 to disable.
-# elasticsearch.shardTimeout: 0
-
-# Time in milliseconds to wait for Elasticsearch at Kibana startup before retrying
-# elasticsearch.startupTimeout: 5000
-
-# Set the path to where you would like the process id file to be created.
-# pid.file: /var/run/kibana.pid
-
-# If you would like to send the log output to a file you can set the path below.
-logging.dest: {{ log_dir }}/kibana.log
-
-# Set this to true to suppress all logging output.
-# logging.silent: false
-
-# Set this to true to suppress all logging output except for error messages.
-# logging.quiet: false
-
-# Set this to true to log all events, including system usage information and all requests.
-# logging.verbose: false
-        </value>
-        <value-attributes>
-            <type>content</type>
-        </value-attributes>
-    </property>
-</configuration>

http://git-wip-us.apache.org/repos/asf/metron/blob/e8213918/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/KIBANA/4.5.1/metainfo.xml
----------------------------------------------------------------------
diff --git a/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/KIBANA/4.5.1/metainfo.xml b/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/KIBANA/4.5.1/metainfo.xml
deleted file mode 100755
index f59109c..0000000
--- a/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/KIBANA/4.5.1/metainfo.xml
+++ /dev/null
@@ -1,75 +0,0 @@
-<?xml version="1.0"?>
-<!--
-   Licensed to the Apache Software Foundation (ASF) under one or more
-   contributor license agreements.  See the NOTICE file distributed with
-   this work for additional information regarding copyright ownership.
-   The ASF licenses this file to You under the Apache License, Version 2.0
-   (the "License"); you may not use this file except in compliance with
-   the License.  You may obtain a copy of the License at
-
-       http://www.apache.org/licenses/LICENSE-2.0
-
-   Unless required by applicable law or agreed to in writing, software
-   distributed under the License is distributed on an "AS IS" BASIS,
-   WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-   See the License for the specific language governing permissions and
-   limitations under the License.
--->
-<metainfo>
-    <schemaVersion>2.0</schemaVersion>
-    <services>
-        <service>
-            <name>KIBANA</name>
-            <displayName>Kibana</displayName>
-            <comment>Kibana Dashboard</comment>
-            <version>4.5.1</version>
-            <components>
-                <component>
-                    <name>KIBANA_MASTER</name>
-                    <displayName>Kibana Server</displayName>
-                    <category>MASTER</category>
-                    <cardinality>1</cardinality>
-                    <commandScript>
-                        <script>scripts/kibana_master.py</script>
-                        <scriptType>PYTHON</scriptType>
-                        <timeout>600</timeout>
-                    </commandScript>
-                    <customCommands>
-                        <customCommand>
-                            <name>LOAD_TEMPLATE</name>
-                            <background>false</background>
-                            <commandScript>
-                                <script>scripts/kibana_master.py</script>
-                                <scriptType>PYTHON</scriptType>
-                            </commandScript>
-                        </customCommand>
-                    </customCommands>
-                </component>
-            </components>
-            <osSpecifics>
-                <osSpecific>
-                    <osFamily>any</osFamily>
-                    <packages>
-                        <package>
-                            <name>python-elasticsearch</name>
-                        </package>
-                        <package>
-                            <name>kibana-4.5.1</name>
-                        </package>
-                    </packages>
-                </osSpecific>
-            </osSpecifics>
-            <configuration-dependencies>
-                <config-type>kibana-env</config-type>
-                <config-type>kibana-site</config-type>
-            </configuration-dependencies>
-            <restartRequiredAfterChange>true</restartRequiredAfterChange>
-            <quickLinksConfigurations>
-                <quickLinksConfiguration>
-                    <fileName>quicklinks.json</fileName>
-                    <default>true</default>
-                </quickLinksConfiguration>
-            </quickLinksConfigurations>
-        </service>
-    </services>
-</metainfo>

http://git-wip-us.apache.org/repos/asf/metron/blob/e8213918/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/KIBANA/4.5.1/package/scripts/dashboard/__init__.py
----------------------------------------------------------------------
diff --git a/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/KIBANA/4.5.1/package/scripts/dashboard/__init__.py b/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/KIBANA/4.5.1/package/scripts/dashboard/__init__.py
deleted file mode 100755
index 8d2bad8..0000000
--- a/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/KIBANA/4.5.1/package/scripts/dashboard/__init__.py
+++ /dev/null
@@ -1,16 +0,0 @@
-#
-#  Licensed to the Apache Software Foundation (ASF) under one or more
-#  contributor license agreements.  See the NOTICE file distributed with
-#  this work for additional information regarding copyright ownership.
-#  The ASF licenses this file to You under the Apache License, Version 2.0
-#  (the "License"); you may not use this file except in compliance with
-#  the License.  You may obtain a copy of the License at
-#
-#      http://www.apache.org/licenses/LICENSE-2.0
-#
-#  Unless required by applicable law or agreed to in writing, software
-#  distributed under the License is distributed on an "AS IS" BASIS,
-#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#  See the License for the specific language governing permissions and
-#  limitations under the License.
-#
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/metron/blob/e8213918/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/KIBANA/4.5.1/package/scripts/dashboard/dashboard.p
----------------------------------------------------------------------
diff --git a/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/KIBANA/4.5.1/package/scripts/dashboard/dashboard.p b/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/KIBANA/4.5.1/package/scripts/dashboard/dashboard.p
deleted file mode 100644
index efff33d..0000000
--- a/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/KIBANA/4.5.1/package/scripts/dashboard/dashboard.p
+++ /dev/null
@@ -1,2341 +0,0 @@
-(lp1
-(dp2
-V_score
-p3
-F1
-sV_type
-p4
-Vindex-pattern
-p5
-sV_id
-p6
-Vbro*
-p7
-sV_source
-p8
-(dp9
-Vfields
-p10
-V[{"name":"TTLs","type":"number","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"qclass_name","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"bro_timestamp","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":true,"doc_values":false},{"name":"enrichments:geo:ip_dst_addr:location_point","type":"geo_point","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"answers","type":"ip","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"enrichmentjoinbolt:joiner:ts","type":"date","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"adapter:geoadapter:begin:ts","type":"date","count":1,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"resp_mime_types","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":true,"doc_values":false},{"name":"prot
 ocol","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"original_string","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":true,"doc_values":false},{"name":"adapter:threatinteladapter:end:ts","type":"date","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"host","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"adapter:geoadapter:end:ts","type":"date","count":1,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"AA","type":"boolean","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"method","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"enrichmentsplitterbolt:splitter:end:ts","type":"date","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"query","type":"string","count":0,"s
 cripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"enrichments:geo:ip_dst_addr:city","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"rcode","type":"number","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"adapter:hostfromjsonlistadapter:begin:ts","type":"date","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"orig_mime_types","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":true,"doc_values":false},{"name":"RA","type":"boolean","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"RD","type":"boolean","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"orig_fuids","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":true,"doc_values":false},{"name":"proto","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false
 ,"doc_values":true},{"name":"adapter:threatinteladapter:begin:ts","type":"date","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"_source","type":"_source","count":0,"scripted":false,"indexed":false,"analyzed":false,"doc_values":false},{"name":"enrichments:geo:ip_dst_addr:country","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"response_body_len","type":"number","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"enrichments:geo:ip_dst_addr:locID","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"qtype_name","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"status_code","type":"number","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"_index","type":"string","count":0,"scripted":false,"indexed":false,"analyzed":false,
 "doc_values":false},{"name":"ip_dst_port","type":"number","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"enrichments:geo:ip_dst_addr:dmaCode","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"threatinteljoinbolt:joiner:ts","type":"date","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"rejected","type":"boolean","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"qtype","type":"number","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"enrichmentsplitterbolt:splitter:begin:ts","type":"date","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"trans_id","type":"number","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"enrichments:geo:ip_dst_addr:latitude","type":"number","count":0,"scripted":false,"indexed":true,"ana
 lyzed":false,"doc_values":true},{"name":"uid","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"source:type","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"trans_depth","type":"number","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"ip_dst_addr","type":"ip","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"adapter:hostfromjsonlistadapter:end:ts","type":"date","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"Z","type":"number","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"ip_src_addr","type":"ip","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"threatintelsplitterbolt:splitter:end:ts","type":"date","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"enr
 ichments:geo:ip_dst_addr:longitude","type":"number","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"user_agent","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":true,"doc_values":false},{"name":"qclass","type":"number","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"timestamp","type":"date","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"resp_fuids","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":true,"doc_values":false},{"name":"request_body_len","type":"number","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"enrichments:geo:ip_dst_addr:postalCode","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"uri","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"rcode_name","type":"string","coun
 t":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"TC","type":"boolean","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"referrer","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"ip_src_port","type":"number","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"status_msg","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"threatintelsplitterbolt:splitter:begin:ts","type":"date","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"_id","type":"string","count":0,"scripted":false,"indexed":false,"analyzed":false,"doc_values":false},{"name":"_type","type":"string","count":1,"scripted":false,"indexed":false,"analyzed":false,"doc_values":false},{"name":"_score","type":"number","count":2,"scripted":false,"indexed":false,"analyzed":false,"doc_values":
 false}]
-p11
-sVtimeFieldName
-p12
-Vtimestamp
-p13
-sVtitle
-p14
-Vbro*
-p15
-ssV_index
-p16
-V.kibana
-p17
-sa(dp18
-V_score
-p19
-F1
-sV_type
-p20
-Vsearch
-p21
-sV_id
-p22
-Vsnort-search
-p23
-sV_source
-p24
-(dp25
-Vsort
-p26
-(lp27
-Vtimestamp
-p28
-aVdesc
-p29
-asVhits
-p30
-I0
-sVdescription
-p31
-V
-sVtitle
-p32
-VSnort Alerts
-p33
-sVversion
-p34
-I1
-sVkibanaSavedObjectMeta
-p35
-(dp36
-VsearchSourceJSON
-p37
-V{"index":"snort*","query":{"query_string":{"analyze_wildcard":true,"query":"*"}},"filter":[],"highlight":{"pre_tags":["@kibana-highlighted-field@"],"post_tags":["@/kibana-highlighted-field@"],"fields":{"*":{}},"require_field_match":false,"fragment_size":2147483647}}
-p38
-ssVcolumns
-p39
-(lp40
-Vmsg
-p41
-aVsig_id
-p42
-aVip_src_addr
-p43
-aVip_src_port
-p44
-aVip_dst_addr
-p45
-aVip_dst_port
-p46
-assV_index
-p47
-V.kibana
-p48
-sa(dp49
-V_score
-p50
-F1
-sV_type
-p51
-Vsearch
-p52
-sV_id
-p53
-Vyaf-search
-p54
-sV_source
-p55
-(dp56
-Vsort
-p57
-(lp58
-Vtimestamp
-p59
-aVdesc
-p60
-asVhits
-p61
-I0
-sVdescription
-p62
-V
-sVtitle
-p63
-VYAF
-p64
-sVversion
-p65
-I1
-sVkibanaSavedObjectMeta
-p66
-(dp67
-VsearchSourceJSON
-p68
-V{"index":"yaf*","filter":[],"highlight":{"pre_tags":["@kibana-highlighted-field@"],"post_tags":["@/kibana-highlighted-field@"],"fields":{"*":{}},"require_field_match":false,"fragment_size":2147483647},"query":{"query_string":{"query":"*","analyze_wildcard":true}}}
-p69
-ssVcolumns
-p70
-(lp71
-Vip_src_addr
-p72
-aVip_src_port
-p73
-aVip_dst_addr
-p74
-aVip_dst_port
-p75
-aVprotocol
-p76
-aVduration
-p77
-aVpkt
-p78
-assV_index
-p79
-V.kibana
-p80
-sa(dp81
-V_score
-p82
-F1
-sV_type
-p83
-Vvisualization
-p84
-sV_id
-p85
-VWelcome
-p86
-sV_source
-p87
-(dp88
-VvisState
-p89
-V{"title":"Welcome to Apache Metron","type":"markdown","params":{"markdown":"This dashboard enables the validation of Apache Metron and the end-to-end functioning of its default sensor suite.  The default sensor suite includes [Snort](https://www.snort.org/), [Bro](https://www.bro.org/), and [YAF](https://tools.netsa.cert.org/yaf/).  One of Apache Metron's primary goals is to simplify the onboarding of additional sources of telemetry.  In a production deployment these default sensors should be replaced with ones applicable to the target environment.\u005cn\u005cnApache Metron enables disparate sources of telemetry to all be viewed under a 'single pane of glass.'  Telemetry from each of the default sensors can be searched, aggregated, summarized, and viewed within this dashboard. This dashboard should be used as a springboard upon which to create your own customized dashboards.\u005cn\u005cnThe panels below highlight the volume and variety of events that are currently being consumed 
 by Apache Metron."},"aggs":[],"listeners":{}}
-p90
-sVdescription
-p91
-V
-sVtitle
-p92
-VWelcome to Apache Metron
-p93
-sVuiStateJSON
-p94
-V{}
-p95
-sVversion
-p96
-I1
-sVkibanaSavedObjectMeta
-p97
-(dp98
-VsearchSourceJSON
-p99
-V{"query":{"query_string":{"analyze_wildcard":true,"query":"*"}},"filter":[]}
-p100
-sssV_index
-p101
-V.kibana
-p102
-sa(dp103
-V_score
-p104
-F1
-sV_type
-p105
-Vvisualization
-p106
-sV_id
-p107
-VTop-Snort-Alerts-by-Source
-p108
-sV_source
-p109
-(dp110
-VvisState
-p111
-V{"title":"Top Snort Alerts by Source","type":"table","params":{"perPage":10,"showPartialRows":false,"showMeticsAtAllLevels":false},"aggs":[{"id":"1","type":"count","schema":"metric","params":{}},{"id":"2","type":"terms","schema":"bucket","params":{"field":"ip_src_addr","size":10,"order":"desc","orderBy":"1","customLabel":"Source IP"}}],"listeners":{}}
-p112
-sVdescription
-p113
-V
-sVtitle
-p114
-VTop Snort Alerts by Source
-p115
-sVuiStateJSON
-p116
-V{}
-p117
-sVversion
-p118
-I1
-sVkibanaSavedObjectMeta
-p119
-(dp120
-VsearchSourceJSON
-p121
-V{"index":"snort*","query":{"query_string":{"query":"*","analyze_wildcard":true}},"filter":[]}
-p122
-sssV_index
-p123
-V.kibana
-p124
-sa(dp125
-V_score
-p126
-F1
-sV_type
-p127
-Vvisualization
-p128
-sV_id
-p129
-VWeb-Request-Type
-p130
-sV_source
-p131
-(dp132
-VvisState
-p133
-V{"title":"Web Request Type","type":"pie","params":{"shareYAxis":true,"addTooltip":true,"addLegend":true,"isDonut":false},"aggs":[{"id":"1","type":"count","schema":"metric","params":{}},{"id":"2","type":"terms","schema":"segment","params":{"field":"method","size":5,"order":"desc","orderBy":"1"}}],"listeners":{}}
-p134
-sVdescription
-p135
-V
-sVtitle
-p136
-VWeb Request Type
-p137
-sVuiStateJSON
-p138
-V{}
-p139
-sVversion
-p140
-I1
-sVsavedSearchId
-p141
-Vweb-search
-p142
-sVkibanaSavedObjectMeta
-p143
-(dp144
-VsearchSourceJSON
-p145
-V{"filter":[]}
-p146
-sssV_index
-p147
-V.kibana
-p148
-sa(dp149
-V_score
-p150
-F1
-sV_type
-p151
-Vconfig
-p152
-sV_id
-p153
-V4.5.1
-p154
-sV_source
-p155
-(dp156
-VbuildNum
-p157
-I9892
-sVdefaultIndex
-p158
-Vbro*
-p159
-ssV_index
-p160
-V.kibana
-p161
-sa(dp162
-V_score
-p163
-F1
-sV_type
-p164
-Vvisualization
-p165
-sV_id
-p166
-VErrors-By-Hostname
-p167
-sV_source
-p168
-(dp169
-VvisState
-p170
-V{\u000a  "title": "Errors By Error Type",\u000a  "type": "histogram",\u000a  "params": {\u000a    "addLegend": true,\u000a    "addTimeMarker": false,\u000a    "addTooltip": true,\u000a    "defaultYExtents": false,\u000a    "mode": "grouped",\u000a    "scale": "linear",\u000a    "setYExtents": false,\u000a    "shareYAxis": true,\u000a    "times": [],\u000a    "yAxis": {}\u000a  },\u000a  "aggs": [\u000a    {\u000a      "id": "1",\u000a      "type": "count",\u000a      "schema": "metric",\u000a      "params": {\u000a        "customLabel": "Count"\u000a      }\u000a    },\u000a    {\u000a      "id": "2",\u000a      "type": "terms",\u000a      "schema": "segment",\u000a      "params": {\u000a        "field": "hostname",\u000a        "size": 5,\u000a        "order": "desc",\u000a        "orderBy": "1"\u000a      }\u000a    },\u000a    {\u000a      "id": "4",\u000a      "type": "cardinality",\u000a      "schema": "metric",\u000a      "params": {\u000a        "field": "error_hash",\u000a 
        "customLabel": "Unique Datapoint Count"\u000a      }\u000a    }\u000a  ],\u000a  "listeners": {}\u000a}
-p171
-sVdescription
-p172
-V
-sVtitle
-p173
-VErrors By Hostname
-p174
-sVuiStateJSON
-p175
-V{\u000a  "vis": {\u000a    "colors": {\u000a      "Unique Datapoint Count": "#9AC48A",\u000a      "Count": "#629E51"\u000a    }\u000a  }\u000a}
-p176
-sVversion
-p177
-I1
-sVkibanaSavedObjectMeta
-p178
-(dp179
-VsearchSourceJSON
-p180
-V{\u000a  "index": "error*",\u000a  "query": {\u000a    "query_string": {\u000a      "analyze_wildcard": true,\u000a      "query": "*"\u000a    }\u000a  },\u000a  "filter": []\u000a}
-p181
-sssV_index
-p182
-V.kibana
-p183
-sa(dp184
-V_score
-p185
-F1
-sV_type
-p186
-Vvisualization
-p187
-sV_id
-p188
-VWeb-Request-Header
-p189
-sV_source
-p190
-(dp191
-VvisState
-p192
-V{"title":"Web Request Header","type":"markdown","params":{"markdown":"The [Bro Network Security Monitor](https://www.bro.org/) is extracting application-level information from raw network packets.  In this example, Bro is extracting HTTP(S) requests being made over the network. "},"aggs":[],"listeners":{}}
-p193
-sVdescription
-p194
-V
-sVtitle
-p195
-VWeb Request Header
-p196
-sVuiStateJSON
-p197
-V{}
-p198
-sVversion
-p199
-I1
-sVkibanaSavedObjectMeta
-p200
-(dp201
-VsearchSourceJSON
-p202
-V{"query":{"query_string":{"query":"*","analyze_wildcard":true}},"filter":[]}
-p203
-sssV_index
-p204
-V.kibana
-p205
-sa(dp206
-V_score
-p207
-F1
-sV_type
-p208
-Vvisualization
-p209
-sV_id
-p210
-VError-Type-Proportion
-p211
-sV_source
-p212
-(dp213
-VvisState
-p214
-V{"title":"Error Type Proportion","type":"pie","params":{"shareYAxis":true,"addTooltip":true,"addLegend":true,"isDonut":false},"aggs":[{"id":"1","type":"count","schema":"metric","params":{}},{"id":"2","type":"terms","schema":"segment","params":{"field":"error_type","size":5,"order":"desc","orderBy":"1"}}],"listeners":{}}
-p215
-sVdescription
-p216
-V
-sVtitle
-p217
-VError Type Proportion
-p218
-sVuiStateJSON
-p219
-V{}
-p220
-sVversion
-p221
-I1
-sVkibanaSavedObjectMeta
-p222
-(dp223
-VsearchSourceJSON
-p224
-V{"index":"error*","query":{"query_string":{"query":"*","analyze_wildcard":true}},"filter":[]}
-p225
-sssV_index
-p226
-V.kibana
-p227
-sa(dp228
-V_score
-p229
-F1
-sV_type
-p230
-Vvisualization
-p231
-sV_id
-p232
-VFlow-Duration
-p233
-sV_source
-p234
-(dp235
-VvisState
-p236
-V{"title":"Flow Duration","type":"area","params":{"shareYAxis":true,"addTooltip":true,"addLegend":true,"smoothLines":false,"scale":"linear","interpolate":"linear","mode":"stacked","times":[],"addTimeMarker":false,"defaultYExtents":false,"setYExtents":false,"yAxis":{}},"aggs":[{"id":"1","type":"count","schema":"metric","params":{}},{"id":"2","type":"histogram","schema":"segment","params":{"field":"duration","interval":10,"extended_bounds":{},"customLabel":"Flow Duration (seconds)"}}],"listeners":{}}
-p237
-sVdescription
-p238
-V
-sVtitle
-p239
-VFlow Duration
-p240
-sVuiStateJSON
-p241
-V{"vis":{"legendOpen":false}}
-p242
-sVversion
-p243
-I1
-sVkibanaSavedObjectMeta
-p244
-(dp245
-VsearchSourceJSON
-p246
-V{"index":"yaf*","query":{"query_string":{"query":"*","analyze_wildcard":true}},"filter":[]}
-p247
-sssV_index
-p248
-V.kibana
-p249
-sa(dp250
-V_score
-p251
-F1
-sV_type
-p252
-Vvisualization
-p253
-sV_id
-p254
-VErrors-By-Source
-p255
-sV_source
-p256
-(dp257
-VvisState
-p258
-V{"title":"Errors By Source","type":"histogram","params":{"shareYAxis":true,"addTooltip":true,"addLegend":true,"scale":"linear","mode":"stacked","times":[],"addTimeMarker":false,"defaultYExtents":false,"setYExtents":false,"yAxis":{}},"aggs":[{"id":"1","type":"count","schema":"metric","params":{}},{"id":"2","type":"terms","schema":"segment","params":{"field":"source_type","size":5,"order":"desc","orderBy":"1","customLabel":"Source"}}],"listeners":{}}
-p259
-sVdescription
-p260
-V
-sVtitle
-p261
-VErrors By Source
-p262
-sVuiStateJSON
-p263
-V{}
-p264
-sVversion
-p265
-I1
-sVkibanaSavedObjectMeta
-p266
-(dp267
-VsearchSourceJSON
-p268
-V{"index":"error*","query":{"query_string":{"query":"*","analyze_wildcard":true}},"filter":[]}
-p269
-sssV_index
-p270
-V.kibana
-p271
-sa(dp272
-V_score
-p273
-F1
-sV_type
-p274
-Vvisualization
-p275
-sV_id
-p276
-VEvents
-p277
-sV_source
-p278
-(dp279
-VvisState
-p280
-V{"title":"Events","type":"histogram","params":{"shareYAxis":true,"addTooltip":true,"addLegend":true,"scale":"linear","mode":"stacked","times":[],"addTimeMarker":false,"defaultYExtents":false,"setYExtents":false,"yAxis":{}},"aggs":[{"id":"1","type":"count","schema":"metric","params":{}},{"id":"2","type":"date_histogram","schema":"segment","params":{"field":"timestamp","interval":"auto","customInterval":"2h","min_doc_count":1,"extended_bounds":{}}},{"id":"3","type":"terms","schema":"group","params":{"field":"source:type","size":5,"order":"desc","orderBy":"1"}}],"listeners":{}}
-p281
-sVdescription
-p282
-V
-sVtitle
-p283
-VEvents
-p284
-sVuiStateJSON
-p285
-V{"vis":{"legendOpen":false}}
-p286
-sVversion
-p287
-I1
-sVkibanaSavedObjectMeta
-p288
-(dp289
-VsearchSourceJSON
-p290
-V{"index":["yaf*","bro*","snort*"],"query":{"query_string":{"query":"*","analyze_wildcard":true}},"filter":[]}
-p291
-sssV_index
-p292
-V.kibana
-p293
-sa(dp294
-V_score
-p295
-F1
-sV_type
-p296
-Vvisualization
-p297
-sV_id
-p298
-VError-Hostname-Proportion
-p299
-sV_source
-p300
-(dp301
-VvisState
-p302
-V{"aggs":[{"id":"1","params":{},"schema":"metric","type":"count"},{"id":"2","params":{"customLabel":"Sensor","field":"hostname","order":"desc","orderBy":"1","size":5},"schema":"segment","type":"terms"}],"listeners":{},"params":{"addLegend":true,"addTooltip":true,"isDonut":false,"shareYAxis":true},"title":"Error Source Proportion","type":"pie"}
-p303
-sVdescription
-p304
-V
-sVtitle
-p305
-VError Hostname Proportion
-p306
-sVuiStateJSON
-p307
-V{"vis":{"colors":{"host":"#629E51","host2":"#9AC48A","hostAnother":"#7EB26D","hostNew":"#B7DBAB"}}}
-p308
-sVversion
-p309
-I1
-sVkibanaSavedObjectMeta
-p310
-(dp311
-VsearchSourceJSON
-p312
-V{"index":"error*","query":{"query_string":{"analyze_wildcard":true,"query":"*"}},"filter":[]}
-p313
-sssV_index
-p314
-V.kibana
-p315
-sa(dp316
-V_score
-p317
-F1
-sV_type
-p318
-Vvisualization
-p319
-sV_id
-p320
-VUnique-Error-Messages
-p321
-sV_source
-p322
-(dp323
-VvisState
-p324
-V{\u000a  "title": "Total Unique Error Messages",\u000a  "type": "metric",\u000a  "params": {\u000a    "handleNoResults": true,\u000a    "fontSize": 60\u000a  },\u000a  "aggs": [\u000a    {\u000a      "id": "1",\u000a      "type": "cardinality",\u000a      "schema": "metric",\u000a      "params": {\u000a        "field": "error_hash",\u000a        "customLabel": "Unique Error Messages"\u000a      }\u000a    }\u000a  ],\u000a  "listeners": {}\u000a}
-p325
-sVdescription
-p326
-V
-sVtitle
-p327
-VUnique Error Messages
-p328
-sVuiStateJSON
-p329
-V{}
-p330
-sVversion
-p331
-I1
-sVkibanaSavedObjectMeta
-p332
-(dp333
-VsearchSourceJSON
-p334
-V{\u000a  "index": "error*",\u000a  "query": {\u000a    "query_string": {\u000a      "query": "*",\u000a      "analyze_wildcard": true\u000a    }\u000a  },\u000a  "filter": []\u000a}
-p335
-sssV_index
-p336
-V.kibana
-p337
-sa(dp338
-V_score
-p339
-F1
-sV_type
-p340
-Vvisualization
-p341
-sV_id
-p342
-VErrors-By-Error-Type
-p343
-sV_source
-p344
-(dp345
-VvisState
-p346
-V{\u000a  "title": "Errors By Error Type",\u000a  "type": "histogram",\u000a  "params": {\u000a    "addLegend": true,\u000a    "addTimeMarker": false,\u000a    "addTooltip": true,\u000a    "defaultYExtents": false,\u000a    "mode": "grouped",\u000a    "scale": "linear",\u000a    "setYExtents": false,\u000a    "shareYAxis": true,\u000a    "times": [],\u000a    "yAxis": {}\u000a  },\u000a  "aggs": [\u000a    {\u000a      "id": "1",\u000a      "type": "count",\u000a      "schema": "metric",\u000a      "params": {\u000a        "customLabel": "Count"\u000a      }\u000a    },\u000a    {\u000a      "id": "2",\u000a      "type": "terms",\u000a      "schema": "segment",\u000a      "params": {\u000a        "field": "error_type",\u000a        "size": 5,\u000a        "order": "desc",\u000a        "orderBy": "1"\u000a      }\u000a    },\u000a    {\u000a      "id": "4",\u000a      "type": "cardinality",\u000a      "schema": "metric",\u000a      "params": {\u000a        "field": "error_hash",\u000
 a        "customLabel": "Unique Datapoint Count"\u000a      }\u000a    }\u000a  ],\u000a  "listeners": {}\u000a}
-p347
-sVdescription
-p348
-V
-sVtitle
-p349
-VErrors By Error Type
-p350
-sVuiStateJSON
-p351
-V{\u000a  "vis": {\u000a    "colors": {\u000a      "Unique Datapoint Count": "#806EB7",\u000a      "Count": "#614D93"\u000a    }\u000a  }\u000a}
-p352
-sVversion
-p353
-I1
-sVkibanaSavedObjectMeta
-p354
-(dp355
-VsearchSourceJSON
-p356
-V{\u000a  "index": "error*",\u000a  "query": {\u000a    "query_string": {\u000a      "analyze_wildcard": true,\u000a      "query": "*"\u000a    }\u000a  },\u000a  "filter": []\u000a}
-p357
-sssV_index
-p358
-V.kibana
-p359
-sa(dp360
-V_score
-p361
-F1
-sV_type
-p362
-Vsearch
-p363
-sV_id
-p364
-VErrors
-p365
-sV_source
-p366
-(dp367
-Vsort
-p368
-(lp369
-Vtimestamp
-p370
-aVdesc
-p371
-asVhits
-p372
-I0
-sVdescription
-p373
-V
-sVtitle
-p374
-VErrors
-p375
-sVversion
-p376
-I1
-sVkibanaSavedObjectMeta
-p377
-(dp378
-VsearchSourceJSON
-p379
-V{"index":"error*","query":{"query_string":{"analyze_wildcard":true,"query":"*"}},"filter":[],"highlight":{"pre_tags":["@kibana-highlighted-field@"],"post_tags":["@/kibana-highlighted-field@"],"fields":{"*":{}},"require_field_match":false,"fragment_size":2147483647}}
-p380
-ssVcolumns
-p381
-(lp382
-Vfailed_sensor_type
-p383
-aVerror_type
-p384
-aVexception
-p385
-aVhostname
-p386
-aVmessage
-p387
-aVraw_message
-p388
-aVerror_hash
-p389
-assV_index
-p390
-V.kibana
-p391
-sa(dp392
-V_score
-p393
-F1
-sV_type
-p394
-Vvisualization
-p395
-sV_id
-p396
-VSnort-Header
-p397
-sV_source
-p398
-(dp399
-VvisState
-p400
-V{"title":"Snort","type":"markdown","params":{"markdown":"[Snort](https://www.snort.org/) is a Network Intrusion Detection System (NIDS) that is being used to generate alerts identifying known bad events.  Snort relies on a fixed set of rules that act as signatures for identifying abnormal events."},"aggs":[],"listeners":{}}
-p401
-sVdescription
-p402
-V
-sVtitle
-p403
-VSnort
-p404
-sVuiStateJSON
-p405
-V{}
-p406
-sVversion
-p407
-I1
-sVkibanaSavedObjectMeta
-p408
-(dp409
-VsearchSourceJSON
-p410
-V{"query":{"query_string":{"query":"*","analyze_wildcard":true}},"filter":[]}
-p411
-sssV_index
-p412
-V.kibana
-p413
-sa(dp414
-V_score
-p415
-F1
-sV_type
-p416
-Vvisualization
-p417
-sV_id
-p418
-VYAF-Flow(s)
-p419
-sV_source
-p420
-(dp421
-VvisState
-p422
-V{"title":"YAF Flows","type":"metric","params":{"handleNoResults":true,"fontSize":60},"aggs":[{"id":"1","type":"count","schema":"metric","params":{}}],"listeners":{}}
-p423
-sVdescription
-p424
-V
-sVtitle
-p425
-VYAF Flows
-p426
-sVuiStateJSON
-p427
-V{}
-p428
-sVversion
-p429
-I1
-sVkibanaSavedObjectMeta
-p430
-(dp431
-VsearchSourceJSON
-p432
-V{"index":"yaf*","query":{"query_string":{"query":"*","analyze_wildcard":true}},"filter":[]}
-p433
-sssV_index
-p434
-V.kibana
-p435
-sa(dp436
-V_score
-p437
-F1
-sV_type
-p438
-Vvisualization
-p439
-sV_id
-p440
-VTop-DNS-Query
-p441
-sV_source
-p442
-(dp443
-VvisState
-p444
-V{"title":"Top DNS Query","type":"table","params":{"perPage":10,"showPartialRows":false,"showMeticsAtAllLevels":false},"aggs":[{"id":"1","type":"count","schema":"metric","params":{}},{"id":"2","type":"terms","schema":"bucket","params":{"field":"query","size":10,"order":"desc","orderBy":"1"}}],"listeners":{}}
-p445
-sVdescription
-p446
-V
-sVtitle
-p447
-VTop DNS Query
-p448
-sVuiStateJSON
-p449
-V{}
-p450
-sVversion
-p451
-I1
-sVkibanaSavedObjectMeta
-p452
-(dp453
-VsearchSourceJSON
-p454
-V{"index":"bro*","query":{"query_string":{"query":"*","analyze_wildcard":true}},"filter":[]}
-p455
-sssV_index
-p456
-V.kibana
-p457
-sa(dp458
-V_score
-p459
-F1
-sV_type
-p460
-Vvisualization
-p461
-sV_id
-p462
-VEvent-Types
-p463
-sV_source
-p464
-(dp465
-VvisState
-p466
-V{"title":"Event Sources","type":"pie","params":{"shareYAxis":true,"addTooltip":true,"addLegend":true,"isDonut":false},"aggs":[{"id":"1","type":"count","schema":"metric","params":{}},{"id":"2","type":"terms","schema":"segment","params":{"field":"source:type","size":10,"order":"desc","orderBy":"1"}}],"listeners":{}}
-p467
-sVdescription
-p468
-V
-sVtitle
-p469
-VEvent Sources
-p470
-sVuiStateJSON
-p471
-V{}
-p472
-sVversion
-p473
-I1
-sVkibanaSavedObjectMeta
-p474
-(dp475
-VsearchSourceJSON
-p476
-V{"index":["yaf*","bro*","snort*"],"query":{"query_string":{"query":"*","analyze_wildcard":true}},"filter":[]}
-p477
-sssV_index
-p478
-V.kibana
-p479
-sa(dp480
-V_score
-p481
-F1
-sV_type
-p482
-Vvisualization
-p483
-sV_id
-p484
-VTotal-Events
-p485
-sV_source
-p486
-(dp487
-VvisState
-p488
-V{"title":"Event Count","type":"metric","params":{"handleNoResults":true,"fontSize":60},"aggs":[{"id":"1","type":"count","schema":"metric","params":{"customLabel":"Events"}}],"listeners":{}}
-p489
-sVdescription
-p490
-V
-sVtitle
-p491
-VEvent Count
-p492
-sVuiStateJSON
-p493
-V{}
-p494
-sVversion
-p495
-I1
-sVkibanaSavedObjectMeta
-p496
-(dp497
-VsearchSourceJSON
-p498
-V{"index":["yaf*","bro*","snort*"],"query":{"query_string":{"query":"*","analyze_wildcard":true}},"filter":[]}
-p499
-sssV_index
-p500
-V.kibana
-p501
-sa(dp502
-V_score
-p503
-F1
-sV_type
-p504
-Vvisualization
-p505
-sV_id
-p506
-VUnique-Location(s)
-p507
-sV_source
-p508
-(dp509
-VvisState
-p510
-V{"title":"Geo-IP Locations","type":"metric","params":{"handleNoResults":true,"fontSize":60},"aggs":[{"id":"1","type":"cardinality","schema":"metric","params":{"field":"enrichments:geo:ip_src_addr:locID","customLabel":"Unique Location(s)"}}],"listeners":{}}
-p511
-sVdescription
-p512
-V
-sVtitle
-p513
-VGeo-IP Locations
-p514
-sVuiStateJSON
-p515
-V{}
-p516
-sVversion
-p517
-I1
-sVkibanaSavedObjectMeta
-p518
-(dp519
-VsearchSourceJSON
-p520
-V{"index":["yaf*","bro*","snort*"],"query":{"query_string":{"query":"*","analyze_wildcard":true}},"filter":[]}
-p521
-sssV_index
-p522
-V.kibana
-p523
-sa(dp524
-V_score
-p525
-F1
-sV_type
-p526
-Vvisualization
-p527
-sV_id
-p528
-VTop-Alerts-By-Host
-p529
-sV_source
-p530
-(dp531
-VvisState
-p532
-V{"title":"Top Alerts By Host","type":"table","params":{"perPage":10,"showPartialRows":false,"showMeticsAtAllLevels":false},"aggs":[{"id":"1","type":"count","schema":"metric","params":{}},{"id":"2","type":"terms","schema":"bucket","params":{"field":"ip_src_addr","size":5,"order":"desc","orderBy":"1","customLabel":"Source"}},{"id":"3","type":"terms","schema":"bucket","params":{"field":"ip_dst_addr","size":5,"order":"desc","orderBy":"1","customLabel":"Destination"}}],"listeners":{}}
-p533
-sVdescription
-p534
-V
-sVtitle
-p535
-VTop Alerts By Host
-p536
-sVuiStateJSON
-p537
-V{}
-p538
-sVversion
-p539
-I1
-sVsavedSearchId
-p540
-Vsnort-search
-p541
-sVkibanaSavedObjectMeta
-p542
-(dp543
-VsearchSourceJSON
-p544
-V{"filter":[]}
-p545
-sssV_index
-p546
-V.kibana
-p547
-sa(dp548
-V_score
-p549
-F1
-sV_type
-p550
-Vvisualization
-p551
-sV_id
-p552
-VTotal-Error-Messages
-p553
-sV_source
-p554
-(dp555
-VvisState
-p556
-V{"title":"Total Errored Messages","type":"metric","params":{"handleNoResults":true,"fontSize":60},"aggs":[{"id":"1","type":"count","schema":"metric","params":{"customLabel":"Total Error Messages"}}],"listeners":{}}
-p557
-sVdescription
-p558
-V
-sVtitle
-p559
-VTotal Error Messages
-p560
-sVuiStateJSON
-p561
-V{}
-p562
-sVversion
-p563
-I1
-sVkibanaSavedObjectMeta
-p564
-(dp565
-VsearchSourceJSON
-p566
-V{"index":"error*","query":{"query_string":{"query":"*","analyze_wildcard":true}},"filter":[]}
-p567
-sssV_index
-p568
-V.kibana
-p569
-sa(dp570
-V_score
-p571
-F1
-sV_type
-p572
-Vvisualization
-p573
-sV_id
-p574
-VErrors-By-Source-Type
-p575
-sV_source
-p576
-(dp577
-VvisState
-p578
-V{\u000a  "title": "Errors By Source Type",\u000a  "type": "histogram",\u000a  "params": {\u000a    "shareYAxis": true,\u000a    "addTooltip": true,\u000a    "addLegend": true,\u000a    "scale": "linear",\u000a    "mode": "grouped",\u000a    "times": [],\u000a    "addTimeMarker": false,\u000a    "defaultYExtents": false,\u000a    "setYExtents": false,\u000a    "yAxis": {}\u000a  },\u000a  "aggs": [\u000a    {\u000a      "id": "1",\u000a      "type": "count",\u000a      "schema": "metric",\u000a      "params": {\u000a        "customLabel": "Count"\u000a      }\u000a    },\u000a    {\u000a      "id": "2",\u000a      "type": "terms",\u000a      "schema": "segment",\u000a      "params": {\u000a        "field": "failed_sensor_type",\u000a        "size": 5,\u000a        "order": "desc",\u000a        "orderBy": "1"\u000a      }\u000a    },\u000a    {\u000a      "id": "4",\u000a      "type": "cardinality",\u000a      "schema": "metric",\u000a      "params": {\u000a        "field": "error_ha
 sh",\u000a        "customLabel": "Unique Datapoint Count"\u000a      }\u000a    }\u000a  ],\u000a  "listeners": {}\u000a}
-p579
-sVdescription
-p580
-V
-sVtitle
-p581
-VErrors By Source Type
-p582
-sVuiStateJSON
-p583
-V{\u000a  "vis": {\u000a    "colors": {\u000a      "Unique Datapoint Count": "#0A50A1",\u000a      "Count": "#5195CE"\u000a    }\u000a  }\u000a}
-p584
-sVversion
-p585
-I1
-sVkibanaSavedObjectMeta
-p586
-(dp587
-VsearchSourceJSON
-p588
-V{\u000a  "index": "error*",\u000a  "query": {\u000a    "query_string": {\u000a      "analyze_wildcard": true,\u000a      "query": "*"\u000a    }\u000a  },\u000a  "filter": []\u000a}
-p589
-sssV_index
-p590
-V.kibana
-p591
-sa(dp592
-V_score
-p593
-F1
-sV_type
-p594
-Vvisualization
-p595
-sV_id
-p596
-VError-Histogram-By-Sensor-Type
-p597
-sV_source
-p598
-(dp599
-VvisState
-p600
-V{"title":"Error Histogram By Sensor Type","type":"histogram","params":{"shareYAxis":true,"addTooltip":true,"addLegend":true,"scale":"linear","mode":"grouped","times":[],"addTimeMarker":false,"defaultYExtents":false,"setYExtents":false,"yAxis":{}},"aggs":[{"id":"1","type":"count","schema":"metric","params":{}},{"id":"2","type":"date_histogram","schema":"segment","params":{"field":"timestamp","interval":"auto","customInterval":"2h","min_doc_count":1,"extended_bounds":{},"customLabel":"Time"}},{"id":"3","type":"terms","schema":"group","params":{"field":"failed_sensor_type","size":5,"order":"desc","orderBy":"1"}}],"listeners":{}}
-p601
-sVdescription
-p602
-V
-sVtitle
-p603
-VError Histogram By Sensor Type
-p604
-sVuiStateJSON
-p605
-V{}
-p606
-sVversion
-p607
-I1
-sVsavedSearchId
-p608
-VErrors
-p609
-sVkibanaSavedObjectMeta
-p610
-(dp611
-VsearchSourceJSON
-p612
-V{"filter":[]}
-p613
-sssV_index
-p614
-V.kibana
-p615
-sa(dp616
-V_score
-p617
-F1
-sV_type
-p618
-Vdashboard
-p619
-sV_id
-p620
-VMetron-Dashboard
-p621
-sV_source
-p622
-(dp623
-Vhits
-p624
-I0
-sVtimeRestore
-p625
-I00
-sVdescription
-p626
-V
-sVtitle
-p627
-VMetron Dashboard
-p628
-sVuiStateJSON
-p629
-V{"P-23":{"spy":{"mode":{"name":null,"fill":false}}},"P-34":{"vis":{"legendOpen":false}}}
-p630
-sVpanelsJSON
-p631
-V[{"col":1,"id":"Welcome","panelIndex":30,"row":1,"size_x":11,"size_y":2,"type":"visualization"},{"col":1,"id":"Total-Events","panelIndex":6,"row":3,"size_x":3,"size_y":2,"type":"visualization"},{"col":4,"id":"Events","panelIndex":16,"row":3,"size_x":8,"size_y":4,"type":"visualization"},{"col":1,"id":"Event-Types","panelIndex":15,"row":5,"size_x":3,"size_y":2,"type":"visualization"},{"col":1,"id":"Location-Header","panelIndex":24,"row":7,"size_x":3,"size_y":2,"type":"visualization"},{"col":1,"id":"Unique-Location(s)","panelIndex":23,"row":9,"size_x":3,"size_y":2,"type":"visualization"},{"col":4,"id":"Flow-Locations","panelIndex":32,"row":7,"size_x":8,"size_y":6,"type":"visualization"},{"col":1,"id":"Country","panelIndex":8,"row":11,"size_x":3,"size_y":2,"type":"visualization"},{"col":1,"id":"YAF-Flows-Header","panelIndex":27,"row":13,"size_x":3,"size_y":2,"type":"visualization"},{"col":1,"id":"YAF-Flow(s)","panelIndex":21,"row":15,"size_x":3,"size_y":2,"type":"visualization"},{"col"
 :4,"columns":["ip_src_addr","ip_src_port","ip_dst_addr","ip_dst_port","protocol","duration","pkt"],"id":"yaf-search","panelIndex":20,"row":13,"size_x":8,"size_y":6,"sort":["duration","desc"],"type":"search"},{"col":1,"id":"Flow-Duration","panelIndex":31,"row":17,"size_x":3,"size_y":2,"type":"visualization"},{"col":1,"id":"Snort-Header","panelIndex":25,"row":19,"size_x":3,"size_y":2,"type":"visualization"},{"col":4,"columns":["msg","sig_id","ip_src_addr","ip_src_port","ip_dst_addr","ip_dst_port"],"id":"snort-search","panelIndex":3,"row":19,"size_x":8,"size_y":6,"sort":["timestamp","desc"],"type":"search"},{"col":1,"id":"Snort-Alert-Types","panelIndex":10,"row":21,"size_x":3,"size_y":2,"type":"visualization"},{"col":1,"id":"Top-Alerts-By-Host","panelIndex":19,"row":23,"size_x":3,"size_y":2,"type":"visualization"},{"col":1,"id":"Web-Request-Header","panelIndex":26,"row":25,"size_x":3,"size_y":2,"type":"visualization"},{"col":4,"columns":["method","host","uri","referrer","user_agent","i
 p_src_addr","ip_dst_addr"],"id":"web-search","panelIndex":4,"row":25,"size_x":8,"size_y":6,"sort":["timestamp","desc"],"type":"search"},{"col":1,"id":"HTTP(S)-Requests","panelIndex":17,"row":27,"size_x":3,"size_y":2,"type":"visualization"},{"col":1,"id":"DNS-Requests-Header","panelIndex":29,"row":31,"size_x":3,"size_y":2,"type":"visualization"},{"col":4,"columns":["query","qtype_name","answers","ip_src_addr","ip_dst_addr"],"id":"dns-search","panelIndex":5,"row":31,"size_x":8,"size_y":6,"sort":["timestamp","desc"],"type":"search"},{"col":1,"id":"DNS-Request(s)","panelIndex":14,"row":33,"size_x":3,"size_y":2,"type":"visualization"},{"col":1,"id":"Web-Request-Type","panelIndex":33,"row":29,"size_x":3,"size_y":2,"type":"visualization"}]
-p632
-sVoptionsJSON
-p633
-V{"darkTheme":false}
-p634
-sVversion
-p635
-I1
-sVkibanaSavedObjectMeta
-p636
-(dp637
-VsearchSourceJSON
-p638
-V{"filter":[{"query":{"query_string":{"analyze_wildcard":true,"query":"*"}}}]}
-p639
-sssV_index
-p640
-V.kibana
-p641
-sa(dp642
-V_score
-p643
-F1
-sV_type
-p644
-Vindex-pattern
-p645
-sV_id
-p646
-Vsnort*
-p647
-sV_source
-p648
-(dp649
-Vfields
-p650
-V[{"name":"msg","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":true,"doc_values":false},{"name":"enrichments:geo:ip_dst_addr:location_point","type":"geo_point","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"dgmlen","type":"number","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"enrichments:geo:ip_src_addr:longitude","type":"number","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"enrichmentjoinbolt:joiner:ts","type":"date","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"enrichments:geo:ip_src_addr:dmaCode","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"adapter:geoadapter:begin:ts","type":"date","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"tcpack","type":"string","count":0,"scripted":false,"indexed":true,"analyze
 d":true,"doc_values":false},{"name":"protocol","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"adapter:threatinteladapter:end:ts","type":"date","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"enrichments:geo:ip_src_addr:locID","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"original_string","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":true,"doc_values":false},{"name":"adapter:geoadapter:end:ts","type":"date","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"id","type":"number","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"enrichments:geo:ip_src_addr:location_point","type":"geo_point","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"enrichmentsplitterbolt:splitter:end:ts","type":"date","count":0,"scr
 ipted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"enrichments:geo:ip_dst_addr:city","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"adapter:hostfromjsonlistadapter:begin:ts","type":"date","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"enrichments:geo:ip_src_addr:postalCode","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"ethlen","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"threat:triage:level","type":"number","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"tcpflags","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":true,"doc_values":false},{"name":"adapter:threatinteladapter:begin:ts","type":"date","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"_source","type"
 :"_source","count":0,"scripted":false,"indexed":false,"analyzed":false,"doc_values":false},{"name":"enrichments:geo:ip_dst_addr:country","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"enrichments:geo:ip_dst_addr:locID","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"_index","type":"string","count":0,"scripted":false,"indexed":false,"analyzed":false,"doc_values":false},{"name":"ip_dst_port","type":"number","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"threatinteljoinbolt:joiner:ts","type":"date","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"enrichments:geo:ip_dst_addr:dmaCode","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"sig_rev","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":true,"doc_values":false},{"name":"ethsrc
 ","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"tcpseq","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":true,"doc_values":false},{"name":"enrichmentsplitterbolt:splitter:begin:ts","type":"date","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"tcpwindow","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":true,"doc_values":false},{"name":"enrichments:geo:ip_dst_addr:latitude","type":"number","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"source:type","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"ip_dst_addr","type":"ip","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"adapter:hostfromjsonlistadapter:end:ts","type":"date","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"tos","type":"n
 umber","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"ip_src_addr","type":"ip","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"threatintelsplitterbolt:splitter:end:ts","type":"date","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"enrichments:geo:ip_src_addr:latitude","type":"number","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"enrichments:geo:ip_dst_addr:longitude","type":"number","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"timestamp","type":"date","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"ethdst","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"enrichments:geo:ip_dst_addr:postalCode","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"
 is_alert","type":"boolean","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"enrichments:geo:ip_src_addr:country","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"ttl","type":"number","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"iplen","type":"number","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"ip_src_port","type":"number","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"threatintelsplitterbolt:splitter:begin:ts","type":"date","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"sig_id","type":"number","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"sig_generator","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"enrichments:geo:ip_src_addr:city","t
 ype":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"_id","type":"string","count":0,"scripted":false,"indexed":false,"analyzed":false,"doc_values":false},{"name":"_type","type":"string","count":0,"scripted":false,"indexed":false,"analyzed":false,"doc_values":false},{"name":"_score","type":"number","count":0,"scripted":false,"indexed":false,"analyzed":false,"doc_values":false}]
-p651
-sVtimeFieldName
-p652
-Vtimestamp
-p653
-sVtitle
-p654
-Vsnort*
-p655
-ssV_index
-p656
-V.kibana
-p657
-sa(dp658
-V_score
-p659
-F1
-sV_type
-p660
-Vindex-pattern
-p661
-sV_id
-p662
-Vyaf*
-p663
-sV_source
-p664
-(dp665
-Vfields
-p666
-V[{"name":"enrichments:geo:ip_dst_addr:location_point","type":"geo_point","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"isn","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"enrichmentjoinbolt:joiner:ts","type":"date","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"dip","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"adapter:geoadapter:begin:ts","type":"date","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"dp","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"protocol","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":true,"doc_values":false},{"name":"rpkt","type":"number","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"original_string","type":"strin
 g","count":0,"scripted":false,"indexed":true,"analyzed":true,"doc_values":false},{"name":"adapter:threatinteladapter:end:ts","type":"date","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"adapter:geoadapter:end:ts","type":"date","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"tag","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"app","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"oct","type":"number","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"end_reason","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":true,"doc_values":false},{"name":"enrichmentsplitterbolt:splitter:end:ts","type":"date","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"enrichments:geo:ip_dst_addr:city","type":"string","count":0,"sc
 ripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"adapter:hostfromjsonlistadapter:begin:ts","type":"date","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"start_time","type":"date","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"riflags","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":true,"doc_values":false},{"name":"proto","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"adapter:threatinteladapter:begin:ts","type":"date","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"_source","type":"_source","count":0,"scripted":false,"indexed":false,"analyzed":false,"doc_values":false},{"name":"enrichments:geo:ip_dst_addr:country","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"enrichments:geo:ip_dst_addr:locID","type":"string","
 count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"iflags","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"_index","type":"string","count":0,"scripted":false,"indexed":false,"analyzed":false,"doc_values":false},{"name":"ip_dst_port","type":"number","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"enrichments:geo:ip_dst_addr:dmaCode","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"threatinteljoinbolt:joiner:ts","type":"date","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"uflags","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"enrichmentsplitterbolt:splitter:begin:ts","type":"date","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"enrichments:geo:ip_dst_addr:latitude","type":
 "number","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"duration","type":"number","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"source:type","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"ip_dst_addr","type":"ip","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"pkt","type":"number","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"adapter:hostfromjsonlistadapter:end:ts","type":"date","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"ruflags","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"roct","type":"number","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"sip","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_value
 s":true},{"name":"sp","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"ip_src_addr","type":"ip","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"rtag","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"threatintelsplitterbolt:splitter:end:ts","type":"date","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"enrichments:geo:ip_dst_addr:longitude","type":"number","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"timestamp","type":"date","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"end-reason","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":true,"doc_values":false},{"name":"risn","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"end_time","type":"date","count"
 :0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"enrichments:geo:ip_dst_addr:postalCode","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"rtt","type":"number","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"ip_src_port","type":"number","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"threatintelsplitterbolt:splitter:begin:ts","type":"date","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"_id","type":"string","count":0,"scripted":false,"indexed":false,"analyzed":false,"doc_values":false},{"name":"_type","type":"string","count":0,"scripted":false,"indexed":false,"analyzed":false,"doc_values":false},{"name":"_score","type":"number","count":0,"scripted":false,"indexed":false,"analyzed":false,"doc_values":false}]
-p667
-sVtimeFieldName
-p668
-Vtimestamp
-p669
-sVtitle
-p670
-Vyaf*
-p671
-ssV_index
-p672
-V.kibana
-p673
-sa(dp674
-V_score
-p675
-F1
-sV_type
-p676
-Vsearch
-p677
-sV_id
-p678
-Vweb-search
-p679
-sV_source
-p680
-(dp681
-Vsort
-p682
-(lp683
-Vtimestamp
-p684
-aVdesc
-p685
-asVhits
-p686
-I0
-sVdescription
-p687
-V
-sVtitle
-p688
-VWeb Requests
-p689
-sVversion
-p690
-I1
-sVkibanaSavedObjectMeta
-p691
-(dp692
-VsearchSourceJSON
-p693
-V{"index":"bro*","query":{"query_string":{"query":"protocol: http OR protocol: https","analyze_wildcard":true}},"filter":[],"highlight":{"pre_tags":["@kibana-highlighted-field@"],"post_tags":["@/kibana-highlighted-field@"],"fields":{"*":{}},"require_field_match":false,"fragment_size":2147483647}}
-p694
-ssVcolumns
-p695
-(lp696
-Vmethod
-p697
-aVhost
-p698
-aVuri
-p699
-aVreferrer
-p700
-aVip_src_addr
-p701
-aVip_dst_addr
-p702
-assV_index
-p703
-V.kibana
-p704
-sa(dp705
-V_score
-p706
-F1
-sV_type
-p707
-Vvisualization
-p708
-sV_id
-p709
-VLocation-Header
-p710
-sV_source
-p711
-(dp712
-VvisState
-p713
-V{"title":"Enrichment","type":"markdown","params":{"markdown":"Apache Metron can perform real-time enrichment of telemetry data as it is consumed. To highlight this feature, all of the IP address fields collected from the default sensor suite were used to perform geo-ip lookups.  This data was then used to pinpoint each location on the map."},"aggs":[],"listeners":{}}
-p714
-sVdescription
-p715
-V
-sVtitle
-p716
-VEnrichment
-p717
-sVuiStateJSON
-p718
-V{}
-p719
-sVversion
-p720
-I1
-sVkibanaSavedObjectMeta
-p721
-(dp722
-VsearchSourceJSON
-p723
-V{"query":{"query_string":{"query":"*","analyze_wildcard":true}},"filter":[]}
-p724
-sssV_index
-p725
-V.kibana
-p726
-sa(dp727
-V_score
-p728
-F1
-sV_type
-p729
-Vvisualization
-p730
-sV_id
-p731
-VSnort-Alert-Types
-p732
-sV_source
-p733
-(dp734
-VvisState
-p735
-V{"title":"Snort Alert Types","type":"metric","params":{"handleNoResults":true,"fontSize":60},"aggs":[{"id":"1","type":"cardinality","schema":"metric","params":{"field":"sig_id","customLabel":"Alert Type(s)"}}],"listeners":{}}
-p736
-sVdescription
-p737
-V
-sVtitle
-p738
-VSnort Alert Types
-p739
-sVuiStateJSON
-p740
-V{}
-p741
-sVversion
-p742
-I1
-sVkibanaSavedObjectMeta
-p743
-(dp744
-VsearchSourceJSON
-p745
-V{"index":"snort*","query":{"query_string":{"query":"*","analyze_wildcard":true}},"filter":[]}
-p746
-sssV_index
-p747
-V.kibana
-p748
-sa(dp749
-V_score
-p750
-F1
-sV_type
-p751
-Vvisualization
-p752
-sV_id
-p753
-VFrequent-DNS-Queries
-p754
-sV_source
-p755
-(dp756
-VvisState
-p757
-V{"title":"Frequent DNS Requests","type":"table","params":{"perPage":10,"showPartialRows":false,"showMeticsAtAllLevels":false},"aggs":[{"id":"1","type":"count","schema":"metric","params":{}},{"id":"2","type":"terms","schema":"bucket","params":{"field":"query","size":5,"order":"desc","orderBy":"1"}}],"listeners":{}}
-p758
-sVdescription
-p759
-V
-sVtitle
-p760
-VFrequent DNS Requests
-p761
-sVuiStateJSON
-p762
-V{}
-p763
-sVversion
-p764
-I1
-sVkibanaSavedObjectMeta
-p765
-(dp766
-VsearchSourceJSON
-p767
-V{"index":"bro*","query":{"query_string":{"query":"*","analyze_wildcard":true}},"filter":[]}
-p768
-sssV_index
-p769
-V.kibana
-p770
-sa(dp771
-V_score
-p772
-F1
-sV_type
-p773
-Vvisualization
-p774
-sV_id
-p775
-VDNS-Request(s)
-p776
-sV_source
-p777
-(dp778
-VvisState
-p779
-V{"title":"DNS Requests","type":"metric","params":{"handleNoResults":true,"fontSize":60},"aggs":[{"id":"1","type":"count","schema":"metric","params":{}}],"listeners":{}}
-p780
-sVdescription
-p781
-V
-sVtitle
-p782
-VDNS Requests
-p783
-sVuiStateJSON
-p784
-V{}
-p785
-sVversion
-p786
-I1
-sVsavedSearchId
-p787
-Vdns-search
-p788
-sVkibanaSavedObjectMeta
-p789
-(dp790
-VsearchSourceJSON
-p791
-V{"filter":[]}
-p792
-sssV_index
-p793
-V.kibana
-p794
-sa(dp795
-V_score
-p796
-F1
-sV_type
-p797
-Vvisualization
-p798
-sV_id
-p799
-VHTTP(S)-Requests
-p800
-sV_source
-p801
-(dp802
-VvisState
-p803
-V{"title":"Web Requests","type":"metric","params":{"handleNoResults":true,"fontSize":60},"aggs":[{"id":"1","type":"count","schema":"metric","params":{}}],"listeners":{}}
-p804
-sVdescription
-p805
-V
-sVtitle
-p806
-VWeb Requests
-p807
-sVuiStateJSON
-p808
-V{}
-p809
-sVversion
-p810
-I1
-sVsavedSearchId
-p811
-Vweb-search
-p812
-sVkibanaSavedObjectMeta
-p813
-(dp814
-VsearchSourceJSON
-p815
-V{"filter":[]}
-p816
-sssV_index
-p817
-V.kibana
-p818
-sa(dp819
-V_score
-p820
-F1
-sV_type
-p821
-Vvisualization
-p822
-sV_id
-p823
-VErrors-Over-Time
-p824
-sV_source
-p825
-(dp826
-VvisState
-p827
-V{\u000a  "title": "Error Over Time",\u000a  "type": "line",\u000a  "params": {\u000a    "shareYAxis": true,\u000a    "addTooltip": true,\u000a    "addLegend": true,\u000a    "showCircles": true,\u000a    "smoothLines": false,\u000a    "interpolate": "linear",\u000a    "scale": "linear",\u000a    "drawLinesBetweenPoints": true,\u000a    "radiusRatio": 9,\u000a    "times": [],\u000a    "addTimeMarker": true,\u000a    "defaultYExtents": false,\u000a    "setYExtents": false,\u000a    "yAxis": {\u000a      "min": 0\u000a    }\u000a  },\u000a  "aggs": [\u000a    {\u000a      "id": "1",\u000a      "type": "count",\u000a      "schema": "metric",\u000a      "params": {}\u000a    },\u000a    {\u000a      "id": "2",\u000a      "type": "date_histogram",\u000a      "schema": "segment",\u000a      "params": {\u000a        "field": "timestamp",\u000a        "interval": "auto",\u000a        "customInterval": "2h",\u000a        "min_doc_count": 1,\u000a        "extended_bounds": {}\u000a      }\u00
 0a    }\u000a  ],\u000a  "listeners": {}\u000a}
-p828
-sVdescription
-p829
-V
-sVtitle
-p830
-VErrors Over Time
-p831
-sVuiStateJSON
-p832
-V{}
-p833
-sVversion
-p834
-I1
-sVkibanaSavedObjectMeta
-p835
-(dp836
-VsearchSourceJSON
-p837
-V{\u000a  "index": "error*",\u000a  "query": {\u000a    "query_string": {\u000a      "query": "*",\u000a      "analyze_wildcard": true\u000a    }\u000a  },\u000a  "filter": []\u000a}
-p838
-sssV_index
-p839
-V.kibana
-p840
-sa(dp841
-V_score
-p842
-F1
-sV_type
-p843
-Vvisualization
-p844
-sV_id
-p845
-VError-Source-Proportion
-p846
-sV_source
-p847
-(dp848
-VvisState
-p849
-V{\u000a  "title": "Sensor Type Proportion",\u000a  "type": "pie",\u000a  "params": {\u000a    "shareYAxis": true,\u000a    "addTooltip": true,\u000a    "addLegend": true,\u000a    "isDonut": false\u000a  },\u000a  "aggs": [\u000a    {\u000a      "id": "1",\u000a      "type": "count",\u000a      "schema": "metric",\u000a      "params": {}\u000a    },\u000a    {\u000a      "id": "2",\u000a      "type": "terms",\u000a      "schema": "segment",\u000a      "params": {\u000a        "field": "failed_sensor_type",\u000a        "size": 5,\u000a        "order": "desc",\u000a        "orderBy": "1",\u000a        "customLabel": "Sensor"\u000a      }\u000a    }\u000a  ],\u000a  "listeners": {}\u000a}
-p850
-sVdescription
-p851
-V
-sVtitle
-p852
-VError Source Proportion
-p853
-sVuiStateJSON
-p854
-V{}
-p855
-sVversion
-p856
-I1
-sVkibanaSavedObjectMeta
-p857
-(dp858
-VsearchSourceJSON
-p859
-V{\u000a  "index": "error*",\u000a  "query": {\u000a    "query_string": {\u000a      "query": "*",\u000a      "analyze_wildcard": true\u000a    }\u000a  },\u000a  "filter": []\u000a}
-p860
-sssV_index
-p861
-V.kibana
-p862
-sa(dp863
-V_score
-p864
-F1
-sV_type
-p865
-Vindex-pattern
-p866
-sV_id
-p867
-Verror*
-p868
-sV_source
-p869
-(dp870
-Vfields
-p871
-V[{"name":"exception","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"stack","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"_index","type":"string","count":0,"scripted":false,"indexed":false,"analyzed":false,"doc_values":false},{"name":"error_hash","type":"string","count":1,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"raw_message","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"message","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"failed_sensor_type","type":"string","count":1,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"hostname","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"source:type","type":"string","count":1,"scripted":false,"indexed":true
 ,"analyzed":true,"doc_values":false},{"name":"error_type","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"error_fields","type":"string","count":0,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"_source","type":"_source","count":0,"scripted":false,"indexed":false,"analyzed":false,"doc_values":false},{"name":"raw_message_bytes","type":"string","count":0,"scripted":false,"indexed":false,"analyzed":false,"doc_values":false},{"name":"timestamp","type":"date","count":1,"scripted":false,"indexed":true,"analyzed":false,"doc_values":true},{"name":"_id","type":"string","count":0,"scripted":false,"indexed":false,"analyzed":false,"doc_values":false},{"name":"_type","type":"string","count":0,"scripted":false,"indexed":false,"analyzed":false,"doc_values":false},{"name":"_score","type":"number","count":0,"scripted":false,"indexed":false,"analyzed":false,"doc_values":false}]
-p872
-sVtimeFieldName
-p873
-Vtimestamp
-p874
-sVtitle
-p875
-Verror*
-p876
-ssV_index
-p877
-V.kibana
-p878
-sa(dp879
-V_score
-p880
-F1
-sV_type
-p881
-Vvisualization
-p882
-sV_id
-p883
-VError-Date-Histogram
-p884
-sV_source
-p885
-(dp886
-VvisState
-p887
-V{"title":"New Visualization","type":"histogram","params":{"shareYAxis":true,"addTooltip":true,"addLegend":true,"scale":"linear","mode":"stacked","times":[],"addTimeMarker":false,"defaultYExtents":false,"setYExtents":false,"yAxis":{}},"aggs":[{"id":"1","type":"count","schema":"metric","params":{}},{"id":"2","type":"date_histogram","schema":"segment","params":{"field":"timestamp","interval":"auto","customInterval":"2h","min_doc_count":1,"extended_bounds":{},"customLabel":"Time"}}],"listeners":{}}
-p888
-sVdescription
-p889
-V
-sVtitle
-p890
-VError Date Histogram
-p891
-sVuiStateJSON
-p892
-V{}
-p893
-sVversion
-p894
-I1
-sVsavedSearchId
-p895
-VErrors
-p896
-sVkibanaSavedObjectMeta
-p897
-(dp898
-VsearchSourceJSON
-p899
-V{"filter":[]}
-p900
-sssV_index
-p901
-V.kibana
-p902
-sa(dp903
-V_score
-p904
-F1
-sV_type
-p905
-Vdashboard
-p906
-sV_id
-p907
-VMetron-Error-Dashboard
-p908
-sV_source
-p909
-(dp910
-Vhits
-p911
-I0
-sVtimeRestore
-p912
-I00
-sVdescription
-p913
-V
-sVtitle
-p914
-VMetron Error Dashboard
-p915
-sVuiStateJSON
-p916
-V{"P-2":{"vis":{"legendOpen":true}},"P-23":{"vis":{"colors":{"amb3.service.consul":"#629E51","host":"#629E51","host2":"#9AC48A","hostAnother":"#7EB26D","hostNew":"#B7DBAB"}}},"P-3":{"vis":{"colors":{"fourth":"#1F78C1","new_error":"#BADFF4","test_error":"#82B5D8"}}},"P-5":{"vis":{"colors":{"another_new_parser_error":"#806EB7","new_parser_error":"#AEA2E0","parser_error":"#614D93"}}}}
-p917
-sVpanelsJSON
-p918
-V[{"col":5,"id":"Errors-By-Error-Type","panelIndex":2,"row":9,"size_x":8,"size_y":3,"type":"visualization"},{"col":1,"id":"Error-Source-Proportion","panelIndex":3,"row":9,"size_x":4,"size_y":3,"type":"visualization"},{"col":5,"id":"Errors-By-Source-Type","panelIndex":4,"row":12,"size_x":8,"size_y":3,"type":"visualization"},{"col":1,"id":"Error-Type-Proportion","panelIndex":5,"row":12,"size_x":4,"size_y":3,"type":"visualization"},{"col":8,"id":"Unique-Error-Messages","panelIndex":19,"row":1,"size_x":4,"size_y":2,"type":"visualization"},{"col":3,"id":"Total-Error-Messages","panelIndex":20,"row":1,"size_x":4,"size_y":2,"type":"visualization"},{"col":5,"id":"Errors-By-Hostname","panelIndex":22,"row":15,"size_x":8,"size_y":3,"type":"visualization"},{"col":1,"id":"Error-Hostname-Proportion","panelIndex":23,"row":15,"size_x":4,"size_y":3,"type":"visualization"},{"col":1,"columns":["failed_sensor_type","error_type","exception","hostname","message","raw_message","error_hash"],"id":"Errors","
 panelIndex":25,"row":18,"size_x":12,"size_y":7,"sort":["timestamp","desc"],"type":"search"},{"col":1,"id":"Error-Histogram-By-Sensor-Type","panelIndex":27,"row":3,"size_x":12,"size_y":3,"type":"visualization"},{"id":"Unique-Error-Histogram-By-Sensor-Type","type":"visualization","panelIndex":28,"size_x":12,"size_y":3,"col":1,"row":6}]
-p919
-sVoptionsJSON
-p920
-V{"darkTheme":false}
-p921
-sVversion
-p922
-I1
-sVkibanaSavedObjectMeta
-p923
-(dp924
-VsearchSourceJSON
-p925
-V{"filter":[{"query":{"query_string":{"analyze_wildcard":true,"query":"*"}}}]}
-p926
-sssV_index
-p927
-V.kibana
-p928
-sa(dp929
-V_score
-p930
-F1
-sV_type
-p931
-Vconfig
-p932
-sV_id
-p933
-V4.5.3
-p934
-sV_source
-p935
-(dp936
-VbuildNum
-p937
-I9892
-sVdefaultIndex
-p938
-Vbro*
-p939
-ssV_index
-p940
-V.kibana
-p941
-sa(dp942
-V_score
-p943
-F1
-sV_type
-p944
-Vsearch
-p945
-sV_id
-p946
-Vdns-search
-p947
-sV_source
-p948
-(dp949
-Vsort
-p950
-(lp951
-Vtimestamp
-p952
-aVdesc
-p953
-asVhits
-p954
-I0
-sVdescription
-p955
-V
-sVtitle
-p956
-VDNS Requests
-p957
-sVversion
-p958
-I1
-sVkibanaSavedObjectMeta
-p959
-(dp960
-VsearchSourceJSON
-p961
-V{"index":"bro*","query":{"query_string":{"query":"protocol: dns","analyze_wildcard":true}},"filter":[],"highlight":{"pre_tags":["@kibana-highlighted-field@"],"post_tags":["@/kibana-highlighted-field@"],"fields":{"*":{}},"require_field_match":false,"fragment_size":2147483647}}
-p962
-ssVcolumns
-p963
-(lp964
-Vquery
-p965
-aVqtype_name
-p966
-aVanswers
-p967
-aVip_src_addr
-p968
-aVip_dst_addr
-p969
-assV_index
-p970
-V.kibana
-p971
-sa(dp972
-V_score
-p973
-F1
-sV_type
-p974
-Vvisualization
-p975
-sV_id
-p976
-VDNS-Requests-Header
-p977
-sV_source
-p978
-(dp979
-VvisState
-p980
-V{"aggs":[],"listeners":{},"params":{"markdown":"[Bro](https://www.bro.org/) is extracting DNS requests and responses being made over the network. Understanding who is making those requests, the frequency, and types can provide a deep understanding of the actors present on the network."},"title":"DNS Requests","type":"markdown"}
-p981
-sVdescription
-p982
-V
-sVtitle
-p983
-VDNS Requests
-p984
-sVuiStateJSON
-p985
-V{}
-p986
-sVversion
-p987
-I1
-sVkibanaSavedObjectMeta
-p988
-(dp989
-VsearchSourceJSON
-p990
-V{"query":{"query_string":{"analyze_wildcard":true,"query":"*"}},"filter":[]}
-p991
-sssV_index
-p992
-V.kibana
-p993
-sa(dp994
-V_score
-p995
-F1
-sV_type
-p996
-Vvisualization
-p997
-sV_id
-p998
-VYAF-Flows-Header
-p999
-sV_source
-p1000
-(dp1001
-VvisState
-p1002
-V{"title":"YAF","type":"markdown","params":{"markdown":"[YAF](https://tools.netsa.cert.org/yaf/yaf.html) can be used to generate Netflow-like flow records.  These flow records provide significant visibility of the actors communicating over the target network."},"aggs":[],"listeners":{}}
-p1003
-sVdescription
-p1004
-V
-sVtitle
-p1005
-VYAF
-p1006
-sVuiStateJSON
-p1007
-V{}
-p1008
-sVversion
-p1009
-I1
-sVkibanaSavedObjectMeta
-p1010
-(dp1011
-VsearchSourceJSON
-p1012
-V{"query":{"query_string":{"analyze_wildcard":true,"query":"*"}},"filter":[]}
-p1013
-sssV_index
-p1014
-V.kibana
-p1015
-sa(dp1016
-V_score
-p1017
-F1
-sV_type
-p1018
-Vvisualization
-p1019
-sV_id
-p1020
-VTop-5-Exceptions
-p1021
-sV_source
-p1022
-(dp1023
-VvisState
-p1024
-V{"title":"Top-5 Exceptions","type":"histogram","params":{"shareYAxis":true,"addTooltip":true,"addLegend":true,"scale":"linear","mode":"stacked","times":[],"addTimeMarker":false,"defaultYExtents":false,"setYExtents":false,"yAxis":{}},"aggs":[{"id":"1","type":"count","schema":"metric","params":{}},{"id":"2","type":"terms","schema":"segment","params":{"field":"exception","size":5,"order":"desc","orderBy":"1","customLabel":"Exceptions"}}],"listeners":{}}
-p1025
-sVdescription
-p1026
-V
-sVtitle
-p1027
-VTop-5 Exceptions
-p1028
-sVuiStateJSON
-p1029
-V{}
-p1030
-sVversion
-p1031
-I1
-sVkibanaSavedObjectMeta
-p1032
-(dp1033
-VsearchSourceJSON
-p1034
-V{"index":"error*","query":{"query_string":{"query":"*","analyze_wildcard":true}},"filter":[]}
-p1035
-sssV_index
-p1036
-V.kibana
-p1037
-sa(dp1038
-V_score
-p1039
-F1
-sV_type
-p1040
-Vvisualization
-p1041
-sV_id
-p1042
-VFrequent-DNS-Requests
-p1043
-sV_source
-p1044
-(dp1045
-VvisState
-p1046
-V{"title":"Frequent DNS Requests","type":"table","params":{"perPage":10,"showPartialRows":false,"showMeticsAtAllLevels":false},"aggs":[{"id":"1","type":"count","schema":"metric","params":{}},{"id":"2","type":"terms","schema":"bucket","params":{"field":"query","size":5,"order":"desc","orderBy":"1","customLabel":"DNS Query"}}],"listeners":{}}
-p1047
-sVdescription
-p1048
-V
-sVtitle
-p1049
-VFrequent DNS Requests
-p1050
-sVuiStateJSON
-p1051
-V{}
-p1052
-sVversion
-p1053
-I1
-sVkibanaSavedObjectMeta
-p1054
-(dp1055
-VsearchSourceJSON
-p1056
-V{"index":"bro*","query":{"query_string":{"query":"*","analyze_wildcard":true}},"filter":[]}
-p1057
-sssV_index
-p1058
-V.kibana
-p1059
-sa(dp1060
-V_score
-p1061
-F1
-sV_type
-p1062
-Vvisualization
-p1063
-sV_id
-p1064
-VCountry
-p1065
-sV_source
-p1066
-(dp1067
-VvisState
-p1068
-V{"title":"By Country","type":"pie","params":{"shareYAxis":true,"addTooltip":true,"addLegend":true,"isDonut":false},"aggs":[{"id":"1","type":"count","schema":"metric","params":{}},{"id":"2","type":"terms","schema":"segment","params":{"field":"enrichments:geo:ip_src_addr:country","size":5,"order":"desc","orderBy":"1"}}],"listeners":{}}
-p1069
-sVdescription
-p1070
-V
-sVtitle
-p1071
-VBy Country
-p1072
-sVuiStateJSON
-p1073
-V{}
-p1074
-sVversion
-p1075
-I1
-sVkibanaSavedObjectMeta
-p1076
-(dp1077
-VsearchSourceJSON
-p1078
-V{"index":["yaf*","bro*","snort*"],"query":{"query_string":{"query":"*","analyze_wildcard":true}},"filter":[]}
-p1079
-sssV_index
-p1080
-V.kibana
-p1081
-sa(dp1082
-V_score
-p1083
-F1
-sV_type
-p1084
-Vvisualization
-p1085
-sV_id
-p1086
-VTop-Destinations
-p1087
-sV_source
-p1088
-(dp1089
-VvisState
-p1090
-V{"title":"Top Destinations","type":"table","params":{"perPage":10,"showPartialRows":false,"showMeticsAtAllLevels":false},"aggs":[{"id":"1","type":"count","schema":"metric","params":{}},{"id":"2","type":"terms","schema":"bucket","params":{"field":"ip_dst_addr","size":10,"order":"desc","orderBy":"1","customLabel":"Destination IP"}}],"listeners":{}}
-p1091
-sVdescription
-p1092
-V
-sVtitle
-p1093
-VTop Destinations
-p1094
-sVuiStateJSON
-p1095
-V{}
-p1096
-sVversion
-p1097
-I1
-sVkibanaSavedObjectMeta
-p1098
-(dp1099
-VsearchSourceJSON
-p1100
-V{"index":["yaf*","bro*","snort*"],"query":{"query_string":{"query":"*","analyze_wildcard":true}},"filter":[]}
-p1101
-sssV_index
-p1102
-V.kibana
-p1103
-sa(dp1104
-V_score
-p1105
-F1
-sV_type
-p1106
-Vvisualization
-p1107
-sV_id
-p1108
-VUnusual-Referrers
-p1109
-sV_source
-p1110
-(dp1111
-VvisState
-p1112
-V{"title":"Unusual Referrers","type":"table","params":{"perPage":10,"showPartialRows":false,"showMeticsAtAllLevels":false},"aggs":[{"id":"1","type":"count","schema":"metric","params":{}},{"id":"2","type":"significant_terms","schema":"bucket","params":{"field":"referrer","size":5,"customLabel":"Top 5 Unusual Referrers"}}],"listeners":{}}
-p1113
-sVdescription
-p1114
-V
-sVtitle
-p1115
-VUnusual Referrers
-p1116
-sVuiStateJSON
-p1117
-V{}
-p1118
-sVversion
-p1119
-I1
-sVsavedSearchId
-p1120
-Vweb-search
-p1121
-sVkibanaSavedObjectMeta
-p1122
-(dp1123
-VsearchSourceJSON
-p1124
-V{"filter":[]}
-p1125
-sssV_index
-p1126
-V.kibana
-p1127
-sa(dp1128
-V_score
-p1129
-F1
-sV_type
-p1130
-Vvisualization
-p1131
-sV_id
-p1132
-VUnique-Error-Histogram-By-Sensor-Type
-p1133
-sV_source
-p1134
-(dp1135
-VvisState
-p1136
-V{"title":"Error Histogram By Sensor Type","type":"histogram","params":{"shareYAxis":true,"addTooltip":true,"addLegend":true,"scale":"linear","mode":"grouped","times":[],"addTimeMarker":false,"defaultYExtents":false,"setYExtents":false,"yAxis":{}},"aggs":[{"id":"1","type":"cardinality","schema":"metric","params":{"field":"error_hash"}},{"id":"2","type":"date_histogram","schema":"segment","params":{"field":"timestamp","interval":"auto","customInterval":"2h","min_doc_count":1,"extended_bounds":{},"customLabel":"Time"}},{"id":"3","type":"terms","schema":"group","params":{"field":"failed_sensor_type","size":5,"order":"desc","orderBy":"1"}}],"listeners":{}}
-p1137
-sVdescription
-p1138
-V
-sVtitle
-p1139
-VUnique Error Histogram By Sensor Type
-p1140
-sVuiStateJSON
-p1141
-V{}
-p1142
-sVversion
-p1143
-I1
-sVsavedSearchId
-p1144
-VErrors
-p1145
-sVkibanaSavedObjectMeta
-p1146
-(dp1147
-VsearchSourceJSON
-p1148
-V{"filter":[]}
-p1149
-sssV_index
-p1150
-V.kibana
-p1151
-sa(dp1152
-V_score
-p1153
-F1
-sV_type
-p1154
-Vvisualization
-p1155
-sV_id
-p1156
-VFlow-Locations
-p1157
-sV_source
-p1158
-(dp1159
-VvisState
-p1160
-V{"title":"Flow Locations","type":"tile_map","params":{"mapType":"Scaled Circle Markers","isDesaturated":true,"addTooltip":true,"heatMaxZoom":16,"heatMinOpacity":0.1,"heatRadius":25,"heatBlur":15,"heatNormalizeData":true,"wms":{"enabled":true,"url":"https://basemap.nationalmap.gov/arcgis/services/USGSTopo/MapServer/WMSServer","options":{"version":"1.3.0","layers":"0","format":"image/png","transparent":true,"attribution":"Maps provided by USGS","styles":""}}},"aggs":[{"id":"1","type":"count","schema":"metric","params":{}},{"id":"2","type":"geohash_grid","schema":"segment","params":{"field":"enrichments:geo:ip_dst_addr:location_point","autoPrecision":true,"precision":2}}],"listeners":{}}
-p1161
-sVdescription
-p1162
-V
-sVtitle
-p1163
-VFlow Locations
-p1164
-sVuiStateJSON
-p1165
-V{}
-p1166
-sVversion
-p1167
-I1
-sVkibanaSavedObjectMeta
-p1168
-(dp1169
-VsearchSourceJSON
-p1170
-V{"index":["yaf*","bro*","snort*"],"query":{"query_string":{"query":"*","analyze_wildcard":true}},"filter":[]}
-p1171
-sssV_index
-p1172
-V.kibana
-p1173
-sa.
\ No newline at end of file

http://git-wip-us.apache.org/repos/asf/metron/blob/e8213918/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/KIBANA/4.5.1/package/scripts/dashboard/dashboardindex.py
----------------------------------------------------------------------
diff --git a/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/KIBANA/4.5.1/package/scripts/dashboard/dashboardindex.py b/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/KIBANA/4.5.1/package/scripts/dashboard/dashboardindex.py
deleted file mode 100755
index f0903ac..0000000
--- a/metron-deployment/packaging/ambari/metron-mpack/src/main/resources/common-services/KIBANA/4.5.1/package/scripts/dashboard/dashboardindex.py
+++ /dev/null
@@ -1,95 +0,0 @@
-#!/usr/bin/python
-#
-#  Licensed to the Apache Software Foundation (ASF) under one or more
-#  contributor license agreements.  See the NOTICE file distributed with
-#  this work for additional information regarding copyright ownership.
-#  The ASF licenses this file to You under the Apache License, Version 2.0
-#  (the "License"); you may not use this file except in compliance with
-#  the License.  You may obtain a copy of the License at
-#
-#      http://www.apache.org/licenses/LICENSE-2.0
-#
-#  Unless required by applicable law or agreed to in writing, software
-#  distributed under the License is distributed on an "AS IS" BASIS,
-#  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-#  See the License for the specific language governing permissions and
-#  limitations under the License.
-#
-
-from elasticsearch import Elasticsearch
-from elasticsearch.helpers import bulk
-import cPickle as pickle
-import argparse, sys, os.path
-import errno
-import os
-
-
-class DashboardIndex(object):
-
-    def __init__(self, host='localhost', port=9200, url_prefix='', timeout=10, **kwargs):
-        """
-        :arg host: hostname of the node (default: localhost)
-        :arg port: port to use (integer, default: 9200)
-        :arg url_prefix: optional url prefix for elasticsearch
-        :arg timeout: default timeout in seconds (float, default: 10)
-        """
-        self.es = Elasticsearch([{'host':host,'port': port, 'url_prefix': url_prefix, 'timeout':timeout}])
-
-    def get(self):
-        """
-        Get .kibana index from Elasticsearch
-        """
-        dotkibana = self.es.search(index='.kibana', size = 100)
-        return dotkibana['hits']['hits']
-
-    def load(self,filespec):
-        """
-        Save Index data on local filesystem
-        :args filespec: path/filename for saved file
-        """
-        data=[]
-        with open(filespec,'rb') as fp:
-            data = pickle.load(fp)
-        return data
-
-    def save(self,filename,data):
-        """
-        Save Index data on local filesystem
-        :args filespec: path/filename for saved file
-        """
-        with open(filename,'wb') as fp:
-            pickle.dump(data,fp)
-
-    def put(self,data):
-        """
-        Bulk write data to Elasticsearch
-        :args data: data to be written (note: index name is specified in data)
-        """
-        bulk(self.es,data)
-
-    def main(self,args):
-
-        if args.save:
-            print("running save with host:%s on port %d, filespec: %s" % (args.hostname, args.port, args.filespec))
-            self.save(filename=args.filespec,data=di.get())
-        else:
-            """
-            Loads Kibana Dashboard definition from disk and replaces .kibana on index
-            :args filespec: path/filename for saved file
-            """
-            if not os.path.isfile(args.filespec):
-                raise IOError(
-                    errno.ENOENT, os.strerror(errno.ENOENT), args.filespec)
-            self.es.indices.delete(index='.kibana', ignore=[400, 404])
-            self.put(data=di.load(filespec=args.filespec))
-
-if __name__ == '__main__':
-
-    parser = argparse.ArgumentParser()
-    parser.add_argument("hostname", help="ES Hostname or IP", type=str)
-    parser.add_argument("port", help="ES Port", type=int)
-    parser.add_argument("filespec", help="file to be pushed from or saved to", type=str)
-    parser.add_argument("-s","--save", help="run in SAVE mode - .kibana will be read and saved to filespec",action="store_true")
-    args = parser.parse_args()
-    di = DashboardIndex(host=args.hostname,port=args.port)
-    di.main(args)


Mime
View raw message