[ { "_id": "SOFTWARE", "_type": "dashboard", "_source": { "title": "SOFTWARE", "hits": 0, "description": "", "panelsJSON": "[{\"col\":1,\"id\":\"Software-Software-List\",\"panelIndex\":1,\"row\":1,\"size_x\":4,\"size_y\":5,\"type\":\"visualization\"},{\"col\":5,\"id\":\"Software-Unique\",\"panelIndex\":3,\"row\":1,\"size_x\":3,\"size_y\":5,\"type\":\"visualization\"},{\"col\":8,\"id\":\"Software-Top-Types\",\"panelIndex\":2,\"row\":1,\"size_x\":5,\"size_y\":5,\"type\":\"visualization\"},{\"id\":\"Software-Search\",\"type\":\"search\",\"panelIndex\":4,\"size_x\":12,\"size_y\":9,\"col\":1,\"row\":6,\"columns\":[\"host\",\"name\",\"unparsed_version\",\"software_type\"],\"sort\":[\"@timestamp\",\"desc\"]}]", "optionsJSON": "{\"darkTheme\":false}", "uiStateJSON": "{\"P-1\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}}", "version": 1, "timeRestore": true, "timeTo": "now", "timeFrom": "now-24h", "refreshInterval": { "display": "Off", "pause": false, "value": 0 }, "kibanaSavedObjectMeta": { "searchSourceJSON": "{\"filter\":[{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}}}]}" } } }, { "_id": "FILES", "_type": "dashboard", "_source": { "title": "FILES", "hits": 0, "description": "", "panelsJSON": "[{\"col\":1,\"id\":\"Files-Top-Mime-Types\",\"panelIndex\":1,\"row\":3,\"size_x\":6,\"size_y\":4,\"type\":\"visualization\"},{\"col\":7,\"id\":\"Files-Analyzers\",\"panelIndex\":3,\"row\":3,\"size_x\":6,\"size_y\":4,\"type\":\"visualization\"},{\"col\":1,\"columns\":[\"rx_hosts\",\"tx_hosts\",\"mime_type\",\"seen_bytes\"],\"id\":\"Files\",\"panelIndex\":2,\"row\":7,\"size_x\":12,\"size_y\":6,\"sort\":[\"@timestamp\",\"desc\"],\"type\":\"search\"},{\"id\":\"Files-Events\",\"type\":\"visualization\",\"panelIndex\":4,\"size_x\":9,\"size_y\":2,\"col\":1,\"row\":1},{\"id\":\"File-Total-Events\",\"type\":\"visualization\",\"panelIndex\":5,\"size_x\":3,\"size_y\":2,\"col\":10,\"row\":1}]", "optionsJSON": "{\"darkTheme\":false}", "uiStateJSON": "{}", "version": 1, "timeRestore": true, "timeTo": "now", "timeFrom": "now-24h", "refreshInterval": { "display": "Off", "pause": false, "value": 0 }, "kibanaSavedObjectMeta": { "searchSourceJSON": "{\"filter\":[{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}}}]}" } } }, { "_id": "DNS", "_type": "dashboard", "_source": { "title": "DNS", "hits": 0, "description": "", "panelsJSON": "[{\"col\":1,\"id\":\"DNS-Top-Queries\",\"panelIndex\":2,\"row\":4,\"size_x\":4,\"size_y\":4,\"type\":\"visualization\"},{\"col\":5,\"id\":\"DNS-Top-Query-Types\",\"panelIndex\":4,\"row\":4,\"size_x\":4,\"size_y\":4,\"type\":\"visualization\"},{\"col\":9,\"id\":\"DNS-Top-Answers\",\"panelIndex\":3,\"row\":4,\"size_x\":4,\"size_y\":4,\"type\":\"visualization\"},{\"col\":1,\"columns\":[\"srcip\",\"dstip\",\"query\",\"answers\",\"qtype_name\",\"rcode_name\",\"rtt\",\"geoip.region_name\",\"qclass_name\"],\"id\":\"DNS-Connections\",\"panelIndex\":1,\"row\":8,\"size_x\":12,\"size_y\":10,\"sort\":[\"@timestamp\",\"desc\"],\"type\":\"search\"},{\"id\":\"DNS-Events\",\"type\":\"visualization\",\"panelIndex\":5,\"size_x\":8,\"size_y\":3,\"col\":1,\"row\":1},{\"id\":\"DNS-Total-Events\",\"type\":\"visualization\",\"panelIndex\":6,\"size_x\":4,\"size_y\":3,\"col\":9,\"row\":1}]", "optionsJSON": "{\"darkTheme\":false}", "uiStateJSON": "{\"P-5\":{\"vis\":{\"legendOpen\":false}}}", "version": 1, "timeRestore": true, "timeTo": "now", "timeFrom": "now-24h", "refreshInterval": { "display": "Off", "pause": false, "value": 0 }, "kibanaSavedObjectMeta": { "searchSourceJSON": "{\"filter\":[{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}}}]}" } } }, { "_id": "STATS", "_type": "dashboard", "_source": { "title": "STATS", "hits": 0, "description": "", "panelsJSON": "[{\"col\":1,\"id\":\"Stats-Totals\",\"panelIndex\":6,\"row\":1,\"size_x\":12,\"size_y\":2,\"type\":\"visualization\"},{\"col\":1,\"id\":\"Stats-Bytes-Received\",\"panelIndex\":8,\"row\":3,\"size_x\":9,\"size_y\":2,\"type\":\"visualization\"},{\"col\":1,\"id\":\"Stats-Pkts-Processed-Per-Worker\",\"panelIndex\":7,\"row\":5,\"size_x\":6,\"size_y\":4,\"type\":\"visualization\"},{\"col\":7,\"id\":\"Stats-Mem-Usage\",\"panelIndex\":2,\"row\":5,\"size_x\":6,\"size_y\":4,\"type\":\"visualization\"},{\"col\":1,\"id\":\"Stats-Packet-Lag\",\"panelIndex\":1,\"row\":9,\"size_x\":6,\"size_y\":2,\"type\":\"visualization\"},{\"col\":7,\"id\":\"Stats-Events-Processed\",\"panelIndex\":3,\"row\":9,\"size_x\":6,\"size_y\":2,\"type\":\"visualization\"},{\"col\":10,\"id\":\"Stats-Total-Bytes\",\"panelIndex\":9,\"row\":3,\"size_x\":3,\"size_y\":2,\"type\":\"visualization\"}]", "optionsJSON": "{\"darkTheme\":false}", "uiStateJSON": "{\"P-1\":{\"vis\":{\"legendOpen\":false}},\"P-2\":{\"vis\":{\"legendOpen\":false}},\"P-3\":{\"vis\":{\"legendOpen\":false}},\"P-7\":{\"vis\":{\"legendOpen\":false}},\"P-6\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}},\"P-9\":{\"vis\":{\"defaultColors\":{\"0 - 100\":\"rgb(0,104,55)\"}}}}", "version": 1, "timeRestore": true, "timeTo": "now", "timeFrom": "now-24h", "refreshInterval": { "display": "Off", "pause": false, "value": 0 }, "kibanaSavedObjectMeta": { "searchSourceJSON": "{\"filter\":[{\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"*\"}}}],\"highlightAll\":true,\"version\":true}" } } }, { "_id": "DNS-Connections", "_type": "search", "_source": { "title": "DNS Connections", "description": "", "hits": 0, "columns": [ "srcip", "dstip", "query", "answers", "qtype_name", "rcode_name", "rtt", "geoip.region_name", "qclass_name" ], "sort": [ "@timestamp", "desc" ], "version": 1, "kibanaSavedObjectMeta": { "searchSourceJSON": "{\"index\":\"odin-*\",\"filter\":[],\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}},\"require_field_match\":false,\"fragment_size\":2147483647},\"query\":{\"query_string\":{\"query\":\"kafka.topic:\\\"dns\\\"\",\"analyze_wildcard\":true}}}" } } }, { "_id": "Bro-Stats", "_type": "search", "_source": { "title": "Bro Stats", "description": "", "hits": 0, "columns": [ "mem", "peer", "pkt_lag", "tcp_conns", "dns_requests", "events_queued", "events_proc", "udp_conns" ], "sort": [ "@timestamp", "desc" ], "version": 1, "kibanaSavedObjectMeta": { "searchSourceJSON": "{\"index\":\"odin-*\",\"filter\":[],\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}},\"require_field_match\":false,\"fragment_size\":2147483647},\"query\":{\"query_string\":{\"query\":\"kafka.topic:\\\"stats\\\"\",\"analyze_wildcard\":true}}}" } } }, { "_id": "Notice", "_type": "search", "_source": { "title": "Notice", "description": "", "hits": 0, "columns": [ "srcip", "dstip", "p", "note", "geoip.postal_code", "geoip.region_name", "geoip.country_code2" ], "sort": [ "@timestamp", "desc" ], "version": 1, "kibanaSavedObjectMeta": { "searchSourceJSON": "{\"index\":\"odin-*\",\"filter\":[],\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}},\"require_field_match\":false,\"fragment_size\":2147483647},\"query\":{\"query_string\":{\"query\":\"kafka.topic:\\\"notice\\\"\",\"analyze_wildcard\":true}}}" } } }, { "_id": "Files", "_type": "search", "_source": { "title": "Files", "description": "", "hits": 0, "columns": [ "rx_hosts", "tx_hosts", "mime_type", "seen_bytes", "analyzers", "md5", "timedout" ], "sort": [ "@timestamp", "desc" ], "version": 1, "kibanaSavedObjectMeta": { "searchSourceJSON": "{\"index\":\"odin-*\",\"filter\":[],\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}},\"require_field_match\":false,\"fragment_size\":2147483647},\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"kafka.topic:\\\"files\\\"\"}}}" } } }, { "_id": "Software-Search", "_type": "search", "_source": { "title": "Software Search", "description": "", "hits": 0, "columns": [ "host", "name", "unparsed_version", "software_type" ], "sort": [ "@timestamp", "desc" ], "version": 1, "kibanaSavedObjectMeta": { "searchSourceJSON": "{\"index\":\"odin-*\",\"filter\":[],\"highlight\":{\"pre_tags\":[\"@kibana-highlighted-field@\"],\"post_tags\":[\"@/kibana-highlighted-field@\"],\"fields\":{\"*\":{}},\"require_field_match\":false,\"fragment_size\":2147483647},\"query\":{\"query_string\":{\"query\":\"kafka.topic:\\\"software\\\"\",\"analyze_wildcard\":true}}}" } } }, { "_id": "Stats-Packet-Lag", "_type": "visualization", "_source": { "title": "Stats - Packet Lag", "visState": "{\"title\":\"Stats - Packet Lag\",\"type\":\"line\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":false,\"defaultYExtents\":false,\"drawLinesBetweenPoints\":true,\"interpolate\":\"linear\",\"legendPosition\":\"top\",\"radiusRatio\":9,\"scale\":\"linear\",\"setYExtents\":false,\"shareYAxis\":true,\"showCircles\":true,\"smoothLines\":true,\"times\":[],\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"pkt_lag\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"h\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}", "uiStateJSON": "{\"vis\":{\"legendOpen\":true}}", "description": "", "version": 1, "kibanaSavedObjectMeta": { "searchSourceJSON": "{\"index\":\"odin-*\",\"query\":{\"query_string\":{\"query\":\"kafka.topic:\\\"stats\\\" AND peer:\\\"odin-*\\\"\",\"analyze_wildcard\":true}},\"filter\":[]}" } } }, { "_id": "Stats-Mem-Usage", "_type": "visualization", "_source": { "title": "Stats - Mem Usage", "visState": "{\"title\":\"Stats - Mem Usage\",\"type\":\"area\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"top\",\"smoothLines\":true,\"scale\":\"linear\",\"interpolate\":\"linear\",\"mode\":\"stacked\",\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{\"max\":0.2}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"mem\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"h\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"split\",\"params\":{\"field\":\"peer.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"row\":true}}],\"listeners\":{}}", "uiStateJSON": "{}", "description": "", "version": 1, "kibanaSavedObjectMeta": { "searchSourceJSON": "{\"index\":\"odin-*\",\"query\":{\"query_string\":{\"query\":\"kafka.topic:\\\"stats\\\"\",\"analyze_wildcard\":true}},\"filter\":[]}" } } }, { "_id": "Stats-Events-Processed", "_type": "visualization", "_source": { "title": "Stats - Events Processed", "visState": "{\"title\":\"Stats - Events Processed\",\"type\":\"area\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"defaultYExtents\":false,\"interpolate\":\"linear\",\"legendPosition\":\"right\",\"mode\":\"silhouette\",\"scale\":\"linear\",\"setYExtents\":false,\"shareYAxis\":true,\"smoothLines\":false,\"times\":[],\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"events_proc\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"4\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"events_queued\"}}],\"listeners\":{}}", "uiStateJSON": "{}", "description": "", "version": 1, "kibanaSavedObjectMeta": { "searchSourceJSON": "{\"index\":\"odin-*\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"kafka.topic:\\\"stats\\\"\"}},\"filter\":[]}" } } }, { "_id": "Conns-Top-Dest-Ports", "_type": "visualization", "_source": { "title": "Conns - Top Dest Ports", "visState": "{\"title\":\"Conns - Top Dest Ports\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"id.resp_p\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Top Dest Ports\"}}],\"listeners\":{}}", "uiStateJSON": "{}", "description": "", "version": 1, "kibanaSavedObjectMeta": { "searchSourceJSON": "{\"index\":\"odin-*\",\"query\":{\"query_string\":{\"query\":\"kafka.topic:\\\"conn\\\"\",\"analyze_wildcard\":true}},\"filter\":[]}" } } }, { "_id": "Stats-Packets-Dropped", "_type": "visualization", "_source": { "title": "Stats - Packets Dropped", "visState": "{\"title\":\"Stats - Packets Dropped\",\"type\":\"line\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"top\",\"showCircles\":true,\"smoothLines\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"pkts_dropped\",\"customLabel\":\"Packets Dropped\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}}],\"listeners\":{}}", "uiStateJSON": "{}", "description": "", "version": 1, "kibanaSavedObjectMeta": { "searchSourceJSON": "{\"index\":\"odin-*\",\"query\":{\"query_string\":{\"query\":\"kafka.topic:\\\"stats\\\" AND peer:\\\"odin-*\\\"\",\"analyze_wildcard\":true}},\"filter\":[]}" } } }, { "_id": "DNS-Events", "_type": "visualization", "_source": { "title": "DNS - Events", "visState": "{\"title\":\"DNS - Events\",\"type\":\"line\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"smoothLines\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\"Time\"}}],\"listeners\":{}}", "uiStateJSON": "{}", "description": "", "version": 1, "kibanaSavedObjectMeta": { "searchSourceJSON": "{\"index\":\"odin-*\",\"query\":{\"query_string\":{\"query\":\"kafka.topic:\\\"dns\\\"\",\"analyze_wildcard\":true}},\"filter\":[]}" } } }, { "_id": "DNS-Top-Query-Types", "_type": "visualization", "_source": { "title": "DNS - Top Query Types", "visState": "{\"title\":\"DNS - Top Query Types\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"qtype_name.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}", "uiStateJSON": "{}", "description": "", "version": 1, "kibanaSavedObjectMeta": { "searchSourceJSON": "{\"index\":\"odin-*\",\"query\":{\"query_string\":{\"query\":\"kafka.topic:\\\"dns\\\"\",\"analyze_wildcard\":true}},\"filter\":[]}" } } }, { "_id": "DNS-Top-Queries", "_type": "visualization", "_source": { "title": "DNS - Top Queries", "visState": "{\"title\":\"DNS - Top Queries\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"query.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}", "uiStateJSON": "{}", "description": "", "version": 1, "kibanaSavedObjectMeta": { "searchSourceJSON": "{\"index\":\"odin-*\",\"query\":{\"query_string\":{\"query\":\"kafka.topic:\\\"dns\\\"\",\"analyze_wildcard\":true}},\"filter\":[]}" } } }, { "_id": "Files-Analyzers", "_type": "visualization", "_source": { "title": "Files - Analyzers", "visState": "{\"title\":\"Files - Analyzers\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"analyzers.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Analyzers Used\"}}],\"listeners\":{}}", "uiStateJSON": "{}", "description": "", "version": 1, "kibanaSavedObjectMeta": { "searchSourceJSON": "{\"index\":\"odin-*\",\"query\":{\"query_string\":{\"query\":\"kafka.topic:\\\"files\\\"\",\"analyze_wildcard\":true}},\"filter\":[]}" } } }, { "_id": "Files-Events", "_type": "visualization", "_source": { "title": "Files - Events", "visState": "{\"title\":\"Files - Events\",\"type\":\"line\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"smoothLines\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"File Events\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\"Time\"}}],\"listeners\":{}}", "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}", "description": "", "version": 1, "kibanaSavedObjectMeta": { "searchSourceJSON": "{\"index\":\"odin-*\",\"query\":{\"query_string\":{\"query\":\"kafka.topic:\\\"files\\\"\",\"analyze_wildcard\":true}},\"filter\":[]}" } } }, { "_id": "Notice-Events", "_type": "visualization", "_source": { "title": "Notice - Events", "visState": "{\"title\":\"Notice - Events\",\"type\":\"line\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"showCircles\":true,\"smoothLines\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Events\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\"Time\"}}],\"listeners\":{}}", "uiStateJSON": "{}", "description": "", "version": 1, "kibanaSavedObjectMeta": { "searchSourceJSON": "{\"index\":\"odin-*\",\"query\":{\"query_string\":{\"query\":\"kafka.topic:\\\"notice\\\"\",\"analyze_wildcard\":true}},\"filter\":[]}" } } }, { "_id": "File-Total-Events", "_type": "visualization", "_source": { "title": "File - Total Events", "visState": "{\"title\":\"File - Total Events\",\"type\":\"metric\",\"params\":{\"handleNoResults\":true,\"fontSize\":60},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"File Events\"}}],\"listeners\":{}}", "uiStateJSON": "{}", "description": "", "version": 1, "kibanaSavedObjectMeta": { "searchSourceJSON": "{\"index\":\"odin-*\",\"query\":{\"query_string\":{\"query\":\"kafka.topic:\\\"files\\\"\",\"analyze_wildcard\":true}},\"filter\":[]}" } } }, { "_id": "Stats-Bytes-Received", "_type": "visualization", "_source": { "title": "Stats - Bytes Received", "visState": "{\"title\":\"Stats - Bytes Received\",\"type\":\"line\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"top\",\"showCircles\":true,\"smoothLines\":true,\"interpolate\":\"linear\",\"scale\":\"linear\",\"drawLinesBetweenPoints\":true,\"radiusRatio\":9,\"times\":[],\"addTimeMarker\":false,\"defaultYExtents\":false,\"setYExtents\":false,\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"bytes_recv\",\"customLabel\":\"Bytes Received\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\"Time\"}}],\"listeners\":{}}", "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}", "description": "", "version": 1, "kibanaSavedObjectMeta": { "searchSourceJSON": "{\"index\":\"odin-*\",\"query\":{\"query_string\":{\"query\":\"*\",\"analyze_wildcard\":true}},\"filter\":[]}" } } }, { "_id": "Stats-Totals", "_type": "visualization", "_source": { "title": "Stats - Totals", "visState": "{\"title\":\"Stats - Totals\",\"type\":\"metric\",\"params\":{\"handleNoResults\":true,\"fontSize\":\"32\"},\"aggs\":[{\"id\":\"4\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"tcp_conns\",\"customLabel\":\"TCP\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"udp_conns\",\"customLabel\":\"UDP\"}},{\"id\":\"6\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"icmp_conns\",\"customLabel\":\"ICMP\"}}],\"listeners\":{}}", "uiStateJSON": "{}", "description": "", "version": 1, "kibanaSavedObjectMeta": { "searchSourceJSON": "{\"index\":\"odin-*\",\"query\":{\"query_string\":{\"query\":\"kafka.topic:\\\"stats\\\" AND peer:\\\"odin-*\\\"\",\"analyze_wildcard\":true}},\"filter\":[]}" } } }, { "_id": "Stats-Total-Bytes", "_type": "visualization", "_source": { "title": "Stats - Total Bytes", "visState": "{\"title\":\"Stats - Total Bytes\",\"type\":\"metric\",\"params\":{\"handleNoResults\":true,\"fontSize\":\"32\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"bytes_recv\",\"customLabel\":\"Total Bytes\"}}],\"listeners\":{}}", "uiStateJSON": "{}", "description": "", "version": 1, "kibanaSavedObjectMeta": { "searchSourceJSON": "{\"index\":\"odin-*\",\"query\":{\"query_string\":{\"query\":\"kafka.topic:\\\"stats\\\"\",\"analyze_wildcard\":true}},\"filter\":[]}" } } }, { "_id": "DNS-Top-Answers", "_type": "visualization", "_source": { "title": "DNS - Top Answers", "visState": "{\"title\":\"DNS - Top Answers\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":false,\"legendPosition\":\"right\",\"shareYAxis\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"answers.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}", "uiStateJSON": "{}", "description": "", "version": 1, "kibanaSavedObjectMeta": { "searchSourceJSON": "{\"index\":\"odin-*\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"kafka.topic:\\\"dns\\\"\"}},\"filter\":[]}" } } }, { "_id": "DNS-Total-Events", "_type": "visualization", "_source": { "title": "DNS - Total Events", "visState": "{\"title\":\"DNS - Total Events\",\"type\":\"metric\",\"params\":{\"handleNoResults\":true,\"fontSize\":\"72\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Total Events\"}}],\"listeners\":{}}", "uiStateJSON": "{}", "description": "", "version": 1, "kibanaSavedObjectMeta": { "searchSourceJSON": "{\"index\":\"odin-*\",\"query\":{\"query_string\":{\"query\":\"kafka.topic:\\\"dns\\\"\",\"analyze_wildcard\":true}},\"filter\":[]}" } } }, { "_id": "Files-Top-Mime-Types", "_type": "visualization", "_source": { "title": "Files - Top Mime Types", "visState": "{\"title\":\"Files - Top Mime Types\",\"type\":\"pie\",\"params\":{\"shareYAxis\":true,\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"mime_type.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}", "uiStateJSON": "{}", "description": "", "version": 1, "kibanaSavedObjectMeta": { "searchSourceJSON": "{\"index\":\"odin-*\",\"query\":{\"query_string\":{\"query\":\"kafka.topic:\\\"files\\\"\",\"analyze_wildcard\":true}},\"filter\":[]}" } } }, { "_id": "Software-Software-List", "_type": "visualization", "_source": { "title": "Software - Software List", "visState": "{\"title\":\"Software - Software List\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"name.keyword\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Frequent Software\"}}],\"listeners\":{}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, "kibanaSavedObjectMeta": { "searchSourceJSON": "{\"index\":\"odin-*\",\"query\":{\"query_string\":{\"query\":\"kafka.topic:\\\"software\\\"\",\"analyze_wildcard\":true}},\"filter\":[]}" } } }, { "_id": "Software-Top-Types", "_type": "visualization", "_source": { "title": "Software - Top Types", "visState": "{\"title\":\"Software - Top Types\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"legendPosition\":\"right\",\"shareYAxis\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"software_type.keyword\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}],\"listeners\":{}}", "uiStateJSON": "{}", "description": "", "version": 1, "kibanaSavedObjectMeta": { "searchSourceJSON": "{\"index\":\"odin-*\",\"query\":{\"query_string\":{\"analyze_wildcard\":true,\"query\":\"kafka.topic:\\\"software\\\"\"}},\"filter\":[]}" } } }, { "_id": "Software-Unique", "_type": "visualization", "_source": { "title": "Software - Unique", "visState": "{\"title\":\"Software - Unique\",\"type\":\"metric\",\"params\":{\"handleNoResults\":true,\"fontSize\":60},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"schema\":\"metric\",\"params\":{\"field\":\"name.keyword\",\"customLabel\":\"Unique Softwares\"}}],\"listeners\":{}}", "uiStateJSON": "{}", "description": "", "version": 1, "kibanaSavedObjectMeta": { "searchSourceJSON": "{\"index\":\"odin-*\",\"query\":{\"query_string\":{\"query\":\"kafka.topic:\\\"software\\\"\",\"analyze_wildcard\":true}},\"filter\":[]}" } } }, { "_id": "Notice-Types", "_type": "visualization", "_source": { "title": "Notice - Types", "visState": "{\"title\":\"Notice - Types\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"note.keyword\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Top Notice Types\"}}],\"listeners\":{}}", "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", "description": "", "version": 1, "kibanaSavedObjectMeta": { "searchSourceJSON": "{\"index\":\"odin-*\",\"query\":{\"query_string\":{\"query\":\"kafka.topic:\\\"notice\\\"\",\"analyze_wildcard\":true}},\"filter\":[]}" } } }, { "_id": "Stats-Pkts-Processed-Per-Worker", "_type": "visualization", "_source": { "title": "Stats - Pkts Processed Per Worker", "visState": "{\"title\":\"Stats - Pkts Processed Per Worker\",\"type\":\"area\",\"params\":{\"addLegend\":true,\"addTimeMarker\":false,\"addTooltip\":true,\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"labels\":{\"show\":true,\"truncate\":100},\"position\":\"bottom\",\"scale\":{\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{},\"type\":\"category\"}],\"defaultYExtents\":false,\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"interpolate\":\"linear\",\"legendPosition\":\"right\",\"mode\":\"stacked\",\"scale\":\"linear\",\"seriesParams\":[{\"data\":{\"id\":\"1\",\"label\":\"Count\"},\"drawLinesBetweenPoints\":true,\"interpolate\":\"linear\",\"mode\":\"stacked\",\"show\":\"true\",\"showCircles\":true,\"type\":\"area\",\"valueAxis\":\"ValueAxis-1\"}],\"setYExtents\":false,\"shareYAxis\":true,\"smoothLines\":true,\"times\":[],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"labels\":{\"filter\":false,\"rotate\":0,\"show\":true,\"truncate\":100},\"name\":\"LeftAxis-1\",\"position\":\"left\",\"scale\":{\"mode\":\"normal\",\"type\":\"linear\"},\"show\":true,\"style\":{},\"title\":{\"text\":\"Count\"},\"type\":\"value\"}],\"yAxis\":{}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"max\",\"schema\":\"metric\",\"params\":{\"field\":\"pkts_proc\",\"customLabel\":\"Processed Packets\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"h\",\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{},\"customLabel\":\"Time\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"split\",\"params\":{\"field\":\"peer.keyword\",\"size\":12,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Peer\",\"row\":true}}],\"listeners\":{}}", "uiStateJSON": "{\"vis\":{\"legendOpen\":false}}", "description": "", "version": 1, "kibanaSavedObjectMeta": { "searchSourceJSON": "{\"index\":\"odin-*\",\"query\":{\"query_string\":{\"query\":\"kafka.topic:\\\"stats\\\" AND peer:\\\"odin-*\\\"\",\"analyze_wildcard\":true}},\"filter\":[]}" } } } ]