Startseite Erkunden Hilfe
Anmelden
tum
/
soc
Beobachten 1
Favorit hinzufügen 0
Fork 0
Code Issues 0 Pull-Requests 0 Commits 20 Releases 0 Wiki

Keine Beschreibung

Struktur: 8800d39110
Branches Tags
soc
/
scripts
/
events
/
wazuh-propos...

wazuh-proposal-appendix-ab-dashboard.ndjson 12KB
Verlauf Originalformat

12345678 
  1. {"type":"index-pattern","id":"wazuh-proposal-appendix-ab-index-pattern","attributes":{"title":"wazuh-alerts-*","timeFieldName":"@timestamp"}}
    2. 

  2. {"type":"visualization","id":"proposal-ab-events-over-time","attributes":{"title":"Proposal Appendix A+B - Events Over Time","visState":"{\"title\":\"Proposal Appendix A+B - Events Over Time\",\"type\":\"histogram\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"legendPosition\":\"right\",\"scale\":\"linear\",\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"drop_partials\":false,\"extended_bounds\":{}}}]}","uiStateJSON":"{}","description":"Combined Appendix A and B simulated events","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"full_log:*usecase_id*\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}},"references":[{"name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern","id":"wazuh-proposal-appendix-ab-index-pattern"}]}
    3. 

  3. {"type":"visualization","id":"proposal-ab-a-vs-b-split","attributes":{"title":"Proposal Appendix A vs B","visState":"{\"title\":\"Proposal Appendix A vs B\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"filters\",\"schema\":\"segment\",\"params\":{\"filters\":[{\"input\":{\"query\":\"full_log:*fortigate* OR full_log:*dns-fw-01* OR full_log:*win-dc01*\",\"language\":\"kuery\"},\"label\":\"Appendix A\"},{\"input\":{\"query\":\"full_log:*vmware* OR full_log:*windows_sysmon* OR full_log:*log_monitor*\",\"language\":\"kuery\"},\"label\":\"Appendix B\"}]}}]}","uiStateJSON":"{}","description":"Split by Appendix A and B markers","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"full_log:*usecase_id*\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}},"references":[{"name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern","id":"wazuh-proposal-appendix-ab-index-pattern"}]}
    4. 

  4. {"type":"visualization","id":"proposal-ab-top-rules","attributes":{"title":"Proposal Appendix A+B - Top Rules","visState":"{\"title\":\"Proposal Appendix A+B - Top Rules\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.description\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}]}","uiStateJSON":"{}","description":"Top matched Wazuh rules for Appendix A+B simulations","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"full_log:*usecase_id*\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}},"references":[{"name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern","id":"wazuh-proposal-appendix-ab-index-pattern"}]}
    5. 

  5. {"type":"visualization","id":"proposal-ab-severity","attributes":{"title":"Proposal Appendix A+B - Severity","visState":"{\"title\":\"Proposal Appendix A+B - Severity\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"rule.level\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}]}","uiStateJSON":"{}","description":"Severity distribution for Appendix A+B simulations","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"full_log:*usecase_id*\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}},"references":[{"name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern","id":"wazuh-proposal-appendix-ab-index-pattern"}]}
    6. 

  6. {"type":"visualization","id":"proposal-ab-usecase-items","attributes":{"title":"Proposal Appendix A+B - Use Case Items","visState":"{\"title\":\"Proposal Appendix A+B - Use Case Items\",\"type\":\"table\",\"params\":{\"perPage\":100,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"filters\",\"schema\":\"bucket\",\"params\":{\"filters\":[{\"input\":{\"query\":\"full_log:*usecase_id=A1-01*\",\"language\":\"kuery\"},\"label\":\"A1-01\"},{\"input\":{\"query\":\"full_log:*usecase_id=A1-02*\",\"language\":\"kuery\"},\"label\":\"A1-02\"},{\"input\":{\"query\":\"full_log:*usecase_id=A2-01*\",\"language\":\"kuery\"},\"label\":\"A2-01\"},{\"input\":{\"query\":\"full_log:*usecase_id=A2-02*\",\"language\":\"kuery\"},\"label\":\"A2-02\"},{\"input\":{\"query\":\"full_log:*usecase_id=A2-03*\",\"language\":\"kuery\"},\"label\":\"A2-03\"},{\"input\":{\"query\":\"full_log:*usecase_id=A2-04*\",\"language\":\"kuery\"},\"label\":\"A2-04\"},{\"input\":{\"query\":\"full_log:*usecase_id=A2-05*\",\"language\":\"kuery\"},\"label\":\"A2-05\"},{\"input\":{\"query\":\"full_log:*usecase_id=A2-06*\",\"language\":\"kuery\"},\"label\":\"A2-06\"},{\"input\":{\"query\":\"full_log:*usecase_id=A2-07*\",\"language\":\"kuery\"},\"label\":\"A2-07\"},{\"input\":{\"query\":\"full_log:*usecase_id=A2-08*\",\"language\":\"kuery\"},\"label\":\"A2-08\"},{\"input\":{\"query\":\"full_log:*usecase_id=A2-09*\",\"language\":\"kuery\"},\"label\":\"A2-09\"},{\"input\":{\"query\":\"full_log:*usecase_id=A2-10*\",\"language\":\"kuery\"},\"label\":\"A2-10\"},{\"input\":{\"query\":\"full_log:*usecase_id=A3-01*\",\"language\":\"kuery\"},\"label\":\"A3-01\"},{\"input\":{\"query\":\"full_log:*usecase_id=A3-02*\",\"language\":\"kuery\"},\"label\":\"A3-02\"},{\"input\":{\"query\":\"full_log:*usecase_id=A3-03*\",\"language\":\"kuery\"},\"label\":\"A3-03\"},{\"input\":{\"query\":\"full_log:*usecase_id=A3-04*\",\"language\":\"kuery\"},\"label\":\"A3-04\"},{\"input\":{\"query\":\"full_log:*usecase_id=A3-05*\",\"language\":\"kuery\"},\"label\":\"A3-05\"},{\"input\":{\"query\":\"full_log:*usecase_id=A4-01*\",\"language\":\"kuery\"},\"label\":\"A4-01\"},{\"input\":{\"query\":\"full_log:*usecase_id=A4-02*\",\"language\":\"kuery\"},\"label\":\"A4-02\"},{\"input\":{\"query\":\"full_log:*usecase_id=A4-03*\",\"language\":\"kuery\"},\"label\":\"A4-03\"},{\"input\":{\"query\":\"full_log:*usecase_id=A4-04*\",\"language\":\"kuery\"},\"label\":\"A4-04\"},{\"input\":{\"query\":\"full_log:*usecase_id=A4-05*\",\"language\":\"kuery\"},\"label\":\"A4-05\"},{\"input\":{\"query\":\"full_log:*usecase_id=A4-06*\",\"language\":\"kuery\"},\"label\":\"A4-06\"},{\"input\":{\"query\":\"full_log:*usecase_id=A4-07*\",\"language\":\"kuery\"},\"label\":\"A4-07\"},{\"input\":{\"query\":\"full_log:*usecase_id=A4-08*\",\"language\":\"kuery\"},\"label\":\"A4-08\"},{\"input\":{\"query\":\"full_log:*usecase_id=A4-09*\",\"language\":\"kuery\"},\"label\":\"A4-09\"},{\"input\":{\"query\":\"full_log:*usecase_id=A4-10*\",\"language\":\"kuery\"},\"label\":\"A4-10\"},{\"input\":{\"query\":\"full_log:*usecase_id=A4-11*\",\"language\":\"kuery\"},\"label\":\"A4-11\"},{\"input\":{\"query\":\"full_log:*usecase_id=A4-12*\",\"language\":\"kuery\"},\"label\":\"A4-12\"},{\"input\":{\"query\":\"full_log:*usecase_id=A4-13*\",\"language\":\"kuery\"},\"label\":\"A4-13\"},{\"input\":{\"query\":\"full_log:*usecase_id=A4-14*\",\"language\":\"kuery\"},\"label\":\"A4-14\"},{\"input\":{\"query\":\"full_log:*usecase_id=A4-15*\",\"language\":\"kuery\"},\"label\":\"A4-15\"},{\"input\":{\"query\":\"full_log:*usecase_id=A4-16*\",\"language\":\"kuery\"},\"label\":\"A4-16\"},{\"input\":{\"query\":\"full_log:*usecase_id=A4-17*\",\"language\":\"kuery\"},\"label\":\"A4-17\"},{\"input\":{\"query\":\"full_log:*usecase_id=A4-18*\",\"language\":\"kuery\"},\"label\":\"A4-18\"},{\"input\":{\"query\":\"full_log:*usecase_id=A4-19*\",\"language\":\"kuery\"},\"label\":\"A4-19\"},{\"input\":{\"query\":\"full_log:*usecase_id=A4-20*\",\"language\":\"kuery\"},\"label\":\"A4-20\"},{\"input\":{\"query\":\"full_log:*usecase_id=A4-21*\",\"language\":\"kuery\"},\"label\":\"A4-21\"},{\"input\":{\"query\":\"full_log:*usecase_id=A4-22*\",\"language\":\"kuery\"},\"label\":\"A4-22\"},{\"input\":{\"query\":\"full_log:*usecase_id=A4-23*\",\"language\":\"kuery\"},\"label\":\"A4-23\"},{\"input\":{\"query\":\"full_log:*usecase_id=A4-24*\",\"language\":\"kuery\"},\"label\":\"A4-24\"},{\"input\":{\"query\":\"full_log:*usecase_id=B1-01*\",\"language\":\"kuery\"},\"label\":\"B1-01\"},{\"input\":{\"query\":\"full_log:*usecase_id=B1-02*\",\"language\":\"kuery\"},\"label\":\"B1-02\"},{\"input\":{\"query\":\"full_log:*usecase_id=B1-03*\",\"language\":\"kuery\"},\"label\":\"B1-03\"},{\"input\":{\"query\":\"full_log:*usecase_id=B2-01*\",\"language\":\"kuery\"},\"label\":\"B2-01\"},{\"input\":{\"query\":\"full_log:*usecase_id=B3-01*\",\"language\":\"kuery\"},\"label\":\"B3-01\"},{\"input\":{\"query\":\"full_log:*usecase_id=B3-02*\",\"language\":\"kuery\"},\"label\":\"B3-02\"},{\"input\":{\"query\":\"full_log:*usecase_id=B3-03*\",\"language\":\"kuery\"},\"label\":\"B3-03\"},{\"input\":{\"query\":\"full_log:*usecase_id=B3-04*\",\"language\":\"kuery\"},\"label\":\"B3-04\"},{\"input\":{\"query\":\"full_log:*usecase_id=B3-05*\",\"language\":\"kuery\"},\"label\":\"B3-05\"},{\"input\":{\"query\":\"full_log:*usecase_id=B3-06*\",\"language\":\"kuery\"},\"label\":\"B3-06\"}]}}]}","uiStateJSON":"{}","description":"Table for each Appendix A+B use-case item. Click + on a row to filter logs.","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"full_log:*usecase_id*\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}},"references":[{"name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern","id":"wazuh-proposal-appendix-ab-index-pattern"}]}
    7. 

  7. {"type":"dashboard","id":"proposal-appendix-ab-overview","attributes":{"title":"SOC Proposal Appendix A+B Overview","hits":0,"description":"Combined dashboard for Appendix A and B simulation logs","panelsJSON":"[{\"type\":\"visualization\",\"panelIndex\":\"1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":48,\"h\":12,\"i\":\"1\"},\"version\":\"7.10.0\",\"panelRefName\":\"panel_1\"},{\"type\":\"visualization\",\"panelIndex\":\"2\",\"gridData\":{\"x\":0,\"y\":12,\"w\":16,\"h\":12,\"i\":\"2\"},\"version\":\"7.10.0\",\"panelRefName\":\"panel_2\"},{\"type\":\"visualization\",\"panelIndex\":\"3\",\"gridData\":{\"x\":16,\"y\":12,\"w\":20,\"h\":12,\"i\":\"3\"},\"version\":\"7.10.0\",\"panelRefName\":\"panel_3\"},{\"type\":\"visualization\",\"panelIndex\":\"4\",\"gridData\":{\"x\":36,\"y\":12,\"w\":12,\"h\":12,\"i\":\"4\"},\"version\":\"7.10.0\",\"panelRefName\":\"panel_4\"},{\"type\":\"visualization\",\"panelIndex\":\"5\",\"gridData\":{\"x\":0,\"y\":24,\"w\":48,\"h\":18,\"i\":\"5\"},\"version\":\"7.10.0\",\"panelRefName\":\"panel_5\"}]","optionsJSON":"{\"useMargins\":true,\"hidePanelTitles\":false}","version":1,"timeRestore":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"}},"references":[{"name":"panel_1","type":"visualization","id":"proposal-ab-events-over-time"},{"name":"panel_2","type":"visualization","id":"proposal-ab-a-vs-b-split"},{"name":"panel_3","type":"visualization","id":"proposal-ab-top-rules"},{"name":"panel_4","type":"visualization","id":"proposal-ab-severity"},{"name":"panel_5","type":"visualization","id":"proposal-ab-usecase-items"}]}
    8. 

  8.