tum
/
soc


			
				
					
						
						
							1234567
							{"type":"index-pattern","id":"wazuh-proposal-custom-rules-index-pattern","attributes":{"title":"wazuh-alerts-*","timeFieldName":"@timestamp"}}
{"type":"visualization","id":"proposal-custom-rules-events-over-time","attributes":{"title":"Proposal Custom Rules - Events Over Time","visState":"{\"title\":\"Proposal Custom Rules - Events Over Time\",\"type\":\"histogram\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"legendPosition\":\"right\",\"scale\":\"linear\",\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"drop_partials\":false,\"extended_bounds\":{}}}]}","uiStateJSON":"{}","description":"Timeline of events matching Appendix A+B custom rule IDs","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"rule.id:1003* OR rule.id:1004*\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}},"references":[{"name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern","id":"wazuh-proposal-custom-rules-index-pattern"}]}
{"type":"visualization","id":"proposal-custom-rules-top-ids","attributes":{"title":"Proposal Custom Rules - Top Rule IDs","visState":"{\"title\":\"Proposal Custom Rules - Top Rule IDs\",\"type\":\"table\",\"params\":{\"perPage\":25,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.id\",\"size\":80,\"order\":\"asc\",\"orderBy\":\"_key\"}}]}","uiStateJSON":"{}","description":"Counts by custom Appendix rule IDs","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"rule.id:1003* OR rule.id:1004*\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}},"references":[{"name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern","id":"wazuh-proposal-custom-rules-index-pattern"}]}
{"type":"visualization","id":"proposal-custom-rules-top-descriptions","attributes":{"title":"Proposal Custom Rules - Top Descriptions","visState":"{\"title\":\"Proposal Custom Rules - Top Descriptions\",\"type\":\"table\",\"params\":{\"perPage\":15,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.description\",\"size\":15,\"order\":\"desc\",\"orderBy\":\"1\"}}]}","uiStateJSON":"{}","description":"Most frequent custom rule descriptions","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"rule.id:1003* OR rule.id:1004*\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}},"references":[{"name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern","id":"wazuh-proposal-custom-rules-index-pattern"}]}
{"type":"visualization","id":"proposal-custom-rules-severity","attributes":{"title":"Proposal Custom Rules - Severity","visState":"{\"title\":\"Proposal Custom Rules - Severity\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"rule.level\",\"size\":15,\"order\":\"desc\",\"orderBy\":\"1\"}}]}","uiStateJSON":"{}","description":"Severity distribution for custom Appendix rules","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"rule.id:1003* OR rule.id:1004*\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}},"references":[{"name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern","id":"wazuh-proposal-custom-rules-index-pattern"}]}
{"type":"dashboard","id":"proposal-custom-rules-overview","attributes":{"title":"SOC Proposal Custom Rules Overview","hits":0,"description":"Dashboard for custom Wazuh Appendix A+B rules (100301..100426)","panelsJSON":"[{\"type\":\"visualization\",\"panelIndex\":\"1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":48,\"h\":14,\"i\":\"1\"},\"version\":\"7.10.0\",\"panelRefName\":\"panel_1\"},{\"type\":\"visualization\",\"panelIndex\":\"2\",\"gridData\":{\"x\":0,\"y\":14,\"w\":20,\"h\":14,\"i\":\"2\"},\"version\":\"7.10.0\",\"panelRefName\":\"panel_2\"},{\"type\":\"visualization\",\"panelIndex\":\"3\",\"gridData\":{\"x\":20,\"y\":14,\"w\":18,\"h\":14,\"i\":\"3\"},\"version\":\"7.10.0\",\"panelRefName\":\"panel_3\"},{\"type\":\"visualization\",\"panelIndex\":\"4\",\"gridData\":{\"x\":38,\"y\":14,\"w\":10,\"h\":14,\"i\":\"4\"},\"version\":\"7.10.0\",\"panelRefName\":\"panel_4\"}]","optionsJSON":"{\"useMargins\":true,\"hidePanelTitles\":false}","version":1,"timeRestore":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"}},"references":[{"name":"panel_1","type":"visualization","id":"proposal-custom-rules-events-over-time"},{"name":"panel_2","type":"visualization","id":"proposal-custom-rules-top-ids"},{"name":"panel_3","type":"visualization","id":"proposal-custom-rules-top-descriptions"},{"name":"panel_4","type":"visualization","id":"proposal-custom-rules-severity"}]}