Página Inicial Explorar Ajuda
Entrar
tum
/
soc
Observar 1
Favorito 0
Fork 0
Código Problemas 0 Pull Requests 0 Commits 34 Versões 0 Wiki

Nenhuma Descrição

Branch: main
Branches Tags
soc
/
scripts
/
events
/
wazuh-propos...

wazuh-proposal-appendix-ab-dashboard.ndjson 12KB
Link permanente Histórico Cru

1234567 
  1. {"type": "visualization", "id": "proposal-ab-events-over-time", "attributes": {"title": "Proposal Appendix A+B - Events Over Time", "visState": "{\"title\":\"Proposal Appendix A+B - Events Over Time\",\"type\":\"histogram\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"legendPosition\":\"right\",\"scale\":\"linear\",\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"drop_partials\":false,\"extended_bounds\":{}}}]}", "uiStateJSON": "{}", "description": "Combined Appendix A and B simulated events", "version": 1, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\": {\"language\": \"kuery\", \"query\": \"rule.groups: soc_prod*\"}, \"filter\": [], \"indexRefName\": \"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}}, "references": [{"name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern", "id": "wazuh-alerts-*"}]}
    2. 

  2. {"type": "visualization", "id": "proposal-ab-a-vs-b-split", "attributes": {"title": "Proposal Appendix A vs B", "visState": "{\"title\": \"Proposal Appendix A vs B\", \"type\": \"pie\", \"params\": {\"addTooltip\": true, \"addLegend\": true, \"legendPosition\": \"right\", \"isDonut\": true}, \"aggs\": [{\"id\": \"1\", \"enabled\": true, \"type\": \"count\", \"schema\": \"metric\", \"params\": {}}, {\"id\": \"2\", \"enabled\": true, \"type\": \"filters\", \"schema\": \"segment\", \"params\": {\"filters\": [{\"input\": {\"query\": \"rule.groups: appendix_a\", \"language\": \"kuery\"}, \"label\": \"Appendix A\"}, {\"input\": {\"query\": \"rule.groups: appendix_b\", \"language\": \"kuery\"}, \"label\": \"Appendix B\"}]}}]}", "uiStateJSON": "{}", "description": "Split by Appendix A and B markers", "version": 1, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\": {\"language\": \"kuery\", \"query\": \"rule.groups: soc_prod*\"}, \"filter\": [], \"indexRefName\": \"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}}, "references": [{"name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern", "id": "wazuh-alerts-*"}]}
    3. 

  3. {"type": "visualization", "id": "proposal-ab-top-rules", "attributes": {"title": "Proposal Appendix A+B - Top Rules", "visState": "{\"title\":\"Proposal Appendix A+B - Top Rules\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.description\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}]}", "uiStateJSON": "{}", "description": "Top matched Wazuh rules for Appendix A+B simulations", "version": 1, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\": {\"language\": \"kuery\", \"query\": \"rule.groups: soc_prod*\"}, \"filter\": [], \"indexRefName\": \"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}}, "references": [{"name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern", "id": "wazuh-alerts-*"}]}
    4. 

  4. {"type": "visualization", "id": "proposal-ab-severity", "attributes": {"title": "Proposal Appendix A+B - Severity", "visState": "{\"title\":\"Proposal Appendix A+B - Severity\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"rule.level\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}]}", "uiStateJSON": "{}", "description": "Severity distribution for Appendix A+B simulations", "version": 1, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\": {\"language\": \"kuery\", \"query\": \"rule.groups: soc_prod*\"}, \"filter\": [], \"indexRefName\": \"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}}, "references": [{"name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern", "id": "wazuh-alerts-*"}]}
    5. 

  5. {"type": "visualization", "id": "proposal-ab-usecase-items", "attributes": {"title": "Proposal Appendix A+B - Use Case Items", "visState": "{\"title\": \"Proposal Appendix A+B - Use Case Items\", \"type\": \"table\", \"params\": {\"perPage\": 100, \"showPartialRows\": false, \"showMetricsAtAllLevels\": false, \"sort\": {\"columnIndex\": null, \"direction\": null}}, \"aggs\": [{\"id\": \"1\", \"enabled\": true, \"type\": \"count\", \"schema\": \"metric\", \"params\": {}}, {\"id\": \"2\", \"enabled\": true, \"type\": \"filters\", \"schema\": \"bucket\", \"params\": {\"filters\": [{\"input\": {\"query\": \"rule.id: 110301\", \"language\": \"kuery\"}, \"label\": \"A1-01\"}, {\"input\": {\"query\": \"rule.id: 110302\", \"language\": \"kuery\"}, \"label\": \"A1-02\"}, {\"input\": {\"query\": \"rule.id: 110311\", \"language\": \"kuery\"}, \"label\": \"A2-01\"}, {\"input\": {\"query\": \"rule.id: 110312\", \"language\": \"kuery\"}, \"label\": \"A2-02\"}, {\"input\": {\"query\": \"rule.id: 110313\", \"language\": \"kuery\"}, \"label\": \"A2-03\"}, {\"input\": {\"query\": \"rule.id: 110314\", \"language\": \"kuery\"}, \"label\": \"A2-04\"}, {\"input\": {\"query\": \"rule.id: 110315\", \"language\": \"kuery\"}, \"label\": \"A2-05\"}, {\"input\": {\"query\": \"rule.id: 110316\", \"language\": \"kuery\"}, \"label\": \"A2-06\"}, {\"input\": {\"query\": \"rule.id: 110317\", \"language\": \"kuery\"}, \"label\": \"A2-07\"}, {\"input\": {\"query\": \"rule.id: 110318\", \"language\": \"kuery\"}, \"label\": \"A2-08\"}, {\"input\": {\"query\": \"rule.id: 110319\", \"language\": \"kuery\"}, \"label\": \"A2-09\"}, {\"input\": {\"query\": \"rule.id: 110320\", \"language\": \"kuery\"}, \"label\": \"A2-10\"}, {\"input\": {\"query\": \"rule.id: 110331\", \"language\": \"kuery\"}, \"label\": \"A3-01\"}, {\"input\": {\"query\": \"rule.id: 110332\", \"language\": \"kuery\"}, \"label\": \"A3-02\"}, {\"input\": {\"query\": \"rule.id: 110333\", \"language\": \"kuery\"}, \"label\": \"A3-03\"}, {\"input\": {\"query\": \"rule.id: 110334\", \"language\": \"kuery\"}, \"label\": \"A3-04\"}, {\"input\": {\"query\": \"rule.id: 110335\", \"language\": \"kuery\"}, \"label\": \"A3-05\"}, {\"input\": {\"query\": \"rule.id: 110341\", \"language\": \"kuery\"}, \"label\": \"A4-01\"}, {\"input\": {\"query\": \"rule.id: 110342\", \"language\": \"kuery\"}, \"label\": \"A4-02\"}, {\"input\": {\"query\": \"rule.id: 110343\", \"language\": \"kuery\"}, \"label\": \"A4-03\"}, {\"input\": {\"query\": \"rule.id: __no_rule__\", \"language\": \"kuery\"}, \"label\": \"A4-04\"}, {\"input\": {\"query\": \"rule.id: __no_rule__\", \"language\": \"kuery\"}, \"label\": \"A4-05\"}, {\"input\": {\"query\": \"rule.id: 110346\", \"language\": \"kuery\"}, \"label\": \"A4-06\"}, {\"input\": {\"query\": \"rule.id: __no_rule__\", \"language\": \"kuery\"}, \"label\": \"A4-07\"}, {\"input\": {\"query\": \"rule.id: 110348\", \"language\": \"kuery\"}, \"label\": \"A4-08\"}, {\"input\": {\"query\": \"rule.id: 110349\", \"language\": \"kuery\"}, \"label\": \"A4-09\"}, {\"input\": {\"query\": \"rule.id: 110350\", \"language\": \"kuery\"}, \"label\": \"A4-10\"}, {\"input\": {\"query\": \"rule.id: 110353\", \"language\": \"kuery\"}, \"label\": \"A4-11\"}, {\"input\": {\"query\": \"rule.id: 110352\", \"language\": \"kuery\"}, \"label\": \"A4-12\"}, {\"input\": {\"query\": \"rule.id: 110354\", \"language\": \"kuery\"}, \"label\": \"A4-13\"}, {\"input\": {\"query\": \"rule.id: __no_rule__\", \"language\": \"kuery\"}, \"label\": \"A4-14\"}, {\"input\": {\"query\": \"rule.id: __no_rule__\", \"language\": \"kuery\"}, \"label\": \"A4-15\"}, {\"input\": {\"query\": \"rule.id: __no_rule__\", \"language\": \"kuery\"}, \"label\": \"A4-16\"}, {\"input\": {\"query\": \"rule.id: __no_rule__\", \"language\": \"kuery\"}, \"label\": \"A4-17\"}, {\"input\": {\"query\": \"rule.id: __no_rule__\", \"language\": \"kuery\"}, \"label\": \"A4-18\"}, {\"input\": {\"query\": \"rule.id: 110359\", \"language\": \"kuery\"}, \"label\": \"A4-19\"}, {\"input\": {\"query\": \"rule.id: __no_rule__\", \"language\": \"kuery\"}, \"label\": \"A4-20\"}, {\"input\": {\"query\": \"rule.id: 110361\", \"language\": \"kuery\"}, \"label\": \"A4-21\"}, {\"input\": {\"query\": \"rule.id: 110362\", \"language\": \"kuery\"}, \"label\": \"A4-22\"}, {\"input\": {\"query\": \"rule.id: 110361\", \"language\": \"kuery\"}, \"label\": \"A4-23\"}, {\"input\": {\"query\": \"rule.id: 110362\", \"language\": \"kuery\"}, \"label\": \"A4-24\"}, {\"input\": {\"query\": \"rule.id: 110401\", \"language\": \"kuery\"}, \"label\": \"B1-01\"}, {\"input\": {\"query\": \"rule.id: 110402\", \"language\": \"kuery\"}, \"label\": \"B1-02\"}, {\"input\": {\"query\": \"rule.id: 110403\", \"language\": \"kuery\"}, \"label\": \"B1-03\"}, {\"input\": {\"query\": \"rule.id: 110411\", \"language\": \"kuery\"}, \"label\": \"B2-01\"}, {\"input\": {\"query\": \"rule.id: 110421\", \"language\": \"kuery\"}, \"label\": \"B3-01\"}, {\"input\": {\"query\": \"rule.id: 110422\", \"language\": \"kuery\"}, \"label\": \"B3-02\"}, {\"input\": {\"query\": \"rule.id: 110423\", \"language\": \"kuery\"}, \"label\": \"B3-03\"}, {\"input\": {\"query\": \"rule.id: 110424\", \"language\": \"kuery\"}, \"label\": \"B3-04\"}, {\"input\": {\"query\": \"rule.id: 110425\", \"language\": \"kuery\"}, \"label\": \"B3-05\"}, {\"input\": {\"query\": \"rule.id: 110426\", \"language\": \"kuery\"}, \"label\": \"B3-06\"}]}}]}", "uiStateJSON": "{}", "description": "Table for each Appendix A+B use-case item. Click + on a row to filter logs.", "version": 1, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\": {\"language\": \"kuery\", \"query\": \"rule.groups: soc_prod*\"}, \"filter\": [], \"indexRefName\": \"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}}, "references": [{"name": "kibanaSavedObjectMeta.searchSourceJSON.index", "type": "index-pattern", "id": "wazuh-alerts-*"}]}
    6. 

  6. {"type": "dashboard", "id": "proposal-appendix-ab-overview", "attributes": {"title": "SOC Proposal Appendix A+B Overview", "hits": 0, "description": "Combined dashboard for Appendix A and B simulation logs", "panelsJSON": "[{\"type\":\"visualization\",\"panelIndex\":\"1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":48,\"h\":12,\"i\":\"1\"},\"version\":\"7.10.0\",\"panelRefName\":\"panel_1\"},{\"type\":\"visualization\",\"panelIndex\":\"2\",\"gridData\":{\"x\":0,\"y\":12,\"w\":16,\"h\":12,\"i\":\"2\"},\"version\":\"7.10.0\",\"panelRefName\":\"panel_2\"},{\"type\":\"visualization\",\"panelIndex\":\"3\",\"gridData\":{\"x\":16,\"y\":12,\"w\":20,\"h\":12,\"i\":\"3\"},\"version\":\"7.10.0\",\"panelRefName\":\"panel_3\"},{\"type\":\"visualization\",\"panelIndex\":\"4\",\"gridData\":{\"x\":36,\"y\":12,\"w\":12,\"h\":12,\"i\":\"4\"},\"version\":\"7.10.0\",\"panelRefName\":\"panel_4\"},{\"type\":\"visualization\",\"panelIndex\":\"5\",\"gridData\":{\"x\":0,\"y\":24,\"w\":48,\"h\":18,\"i\":\"5\"},\"version\":\"7.10.0\",\"panelRefName\":\"panel_5\"}]", "optionsJSON": "{\"useMargins\":true,\"hidePanelTitles\":false}", "version": 1, "timeRestore": false, "kibanaSavedObjectMeta": {"searchSourceJSON": "{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"}}, "references": [{"name": "panel_1", "type": "visualization", "id": "proposal-ab-events-over-time"}, {"name": "panel_2", "type": "visualization", "id": "proposal-ab-a-vs-b-split"}, {"name": "panel_3", "type": "visualization", "id": "proposal-ab-top-rules"}, {"name": "panel_4", "type": "visualization", "id": "proposal-ab-severity"}, {"name": "panel_5", "type": "visualization", "id": "proposal-ab-usecase-items"}]}
    7. 

  7.