Ana Sayfa Keşfet Yardım
Giriş Yap
tum
/
soc
İzle 1
Yıldızla 0
Çatalla 0
Kod Sorunlar 0 Değişiklik İstekleri 0 İşlemeler 34 Sürümler 0 Wiki

Açıklama Yok

Dal: main
Dallar Biçim İmleri
soc
/
scripts
/
events
/
wazuh-propos...

wazuh-proposal-custom-rules-dashboard.ndjson 5.6KB
Kalıcı Bağlantı Geçmiş Ham

123456 
  1. {"type":"visualization","id":"soc-active-custom-rules-events-over-time","attributes":{"title":"SOC Active Custom Rules - Events Over Time","visState":"{\"title\":\"SOC Active Custom Rules - Events Over Time\",\"type\":\"histogram\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"legendPosition\":\"right\",\"scale\":\"linear\",\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"interval\":\"auto\",\"min_doc_count\":1,\"drop_partials\":false,\"extended_bounds\":{}}}]}","uiStateJSON":"{}","description":"Timeline for active SOC production custom rules (1103xx, 1104xx, 1105xx)","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"rule.groups: soc_prod*\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}},"references":[{"name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern","id":"wazuh-alerts-*"}]}
    2. 

  2. {"type":"visualization","id":"soc-active-custom-rules-rule-map","attributes":{"title":"SOC Active Custom Rules - Rule Map","visState":"{\"title\":\"SOC Active Custom Rules - Rule Map\",\"type\":\"table\",\"params\":{\"perPage\":25,\"showPartialRows\":true,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.id\",\"size\":40,\"order\":\"desc\",\"orderBy\":\"1\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rule.description\",\"size\":1,\"order\":\"desc\",\"orderBy\":\"1\"}}]}","uiStateJSON":"{}","description":"Rule ID, description, and count in one table","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"rule.groups: soc_prod*\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}},"references":[{"name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern","id":"wazuh-alerts-*"}]}
    3. 

  3. {"type":"visualization","id":"soc-active-custom-rules-severity","attributes":{"title":"SOC Active Custom Rules - Severity","visState":"{\"title\":\"SOC Active Custom Rules - Severity\",\"type\":\"pie\",\"params\":{\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"isDonut\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"rule.level\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\"}}]}","uiStateJSON":"{}","description":"Severity distribution for active custom rules","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"rule.groups: soc_prod*\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}},"references":[{"name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern","id":"wazuh-alerts-*"}]}
    4. 

  4. {"type":"visualization","id":"soc-active-custom-rules-by-decoder","attributes":{"title":"SOC Active Custom Rules - Decoder Coverage","visState":"{\"title\":\"SOC Active Custom Rules - Decoder Coverage\",\"type\":\"table\",\"params\":{\"perPage\":15,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"decoder.name\",\"size\":15,\"order\":\"desc\",\"orderBy\":\"1\"}}]}","uiStateJSON":"{}","description":"Decoder coverage for active custom rule hits","version":1,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"rule.groups: soc_prod*\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"}},"references":[{"name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern","id":"wazuh-alerts-*"}]}
    5. 

  5. {"type":"dashboard","id":"soc-active-custom-rules-overview","attributes":{"title":"SOC Active Custom Rules Overview","hits":0,"description":"Dashboard for active Wazuh SOC production custom rules (110301-110523)","panelsJSON":"[{\"type\":\"visualization\",\"panelIndex\":\"1\",\"gridData\":{\"x\":0,\"y\":0,\"w\":48,\"h\":12,\"i\":\"1\"},\"version\":\"7.10.0\",\"panelRefName\":\"panel_1\"},{\"type\":\"visualization\",\"panelIndex\":\"2\",\"gridData\":{\"x\":0,\"y\":12,\"w\":36,\"h\":14,\"i\":\"2\"},\"version\":\"7.10.0\",\"panelRefName\":\"panel_2\"},{\"type\":\"visualization\",\"panelIndex\":\"4\",\"gridData\":{\"x\":36,\"y\":12,\"w\":12,\"h\":14,\"i\":\"4\"},\"version\":\"7.10.0\",\"panelRefName\":\"panel_4\"},{\"type\":\"visualization\",\"panelIndex\":\"5\",\"gridData\":{\"x\":0,\"y\":26,\"w\":48,\"h\":14,\"i\":\"5\"},\"version\":\"7.10.0\",\"panelRefName\":\"panel_5\"}]","optionsJSON":"{\"useMargins\":true,\"hidePanelTitles\":false}","version":1,"timeRestore":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"}},"references":[{"name":"panel_1","type":"visualization","id":"soc-active-custom-rules-events-over-time"},{"name":"panel_2","type":"visualization","id":"soc-active-custom-rules-rule-map"},{"name":"panel_4","type":"visualization","id":"soc-active-custom-rules-severity"},{"name":"panel_5","type":"visualization","id":"soc-active-custom-rules-by-decoder"}]}
    6. 

  6.