{ "title": "Home Logstash", "services": { "query": { "idQueue": [ 4 ], "list": { "0": { "id": 0, "color": "#1F78C1", "query": "proto:UDP AND NOT snort AND NOT src_ip:192.168*", "alias": "Ingress FW UDP", "pin": false, "type": "lucene", "enable": true }, "1": { "id": 1, "color": "#EAB839", "query": "sasl", "alias": "", "pin": false, "type": "lucene", "enable": true }, "2": { "id": 2, "color": "#890F02", "query": "(snort AND NOT src_ip:192.168.1.*) OR (snort AND NOT src_ip:x.x.x.x)", "alias": "Ingress IDS", "pin": false, "type": "lucene", "enable": true }, "3": { "id": 3, "color": "#0A437C", "query": "flags:SYN AND NOT snort AND NOT src_ip:192.168*", "alias": "Ingress TCP FW", "pin": false, "type": "lucene", "enable": true }, "4": { "id": 4, "color": "#BF1B00", "alias": "Egress IDS", "pin": false, "type": "lucene", "enable": true, "query": "(snort AND src_ip:192.168.1.*) OR (snort AND src_ip:x.x.x.x)" }, "5": { "id": 5, "color": "#70DBED", "alias": "Egress FW", "pin": false, "type": "lucene", "enable": true, "query": "tags:kernel AND src_ip:192.168.*" }, "8": { "id": 8, "color": "#508642", "alias": "", "pin": false, "type": "lucene", "enable": true, "query": "src_ip:*" } }, "ids": [ 0, 1, 2, 3, 4, 8, 5 ] }, "filter": { "idQueue": [ 1 ], "list": { "0": { "type": "time", "field": "@timestamp", "from": "now-12h", "to": "now", "mandate": "must", "active": true, "alias": "", "id": 0 } }, "ids": [ 0 ] } }, "rows": [ { "title": "Graph", "height": "300px", "editable": true, "collapse": false, "collapsable": true, "panels": [ { "span": 12, "editable": true, "group": [ "default" ], "type": "histogram", "mode": "count", "time_field": "@timestamp", "value_field": null, "auto_int": true, "resolution": 100, "interval": "5m", "fill": 5, "linewidth": 1, "timezone": "browser", "spyable": true, "zoomlinks": false, "bars": true, "stack": true, "points": false, "lines": false, "legend": true, "x-axis": true, "y-axis": true, "percentage": false, "interactive": true, "queries": { "mode": "selected", "ids": [ 0, 2, 3, 4, 5 ] }, "title": "Events over time", "intervals": [ "auto", "1s", "1m", "5m", "10m", "30m", "1h", "3h", "12h", "1d", "1w", "1M", "1y" ], "options": true, "tooltip": { "value_type": "individual", "query_as_alias": true }, "scale": 1, "y_format": "none", "grid": { "max": null, "min": 0 }, "annotate": { "enable": false, "query": "tags:snort", "size": 50, "field": "src_ip", "sort": [ "src_ip", "desc" ] }, "pointradius": 5, "show_query": true, "legend_counts": true, "zerofill": true, "derivative": false } ], "notice": false }, { "title": "Tops", "height": "150px", "editable": true, "collapse": false, "collapsable": true, "panels": [ { "error": false, "span": 2, "editable": true, "type": "terms", "loadingEditor": false, "field": "src_ip", "exclude": [], "missing": false, "other": false, "size": 10, "order": "count", "style": { "font-size": "10pt" }, "donut": false, "tilt": false, "labels": true, "arrangement": "horizontal", "chart": "table", "counter_pos": "above", "spyable": true, "queries": { "mode": "selected", "ids": [ 3, 8 ] }, "tmode": "terms", "tstat": "total", "valuefield": "", "title": "all top" }, { "error": false, "span": 2, "editable": true, "type": "terms", "loadingEditor": false, "queries": { "mode": "selected", "ids": [ 0, 3 ] }, "field": "src_ip", "exclude": [], "missing": false, "other": false, "size": 10, "order": "count", "style": { "font-size": "10pt" }, "donut": false, "tilt": false, "labels": true, "arrangement": "horizontal", "chart": "table", "counter_pos": "above", "spyable": true, "title": "Top Firewall IPs", "tmode": "terms", "tstat": "total", "valuefield": "" }, { "error": false, "span": 2, "editable": true, "type": "terms", "loadingEditor": false, "queries": { "mode": "selected", "ids": [ 2 ] }, "field": "src_ip", "exclude": [ "x.x.x.x", "192.168" ], "missing": false, "other": false, "size": 10, "order": "count", "style": { "font-size": "10pt" }, "donut": false, "tilt": false, "labels": true, "arrangement": "horizontal", "chart": "table", "counter_pos": "above", "spyable": true, "title": "Top IDS IPs", "tmode": "terms", "tstat": "total", "valuefield": "" }, { "error": false, "span": 6, "editable": true, "type": "terms", "loadingEditor": false, "queries": { "mode": "selected", "ids": [ 2 ] }, "field": "ids_alert", "exclude": [], "missing": false, "other": false, "size": 10, "order": "count", "style": { "font-size": "9pt" }, "donut": false, "tilt": false, "labels": true, "arrangement": "horizontal", "chart": "table", "counter_pos": "above", "spyable": true, "title": "Top IDS Types", "tmode": "terms", "tstat": "total", "valuefield": "" } ], "notice": false }, { "title": "Maps", "height": "250px", "editable": true, "collapse": false, "collapsable": true, "panels": [ { "error": false, "span": 3, "editable": true, "type": "map", "loadingEditor": false, "queries": { "mode": "selected", "ids": [ 0, 3 ] }, "map": "world", "colors": [ "#A0E2E2", "#265656" ], "size": 100, "exclude": [], "spyable": true, "index_limit": 0, "title": "Firewall Source Country", "field": "src_geoip.country_code2" }, { "error": false, "span": 2, "editable": true, "type": "terms", "loadingEditor": false, "queries": { "mode": "selected", "ids": [ 0, 3 ] }, "field": "dst_port", "exclude": [], "missing": false, "other": false, "size": 10, "order": "count", "style": { "font-size": "10pt" }, "donut": false, "tilt": false, "labels": true, "arrangement": "horizontal", "chart": "table", "counter_pos": "above", "spyable": true, "title": "Firewall Dst Ports", "tmode": "terms", "tstat": "total", "valuefield": "" }, { "error": false, "span": 3, "editable": true, "type": "map", "loadingEditor": false, "map": "world", "colors": [ "#A0E2E2", "#265656" ], "size": 100, "exclude": [], "spyable": true, "queries": { "mode": "selected", "ids": [ 2 ] }, "title": "ID Source Country", "field": "src_geoip.country_code2" }, { "error": false, "span": 2, "editable": true, "type": "terms", "loadingEditor": false, "queries": { "mode": "selected", "ids": [ 2 ] }, "field": "dst_port", "exclude": [], "missing": false, "other": false, "size": 10, "order": "count", "style": { "font-size": "10pt" }, "donut": false, "tilt": true, "labels": true, "arrangement": "horizontal", "chart": "table", "counter_pos": "above", "spyable": true, "title": "IDS DST Ports", "tmode": "terms", "tstat": "total", "valuefield": "" }, { "span": 2, "editable": true, "type": "sparklines", "loadingEditor": false, "mode": "count", "time_field": "@timestamp", "value_field": null, "interval": "1h", "spyable": true, "queries": { "mode": "selected", "ids": [ 0, 2, 3, 4 ] } } ], "notice": false }, { "title": "IDS Events", "height": "150px", "editable": true, "collapse": true, "collapsable": true, "panels": [ { "error": false, "span": 12, "editable": true, "type": "table", "loadingEditor": false, "status": "Stable", "queries": { "mode": "selected", "ids": [ 2 ] }, "size": 100, "pages": 5, "offset": 0, "sort": [ "@timestamp", "desc" ], "group": "default", "style": { "font-size": "9pt" }, "overflow": "min-height", "fields": [ "@timestamp", "sid", "ids_alert", "src_geoip.country_name", "src_ip", "dst_geoip.country_name", "dst_ip", "proto", "src_port", "dst_port" ], "highlight": [], "sortable": true, "header": true, "paging": true, "field_list": false, "all_fields": true, "trimFactor": 400, "normTimes": true, "spyable": true, "title": "IDS Events", "localTime": true, "timeField": "@timestamp" } ], "notice": false }, { "title": "Firewall Events", "height": "150px", "editable": true, "collapse": true, "collapsable": true, "panels": [ { "title": "Firewall Events", "error": false, "span": 12, "editable": true, "group": [ "default" ], "type": "table", "size": 100, "pages": 5, "offset": 0, "sort": [ "@timestamp", "desc" ], "style": { "font-size": "9pt" }, "overflow": "min-height", "fields": [ "@timestamp", "src_geoip.country_name", "src_ip", "dst_ip", "dst_geoip.country_name", "proto", "src_port", "dst_port", "flags" ], "highlight": [], "sortable": true, "header": true, "paging": true, "spyable": true, "queries": { "mode": "selected", "ids": [ 0, 3 ] }, "field_list": false, "status": "Stable", "trimFactor": 300, "normTimes": true, "all_fields": false, "localTime": true, "timeField": "@timestamp" } ], "notice": false }, { "title": "SASL Events", "height": "150px", "editable": true, "collapse": true, "collapsable": true, "panels": [ { "error": false, "span": 12, "editable": true, "type": "table", "loadingEditor": false, "size": 100, "pages": 5, "offset": 0, "sort": [ "@timestamp", "desc" ], "overflow": "min-height", "fields": [ "@timestamp", "date", "src_geoip.country_name", "src_ip", "tags" ], "highlight": [], "sortable": true, "header": true, "paging": false, "field_list": true, "all_fields": true, "trimFactor": 400, "localTime": false, "timeField": "@timestamp", "spyable": true, "queries": { "mode": "selected", "ids": [ 5 ] }, "style": { "font-size": "9pt" }, "normTimes": true, "title": "SASL Events" } ], "notice": false }, { "title": "Testing", "height": "150px", "editable": true, "collapse": true, "collapsable": true, "panels": [], "notice": false } ], "editable": true, "failover": false, "index": { "interval": "day", "pattern": "[logstash-]YYYY.MM.DD", "default": "NO_TIME_FILTER_OR_INDEX_PATTERN_NOT_MATCHED", "warm_fields": true }, "style": "dark", "panel_hints": true, "pulldowns": [ { "type": "query", "collapse": false, "notice": false, "query": "*", "pinned": true, "history": [ "src_ip:*", "tags:kernel AND src_ip:192.168.*", "(snort AND src_ip:192.168.1.*) OR (snort AND src_ip:x.x.x.x)", "flags:SYN AND NOT snort AND NOT src_ip:192.168*", "(snort AND NOT src_ip:192.168.1.*) OR (snort AND NOT src_ip:x.x.x.x)", "sasl", "proto:UDP AND NOT snort AND NOT src_ip:192.168*", "tags:kernel", "tags:snort", "tags:bad" ], "remember": 10, "enable": true }, { "type": "filtering", "collapse": true, "notice": false, "enable": true } ], "nav": [ { "type": "timepicker", "collapse": false, "notice": false, "status": "Stable", "time_options": [ "5m", "15m", "1h", "6h", "12h", "24h", "2d", "7d", "30d" ], "refresh_intervals": [ "5s", "10s", "30s", "1m", "5m", "15m", "30m", "1h", "2h", "1d" ], "timefield": "@timestamp", "now": true, "filter_id": 0, "enable": true } ], "loader": { "save_gist": false, "save_elasticsearch": true, "save_local": true, "save_default": true, "save_temp": true, "save_temp_ttl_enable": true, "save_temp_ttl": "30d", "load_gist": true, "load_elasticsearch": true, "load_elasticsearch_size": 20, "load_local": true, "hide": false }, "refresh": "5m" }