{ "title": "Suricata Dashboard", "services": { "query": { "list": { "0": { "query": "alert.msg:*", "alias": "", "color": "#7EB26D", "id": 0, "pin": false, "type": "lucene", "enable": true }, "1": { "id": 1, "color": "#EAB839", "alias": "", "pin": false, "type": "lucene", "enable": true, "query": "tls.subject:*" }, "2": { "id": 2, "color": "#6ED0E0", "alias": "", "pin": false, "type": "lucene", "enable": true, "query": "http.uri:*" }, "3": { "id": 3, "color": "#EF843C", "alias": "", "pin": false, "type": "lucene", "enable": true, "query": "file.http_uri:*" }, "4": { "id": 4, "color": "#E24D42", "alias": "", "pin": false, "type": "lucene", "enable": true, "query": "file.magic:ASCII" }, "5": { "id": 5, "color": "#1F78C1", "alias": "", "pin": false, "type": "lucene", "enable": true, "query": "file.magic:PDF" }, "6": { "id": 6, "color": "#BA43A9", "alias": "", "pin": false, "type": "lucene", "enable": true, "query": "file.magic:PNG" }, "7": { "id": 7, "color": "#705DA0", "alias": "", "pin": false, "type": "lucene", "enable": true, "query": "file.magic:JPEG" } }, "ids": [ 0, 1, 2, 3, 4, 5, 6, 7 ] }, "filter": { "list": { "0": { "type": "time", "field": "@timestamp", "from": "now-24h", "to": "now", "mandate": "must", "active": true, "alias": "", "id": 0 }, "1": { "type": "terms", "field": "path.raw", "value": "/var/log/suricata/eve.json", "mandate": "must", "active": true, "alias": "", "id": 1 } }, "ids": [ 1, 0 ] } }, "rows": [ { "title": "Time Filter", "height": "100px", "editable": true, "collapse": false, "collapsable": true, "panels": [ { "span": 12, "editable": true, "type": "histogram", "loadingEditor": false, "mode": "count", "time_field": "@timestamp", "value_field": null, "x-axis": true, "y-axis": true, "scale": 1, "y_format": "none", "grid": { "max": null, "min": 0 }, "queries": { "mode": "selected", "ids": [ 0, 1, 2, 3 ] }, "annotate": { "enable": false, "query": "*", "size": 20, "field": "_type", "sort": [ "_score", "desc" ] }, "auto_int": true, "resolution": 100, "interval": "10m", "intervals": [ "auto", "1s", "1m", "5m", "10m", "30m", "1h", "3h", "12h", "1d", "1w", "1y" ], "lines": true, "fill": 0, "linewidth": 3, "points": false, "pointradius": 5, "bars": false, "stack": false, "spyable": true, "zoomlinks": true, "options": true, "legend": true, "show_query": true, "interactive": true, "legend_counts": true, "timezone": "browser", "percentage": false, "zerofill": true, "derivative": false, "tooltip": { "value_type": "cumulative", "query_as_alias": true }, "title": "Timeline" } ], "notice": false }, { "title": "Stats", "height": "150px", "editable": true, "collapse": false, "collapsable": true, "panels": [ { "error": false, "span": 4, "editable": true, "type": "bettermap", "loadingEditor": false, "field": "geoip.coordinates", "size": 1000, "spyable": true, "tooltip": "_id", "queries": { "mode": "all", "ids": [ 0, 1, 2, 3, 4, 5, 6, 7 ] }, "title": "Sources" }, { "error": false, "span": 4, "editable": true, "type": "pie", "loadingEditor": false, "mode": "terms", "size": 10, "exclude": [], "donut": false, "tilt": false, "legend": "above", "labels": false, "spyable": true, "query": { "field": "alert.msg.raw" }, "queries": { "mode": "selected", "ids": [ 0 ] }, "default_field": "_type", "title": "Alerts" }, { "error": false, "span": 4, "editable": true, "type": "pie", "loadingEditor": false, "mode": "terms", "size": 5, "exclude": [], "donut": false, "tilt": false, "legend": "above", "labels": true, "spyable": true, "query": { "field": "alert.class.raw", "goal": 100 }, "queries": { "mode": "all", "ids": [ 0, 1, 2, 3, 4, 5, 6, 7 ] }, "default_field": "_type", "title": "Alerts Classes" } ], "notice": false }, { "title": "Graph", "height": "250px", "editable": true, "collapse": false, "collapsable": true, "panels": [ { "error": false, "span": 4, "editable": true, "type": "terms", "loadingEditor": false, "field": "srcip.raw", "exclude": [], "missing": true, "other": true, "size": 5, "order": "count", "style": { "font-size": "10pt" }, "donut": false, "tilt": false, "labels": true, "arrangement": "horizontal", "chart": "bar", "counter_pos": "above", "spyable": true, "queries": { "mode": "selected", "ids": [ 0 ] }, "title": "Offending Hosts" }, { "error": false, "span": 4, "editable": true, "type": "pie", "loadingEditor": false, "mode": "terms", "size": 10, "exclude": [], "donut": false, "tilt": false, "legend": "above", "labels": true, "spyable": true, "query": { "field": "tls.version.raw", "goal": 100 }, "queries": { "mode": "all", "ids": [ 0, 1, 2, 3, 4, 5, 6, 7 ] }, "default_field": "_type", "title": "TLS Version" }, { "error": false, "span": 4, "editable": true, "type": "terms", "loadingEditor": false, "field": "tls.issuerdn.raw", "exclude": [ "Gandi Standard SSL CA" ], "missing": true, "other": true, "size": 10, "order": "count", "style": { "font-size": "10pt" }, "donut": false, "tilt": false, "labels": true, "arrangement": "horizontal", "chart": "bar", "counter_pos": "above", "spyable": true, "queries": { "mode": "all", "ids": [ 0, 1, 2, 3, 4, 5, 6, 7 ] }, "title": "TLS Issuers" } ], "notice": false }, { "title": "Events", "height": "200px", "editable": true, "collapse": false, "collapsable": true, "panels": [ { "error": false, "span": 4, "editable": true, "type": "pie", "loadingEditor": false, "mode": "terms", "size": 10, "exclude": [], "donut": false, "tilt": false, "legend": "above", "labels": true, "spyable": true, "query": { "field": "file.magic.raw", "goal": 100 }, "queries": { "mode": "all", "ids": [ 0, 1, 2, 3, 4, 5, 6, 7 ] }, "default_field": "_type", "title": "File Types" }, { "span": 8, "editable": true, "type": "histogram", "loadingEditor": false, "mode": "count", "time_field": "@timestamp", "value_field": null, "x-axis": true, "y-axis": true, "scale": 1, "y_format": "none", "grid": { "max": null, "min": 0 }, "queries": { "mode": "selected", "ids": [ 4, 5, 6, 7 ] }, "annotate": { "enable": false, "query": "*", "size": 20, "field": "_type", "sort": [ "_score", "desc" ] }, "auto_int": true, "resolution": 100, "interval": "10m", "intervals": [ "auto", "1s", "1m", "5m", "10m", "30m", "1h", "3h", "12h", "1d", "1w", "1y" ], "lines": false, "fill": 0, "linewidth": 3, "points": false, "pointradius": 5, "bars": true, "stack": true, "spyable": true, "zoomlinks": true, "options": true, "legend": true, "show_query": true, "interactive": true, "legend_counts": true, "timezone": "browser", "percentage": false, "zerofill": true, "derivative": false, "tooltip": { "value_type": "cumulative", "query_as_alias": true }, "title": "File type" } ], "notice": false }, { "title": "Trends", "height": "150px", "editable": true, "collapse": false, "collapsable": true, "panels": [ { "error": false, "span": 12, "editable": true, "group": [ "default" ], "type": "table", "size": 100, "pages": 5, "offset": 0, "sort": [ "@timestamp", "desc" ], "style": { "font-size": "9pt" }, "overflow": "min-height", "fields": [ "@timestamp", "alert.id", "message", "alert.msg", "srcip", "dstip", "proto", "sp", "dp", "alert.class" ], "highlight": [], "sortable": true, "header": true, "paging": true, "spyable": true, "queries": { "mode": "all", "ids": [ 0, 1, 2, 3, 4, 5, 6, 7 ] }, "field_list": false, "status": "Stable", "trimFactor": 300, "normTimes": true, "title": "Documents", "all_fields": false, "localTime": false, "timeField": "@timestamp" } ], "notice": false } ], "editable": true, "index": { "interval": "none", "pattern": "[logstash-]YYYY.MM.DD", "default": "_all", "warm_fields": false }, "style": "light", "failover": false, "panel_hints": true, "loader": { "save_gist": false, "save_elasticsearch": true, "save_local": true, "save_default": true, "save_temp": true, "save_temp_ttl_enable": true, "save_temp_ttl": "30d", "load_gist": true, "load_elasticsearch": true, "load_elasticsearch_size": 20, "load_local": true, "hide": false }, "pulldowns": [ { "type": "query", "collapse": true, "notice": false, "query": "*", "pinned": true, "history": [ "file.magic:JPEG", "file.magic:PNG", "file.magic:PDF", "file.magic:ASCII", "file.http_uri:*", "http.uri:*", "tls.subject:*", "alert.msg:*", "http.http_uri:*", "http.method:*" ], "remember": 10, "enable": true }, { "type": "filtering", "collapse": true, "notice": true, "enable": true } ], "nav": [ { "type": "timepicker", "collapse": false, "notice": false, "status": "Stable", "time_options": [ "5m", "15m", "1h", "6h", "12h", "24h", "2d", "7d", "30d" ], "refresh_intervals": [ "5s", "10s", "30s", "1m", "5m", "15m", "30m", "1h", "2h", "1d" ], "timefield": "@timestamp", "enable": true, "now": true, "filter_id": 0 } ], "refresh": "1m" }