forked from Trietptm-on-Security/Logstash-Configs
-
Notifications
You must be signed in to change notification settings - Fork 10
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
- Loading branch information
Showing
637 changed files
with
13,414 additions
and
7,004 deletions.
There are no files selected for viewing
329 changes: 329 additions & 0 deletions
329
kibana/dashboards/01600fb0-34e4-11e7-9669-7f1d3242b798.json
Large diffs are not rendered by default.
Oops, something went wrong.
307 changes: 307 additions & 0 deletions
307
kibana/dashboards/022713e0-3ab0-11e7-a83b-b1b4da7d15f4.json
Large diffs are not rendered by default.
Oops, something went wrong.
238 changes: 238 additions & 0 deletions
238
kibana/dashboards/0de7a390-3644-11e7-a6f7-4f44d7bf1c33.json
Large diffs are not rendered by default.
Oops, something went wrong.
278 changes: 278 additions & 0 deletions
278
kibana/dashboards/130017f0-46ce-11e7-946f-1bfb1be7c36b.json
Large diffs are not rendered by default.
Oops, something went wrong.
232 changes: 232 additions & 0 deletions
232
kibana/dashboards/1d98d620-7dce-11e7-846a-150cdcaf3374.json
Large diffs are not rendered by default.
Oops, something went wrong.
431 changes: 431 additions & 0 deletions
431
kibana/dashboards/230134a0-34c6-11e7-8360-0b86c90983fd.json
Large diffs are not rendered by default.
Oops, something went wrong.
307 changes: 307 additions & 0 deletions
307
kibana/dashboards/27f3b380-3583-11e7-a588-05992195c551.json
Large diffs are not rendered by default.
Oops, something went wrong.
265 changes: 265 additions & 0 deletions
265
kibana/dashboards/2d315d80-3582-11e7-98ef-19df58fe538b.json
Large diffs are not rendered by default.
Oops, something went wrong.
242 changes: 242 additions & 0 deletions
242
kibana/dashboards/2fdf5bf0-3581-11e7-98ef-19df58fe538b.json
Large diffs are not rendered by default.
Oops, something went wrong.
166 changes: 166 additions & 0 deletions
166
kibana/dashboards/3a457d70-3583-11e7-a588-05992195c551.json
Large diffs are not rendered by default.
Oops, something went wrong.
198 changes: 198 additions & 0 deletions
198
kibana/dashboards/4323af90-76e5-11e7-ab14-e1a4c1bc11e0.json
Large diffs are not rendered by default.
Oops, something went wrong.
307 changes: 307 additions & 0 deletions
307
kibana/dashboards/46582d50-3af2-11e7-a83b-b1b4da7d15f4.json
Large diffs are not rendered by default.
Oops, something went wrong.
328 changes: 328 additions & 0 deletions
328
kibana/dashboards/468022c0-3583-11e7-a588-05992195c551.json
Large diffs are not rendered by default.
Oops, something went wrong.
102 changes: 102 additions & 0 deletions
102
kibana/dashboards/4e108070-46c7-11e7-946f-1bfb1be7c36b.json
Large diffs are not rendered by default.
Oops, something went wrong.
23 changes: 23 additions & 0 deletions
23
kibana/dashboards/4f6f3440-6d62-11e7-8ddb-e71eb260f4a3.json
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,23 @@ | ||
| { | ||
| "version": "5.6.4", | ||
| "objects": [ | ||
| { | ||
| "id": "4f6f3440-6d62-11e7-8ddb-e71eb260f4a3", | ||
| "type": "dashboard", | ||
| "version": 2, | ||
| "attributes": { | ||
| "hits": 0, | ||
| "timeRestore": false, | ||
| "description": "", | ||
| "title": "OSSEC", | ||
| "uiStateJSON": "{}", | ||
| "panelsJSON": "[]", | ||
| "optionsJSON": "{\"darkTheme\":false}", | ||
| "version": 1, | ||
| "kibanaSavedObjectMeta": { | ||
| "searchSourceJSON": "{\"filter\":[{\"query\":{\"query_string\":{\"query\":\"*\"}}}],\"highlightAll\":true,\"version\":true}" | ||
| } | ||
| } | ||
| } | ||
| ] | ||
| } |
246 changes: 246 additions & 0 deletions
246
kibana/dashboards/50173bd0-3582-11e7-98ef-19df58fe538b.json
Large diffs are not rendered by default.
Oops, something went wrong.
244 changes: 244 additions & 0 deletions
244
kibana/dashboards/56a34ce0-3583-11e7-a588-05992195c551.json
Large diffs are not rendered by default.
Oops, something went wrong.
305 changes: 305 additions & 0 deletions
305
kibana/dashboards/61d43810-6d62-11e7-8ddb-e71eb260f4a3.json
Large diffs are not rendered by default.
Oops, something went wrong.
475 changes: 475 additions & 0 deletions
475
kibana/dashboards/68563ed0-34bf-11e7-9b32-bb903919ead9.json
Large diffs are not rendered by default.
Oops, something went wrong.
102 changes: 102 additions & 0 deletions
102
kibana/dashboards/68f738e0-46ca-11e7-946f-1bfb1be7c36b.json
Large diffs are not rendered by default.
Oops, something went wrong.
350 changes: 350 additions & 0 deletions
350
kibana/dashboards/6b0d4870-3583-11e7-a588-05992195c551.json
Large diffs are not rendered by default.
Oops, something went wrong.
307 changes: 307 additions & 0 deletions
307
kibana/dashboards/6d189680-6d62-11e7-8ddb-e71eb260f4a3.json
Large diffs are not rendered by default.
Oops, something went wrong.
223 changes: 223 additions & 0 deletions
223
kibana/dashboards/70c005f0-3583-11e7-a588-05992195c551.json
Large diffs are not rendered by default.
Oops, something went wrong.
202 changes: 202 additions & 0 deletions
202
kibana/dashboards/7929f430-3583-11e7-a588-05992195c551.json
Large diffs are not rendered by default.
Oops, something went wrong.
347 changes: 347 additions & 0 deletions
347
kibana/dashboards/7f27a830-34e5-11e7-9669-7f1d3242b798.json
Large diffs are not rendered by default.
Oops, something went wrong.
223 changes: 223 additions & 0 deletions
223
kibana/dashboards/85348270-357b-11e7-ac34-8965f6420c51.json
Large diffs are not rendered by default.
Oops, something went wrong.
217 changes: 217 additions & 0 deletions
217
kibana/dashboards/8a10e380-3583-11e7-a588-05992195c551.json
Large diffs are not rendered by default.
Oops, something went wrong.
286 changes: 286 additions & 0 deletions
286
kibana/dashboards/90b246c0-3583-11e7-a588-05992195c551.json
Large diffs are not rendered by default.
Oops, something went wrong.
526 changes: 526 additions & 0 deletions
526
kibana/dashboards/94b52620-342a-11e7-9d52-4f090484f59e.json
Large diffs are not rendered by default.
Oops, something went wrong.
327 changes: 327 additions & 0 deletions
327
kibana/dashboards/97f8c3a0-3583-11e7-a588-05992195c551.json
Large diffs are not rendered by default.
Oops, something went wrong.
349 changes: 349 additions & 0 deletions
349
kibana/dashboards/9ef20ae0-3583-11e7-a588-05992195c551.json
Large diffs are not rendered by default.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,63 @@ | ||
| { | ||
| "version": "5.6.4", | ||
| "objects": [ | ||
| { | ||
| "id": "AV6-PHKnDwoBUzALqJ_c", | ||
| "type": "visualization", | ||
| "version": 2, | ||
| "attributes": { | ||
| "visState": "{\"title\":\"Help\",\"type\":\"markdown\",\"params\":{\"markdown\":\"Hello, and welcome to Security Onion on the Elastic stack! \\n\\nAs you may have experienced, when logging into Kibana, you are automatically placed into the Overview dashboard, where you will see links to other dashboards. These dashboards are designed to work at 1024x768 screen resolution in order to maximize compatibility.\\n\\nAs you search through the data in Kibana, you should see Bro logs, syslog, and Snort alerts. Logstash should have parsed out most fields in most Bro logs and Snort alerts.\\n\\nNotice that the source_ip and destination_ip fields are hyperlinked. These hyperlinks will take you to a dashboard that will help you analyze the traffic relating to that particular IP address (Indicator).\\n\\nUID fields are also hyperlinked. This hyperlink will start a new Kibana search for that particular UID. In the case of Bro UIDs this will show you all Bro logs related to that particular connection.\\n\\nEach log entry also has an _id field that is hyperlinked. This hyperlink will take you to CapMe, allowing you to request full packet capture for any arbitrary log type! This assumes that the log is for tcp or udp traffic that was seen by Bro and Bro recorded it correctly in its conn.log. CapMe should try to do the following:\\n* retrieve the _id from Elasticsearch\\n* parse out timestamp\\n* if Bro log, parse out the CID, otherwise parse out src IP, src port, dst IP, and dst port\\n* query Elasticsearch for those terms and try to find the corresponding bro_conn log\\n* parse out sensor name (hostname-interface)\\n* send a request to sguild to request pcap from that sensor name\\n\\n\\nPreviously, in Squert, you could pivot from an IP address to ELSA. That pivot has been removed and replaced with a pivot to Kibana.\\n\\nFor additional information, please refer to our documentation at:\\n\\nhttps://securityonion.net/wiki/Elastic\\n\\nAlso, please feel free to post any questions or concerns on our mailing list:\\n\\nhttps://securityonion.net/wiki/MailingLists#mailing-lists\"},\"aggs\":[],\"listeners\":{}}", | ||
| "description": "", | ||
| "title": "Help", | ||
| "uiStateJSON": "{}", | ||
| "version": 1, | ||
| "kibanaSavedObjectMeta": { | ||
| "searchSourceJSON": "{\"query\":{\"match_all\":{}},\"filter\":[]}" | ||
| } | ||
| }, | ||
| "col": 3, | ||
| "panelIndex": 1, | ||
| "row": 1, | ||
| "size_x": 10, | ||
| "size_y": 11 | ||
| }, | ||
| { | ||
| "id": "b3b449d0-3429-11e7-9d52-4f090484f59e", | ||
| "type": "visualization", | ||
| "version": 2, | ||
| "attributes": { | ||
| "visState": "{\"title\":\"Navigation\",\"type\":\"markdown\",\"params\":{\"markdown\":\"[Home](/app/kibana#/dashboard/94b52620-342a-11e7-9d52-4f090484f59e) \\n[Help](/app/kibana#/dashboard/AV6-POJSDwoBUzALqKAg) \\n\\n**Alert Data:**\\n\\n[Bro Notices](/app/kibana#/dashboard/01600fb0-34e4-11e7-9669-7f1d3242b798) \\n[ElastAlert](/app/kibana#/dashboard/1d98d620-7dce-11e7-846a-150cdcaf3374) \\n[HIDS](/app/kibana#/dashboard/0de7a390-3644-11e7-a6f7-4f44d7bf1c33) \\n[NIDS](/app/kibana#/dashboard/7f27a830-34e5-11e7-9669-7f1d3242b798) \\n\\n**Bro Hunting:** \\n\\n [Connections](/app/kibana#/dashboard/e0a34b90-34e6-11e7-9118-45bd317f0ca4) \\n[DCE/RPC](/app/kibana#/dashboard/46582d50-3af2-11e7-a83b-b1b4da7d15f4) \\n[DHCP](/app/kibana#/dashboard/85348270-357b-11e7-ac34-8965f6420c51) \\n[DNP3](/app/kibana#/dashboard/2fdf5bf0-3581-11e7-98ef-19df58fe538b) \\n[DNS](/app/kibana#/dashboard/ebf5ec90-34bf-11e7-9b32-bb903919ead9) \\n[Files](/app/kibana#/dashboard/2d315d80-3582-11e7-98ef-19df58fe538b) \\n[FTP](/app/kibana#/dashboard/27f3b380-3583-11e7-a588-05992195c551) \\n[HTTP](/app/kibana#/dashboard/230134a0-34c6-11e7-8360-0b86c90983fd) \\n[Intel](/app/kibana#/dashboard/468022c0-3583-11e7-a588-05992195c551) \\n[IRC](/app/kibana#/dashboard/56a34ce0-3583-11e7-a588-05992195c551) \\n[Kerberos](/app/kibana#/dashboard/6b0d4870-3583-11e7-a588-05992195c551) \\n[Modbus](/app/kibana#/dashboard/70c005f0-3583-11e7-a588-05992195c551) \\n[MySQL](/app/kibana#/dashboard/7929f430-3583-11e7-a588-05992195c551) \\n[NTLM](/app/kibana#/dashboard/022713e0-3ab0-11e7-a83b-b1b4da7d15f4) \\n[PE](/app/kibana#/dashboard/8a10e380-3583-11e7-a588-05992195c551) \\n[RADIUS](/app/kibana#/dashboard/90b246c0-3583-11e7-a588-05992195c551) \\n[RDP](/app/kibana#/dashboard/97f8c3a0-3583-11e7-a588-05992195c551) \\n[RFB](/app/kibana#/dashboard/9ef20ae0-3583-11e7-a588-05992195c551) \\n[SIP](/app/kibana#/dashboard/ad3c0830-\\n3583-11e7-a588-05992195c551) \\n[SMB](/app/kibana#/dashboard/b3a53710-3aaa-11e7-8b17-0d8709b02c80) \\n[SMTP](/app/kibana#/dashboard/b10a9c60-3583-11e7-a588-05992195c551) \\n[SNMP](/app/kibana#/dashboard/b65c2710-3583-11e7-a588-05992195c551) \\n[Software](/app/kibana#/dashboard/c2c99c30-3583-11e7-a588-05992195c551) \\n[SSH](/app/kibana#/dashboard/c6ccfc00-3583-11e7-a588-05992195c551) \\n[SSL](/app/kibana#/dashboard/cca67b60-3583-11e7-a588-05992195c551) \\n[Syslog](/app/kibana#/dashboard/c4bbe040-76b3-11e7-ba96-cba76a1e264d) \\n[Tunnels](/app/kibana#/dashboard/d7b54ae0-3583-11e7-a588-05992195c551) \\n[Weird](/app/kibana#/dashboard/de2da250-3583-11e7-a588-05992195c551) \\n[X.509](/app/kibana#/dashboard/e5aa7170-3583-11e7-a588-05992195c551) \\n\\n**Host Hunting:** \\n\\n[Autoruns](/app/kibana#/dashboard/61d43810-6d62-11e7-8ddb-e71eb260f4a3) \\n[OSSEC](/app/kibana#/dashboard/3a457d70-3583-11e7-a588-05992195c551) \\n[Sysmon](/app/kibana#/dashboard/6d189680-6d62-11e7-8ddb-e71eb260f4a3) \\n\\n**Other:** \\n \\n[Firewall](/app/kibana#/dashboard/50173bd0-3582-11e7-98ef-19df58fe538b) \\n[Stats](/app/kibana#/dashboard/130017f0-46ce-11e7-946f-1bfb1be7c36b) \\n[Syslog](/app/kibana#/dashboard/4323af90-76e5-11e7-ab14-e1a4c1bc11e0)\"},\"aggs\":[],\"listeners\":{}}", | ||
| "description": "", | ||
| "title": "Navigation", | ||
| "uiStateJSON": "{}", | ||
| "version": 1, | ||
| "kibanaSavedObjectMeta": { | ||
| "searchSourceJSON": "{\"query\":{\"query_string\":{\"query\":\"*\"}},\"filter\":[]}" | ||
| } | ||
| }, | ||
| "col": 1, | ||
| "panelIndex": 2, | ||
| "row": 1, | ||
| "size_x": 2, | ||
| "size_y": 11 | ||
| }, | ||
| { | ||
| "id": "AV6-POJSDwoBUzALqKAg", | ||
| "type": "dashboard", | ||
| "version": 2, | ||
| "attributes": { | ||
| "hits": 0, | ||
| "timeRestore": false, | ||
| "description": "", | ||
| "title": "Help", | ||
| "uiStateJSON": "{}", | ||
| "panelsJSON": "[{\"col\":3,\"id\":\"AV6-PHKnDwoBUzALqJ_c\",\"panelIndex\":1,\"row\":1,\"size_x\":10,\"size_y\":11,\"type\":\"visualization\"},{\"col\":1,\"id\":\"b3b449d0-3429-11e7-9d52-4f090484f59e\",\"panelIndex\":2,\"row\":1,\"size_x\":2,\"size_y\":11,\"type\":\"visualization\"}]", | ||
| "optionsJSON": "{\"darkTheme\":true}", | ||
| "version": 1, | ||
| "kibanaSavedObjectMeta": { | ||
| "searchSourceJSON": "{\"filter\":[{\"query\":{\"match_all\":{}}}],\"highlightAll\":true,\"version\":true}" | ||
| } | ||
| } | ||
| } | ||
| ] | ||
| } |
Oops, something went wrong.