diff --git a/CHANGELOG.next.asciidoc b/CHANGELOG.next.asciidoc index 0f7b3b875880..5c854521e139 100644 --- a/CHANGELOG.next.asciidoc +++ b/CHANGELOG.next.asciidoc @@ -208,6 +208,7 @@ https://github.com/elastic/beats/compare/v7.0.0-alpha2...master[Check the HEAD d - Fix bug with cgroups hierarchy override path in cgroups {pull}27620[27620] - Beat `setup kibana` command may use the elasticsearch API key defined in `output.elasticsearch.api_key`. {issue}24015[24015] {pull}27540[27540] - Seperate namespaces for V1 and V2 controller paths {pull}27676[27676] +- Beats dashboards use custom index when `setup.dashboards.index` is set. {issue}21232[21232] {pull}27901[27901] *Auditbeat* diff --git a/dev-tools/mage/check.go b/dev-tools/mage/check.go index f61501b06eb0..c34255420cd6 100644 --- a/dev-tools/mage/check.go +++ b/dev-tools/mage/check.go @@ -36,6 +36,7 @@ import ( "github.com/pkg/errors" "github.com/elastic/beats/v7/dev-tools/mage/gotool" + "github.com/elastic/beats/v7/libbeat/dashboards" "github.com/elastic/beats/v7/libbeat/processors/dissect" ) @@ -260,6 +261,14 @@ func checkDashboardForErrors(file string, d []byte) bool { fmt.Println(" ", err) } + replaced := dashboards.ReplaceIndexInDashboardObject("my-test-index-*", d) + if bytes.Contains(replaced, []byte(BeatName+"-*")) { + hasErrors = true + fmt.Printf(">> Cannot modify all index pattern references in dashboard - %s\n", file) + fmt.Println("Please edit the dashboard override function named ReplaceIndexInDashboardObject in libbeat.") + fmt.Println(string(replaced)) + } + return hasErrors } diff --git a/libbeat/dashboards/decode.go b/libbeat/dashboards/decode.go index cd79bfead430..10c0a6948983 100644 --- a/libbeat/dashboards/decode.go +++ b/libbeat/dashboards/decode.go @@ -30,11 +30,13 @@ import ( var ( responseToDecode = []string{ - "attributes.uiStateJSON", - "attributes.visState", + "attributes.kibanaSavedObjectMeta.searchSourceJSON", + "attributes.layerListJSON", + "attributes.mapStateJSON", "attributes.optionsJSON", "attributes.panelsJSON", - "attributes.kibanaSavedObjectMeta.searchSourceJSON", + "attributes.uiStateJSON", + "attributes.visState", } ) @@ -76,15 +78,51 @@ func decodeLine(line []byte) []byte { if err != nil { return line } + o = decodeObject(o) + o = decodeEmbeddableConfig(o) + + return []byte(o.String()) +} + +func decodeObject(o common.MapStr) common.MapStr { for _, key := range responseToDecode { // All fields are optional, so errors are not caught err := decodeValue(o, key) if err != nil { logger := logp.NewLogger("dashboards") logger.Debugf("Error while decoding dashboard objects: %+v", err) + continue } } - return []byte(o.String()) + + return o +} + +func decodeEmbeddableConfig(o common.MapStr) common.MapStr { + p, err := o.GetValue("attributes.panelsJSON") + if err != nil { + return o + } + + if panels, ok := p.([]interface{}); ok { + for i, pan := range panels { + if panel, ok := pan.(map[string]interface{}); ok { + panelObj := common.MapStr(panel) + embedded, err := panelObj.GetValue("embeddableConfig") + if err != nil { + continue + } + if embeddedConfig, ok := embedded.(map[string]interface{}); ok { + embeddedConfigObj := common.MapStr(embeddedConfig) + panelObj.Put("embeddableConfig", decodeObject(embeddedConfigObj)) + panels[i] = panelObj + } + } + } + o.Put("attributes.panelsJSON", panels) + } + + return o } func decodeValue(data common.MapStr, key string) error { diff --git a/libbeat/dashboards/modify_json.go b/libbeat/dashboards/modify_json.go index 3178d6b23826..daacccdbc3fa 100644 --- a/libbeat/dashboards/modify_json.go +++ b/libbeat/dashboards/modify_json.go @@ -21,6 +21,7 @@ import ( "bytes" "encoding/json" "fmt" + "regexp" "github.com/pkg/errors" @@ -46,11 +47,6 @@ type JSONObject struct { Attributes JSONObjectAttribute `json:"attributes"` } -// JSONFormat contains a list of JSON object -type JSONFormat struct { - Objects []JSONObject `json:"objects"` -} - // ReplaceIndexInIndexPattern replaces an index in a dashboard content body func ReplaceIndexInIndexPattern(index string, content common.MapStr) (err error) { if index == "" { @@ -128,43 +124,62 @@ func ReplaceIndexInSavedObject(logger *logp.Logger, index string, kibanaSavedObj } kibanaSavedObject["searchSourceJSON"] = searchSourceJSON } - if visStateJSON, ok := kibanaSavedObject["visState"].(string); ok { - visStateJSON = ReplaceIndexInVisState(logger, index, visStateJSON) - kibanaSavedObject["visState"] = visStateJSON + if visState, ok := kibanaSavedObject["visState"].(map[string]interface{}); ok { + kibanaSavedObject["visState"] = ReplaceIndexInVisState(logger, index, visState) } return kibanaSavedObject } -// ReplaceIndexInVisState replaces index appearing in visState params objects -func ReplaceIndexInVisState(logger *logp.Logger, index string, visStateJSON string) string { - - var visState map[string]interface{} - err := json.Unmarshal([]byte(visStateJSON), &visState) - if err != nil { - logger.Errorf("Fail to unmarshal visState: %v", err) - return visStateJSON - } +var timeLionIdxRegexp = regexp.MustCompile(`index=\".*beat-\*\"`) +// ReplaceIndexInVisState replaces index appearing in visState params objects +func ReplaceIndexInVisState(logger *logp.Logger, index string, visState map[string]interface{}) map[string]interface{} { params, ok := visState["params"].(map[string]interface{}) if !ok { - return visStateJSON + return visState } // Don't set it if it was not set before - if pattern, ok := params["index_pattern"].(string); !ok || len(pattern) == 0 { - return visStateJSON + if pattern, ok := params["index_pattern"].(string); ok && len(pattern) != 0 { + params["index_pattern"] = index + } + + if s, ok := params["series"].([]interface{}); ok { + for i, ser := range s { + if series, ok := ser.(map[string]interface{}); ok { + if _, ok := series["series_index_pattern"]; !ok { + continue + } + series["series_index_pattern"] = index + s[i] = series + } + } + params["series"] = s } - params["index_pattern"] = index + if annotations, ok := params["annotations"].([]interface{}); ok { + for i, ann := range annotations { + annotation, ok := ann.(map[string]interface{}) + if !ok { + continue + } + if _, ok = annotation["index_pattern"]; !ok { + continue + } + annotation["index_pattern"] = index + annotations[i] = annotation + } + params["annotations"] = annotations + } - d, err := json.Marshal(visState) - if err != nil { - logger.Errorf("Fail to marshal visState: %v", err) - return visStateJSON + if expr, ok := params["expression"].(string); ok { + params["expression"] = timeLionIdxRegexp.ReplaceAllString(expr, `index="`+index+`"`) } - return string(d) + visState["params"] = replaceIndexInParamControls(logger, index, params) + + return visState } // ReplaceIndexInDashboardObject replaces references to the index pattern in dashboard objects @@ -195,10 +210,28 @@ func ReplaceIndexInDashboardObject(index string, content []byte) []byte { attributes["kibanaSavedObjectMeta"] = ReplaceIndexInSavedObject(logger, index, kibanaSavedObject) } - if visState, ok := attributes["visState"].(string); ok { + if visState, ok := attributes["visState"].(map[string]interface{}); ok { attributes["visState"] = ReplaceIndexInVisState(logger, index, visState) } + if layerListJSON, ok := attributes["layerListJSON"].([]interface{}); ok { + attributes["layerListJSON"] = replaceIndexInLayerListJSON(logger, index, layerListJSON) + } + + if mapStateJSON, ok := attributes["mapStateJSON"].(map[string]interface{}); ok { + attributes["mapStateJSON"] = replaceIndexInMapStateJSON(logger, index, mapStateJSON) + } + + if panelsJSON, ok := attributes["panelsJSON"].([]interface{}); ok { + attributes["panelsJSON"] = replaceIndexInPanelsJSON(logger, index, panelsJSON) + } + + objectMap["attributes"] = attributes + + if references, ok := objectMap["references"].([]interface{}); ok { + objectMap["references"] = replaceIndexInReferences(index, references) + } + b, err := json.Marshal(objectMap) if err != nil { logger.Error("Error marshaling modified dashboard: %+v", err) @@ -208,6 +241,121 @@ func ReplaceIndexInDashboardObject(index string, content []byte) []byte { return b } +func replaceIndexInLayerListJSON(logger *logp.Logger, index string, layerListJSON []interface{}) []interface{} { + for i, layerListElem := range layerListJSON { + elem, ok := layerListElem.(map[string]interface{}) + if !ok { + continue + } + + if joins, ok := elem["joins"].([]interface{}); ok { + for j, join := range joins { + if pos, ok := join.(map[string]interface{}); ok { + for key, val := range pos { + if joinElems, ok := val.(map[string]interface{}); ok { + if _, ok := joinElems["indexPatternTitle"]; ok { + joinElems["indexPatternTitle"] = index + pos[key] = joinElems + } + } + } + joins[j] = pos + } + } + elem["joins"] = joins + } + if descriptor, ok := elem["sourceDescriptor"].(map[string]interface{}); ok { + if _, ok := descriptor["indexPatternId"]; ok { + descriptor["indexPatternId"] = index + } + elem["sourceDescriptor"] = descriptor + } + + layerListJSON[i] = elem + } + return layerListJSON +} + +func replaceIndexInMapStateJSON(logger *logp.Logger, index string, mapState map[string]interface{}) map[string]interface{} { + if filters, ok := mapState["filters"].([]interface{}); ok { + for i, f := range filters { + if filter, ok := f.(map[string]interface{}); ok { + if meta, ok := filter["meta"].(map[string]interface{}); ok { + if _, ok := meta["index"]; !ok { + continue + } + meta["index"] = index + filter["meta"] = meta + } + filters[i] = filter + } + } + mapState["filters"] = filters + } + + return mapState +} + +func replaceIndexInPanelsJSON(logger *logp.Logger, index string, panelsJSON []interface{}) []interface{} { + for i, p := range panelsJSON { + if panel, ok := p.(map[string]interface{}); ok { + config, ok := panel["embeddableConfig"].(map[string]interface{}) + if !ok { + continue + } + if configAttr, ok := config["attributes"].(map[string]interface{}); ok { + if references, ok := configAttr["references"].([]interface{}); ok { + configAttr["references"] = replaceIndexInReferences(index, references) + } + if layerListJSON, ok := configAttr["layerListJSON"].([]interface{}); ok { + configAttr["layerListJSON"] = replaceIndexInLayerListJSON(logger, index, layerListJSON) + } + config["attributes"] = configAttr + } + + if savedVis, ok := config["savedVis"].(map[string]interface{}); ok { + if params, ok := savedVis["params"].(map[string]interface{}); ok { + savedVis["params"] = replaceIndexInParamControls(logger, index, params) + } + config["savedVis"] = savedVis + } + + panel["embeddableConfig"] = config + panelsJSON[i] = panel + } + } + return panelsJSON +} + +func replaceIndexInParamControls(logger *logp.Logger, index string, params map[string]interface{}) map[string]interface{} { + if controlsList, ok := params["controls"].([]interface{}); ok { + for i, ctrl := range controlsList { + if control, ok := ctrl.(map[string]interface{}); ok { + if _, ok := control["indexPattern"]; ok { + control["indexPattern"] = index + controlsList[i] = control + } + } + } + params["controls"] = controlsList + } + return params +} + +func replaceIndexInReferences(index string, references []interface{}) []interface{} { + for i, ref := range references { + if reference, ok := ref.(map[string]interface{}); ok { + if refType, ok := reference["type"].(string); ok { + if refType == "index-pattern" { + reference["id"] = index + } + } + references[i] = reference + } + } + return references +} + func EncodeJSONObjects(content []byte) []byte { logger := logp.NewLogger("dashboards") diff --git a/libbeat/dashboards/modify_json_test.go b/libbeat/dashboards/modify_json_test.go index 48f0fe972c9e..389e8b416a72 100644 --- a/libbeat/dashboards/modify_json_test.go +++ b/libbeat/dashboards/modify_json_test.go @@ -77,9 +77,34 @@ func TestReplaceIndexInDashboardObject(t *testing.T) { []byte(`{"attributes":{"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"index\":\"otherindex-*\"}"}}}`), }, { - []byte(`{"attributes":{"kibanaSavedObjectMeta":{"visState":"{\"params\":{\"index_pattern\":\"metricbeat-*\"}}"}}}`), + []byte(`{"attributes":{"layerListJSON":[{"joins":[{"leftField":"iso2","right":{"indexPatternTitle":"filebeat-*"}}]}]}}`), "otherindex-*", - []byte(`{"attributes":{"kibanaSavedObjectMeta":{"visState":"{\"params\":{\"index_pattern\":\"otherindex-*\"}}"}}}`), + []byte(`{"attributes":{"layerListJSON":[{"joins":[{"leftField":"iso2","right":{"indexPatternTitle":"otherindex-*"}}]}]}}`), + }, + { + []byte(`{"attributes":{"panelsJSON":[{"embeddableConfig":{"attributes":{"references":[{"id":"filebeat-*","type":"index-pattern"}]}}}]}}`), + "otherindex-*", + []byte(`{"attributes":{"panelsJSON":[{"embeddableConfig":{"attributes":{"references":[{"id":"otherindex-*","type":"index-pattern"}]}}}]}}`), + }, + { + []byte(`{"attributes":{},"references":[{"id":"auditbeat-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}]}`), + "otherindex-*", + []byte(`{"attributes":{},"references":[{"id":"otherindex-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}]}`), + }, + { + []byte(`{"attributes":{"visState":{"params":{"index_pattern":"winlogbeat-*"}}}}`), + "otherindex-*", + []byte(`{"attributes":{"visState":{"params":{"index_pattern":"otherindex-*"}}}}`), + }, + { + []byte(`{"attributes":{"visState":{"params":{"series":[{"series_index_pattern":"filebeat-*"}]}}}}`), + "otherindex-*", + []byte(`{"attributes":{"visState":{"params":{"series":[{"series_index_pattern":"otherindex-*"}]}}}}`), + }, + { + []byte(`{"attributes":{"mapStateJSON":{"filters":[{"meta":{"index":"filebeat-*"}}]}}}`), + "otherindex-*", + []byte(`{"attributes":{"mapStateJSON":{"filters":[{"meta":{"index":"otherindex-*"}}]}}}`), }, } diff --git a/x-pack/filebeat/module/aws/_meta/kibana/7/map/0edf0640-3e7e-11ea-bb0a-69c3ca1d410f.json b/x-pack/filebeat/module/aws/_meta/kibana/7/map/0edf0640-3e7e-11ea-bb0a-69c3ca1d410f.json index 5082eae2c9ed..3f128a002ea2 100644 --- a/x-pack/filebeat/module/aws/_meta/kibana/7/map/0edf0640-3e7e-11ea-bb0a-69c3ca1d410f.json +++ b/x-pack/filebeat/module/aws/_meta/kibana/7/map/0edf0640-3e7e-11ea-bb0a-69c3ca1d410f.json @@ -1,8 +1,154 @@ { "attributes": { "description": "", - "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true},\"id\":\"19047c4c-18d7-4aec-b0ce-98de2828244d\",\"label\":\"Hits\",\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{},\"type\":\"VECTOR_TILE\"},{\"sourceDescriptor\":{\"type\":\"ES_GEO_GRID\",\"id\":\"1e82f50f-424a-4718-905b-ad45db14db62\",\"geoField\":\"source.geo.location\",\"requestType\":\"point\",\"resolution\":\"COARSE\",\"indexPatternRefName\":\"layer_1_source_index_pattern\",\"applyGlobalQuery\":true},\"style\":{\"type\":\"VECTOR\",\"properties\":{\"fillColor\":{\"type\":\"DYNAMIC\",\"options\":{\"field\":{\"label\":\"count\",\"name\":\"doc_count\",\"origin\":\"source\"},\"color\":\"Blues\",\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3}}},\"lineColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#167a6d\"}},\"lineWidth\":{\"type\":\"STATIC\",\"options\":{\"size\":1}},\"iconSize\":{\"type\":\"DYNAMIC\",\"options\":{\"field\":{\"label\":\"count\",\"name\":\"doc_count\",\"origin\":\"source\"},\"minSize\":4,\"maxSize\":32,\"fieldMetaOptions\":{\"isEnabled\":false,\"sigma\":3}}},\"iconOrientation\":{\"type\":\"STATIC\",\"options\":{\"orientation\":0}},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}},\"icon\":{\"type\":\"STATIC\",\"options\":{\"value\":\"airfield\"}}}},\"id\":\"1d457cd4-01be-4f96-95fd-af4ac535ebea\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":0.75,\"visible\":true,\"type\":\"VECTOR\"}]", - "mapStateJSON": "{\"zoom\":3.9,\"center\":{\"lon\":13.666,\"lat\":50.97903},\"timeFilters\":{\"from\":\"now-15m\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":false,\"interval\":0},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[{\"meta\":{\"index\":\"filebeat-*\",\"alias\":null,\"negate\":false,\"disabled\":false,\"type\":\"phrase\",\"key\":\"fileset.name\",\"value\":\"elb\",\"params\":{\"query\":\"elb\"}},\"query\":{\"match\":{\"fileset.name\":{\"query\":\"elb\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}],\"settings\":{\"autoFitToDataBounds\":false}}", + "layerListJSON": [ + { + "alpha": 1, + "id": "19047c4c-18d7-4aec-b0ce-98de2828244d", + "label": "Hits", + "maxZoom": 24, + "minZoom": 0, + "sourceDescriptor": { + "isAutoSelect": true, + "type": "EMS_TMS" + }, + "style": {}, + "type": "VECTOR_TILE", + "visible": true + }, + { + "alpha": 0.75, + "id": "1d457cd4-01be-4f96-95fd-af4ac535ebea", + "label": null, + "maxZoom": 24, + "minZoom": 0, + "sourceDescriptor": { + "applyGlobalQuery": true, + "geoField": "source.geo.location", + "id": "1e82f50f-424a-4718-905b-ad45db14db62", + "indexPatternRefName": "layer_1_source_index_pattern", + "requestType": "point", + "resolution": "COARSE", + "type": "ES_GEO_GRID" + }, + "style": { + "properties": { + "fillColor": { + "options": { + "color": "Blues", + "field": { + "label": "count", + "name": "doc_count", + "origin": "source" + }, + "fieldMetaOptions": { + "isEnabled": false, + "sigma": 3 + } + }, + "type": "DYNAMIC" + }, + "icon": { + "options": { + "value": "airfield" + }, + "type": "STATIC" + }, + "iconOrientation": { + "options": { + "orientation": 0 + }, + "type": "STATIC" + }, + "iconSize": { + "options": { + "field": { + "label": "count", + "name": "doc_count", + "origin": "source" + }, + "fieldMetaOptions": { + "isEnabled": false, + "sigma": 3 + }, + "maxSize": 32, + "minSize": 4 + }, + "type": "DYNAMIC" + }, + "lineColor": { + "options": { + "color": "#167a6d" + }, + "type": "STATIC" + }, + "lineWidth": { + "options": { + "size": 1 + }, + "type": "STATIC" + }, + "symbolizeAs": { + "options": { + "value": "circle" + } + } + }, + "type": "VECTOR" + }, + "type": "VECTOR", + "visible": true + } + ], + "mapStateJSON": { + "center": { + "lat": 50.97903, + "lon": 13.666 + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "filebeat-*", + "key": "fileset.name", + "negate": false, + "params": { + "query": "elb" + }, + "type": "phrase", + "value": "elb" + }, + "query": { + "match": { + "fileset.name": { + "query": "elb", + "type": "phrase" + } + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "refreshConfig": { + "interval": 0, + "isPaused": false + }, + "settings": { + "autoFitToDataBounds": false + }, + "timeFilters": { + "from": "now-15m", + "to": "now" + }, + "zoom": 3.9 + }, "title": "ELB Requests Geolocation [Filebeat AWS] ECS", "uiStateJSON": { "isLayerTOCOpen": true, diff --git a/x-pack/filebeat/module/aws/_meta/kibana/7/map/513a3d70-4482-11ea-ad63-791a5dc86f10.json b/x-pack/filebeat/module/aws/_meta/kibana/7/map/513a3d70-4482-11ea-ad63-791a5dc86f10.json index 558f5987a064..94698371beb1 100644 --- a/x-pack/filebeat/module/aws/_meta/kibana/7/map/513a3d70-4482-11ea-ad63-791a5dc86f10.json +++ b/x-pack/filebeat/module/aws/_meta/kibana/7/map/513a3d70-4482-11ea-ad63-791a5dc86f10.json @@ -1,8 +1,189 @@ { "attributes": { "description": "", - "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true},\"id\":\"842c201e-96d7-413d-8688-de5ee4f8a1e0\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{},\"type\":\"VECTOR_TILE\"},{\"sourceDescriptor\":{\"id\":\"97903038-e08d-4451-bbd2-eb92c894bdf5\",\"type\":\"ES_SEARCH\",\"geoField\":\"destination.geo.location\",\"filterByMapBounds\":true,\"tooltipProperties\":[],\"topHitsSize\":1,\"indexPatternRefName\":\"layer_1_source_index_pattern\",\"sortField\":\"@timestamp\",\"sortOrder\":\"desc\",\"applyGlobalQuery\":true,\"scalingType\":\"LIMIT\"},\"style\":{\"type\":\"VECTOR\",\"properties\":{\"fillColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#1EA593\"}},\"lineColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#167a6d\"}},\"lineWidth\":{\"type\":\"STATIC\",\"options\":{\"size\":1}},\"iconSize\":{\"type\":\"STATIC\",\"options\":{\"size\":5}},\"iconOrientation\":{\"type\":\"STATIC\",\"options\":{\"orientation\":0}},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}},\"icon\":{\"type\":\"STATIC\",\"options\":{\"value\":\"airfield\"}}}},\"id\":\"401944dd-a371-4698-be17-bc4542e9a5d4\",\"label\":\"vpc flow action accept\",\"minZoom\":0,\"maxZoom\":24,\"alpha\":0.75,\"visible\":true,\"type\":\"VECTOR\",\"query\":{\"query\":\"aws.vpcflow.action : \\\"ACCEPT\\\" \",\"language\":\"kuery\"}},{\"sourceDescriptor\":{\"id\":\"9c0e7cce-4f21-4bcd-bb50-ae36c0fffffb\",\"type\":\"ES_SEARCH\",\"geoField\":\"source.geo.location\",\"filterByMapBounds\":true,\"tooltipProperties\":[],\"topHitsSize\":1,\"indexPatternRefName\":\"layer_2_source_index_pattern\",\"sortField\":\"@timestamp\",\"sortOrder\":\"desc\",\"applyGlobalQuery\":true,\"scalingType\":\"LIMIT\"},\"style\":{\"type\":\"VECTOR\",\"properties\":{\"fillColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#f00f0b\"}},\"lineColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#7a1a18\"}},\"lineWidth\":{\"type\":\"STATIC\",\"options\":{\"size\":1}},\"iconSize\":{\"type\":\"STATIC\",\"options\":{\"size\":5}},\"iconOrientation\":{\"type\":\"STATIC\",\"options\":{\"orientation\":0}},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}},\"icon\":{\"type\":\"STATIC\",\"options\":{\"value\":\"airfield\"}}}},\"id\":\"b1d44a5c-3a04-4c80-8080-57585b02fd48\",\"label\":\"vpc flow action reject\",\"minZoom\":0,\"maxZoom\":24,\"alpha\":0.75,\"visible\":true,\"type\":\"VECTOR\",\"query\":{\"query\":\"aws.vpcflow.action : \\\"REJECT\\\" \",\"language\":\"kuery\"}}]", - "mapStateJSON": "{\"zoom\":0.47,\"center\":{\"lon\":-108.92402,\"lat\":0},\"timeFilters\":{\"from\":\"now-15d\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":false,\"interval\":0},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":false}}", + "layerListJSON": [ + { + "alpha": 1, + "id": "842c201e-96d7-413d-8688-de5ee4f8a1e0", + "label": null, + "maxZoom": 24, + "minZoom": 0, + "sourceDescriptor": { + "isAutoSelect": true, + "type": "EMS_TMS" + }, + "style": {}, + "type": "VECTOR_TILE", + "visible": true + }, + { + "alpha": 0.75, + "id": "401944dd-a371-4698-be17-bc4542e9a5d4", + "label": "vpc flow action accept", + "maxZoom": 24, + "minZoom": 0, + "query": { + "language": "kuery", + "query": "aws.vpcflow.action : \"ACCEPT\" " + }, + "sourceDescriptor": { + "applyGlobalQuery": true, + "filterByMapBounds": true, + "geoField": "destination.geo.location", + "id": "97903038-e08d-4451-bbd2-eb92c894bdf5", + "indexPatternRefName": "layer_1_source_index_pattern", + "scalingType": "LIMIT", + "sortField": "@timestamp", + "sortOrder": "desc", + "tooltipProperties": [], + "topHitsSize": 1, + "type": "ES_SEARCH" + }, + "style": { + "properties": { + "fillColor": { + "options": { + "color": "#1EA593" + }, + "type": "STATIC" + }, + "icon": { + "options": { + "value": "airfield" + }, + "type": "STATIC" + }, + "iconOrientation": { + "options": { + "orientation": 0 + }, + "type": "STATIC" + }, + "iconSize": { + "options": { + "size": 5 + }, + "type": "STATIC" + }, + "lineColor": { + "options": { + "color": "#167a6d" + }, + "type": "STATIC" + }, + "lineWidth": { + "options": { + "size": 1 + }, + "type": "STATIC" + }, + "symbolizeAs": { + "options": { + "value": "circle" + } + } + }, + "type": "VECTOR" + }, + "type": "VECTOR", + "visible": true + }, + { + "alpha": 0.75, + "id": "b1d44a5c-3a04-4c80-8080-57585b02fd48", + "label": "vpc flow action reject", + "maxZoom": 24, + "minZoom": 0, + "query": { + "language": "kuery", + "query": "aws.vpcflow.action : \"REJECT\" " + }, + "sourceDescriptor": { + "applyGlobalQuery": true, + "filterByMapBounds": true, + "geoField": "source.geo.location", + "id": "9c0e7cce-4f21-4bcd-bb50-ae36c0fffffb", + "indexPatternRefName": "layer_2_source_index_pattern", + "scalingType": "LIMIT", + "sortField": "@timestamp", + "sortOrder": "desc", + "tooltipProperties": [], + "topHitsSize": 1, + "type": "ES_SEARCH" + }, + "style": { + "properties": { + "fillColor": { + "options": { + "color": "#f00f0b" + }, + "type": "STATIC" + }, + "icon": { + "options": { + "value": "airfield" + }, + "type": "STATIC" + }, + "iconOrientation": { + "options": { + "orientation": 0 + }, + "type": "STATIC" + }, + "iconSize": { + "options": { + "size": 5 + }, + "type": "STATIC" + }, + "lineColor": { + "options": { + "color": "#7a1a18" + }, + "type": "STATIC" + }, + "lineWidth": { + "options": { + "size": 1 + }, + "type": "STATIC" + }, + "symbolizeAs": { + "options": { + "value": "circle" + } + } + }, + "type": "VECTOR" + }, + "type": "VECTOR", + "visible": true + } + ], + "mapStateJSON": { + "center": { + "lat": 0, + "lon": -108.92402 + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "refreshConfig": { + "interval": 0, + "isPaused": false + }, + "settings": { + "autoFitToDataBounds": false + }, + "timeFilters": { + "from": "now-15d", + "to": "now" + }, + "zoom": 0.47 + }, "title": "VPC Flow Action Geo Location[Filebeat AWS]", "uiStateJSON": { "isLayerTOCOpen": false, diff --git a/x-pack/filebeat/module/aws/_meta/kibana/7/map/dae24080-739a-11ea-a345-f985c61fe654.json b/x-pack/filebeat/module/aws/_meta/kibana/7/map/dae24080-739a-11ea-a345-f985c61fe654.json index 1908bdc747b0..a1b23ec8fbe8 100644 --- a/x-pack/filebeat/module/aws/_meta/kibana/7/map/dae24080-739a-11ea-a345-f985c61fe654.json +++ b/x-pack/filebeat/module/aws/_meta/kibana/7/map/dae24080-739a-11ea-a345-f985c61fe654.json @@ -1,8 +1,148 @@ { "attributes": { "description": "", - "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true},\"id\":\"2c7b49fb-3fb5-4e18-b27f-fabe930971f3\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{},\"type\":\"VECTOR_TILE\"},{\"sourceDescriptor\":{\"id\":\"7bfe2df9-9398-4f1a-8cf7-b57aa5f3f31e\",\"geoField\":\"source.geo.location\",\"filterByMapBounds\":true,\"scalingType\":\"LIMIT\",\"topHitsSize\":1,\"type\":\"ES_SEARCH\",\"tooltipProperties\":[],\"sortField\":\"\",\"sortOrder\":\"desc\",\"applyGlobalQuery\":true,\"indexPatternRefName\":\"layer_1_source_index_pattern\"},\"style\":{\"type\":\"VECTOR\",\"properties\":{\"icon\":{\"type\":\"STATIC\",\"options\":{\"value\":\"marker\"}},\"fillColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#54B399\"}},\"lineColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#41937c\"}},\"lineWidth\":{\"type\":\"STATIC\",\"options\":{\"size\":1}},\"iconSize\":{\"type\":\"STATIC\",\"options\":{\"size\":6}},\"iconOrientation\":{\"type\":\"STATIC\",\"options\":{\"orientation\":0}},\"labelText\":{\"type\":\"STATIC\",\"options\":{\"value\":\"\"}},\"labelColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#000000\"}},\"labelSize\":{\"type\":\"STATIC\",\"options\":{\"size\":14}},\"labelBorderColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#FFFFFF\"}},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}}},\"isTimeAware\":true},\"id\":\"a10fa758-30ad-4e2a-bf9d-472e133a7f17\",\"label\":\"CloudTrail Soure Location\",\"minZoom\":0,\"maxZoom\":24,\"alpha\":0.75,\"visible\":true,\"type\":\"VECTOR\",\"joins\":[],\"query\":{\"query\":\"event.dataset:aws.cloudtrail\",\"language\":\"kuery\"}}]", - "mapStateJSON": "{\"zoom\":1.97,\"center\":{\"lon\":0,\"lat\":19.94277},\"timeFilters\":{\"from\":\"now-15m\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":false,\"interval\":0},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":false}}", + "layerListJSON": [ + { + "alpha": 1, + "id": "2c7b49fb-3fb5-4e18-b27f-fabe930971f3", + "label": null, + "maxZoom": 24, + "minZoom": 0, + "sourceDescriptor": { + "isAutoSelect": true, + "type": "EMS_TMS" + }, + "style": {}, + "type": "VECTOR_TILE", + "visible": true + }, + { + "alpha": 0.75, + "id": "a10fa758-30ad-4e2a-bf9d-472e133a7f17", + "joins": [], + "label": "CloudTrail Soure Location", + "maxZoom": 24, + "minZoom": 0, + "query": { + "language": "kuery", + "query": "event.dataset:aws.cloudtrail" + }, + "sourceDescriptor": { + "applyGlobalQuery": true, + "filterByMapBounds": true, + "geoField": "source.geo.location", + "id": "7bfe2df9-9398-4f1a-8cf7-b57aa5f3f31e", + "indexPatternRefName": "layer_1_source_index_pattern", + "scalingType": "LIMIT", + "sortField": "", + "sortOrder": "desc", + "tooltipProperties": [], + "topHitsSize": 1, + "type": "ES_SEARCH" + }, + "style": { + "isTimeAware": true, + "properties": { + "fillColor": { + "options": { + "color": "#54B399" + }, + "type": "STATIC" + }, + "icon": { + "options": { + "value": "marker" + }, + "type": "STATIC" + }, + "iconOrientation": { + "options": { + "orientation": 0 + }, + "type": "STATIC" + }, + "iconSize": { + "options": { + "size": 6 + }, + "type": "STATIC" + }, + "labelBorderColor": { + "options": { + "color": "#FFFFFF" + }, + "type": "STATIC" + }, + "labelBorderSize": { + "options": { + "size": "SMALL" + } + }, + "labelColor": { + "options": { + "color": "#000000" + }, + "type": "STATIC" + }, + "labelSize": { + "options": { + "size": 14 + }, + "type": "STATIC" + }, + "labelText": { + "options": { + "value": "" + }, + "type": "STATIC" + }, + "lineColor": { + "options": { + "color": "#41937c" + }, + "type": "STATIC" + }, + "lineWidth": { + "options": { + "size": 1 + }, + "type": "STATIC" + }, + "symbolizeAs": { + "options": { + "value": "circle" + } + } + }, + "type": "VECTOR" + }, + "type": "VECTOR", + "visible": true + } + ], + "mapStateJSON": { + "center": { + "lat": 19.94277, + "lon": 0 + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "refreshConfig": { + "interval": 0, + "isPaused": false + }, + "settings": { + "autoFitToDataBounds": false + }, + "timeFilters": { + "from": "now-15m", + "to": "now" + }, + "zoom": 1.97 + }, "title": "CloudTrail Source Location [Filebeat AWS]", "uiStateJSON": { "isLayerTOCOpen": true, diff --git a/x-pack/filebeat/module/cyberarkpas/_meta/kibana/7/dashboard/Filebeat-cyberarkpas-audit.json b/x-pack/filebeat/module/cyberarkpas/_meta/kibana/7/dashboard/Filebeat-cyberarkpas-audit.json index 406c258f164d..9ac5720c6aa3 100644 --- a/x-pack/filebeat/module/cyberarkpas/_meta/kibana/7/dashboard/Filebeat-cyberarkpas-audit.json +++ b/x-pack/filebeat/module/cyberarkpas/_meta/kibana/7/dashboard/Filebeat-cyberarkpas-audit.json @@ -972,10 +972,402 @@ "embeddableConfig": { "attributes": { "description": "", - "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"id\":null,\"isAutoSelect\":true},\"id\":\"a3734143-d6e1-4551-b0b1-8282a37e151b\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"type\":\"VECTOR_TILE\"},{\"label\":\"filebeat-* | Source Point\",\"sourceDescriptor\":{\"indexPatternId\":\"filebeat-*\",\"geoField\":\"source.geo.location\",\"scalingType\":\"TOP_HITS\",\"topHitsSplitField\":\"source.ip\",\"tooltipProperties\":[\"host.name\",\"source.ip\",\"source.domain\",\"source.geo.country_iso_code\",\"source.as.organization.name\"],\"id\":\"5f2b25a1-01ea-45ca-a4a2-f1a670c3b149\",\"type\":\"ES_SEARCH\",\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"filterByMapBounds\":true,\"sortField\":\"\",\"sortOrder\":\"desc\",\"topHitsSize\":22},\"style\":{\"type\":\"VECTOR\",\"properties\":{\"icon\":{\"type\":\"STATIC\",\"options\":{\"value\":\"home\"}},\"fillColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#6092C0\"}},\"lineColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#FFFFFF\"}},\"lineWidth\":{\"type\":\"STATIC\",\"options\":{\"size\":2}},\"iconSize\":{\"type\":\"STATIC\",\"options\":{\"size\":8}},\"iconOrientation\":{\"type\":\"STATIC\",\"options\":{\"orientation\":0}},\"labelText\":{\"type\":\"STATIC\",\"options\":{\"value\":\"\"}},\"labelColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#000000\"}},\"labelSize\":{\"type\":\"STATIC\",\"options\":{\"size\":14}},\"labelBorderColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#FFFFFF\"}},\"symbolizeAs\":{\"options\":{\"value\":\"icon\"}},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}}},\"isTimeAware\":true},\"id\":\"2ad8e318-4ef4-4e89-94f2-f37e395c488c\",\"minZoom\":0,\"maxZoom\":24,\"alpha\":0.75,\"visible\":true,\"type\":\"VECTOR\",\"joins\":[]},{\"label\":\"filebeat-* | Destination point\",\"sourceDescriptor\":{\"indexPatternId\":\"filebeat-*\",\"geoField\":\"destination.geo.location\",\"scalingType\":\"TOP_HITS\",\"topHitsSplitField\":\"destination.ip\",\"tooltipProperties\":[\"host.name\",\"destination.ip\",\"destination.domain\",\"destination.geo.country_iso_code\",\"destination.as.organization.name\"],\"id\":\"bc95f479-964f-4498-be1e-376d34a01b0a\",\"type\":\"ES_SEARCH\",\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"filterByMapBounds\":true,\"sortField\":\"\",\"sortOrder\":\"desc\",\"topHitsSize\":35},\"style\":{\"type\":\"VECTOR\",\"properties\":{\"icon\":{\"type\":\"STATIC\",\"options\":{\"value\":\"marker\"}},\"fillColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#D36086\"}},\"lineColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#FFFFFF\"}},\"lineWidth\":{\"type\":\"STATIC\",\"options\":{\"size\":2}},\"iconSize\":{\"type\":\"STATIC\",\"options\":{\"size\":8}},\"iconOrientation\":{\"type\":\"STATIC\",\"options\":{\"orientation\":0}},\"labelText\":{\"type\":\"STATIC\",\"options\":{\"value\":\"\"}},\"labelColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#000000\"}},\"labelSize\":{\"type\":\"STATIC\",\"options\":{\"size\":14}},\"labelBorderColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#FFFFFF\"}},\"symbolizeAs\":{\"options\":{\"value\":\"icon\"}},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}}},\"isTimeAware\":true},\"id\":\"dbb878c8-4039-49f1-b2ff-ab7fb942ba55\",\"minZoom\":0,\"maxZoom\":24,\"alpha\":0.75,\"visible\":true,\"type\":\"VECTOR\",\"joins\":[]},{\"label\":\"filebeat-* | Line\",\"sourceDescriptor\":{\"indexPatternId\":\"filebeat-*\",\"sourceGeoField\":\"source.geo.location\",\"destGeoField\":\"destination.geo.location\",\"metrics\":[{\"type\":\"count\"},{\"type\":\"sum\",\"field\":\"destination.bytes\"}],\"id\":\"faf6884d-b7cb-41dd-ab86-95970d7c59d2\",\"type\":\"ES_PEW_PEW\",\"applyGlobalQuery\":true,\"applyGlobalTime\":true},\"style\":{\"type\":\"VECTOR\",\"properties\":{\"icon\":{\"type\":\"STATIC\",\"options\":{\"value\":\"marker\"}},\"fillColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#54B399\"}},\"lineColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#6092C0\"}},\"lineWidth\":{\"type\":\"DYNAMIC\",\"options\":{\"minSize\":1,\"maxSize\":8,\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":true,\"sigma\":3}}},\"iconSize\":{\"type\":\"STATIC\",\"options\":{\"size\":6}},\"iconOrientation\":{\"type\":\"STATIC\",\"options\":{\"orientation\":0}},\"labelText\":{\"type\":\"STATIC\",\"options\":{\"value\":\"\"}},\"labelColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#000000\"}},\"labelSize\":{\"type\":\"STATIC\",\"options\":{\"size\":14}},\"labelBorderColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#FFFFFF\"}},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}}},\"isTimeAware\":true},\"id\":\"9c450fbf-b009-4b53-9810-2f47ca8dcfa8\",\"minZoom\":0,\"maxZoom\":24,\"alpha\":0.75,\"visible\":true,\"type\":\"VECTOR\",\"joins\":[]}]", - "mapStateJSON": "{\"zoom\":1.24,\"center\":{\"lon\":-49.38072,\"lat\":7.87497},\"timeFilters\":{\"from\":\"now-15w\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}", + "layerListJSON": [ + { + "alpha": 1, + "id": "a3734143-d6e1-4551-b0b1-8282a37e151b", + "label": null, + "maxZoom": 24, + "minZoom": 0, + "sourceDescriptor": { + "id": null, + "isAutoSelect": true, + "type": "EMS_TMS" + }, + "style": { + "type": "TILE" + }, + "type": "VECTOR_TILE", + "visible": true + }, + { + "alpha": 0.75, + "id": "2ad8e318-4ef4-4e89-94f2-f37e395c488c", + "joins": [], + "label": "Filebeat index | Source Point", + "maxZoom": 24, + "minZoom": 0, + "sourceDescriptor": { + "applyGlobalQuery": true, + "applyGlobalTime": true, + "filterByMapBounds": true, + "geoField": "source.geo.location", + "id": "5f2b25a1-01ea-45ca-a4a2-f1a670c3b149", + "indexPatternId": "filebeat-*", + "scalingType": "TOP_HITS", + "sortField": "", + "sortOrder": "desc", + "tooltipProperties": [ + "host.name", + "source.ip", + "source.domain", + "source.geo.country_iso_code", + "source.as.organization.name" + ], + "topHitsSize": 22, + "topHitsSplitField": "source.ip", + "type": "ES_SEARCH" + }, + "style": { + "isTimeAware": true, + "properties": { + "fillColor": { + "options": { + "color": "#6092C0" + }, + "type": "STATIC" + }, + "icon": { + "options": { + "value": "home" + }, + "type": "STATIC" + }, + "iconOrientation": { + "options": { + "orientation": 0 + }, + "type": "STATIC" + }, + "iconSize": { + "options": { + "size": 8 + }, + "type": "STATIC" + }, + "labelBorderColor": { + "options": { + "color": "#FFFFFF" + }, + "type": "STATIC" + }, + "labelBorderSize": { + "options": { + "size": "SMALL" + } + }, + "labelColor": { + "options": { + "color": "#000000" + }, + "type": "STATIC" + }, + "labelSize": { + "options": { + "size": 14 + }, + "type": "STATIC" + }, + "labelText": { + "options": { + "value": "" + }, + "type": "STATIC" + }, + "lineColor": { + "options": { + "color": "#FFFFFF" + }, + "type": "STATIC" + }, + "lineWidth": { + "options": { + "size": 2 + }, + "type": "STATIC" + }, + "symbolizeAs": { + "options": { + "value": "icon" + } + } + }, + "type": "VECTOR" + }, + "type": "VECTOR", + "visible": true + }, + { + "alpha": 0.75, + "id": "dbb878c8-4039-49f1-b2ff-ab7fb942ba55", + "joins": [], + "label": "Filebeat index | Destination point", + "maxZoom": 24, + "minZoom": 0, + "sourceDescriptor": { + "applyGlobalQuery": true, + "applyGlobalTime": true, + "filterByMapBounds": true, + "geoField": "destination.geo.location", + "id": "bc95f479-964f-4498-be1e-376d34a01b0a", + "indexPatternId": "filebeat-*", + "scalingType": "TOP_HITS", + "sortField": "", + "sortOrder": "desc", + "tooltipProperties": [ + "host.name", + "destination.ip", + "destination.domain", + "destination.geo.country_iso_code", + "destination.as.organization.name" + ], + "topHitsSize": 35, + "topHitsSplitField": "destination.ip", + "type": "ES_SEARCH" + }, + "style": { + "isTimeAware": true, + "properties": { + "fillColor": { + "options": { + "color": "#D36086" + }, + "type": "STATIC" + }, + "icon": { + "options": { + "value": "marker" + }, + "type": "STATIC" + }, + "iconOrientation": { + "options": { + "orientation": 0 + }, + "type": "STATIC" + }, + "iconSize": { + "options": { + "size": 8 + }, + "type": "STATIC" + }, + "labelBorderColor": { + "options": { + "color": "#FFFFFF" + }, + "type": "STATIC" + }, + "labelBorderSize": { + "options": { + "size": "SMALL" + } + }, + "labelColor": { + "options": { + "color": "#000000" + }, + "type": "STATIC" + }, + "labelSize": { + "options": { + "size": 14 + }, + "type": "STATIC" + }, + "labelText": { + "options": { + "value": "" + }, + "type": "STATIC" + }, + "lineColor": { + "options": { + "color": "#FFFFFF" + }, + "type": "STATIC" + }, + "lineWidth": { + "options": { + "size": 2 + }, + "type": "STATIC" + }, + "symbolizeAs": { + "options": { + "value": "icon" + } + } + }, + "type": "VECTOR" + }, + "type": "VECTOR", + "visible": true + }, + { + "alpha": 0.75, + "id": "9c450fbf-b009-4b53-9810-2f47ca8dcfa8", + "joins": [], + "label": "Filebeat index | Line", + "maxZoom": 24, + "minZoom": 0, + "sourceDescriptor": { + "applyGlobalQuery": true, + "applyGlobalTime": true, + "destGeoField": "destination.geo.location", + "id": "faf6884d-b7cb-41dd-ab86-95970d7c59d2", + "indexPatternId": "filebeat-*", + "metrics": [ + { + "type": "count" + }, + { + "field": "destination.bytes", + "type": "sum" + } + ], + "sourceGeoField": "source.geo.location", + "type": "ES_PEW_PEW" + }, + "style": { + "isTimeAware": true, + "properties": { + "fillColor": { + "options": { + "color": "#54B399" + }, + "type": "STATIC" + }, + "icon": { + "options": { + "value": "marker" + }, + "type": "STATIC" + }, + "iconOrientation": { + "options": { + "orientation": 0 + }, + "type": "STATIC" + }, + "iconSize": { + "options": { + "size": 6 + }, + "type": "STATIC" + }, + "labelBorderColor": { + "options": { + "color": "#FFFFFF" + }, + "type": "STATIC" + }, + "labelBorderSize": { + "options": { + "size": "SMALL" + } + }, + "labelColor": { + "options": { + "color": "#000000" + }, + "type": "STATIC" + }, + "labelSize": { + "options": { + "size": 14 + }, + "type": "STATIC" + }, + "labelText": { + "options": { + "value": "" + }, + "type": "STATIC" + }, + "lineColor": { + "options": { + "color": "#6092C0" + }, + "type": "STATIC" + }, + "lineWidth": { + "options": { + "field": { + "name": "doc_count", + "origin": "source" + }, + "fieldMetaOptions": { + "isEnabled": true, + "sigma": 3 + }, + "maxSize": 8, + "minSize": 1 + }, + "type": "DYNAMIC" + }, + "symbolizeAs": { + "options": { + "value": "circle" + } + } + }, + "type": "VECTOR" + }, + "type": "VECTOR", + "visible": true + } + ], + "mapStateJSON": { + "center": { + "lat": 7.87497, + "lon": -49.38072 + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "refreshConfig": { + "interval": 0, + "isPaused": true + }, + "settings": { + "autoFitToDataBounds": false, + "backgroundColor": "#ffffff", + "browserLocation": { + "zoom": 2 + }, + "disableInteractive": false, + "disableTooltipControl": false, + "fixedLocation": { + "lat": 0, + "lon": 0, + "zoom": 2 + }, + "hideLayerControl": false, + "hideToolbarOverlay": false, + "hideViewControl": false, + "initialLocation": "LAST_SAVED_LOCATION", + "maxZoom": 24, + "minZoom": 0, + "showScaleControl": false, + "showSpatialFilters": true, + "spatialFiltersAlpa": 0.3, + "spatialFiltersFillColor": "#DA8B45", + "spatialFiltersLineColor": "#DA8B45" + }, + "timeFilters": { + "from": "now-15w", + "to": "now" + }, + "zoom": 1.24 + }, "title": "", - "uiStateJSON": "{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}" + "uiStateJSON": { + "isLayerTOCOpen": true, + "openTOCDetails": [] + } }, "enhancements": {}, "hiddenLayers": [], diff --git a/x-pack/filebeat/module/gcp/_meta/kibana/7/map/a97de660-73a5-11ea-a345-f985c61fe654.json b/x-pack/filebeat/module/gcp/_meta/kibana/7/map/a97de660-73a5-11ea-a345-f985c61fe654.json index 4632935ce645..fcafb6c54286 100644 --- a/x-pack/filebeat/module/gcp/_meta/kibana/7/map/a97de660-73a5-11ea-a345-f985c61fe654.json +++ b/x-pack/filebeat/module/gcp/_meta/kibana/7/map/a97de660-73a5-11ea-a345-f985c61fe654.json @@ -1,8 +1,148 @@ { "attributes": { "description": "", - "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true},\"id\":\"866b5ce1-6ca0-47db-a6f2-54c5e0dcd2f0\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{},\"type\":\"VECTOR_TILE\"},{\"sourceDescriptor\":{\"id\":\"79ec6461-7561-45e4-a6a2-9d6fbd4cf986\",\"geoField\":\"source.geo.location\",\"filterByMapBounds\":true,\"scalingType\":\"LIMIT\",\"topHitsSize\":1,\"type\":\"ES_SEARCH\",\"tooltipProperties\":[],\"sortField\":\"\",\"sortOrder\":\"desc\",\"applyGlobalQuery\":true,\"indexPatternRefName\":\"layer_1_source_index_pattern\"},\"style\":{\"type\":\"VECTOR\",\"properties\":{\"icon\":{\"type\":\"STATIC\",\"options\":{\"value\":\"marker\"}},\"fillColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#54B399\"}},\"lineColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#41937c\"}},\"lineWidth\":{\"type\":\"STATIC\",\"options\":{\"size\":1}},\"iconSize\":{\"type\":\"STATIC\",\"options\":{\"size\":6}},\"iconOrientation\":{\"type\":\"STATIC\",\"options\":{\"orientation\":0}},\"labelText\":{\"type\":\"STATIC\",\"options\":{\"value\":\"\"}},\"labelColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#000000\"}},\"labelSize\":{\"type\":\"STATIC\",\"options\":{\"size\":14}},\"labelBorderColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#FFFFFF\"}},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}}},\"isTimeAware\":true},\"id\":\"279da950-e9a7-4287-ab37-25906e448455\",\"label\":\"Source Locations\",\"minZoom\":0,\"maxZoom\":24,\"alpha\":0.75,\"visible\":true,\"type\":\"VECTOR\",\"joins\":[],\"query\":{\"query\":\"event.dataset:gcp.audit\",\"language\":\"kuery\"}}]", - "mapStateJSON": "{\"zoom\":1.97,\"center\":{\"lon\":0,\"lat\":19.94277},\"timeFilters\":{\"from\":\"now-7d\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":false,\"interval\":0},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":false}}", + "layerListJSON": [ + { + "alpha": 1, + "id": "866b5ce1-6ca0-47db-a6f2-54c5e0dcd2f0", + "label": null, + "maxZoom": 24, + "minZoom": 0, + "sourceDescriptor": { + "isAutoSelect": true, + "type": "EMS_TMS" + }, + "style": {}, + "type": "VECTOR_TILE", + "visible": true + }, + { + "alpha": 0.75, + "id": "279da950-e9a7-4287-ab37-25906e448455", + "joins": [], + "label": "Source Locations", + "maxZoom": 24, + "minZoom": 0, + "query": { + "language": "kuery", + "query": "event.dataset:gcp.audit" + }, + "sourceDescriptor": { + "applyGlobalQuery": true, + "filterByMapBounds": true, + "geoField": "source.geo.location", + "id": "79ec6461-7561-45e4-a6a2-9d6fbd4cf986", + "indexPatternRefName": "layer_1_source_index_pattern", + "scalingType": "LIMIT", + "sortField": "", + "sortOrder": "desc", + "tooltipProperties": [], + "topHitsSize": 1, + "type": "ES_SEARCH" + }, + "style": { + "isTimeAware": true, + "properties": { + "fillColor": { + "options": { + "color": "#54B399" + }, + "type": "STATIC" + }, + "icon": { + "options": { + "value": "marker" + }, + "type": "STATIC" + }, + "iconOrientation": { + "options": { + "orientation": 0 + }, + "type": "STATIC" + }, + "iconSize": { + "options": { + "size": 6 + }, + "type": "STATIC" + }, + "labelBorderColor": { + "options": { + "color": "#FFFFFF" + }, + "type": "STATIC" + }, + "labelBorderSize": { + "options": { + "size": "SMALL" + } + }, + "labelColor": { + "options": { + "color": "#000000" + }, + "type": "STATIC" + }, + "labelSize": { + "options": { + "size": 14 + }, + "type": "STATIC" + }, + "labelText": { + "options": { + "value": "" + }, + "type": "STATIC" + }, + "lineColor": { + "options": { + "color": "#41937c" + }, + "type": "STATIC" + }, + "lineWidth": { + "options": { + "size": 1 + }, + "type": "STATIC" + }, + "symbolizeAs": { + "options": { + "value": "circle" + } + } + }, + "type": "VECTOR" + }, + "type": "VECTOR", + "visible": true + } + ], + "mapStateJSON": { + "center": { + "lat": 19.94277, + "lon": 0 + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "refreshConfig": { + "interval": 0, + "isPaused": false + }, + "settings": { + "autoFitToDataBounds": false + }, + "timeFilters": { + "from": "now-7d", + "to": "now" + }, + "zoom": 1.97 + }, "title": "Audit Source Locations [Filebeat GCP]", "uiStateJSON": { "isLayerTOCOpen": true, diff --git a/x-pack/filebeat/module/o365/_meta/kibana/7/map/dbae13c0-685c-11ea-8d6a-292ef5d68366.json b/x-pack/filebeat/module/o365/_meta/kibana/7/map/dbae13c0-685c-11ea-8d6a-292ef5d68366.json index 1c3afa633e7d..bc30cc657b46 100644 --- a/x-pack/filebeat/module/o365/_meta/kibana/7/map/dbae13c0-685c-11ea-8d6a-292ef5d68366.json +++ b/x-pack/filebeat/module/o365/_meta/kibana/7/map/dbae13c0-685c-11ea-8d6a-292ef5d68366.json @@ -1,8 +1,162 @@ { "attributes": { "description": "", - "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true},\"id\":\"0b910b6c-77c8-4223-892a-1ebf69b0ccb4\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{},\"type\":\"VECTOR_TILE\"},{\"sourceDescriptor\":{\"type\":\"ES_GEO_GRID\",\"id\":\"3ba31ffc-7051-44bf-96a0-a684020cd2a3\",\"geoField\":\"source.geo.location\",\"requestType\":\"point\",\"resolution\":\"FINE\",\"applyGlobalQuery\":true,\"indexPatternRefName\":\"layer_1_source_index_pattern\"},\"style\":{\"type\":\"VECTOR\",\"properties\":{\"fillColor\":{\"type\":\"DYNAMIC\",\"options\":{\"color\":\"Yellow to Red\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":true,\"sigma\":3},\"type\":\"ORDINAL\",\"useCustomColorRamp\":false}},\"lineColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#FFF\"}},\"lineWidth\":{\"type\":\"STATIC\",\"options\":{\"size\":0}},\"iconSize\":{\"type\":\"DYNAMIC\",\"options\":{\"minSize\":8,\"maxSize\":32,\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":true,\"sigma\":3}}},\"iconOrientation\":{\"type\":\"STATIC\",\"options\":{\"orientation\":0}},\"labelText\":{\"type\":\"DYNAMIC\",\"options\":{\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"}}},\"labelColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#000000\"}},\"labelSize\":{\"type\":\"STATIC\",\"options\":{\"size\":14}},\"labelBorderColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#FFFFFF\"}},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}},\"icon\":{\"type\":\"STATIC\",\"options\":{\"value\":\"airfield\"}}},\"isTimeAware\":true},\"id\":\"acc53b7b-3411-406b-9371-6fa62b6b9365\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":0.75,\"visible\":true,\"type\":\"VECTOR\"}]", - "mapStateJSON": "{\"zoom\":2.88,\"center\":{\"lon\":16.67387,\"lat\":30.87292},\"timeFilters\":{\"from\":\"now-7d\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":false,\"interval\":0},\"query\":{\"query\":\"event.dataset:\\\"o365.audit\\\" \",\"language\":\"kuery\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":false}}", + "layerListJSON": [ + { + "alpha": 1, + "id": "0b910b6c-77c8-4223-892a-1ebf69b0ccb4", + "label": null, + "maxZoom": 24, + "minZoom": 0, + "sourceDescriptor": { + "isAutoSelect": true, + "type": "EMS_TMS" + }, + "style": {}, + "type": "VECTOR_TILE", + "visible": true + }, + { + "alpha": 0.75, + "id": "acc53b7b-3411-406b-9371-6fa62b6b9365", + "label": null, + "maxZoom": 24, + "minZoom": 0, + "sourceDescriptor": { + "applyGlobalQuery": true, + "geoField": "source.geo.location", + "id": "3ba31ffc-7051-44bf-96a0-a684020cd2a3", + "indexPatternRefName": "layer_1_source_index_pattern", + "requestType": "point", + "resolution": "FINE", + "type": "ES_GEO_GRID" + }, + "style": { + "isTimeAware": true, + "properties": { + "fillColor": { + "options": { + "color": "Yellow to Red", + "colorCategory": "palette_0", + "field": { + "name": "doc_count", + "origin": "source" + }, + "fieldMetaOptions": { + "isEnabled": true, + "sigma": 3 + }, + "type": "ORDINAL", + "useCustomColorRamp": false + }, + "type": "DYNAMIC" + }, + "icon": { + "options": { + "value": "airfield" + }, + "type": "STATIC" + }, + "iconOrientation": { + "options": { + "orientation": 0 + }, + "type": "STATIC" + }, + "iconSize": { + "options": { + "field": { + "name": "doc_count", + "origin": "source" + }, + "fieldMetaOptions": { + "isEnabled": true, + "sigma": 3 + }, + "maxSize": 32, + "minSize": 8 + }, + "type": "DYNAMIC" + }, + "labelBorderColor": { + "options": { + "color": "#FFFFFF" + }, + "type": "STATIC" + }, + "labelBorderSize": { + "options": { + "size": "SMALL" + } + }, + "labelColor": { + "options": { + "color": "#000000" + }, + "type": "STATIC" + }, + "labelSize": { + "options": { + "size": 14 + }, + "type": "STATIC" + }, + "labelText": { + "options": { + "field": { + "name": "doc_count", + "origin": "source" + } + }, + "type": "DYNAMIC" + }, + "lineColor": { + "options": { + "color": "#FFF" + }, + "type": "STATIC" + }, + "lineWidth": { + "options": { + "size": 0 + }, + "type": "STATIC" + }, + "symbolizeAs": { + "options": { + "value": "circle" + } + } + }, + "type": "VECTOR" + }, + "type": "VECTOR", + "visible": true + } + ], + "mapStateJSON": { + "center": { + "lat": 30.87292, + "lon": 16.67387 + }, + "filters": [], + "query": { + "language": "kuery", + "query": "event.dataset:\"o365.audit\" " + }, + "refreshConfig": { + "interval": 0, + "isPaused": false + }, + "settings": { + "autoFitToDataBounds": false + }, + "timeFilters": { + "from": "now-7d", + "to": "now" + }, + "zoom": 2.88 + }, "title": "Client Geo Map [Filebeat o365 audit]", "uiStateJSON": { "isLayerTOCOpen": true, diff --git a/x-pack/filebeat/module/okta/_meta/kibana/7/map/281ca660-67b1-11ea-a76f-bf44814e437d.json b/x-pack/filebeat/module/okta/_meta/kibana/7/map/281ca660-67b1-11ea-a76f-bf44814e437d.json index 8e84bedce4af..1daf57ec1d81 100644 --- a/x-pack/filebeat/module/okta/_meta/kibana/7/map/281ca660-67b1-11ea-a76f-bf44814e437d.json +++ b/x-pack/filebeat/module/okta/_meta/kibana/7/map/281ca660-67b1-11ea-a76f-bf44814e437d.json @@ -1,8 +1,169 @@ { "attributes": { "description": "", - "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true},\"id\":\"6908e81b-1695-4445-aee4-8bc8c9f65600\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{},\"type\":\"VECTOR_TILE\"},{\"sourceDescriptor\":{\"id\":\"4b8bd321-4b90-4d97-83e0-2b12bf091f66\",\"geoField\":\"client.geo.location\",\"filterByMapBounds\":false,\"type\":\"ES_SEARCH\",\"tooltipProperties\":[],\"sortField\":\"\",\"sortOrder\":\"desc\",\"topHitsSize\":1,\"applyGlobalQuery\":true,\"indexPatternRefName\":\"layer_1_source_index_pattern\",\"scalingType\":\"LIMIT\"},\"style\":{\"type\":\"VECTOR\",\"properties\":{\"icon\":{\"type\":\"STATIC\",\"options\":{\"value\":\"marker\"}},\"fillColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#54B399\"}},\"lineColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#41937c\"}},\"lineWidth\":{\"type\":\"STATIC\",\"options\":{\"size\":1}},\"iconSize\":{\"type\":\"STATIC\",\"options\":{\"size\":6}},\"iconOrientation\":{\"type\":\"STATIC\",\"options\":{\"orientation\":0}},\"labelText\":{\"type\":\"STATIC\",\"options\":{\"value\":\"\"}},\"labelColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#000000\"}},\"labelSize\":{\"type\":\"STATIC\",\"options\":{\"size\":14}},\"labelBorderColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#FFFFFF\"}},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}}},\"isTimeAware\":true},\"id\":\"dc52e707-92d7-4de7-becf-a3a8bfaa2c2d\",\"label\":\"Okta \",\"minZoom\":0,\"maxZoom\":24,\"alpha\":0.75,\"visible\":true,\"type\":\"VECTOR\",\"query\":{\"query\":\"event.dataset : \\\"okta.system\\\" \",\"language\":\"kuery\"}}]", - "mapStateJSON": "{\"zoom\":2.75,\"center\":{\"lon\":-44.69098,\"lat\":26.54701},\"timeFilters\":{\"from\":\"now-15w\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":false,\"interval\":0},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"filebeat-*\",\"key\":\"event.dataset\",\"negate\":false,\"params\":{\"query\":\"okta.system\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"event.dataset\":\"okta.system\"}}}],\"settings\":{\"autoFitToDataBounds\":false}}", + "layerListJSON": [ + { + "alpha": 1, + "id": "6908e81b-1695-4445-aee4-8bc8c9f65600", + "label": null, + "maxZoom": 24, + "minZoom": 0, + "sourceDescriptor": { + "isAutoSelect": true, + "type": "EMS_TMS" + }, + "style": {}, + "type": "VECTOR_TILE", + "visible": true + }, + { + "alpha": 0.75, + "id": "dc52e707-92d7-4de7-becf-a3a8bfaa2c2d", + "label": "Okta ", + "maxZoom": 24, + "minZoom": 0, + "query": { + "language": "kuery", + "query": "event.dataset : \"okta.system\" " + }, + "sourceDescriptor": { + "applyGlobalQuery": true, + "filterByMapBounds": false, + "geoField": "client.geo.location", + "id": "4b8bd321-4b90-4d97-83e0-2b12bf091f66", + "indexPatternRefName": "layer_1_source_index_pattern", + "scalingType": "LIMIT", + "sortField": "", + "sortOrder": "desc", + "tooltipProperties": [], + "topHitsSize": 1, + "type": "ES_SEARCH" + }, + "style": { + "isTimeAware": true, + "properties": { + "fillColor": { + "options": { + "color": "#54B399" + }, + "type": "STATIC" + }, + "icon": { + "options": { + "value": "marker" + }, + "type": "STATIC" + }, + "iconOrientation": { + "options": { + "orientation": 0 + }, + "type": "STATIC" + }, + "iconSize": { + "options": { + "size": 6 + }, + "type": "STATIC" + }, + "labelBorderColor": { + "options": { + "color": "#FFFFFF" + }, + "type": "STATIC" + }, + "labelBorderSize": { + "options": { + "size": "SMALL" + } + }, + "labelColor": { + "options": { + "color": "#000000" + }, + "type": "STATIC" + }, + "labelSize": { + "options": { + "size": 14 + }, + "type": "STATIC" + }, + "labelText": { + "options": { + "value": "" + }, + "type": "STATIC" + }, + "lineColor": { + "options": { + "color": "#41937c" + }, + "type": "STATIC" + }, + "lineWidth": { + "options": { + "size": 1 + }, + "type": "STATIC" + }, + "symbolizeAs": { + "options": { + "value": "circle" + } + } + }, + "type": "VECTOR" + }, + "type": "VECTOR", + "visible": true + } + ], + "mapStateJSON": { + "center": { + "lat": 26.54701, + "lon": -44.69098 + }, + "filters": [ + { + "$state": { + "store": "appState" + }, + "meta": { + "alias": null, + "disabled": false, + "index": "filebeat-*", + "key": "event.dataset", + "negate": false, + "params": { + "query": "okta.system" + }, + "type": "phrase" + }, + "query": { + "match_phrase": { + "event.dataset": "okta.system" + } + } + } + ], + "query": { + "language": "kuery", + "query": "" + }, + "refreshConfig": { + "interval": 0, + "isPaused": false + }, + "settings": { + "autoFitToDataBounds": false + }, + "timeFilters": { + "from": "now-15w", + "to": "now" + }, + "zoom": 2.75 + }, "title": "Geolocation [Filebeat Okta]", "uiStateJSON": { "isLayerTOCOpen": true, diff --git a/x-pack/filebeat/module/threatintel/_meta/kibana/7/map/63365b50-82aa-11eb-ac13-d5ca87cb8fa2.json b/x-pack/filebeat/module/threatintel/_meta/kibana/7/map/63365b50-82aa-11eb-ac13-d5ca87cb8fa2.json index a5db3f4515ce..63e7825a56bc 100644 --- a/x-pack/filebeat/module/threatintel/_meta/kibana/7/map/63365b50-82aa-11eb-ac13-d5ca87cb8fa2.json +++ b/x-pack/filebeat/module/threatintel/_meta/kibana/7/map/63365b50-82aa-11eb-ac13-d5ca87cb8fa2.json @@ -1,8 +1,184 @@ { "attributes": { "description": "Origin country of the indicator ingested by the threat intel Filebeat module.", - "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true},\"id\":\"ea2479ec-b43e-4377-a068-91d93265081d\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"type\":\"VECTOR_TILE\"},{\"joins\":[{\"leftField\":\"iso2\",\"right\":{\"type\":\"ES_TERM_SOURCE\",\"id\":\"81d209f7-b068-4b0d-90f4-baf9a3eefb55\",\"indexPatternTitle\":\"filebeat-*\",\"term\":\"threatintel.indicator.geo.country_iso_code\",\"metrics\":[{\"type\":\"count\"}],\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"indexPatternRefName\":\"layer_1_join_0_index_pattern\"}}],\"sourceDescriptor\":{\"type\":\"EMS_FILE\",\"id\":\"world_countries\",\"tooltipProperties\":[\"name\"]},\"style\":{\"type\":\"VECTOR\",\"properties\":{\"icon\":{\"type\":\"STATIC\",\"options\":{\"value\":\"marker\"}},\"fillColor\":{\"type\":\"DYNAMIC\",\"options\":{\"color\":\"Yellow to Red\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"__kbnjoin__count__81d209f7-b068-4b0d-90f4-baf9a3eefb55\",\"origin\":\"join\"},\"fieldMetaOptions\":{\"isEnabled\":true,\"sigma\":3},\"type\":\"ORDINAL\"}},\"lineColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#3d3d3d\"}},\"lineWidth\":{\"type\":\"STATIC\",\"options\":{\"size\":1}},\"iconSize\":{\"type\":\"STATIC\",\"options\":{\"size\":6}},\"iconOrientation\":{\"type\":\"STATIC\",\"options\":{\"orientation\":0}},\"labelText\":{\"type\":\"STATIC\",\"options\":{\"value\":\"\"}},\"labelColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#000000\"}},\"labelSize\":{\"type\":\"STATIC\",\"options\":{\"size\":14}},\"labelBorderColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#FFFFFF\"}},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}}},\"isTimeAware\":true},\"id\":\"66df8b3a-7f7c-4969-929e-2c1ac5b64584\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":0.75,\"visible\":true,\"type\":\"VECTOR\"}]", - "mapStateJSON": "{\"zoom\":2.08,\"center\":{\"lon\":0,\"lat\":19.94277},\"timeFilters\":{\"from\":\"now-30d\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showSpatialFilters\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}", + "layerListJSON": [ + { + "alpha": 1, + "id": "ea2479ec-b43e-4377-a068-91d93265081d", + "label": null, + "maxZoom": 24, + "minZoom": 0, + "sourceDescriptor": { + "isAutoSelect": true, + "type": "EMS_TMS" + }, + "style": { + "type": "TILE" + }, + "type": "VECTOR_TILE", + "visible": true + }, + { + "alpha": 0.75, + "id": "66df8b3a-7f7c-4969-929e-2c1ac5b64584", + "joins": [ + { + "leftField": "iso2", + "right": { + "applyGlobalQuery": true, + "applyGlobalTime": true, + "id": "81d209f7-b068-4b0d-90f4-baf9a3eefb55", + "indexPatternRefName": "layer_1_join_0_index_pattern", + "indexPatternTitle": "filebeat-*", + "metrics": [ + { + "type": "count" + } + ], + "term": "threatintel.indicator.geo.country_iso_code", + "type": "ES_TERM_SOURCE" + } + } + ], + "label": null, + "maxZoom": 24, + "minZoom": 0, + "sourceDescriptor": { + "id": "world_countries", + "tooltipProperties": [ + "name" + ], + "type": "EMS_FILE" + }, + "style": { + "isTimeAware": true, + "properties": { + "fillColor": { + "options": { + "color": "Yellow to Red", + "colorCategory": "palette_0", + "field": { + "name": "__kbnjoin__count__81d209f7-b068-4b0d-90f4-baf9a3eefb55", + "origin": "join" + }, + "fieldMetaOptions": { + "isEnabled": true, + "sigma": 3 + }, + "type": "ORDINAL" + }, + "type": "DYNAMIC" + }, + "icon": { + "options": { + "value": "marker" + }, + "type": "STATIC" + }, + "iconOrientation": { + "options": { + "orientation": 0 + }, + "type": "STATIC" + }, + "iconSize": { + "options": { + "size": 6 + }, + "type": "STATIC" + }, + "labelBorderColor": { + "options": { + "color": "#FFFFFF" + }, + "type": "STATIC" + }, + "labelBorderSize": { + "options": { + "size": "SMALL" + } + }, + "labelColor": { + "options": { + "color": "#000000" + }, + "type": "STATIC" + }, + "labelSize": { + "options": { + "size": 14 + }, + "type": "STATIC" + }, + "labelText": { + "options": { + "value": "" + }, + "type": "STATIC" + }, + "lineColor": { + "options": { + "color": "#3d3d3d" + }, + "type": "STATIC" + }, + "lineWidth": { + "options": { + "size": 1 + }, + "type": "STATIC" + }, + "symbolizeAs": { + "options": { + "value": "circle" + } + } + }, + "type": "VECTOR" + }, + "type": "VECTOR", + "visible": true + } + ], + "mapStateJSON": { + "center": { + "lat": 19.94277, + "lon": 0 + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "refreshConfig": { + "interval": 0, + "isPaused": true + }, + "settings": { + "autoFitToDataBounds": false, + "backgroundColor": "#ffffff", + "browserLocation": { + "zoom": 2 + }, + "fixedLocation": { + "lat": 0, + "lon": 0, + "zoom": 2 + }, + "initialLocation": "LAST_SAVED_LOCATION", + "maxZoom": 24, + "minZoom": 0, + "showSpatialFilters": true, + "spatialFiltersAlpa": 0.3, + "spatialFiltersFillColor": "#DA8B45", + "spatialFiltersLineColor": "#DA8B45" + }, + "timeFilters": { + "from": "now-30d", + "to": "now" + }, + "zoom": 2.08 + }, "title": "Indicator Origin Country [Filebeat Threat Intel]", "uiStateJSON": { "isLayerTOCOpen": true, diff --git a/x-pack/filebeat/module/threatintel/_meta/kibana/7/map/ec5aa090-df42-11eb-8f2b-753caedf727d.json b/x-pack/filebeat/module/threatintel/_meta/kibana/7/map/ec5aa090-df42-11eb-8f2b-753caedf727d.json index 6f7918fe90de..8100b60e6b3d 100644 --- a/x-pack/filebeat/module/threatintel/_meta/kibana/7/map/ec5aa090-df42-11eb-8f2b-753caedf727d.json +++ b/x-pack/filebeat/module/threatintel/_meta/kibana/7/map/ec5aa090-df42-11eb-8f2b-753caedf727d.json @@ -1,8 +1,174 @@ { "attributes": { "description": "Geographic location of Anomali indicators ingested by the threat intel Filebeat module.", - "layerListJSON": "[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true},\"id\":\"9027343a-f725-4467-9b08-8566ad0b2a52\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"type\":\"VECTOR_TILE\"},{\"sourceDescriptor\":{\"geoField\":\"threatintel.indicator.geo.location\",\"filterByMapBounds\":true,\"scalingType\":\"LIMIT\",\"id\":\"a3ecc6af-0299-4cb9-a29c-0b70f666b011\",\"type\":\"ES_SEARCH\",\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"tooltipProperties\":[\"threatintel.indicator.as.number\",\"threatintel.indicator.as.organization.name\",\"threatintel.indicator.geo.country_iso_code\"],\"sortField\":\"\",\"sortOrder\":\"desc\",\"topHitsSplitField\":\"\",\"topHitsSize\":1,\"indexPatternRefName\":\"layer_1_source_index_pattern\"},\"id\":\"83ede860-fe89-43c9-8e74-fa2703efbb85\",\"label\":\"Indicator Geographic Location\",\"minZoom\":0,\"maxZoom\":24,\"alpha\":0.75,\"visible\":true,\"style\":{\"type\":\"VECTOR\",\"properties\":{\"icon\":{\"type\":\"STATIC\",\"options\":{\"value\":\"danger\"}},\"fillColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#D36086\"}},\"lineColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#41937c\"}},\"lineWidth\":{\"type\":\"STATIC\",\"options\":{\"size\":1}},\"iconSize\":{\"type\":\"STATIC\",\"options\":{\"size\":6}},\"iconOrientation\":{\"type\":\"STATIC\",\"options\":{\"orientation\":0}},\"labelText\":{\"type\":\"STATIC\",\"options\":{\"value\":\"\"}},\"labelColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#000000\"}},\"labelSize\":{\"type\":\"STATIC\",\"options\":{\"size\":14}},\"labelBorderColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#FFFFFF\"}},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}}},\"isTimeAware\":true},\"type\":\"VECTOR\",\"joins\":[]}]", - "mapStateJSON": "{\"zoom\":2.08,\"center\":{\"lon\":0,\"lat\":19.94277},\"timeFilters\":{\"from\":\"now-7d\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"query\":\"event.dataset:\\\"threatintel.anomalithreatstream\\\" \",\"language\":\"kuery\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}", + "layerListJSON": [ + { + "alpha": 1, + "id": "9027343a-f725-4467-9b08-8566ad0b2a52", + "label": null, + "maxZoom": 24, + "minZoom": 0, + "sourceDescriptor": { + "isAutoSelect": true, + "type": "EMS_TMS" + }, + "style": { + "type": "TILE" + }, + "type": "VECTOR_TILE", + "visible": true + }, + { + "alpha": 0.75, + "id": "83ede860-fe89-43c9-8e74-fa2703efbb85", + "joins": [], + "label": "Indicator Geographic Location", + "maxZoom": 24, + "minZoom": 0, + "sourceDescriptor": { + "applyGlobalQuery": true, + "applyGlobalTime": true, + "filterByMapBounds": true, + "geoField": "threatintel.indicator.geo.location", + "id": "a3ecc6af-0299-4cb9-a29c-0b70f666b011", + "indexPatternRefName": "layer_1_source_index_pattern", + "scalingType": "LIMIT", + "sortField": "", + "sortOrder": "desc", + "tooltipProperties": [ + "threatintel.indicator.as.number", + "threatintel.indicator.as.organization.name", + "threatintel.indicator.geo.country_iso_code" + ], + "topHitsSize": 1, + "topHitsSplitField": "", + "type": "ES_SEARCH" + }, + "style": { + "isTimeAware": true, + "properties": { + "fillColor": { + "options": { + "color": "#D36086" + }, + "type": "STATIC" + }, + "icon": { + "options": { + "value": "danger" + }, + "type": "STATIC" + }, + "iconOrientation": { + "options": { + "orientation": 0 + }, + "type": "STATIC" + }, + "iconSize": { + "options": { + "size": 6 + }, + "type": "STATIC" + }, + "labelBorderColor": { + "options": { + "color": "#FFFFFF" + }, + "type": "STATIC" + }, + "labelBorderSize": { + "options": { + "size": "SMALL" + } + }, + "labelColor": { + "options": { + "color": "#000000" + }, + "type": "STATIC" + }, + "labelSize": { + "options": { + "size": 14 + }, + "type": "STATIC" + }, + "labelText": { + "options": { + "value": "" + }, + "type": "STATIC" + }, + "lineColor": { + "options": { + "color": "#41937c" + }, + "type": "STATIC" + }, + "lineWidth": { + "options": { + "size": 1 + }, + "type": "STATIC" + }, + "symbolizeAs": { + "options": { + "value": "circle" + } + } + }, + "type": "VECTOR" + }, + "type": "VECTOR", + "visible": true + } + ], + "mapStateJSON": { + "center": { + "lat": 19.94277, + "lon": 0 + }, + "filters": [], + "query": { + "language": "kuery", + "query": "event.dataset:\"threatintel.anomalithreatstream\" " + }, + "refreshConfig": { + "interval": 0, + "isPaused": true + }, + "settings": { + "autoFitToDataBounds": false, + "backgroundColor": "#ffffff", + "browserLocation": { + "zoom": 2 + }, + "disableInteractive": false, + "disableTooltipControl": false, + "fixedLocation": { + "lat": 0, + "lon": 0, + "zoom": 2 + }, + "hideLayerControl": false, + "hideToolbarOverlay": false, + "hideViewControl": false, + "initialLocation": "LAST_SAVED_LOCATION", + "maxZoom": 24, + "minZoom": 0, + "showScaleControl": false, + "showSpatialFilters": true, + "spatialFiltersAlpa": 0.3, + "spatialFiltersFillColor": "#DA8B45", + "spatialFiltersLineColor": "#DA8B45" + }, + "timeFilters": { + "from": "now-7d", + "to": "now" + }, + "zoom": 2.08 + }, "title": "Anomali Indicator Geographic Location [Filebeat Threat Intel]", "uiStateJSON": { "isLayerTOCOpen": true,