From e9dd10072aff2bc130d15898451e105ccce0aa7a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jes=C3=BAs=20=C3=81ngel?= Date: Tue, 18 Sep 2018 12:42:46 +0200 Subject: [PATCH] Refactor AWS Overview --- public/controllers/agent/agents.js | 2 +- public/controllers/overview/index.js | 8 +- public/factories/tab-visualizations.js | 2 +- public/templates/overview/overview-aws.html | 127 +++--- public/utils/overview-metrics.js | 13 +- .../visualizations/overview/overview-aws.js | 381 +++++------------- 6 files changed, 164 insertions(+), 369 deletions(-) diff --git a/public/controllers/agent/agents.js b/public/controllers/agent/agents.js index 93701f290..50df0ad48 100644 --- a/public/controllers/agent/agents.js +++ b/public/controllers/agent/agents.js @@ -336,7 +336,7 @@ class AgentsController { ? packagesDate.items[0].scan_time : 'Unknown', processesDate: - processesDate && processesDate.items && processesDate.items.length + processesDate && processesDate.items && processesDate.items.length ? processesDate.items[0].scan_time : 'Unknown' }; diff --git a/public/controllers/overview/index.js b/public/controllers/overview/index.js index 8ccbd3ff7..b7128b098 100644 --- a/public/controllers/overview/index.js +++ b/public/controllers/overview/index.js @@ -16,13 +16,12 @@ import { TabNames } from '../../utils/tab-names'; import { TabDescription } from '../../../server/reporting/tab-description'; import { - metricsGeneral, + metricsGeneral, metricsAudit, metricsVulnerability, metricsScap, metricsCiscat, - metricsVirustotal, - metricsAws + metricsVirustotal } from '../../utils/overview-metrics'; const app = uiModules.get('app/wazuh', []); @@ -96,9 +95,6 @@ app.controller('overviewController', function( case 'virustotal': createMetrics(metricsVirustotal); break; - case 'aws': - createMetrics(metricsAws); - break; } } }; diff --git a/public/factories/tab-visualizations.js b/public/factories/tab-visualizations.js index 36ef536f4..666422189 100644 --- a/public/factories/tab-visualizations.js +++ b/public/factories/tab-visualizations.js @@ -38,7 +38,7 @@ export class TabVisualizations { audit: 15, pci: 6, gdpr: 6, - aws: 10, + aws: 6, virustotal: 7 }; diff --git a/public/templates/overview/overview-aws.html b/public/templates/overview/overview-aws.html index c550eb25d..ba128c461 100644 --- a/public/templates/overview/overview-aws.html +++ b/public/templates/overview/overview-aws.html @@ -1,80 +1,69 @@ -
- - -
Successful logins:
-
Most active user:
-
Authorized security groups:
-
Revoked security groups:
- - -
- -
- - - - -
- -
-
- - - Instances - - - - -
-
- -
-
- - - Security groups over time - - - - -
-
- -
- - - Events over time +
+ + + Alerts over time - + -
- -
- - - Event sources over time - - - - - - - Success login - Top 5 countries - - - - -
- -
- Alerts summary + Most common events - + + + +
+ +
+ + + Top 5 instances + + + + + + + Top 5 source IP addresses + + + + + + + Top 5 sources + + + + +
+ +
+ + + Geolocation + + + + +
+ +
+ + + Top 5 buckets + + + + + + + Top 5 rules + +
diff --git a/public/utils/overview-metrics.js b/public/utils/overview-metrics.js index 1b097eb7d..94e0e24cc 100644 --- a/public/utils/overview-metrics.js +++ b/public/utils/overview-metrics.js @@ -69,21 +69,12 @@ const metricsVirustotal = { virusTotal: '[vis-id="\'Wazuh-App-Overview-Virustotal-Total\'"]' }; -// Metrics AWS -const metricsAws = { - awsLogins: '[vis-id="\'Wazuh-App-Overview-AWS-Metric-Successful-logins\'"]', - awsMostActiveUser: '[vis-id="\'Wazuh-App-Overview-AWS-Most-active-user\'"]', - awsAuthorized: - '[vis-id="\'Wazuh-App-Overview-AWS-Metric-Authorize-security\'"]', - awsRevoked: '[vis-id="\'Wazuh-App-Overview-AWS-Metric-Revoke-security\'"]' -}; export default { - metricsGeneral, + metricsGeneral, metricsAudit, metricsVulnerability, metricsScap, metricsCiscat, - metricsVirustotal, - metricsAws + metricsVirustotal }; diff --git a/server/integration-files/visualizations/overview/overview-aws.js b/server/integration-files/visualizations/overview/overview-aws.js index 74fea6f45..738db17ae 100644 --- a/server/integration-files/visualizations/overview/overview-aws.js +++ b/server/integration-files/visualizations/overview/overview-aws.js @@ -11,314 +11,133 @@ */ export default [ { - _id: 'Wazuh-App-Overview-AWS-Metric-Authorize-security', + _id: 'Wazuh-App-Overview-AWS-Top-5-instances', + _type: 'visualization', _source: { - title: 'Metric Authorize security', + title: 'Top 5 instances', visState: - '{"title":"Metric Authorize security","type":"metric","params":{"addTooltip":true,"addLegend":false,"type":"metric","metric":{"percentageMode":false,"useRanges":false,"colorSchema":"Green to Red","metricColorMode":"None","colorsRange":[{"from":0,"to":10000}],"labels":{"show":true},"invertColors":false,"style":{"bgFill":"#000","bgColor":false,"labelColor":false,"subText":"","fontSize":20}}},"aggs":[{"id":"1","enabled":true,"type":"count","schema":"metric","params":{"customLabel":"Authorized security groups"}}]}', + '{"title":"Top 5 instances","type":"pie","params":{"type":"pie","addTooltip":true,"addLegend":true,"legendPosition":"right","isDonut":true,"labels":{"show":false,"values":true,"last_level":true,"truncate":100}},"aggs":[{"id":"1","enabled":true,"type":"count","schema":"metric","params":{}},{"id":"2","enabled":true,"type":"terms","schema":"segment","params":{"field":"data.aws.resource.instanceDetails.instanceId","size":5,"order":"desc","orderBy":"1","otherBucket":false,"otherBucketLabel":"Other","missingBucket":false,"missingBucketLabel":"Missing"}}]}', uiStateJSON: '{}', description: '', version: 1, kibanaSavedObjectMeta: { - searchSourceJSON: `{ - "index":"wazuh-alerts", - "filter":[ - { - "query": { - "regexp": { - "rule.description": { - "value": ".*AuthorizeSecurity.*" - } - } - }, - "meta": { - "negate": false, - "index": "wazuh-alerts", - "disabled": false, - "alias": null, - "type": "custom", - "key": "query", - "value": {"regexp":{"rule.description":".*AuthorizeSecurity.*"}} - }, - "$state": { - "store": "appState" - } - } - ], - "query":{"query":"","language":"lucene"} - }` + searchSourceJSON: + '{"index":"wazuh-alerts","query":{"query":"","language":"lucene"},"filter":[]}' } - }, - _type: 'visualization' + } }, { - _id: 'Wazuh-App-Overview-AWS-Metric-Revoke-security', + _id: 'Wazuh-App-Overview-AWS-Top-5-rules', + _type: 'visualization', _source: { - title: 'Metric Revoke security', + title: 'Top 5 rules', visState: - '{"title":"Metric Revoke security","type":"metric","params":{"addTooltip":true,"addLegend":false,"type":"metric","metric":{"percentageMode":false,"useRanges":false,"colorSchema":"Green to Red","metricColorMode":"None","colorsRange":[{"from":0,"to":10000}],"labels":{"show":true},"invertColors":false,"style":{"bgFill":"#000","bgColor":false,"labelColor":false,"subText":"","fontSize":20}}},"aggs":[{"id":"1","enabled":true,"type":"count","schema":"metric","params":{"customLabel":"Revoked security groups"}}]}', - uiStateJSON: '{}', - description: '', - version: 1, - kibanaSavedObjectMeta: { - searchSourceJSON: `{ - "index":"wazuh-alerts", - "filter":[ - { - "query": { - "regexp": { - "rule.description": { - "value": ".*RevokeSecurity.*" - } - } - }, - "meta": { - "negate": false, - "index": "wazuh-alerts", - "disabled": false, - "alias": null, - "type": "custom", - "key": "query", - "value": {"regexp":{"rule.description":".*RevokeSecurity.*"}} - }, - "$state": { - "store": "appState" - } - } - ], - "query":{"query":"","language":"lucene"} - }` - } - }, - _type: 'visualization' - }, - { - _id: 'Wazuh-App-Overview-AWS-Instances', - _source: { - title: 'Instances', - visState: - '{"title":"Instances","type":"histogram","params":{"type":"histogram","grid":{"categoryLines":false,"style":{"color":"#eee"}},"categoryAxes":[{"id":"CategoryAxis-1","type":"category","position":"bottom","show":true,"style":{},"scale":{"type":"linear"},"labels":{"show":true,"truncate":100},"title":{}}],"valueAxes":[{"id":"ValueAxis-1","name":"LeftAxis-1","type":"value","position":"left","show":true,"style":{},"scale":{"type":"linear","mode":"normal"},"labels":{"show":true,"rotate":0,"filter":false,"truncate":100},"title":{"text":"Count"}}],"seriesParams":[{"show":"true","type":"histogram","mode":"stacked","data":{"label":"Count","id":"1"},"valueAxis":"ValueAxis-1","drawLinesBetweenPoints":true,"showCircles":true}],"addTooltip":true,"addLegend":false,"legendPosition":"right","times":[],"addTimeMarker":false},"aggs":[{"id":"1","enabled":true,"type":"count","schema":"metric","params":{}},{"id":"2","enabled":true,"type":"terms","schema":"segment","params":{"field":"data.aws.eventName","size":5,"order":"desc","orderBy":"1","customLabel":"Instance state"}}]}', - uiStateJSON: '{}', - description: '', - version: 1, - kibanaSavedObjectMeta: { - searchSourceJSON: `{ - "index":"wazuh-alerts", - "filter":[ - { - "query": { - "regexp": { - "data.aws.eventName": { - "value": ".*Instances.*" - } - } - }, - "meta": { - "negate": false, - "index": "wazuh-alerts", - "disabled": false, - "alias": null, - "type": "custom", - "key": "query", - "value": {"regexp":{"data.aws.eventName":".*Instances.*"}} - }, - "$state": { - "store": "appState" - } - } - ], - "query":{"query":"","language":"lucene"} - }` - } - }, - _type: 'visualization' - }, - { - _id: 'Wazuh-App-Overview-AWS-Metric-Successful-logins', - _source: { - title: 'Metric Successful logins', - visState: - '{"title":"Metric Successful logins","type":"metric","params":{"addTooltip":true,"addLegend":false,"type":"metric","metric":{"percentageMode":false,"useRanges":false,"colorSchema":"Green to Red","metricColorMode":"None","colorsRange":[{"from":0,"to":10000}],"labels":{"show":true},"invertColors":false,"style":{"bgFill":"#000","bgColor":false,"labelColor":false,"subText":"","fontSize":20}}},"aggs":[{"id":"1","enabled":true,"type":"count","schema":"metric","params":{"customLabel":"Successful logins"}}]}', - uiStateJSON: '{}', - description: '', - version: 1, - kibanaSavedObjectMeta: { - searchSourceJSON: `{ - "index":"wazuh-alerts", - "filter":[ - { - "query": { - "regexp": { - "rule.description": { - "value": ".*Login?Success.*" - } - } - }, - "meta": { - "negate": false, - "index": "wazuh-alerts", - "disabled": false, - "alias": null, - "type": "custom", - "key": "query", - "value": {"regexp":{"rule.description":".*Login?Success.*"}} - }, - "$state": { - "store": "appState" - } - } - ], - "query":{"query":"","language":"lucene"} - }` - } - }, - _type: 'visualization' - }, - { - _id: 'Wazuh-App-Overview-AWS-Most-active-user', - _source: { - title: 'Most active user', - visState: - '{"title":"Most active user","type":"table","params":{"perPage":10,"showPartialRows":false,"showMeticsAtAllLevels":false,"sort":{"columnIndex":null,"direction":null},"showTotal":false,"totalFunc":"sum"},"aggs":[{"id":"1","enabled":true,"type":"count","schema":"metric","params":{}},{"id":"2","enabled":true,"type":"terms","schema":"bucket","params":{"field":"data.aws.userIdentity.userName","size":1,"order":"desc","orderBy":"1","customLabel":"User name"}}]}', + '{"title":"Top 5 rules","type":"table","params":{"perPage":10,"showPartialRows":false,"showMetricsAtAllLevels":false,"sort":{"columnIndex":null,"direction":null},"showTotal":false,"totalFunc":"sum"},"aggs":[{"id":"1","enabled":true,"type":"count","schema":"metric","params":{}},{"id":"2","enabled":true,"type":"terms","schema":"bucket","params":{"field":"rule.id","size":5,"order":"desc","orderBy":"1","otherBucket":false,"otherBucketLabel":"Other","missingBucket":false,"missingBucketLabel":"Missing","customLabel":"Rule ID"}},{"id":"3","enabled":true,"type":"terms","schema":"bucket","params":{"field":"rule.description","size":1,"order":"desc","orderBy":"1","otherBucket":false,"otherBucketLabel":"Other","missingBucket":false,"missingBucketLabel":"Missing","customLabel":"Description"}}]}', uiStateJSON: '{"vis":{"params":{"sort":{"columnIndex":null,"direction":null}}}}', description: '', version: 1, kibanaSavedObjectMeta: { searchSourceJSON: - '{"index":"wazuh-alerts","filter":[],"query":{"query":"","language":"lucene"}}' + '{"index":"wazuh-alerts","query":{"query":"","language":"lucene"},"filter":[]}' } - }, - _type: 'visualization' + } }, { - _id: 'Wazuh-App-Overview-AWS-Security-groups-over-time', - _source: { - title: 'Security groups over time', - visState: - '{"title":"Security groups over time","type":"area","params":{"type":"area","grid":{"categoryLines":false,"style":{"color":"#eee"}},"categoryAxes":[{"id":"CategoryAxis-1","type":"category","position":"bottom","show":true,"style":{},"scale":{"type":"linear"},"labels":{"show":true,"truncate":100},"title":{}}],"valueAxes":[{"id":"ValueAxis-1","name":"LeftAxis-1","type":"value","position":"left","show":true,"style":{},"scale":{"type":"linear","mode":"normal"},"labels":{"show":true,"rotate":0,"filter":false,"truncate":100},"title":{"text":"Count"}}],"seriesParams":[{"show":"true","type":"area","mode":"stacked","data":{"label":"Count","id":"1"},"drawLinesBetweenPoints":true,"showCircles":true,"interpolate":"linear","valueAxis":"ValueAxis-1"}],"addTooltip":true,"addLegend":true,"legendPosition":"right","times":[],"addTimeMarker":false},"aggs":[{"id":"1","enabled":true,"type":"count","schema":"metric","params":{}},{"id":"3","enabled":true,"type":"terms","schema":"group","params":{"field":"rule.description","size":2,"order":"desc","orderBy":"1"}},{"id":"2","enabled":true,"type":"date_histogram","schema":"segment","params":{"field":"@timestamp","interval":"h","customInterval":"2h","min_doc_count":1,"extended_bounds":{}}}]}', - uiStateJSON: '{}', - description: '', - version: 1, - kibanaSavedObjectMeta: { - searchSourceJSON: `{ - "index":"wazuh-alerts", - "filter":[ - { - "query": { - "regexp": { - "rule.description": { - "value": ".*Security.*" - } - } - }, - "meta": { - "negate": false, - "index": "wazuh-alerts", - "disabled": false, - "alias": null, - "type": "custom", - "key": "query", - "value": {"regexp":{"rule.description":".*Security.*"}} - }, - "$state": { - "store": "appState" - } - } - ], - "query":{"query":"","language":"lucene"} - }` - } - }, - _type: 'visualization' - }, - { - _id: 'Wazuh-App-Overview-AWS-Success-login-Top-5-countries', - _source: { - title: 'Success login Top 5 countries', - visState: - '{"title":"Success login Top 5 countries","type":"pie","params":{"type":"pie","addTooltip":true,"addLegend":true,"legendPosition":"right","isDonut":true,"labels":{"show":false,"values":true,"last_level":true,"truncate":100}},"aggs":[{"id":"1","enabled":true,"type":"count","schema":"metric","params":{}},{"id":"2","enabled":true,"type":"terms","schema":"segment","params":{"field":"GeoLocation.country_name","size":5,"order":"desc","orderBy":"1","customLabel":"Country"}}]}', - uiStateJSON: '{}', - description: '', - version: 1, - kibanaSavedObjectMeta: { - searchSourceJSON: `{ - "index":"wazuh-alerts", - "filter":[ - { - "query": { - "regexp": { - "rule.description": { - "value": ".*Login?Success.*" - } - } - }, - "meta": { - "negate": false, - "index": "wazuh-alerts", - "disabled": false, - "alias": null, - "type": "custom", - "key": "query", - "value": {"regexp":{"rule.description":".*Login?Success.*"}} - }, - "$state": { - "store": "appState" - } - } - ], - "query":{"query":"","language":"lucene"} - }` - } - }, - _type: 'visualization' - }, - { - _id: 'Wazuh-App-Overview-AWS-Events-over-time', - _source: { - title: 'Events over time', - visState: - '{"title":"Events over time","type":"area","params":{"type":"area","grid":{"categoryLines":false,"style":{"color":"#eee"}},"categoryAxes":[{"id":"CategoryAxis-1","type":"category","position":"bottom","show":true,"style":{},"scale":{"type":"linear"},"labels":{"show":true,"truncate":100},"title":{}}],"valueAxes":[{"id":"ValueAxis-1","name":"LeftAxis-1","type":"value","position":"left","show":true,"style":{},"scale":{"type":"linear","mode":"normal"},"labels":{"show":true,"rotate":0,"filter":false,"truncate":100},"title":{"text":"Count"}}],"seriesParams":[{"show":"true","type":"area","mode":"stacked","data":{"label":"Count","id":"1"},"drawLinesBetweenPoints":true,"showCircles":true,"interpolate":"linear","valueAxis":"ValueAxis-1"}],"addTooltip":true,"addLegend":true,"legendPosition":"right","times":[],"addTimeMarker":false},"aggs":[{"id":"1","enabled":true,"type":"count","schema":"metric","params":{}},{"id":"2","enabled":true,"type":"date_histogram","schema":"segment","params":{"field":"@timestamp","interval":"h","customInterval":"2h","min_doc_count":1,"extended_bounds":{}}},{"id":"3","enabled":true,"type":"terms","schema":"group","params":{"field":"data.aws.eventName","size":5,"order":"desc","orderBy":"1","customLabel":"Event name"}}]}', - uiStateJSON: '{}', - description: '', - version: 1, - kibanaSavedObjectMeta: { - searchSourceJSON: - '{"index":"wazuh-alerts","filter":[],"query":{"query":"","language":"lucene"}}' - } - }, - _type: 'visualization' - }, - { - _id: 'Wazuh-App-Overview-AWS-Event-sources-over-time', - _source: { - title: 'Event sources over time', - visState: - '{"title":"Event sources over time","type":"area","params":{"type":"area","grid":{"categoryLines":false,"style":{"color":"#eee"}},"categoryAxes":[{"id":"CategoryAxis-1","type":"category","position":"bottom","show":true,"style":{},"scale":{"type":"linear"},"labels":{"show":true,"truncate":100},"title":{}}],"valueAxes":[{"id":"ValueAxis-1","name":"LeftAxis-1","type":"value","position":"left","show":true,"style":{},"scale":{"type":"linear","mode":"normal"},"labels":{"show":true,"rotate":0,"filter":false,"truncate":100},"title":{"text":"Count"}}],"seriesParams":[{"show":"true","type":"area","mode":"stacked","data":{"label":"Count","id":"1"},"drawLinesBetweenPoints":true,"showCircles":true,"interpolate":"linear","valueAxis":"ValueAxis-1"}],"addTooltip":true,"addLegend":true,"legendPosition":"right","times":[],"addTimeMarker":false},"aggs":[{"id":"1","enabled":true,"type":"count","schema":"metric","params":{}},{"id":"2","enabled":true,"type":"date_histogram","schema":"segment","params":{"field":"@timestamp","interval":"h","customInterval":"2h","min_doc_count":1,"extended_bounds":{}}},{"id":"3","enabled":true,"type":"terms","schema":"group","params":{"field":"data.aws.eventSource","size":5,"order":"desc","orderBy":"1","customLabel":"Event source"}}]}', - uiStateJSON: '{}', - description: '', - version: 1, - kibanaSavedObjectMeta: { - searchSourceJSON: - '{"index":"wazuh-alerts","filter":[],"query":{"query":"","language":"lucene"}}' - } - }, - _type: 'visualization' - }, - { - _id: 'Wazuh-App-Overview-AWS-Alerts-summary', + _id: 'Wazuh-App-Overview-AWS-Alerts-over-time', _type: 'visualization', _source: { - title: 'Alerts summary', + title: 'Alerts over time', visState: - '{"title":"Alerts summary","type":"table","params":{"perPage":10,"showPartialRows":false,"showMeticsAtAllLevels":false,"sort":{"columnIndex":3,"direction":"desc"},"showTotal":false,"totalFunc":"sum"},"aggs":[{"id":"1","enabled":true,"type":"count","schema":"metric","params":{}},{"id":"4","enabled":true,"type":"terms","schema":"bucket","params":{"field":"manager.name","otherBucket":false,"otherBucketLabel":"Other","missingBucket":false,"missingBucketLabel":"Missing","size":50,"order":"desc","orderBy":"1","customLabel":"Manager"}},{"id":"3","enabled":true,"type":"terms","schema":"bucket","params":{"field":"GeoLocation.country_name","otherBucket":false,"otherBucketLabel":"Other","missingBucket":false,"missingBucketLabel":"Missing","size":10,"order":"desc","orderBy":"1","customLabel":"Country"}},{"id":"2","enabled":true,"type":"terms","schema":"bucket","params":{"field":"rule.description","otherBucket":false,"otherBucketLabel":"Other","missingBucket":false,"missingBucketLabel":"Missing","size":10,"order":"desc","orderBy":"1","customLabel":"Description"}}]}', - uiStateJSON: - '{"vis":{"params":{"sort":{"columnIndex":3,"direction":"desc"}}},"spy":{"mode":{"name":null,"fill":false}}}', + '{"title":"Alerts over time","type":"line","params":{"type":"line","grid":{"categoryLines":false,"style":{"color":"#eee"}},"categoryAxes":[{"id":"CategoryAxis-1","type":"category","position":"bottom","show":true,"style":{},"scale":{"type":"linear"},"labels":{"show":true,"truncate":100},"title":{}}],"valueAxes":[{"id":"ValueAxis-1","name":"LeftAxis-1","type":"value","position":"left","show":true,"style":{},"scale":{"type":"linear","mode":"normal"},"labels":{"show":true,"rotate":0,"filter":false,"truncate":100},"title":{"text":"Alerts"}}],"seriesParams":[{"show":"true","type":"area","mode":"normal","data":{"label":"Alerts","id":"1"},"valueAxis":"ValueAxis-1","drawLinesBetweenPoints":true,"showCircles":true}],"addTooltip":true,"addLegend":false,"legendPosition":"right","times":[],"addTimeMarker":false},"aggs":[{"id":"1","enabled":true,"type":"count","schema":"metric","params":{}},{"id":"2","enabled":true,"type":"date_histogram","schema":"segment","params":{"field":"@timestamp","interval":"auto","customInterval":"2h","min_doc_count":1,"extended_bounds":{}}}]}', + uiStateJSON: '{}', description: '', version: 1, kibanaSavedObjectMeta: { searchSourceJSON: - '{"index":"wazuh-alerts","filter":[],"query":{"query":"","language":"lucene"}}' + '{"index":"wazuh-alerts","query":{"query":"","language":"lucene"},"filter":[]}' + } + } + }, + { + _id: 'Wazuh-App-Overview-AWS-geo', + _type: 'visualization', + _source: { + title: 'AWS geolocation', + visState: + '{"title":"AWS geolocation","type":"tile_map","params":{"colorSchema":"Green to Red","mapType":"Shaded Circle Markers","isDesaturated":true,"addTooltip":true,"heatClusterSize":1.5,"legendPosition":"topright","mapZoom":2,"mapCenter":[0,0],"wms":{"enabled":false,"options":{"format":"image/png","transparent":true},"baseLayersAreLoaded":{},"tmsLayers":[{"id":"road_map","url":"https://tiles.maps.elastic.co/v2/default/{z}/{x}/{y}.png?elastic_tile_service_tos=agree&my_app_name=kibana&my_app_version=6.4.0","minZoom":0,"maxZoom":10,"attribution":"

© OpenStreetMap contributors | Elastic Maps Service

","subdomains":[]}],"selectedTmsLayer":{"id":"road_map","url":"https://tiles.maps.elastic.co/v2/default/{z}/{x}/{y}.png?elastic_tile_service_tos=agree&my_app_name=kibana&my_app_version=6.4.0","minZoom":0,"maxZoom":10,"attribution":"

© OpenStreetMap contributors | Elastic Maps Service

","subdomains":[]}}},"aggs":[{"id":"1","enabled":true,"type":"count","schema":"metric","params":{"customLabel":""}},{"id":"2","enabled":true,"type":"geohash_grid","schema":"segment","params":{"field":"GeoLocation.location","autoPrecision":true,"isFilteredByCollar":true,"useGeocentroid":true,"mapZoom":2,"mapCenter":[0,0],"precision":2,"customLabel":""}}]}', + uiStateJSON: + '{"mapZoom":3,"mapCenter":[25.085598897064777,-57.30468750000001]}', + description: '', + version: 1, + kibanaSavedObjectMeta: { + searchSourceJSON: + '{"index":"wazuh-alerts","query":{"query":"","language":"lucene"},"filter":[]}' + } + } + }, + { + _id: 'Wazuh-App-Overview-AWS-Top-5-sources', + _type: 'visualization', + _source: { + title: 'AWS-Top-5-sources', + visState: + '{"title":"AWS-Top-5-sources","type":"pie","params":{"type":"pie","addTooltip":true,"addLegend":true,"legendPosition":"right","isDonut":true,"labels":{"show":false,"values":true,"last_level":true,"truncate":100}},"aggs":[{"id":"1","enabled":true,"type":"count","schema":"metric","params":{}},{"id":"2","enabled":true,"type":"terms","schema":"segment","params":{"field":"data.aws.source","size":5,"order":"desc","orderBy":"1","otherBucket":false,"otherBucketLabel":"Other","missingBucket":false,"missingBucketLabel":"Missing"}}]}', + uiStateJSON: '{}', + description: '', + version: 1, + kibanaSavedObjectMeta: { + searchSourceJSON: + '{"index":"wazuh-alerts","query":{"query":"","language":"lucene"},"filter":[]}' + } + } + }, + { + _id: 'Wazuh-App-Overview-AWS-Top-5-buckets', + _type: 'visualization', + _source: { + title: 'AWS-Top-5-Buckets-table', + visState: + '{"title":"AWS-Top-5-Buckets-table","type":"table","params":{"perPage":10,"showPartialRows":false,"showMetricsAtAllLevels":false,"sort":{"columnIndex":null,"direction":null},"showTotal":false,"totalFunc":"sum"},"aggs":[{"id":"1","enabled":true,"type":"count","schema":"metric","params":{"customLabel":"Alerts"}},{"id":"2","enabled":true,"type":"terms","schema":"bucket","params":{"field":"data.aws.log_info.s3bucket","size":5,"order":"desc","orderBy":"1","otherBucket":false,"otherBucketLabel":"Other","missingBucket":false,"missingBucketLabel":"Missing","customLabel":"Bucket"}}]}', + uiStateJSON: + '{"vis":{"params":{"sort":{"columnIndex":null,"direction":null}}}}', + description: '', + version: 1, + kibanaSavedObjectMeta: { + searchSourceJSON: + '{"index":"wazuh-alerts","query":{"query":"","language":"lucene"},"filter":[]}' + } + } + }, + { + _id: 'Wazuh-App-Overview-AWS-Top-5-source-ip', + _type: 'visualization', + _source: { + title: 'Top 5 source IP addresses', + visState: + '{"title":"Top 5 source IP addresses","type":"pie","params":{"type":"pie","addTooltip":true,"addLegend":true,"legendPosition":"right","isDonut":true,"labels":{"show":false,"values":true,"last_level":true,"truncate":100}},"aggs":[{"id":"1","enabled":true,"type":"count","schema":"metric","params":{}},{"id":"2","enabled":true,"type":"terms","schema":"segment","params":{"field":"data.aws.source_ip_address","size":5,"order":"desc","orderBy":"1","otherBucket":false,"otherBucketLabel":"Other","missingBucket":false,"missingBucketLabel":"Missing"}}]}', + uiStateJSON: '{}', + description: '', + version: 1, + kibanaSavedObjectMeta: { + searchSourceJSON: + '{"index":"wazuh-alerts","query":{"query":"","language":"lucene"},"filter":[]}' + } + } + }, + { + _id: 'Wazuh-App-Overview-AWS-Top-5-event-names', + _type: 'visualization', + _source: { + title: 'Top 5 event names', + visState: + '{"title":"Top 5 event names","type":"pie","params":{"type":"pie","addTooltip":true,"addLegend":true,"legendPosition":"right","isDonut":true,"labels":{"show":false,"values":true,"last_level":true,"truncate":100}},"aggs":[{"id":"1","enabled":true,"type":"count","schema":"metric","params":{}},{"id":"2","enabled":true,"type":"terms","schema":"segment","params":{"field":"data.aws.eventName","size":5,"order":"desc","orderBy":"1","otherBucket":false,"otherBucketLabel":"Other","missingBucket":false,"missingBucketLabel":"Missing"}}]}', + uiStateJSON: '{}', + description: '', + version: 1, + kibanaSavedObjectMeta: { + searchSourceJSON: + '{"index":"wazuh-alerts","query":{"query":"","language":"lucene"},"filter":[]}' } } }