@@ -0,0 +1,588 @@
{
"title" : " C1fApp Threat Intelligence"
"services" : {
"query" : {
"list" : {
"0" : {
"query" : " index: \" cif\" "
"alias" : " Cif Index"
"color" : " #7EB26D"
"id" : 0 ,
"pin" : false ,
"type" : " lucene"
"enable" : true
},
"1" : {
"id" : 1 ,
"color" : " #7EB26D"
"alias" : " Malware"
"pin" : false ,
"type" : " lucene"
"enable" : true ,
"query" : " assessment: \" malware\" "
},
"2" : {
"id" : 2 ,
"color" : " #EF843C"
"alias" : " Exploit"
"pin" : false ,
"type" : " lucene"
"enable" : true ,
"query" : " assessment: \" exploit\" "
},
"3" : {
"id" : 3 ,
"color" : " #64B0C8"
"alias" : " Cif Entries"
"pin" : false ,
"type" : " lucene"
"enable" : true ,
"query" : " _type: \" cifentry\" "
},
"4" : {
"id" : 4 ,
"color" : " #E24D42"
"alias" : " Suspicious"
"pin" : false ,
"type" : " lucene"
"enable" : true ,
"query" : " assessment: \" suspicious\" "
},
"5" : {
"id" : 5 ,
"color" : " #BF1B00"
"alias" : " Botnet"
"pin" : false ,
"type" : " lucene"
"enable" : true ,
"query" : " assessment: \" botnet\" "
},
"6" : {
"id" : 6 ,
"color" : " #82B5D8"
"alias" : " Whitelist"
"pin" : false ,
"type" : " lucene"
"enable" : true ,
"query" : " assessment: \" whitelist\" "
},
"7" : {
"id" : 7 ,
"color" : " #705DA0"
"alias" : " "
"pin" : false ,
"type" : " lucene"
"enable" : true ,
"query" : " "
}
},
"ids" : [
0 ,
1 ,
2 ,
3 ,
4 ,
5 ,
6 ,
7
]
},
"filter" : {
"list" : {
"0" : {
"type" : " terms"
"field" : " _type"
"value" : " cluster_stats"
"mandate" : " must"
"active" : false ,
"alias" : " "
"id" : 0
},
"1" : {
"type" : " terms"
"field" : " _type"
"value" : " cifentry"
"mandate" : " must"
"active" : false ,
"alias" : " "
"id" : 1
}
},
"ids" : [
0 ,
1
]
}
},
"rows" : [
{
"title" : " Options"
"height" : " 250px"
"editable" : true ,
"collapse" : false ,
"collapsable" : true ,
"panels" : [
{
"error" : false ,
"span" : 6 ,
"editable" : true ,
"type" : " map"
"loadingEditor" : false ,
"map" : " world"
"colors" : [
" #A0E2E2"
" #265656"
],
"size" : 100 ,
"exclude" : [],
"spyable" : true ,
"queries" : {
"mode" : " selected"
"ids" : [
3
]
},
"title" : " C1fApp World Map"
"field" : " cc"
},
{
"span" : 6 ,
"editable" : true ,
"type" : " histogram"
"loadingEditor" : false ,
"mode" : " count"
"time_field" : " reporttime"
"value_field" : null ,
"x-axis" : true ,
"y-axis" : true ,
"scale" : 1 ,
"y_format" : " none"
"grid" : {
"max" : null ,
"min" : null
},
"queries" : {
"mode" : " selected"
"ids" : [
3
]
},
"annotate" : {
"enable" : true ,
"query" : " *"
"size" : 20 ,
"field" : " _type"
"sort" : [
" _score"
" desc"
]
},
"auto_int" : false ,
"resolution" : 100 ,
"interval" : " 1d"
"intervals" : [
" auto"
" 1s"
" 1m"
" 5m"
" 10m"
" 30m"
" 1h"
" 3h"
" 12h"
" 1d"
" 1w"
" 1y"
],
"lines" : false ,
"fill" : 0 ,
"linewidth" : 3 ,
"points" : false ,
"pointradius" : 5 ,
"bars" : true ,
"stack" : true ,
"spyable" : true ,
"zoomlinks" : true ,
"options" : true ,
"legend" : true ,
"show_query" : true ,
"interactive" : true ,
"legend_counts" : true ,
"timezone" : " utc"
"percentage" : false ,
"zerofill" : true ,
"derivative" : false ,
"tooltip" : {
"value_type" : " cumulative"
"query_as_alias" : true
},
"title" : " Timeline"
}
],
"notice" : false
},
{
"title" : " Country Stats"
"height" : " 250px"
"editable" : true ,
"collapse" : false ,
"collapsable" : true ,
"panels" : [
{
"error" : false ,
"span" : 2 ,
"editable" : true ,
"type" : " stats"
"loadingEditor" : false ,
"queries" : {
"mode" : " selected"
"ids" : [
0
]
},
"style" : {
"font-size" : " 24pt"
},
"format" : " bytes"
"mode" : " max"
"display_breakdown" : " yes"
"sort_field" : " "
"sort_reverse" : false ,
"label_name" : " Index"
"value_name" : " Size"
"spyable" : true ,
"field" : " primaries.store.size_in_bytes"
"title" : " Size"
},
{
"span" : 2 ,
"editable" : true ,
"type" : " hits"
"loadingEditor" : false ,
"style" : {
"font-size" : " 12pt"
},
"arrangement" : " vertical"
"chart" : " list"
"counter_pos" : " below"
"donut" : false ,
"tilt" : false ,
"labels" : true ,
"spyable" : true ,
"queries" : {
"mode" : " selected"
"ids" : [
1 ,
2 ,
4 ,
5 ,
6
]
},
"title" : " Hits"
},
{
"error" : false ,
"span" : 4 ,
"editable" : true ,
"type" : " column"
"loadingEditor" : false ,
"panels" : [
{
"type" : " sparklines"
"mode" : " count"
"time_field" : " reporttime"
"height" : " 10"
"value_field" : null ,
"interval" : " 5m"
"spyable" : true ,
"queries" : {
"mode" : " selected"
"ids" : [
1 ,
2 ,
4 ,
5 ,
6
]
}
}
],
"title" : " Sparks"
}
],
"notice" : false
},
{
"title" : " Graph"
"height" : " 250px"
"editable" : true ,
"collapse" : false ,
"collapsable" : true ,
"panels" : [
{
"error" : false ,
"span" : 3 ,
"editable" : true ,
"group" : [
" default"
],
"type" : " terms"
"queries" : {
"mode" : " selected"
"ids" : [
3 ,
6 ,
7
]
},
"field" : " cc"
"exclude" : [
" "
],
"missing" : false ,
"other" : true ,
"size" : 9 ,
"order" : " count"
"style" : {
"font-size" : " 10pt"
},
"donut" : false ,
"tilt" : false ,
"labels" : true ,
"arrangement" : " horizontal"
"chart" : " table"
"counter_pos" : " above"
"spyable" : true ,
"title" : " Top Countries"
"tmode" : " terms"
"tstat" : " total"
"valuefield" : " "
},
{
"error" : false ,
"span" : 3 ,
"editable" : true ,
"group" : [
" default"
],
"type" : " terms"
"queries" : {
"mode" : " selected"
"ids" : [
3
]
},
"field" : " assessment"
"exclude" : [],
"missing" : true ,
"other" : true ,
"size" : 100 ,
"order" : " count"
"style" : {
"font-size" : " 10pt"
},
"donut" : false ,
"tilt" : false ,
"labels" : true ,
"arrangement" : " horizontal"
"chart" : " pie"
"counter_pos" : " none"
"title" : " C1f Types"
"spyable" : true ,
"tmode" : " terms"
"tstat" : " total"
"valuefield" : " "
},
{
"error" : false ,
"span" : 5 ,
"editable" : true ,
"type" : " terms"
"loadingEditor" : false ,
"field" : " description"
"exclude" : [],
"missing" : false ,
"other" : false ,
"size" : 10 ,
"order" : " count"
"style" : {
"font-size" : " 10pt"
},
"donut" : false ,
"tilt" : false ,
"labels" : true ,
"arrangement" : " horizontal"
"chart" : " table"
"counter_pos" : " above"
"spyable" : true ,
"queries" : {
"mode" : " selected"
"ids" : [
3
]
},
"tmode" : " terms"
"tstat" : " total"
"valuefield" : " "
"title" : " Descriptions"
}
],
"notice" : false
},
{
"title" : " Events"
"height" : " 650px"
"editable" : true ,
"collapse" : false ,
"collapsable" : true ,
"panels" : [
{
"error" : false ,
"span" : 12 ,
"editable" : true ,
"group" : [
" default"
],
"type" : " table"
"size" : 100 ,
"pages" : 5 ,
"offset" : 0 ,
"sort" : [
" _score"
" desc"
],
"style" : {
"font-size" : " 9pt"
},
"overflow" : " min-height"
"fields" : [
" address"
" assessment"
" confidence"
" description"
" alternativeid"
" severity"
" reporttime"
],
"highlight" : [],
"sortable" : true ,
"header" : true ,
"paging" : true ,
"spyable" : true ,
"queries" : {
"mode" : " all"
"ids" : [
0 ,
1 ,
2 ,
3 ,
4 ,
5 ,
6 ,
7
]
},
"field_list" : true ,
"status" : " Stable"
"trimFactor" : 300 ,
"normTimes" : true ,
"title" : " Documents"
"all_fields" : false ,
"localTime" : false ,
"timeField" : " @timestamp"
}
],
"notice" : false
}
],
"editable" : true ,
"index" : {
"interval" : " none"
"pattern" : " [logstash-]YYYY.MM.DD"
"default" : " _all"
"warm_fields" : false
},
"style" : " dark"
"failover" : false ,
"panel_hints" : true ,
"loader" : {
"save_gist" : true ,
"save_elasticsearch" : true ,
"save_local" : true ,
"save_default" : true ,
"save_temp" : true ,
"save_temp_ttl_enable" : true ,
"save_temp_ttl" : " 30d"
"load_gist" : true ,
"load_elasticsearch" : true ,
"load_elasticsearch_size" : 20 ,
"load_local" : true ,
"hide" : false
},
"pulldowns" : [
{
"type" : " query"
"collapse" : true ,
"notice" : false ,
"query" : " *"
"pinned" : true ,
"history" : [
" not _missing_:cc"
" assessment: \" whitelist\" "
" assessment: \" botnet\" "
" assessment: \" suspicious\" "
" _type: \" cifentry\" "
" assessment: \" exploit\" "
" assessment: \" malware\" "
" index: \" cif\" "
" -cc:_missing_"
" -_missing_: cc"
],
"remember" : 10 ,
"enable" : true
},
{
"type" : " filtering"
"collapse" : true ,
"notice" : false ,
"enable" : true
}
],
"nav" : [
{
"type" : " timepicker"
"collapse" : false ,
"notice" : false ,
"status" : " Stable"
"time_options" : [
" 5m"
" 15m"
" 1h"
" 6h"
" 12h"
" 24h"
" 2d"
" 7d"
" 30d"
],
"refresh_intervals" : [
" 5s"
" 10s"
" 30s"
" 1m"
" 5m"
" 15m"
" 30m"
" 1h"
" 2h"
" 1d"
],
"timefield" : " reporttime"
"enable" : true ,
"now" : true ,
"filter_id" : 2
}
],
"refresh" : " 10s"
}
evoxco renamed this gist