From 806e8dff9986550c04eae71fc75a6424a97cf5da Mon Sep 17 00:00:00 2001 From: Adrian Serrano Date: Thu, 3 Feb 2022 23:05:33 +0100 Subject: [PATCH] Dashboard for new Recorded Future integration Relates #30030 Co-authored-by: Andrew Pease <7442091+peasead@users.noreply.github.com> --- .../Filebeat-threatintel-recordedfuture.json | 269 ++++++++++++++---- .../037e2af0-df50-11eb-8f2b-753caedf727d.json | 11 +- .../06744e90-df52-11eb-8f2b-753caedf727d.json | 13 +- .../139c7da0-df51-11eb-8f2b-753caedf727d.json | 13 +- .../176bf800-df58-11eb-8f2b-753caedf727d.json | 11 +- .../2d365f10-8479-11ec-8aa9-11bf914a1ef2.json | 95 +++++++ .../3c996410-df52-11eb-8f2b-753caedf727d.json | 13 +- .../4bcc4cb0-df50-11eb-8f2b-753caedf727d.json | 9 +- .../5e76ef90-df51-11eb-8f2b-753caedf727d.json | 13 +- .../6b33edb0-8478-11ec-8aa9-11bf914a1ef2.json | 95 +++++++ .../739274d0-8479-11ec-8aa9-11bf914a1ef2.json | 95 +++++++ .../790cd040-df51-11eb-8f2b-753caedf727d.json | 13 +- .../7ed4ce00-df52-11eb-8f2b-753caedf727d.json | 11 +- .../82fa7420-df58-11eb-8f2b-753caedf727d.json | 9 +- .../8fb01a00-df51-11eb-8f2b-753caedf727d.json | 13 +- .../949bc180-df52-11eb-8f2b-753caedf727d.json | 15 +- .../a0a31740-df51-11eb-8f2b-753caedf727d.json | 13 +- .../b0837690-df52-11eb-8f2b-753caedf727d.json | 17 +- .../c2a5c180-df51-11eb-8f2b-753caedf727d.json | 13 +- .../c6079390-8478-11ec-8aa9-11bf914a1ef2.json | 95 +++++++ .../dd4a3da0-df50-11eb-8f2b-753caedf727d.json | 15 +- .../f37f8350-df50-11eb-8f2b-753caedf727d.json | 15 +- .../d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f.json | 9 +- 23 files changed, 724 insertions(+), 151 deletions(-) create mode 100644 x-pack/filebeat/module/threatintel/_meta/kibana/7/lens/2d365f10-8479-11ec-8aa9-11bf914a1ef2.json create mode 100644 x-pack/filebeat/module/threatintel/_meta/kibana/7/lens/6b33edb0-8478-11ec-8aa9-11bf914a1ef2.json create mode 100644 x-pack/filebeat/module/threatintel/_meta/kibana/7/lens/739274d0-8479-11ec-8aa9-11bf914a1ef2.json create mode 100644 x-pack/filebeat/module/threatintel/_meta/kibana/7/lens/c6079390-8478-11ec-8aa9-11bf914a1ef2.json diff --git a/x-pack/filebeat/module/threatintel/_meta/kibana/7/dashboard/Filebeat-threatintel-recordedfuture.json b/x-pack/filebeat/module/threatintel/_meta/kibana/7/dashboard/Filebeat-threatintel-recordedfuture.json index 8f49344ce69..9b67e2ce3b6 100644 --- a/x-pack/filebeat/module/threatintel/_meta/kibana/7/dashboard/Filebeat-threatintel-recordedfuture.json +++ b/x-pack/filebeat/module/threatintel/_meta/kibana/7/dashboard/Filebeat-threatintel-recordedfuture.json @@ -21,7 +21,7 @@ "enhancements": {} }, "gridData": { - "h": 16, + "h": 18, "i": "c5528bd5-fc50-4902-94d9-6f6579e93364", "w": 10, "x": 0, @@ -30,14 +30,14 @@ "panelIndex": "c5528bd5-fc50-4902-94d9-6f6579e93364", "panelRefName": "panel_c5528bd5-fc50-4902-94d9-6f6579e93364", "type": "lens", - "version": "7.13.2" + "version": "8.1.0-SNAPSHOT" }, { "embeddableConfig": { "enhancements": {} }, "gridData": { - "h": 16, + "h": 18, "i": "5844ac07-8c60-4e94-9fdb-f5489bbaafb0", "w": 10, "x": 10, @@ -46,14 +46,14 @@ "panelIndex": "5844ac07-8c60-4e94-9fdb-f5489bbaafb0", "panelRefName": "panel_5844ac07-8c60-4e94-9fdb-f5489bbaafb0", "type": "lens", - "version": "7.13.2" + "version": "8.1.0-SNAPSHOT" }, { "embeddableConfig": { "enhancements": {} }, "gridData": { - "h": 16, + "h": 18, "i": "705de4dd-b10b-4871-b42e-c32802f07cdc", "w": 9, "x": 20, @@ -62,14 +62,14 @@ "panelIndex": "705de4dd-b10b-4871-b42e-c32802f07cdc", "panelRefName": "panel_705de4dd-b10b-4871-b42e-c32802f07cdc", "type": "lens", - "version": "7.13.2" + "version": "8.1.0-SNAPSHOT" }, { "embeddableConfig": { "enhancements": {} }, "gridData": { - "h": 16, + "h": 18, "i": "579da37e-73d7-48b8-a2ae-09f9252be1d0", "w": 9, "x": 29, @@ -78,14 +78,14 @@ "panelIndex": "579da37e-73d7-48b8-a2ae-09f9252be1d0", "panelRefName": "panel_579da37e-73d7-48b8-a2ae-09f9252be1d0", "type": "lens", - "version": "7.13.2" + "version": "8.1.0-SNAPSHOT" }, { "embeddableConfig": { "enhancements": {} }, "gridData": { - "h": 16, + "h": 18, "i": "5df65cab-f10e-4192-8490-9586519be39a", "w": 10, "x": 38, @@ -94,7 +94,7 @@ "panelIndex": "5df65cab-f10e-4192-8490-9586519be39a", "panelRefName": "panel_5df65cab-f10e-4192-8490-9586519be39a", "type": "lens", - "version": "7.13.2" + "version": "8.1.0-SNAPSHOT" }, { "embeddableConfig": { @@ -105,12 +105,12 @@ "i": "64b0403d-03e5-48c3-9dae-0b005ebb5f1a", "w": 25, "x": 0, - "y": 16 + "y": 18 }, "panelIndex": "64b0403d-03e5-48c3-9dae-0b005ebb5f1a", "panelRefName": "panel_64b0403d-03e5-48c3-9dae-0b005ebb5f1a", "type": "lens", - "version": "7.13.2" + "version": "8.1.0-SNAPSHOT" }, { "embeddableConfig": { @@ -121,182 +121,325 @@ "i": "e95ad49d-d270-4592-af6b-0bb20ab8686a", "w": 23, "x": 25, - "y": 16 + "y": 18 }, "panelIndex": "e95ad49d-d270-4592-af6b-0bb20ab8686a", "panelRefName": "panel_e95ad49d-d270-4592-af6b-0bb20ab8686a", "type": "lens", - "version": "7.13.2" + "version": "8.1.0-SNAPSHOT" }, { "embeddableConfig": { "enhancements": {} }, "gridData": { - "h": 17, + "h": 18, "i": "1be4a1f3-6421-4bd4-99af-f2c9f99c944d", "w": 7, "x": 0, - "y": 33 + "y": 35 }, "panelIndex": "1be4a1f3-6421-4bd4-99af-f2c9f99c944d", "panelRefName": "panel_1be4a1f3-6421-4bd4-99af-f2c9f99c944d", "type": "lens", - "version": "7.13.2" + "version": "8.1.0-SNAPSHOT" }, { "embeddableConfig": { "enhancements": {} }, "gridData": { - "h": 17, + "h": 18, "i": "f2318e6a-9258-4628-897f-c39d16452ec5", "w": 9, "x": 7, - "y": 33 + "y": 35 }, "panelIndex": "f2318e6a-9258-4628-897f-c39d16452ec5", "panelRefName": "panel_f2318e6a-9258-4628-897f-c39d16452ec5", "type": "lens", - "version": "7.13.2" + "version": "8.1.0-SNAPSHOT" }, { "embeddableConfig": { "enhancements": {} }, "gridData": { - "h": 17, + "h": 18, "i": "2aec92d5-3db8-42ee-b5a6-27886672811e", "w": 9, "x": 16, - "y": 33 + "y": 35 }, "panelIndex": "2aec92d5-3db8-42ee-b5a6-27886672811e", "panelRefName": "panel_2aec92d5-3db8-42ee-b5a6-27886672811e", "type": "lens", - "version": "7.13.2" + "version": "8.1.0-SNAPSHOT" }, { "embeddableConfig": { "enhancements": {} }, "gridData": { - "h": 17, + "h": 18, "i": "4ba8c6c1-b5d2-4624-af2a-5c3a0b999eb9", "w": 10, "x": 25, - "y": 33 + "y": 35 }, "panelIndex": "4ba8c6c1-b5d2-4624-af2a-5c3a0b999eb9", "panelRefName": "panel_4ba8c6c1-b5d2-4624-af2a-5c3a0b999eb9", "type": "lens", - "version": "7.13.2" + "version": "8.1.0-SNAPSHOT" }, { "embeddableConfig": { "enhancements": {} }, "gridData": { - "h": 17, + "h": 18, "i": "a60753a1-e859-4388-aff7-e7c30fea8ea0", "w": 13, "x": 35, - "y": 33 + "y": 35 }, "panelIndex": "a60753a1-e859-4388-aff7-e7c30fea8ea0", "panelRefName": "panel_a60753a1-e859-4388-aff7-e7c30fea8ea0", "type": "lens", - "version": "7.13.2" + "version": "8.1.0-SNAPSHOT" }, { "embeddableConfig": { "enhancements": {} }, "gridData": { - "h": 17, + "h": 18, "i": "1ccdc84b-976e-4579-8227-e1fec014d744", "w": 9, "x": 0, - "y": 50 + "y": 53 }, "panelIndex": "1ccdc84b-976e-4579-8227-e1fec014d744", "panelRefName": "panel_1ccdc84b-976e-4579-8227-e1fec014d744", "type": "lens", - "version": "7.13.2" + "version": "8.1.0-SNAPSHOT" }, { "embeddableConfig": { "enhancements": {} }, "gridData": { - "h": 17, + "h": 18, "i": "48cc5d73-41e5-4c50-bd4b-a2c44848bfa1", "w": 9, "x": 9, - "y": 50 + "y": 53 }, "panelIndex": "48cc5d73-41e5-4c50-bd4b-a2c44848bfa1", "panelRefName": "panel_48cc5d73-41e5-4c50-bd4b-a2c44848bfa1", "type": "lens", - "version": "7.13.2" + "version": "8.1.0-SNAPSHOT" }, { "embeddableConfig": { "enhancements": {} }, "gridData": { - "h": 17, + "h": 18, "i": "a454a943-3968-4796-ac2a-89c78ad10c50", "w": 9, "x": 18, - "y": 50 + "y": 53 }, "panelIndex": "a454a943-3968-4796-ac2a-89c78ad10c50", "panelRefName": "panel_a454a943-3968-4796-ac2a-89c78ad10c50", "type": "lens", - "version": "7.13.2" + "version": "8.1.0-SNAPSHOT" }, { "embeddableConfig": { "enhancements": {} }, "gridData": { - "h": 17, + "h": 18, "i": "f2bbe7e9-0c11-4ab8-a1cb-5c7b36b950f6", "w": 9, "x": 27, - "y": 50 + "y": 53 }, "panelIndex": "f2bbe7e9-0c11-4ab8-a1cb-5c7b36b950f6", "panelRefName": "panel_f2bbe7e9-0c11-4ab8-a1cb-5c7b36b950f6", "type": "lens", - "version": "7.13.2" + "version": "8.1.0-SNAPSHOT" }, { "embeddableConfig": { "enhancements": {} }, "gridData": { - "h": 17, + "h": 18, "i": "f3a61f45-ac06-44db-b21c-1ffbb9e99014", "w": 12, "x": 36, - "y": 50 + "y": 53 }, "panelIndex": "f3a61f45-ac06-44db-b21c-1ffbb9e99014", "panelRefName": "panel_f3a61f45-ac06-44db-b21c-1ffbb9e99014", "type": "lens", - "version": "7.13.2" + "version": "8.1.0-SNAPSHOT" + }, + { + "embeddableConfig": { + "enhancements": {} + }, + "gridData": { + "h": 18, + "i": "cbb60fce-f04b-4db4-a8ae-43006185696d", + "w": 12, + "x": 0, + "y": 71 + }, + "panelIndex": "cbb60fce-f04b-4db4-a8ae-43006185696d", + "panelRefName": "panel_cbb60fce-f04b-4db4-a8ae-43006185696d", + "type": "lens", + "version": "8.1.0-SNAPSHOT" + }, + { + "embeddableConfig": { + "attributes": { + "references": [ + { + "id": "filebeat-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "filebeat-*", + "name": "indexpattern-datasource-layer-d7cd172c-a50a-40bf-a14a-3d15dc485307", + "type": "index-pattern" + } + ], + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "d7cd172c-a50a-40bf-a14a-3d15dc485307": { + "columnOrder": [ + "dac2417a-0b3b-430a-bd24-23abfcea4a4c", + "0f52145d-3202-440c-bfe4-62c49385bd9c" + ], + "columns": { + "0f52145d-3202-440c-bfe4-62c49385bd9c": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + }, + "dac2417a-0b3b-430a-bd24-23abfcea4a4c": { + "dataType": "string", + "isBucketed": true, + "label": "Top values of recordedfuture.evidence_details.Rule", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "0f52145d-3202-440c-bfe4-62c49385bd9c", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "recordedfuture.evidence_details.Rule" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "columnId": "dac2417a-0b3b-430a-bd24-23abfcea4a4c", + "isTransposed": false + }, + { + "columnId": "0f52145d-3202-440c-bfe4-62c49385bd9c", + "isTransposed": false + } + ], + "layerId": "d7cd172c-a50a-40bf-a14a-3d15dc485307", + "layerType": "data" + } + }, + "title": "", + "type": "lens", + "visualizationType": "lnsDatatable" + }, + "enhancements": {} + }, + "gridData": { + "h": 18, + "i": "4a2008ab-b0ed-45bf-9a3f-9b2aaa445594", + "w": 10, + "x": 12, + "y": 71 + }, + "panelIndex": "4a2008ab-b0ed-45bf-9a3f-9b2aaa445594", + "panelRefName": "panel_4a2008ab-b0ed-45bf-9a3f-9b2aaa445594", + "type": "lens", + "version": "8.1.0-SNAPSHOT" + }, + { + "embeddableConfig": { + "enhancements": {} + }, + "gridData": { + "h": 18, + "i": "2e49998b-7bd1-4743-9447-0bd087820080", + "w": 11, + "x": 22, + "y": 71 + }, + "panelIndex": "2e49998b-7bd1-4743-9447-0bd087820080", + "panelRefName": "panel_2e49998b-7bd1-4743-9447-0bd087820080", + "type": "lens", + "version": "8.1.0-SNAPSHOT" + }, + { + "embeddableConfig": { + "enhancements": {} + }, + "gridData": { + "h": 18, + "i": "0e825dd7-f593-4741-b28d-8e58158b0e04", + "w": 15, + "x": 33, + "y": 71 + }, + "panelIndex": "0e825dd7-f593-4741-b28d-8e58158b0e04", + "panelRefName": "panel_0e825dd7-f593-4741-b28d-8e58158b0e04", + "type": "lens", + "version": "8.1.0-SNAPSHOT" } ], "timeRestore": false, "title": "[Filebeat Threat Intel] Recorded Future", "version": 1 }, - "coreMigrationVersion": "8.0.0", + "coreMigrationVersion": "8.1.0", "id": "894dd3e0-df57-11eb-8f2b-753caedf727d", "migrationVersion": { - "dashboard": "7.14.0" + "dashboard": "8.1.0" }, "references": [ { @@ -384,6 +527,36 @@ "name": "f3a61f45-ac06-44db-b21c-1ffbb9e99014:panel_f3a61f45-ac06-44db-b21c-1ffbb9e99014", "type": "lens" }, + { + "id": "6b33edb0-8478-11ec-8aa9-11bf914a1ef2", + "name": "cbb60fce-f04b-4db4-a8ae-43006185696d:panel_cbb60fce-f04b-4db4-a8ae-43006185696d", + "type": "lens" + }, + { + "id": "c6079390-8478-11ec-8aa9-11bf914a1ef2", + "name": "4a2008ab-b0ed-45bf-9a3f-9b2aaa445594:panel_4a2008ab-b0ed-45bf-9a3f-9b2aaa445594", + "type": "lens" + }, + { + "id": "filebeat-*", + "name": "4a2008ab-b0ed-45bf-9a3f-9b2aaa445594:indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "filebeat-*", + "name": "4a2008ab-b0ed-45bf-9a3f-9b2aaa445594:indexpattern-datasource-layer-d7cd172c-a50a-40bf-a14a-3d15dc485307", + "type": "index-pattern" + }, + { + "id": "2d365f10-8479-11ec-8aa9-11bf914a1ef2", + "name": "2e49998b-7bd1-4743-9447-0bd087820080:panel_2e49998b-7bd1-4743-9447-0bd087820080", + "type": "lens" + }, + { + "id": "739274d0-8479-11ec-8aa9-11bf914a1ef2", + "name": "0e825dd7-f593-4741-b28d-8e58158b0e04:panel_0e825dd7-f593-4741-b28d-8e58158b0e04", + "type": "lens" + }, { "id": "d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f", "name": "tag-d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f", @@ -391,6 +564,6 @@ } ], "type": "dashboard", - "updated_at": "2021-08-04T16:34:33.127Z", - "version": "WzQ2NjEsMV0=" + "updated_at": "2022-02-02T22:58:56.215Z", + "version": "WzI0MjEsMV0=" } \ No newline at end of file diff --git a/x-pack/filebeat/module/threatintel/_meta/kibana/7/lens/037e2af0-df50-11eb-8f2b-753caedf727d.json b/x-pack/filebeat/module/threatintel/_meta/kibana/7/lens/037e2af0-df50-11eb-8f2b-753caedf727d.json index 0c677668719..a25cc0cda55 100644 --- a/x-pack/filebeat/module/threatintel/_meta/kibana/7/lens/037e2af0-df50-11eb-8f2b-753caedf727d.json +++ b/x-pack/filebeat/module/threatintel/_meta/kibana/7/lens/037e2af0-df50-11eb-8f2b-753caedf727d.json @@ -59,6 +59,7 @@ "7b2420d3-1149-4f18-a114-e984e3c701f3" ], "layerId": "41f41086-8875-4d18-8844-b51b9c9cb8bc", + "layerType": "data", "legendDisplay": "default", "metric": "9afb1b09-0f20-488c-9242-a94f7d11800b", "nestedLegend": false, @@ -71,10 +72,10 @@ "title": "Recorded Future Indicator Type [Filebeat Threat Intel]", "visualizationType": "lnsPie" }, - "coreMigrationVersion": "8.0.0", + "coreMigrationVersion": "8.1.0", "id": "037e2af0-df50-11eb-8f2b-753caedf727d", "migrationVersion": { - "lens": "7.13.1" + "lens": "8.1.0" }, "references": [ { @@ -94,6 +95,6 @@ } ], "type": "lens", - "updated_at": "2021-08-04T16:34:33.127Z", - "version": "WzQ2NjIsMV0=" -} + "updated_at": "2022-02-01T15:45:07.866Z", + "version": "WzExMTAsMV0=" +} \ No newline at end of file diff --git a/x-pack/filebeat/module/threatintel/_meta/kibana/7/lens/06744e90-df52-11eb-8f2b-753caedf727d.json b/x-pack/filebeat/module/threatintel/_meta/kibana/7/lens/06744e90-df52-11eb-8f2b-753caedf727d.json index 38b8c85420e..2fb0aee75a2 100644 --- a/x-pack/filebeat/module/threatintel/_meta/kibana/7/lens/06744e90-df52-11eb-8f2b-753caedf727d.json +++ b/x-pack/filebeat/module/threatintel/_meta/kibana/7/lens/06744e90-df52-11eb-8f2b-753caedf727d.json @@ -60,16 +60,17 @@ "isTransposed": false } ], - "layerId": "41f41086-8875-4d18-8844-b51b9c9cb8bc" + "layerId": "41f41086-8875-4d18-8844-b51b9c9cb8bc", + "layerType": "data" } }, "title": "Recorded Future IPv6 Indicators [Filebeat Threat Intel]", "visualizationType": "lnsDatatable" }, - "coreMigrationVersion": "8.0.0", + "coreMigrationVersion": "8.1.0", "id": "06744e90-df52-11eb-8f2b-753caedf727d", "migrationVersion": { - "lens": "7.13.1" + "lens": "8.1.0" }, "references": [ { @@ -89,6 +90,6 @@ } ], "type": "lens", - "updated_at": "2021-08-04T16:34:33.127Z", - "version": "WzQ2NzAsMV0=" -} + "updated_at": "2022-02-01T15:45:07.866Z", + "version": "WzExMTgsMV0=" +} \ No newline at end of file diff --git a/x-pack/filebeat/module/threatintel/_meta/kibana/7/lens/139c7da0-df51-11eb-8f2b-753caedf727d.json b/x-pack/filebeat/module/threatintel/_meta/kibana/7/lens/139c7da0-df51-11eb-8f2b-753caedf727d.json index e2269eea6d9..96ed37882e2 100644 --- a/x-pack/filebeat/module/threatintel/_meta/kibana/7/lens/139c7da0-df51-11eb-8f2b-753caedf727d.json +++ b/x-pack/filebeat/module/threatintel/_meta/kibana/7/lens/139c7da0-df51-11eb-8f2b-753caedf727d.json @@ -59,16 +59,17 @@ "isTransposed": false } ], - "layerId": "41f41086-8875-4d18-8844-b51b9c9cb8bc" + "layerId": "41f41086-8875-4d18-8844-b51b9c9cb8bc", + "layerType": "data" } }, "title": "Recorded Future SHA256 Hash Indicators [Filebeat Threat Intel]", "visualizationType": "lnsDatatable" }, - "coreMigrationVersion": "8.0.0", + "coreMigrationVersion": "8.1.0", "id": "139c7da0-df51-11eb-8f2b-753caedf727d", "migrationVersion": { - "lens": "7.13.1" + "lens": "8.1.0" }, "references": [ { @@ -88,6 +89,6 @@ } ], "type": "lens", - "updated_at": "2021-08-04T16:34:33.127Z", - "version": "WzQ2NzMsMV0=" -} + "updated_at": "2022-02-01T15:45:07.866Z", + "version": "WzExMjEsMV0=" +} \ No newline at end of file diff --git a/x-pack/filebeat/module/threatintel/_meta/kibana/7/lens/176bf800-df58-11eb-8f2b-753caedf727d.json b/x-pack/filebeat/module/threatintel/_meta/kibana/7/lens/176bf800-df58-11eb-8f2b-753caedf727d.json index 4460a1bbdb6..a798cb4ac08 100644 --- a/x-pack/filebeat/module/threatintel/_meta/kibana/7/lens/176bf800-df58-11eb-8f2b-753caedf727d.json +++ b/x-pack/filebeat/module/threatintel/_meta/kibana/7/lens/176bf800-df58-11eb-8f2b-753caedf727d.json @@ -32,16 +32,17 @@ }, "visualization": { "accessor": "7a45df79-3fa9-480a-95f4-7f287a386b7d", - "layerId": "27155b23-ab24-4f18-b7dd-159f339e5e9b" + "layerId": "27155b23-ab24-4f18-b7dd-159f339e5e9b", + "layerType": "data" } }, "title": "Recorded Future Indicators [Filebeat Threat Intel]", "visualizationType": "lnsMetric" }, - "coreMigrationVersion": "8.0.0", + "coreMigrationVersion": "8.1.0", "id": "176bf800-df58-11eb-8f2b-753caedf727d", "migrationVersion": { - "lens": "7.13.1" + "lens": "8.1.0" }, "references": [ { @@ -61,6 +62,6 @@ } ], "type": "lens", - "updated_at": "2021-08-04T16:34:33.127Z", - "version": "WzQ2NjQsMV0=" + "updated_at": "2022-02-01T15:45:07.866Z", + "version": "WzExMTIsMV0=" } \ No newline at end of file diff --git a/x-pack/filebeat/module/threatintel/_meta/kibana/7/lens/2d365f10-8479-11ec-8aa9-11bf914a1ef2.json b/x-pack/filebeat/module/threatintel/_meta/kibana/7/lens/2d365f10-8479-11ec-8aa9-11bf914a1ef2.json new file mode 100644 index 00000000000..22195412b6c --- /dev/null +++ b/x-pack/filebeat/module/threatintel/_meta/kibana/7/lens/2d365f10-8479-11ec-8aa9-11bf914a1ef2.json @@ -0,0 +1,95 @@ +{ + "attributes": { + "description": "Recorded Future evidence source, ingested by threat intel Filebeat module.", + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "adf5e0dc-5b6d-46b0-a95a-0e692d197777": { + "columnOrder": [ + "603b8ae9-c00d-4fb2-be8f-66c19169c801", + "84667e97-bc5d-459e-809c-8c5616c0bda8" + ], + "columns": { + "603b8ae9-c00d-4fb2-be8f-66c19169c801": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Recorded Future Evidence Sources", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "84667e97-bc5d-459e-809c-8c5616c0bda8", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "recordedfuture.evidence_details.Sources" + }, + "84667e97-bc5d-459e-809c-8c5616c0bda8": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "columnId": "603b8ae9-c00d-4fb2-be8f-66c19169c801", + "isTransposed": false + }, + { + "columnId": "84667e97-bc5d-459e-809c-8c5616c0bda8", + "isTransposed": false + } + ], + "layerId": "adf5e0dc-5b6d-46b0-a95a-0e692d197777", + "layerType": "data" + } + }, + "title": "Recorded Future Evidence Source [Filebeat Threat Intel]", + "visualizationType": "lnsDatatable" + }, + "coreMigrationVersion": "8.1.0", + "id": "2d365f10-8479-11ec-8aa9-11bf914a1ef2", + "migrationVersion": { + "lens": "8.1.0" + }, + "references": [ + { + "id": "filebeat-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "filebeat-*", + "name": "indexpattern-datasource-layer-adf5e0dc-5b6d-46b0-a95a-0e692d197777", + "type": "index-pattern" + }, + { + "id": "d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f", + "name": "tag-ref-d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f", + "type": "tag" + } + ], + "type": "lens", + "updated_at": "2022-02-02T22:44:53.659Z", + "version": "WzIzMDksMV0=" +} \ No newline at end of file diff --git a/x-pack/filebeat/module/threatintel/_meta/kibana/7/lens/3c996410-df52-11eb-8f2b-753caedf727d.json b/x-pack/filebeat/module/threatintel/_meta/kibana/7/lens/3c996410-df52-11eb-8f2b-753caedf727d.json index da5e6785b5a..e5b5e45a586 100644 --- a/x-pack/filebeat/module/threatintel/_meta/kibana/7/lens/3c996410-df52-11eb-8f2b-753caedf727d.json +++ b/x-pack/filebeat/module/threatintel/_meta/kibana/7/lens/3c996410-df52-11eb-8f2b-753caedf727d.json @@ -60,16 +60,17 @@ "isTransposed": false } ], - "layerId": "41f41086-8875-4d18-8844-b51b9c9cb8bc" + "layerId": "41f41086-8875-4d18-8844-b51b9c9cb8bc", + "layerType": "data" } }, "title": "Recorded Future Domain Indicators [Filebeat Threat Intel]", "visualizationType": "lnsDatatable" }, - "coreMigrationVersion": "8.0.0", + "coreMigrationVersion": "8.1.0", "id": "3c996410-df52-11eb-8f2b-753caedf727d", "migrationVersion": { - "lens": "7.13.1" + "lens": "8.1.0" }, "references": [ { @@ -89,6 +90,6 @@ } ], "type": "lens", - "updated_at": "2021-08-04T16:34:33.127Z", - "version": "WzQ2NzcsMV0=" -} + "updated_at": "2022-02-01T15:45:07.866Z", + "version": "WzExMjUsMV0=" +} \ No newline at end of file diff --git a/x-pack/filebeat/module/threatintel/_meta/kibana/7/lens/4bcc4cb0-df50-11eb-8f2b-753caedf727d.json b/x-pack/filebeat/module/threatintel/_meta/kibana/7/lens/4bcc4cb0-df50-11eb-8f2b-753caedf727d.json index b069d14277d..a5d5981e279 100644 --- a/x-pack/filebeat/module/threatintel/_meta/kibana/7/lens/4bcc4cb0-df50-11eb-8f2b-753caedf727d.json +++ b/x-pack/filebeat/module/threatintel/_meta/kibana/7/lens/4bcc4cb0-df50-11eb-8f2b-753caedf727d.json @@ -60,6 +60,7 @@ "7b2420d3-1149-4f18-a114-e984e3c701f3" ], "layerId": "41f41086-8875-4d18-8844-b51b9c9cb8bc", + "layerType": "data", "legendDisplay": "default", "metric": "9afb1b09-0f20-488c-9242-a94f7d11800b", "nestedLegend": false, @@ -72,10 +73,10 @@ "title": "Recorded Future Risk Score [Filebeat Threat Intel]", "visualizationType": "lnsPie" }, - "coreMigrationVersion": "8.0.0", + "coreMigrationVersion": "8.1.0", "id": "4bcc4cb0-df50-11eb-8f2b-753caedf727d", "migrationVersion": { - "lens": "7.13.1" + "lens": "8.1.0" }, "references": [ { @@ -95,6 +96,6 @@ } ], "type": "lens", - "updated_at": "2021-08-04T16:34:33.127Z", - "version": "WzQ2NjUsMV0=" + "updated_at": "2022-02-01T15:45:07.866Z", + "version": "WzExMTMsMV0=" } \ No newline at end of file diff --git a/x-pack/filebeat/module/threatintel/_meta/kibana/7/lens/5e76ef90-df51-11eb-8f2b-753caedf727d.json b/x-pack/filebeat/module/threatintel/_meta/kibana/7/lens/5e76ef90-df51-11eb-8f2b-753caedf727d.json index a6fde56bd64..88726d73f76 100644 --- a/x-pack/filebeat/module/threatintel/_meta/kibana/7/lens/5e76ef90-df51-11eb-8f2b-753caedf727d.json +++ b/x-pack/filebeat/module/threatintel/_meta/kibana/7/lens/5e76ef90-df51-11eb-8f2b-753caedf727d.json @@ -59,16 +59,17 @@ "isTransposed": false } ], - "layerId": "41f41086-8875-4d18-8844-b51b9c9cb8bc" + "layerId": "41f41086-8875-4d18-8844-b51b9c9cb8bc", + "layerType": "data" } }, "title": "Recorded Future URL Domain Indicators [Filebeat Threat Intel]", "visualizationType": "lnsDatatable" }, - "coreMigrationVersion": "8.0.0", + "coreMigrationVersion": "8.1.0", "id": "5e76ef90-df51-11eb-8f2b-753caedf727d", "migrationVersion": { - "lens": "7.13.1" + "lens": "8.1.0" }, "references": [ { @@ -88,6 +89,6 @@ } ], "type": "lens", - "updated_at": "2021-08-04T16:34:33.127Z", - "version": "WzQ2NzUsMV0=" -} + "updated_at": "2022-02-01T15:45:07.866Z", + "version": "WzExMjMsMV0=" +} \ No newline at end of file diff --git a/x-pack/filebeat/module/threatintel/_meta/kibana/7/lens/6b33edb0-8478-11ec-8aa9-11bf914a1ef2.json b/x-pack/filebeat/module/threatintel/_meta/kibana/7/lens/6b33edb0-8478-11ec-8aa9-11bf914a1ef2.json new file mode 100644 index 00000000000..8c21bae8996 --- /dev/null +++ b/x-pack/filebeat/module/threatintel/_meta/kibana/7/lens/6b33edb0-8478-11ec-8aa9-11bf914a1ef2.json @@ -0,0 +1,95 @@ +{ + "attributes": { + "description": "Recorded Future evidence name, ingested by threat intel Filebeat module.", + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "adf5e0dc-5b6d-46b0-a95a-0e692d197777": { + "columnOrder": [ + "603b8ae9-c00d-4fb2-be8f-66c19169c801", + "84667e97-bc5d-459e-809c-8c5616c0bda8" + ], + "columns": { + "603b8ae9-c00d-4fb2-be8f-66c19169c801": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Recorded Future Evidence Name", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "84667e97-bc5d-459e-809c-8c5616c0bda8", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "recordedfuture.evidence_details.Name" + }, + "84667e97-bc5d-459e-809c-8c5616c0bda8": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "columnId": "603b8ae9-c00d-4fb2-be8f-66c19169c801", + "isTransposed": false + }, + { + "columnId": "84667e97-bc5d-459e-809c-8c5616c0bda8", + "isTransposed": false + } + ], + "layerId": "adf5e0dc-5b6d-46b0-a95a-0e692d197777", + "layerType": "data" + } + }, + "title": "Recorded Future Evidence Name [Filebeat Threat Intel]", + "visualizationType": "lnsDatatable" + }, + "coreMigrationVersion": "8.1.0", + "id": "6b33edb0-8478-11ec-8aa9-11bf914a1ef2", + "migrationVersion": { + "lens": "8.1.0" + }, + "references": [ + { + "id": "filebeat-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "filebeat-*", + "name": "indexpattern-datasource-layer-adf5e0dc-5b6d-46b0-a95a-0e692d197777", + "type": "index-pattern" + }, + { + "id": "d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f", + "name": "tag-ref-d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f", + "type": "tag" + } + ], + "type": "lens", + "updated_at": "2022-02-02T22:44:40.916Z", + "version": "WzIyOTksMV0=" +} \ No newline at end of file diff --git a/x-pack/filebeat/module/threatintel/_meta/kibana/7/lens/739274d0-8479-11ec-8aa9-11bf914a1ef2.json b/x-pack/filebeat/module/threatintel/_meta/kibana/7/lens/739274d0-8479-11ec-8aa9-11bf914a1ef2.json new file mode 100644 index 00000000000..5ca9d1f7d59 --- /dev/null +++ b/x-pack/filebeat/module/threatintel/_meta/kibana/7/lens/739274d0-8479-11ec-8aa9-11bf914a1ef2.json @@ -0,0 +1,95 @@ +{ + "attributes": { + "description": "Recorded Future evidence timestamp, ingested threat intel Filebeat module.", + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "189f5cd8-f47f-4a4b-8b06-1417ddf545f8": { + "columnOrder": [ + "d5b0eba3-5cb3-40fe-adb6-8f1a1de50e57", + "b5aa0466-7f5c-4c82-a134-f4d56ed3e9db" + ], + "columns": { + "b5aa0466-7f5c-4c82-a134-f4d56ed3e9db": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + }, + "d5b0eba3-5cb3-40fe-adb6-8f1a1de50e57": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Recorded Future Evidence Timestamp", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "b5aa0466-7f5c-4c82-a134-f4d56ed3e9db", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "recordedfuture.evidence_details.Timestamp" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "columnId": "d5b0eba3-5cb3-40fe-adb6-8f1a1de50e57", + "isTransposed": false + }, + { + "columnId": "b5aa0466-7f5c-4c82-a134-f4d56ed3e9db", + "isTransposed": false + } + ], + "layerId": "189f5cd8-f47f-4a4b-8b06-1417ddf545f8", + "layerType": "data" + } + }, + "title": "Recorded Future Evidence Timestamp [Filebeat Threat Intel]", + "visualizationType": "lnsDatatable" + }, + "coreMigrationVersion": "8.1.0", + "id": "739274d0-8479-11ec-8aa9-11bf914a1ef2", + "migrationVersion": { + "lens": "8.1.0" + }, + "references": [ + { + "id": "filebeat-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "filebeat-*", + "name": "indexpattern-datasource-layer-189f5cd8-f47f-4a4b-8b06-1417ddf545f8", + "type": "index-pattern" + }, + { + "id": "d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f", + "name": "tag-ref-d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f", + "type": "tag" + } + ], + "type": "lens", + "updated_at": "2022-02-02T22:45:05.207Z", + "version": "WzIzMTksMV0=" +} \ No newline at end of file diff --git a/x-pack/filebeat/module/threatintel/_meta/kibana/7/lens/790cd040-df51-11eb-8f2b-753caedf727d.json b/x-pack/filebeat/module/threatintel/_meta/kibana/7/lens/790cd040-df51-11eb-8f2b-753caedf727d.json index 781a6a42a39..ccd919a8372 100644 --- a/x-pack/filebeat/module/threatintel/_meta/kibana/7/lens/790cd040-df51-11eb-8f2b-753caedf727d.json +++ b/x-pack/filebeat/module/threatintel/_meta/kibana/7/lens/790cd040-df51-11eb-8f2b-753caedf727d.json @@ -60,16 +60,17 @@ "isTransposed": false } ], - "layerId": "41f41086-8875-4d18-8844-b51b9c9cb8bc" + "layerId": "41f41086-8875-4d18-8844-b51b9c9cb8bc", + "layerType": "data" } }, "title": "Recorded Future URL Original Indicators [Filebeat Threat Intel]", "visualizationType": "lnsDatatable" }, - "coreMigrationVersion": "8.0.0", + "coreMigrationVersion": "8.1.0", "id": "790cd040-df51-11eb-8f2b-753caedf727d", "migrationVersion": { - "lens": "7.13.1" + "lens": "8.1.0" }, "references": [ { @@ -89,6 +90,6 @@ } ], "type": "lens", - "updated_at": "2021-08-04T16:34:33.127Z", - "version": "WzQ2NzgsMV0=" -} + "updated_at": "2022-02-01T15:45:07.866Z", + "version": "WzExMjYsMV0=" +} \ No newline at end of file diff --git a/x-pack/filebeat/module/threatintel/_meta/kibana/7/lens/7ed4ce00-df52-11eb-8f2b-753caedf727d.json b/x-pack/filebeat/module/threatintel/_meta/kibana/7/lens/7ed4ce00-df52-11eb-8f2b-753caedf727d.json index a412cd39fca..6eb073cdb7d 100644 --- a/x-pack/filebeat/module/threatintel/_meta/kibana/7/lens/7ed4ce00-df52-11eb-8f2b-753caedf727d.json +++ b/x-pack/filebeat/module/threatintel/_meta/kibana/7/lens/7ed4ce00-df52-11eb-8f2b-753caedf727d.json @@ -60,16 +60,17 @@ "isTransposed": false } ], - "layerId": "41f41086-8875-4d18-8844-b51b9c9cb8bc" + "layerId": "41f41086-8875-4d18-8844-b51b9c9cb8bc", + "layerType": "data" } }, "title": "Recorded Future Intel Cards [Filebeat Threat Intel]", "visualizationType": "lnsDatatable" }, - "coreMigrationVersion": "8.0.0", + "coreMigrationVersion": "8.1.0", "id": "7ed4ce00-df52-11eb-8f2b-753caedf727d", "migrationVersion": { - "lens": "7.13.1" + "lens": "8.1.0" }, "references": [ { @@ -89,6 +90,6 @@ } ], "type": "lens", - "updated_at": "2021-08-04T16:34:33.127Z", - "version": "WzQ2NjcsMV0=" + "updated_at": "2022-02-01T15:45:07.866Z", + "version": "WzExMTUsMV0=" } \ No newline at end of file diff --git a/x-pack/filebeat/module/threatintel/_meta/kibana/7/lens/82fa7420-df58-11eb-8f2b-753caedf727d.json b/x-pack/filebeat/module/threatintel/_meta/kibana/7/lens/82fa7420-df58-11eb-8f2b-753caedf727d.json index 76c617548ca..1bfb63f0585 100644 --- a/x-pack/filebeat/module/threatintel/_meta/kibana/7/lens/82fa7420-df58-11eb-8f2b-753caedf727d.json +++ b/x-pack/filebeat/module/threatintel/_meta/kibana/7/lens/82fa7420-df58-11eb-8f2b-753caedf727d.json @@ -49,6 +49,7 @@ "86e20fd3-86a5-4796-b4b8-f2461a9fa922" ], "layerId": "98644301-1cd1-4e54-9f5b-71a1cbcdd8c8", + "layerType": "data", "position": "top", "seriesType": "line", "showGridlines": false, @@ -67,10 +68,10 @@ "title": "Recorded Future Indicators Over Time [Filebeat Threat Intel]", "visualizationType": "lnsXY" }, - "coreMigrationVersion": "8.0.0", + "coreMigrationVersion": "8.1.0", "id": "82fa7420-df58-11eb-8f2b-753caedf727d", "migrationVersion": { - "lens": "7.13.1" + "lens": "8.1.0" }, "references": [ { @@ -90,6 +91,6 @@ } ], "type": "lens", - "updated_at": "2021-08-04T16:34:33.127Z", - "version": "WzQ2NjgsMV0=" + "updated_at": "2022-02-01T15:45:07.866Z", + "version": "WzExMTYsMV0=" } \ No newline at end of file diff --git a/x-pack/filebeat/module/threatintel/_meta/kibana/7/lens/8fb01a00-df51-11eb-8f2b-753caedf727d.json b/x-pack/filebeat/module/threatintel/_meta/kibana/7/lens/8fb01a00-df51-11eb-8f2b-753caedf727d.json index b8cc9578146..a50d451682d 100644 --- a/x-pack/filebeat/module/threatintel/_meta/kibana/7/lens/8fb01a00-df51-11eb-8f2b-753caedf727d.json +++ b/x-pack/filebeat/module/threatintel/_meta/kibana/7/lens/8fb01a00-df51-11eb-8f2b-753caedf727d.json @@ -60,16 +60,17 @@ "isTransposed": false } ], - "layerId": "41f41086-8875-4d18-8844-b51b9c9cb8bc" + "layerId": "41f41086-8875-4d18-8844-b51b9c9cb8bc", + "layerType": "data" } }, "title": "Recorded Future URL Path Indicators [Filebeat Threat Intel]", "visualizationType": "lnsDatatable" }, - "coreMigrationVersion": "8.0.0", + "coreMigrationVersion": "8.1.0", "id": "8fb01a00-df51-11eb-8f2b-753caedf727d", "migrationVersion": { - "lens": "7.13.1" + "lens": "8.1.0" }, "references": [ { @@ -89,6 +90,6 @@ } ], "type": "lens", - "updated_at": "2021-08-04T16:34:33.127Z", - "version": "WzQ2NzYsMV0=" -} + "updated_at": "2022-02-01T15:45:07.866Z", + "version": "WzExMjQsMV0=" +} \ No newline at end of file diff --git a/x-pack/filebeat/module/threatintel/_meta/kibana/7/lens/949bc180-df52-11eb-8f2b-753caedf727d.json b/x-pack/filebeat/module/threatintel/_meta/kibana/7/lens/949bc180-df52-11eb-8f2b-753caedf727d.json index ec09008e580..14b23658acc 100644 --- a/x-pack/filebeat/module/threatintel/_meta/kibana/7/lens/949bc180-df52-11eb-8f2b-753caedf727d.json +++ b/x-pack/filebeat/module/threatintel/_meta/kibana/7/lens/949bc180-df52-11eb-8f2b-753caedf727d.json @@ -28,7 +28,7 @@ "size": 10 }, "scale": "ordinal", - "sourceField": "recordedfuture.risk.riskSummary" + "sourceField": "recordedfuture.risk_string" }, "9afb1b09-0f20-488c-9242-a94f7d11800b": { "dataType": "number", @@ -60,16 +60,17 @@ "isTransposed": false } ], - "layerId": "41f41086-8875-4d18-8844-b51b9c9cb8bc" + "layerId": "41f41086-8875-4d18-8844-b51b9c9cb8bc", + "layerType": "data" } }, "title": "Recorded Future Risk Summary [Filebeat Threat Intel]", "visualizationType": "lnsDatatable" }, - "coreMigrationVersion": "8.0.0", + "coreMigrationVersion": "8.1.0", "id": "949bc180-df52-11eb-8f2b-753caedf727d", "migrationVersion": { - "lens": "7.13.1" + "lens": "8.1.0" }, "references": [ { @@ -89,6 +90,6 @@ } ], "type": "lens", - "updated_at": "2021-08-04T16:34:33.127Z", - "version": "WzQ2NjYsMV0=" -} + "updated_at": "2022-02-02T22:19:12.496Z", + "version": "WzE4MDEsMV0=" +} \ No newline at end of file diff --git a/x-pack/filebeat/module/threatintel/_meta/kibana/7/lens/a0a31740-df51-11eb-8f2b-753caedf727d.json b/x-pack/filebeat/module/threatintel/_meta/kibana/7/lens/a0a31740-df51-11eb-8f2b-753caedf727d.json index 7a4ccbec7ff..9b908ac525c 100644 --- a/x-pack/filebeat/module/threatintel/_meta/kibana/7/lens/a0a31740-df51-11eb-8f2b-753caedf727d.json +++ b/x-pack/filebeat/module/threatintel/_meta/kibana/7/lens/a0a31740-df51-11eb-8f2b-753caedf727d.json @@ -60,16 +60,17 @@ "isTransposed": false } ], - "layerId": "41f41086-8875-4d18-8844-b51b9c9cb8bc" + "layerId": "41f41086-8875-4d18-8844-b51b9c9cb8bc", + "layerType": "data" } }, "title": "Recorded Future URL Scheme Indicators [Filebeat Threat Intel]", "visualizationType": "lnsDatatable" }, - "coreMigrationVersion": "8.0.0", + "coreMigrationVersion": "8.1.0", "id": "a0a31740-df51-11eb-8f2b-753caedf727d", "migrationVersion": { - "lens": "7.13.1" + "lens": "8.1.0" }, "references": [ { @@ -89,6 +90,6 @@ } ], "type": "lens", - "updated_at": "2021-08-04T16:34:33.127Z", - "version": "WzQ2NzQsMV0=" -} + "updated_at": "2022-02-01T15:45:07.866Z", + "version": "WzExMjIsMV0=" +} \ No newline at end of file diff --git a/x-pack/filebeat/module/threatintel/_meta/kibana/7/lens/b0837690-df52-11eb-8f2b-753caedf727d.json b/x-pack/filebeat/module/threatintel/_meta/kibana/7/lens/b0837690-df52-11eb-8f2b-753caedf727d.json index 2ee5c4b1a2a..ce645b1467b 100644 --- a/x-pack/filebeat/module/threatintel/_meta/kibana/7/lens/b0837690-df52-11eb-8f2b-753caedf727d.json +++ b/x-pack/filebeat/module/threatintel/_meta/kibana/7/lens/b0837690-df52-11eb-8f2b-753caedf727d.json @@ -1,6 +1,6 @@ { "attributes": { - "description": "Recorded Future risk criticality for indicators ingested by the threat intel Filebeat module.", + "description": "Recorded Future evidence criticality for indicators ingested by the threat intel Filebeat module.", "state": { "datasourceStates": { "indexpattern": { @@ -28,7 +28,7 @@ "size": 10 }, "scale": "ordinal", - "sourceField": "recordedfuture.risk.criticalityLabel" + "sourceField": "recordedfuture.evidence_details.CriticalityLabel" }, "9afb1b09-0f20-488c-9242-a94f7d11800b": { "dataType": "number", @@ -57,6 +57,7 @@ "642d5400-4a72-4116-b752-58df5138392a" ], "layerId": "41f41086-8875-4d18-8844-b51b9c9cb8bc", + "layerType": "data", "legendDisplay": "default", "metric": "9afb1b09-0f20-488c-9242-a94f7d11800b", "nestedLegend": false, @@ -66,13 +67,13 @@ "shape": "donut" } }, - "title": "Recorded Future Risk Criticality [Filebeat Threat Intel]", + "title": "Recorded Future Evidence Criticality [Filebeat Threat Intel]", "visualizationType": "lnsPie" }, - "coreMigrationVersion": "8.0.0", + "coreMigrationVersion": "8.1.0", "id": "b0837690-df52-11eb-8f2b-753caedf727d", "migrationVersion": { - "lens": "7.13.1" + "lens": "8.1.0" }, "references": [ { @@ -92,6 +93,6 @@ } ], "type": "lens", - "updated_at": "2021-08-04T16:34:33.127Z", - "version": "WzQ2NjMsMV0=" -} + "updated_at": "2022-02-02T22:22:45.852Z", + "version": "WzE4NzEsMV0=" +} \ No newline at end of file diff --git a/x-pack/filebeat/module/threatintel/_meta/kibana/7/lens/c2a5c180-df51-11eb-8f2b-753caedf727d.json b/x-pack/filebeat/module/threatintel/_meta/kibana/7/lens/c2a5c180-df51-11eb-8f2b-753caedf727d.json index 6163c46e0b0..754d218cdd8 100644 --- a/x-pack/filebeat/module/threatintel/_meta/kibana/7/lens/c2a5c180-df51-11eb-8f2b-753caedf727d.json +++ b/x-pack/filebeat/module/threatintel/_meta/kibana/7/lens/c2a5c180-df51-11eb-8f2b-753caedf727d.json @@ -60,16 +60,17 @@ "isTransposed": false } ], - "layerId": "41f41086-8875-4d18-8844-b51b9c9cb8bc" + "layerId": "41f41086-8875-4d18-8844-b51b9c9cb8bc", + "layerType": "data" } }, "title": "Recorded Future IPv4 Indicators [Filebeat Threat Intel]", "visualizationType": "lnsDatatable" }, - "coreMigrationVersion": "8.0.0", + "coreMigrationVersion": "8.1.0", "id": "c2a5c180-df51-11eb-8f2b-753caedf727d", "migrationVersion": { - "lens": "7.13.1" + "lens": "8.1.0" }, "references": [ { @@ -89,6 +90,6 @@ } ], "type": "lens", - "updated_at": "2021-08-04T16:34:33.127Z", - "version": "WzQ2NjksMV0=" -} + "updated_at": "2022-02-01T15:45:07.866Z", + "version": "WzExMTcsMV0=" +} \ No newline at end of file diff --git a/x-pack/filebeat/module/threatintel/_meta/kibana/7/lens/c6079390-8478-11ec-8aa9-11bf914a1ef2.json b/x-pack/filebeat/module/threatintel/_meta/kibana/7/lens/c6079390-8478-11ec-8aa9-11bf914a1ef2.json new file mode 100644 index 00000000000..12e7bc1c561 --- /dev/null +++ b/x-pack/filebeat/module/threatintel/_meta/kibana/7/lens/c6079390-8478-11ec-8aa9-11bf914a1ef2.json @@ -0,0 +1,95 @@ +{ + "attributes": { + "description": "Recorded Future evidence rule, ingested by the threat intel Filebeat module.", + "state": { + "datasourceStates": { + "indexpattern": { + "layers": { + "d7cd172c-a50a-40bf-a14a-3d15dc485307": { + "columnOrder": [ + "dac2417a-0b3b-430a-bd24-23abfcea4a4c", + "0f52145d-3202-440c-bfe4-62c49385bd9c" + ], + "columns": { + "0f52145d-3202-440c-bfe4-62c49385bd9c": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "scale": "ratio", + "sourceField": "Records" + }, + "dac2417a-0b3b-430a-bd24-23abfcea4a4c": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Recorded Future Evidence Rule", + "operationType": "terms", + "params": { + "missingBucket": false, + "orderBy": { + "columnId": "0f52145d-3202-440c-bfe4-62c49385bd9c", + "type": "column" + }, + "orderDirection": "desc", + "otherBucket": true, + "size": 10 + }, + "scale": "ordinal", + "sourceField": "recordedfuture.evidence_details.Rule" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "columnId": "dac2417a-0b3b-430a-bd24-23abfcea4a4c", + "isTransposed": false + }, + { + "columnId": "0f52145d-3202-440c-bfe4-62c49385bd9c", + "isTransposed": false + } + ], + "layerId": "d7cd172c-a50a-40bf-a14a-3d15dc485307", + "layerType": "data" + } + }, + "title": "Recorded Future Evidence Rule [Filebeat Threat Intel]", + "visualizationType": "lnsDatatable" + }, + "coreMigrationVersion": "8.1.0", + "id": "c6079390-8478-11ec-8aa9-11bf914a1ef2", + "migrationVersion": { + "lens": "8.1.0" + }, + "references": [ + { + "id": "filebeat-*", + "name": "indexpattern-datasource-current-indexpattern", + "type": "index-pattern" + }, + { + "id": "filebeat-*", + "name": "indexpattern-datasource-layer-d7cd172c-a50a-40bf-a14a-3d15dc485307", + "type": "index-pattern" + }, + { + "id": "d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f", + "name": "tag-ref-d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f", + "type": "tag" + } + ], + "type": "lens", + "updated_at": "2022-02-02T22:44:25.698Z", + "version": "WzIyOTEsMV0=" +} \ No newline at end of file diff --git a/x-pack/filebeat/module/threatintel/_meta/kibana/7/lens/dd4a3da0-df50-11eb-8f2b-753caedf727d.json b/x-pack/filebeat/module/threatintel/_meta/kibana/7/lens/dd4a3da0-df50-11eb-8f2b-753caedf727d.json index 4a25b4df0ef..b2cf8d5d7df 100644 --- a/x-pack/filebeat/module/threatintel/_meta/kibana/7/lens/dd4a3da0-df50-11eb-8f2b-753caedf727d.json +++ b/x-pack/filebeat/module/threatintel/_meta/kibana/7/lens/dd4a3da0-df50-11eb-8f2b-753caedf727d.json @@ -1,6 +1,6 @@ { "attributes": { - "description": null, + "description": "Recorded Future indicator MD5 hash ingested by the threat intel Filebeat module.", "state": { "datasourceStates": { "indexpattern": { @@ -59,16 +59,17 @@ "isTransposed": false } ], - "layerId": "41f41086-8875-4d18-8844-b51b9c9cb8bc" + "layerId": "41f41086-8875-4d18-8844-b51b9c9cb8bc", + "layerType": "data" } }, "title": "Recorded Future MD5 Hash Indicators [Filebeat Threat Intel]", "visualizationType": "lnsDatatable" }, - "coreMigrationVersion": "8.0.0", + "coreMigrationVersion": "8.1.0", "id": "dd4a3da0-df50-11eb-8f2b-753caedf727d", "migrationVersion": { - "lens": "7.13.1" + "lens": "8.1.0" }, "references": [ { @@ -88,6 +89,6 @@ } ], "type": "lens", - "updated_at": "2021-08-04T16:34:33.127Z", - "version": "WzQ2NzEsMV0=" -} + "updated_at": "2022-02-02T22:49:03.254Z", + "version": "WzIzNzQsMV0=" +} \ No newline at end of file diff --git a/x-pack/filebeat/module/threatintel/_meta/kibana/7/lens/f37f8350-df50-11eb-8f2b-753caedf727d.json b/x-pack/filebeat/module/threatintel/_meta/kibana/7/lens/f37f8350-df50-11eb-8f2b-753caedf727d.json index f4c84cc7426..9410fba54b0 100644 --- a/x-pack/filebeat/module/threatintel/_meta/kibana/7/lens/f37f8350-df50-11eb-8f2b-753caedf727d.json +++ b/x-pack/filebeat/module/threatintel/_meta/kibana/7/lens/f37f8350-df50-11eb-8f2b-753caedf727d.json @@ -1,6 +1,6 @@ { "attributes": { - "description": null, + "description": "Recorded Future indicator SHA1 hash ingested by the threat intel Filebeat module.", "state": { "datasourceStates": { "indexpattern": { @@ -59,16 +59,17 @@ "isTransposed": false } ], - "layerId": "41f41086-8875-4d18-8844-b51b9c9cb8bc" + "layerId": "41f41086-8875-4d18-8844-b51b9c9cb8bc", + "layerType": "data" } }, "title": "Recorded Future SHA1 Hash Indicators [Filebeat Threat Intel]", "visualizationType": "lnsDatatable" }, - "coreMigrationVersion": "8.0.0", + "coreMigrationVersion": "8.1.0", "id": "f37f8350-df50-11eb-8f2b-753caedf727d", "migrationVersion": { - "lens": "7.13.1" + "lens": "8.1.0" }, "references": [ { @@ -88,6 +89,6 @@ } ], "type": "lens", - "updated_at": "2021-08-04T16:34:33.127Z", - "version": "WzQ2NzIsMV0=" -} + "updated_at": "2022-02-02T22:49:17.011Z", + "version": "WzIzODEsMV0=" +} \ No newline at end of file diff --git a/x-pack/filebeat/module/threatintel/_meta/kibana/7/tag/d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f.json b/x-pack/filebeat/module/threatintel/_meta/kibana/7/tag/d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f.json index c7887177ea9..d36d5b1a415 100644 --- a/x-pack/filebeat/module/threatintel/_meta/kibana/7/tag/d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f.json +++ b/x-pack/filebeat/module/threatintel/_meta/kibana/7/tag/d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f.json @@ -4,10 +4,13 @@ "description": "Tag for indicators ingested by the Threat Intel Filebeat module.", "name": "threat intel" }, - "coreMigrationVersion": "7.15.0", + "coreMigrationVersion": "8.1.0", "id": "d6ef8f20-70a9-11eb-a3e3-b3cc7c78a70f", + "migrationVersion": { + "tag": "8.0.0" + }, "references": [], "type": "tag", - "updated_at": "2021-10-11T08:02:55.512Z", - "version": "WzUyNCwxXQ==" + "updated_at": "2022-02-01T15:45:00.761Z", + "version": "WzEwMDMsMV0=" } \ No newline at end of file