From 46265dfc30f9ce154200d8280db4aa48070d1a41 Mon Sep 17 00:00:00 2001
From: ddiabe <0743724407@HQ.DHS.GOV>
Date: Mon, 18 Dec 2023 16:03:48 -0500
Subject: [PATCH] imported new dashboard

---
 .../dashboards/alerting_dashboard.ndjson       | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)
 create mode 100644 Chapter 4 Files/dashboards/alerting_dashboard.ndjson

diff --git a/Chapter 4 Files/dashboards/alerting_dashboard.ndjson b/Chapter 4 Files/dashboards/alerting_dashboard.ndjson
new file mode 100644
index 00000000..a6e0ec1e
--- /dev/null
+++ b/Chapter 4 Files/dashboards/alerting_dashboard.ndjson	
@@ -0,0 +1,18 @@
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"Dashboard Menu","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Dashboard Menu\",\"type\":\"markdown\",\"aggs\":[],\"params\":{\"fontSize\":12,\"markdown\":\"[Computer Software Overview](#/dashboard/33f0d3b0-8b8a-11ea-b1c6-a5bf39283f12)\\n| [Process Explorer](#/dashboard/f2cbc110-8400-11ee-a3de-f1bc0525ad6c)\\n| [Security log](#/dashboard/51186cd0-e8e9-11e9-9070-f78ae052729a) \\n| [Sysmon summary](#/dashboard/d2c73990-e5d4-11e9-8f1d-73a2ea4cc3ed) \\n| [User Security](#/dashboard/e5f203f0-6182-11ee-b035-d5f231e90733) \\n| [User HR](#/dashboard/618bc5d0-84f8-11ee-9838-ff0db128d8b2)\\n\\n\",\"openLinksInNewTab\":false}}"},"coreMigrationVersion":"8.7.1","created_at":"2023-12-12T18:07:12.693Z","id":"12735ff0-9396-11ea-b41f-4dc1d87833fe","migrationVersion":{"visualization":"8.5.0"},"references":[],"type":"visualization","updated_at":"2023-12-12T18:07:12.693Z","version":"WzM5NTQyLDEyXQ=="}
+{"attributes":{"fieldAttrs":"{}","fieldFormatMap":"{\"user.name\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"process.executable\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"process.executable.text\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"user.name.text\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"host.name\":{\"id\":\"string\",\"params\":{\"parsedUrl\":{\"origin\":\"https://elastic-lme.contoso.local\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}}}","fields":"[]","runtimeFieldMap":"{\"Column1\":{\"type\":\"keyword\",\"script\":{\"source\":\"if(doc['signal.status'].size() != 0) { if(doc['signal.status'].value.equals(\\\"open\\\")) { if(doc['event.code'].size() != 0) { if(doc['event.code'].value.equals(Integer.toString(1))) { if (doc['process.pid'].size() != 0) { emit (doc['process.pid'].value.toString()) } } else if(doc['event.code'].value.equals(Integer.toString(3))) { if (doc['destination.address'].size() != 0) { emit (doc['destination.address'].value.toString()) } } } emit (\\\"No Data\\\") } } emit (\\\"Signal Closed\\\")\"}},\"Column2\":{\"type\":\"keyword\",\"script\":{\"source\":\"if(doc['signal.status'].size() != 0) { if(doc['signal.status'].value.equals(\\\"open\\\")) { if(doc['event.code'].size() != 0) { if(doc['event.code'].value.equals(Integer.toString(1))) { def args = \\\"\\\"; if (doc['process.args'].size() != 0) { for(int i=0; i<doc['process.args'].size(); i++) { args = args + doc['process.args'][i] + \\\" \\\" } emit (args.toString()) } } else if(doc['event.code'].value.equals(Integer.toString(3))) { if (doc['destination.port'].size() != 0) { emit (doc['destination.port'].value.toString()) } } } emit (\\\"No Data\\\") } } emit (\\\"Signal Closed\\\")\"}},\"Column3\":{\"type\":\"keyword\",\"script\":{\"source\":\"if(doc['signal.status'].size() != 0) { if(doc['signal.status'].value.equals(\\\"open\\\")) { if(doc['event.code'].size() != 0) { if(doc['event.code'].value.equals(Integer.toString(1))) { if (doc['process.parent.executable'].size() != 0) { emit (doc['process.parent.executable'].value) } } else if(doc['event.code'].value.equals(Integer.toString(3))) { if (doc['process.executable'].size() != 0) { emit (doc['process.executable'].value) } } } emit (\\\"No Data\\\") } } emit (\\\"Signal Closed\\\")\"}}}","timeFieldName":"event.created","title":".siem-signals-*","typeMeta":"{}"},"coreMigrationVersion":"8.7.1","created_at":"2023-12-12T18:07:02.631Z","id":"fc252980-8a1d-11ea-9ff6-ed89e356f0e4","migrationVersion":{"index-pattern":"8.0.0"},"references":[],"type":"index-pattern","updated_at":"2023-12-12T18:07:02.631Z","version":"WzM5MzkwLDEyXQ=="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"Alerting - Tags Controls","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Alerting - Tags Controls\",\"type\":\"input_control_vis\",\"params\":{\"controls\":[{\"id\":\"1588260438304\",\"fieldName\":\"signal.rule.tags\",\"parent\":\"\",\"label\":\"Tags\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":true,\"size\":5,\"order\":\"desc\"},\"indexPatternRefName\":\"control_0_index_pattern\"}],\"updateFiltersOnChange\":false,\"useTimeFilter\":false,\"pinFilters\":false},\"aggs\":[]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-12-12T16:34:25.042Z","id":"434daa60-8af7-11ea-897e-5d5645b24ba1","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"fc252980-8a1d-11ea-9ff6-ed89e356f0e4","name":"control_0_index_pattern","type":"index-pattern"}],"type":"visualization","updated_at":"2023-12-12T16:34:25.042Z","version":"WzM4MzI2LDEyXQ=="}
+{"attributes":{"columns":["_source"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"(signal.rule.severity : \\\"high\\\" or signal.rule.severity : \\\"critical\\\") and signal.status : \\\"open\\\" \",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"Alerting - Critical Alerts","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-12-12T16:34:25.042Z","id":"d26ca1f0-8a21-11ea-9ff6-ed89e356f0e4","migrationVersion":{"search":"8.0.0"},"references":[{"id":"fc252980-8a1d-11ea-9ff6-ed89e356f0e4","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2023-12-12T16:34:25.042Z","version":"WzM4MzI3LDEyXQ=="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"savedSearchRefName":"search_0","title":"Alerting - Critical Signals Metric","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Alerting - Critical Signals Metric\",\"type\":\"metric\",\"params\":{\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"Labels\",\"colorsRange\":[{\"type\":\"range\",\"from\":0,\"to\":1},{\"type\":\"range\",\"from\":1,\"to\":20000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":true,\"subText\":\"\",\"fontSize\":120}},\"dimensions\":{\"metrics\":[{\"type\":\"vis_dimension\",\"accessor\":0,\"format\":{\"id\":\"number\",\"params\":{}}}]},\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Critical Signals\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-12-12T16:34:25.042Z","id":"8e535ad0-8a22-11ea-9ff6-ed89e356f0e4","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"d26ca1f0-8a21-11ea-9ff6-ed89e356f0e4","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2023-12-12T16:34:25.042Z","version":"WzM4MzI4LDEyXQ=="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"signal.status :\\\"open\\\" \",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Alerting - Signal Vertical Bar","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Alerting - Signal Vertical Bar\",\"type\":\"histogram\",\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"filter\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":true,\"type\":\"histogram\",\"mode\":\"stacked\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"lineWidth\":2,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false,\"labels\":{\"show\":true},\"thresholdLine\":{\"show\":false,\"value\":10,\"width\":1,\"style\":\"full\",\"color\":\"#E7664C\"},\"dimensions\":{\"x\":{\"accessor\":0,\"format\":{\"id\":\"date\",\"params\":{\"pattern\":\"HH:mm\"}},\"params\":{\"date\":true,\"interval\":\"PT10M\",\"intervalESValue\":10,\"intervalESUnit\":\"m\",\"format\":\"HH:mm\",\"bounds\":{\"min\":\"2020-04-28T23:23:50.291Z\",\"max\":\"2020-04-29T14:23:50.291Z\"}},\"label\":\"event.created per 10 minutes\",\"aggType\":\"date_histogram\"},\"y\":[{\"accessor\":2,\"format\":{\"id\":\"number\"},\"params\":{},\"label\":\"Count\",\"aggType\":\"count\"}],\"series\":[{\"accessor\":1,\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"otherBucketLabel\":\"Other\",\"missingBucketLabel\":\"Missing\",\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/app/kibana\",\"basePath\":\"\"}}},\"params\":{},\"label\":\"signal.rule.name: Descending\",\"aggType\":\"terms\"}]},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"isVislibVis\":true,\"detailedTooltip\":true,\"legendSize\":\"auto\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"event.created\",\"timeRange\":{\"from\":\"now-15h\",\"to\":\"now\"},\"useNormalizedEsInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"signal.rule.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-12-12T16:34:25.042Z","id":"27faeac0-8a25-11ea-9ff6-ed89e356f0e4","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"fc252980-8a1d-11ea-9ff6-ed89e356f0e4","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-12-12T16:34:25.042Z","version":"WzM4MzI5LDEyXQ=="}
+{"attributes":{"columns":["_source"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"(signal.rule.severity : \\\"medium\\\" or signal.rule.severity : \\\"low\\\") and signal.status : \\\"open\\\" \",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"Alerting - Suspicious Alerts","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-12-12T16:34:25.042Z","id":"c97d3000-8a21-11ea-9ff6-ed89e356f0e4","migrationVersion":{"search":"8.0.0"},"references":[{"id":"fc252980-8a1d-11ea-9ff6-ed89e356f0e4","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2023-12-12T16:34:25.042Z","version":"WzM4MzMwLDEyXQ=="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"savedSearchRefName":"search_0","title":"Alerting - Suspicious Signals","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Alerting - Suspicious Signals\",\"type\":\"metric\",\"params\":{\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"Labels\",\"colorsRange\":[{\"type\":\"range\",\"from\":0,\"to\":1},{\"type\":\"range\",\"from\":1,\"to\":20000}],\"labels\":{\"show\":true},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":true,\"subText\":\"\",\"fontSize\":120}},\"dimensions\":{\"metrics\":[{\"type\":\"vis_dimension\",\"accessor\":0,\"format\":{\"id\":\"number\",\"params\":{}}}]},\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Suspicious Signals\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-12-12T16:34:25.042Z","id":"c841d460-8a22-11ea-9ff6-ed89e356f0e4","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"c97d3000-8a21-11ea-9ff6-ed89e356f0e4","name":"search_0","type":"search"}],"type":"visualization","updated_at":"2023-12-12T16:34:25.042Z","version":"WzM4MzMxLDEyXQ=="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"Alerting -  Signals Label","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Alerting -  Signals Label\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### Signals Overview\",\"openLinksInNewTab\":false,\"fontSize\":12},\"aggs\":[]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-12-12T16:34:25.042Z","id":"c91ec020-8eb2-11ea-904c-391ecaa2f2f4","migrationVersion":{"visualization":"8.5.0"},"references":[],"type":"visualization","updated_at":"2023-12-12T16:34:25.042Z","version":"WzM4MzMyLDEyXQ=="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"Alerting -  MITRE Label","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Alerting -  MITRE Label\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### MITRE ATT&CK Technique\",\"openLinksInNewTab\":false,\"fontSize\":12},\"aggs\":[]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-12-12T16:34:25.042Z","id":"b4a31150-8eb2-11ea-904c-391ecaa2f2f4","migrationVersion":{"visualization":"8.5.0"},"references":[],"type":"visualization","updated_at":"2023-12-12T16:34:25.042Z","version":"WzM4MzMzLDEyXQ=="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"signal.status :\\\"open\\\" \",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"Alerting - Signals Data Table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"aggs\":[{\"enabled\":true,\"id\":\"1\",\"params\":{},\"schema\":\"metric\",\"type\":\"count\"},{\"enabled\":true,\"id\":\"2\",\"params\":{\"customLabel\":\"Rule Name\",\"field\":\"signal.rule.name\",\"missingBucket\":true,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":105},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"3\",\"params\":{\"customLabel\":\"Tactic\",\"field\":\"signal.rule.threat.tactic.name\",\"missingBucket\":true,\"missingBucketLabel\":\"Uncatergorised\",\"order\":\"desc\",\"orderBy\":\"_key\",\"otherBucket\":false,\"otherBucketLabel\":\"Uncatergorised\",\"size\":500},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"4\",\"params\":{\"customLabel\":\"Severity\",\"field\":\"signal.rule.severity\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"order\":\"desc\",\"orderBy\":\"_key\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":5},\"schema\":\"bucket\",\"type\":\"terms\"},{\"enabled\":true,\"id\":\"5\",\"params\":{\"customLabel\":\"Technique\",\"field\":\"signal.rule.threat.technique.name\",\"missingBucket\":true,\"missingBucketLabel\":\"Uncatergorised\",\"order\":\"desc\",\"orderBy\":\"_key\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"size\":11},\"schema\":\"bucket\",\"type\":\"terms\"}],\"params\":{\"dimensions\":{\"buckets\":[{\"accessor\":0,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\",\"parsedUrl\":{\"basePath\":\"\",\"origin\":\"\",\"pathname\":\"/app/kibana\"}}},\"label\":\"Rule Name\",\"params\":{}},{\"accessor\":2,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"Uncatergorised\",\"otherBucketLabel\":\"Uncatergorised\",\"parsedUrl\":{\"basePath\":\"\",\"origin\":\"\",\"pathname\":\"/app/kibana\"}}},\"label\":\"Tactic\",\"params\":{}},{\"accessor\":4,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\",\"parsedUrl\":{\"basePath\":\"\",\"origin\":\"\",\"pathname\":\"/app/kibana\"}}},\"label\":\"Severity\",\"params\":{}},{\"accessor\":6,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\",\"parsedUrl\":{\"basePath\":\"\",\"origin\":\"\",\"pathname\":\"/app/kibana\"}}},\"label\":\"Technique\",\"params\":{}}],\"metrics\":[{\"accessor\":7,\"aggType\":\"count\",\"format\":{\"id\":\"number\"},\"label\":\"Count\",\"params\":{}}]},\"perPage\":10,\"percentageCol\":\"\",\"showMetricsAtAllLevels\":false,\"showPartialRows\":true,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\",\"showToolbar\":true},\"title\":\"Alerting - Signals Data Table\",\"type\":\"table\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-12-12T16:34:25.042Z","id":"ca3cbc30-8a31-11ea-8939-89f508ff7909","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"fc252980-8a1d-11ea-9ff6-ed89e356f0e4","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-12-12T16:34:25.042Z","version":"WzM4MzM0LDEyXQ=="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"signal.status :\\\"open\\\" \",\"language\":\"kuery\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\",\"filter\":[]}"},"title":"Alerting - Mitre Technique Table2","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"signal.rule.threat.technique.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Technique Name\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"signal.rule.threat.technique.id\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"MITRE ID\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"signal.rule.threat.technique.reference\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Reference\"}}],\"params\":{\"perPage\":10,\"showPartialRows\":true,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true},\"title\":\"Alerting - Mitre Technique Table2\"}"},"coreMigrationVersion":"8.7.1","created_at":"2023-12-12T16:34:25.042Z","id":"1f470d50-f825-11ea-86d0-51b0c2571342","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"fc252980-8a1d-11ea-9ff6-ed89e356f0e4","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-12-12T16:34:25.042Z","version":"WzM4MzM1LDEyXQ=="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"Alerting - Signals Details","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Alerting - Signals Details\",\"type\":\"markdown\",\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"### Signals Details \\n[View alerts dashboard](/app/security/alerts)\"},\"aggs\":[]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-12-12T16:34:25.042Z","id":"522c7590-9045-11ea-bea6-81e365727970","migrationVersion":{"visualization":"8.5.0"},"references":[],"type":"visualization","updated_at":"2023-12-12T16:34:25.042Z","version":"WzM4MzM2LDEyXQ=="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\n  \"query\": {\n    \"query\": \"signal.status :\\\"open\\\" \",\n    \"language\": \"kuery\"\n  },\n  \"filter\": [],\n  \"indexRefName\": \"kibanaSavedObjectMeta.searchSourceJSON.index\"\n}"},"title":"Alerting - Further Signals Info","uiStateJSON":"{\n  \"vis\": {\n    \"params\": {\n      \"sort\": {\n        \"columnIndex\": null,\n        \"direction\": null\n      }\n    }\n  }\n}","version":1,"visState":"{\"title\":\"Alerting - Further Signals Info\",\"type\":\"table\",\"params\":{\"dimensions\":{\"buckets\":[{\"accessor\":1,\"aggType\":\"date_histogram\",\"format\":{\"id\":\"date\",\"params\":{\"pattern\":\"HH:mm\"}},\"label\":\"event.created per 30 minutes\",\"params\":{}},{\"accessor\":2,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"No host data\",\"otherBucketLabel\":\"Other\"}},\"label\":\"Hostname\",\"params\":{}},{\"accessor\":3,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"No User Data\",\"otherBucketLabel\":\"Other\"}},\"label\":\"User\",\"params\":{}},{\"accessor\":4,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"No Data\",\"otherBucketLabel\":\"Other\"}},\"label\":\"1\",\"params\":{}},{\"accessor\":5,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\"}},\"label\":\"2\",\"params\":{}},{\"accessor\":6,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\"}},\"label\":\"3\",\"params\":{}}],\"metrics\":[{\"accessor\":7,\"aggType\":\"count\",\"format\":{\"id\":\"number\"},\"label\":\"Count\",\"params\":{}}],\"splitRow\":[{\"accessor\":0,\"aggType\":\"terms\",\"format\":{\"id\":\"terms\",\"params\":{\"id\":\"string\",\"missingBucketLabel\":\"Missing\",\"otherBucketLabel\":\"Other\"}},\"label\":\".\",\"params\":{}}]},\"perPage\":10,\"percentageCol\":\"\",\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\",\"row\":true,\"showToolbar\":true},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"split\",\"params\":{\"field\":\"signal.rule.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":250,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\".\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"bucket\",\"params\":{\"field\":\"event.created\",\"timeRange\":{\"from\":\"now-24h\",\"to\":\"now\"},\"useNormalizedEsInterval\":true,\"scaleMetricValues\":false,\"interval\":\"auto\",\"drop_partials\":false,\"min_doc_count\":1,\"extended_bounds\":{}}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"No host data\",\"customLabel\":\"Hostname\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"user.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"No User Data\",\"customLabel\":\"User\"}},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"Column1\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"No Data\",\"json\":\"\",\"customLabel\":\"1\"}},{\"id\":\"7\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"Column2\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"json\":\"\",\"customLabel\":\"2\"}},{\"id\":\"8\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"Column3\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"json\":\"\",\"customLabel\":\"3\"}}]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-12-12T16:34:25.042Z","id":"40f55e50-8afe-11ea-897e-5d5645b24ba1","migrationVersion":{"visualization":"8.5.0"},"references":[{"id":"fc252980-8a1d-11ea-9ff6-ed89e356f0e4","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"visualization","updated_at":"2023-12-12T16:34:25.042Z","version":"WzM4MzM3LDEyXQ=="}
+{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{}"},"title":"Alerting - Event Log Label","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"Alerting - Event Log Label\",\"type\":\"markdown\",\"params\":{\"markdown\":\"### Full Event Logs\",\"openLinksInNewTab\":false,\"fontSize\":12},\"aggs\":[]}"},"coreMigrationVersion":"8.7.1","created_at":"2023-12-12T16:34:25.042Z","id":"4cca2320-8eb2-11ea-904c-391ecaa2f2f4","migrationVersion":{"visualization":"8.5.0"},"references":[],"type":"visualization","updated_at":"2023-12-12T16:34:25.042Z","version":"WzM4MzM4LDEyXQ=="}
+{"attributes":{"columns":["_source"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"signal.status : \\\"open\\\" \",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"title":"Alerting - Event Logs","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-12-12T16:34:25.042Z","id":"22b6fde0-9076-11ea-bea6-81e365727970","migrationVersion":{"search":"8.0.0"},"references":[{"id":"fc252980-8a1d-11ea-9ff6-ed89e356f0e4","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"type":"search","updated_at":"2023-12-12T16:34:25.042Z","version":"WzM4MzM5LDEyXQ=="}
+{"attributes":{"description":"Alerting Overview","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":false,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":true}","panelsJSON":"[{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":48,\"h\":4,\"i\":\"2f6282c5-a0b3-4a3d-973f-73e59932453d\"},\"panelIndex\":\"2f6282c5-a0b3-4a3d-973f-73e59932453d\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2f6282c5-a0b3-4a3d-973f-73e59932453d\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":4,\"w\":10,\"h\":24,\"i\":\"74e0f1aa-0d28-4087-8435-6f0f048a4a54\"},\"panelIndex\":\"74e0f1aa-0d28-4087-8435-6f0f048a4a54\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_74e0f1aa-0d28-4087-8435-6f0f048a4a54\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":10,\"y\":4,\"w\":6,\"h\":12,\"i\":\"c0e06082-b790-4a1b-b686-98ed83d60ff7\"},\"panelIndex\":\"c0e06082-b790-4a1b-b686-98ed83d60ff7\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_c0e06082-b790-4a1b-b686-98ed83d60ff7\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":16,\"y\":4,\"w\":32,\"h\":24,\"i\":\"2712ca26-143f-4961-ba53-a008348cc653\"},\"panelIndex\":\"2712ca26-143f-4961-ba53-a008348cc653\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2712ca26-143f-4961-ba53-a008348cc653\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":10,\"y\":16,\"w\":6,\"h\":12,\"i\":\"4ef9c990-dfec-4198-828b-f269f1f4fbf8\"},\"panelIndex\":\"4ef9c990-dfec-4198-828b-f269f1f4fbf8\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_4ef9c990-dfec-4198-828b-f269f1f4fbf8\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":28,\"w\":22,\"h\":5,\"i\":\"93136da7-3849-4932-92f2-a443350636f2\"},\"panelIndex\":\"93136da7-3849-4932-92f2-a443350636f2\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_93136da7-3849-4932-92f2-a443350636f2\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":22,\"y\":28,\"w\":26,\"h\":5,\"i\":\"3832099d-1166-44f0-a766-270f65ae20c3\"},\"panelIndex\":\"3832099d-1166-44f0-a766-270f65ae20c3\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_3832099d-1166-44f0-a766-270f65ae20c3\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":33,\"w\":22,\"h\":17,\"i\":\"aa385ced-e59f-4096-8b49-ad0014c0087c\"},\"panelIndex\":\"aa385ced-e59f-4096-8b49-ad0014c0087c\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_aa385ced-e59f-4096-8b49-ad0014c0087c\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":22,\"y\":33,\"w\":26,\"h\":17,\"i\":\"2ab0a53c-c5c7-4116-afff-e0d119aeefa9\"},\"panelIndex\":\"2ab0a53c-c5c7-4116-afff-e0d119aeefa9\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_2ab0a53c-c5c7-4116-afff-e0d119aeefa9\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":50,\"w\":48,\"h\":8,\"i\":\"94c57cf9-5c91-4c27-a1a2-176e1d3bc30b\"},\"panelIndex\":\"94c57cf9-5c91-4c27-a1a2-176e1d3bc30b\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_94c57cf9-5c91-4c27-a1a2-176e1d3bc30b\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":58,\"w\":48,\"h\":21,\"i\":\"a7f758eb-65c6-4202-86a3-b8b4a169845c\"},\"panelIndex\":\"a7f758eb-65c6-4202-86a3-b8b4a169845c\",\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":5,\"direction\":\"asc\"}}},\"enhancements\":{}},\"panelRefName\":\"panel_a7f758eb-65c6-4202-86a3-b8b4a169845c\"},{\"version\":\"8.7.1\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":79,\"w\":48,\"h\":6,\"i\":\"25f49696-70e2-472e-9992-287665c7db7d\"},\"panelIndex\":\"25f49696-70e2-472e-9992-287665c7db7d\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_25f49696-70e2-472e-9992-287665c7db7d\"},{\"version\":\"8.7.1\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":85,\"w\":48,\"h\":28,\"i\":\"38cb573e-5533-48f8-874d-5cfd5929d68a\"},\"panelIndex\":\"38cb573e-5533-48f8-874d-5cfd5929d68a\",\"embeddableConfig\":{\"enhancements\":{},\"sort\":[]},\"panelRefName\":\"panel_38cb573e-5533-48f8-874d-5cfd5929d68a\"}]","refreshInterval":{"pause":true,"value":0},"timeFrom":"now-15y","timeRestore":true,"timeTo":"now","title":"Alerting Dashboard","version":1},"coreMigrationVersion":"8.7.1","created_at":"2023-12-12T16:34:25.042Z","id":"ac1078e0-8a32-11ea-8939-89f508ff7909","migrationVersion":{"dashboard":"8.7.0"},"references":[{"id":"12735ff0-9396-11ea-b41f-4dc1d87833fe","name":"2f6282c5-a0b3-4a3d-973f-73e59932453d:panel_2f6282c5-a0b3-4a3d-973f-73e59932453d","type":"visualization"},{"id":"434daa60-8af7-11ea-897e-5d5645b24ba1","name":"74e0f1aa-0d28-4087-8435-6f0f048a4a54:panel_74e0f1aa-0d28-4087-8435-6f0f048a4a54","type":"visualization"},{"id":"8e535ad0-8a22-11ea-9ff6-ed89e356f0e4","name":"c0e06082-b790-4a1b-b686-98ed83d60ff7:panel_c0e06082-b790-4a1b-b686-98ed83d60ff7","type":"visualization"},{"id":"27faeac0-8a25-11ea-9ff6-ed89e356f0e4","name":"2712ca26-143f-4961-ba53-a008348cc653:panel_2712ca26-143f-4961-ba53-a008348cc653","type":"visualization"},{"id":"c841d460-8a22-11ea-9ff6-ed89e356f0e4","name":"4ef9c990-dfec-4198-828b-f269f1f4fbf8:panel_4ef9c990-dfec-4198-828b-f269f1f4fbf8","type":"visualization"},{"id":"c91ec020-8eb2-11ea-904c-391ecaa2f2f4","name":"93136da7-3849-4932-92f2-a443350636f2:panel_93136da7-3849-4932-92f2-a443350636f2","type":"visualization"},{"id":"b4a31150-8eb2-11ea-904c-391ecaa2f2f4","name":"3832099d-1166-44f0-a766-270f65ae20c3:panel_3832099d-1166-44f0-a766-270f65ae20c3","type":"visualization"},{"id":"ca3cbc30-8a31-11ea-8939-89f508ff7909","name":"aa385ced-e59f-4096-8b49-ad0014c0087c:panel_aa385ced-e59f-4096-8b49-ad0014c0087c","type":"visualization"},{"id":"1f470d50-f825-11ea-86d0-51b0c2571342","name":"2ab0a53c-c5c7-4116-afff-e0d119aeefa9:panel_2ab0a53c-c5c7-4116-afff-e0d119aeefa9","type":"visualization"},{"id":"522c7590-9045-11ea-bea6-81e365727970","name":"94c57cf9-5c91-4c27-a1a2-176e1d3bc30b:panel_94c57cf9-5c91-4c27-a1a2-176e1d3bc30b","type":"visualization"},{"id":"40f55e50-8afe-11ea-897e-5d5645b24ba1","name":"a7f758eb-65c6-4202-86a3-b8b4a169845c:panel_a7f758eb-65c6-4202-86a3-b8b4a169845c","type":"visualization"},{"id":"4cca2320-8eb2-11ea-904c-391ecaa2f2f4","name":"25f49696-70e2-472e-9992-287665c7db7d:panel_25f49696-70e2-472e-9992-287665c7db7d","type":"visualization"},{"id":"22b6fde0-9076-11ea-bea6-81e365727970","name":"38cb573e-5533-48f8-874d-5cfd5929d68a:panel_38cb573e-5533-48f8-874d-5cfd5929d68a","type":"search"}],"type":"dashboard","updated_at":"2023-12-12T16:34:25.042Z","version":"WzM4MzQwLDEyXQ=="}
+{"excludedObjects":[],"excludedObjectsCount":0,"exportedCount":17,"missingRefCount":0,"missingReferences":[]}
\ No newline at end of file