diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
index f8c240f6213..d6fc289ff21 100644
--- a/.github/CODEOWNERS
+++ b/.github/CODEOWNERS
@@ -228,6 +228,7 @@
 /packages/trellix_epo_cloud @elastic/security-external-integrations
 /packages/trend_micro_vision_one @elastic/security-external-integrations
 /packages/trendmicro @elastic/security-external-integrations
+/packages/tychon @elastic/security-external-integrations
 /packages/udp @elastic/security-external-integrations
 /packages/universal_profiling_agent @elastic/profiling
 /packages/universal_profiling_collector @elastic/profiling
diff --git a/packages/tychon/_dev/build/build.yml b/packages/tychon/_dev/build/build.yml
new file mode 100644
index 00000000000..074278e5b1f
--- /dev/null
+++ b/packages/tychon/_dev/build/build.yml
@@ -0,0 +1,3 @@
+dependencies:
+  ecs:
+    reference: git@v8.8.0
diff --git a/packages/tychon/_dev/build/docs/README.md b/packages/tychon/_dev/build/docs/README.md
new file mode 100644
index 00000000000..102f25dca8d
--- /dev/null
+++ b/packages/tychon/_dev/build/docs/README.md
@@ -0,0 +1,32 @@
+# TYCHON Agentless
+
+[TYCHON Agentless](https://tychon.io/products/tychon-agentless/) is an integration that lets you collect TYCHON's gold source vulnerability and STIG data from endpoints without heavy resource use or software installation. You can then investigate the TYCHON data using Elastic's analytics, visualizations, and dashboards. [Contact us to learn more.](https://tychon.io/start-a-free-trial/) 
+
+## Compatibility
+
+* This integration supports Windows 10 and Windows 11 Endpoint Operating Systems. 
+* This integration requires a TYCHON Agentless license. 
+* This integration requires [TYCHON Vulnerability Definition](https://support.tychon.io/) files.
+
+
+## Returned Data Fields
+### Vulnerablities
+
+TYCHON scans for endpoint vulenrabilites and returns the results.  
+
+**Exported fields**
+{{fields "tychon_cve"}}
+
+### Endpoint Protection Platform
+
+TYCHON scans the endpoint's Windows Defender and returns protection status and version details.  
+
+**Exported fields**
+{{fields "tychon_epp"}}
+
+### Endpoint STIG Information
+
+The TYCHON benchmark script scans an endpoint's Windows configuration for STIG/XCCDF issues and returns information.  
+
+**Exported fields**
+{{fields "tychon_stig"}}
diff --git a/packages/tychon/changelog.yml b/packages/tychon/changelog.yml
new file mode 100644
index 00000000000..77e22bb4a15
--- /dev/null
+++ b/packages/tychon/changelog.yml
@@ -0,0 +1,5 @@
+- version: "0.0.10"
+  changes:
+    - description: Fixed incorrect types in field.yml and cleaned up formatting
+      type: enhancement
+      link: https://github.com/joeperuzzi/integrations/pull/5 # FIXME Replace with the real PR link
diff --git a/packages/tychon/data_stream/tychon_cve/_dev/test/pipeline/test-cve.json b/packages/tychon/data_stream/tychon_cve/_dev/test/pipeline/test-cve.json
new file mode 100644
index 00000000000..c374a3da522
--- /dev/null
+++ b/packages/tychon/data_stream/tychon_cve/_dev/test/pipeline/test-cve.json
@@ -0,0 +1,51 @@
+{
+	"events": [
+		{
+			"host.biossn": "1CDA4D56-CF0A-AA55-FF70-B5C7BAEF9AEB",
+			"host.domain": "",
+			"host.hardware.bios.name": "Phoenix Technologies LTD",
+			"host.hardware.bios.version": "6.00",
+			"host.hardware.cpu.caption": "Intel64 Family 6 Model 45 Stepping 7",
+			"host.hardware.manufacturer": "VMware, Inc.",
+			"host.hardware.owner": "dcuser",
+			"host.hardware.serial_number": "VMware-56 4d da 1c 0a cf 55 aa-ff 70 b5 c7 ba ef 9a eb",
+			"host.hostname": "DESKTOP-TIUKL1R",
+			"host.id": "bd72307d1093421f95713515c770b79a_1CDA4D56-CF0A-AA55-FF70-B5C7BAEF9AEB_DESKTOP-TIUKL1R_WORKGROUP",
+			"host.ip": "10.1.9.112",
+			"host.ipv4": "10.1.9.112",
+			"host.ipv6": "fe80::40d1:5287:42b9:5645",
+			"host.mac": "00:0C:29:EF:9A:EB",
+			"host.oem.manufacturer": "",
+			"host.oem.model": "",
+			"host.os.build": "22000",
+			"host.os.description": "",
+			"host.os.family": "Windows",
+			"host.os.name": "Microsoft Windows 11 Education N",
+			"host.os.organization": "",
+			"host.os.version": "10.0.22000",
+			"host.type": "Workstation",
+			"host.uptime": 145287,
+			"host.workgroup": "WORKGROUP",
+			"id": "bd72307d1093421f95713515c770b79a_1CDA4D56-CF0A-AA55-FF70-B5C7BAEF9AEB_DESKTOP-TIUKL1R_WORKGROUP_CVE-2013-3900",
+			"script.current_duration": "315381.28",
+			"script.current_time": "2023-06-15T21:58:02Z",
+			"script.name": "Invoke-CveScan.ps1",
+			"script.start": "2023-06-15T21:52:47Z",
+			"script.type": "powershell",
+			"script.version": "0.1.0",
+			"vulnerability.classification": "vulnerability",
+			"vulnerability.iava": "2013-A-0227",
+			"vulnerability.iava_severity": "CAT II",
+			"vulnerability.id": "CVE-2013-3900",
+			"vulnerability.reference": "https://www.scaprepo.com/view.jsp?id=CVE-2013-3900",
+			"vulnerability.result": "fail",
+			"vulnerability.scanner.vendor": "TYCHON",
+			"vulnerability.score.base": "7.60",
+			"vulnerability.score.version": "2.0",
+			"vulnerability.severity": "HIGH",
+			"vulnerability.title": "The WinVerifyTrust function in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does ",
+			"vulnerability.version": 1,
+			"vulnerability.year": "2013"
+		}
+	]
+}
\ No newline at end of file
diff --git a/packages/tychon/data_stream/tychon_cve/_dev/test/pipeline/test-cve.json-config.yml b/packages/tychon/data_stream/tychon_cve/_dev/test/pipeline/test-cve.json-config.yml
new file mode 100644
index 00000000000..e72281ddac3
--- /dev/null
+++ b/packages/tychon/data_stream/tychon_cve/_dev/test/pipeline/test-cve.json-config.yml
@@ -0,0 +1,4 @@
+dynamic_fields:
+  "@timestamp": ".*"
+  event.ingested: ".*"
+ 
\ No newline at end of file
diff --git a/packages/tychon/data_stream/tychon_cve/_dev/test/pipeline/test-cve.json-expected.json b/packages/tychon/data_stream/tychon_cve/_dev/test/pipeline/test-cve.json-expected.json
new file mode 100644
index 00000000000..9e0c2839baf
--- /dev/null
+++ b/packages/tychon/data_stream/tychon_cve/_dev/test/pipeline/test-cve.json-expected.json
@@ -0,0 +1,88 @@
+{
+	"expected": [
+		{
+			"@timestamp": "2023-07-28T18:14:38.394883461Z",
+			"ecs": {
+				"version": "8.8.0"
+			},
+			"event": {
+				"category": [
+					"vulnerability"
+				],
+				"ingested": "2023-07-28T18:14:38.394883461Z",
+				"kind": "state",
+				"module": "tychon",
+				"outcome": "failure"
+			},
+			"host": {
+				"biossn": "1CDA4D56-CF0A-AA55-FF70-B5C7BAEF9AEB",
+				"domain": "",
+				"hardware": {
+					"bios": {
+						"name": "Phoenix Technologies LTD",
+						"version": "6.00"
+					},
+					"cpu": {
+						"caption": "Intel64 Family 6 Model 45 Stepping 7"
+					},
+					"manufacturer": "VMware, Inc.",
+					"owner": "dcuser",
+					"serial_number": "VMware-56 4d da 1c 0a cf 55 aa-ff 70 b5 c7 ba ef 9a eb"
+				},
+				"hostname": "DESKTOP-TIUKL1R",
+				"id": "bd72307d1093421f95713515c770b79a_1CDA4D56-CF0A-AA55-FF70-B5C7BAEF9AEB_DESKTOP-TIUKL1R_WORKGROUP",
+				"ip": "10.1.9.112",
+				"ipv4": "10.1.9.112",
+				"ipv6": "fe80::40d1:5287:42b9:5645",
+				"mac": "00-0C-29-EF-9A-EB",
+				"oem": {
+					"manufacturer": "",
+					"model": ""
+				},
+				"os": {
+					"build": "22000",
+					"description": "",
+					"family": "Windows",
+					"name": "Microsoft Windows 11 Education N",
+					"organization": "",
+					"version": "10.0.22000"
+				},
+				"type": "Workstation",
+				"uptime": 145287,
+				"workgroup": "WORKGROUP"
+			},
+			"id": "bd72307d1093421f95713515c770b79a_1CDA4D56-CF0A-AA55-FF70-B5C7BAEF9AEB_DESKTOP-TIUKL1R_WORKGROUP_CVE-2013-3900",
+			"script": {
+				"current_duration": 315381.28,
+				"current_time": "2023-06-15T21:58:02Z",
+				"name": "Invoke-CveScan.ps1",
+				"start": "2023-06-15T21:52:47Z",
+				"type": "powershell",
+				"version": "0.1.0"
+			},
+			"vulnerability": {
+				"category": [
+					"oval"
+				],
+				"classification": "cvss",
+				"enumeration": "CVE",
+				"iava": "2013-A-0227",
+				"iava_severity": "CAT II",
+				"id": "CVE-2013-3900",
+				"reference": "https://www.scaprepo.com/view.jsp?id=CVE-2013-3900",
+				"result": "fail",
+				"scanner": {
+					"vendor": "tychon"
+				},
+				"score": {
+					"base": 7.6,
+					"version": "2.0"
+				},
+				"severity": "HIGH",
+				"title": "The WinVerifyTrust function in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 does ",
+				"version": "1",
+				"year": 2013
+			}
+		}
+	]
+}
\ No newline at end of file
diff --git a/packages/tychon/data_stream/tychon_cve/agent/stream/stream.yml.hbs b/packages/tychon/data_stream/tychon_cve/agent/stream/stream.yml.hbs
new file mode 100644
index 00000000000..a87e5c5ef98
--- /dev/null
+++ b/packages/tychon/data_stream/tychon_cve/agent/stream/stream.yml.hbs
@@ -0,0 +1,23 @@
+paths:
+{{#each paths as |path|}}
+ - {{path}}
+{{/each}}
+tags:
+{{#if preserve_original_event}}
+  - preserve_original_event
+{{/if}}
+{{#each tags as |tag|}}
+  - {{tag}}
+{{/each}}
+{{#contains "forwarded" tags}}
+publisher_pipeline.disable_host: true
+{{/contains}}
+processors:
+- add_locale: ~
+{{#if processors}}
+{{processors}}
+{{/if}}
+json:
+  keys_under_root: true
+  expand_keys: true
+  
\ No newline at end of file
diff --git a/packages/tychon/data_stream/tychon_cve/elasticsearch/ingest_pipeline/default.yml b/packages/tychon/data_stream/tychon_cve/elasticsearch/ingest_pipeline/default.yml
new file mode 100644
index 00000000000..6f75d685144
--- /dev/null
+++ b/packages/tychon/data_stream/tychon_cve/elasticsearch/ingest_pipeline/default.yml
@@ -0,0 +1,77 @@
+---
+description: Pipeline for parsing TYCHON Vulnerability Scan Results
+processors:
+  - dot_expander:
+      field: "*"
+  - set:
+      if: ctx.containsKey("tychon") && ctx.tychon.containsKey("id")
+      field: host.id
+      value: "{{tychon.id}}"
+  - remove:
+      if: ctx.containsKey("tychon") && ctx.tychon.containsKey("id")
+      field: 'tychon'
+  - set:
+      field: _id
+      value: "{{id}}"
+  - set:
+      field: "@timestamp"
+      value: "{{_ingest.timestamp}}"
+  - set:
+      field: ecs.version
+      value: 8.8.0
+  - set:
+      field: event.kind
+      value: state
+  - set:
+      field: event.module
+      value: tychon
+  - set:
+      field: event.category
+      value: [vulnerability]
+  - script:
+      source: |
+              if(ctx.vulnerability?.result == 'fail'){
+                ctx.event.outcome = "failure"
+              }else if(ctx.vulnerability?.result == 'pass'){
+                ctx.event.outcome = "success"
+              }else{
+                ctx.event.outcome = "unknown"
+              }
+  - gsub:
+      field: host.mac
+      pattern: ":"
+      replacement: "-"      
+  - set:
+      field: event.ingested
+      value: "{{_ingest.timestamp}}"
+  - convert:
+      field: script.current_duration
+      type: float
+  - convert:
+      field: vulnerability.score.base
+      type: float
+  - convert:
+      field: vulnerability.year
+      type: long
+  - set: 
+      field: vulnerability.scanner.vendor
+      value: tychon
+  - set:
+      field: vulnerability.category
+      value: [oval]
+  - set:
+      field: vulnerability.classification
+      value: cvss
+  - set:
+      field: vulnerability.enumeration
+      value: CVE
+  - set:
+      field: vulnerability.version
+      value: "{{vulnerability.version}}"
+on_failure:
+  - set:
+      field: event.kind
+      value: pipeline_error
+  - append:
+      field: error.message
+      value: '{{{ _ingest.on_failure_message }}}'
diff --git a/packages/tychon/data_stream/tychon_cve/fields/agent.yml b/packages/tychon/data_stream/tychon_cve/fields/agent.yml
new file mode 100644
index 00000000000..4542034fdd6
--- /dev/null
+++ b/packages/tychon/data_stream/tychon_cve/fields/agent.yml
@@ -0,0 +1,192 @@
+- name: cloud
+  title: Cloud
+  group: 2
+  description: Fields related to the cloud or infrastructure the events are coming from.
+  footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.'
+  type: group
+  fields:
+    - name: account.id
+      level: extended
+      type: keyword
+      ignore_above: 1024
+      description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment.
+
+        Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.'
+      example: 666777888999
+    - name: availability_zone
+      level: extended
+      type: keyword
+      ignore_above: 1024
+      description: Availability zone in which this host is running.
+      example: us-east-1c
+    - name: instance.id
+      level: extended
+      type: keyword
+      ignore_above: 1024
+      description: Instance ID of the host machine.
+      example: i-1234567890abcdef0
+    - name: instance.name
+      level: extended
+      type: keyword
+      ignore_above: 1024
+      description: Instance name of the host machine.
+    - name: machine.type
+      level: extended
+      type: keyword
+      ignore_above: 1024
+      description: Machine type of the host machine.
+      example: t2.medium
+    - name: provider
+      level: extended
+      type: keyword
+      ignore_above: 1024
+      description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean.
+      example: aws
+    - name: region
+      level: extended
+      type: keyword
+      ignore_above: 1024
+      description: Region in which this host is running.
+      example: us-east-1
+    - name: project.id
+      type: keyword
+      description: Name of the project in Google Cloud.
+    - name: image.id
+      type: keyword
+      description: Image ID for the cloud instance.
+- name: container
+  title: Container
+  group: 2
+  description: 'Container fields are used for meta information about the specific container that is the source of information.
+
+    These fields help correlate data based containers from any runtime.'
+  type: group
+  fields:
+    - name: id
+      level: core
+      type: keyword
+      ignore_above: 1024
+      description: Unique container id.
+    - name: image.name
+      level: extended
+      type: keyword
+      ignore_above: 1024
+      description: Name of the image the container was built on.
+    - name: name
+      level: extended
+      type: keyword
+      ignore_above: 1024
+      description: Container name.
+- name: host
+  title: Host
+  group: 2
+  description: 'A host is defined as a general computing instance.
+
+    ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.'
+  type: group
+  fields:
+    - name: id
+      description: Unique host id. As hostname is not always unique, use values that are meaningful in your environment.
+      type: keyword
+    - name: biossn
+      description: Host BIOS Serial Number.
+      type: keyword
+    - name: domain
+      level: extended
+      type: keyword
+      ignore_above: 1024
+      description: 'Name of the domain of which the host is a member.
+
+        For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.'
+      example: CONTOSO
+      default_field: false
+    - name: hostname
+      level: core
+      type: keyword
+      ignore_above: 1024
+      description: 'Hostname of the host.
+
+        It normally contains what the `hostname` command returns on the host machine.'
+    - name: ip
+      level: core
+      type: ip
+      description: Host ip addresses.
+    - name: ipv4      
+      level: core
+      type: keyword
+      description: Host ip v4 addresses.
+    - name: ipv6      
+      level: core
+      type: keyword
+      description: Host ip v6 addresses.
+    - name: mac
+      level: core
+      type: keyword
+      ignore_above: 1024
+      description: Host mac addresses.
+    - name: type
+      description: Type of host. For Cloud providers this can be the machine type like t2.medium. If vm, this could be the container, for example, or other information meaningful in your environment.
+      type: keyword
+    - name: uptime
+      description: Seconds the host has been up.
+      type: long
+    - name: workgroup
+      description: Host Workgroup Network Name.
+      type: keyword
+    - name: oem
+      type: group
+      fields:
+        - name: manufacturer
+          description: Host OEM Manufacturer.
+          type: keyword
+        - name: model
+          description: Host OEM Model.
+          type: keyword
+    - name: os
+      type: group
+      fields:
+        - name: build
+          description: Host OS Build.
+          type: keyword
+        - name: description
+          description: Host OS Description.
+          type: keyword
+        - name: family
+          description: OS family (such as redhat, debian, freebsd, windows).
+          type: keyword
+        - name: name
+          description: Operating system name, without the version.
+          type: keyword
+        - name: organization
+          description: Host OS Organization.
+          type: keyword
+        - name: version
+          description: Operating system version as a raw string.
+          type: keyword
+    - name: hardware
+      type: group
+      fields:
+        - name: bios
+          type: group
+          fields:
+            - name: name
+              description: Host BIOS Name.
+              type: keyword
+            - name: version
+              description: Host BIOS Version.
+              type: keyword
+        - name: cpu
+          type: group
+          fields:
+            - name: caption
+              description: Host CPU Caption.
+              type: keyword
+        - name: manufacturer
+          description: Host BIOS Manufacturer.
+          type: keyword
+        - name: owner
+          description: Host BIOS Owner.
+          type: keyword
+        - name: serial_number
+          description: Host BIOS Serial Number.
+          type: keyword
diff --git a/packages/tychon/data_stream/tychon_cve/fields/base-fields.yml b/packages/tychon/data_stream/tychon_cve/fields/base-fields.yml
new file mode 100644
index 00000000000..44a26fd137a
--- /dev/null
+++ b/packages/tychon/data_stream/tychon_cve/fields/base-fields.yml
@@ -0,0 +1,21 @@
+- name: input.type
+  description: Source file type.
+  type: keyword
+- name: log.offset
+  description: Source file current offset.
+  type: long
+- name: data_stream.type
+  type: constant_keyword
+  description: Data stream type.
+- name: data_stream.dataset
+  type: constant_keyword
+  description: Data stream dataset.
+- name: data_stream.namespace
+  type: constant_keyword
+  description: Data stream namespace.
+- name: event.module
+  type: keyword
+  description: Event module.
+- name: '@timestamp'
+  description: Event timestamp.
+  type: date
diff --git a/packages/tychon/data_stream/tychon_cve/fields/ecs.yml b/packages/tychon/data_stream/tychon_cve/fields/ecs.yml
new file mode 100644
index 00000000000..31ba2470b1f
--- /dev/null
+++ b/packages/tychon/data_stream/tychon_cve/fields/ecs.yml
@@ -0,0 +1,64 @@
+- external: ecs
+  name: agent.ephemeral_id
+- external: ecs
+  name: agent.id
+- external: ecs
+  name: agent.name
+- external: ecs
+  name: agent.type
+- external: ecs
+  name: agent.version
+- external: ecs
+  name: ecs.version
+- external: ecs
+  name: event.agent_id_status
+- external: ecs
+  name: event.category
+- external: ecs
+  name: event.created
+- external: ecs
+  name: event.dataset
+- external: ecs
+  name: event.id
+- external: ecs
+  name: event.ingested
+- external: ecs
+  name: event.kind
+- external: ecs
+  name: event.outcome
+- external: ecs
+  name: event.timezone
+- external: ecs
+  name: error.message
+- external: ecs
+  name: host.architecture
+- external: ecs
+  name: host.name
+- external: ecs
+  name: host.os.kernel
+- external: ecs
+  name: host.os.platform
+- external: ecs
+  name: host.os.type
+- external: ecs
+  name: log.file.path
+- external: ecs
+  name: tags
+- external: ecs
+  name: vulnerability.category
+- external: ecs
+  name: vulnerability.classification
+- external: ecs
+  name: vulnerability.description
+- external: ecs
+  name: vulnerability.enumeration
+- external: ecs
+  name: vulnerability.id
+- external: ecs
+  name: vulnerability.reference
+- external: ecs
+  name: vulnerability.scanner.vendor
+- external: ecs
+  name: vulnerability.score.version
+- external: ecs
+  name: vulnerability.severity
diff --git a/packages/tychon/data_stream/tychon_cve/fields/fields.yml b/packages/tychon/data_stream/tychon_cve/fields/fields.yml
new file mode 100644
index 00000000000..73e3f26b98b
--- /dev/null
+++ b/packages/tychon/data_stream/tychon_cve/fields/fields.yml
@@ -0,0 +1,63 @@
+- name: id
+  description: Tychon Unique Vulnerability Id.
+  type: keyword
+- name: vulnerability
+  type: group
+  fields:
+    - name: definition
+      description: National Vulnerability Database Vulnerability Definition.
+      type: keyword
+    - name: iava
+      description: Information Assurance Vulneraiblity Alert Identifier.
+      type: keyword
+    - name: iava_severity
+      description: Information Assurance Vulnerability Alert Severity.
+      type: keyword
+    - name: result
+      description: Pass/Fail Outcome of the Common Vulnerabilities and Exposures Scan.
+      type: keyword
+    - name: score.base
+      description: National Vulnerability Database Score of the Vulnerabilty.
+      type: float
+    - name: title
+      description: Common Vulnerabilities and Exposures Description and Title.
+      type: keyword
+    - name: version
+      description: Version Number of the Scan.
+      type: keyword
+    - name: year
+      description: Common Vulnerabilities and Exposures Year.
+      type: long
+- name: script
+  type: group
+  fields:
+    - name: current_duration
+      description: Scanner Script Duration.
+      type: float
+    - name: current_time
+      description: Current datetime.
+      type: date
+    - name: name
+      description: Scanner Script Name.
+      type: keyword
+    - name: start
+      description: Scanner Start datetime.
+      type: date
+    - name: type
+      description: Scanner Script Type.
+      type: keyword
+    - name: version
+      description: Scanner Script Version.
+      type: keyword
+- name: elastic_agent
+  type: group
+  fields:
+    - name: id
+      description: Elastic Agent Id.
+      type: keyword
+    - name: snapshot
+      description: Elastic Agent snapshot.
+      type: boolean
+    - name: version
+      description: Elastic Agent Version.
+      type: keyword
diff --git a/packages/tychon/data_stream/tychon_cve/manifest.yml b/packages/tychon/data_stream/tychon_cve/manifest.yml
new file mode 100644
index 00000000000..c4ab3376931
--- /dev/null
+++ b/packages/tychon/data_stream/tychon_cve/manifest.yml
@@ -0,0 +1,34 @@
+title: Vulnerabilites
+type: logs
+streams:
+  - input: logfile
+    title: Vulnerabilites
+    description: TYCHON reports on tens of thousands of Vulnerabilites, this data stream reads in the results as upserts to your Elastic database.
+    template_path: stream.yml.hbs
+    vars:
+      - name: paths
+        type: text
+        title: Vulnerability Results
+        multi: true
+        required: true
+        show_user: true
+        default:
+          - /root/systemInfo/data/tychon_cve_info.json
+          - C:\ProgramData\TYCHONCLOUD\eventlogs\tychon_cve_info.json
+      - name: tags
+        type: text
+        title: Tags
+        multi: true
+        required: true
+        show_user: false
+        default:
+          - tychon-cve
+      - name: processors
+        type: yaml
+        title: Processors
+        multi: false
+        required: false
+        show_user: false
+        description: >
+          Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata. This executes in the agent before the logs are parsed. See [Processors](https://www.elastic.co/guide/en/beats/filebeat/current/filtering-and-enhancing-data.html) for details.
+
diff --git a/packages/tychon/data_stream/tychon_cve/sample_event.json b/packages/tychon/data_stream/tychon_cve/sample_event.json
new file mode 100644
index 00000000000..cd07585f2b8
--- /dev/null
+++ b/packages/tychon/data_stream/tychon_cve/sample_event.json
@@ -0,0 +1,8 @@
+{
+    "tychon.id": "564D3240-42F3-6AE9-5634-12D3BB4842E5",
+    "tychon.campaign": "bd31e9ba-1756-4fd5-b463-ec712ce4dd8e",
+    "tychon.realm": "TYC742586751BDC4383A8388F974883333E",
+    "vulnerability.id": "CVE-2022-25315",
+    "event.outcome": "fail",
+    "event.created": "2023-02-07 16:28:07"
+}
\ No newline at end of file
diff --git a/packages/tychon/data_stream/tychon_epp/_dev/test/pipeline/test-epp.json b/packages/tychon/data_stream/tychon_epp/_dev/test/pipeline/test-epp.json
new file mode 100644
index 00000000000..0b8a26266de
--- /dev/null
+++ b/packages/tychon/data_stream/tychon_epp/_dev/test/pipeline/test-epp.json
@@ -0,0 +1,53 @@
+{
+	"events": [
+		{
+			"windows_defender.service.antimalware.status": "Enabled",
+			"windows_defender.service.real_time_protection.status": "Enabled",
+			"windows_defender.service.antispyware.signature_version": "1.391.1546.0",
+			"script.type": "powershell",
+			"host.os.build": "22000",
+			"host.ip": "10.1.9.112",
+			"windows_defender.service.antivirus.quick_scan.signature_version": "1.391.1470.0",
+			"host.hostname": "DESKTOP-TIUKL1R",
+			"host.hardware.manufacturer": "VMware, Inc.",
+			"windows_defender.service.antivirus.status": "Enabled",
+			"script.start": "2023-06-15T20:13:03Z",
+			"host.os.name": "Microsoft Windows 11 Education N",
+			"host.hardware.cpu.caption": "Intel64 Family 6 Model 45 Stepping 7",
+			"host.os.organization": "",
+			"host.hardware.owner": "dcuser",
+			"windows_defender.service.antispyware.status": "Enabled",
+			"host.workgroup": "WORKGROUP",
+			"host.ipv4": "10.1.9.112",
+			"host.os.version": "10.0.22000",
+			"windows_defender.service.antivirus.full_scan.signature_version": "",
+			"host.hardware.bios.name": "Phoenix Technologies LTD",
+			"host.type": "Workstation",
+			"windows_defender.service.behavior_monitor.status": "Enabled",
+			"host.id": "bd72307d1093421f95713515c770b79a_1CDA4D56-CF0A-AA55-FF70-B5C7BAEF9AEB_DESKTOP-TIUKL1R_WORKGROUP",
+			"host.biossn": "1CDA4D56-CF0A-AA55-FF70-B5C7BAEF9AEB",
+			"host.mac": "00:0C:29:EF:9A:EB",
+			"host.oem.model": "",
+			"host.uptime": "139304",
+			"id": "bd72307d1093421f95713515c770b79a_1CDA4D56-CF0A-AA55-FF70-B5C7BAEF9AEB_DESKTOP-TIUKL1R_WORKGROUP",
+			"windows_defender.service.antimalware.product_version": "4.18.23050.5",
+			"host.hardware.serial_number": "VMware-56 4d da 1c 0a cf 55 aa-ff 70 b5 c7 ba ef 9a eb",
+			"windows_defender.service.ioav_protection.status": "Enabled",
+			"windows_defender.service.on_access_protection.status": "Enabled",
+			"script.name": "Get-TychonEppSetting.ps1",
+			"windows_defender.service.antimalware.engine_version": "1.1.23050.3",
+			"windows_defender.service.nis.engine_version": "1.1.23050.3",
+			"script.version": "0.1.0",
+			"host.oem.manufacturer": "",
+			"host.os.description": "",
+			"script.current_duration": "1129.20",
+			"host.ipv6": "fe80::40d1:5287:42b9:5645",
+			"script.current_time": "2023-06-15T20:13:04Z",
+			"windows_defender.service.nis.signature_version": "1.391.1546.0",
+			"host.hardware.bios.version": "6.00",
+			"windows_defender.service.nis.status": "Enabled",
+			"host.domain": "",
+			"host.os.family": "Windows"
+		}
+	]
+}
\ No newline at end of file
diff --git a/packages/tychon/data_stream/tychon_epp/_dev/test/pipeline/test-epp.json-config.yml b/packages/tychon/data_stream/tychon_epp/_dev/test/pipeline/test-epp.json-config.yml
new file mode 100644
index 00000000000..bec4f152d4a
--- /dev/null
+++ b/packages/tychon/data_stream/tychon_epp/_dev/test/pipeline/test-epp.json-config.yml
@@ -0,0 +1,4 @@
+dynamic_fields:
+  "@timestamp": ".*"
+  event.ingested: ".*"
+  
\ No newline at end of file
diff --git a/packages/tychon/data_stream/tychon_epp/_dev/test/pipeline/test-epp.json-expected.json b/packages/tychon/data_stream/tychon_epp/_dev/test/pipeline/test-epp.json-expected.json
new file mode 100644
index 00000000000..51130b21f3d
--- /dev/null
+++ b/packages/tychon/data_stream/tychon_epp/_dev/test/pipeline/test-epp.json-expected.json
@@ -0,0 +1,103 @@
+{
+    "expected": [
+        {
+            "@timestamp": "2023-07-28T18:14:38.878742881Z",
+            "ecs": {
+                "version": "8.8.0"
+            },
+            "event": {
+                "category": [
+                    "host"
+                ],
+                "ingested": "2023-07-28T18:14:38.878742881Z",
+                "kind": "state",
+                "module": "tychon"
+            },
+            "host": {
+                "biossn": "1CDA4D56-CF0A-AA55-FF70-B5C7BAEF9AEB",
+                "domain": "",
+                "hardware": {
+                    "bios": {
+                        "name": "Phoenix Technologies LTD",
+                        "version": "6.00"
+                    },
+                    "cpu": {
+                        "caption": "Intel64 Family 6 Model 45 Stepping 7"
+                    },
+                    "manufacturer": "VMware, Inc.",
+                    "owner": "dcuser",
+                    "serial_number": "VMware-56 4d da 1c 0a cf 55 aa-ff 70 b5 c7 ba ef 9a eb"
+                },
+                "hostname": "DESKTOP-TIUKL1R",
+                "id": "bd72307d1093421f95713515c770b79a_1CDA4D56-CF0A-AA55-FF70-B5C7BAEF9AEB_DESKTOP-TIUKL1R_WORKGROUP",
+                "ip": "10.1.9.112",
+                "ipv4": "10.1.9.112",
+                "ipv6": "fe80::40d1:5287:42b9:5645",
+                "mac": "00-0C-29-EF-9A-EB",
+                "oem": {
+                    "manufacturer": "",
+                    "model": ""
+                },
+                "os": {
+                    "build": "22000",
+                    "description": "",
+                    "family": "Windows",
+                    "name": "Microsoft Windows 11 Education N",
+                    "organization": "",
+                    "version": "10.0.22000"
+                },
+                "type": "Workstation",
+                "uptime": 139304,
+                "workgroup": "WORKGROUP"
+            },
+            "id": "bd72307d1093421f95713515c770b79a_1CDA4D56-CF0A-AA55-FF70-B5C7BAEF9AEB_DESKTOP-TIUKL1R_WORKGROUP",
+            "script": {
+                "current_duration": 1129.2,
+                "current_time": "2023-06-15T20:13:04Z",
+                "name": "Get-TychonEppSetting.ps1",
+                "start": "2023-06-15T20:13:03Z",
+                "type": "powershell",
+                "version": "0.1.0"
+            },
+            "windows_defender": {
+                "service": {
+                    "antimalware": {
+                        "engine_version": "1.1.23050.3",
+                        "product_version": "4.18.23050.5",
+                        "status": "Enabled"
+                    },
+                    "antispyware": {
+                        "signature_version": "1.391.1546.0",
+                        "status": "Enabled"
+                    },
+                    "antivirus": {
+                        "full_scan": {
+                            "signature_version": ""
+                        },
+                        "quick_scan": {
+                            "signature_version": "1.391.1470.0"
+                        },
+                        "status": "Enabled"
+                    },
+                    "behavior_monitor": {
+                        "status": "Enabled"
+                    },
+                    "ioav_protection": {
+                        "status": "Enabled"
+                    },
+                    "nis": {
+                        "engine_version": "1.1.23050.3",
+                        "signature_version": "1.391.1546.0",
+                        "status": "Enabled"
+                    },
+                    "on_access_protection": {
+                        "status": "Enabled"
+                    },
+                    "real_time_protection": {
+                        "status": "Enabled"
+                    }
+                }
+            }
+        }
+    ]
+}
diff --git a/packages/tychon/data_stream/tychon_epp/agent/stream/stream.yml.hbs b/packages/tychon/data_stream/tychon_epp/agent/stream/stream.yml.hbs
new file mode 100644
index 00000000000..90702aae1c6
--- /dev/null
+++ b/packages/tychon/data_stream/tychon_epp/agent/stream/stream.yml.hbs
@@ -0,0 +1,23 @@
+paths:
+{{#each paths as |path|}}
+ - {{path}}
+{{/each}}
+tags:
+{{#if preserve_original_event}}
+  - preserve_original_event
+{{/if}}
+{{#each tags as |tag|}}
+
+  - {{tag}}
+{{/each}}
+{{#contains "forwarded" tags}}
+publisher_pipeline.disable_host: true
+{{/contains}}
+processors:
+- add_locale: ~
+{{#if processors}}
+{{processors}}
+{{/if}}
+json:
+  keys_under_root: true
+  expand_keys: true
\ No newline at end of file
diff --git a/packages/tychon/data_stream/tychon_epp/elasticsearch/ingest_pipeline/default.yml b/packages/tychon/data_stream/tychon_epp/elasticsearch/ingest_pipeline/default.yml
new file mode 100644
index 00000000000..cb5c6ab2f5b
--- /dev/null
+++ b/packages/tychon/data_stream/tychon_epp/elasticsearch/ingest_pipeline/default.yml
@@ -0,0 +1,50 @@
+---
+description: Pipeline for EPP
+processors:
+  - dot_expander:
+      field: "*"
+  - set:
+      if: "ctx.containsKey('tychon') && ctx.tychon.containsKey('id')"
+      field: 'host.id'
+      value: '{{tychon.id}}'  
+  - remove:
+      if: "ctx.containsKey('tychon') && ctx.tychon.containsKey('id')"
+      field: 'tychon'
+  - set:
+      field: '_id'
+      value: '{{id}}'
+  - set:
+      field: '@timestamp'
+      value: '{{_ingest.timestamp}}'
+  - set:
+      field: ecs.version
+      value: '8.8.0'
+  - set:
+      field: event.kind
+      value: state
+  - set:
+      field: event.module
+      value: tychon
+  - set:
+      field: event.category
+      value: [host]
+  - set:
+      field: event.ingested
+      value: '{{_ingest.timestamp}}'
+  - convert:
+      field: host.uptime
+      type: long
+  - gsub:
+      field: host.mac
+      pattern: ":"
+      replacement: "-"      
+  - convert:
+      field: script.current_duration
+      type: float
+on_failure:
+  - set:
+      field: event.kind
+      value: pipeline_error
+  - append:
+      field: error.message
+      value: '{{{ _ingest.on_failure_message }}}'
diff --git a/packages/tychon/data_stream/tychon_epp/fields/agent.yml b/packages/tychon/data_stream/tychon_epp/fields/agent.yml
new file mode 100644
index 00000000000..4542034fdd6
--- /dev/null
+++ b/packages/tychon/data_stream/tychon_epp/fields/agent.yml
@@ -0,0 +1,192 @@
+- name: cloud
+  title: Cloud
+  group: 2
+  description: Fields related to the cloud or infrastructure the events are coming from.
+  footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.'
+  type: group
+  fields:
+    - name: account.id
+      level: extended
+      type: keyword
+      ignore_above: 1024
+      description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment.
+
+        Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.'
+      example: 666777888999
+    - name: availability_zone
+      level: extended
+      type: keyword
+      ignore_above: 1024
+      description: Availability zone in which this host is running.
+      example: us-east-1c
+    - name: instance.id
+      level: extended
+      type: keyword
+      ignore_above: 1024
+      description: Instance ID of the host machine.
+      example: i-1234567890abcdef0
+    - name: instance.name
+      level: extended
+      type: keyword
+      ignore_above: 1024
+      description: Instance name of the host machine.
+    - name: machine.type
+      level: extended
+      type: keyword
+      ignore_above: 1024
+      description: Machine type of the host machine.
+      example: t2.medium
+    - name: provider
+      level: extended
+      type: keyword
+      ignore_above: 1024
+      description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean.
+      example: aws
+    - name: region
+      level: extended
+      type: keyword
+      ignore_above: 1024
+      description: Region in which this host is running.
+      example: us-east-1
+    - name: project.id
+      type: keyword
+      description: Name of the project in Google Cloud.
+    - name: image.id
+      type: keyword
+      description: Image ID for the cloud instance.
+- name: container
+  title: Container
+  group: 2
+  description: 'Container fields are used for meta information about the specific container that is the source of information.
+
+    These fields help correlate data based containers from any runtime.'
+  type: group
+  fields:
+    - name: id
+      level: core
+      type: keyword
+      ignore_above: 1024
+      description: Unique container id.
+    - name: image.name
+      level: extended
+      type: keyword
+      ignore_above: 1024
+      description: Name of the image the container was built on.
+    - name: name
+      level: extended
+      type: keyword
+      ignore_above: 1024
+      description: Container name.
+- name: host
+  title: Host
+  group: 2
+  description: 'A host is defined as a general computing instance.
+
+    ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.'
+  type: group
+  fields:
+    - name: id
+      description: Unique host id. As hostname is not always unique, use values that are meaningful in your environment.
+      type: keyword
+    - name: biossn
+      description: Host BIOS Serial Number.
+      type: keyword
+    - name: domain
+      level: extended
+      type: keyword
+      ignore_above: 1024
+      description: 'Name of the domain of which the host is a member.
+
+        For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.'
+      example: CONTOSO
+      default_field: false
+    - name: hostname
+      level: core
+      type: keyword
+      ignore_above: 1024
+      description: 'Hostname of the host.
+
+        It normally contains what the `hostname` command returns on the host machine.'
+    - name: ip
+      level: core
+      type: ip
+      description: Host ip addresses.
+    - name: ipv4      
+      level: core
+      type: keyword
+      description: Host ip v4 addresses.
+    - name: ipv6      
+      level: core
+      type: keyword
+      description: Host ip v6 addresses.
+    - name: mac
+      level: core
+      type: keyword
+      ignore_above: 1024
+      description: Host mac addresses.
+    - name: type
+      description: Type of host. For Cloud providers this can be the machine type like t2.medium. If vm, this could be the container, for example, or other information meaningful in your environment.
+      type: keyword
+    - name: uptime
+      description: Seconds the host has been up.
+      type: long
+    - name: workgroup
+      description: Host Workgroup Network Name.
+      type: keyword
+    - name: oem
+      type: group
+      fields:
+        - name: manufacturer
+          description: Host OEM Manufacturer.
+          type: keyword
+        - name: model
+          description: Host OEM Model.
+          type: keyword
+    - name: os
+      type: group
+      fields:
+        - name: build
+          description: Host OS Build.
+          type: keyword
+        - name: description
+          description: Host OS Description.
+          type: keyword
+        - name: family
+          description: OS family (such as redhat, debian, freebsd, windows).
+          type: keyword
+        - name: name
+          description: Operating system name, without the version.
+          type: keyword
+        - name: organization
+          description: Host OS Organization.
+          type: keyword
+        - name: version
+          description: Operating system version as a raw string.
+          type: keyword
+    - name: hardware
+      type: group
+      fields:
+        - name: bios
+          type: group
+          fields:
+            - name: name
+              description: Host BIOS Name.
+              type: keyword
+            - name: version
+              description: Host BIOS Version.
+              type: keyword
+        - name: cpu
+          type: group
+          fields:
+            - name: caption
+              description: Host CPU Caption.
+              type: keyword
+        - name: manufacturer
+          description: Host BIOS Manufacturer.
+          type: keyword
+        - name: owner
+          description: Host BIOS Owner.
+          type: keyword
+        - name: serial_number
+          description: Host BIOS Serial Number.
+          type: keyword
diff --git a/packages/tychon/data_stream/tychon_epp/fields/base-fields.yml b/packages/tychon/data_stream/tychon_epp/fields/base-fields.yml
new file mode 100644
index 00000000000..44a26fd137a
--- /dev/null
+++ b/packages/tychon/data_stream/tychon_epp/fields/base-fields.yml
@@ -0,0 +1,21 @@
+- name: input.type
+  description: Source file type.
+  type: keyword
+- name: log.offset
+  description: Source file current offset.
+  type: long
+- name: data_stream.type
+  type: constant_keyword
+  description: Data stream type.
+- name: data_stream.dataset
+  type: constant_keyword
+  description: Data stream dataset.
+- name: data_stream.namespace
+  type: constant_keyword
+  description: Data stream namespace.
+- name: event.module
+  type: keyword
+  description: Event module.
+- name: '@timestamp'
+  description: Event timestamp.
+  type: date
diff --git a/packages/tychon/data_stream/tychon_epp/fields/ecs.yml b/packages/tychon/data_stream/tychon_epp/fields/ecs.yml
new file mode 100644
index 00000000000..05e44a34ee0
--- /dev/null
+++ b/packages/tychon/data_stream/tychon_epp/fields/ecs.yml
@@ -0,0 +1,52 @@
+- external: ecs
+  name: package.description
+- external: ecs
+  name: package.name
+- external: ecs
+  name: package.reference
+- external: ecs
+  name: package.type
+- external: ecs
+  name: package.build_version
+- external: ecs
+  name: event.kind
+- external: ecs
+  name: ecs.version
+- external: ecs
+  name: event.category
+- external: ecs
+  name: event.created
+- external: ecs
+  name: agent.ephemeral_id
+- external: ecs
+  name: agent.id
+- external: ecs
+  name: event.ingested
+- external: ecs
+  name: agent.name
+- external: ecs
+  name: agent.type
+- external: ecs
+  name: agent.version
+- external: ecs
+  name: event.agent_id_status
+- external: ecs
+  name: event.dataset
+- external: ecs
+  name: event.timezone
+- external: ecs
+  name: error.message
+- external: ecs
+  name: host.os.type
+- external: ecs
+  name: log.file.path
+- external: ecs
+  name: tags
+- external: ecs
+  name: host.architecture
+- external: ecs
+  name: host.name
+- external: ecs
+  name: host.os.kernel
+- external: ecs
+  name: host.os.platform
diff --git a/packages/tychon/data_stream/tychon_epp/fields/fields.yml b/packages/tychon/data_stream/tychon_epp/fields/fields.yml
new file mode 100644
index 00000000000..4b80ceabc31
--- /dev/null
+++ b/packages/tychon/data_stream/tychon_epp/fields/fields.yml
@@ -0,0 +1,109 @@
+- name: id
+  description: TYCHON Unique Idnentifier of the Common Vulnerabilities and Exposures Result for the Endpoint.
+  type: keyword
+- name: script
+  type: group
+  fields:
+    - name: current_duration
+      description: Current Scanner Script Duration.
+      type: long
+    - name: current_time
+      description: Current Script datetime.
+      type: date
+    - name: name
+      description: Scanner Script Name.
+      type: keyword
+    - name: start
+      description: Scanner Start datetime.
+      type: date
+    - name: type
+      description: Scanner Script Type.
+      type: keyword
+    - name: version
+      description: Scanner Script Version.
+      type: keyword
+- name: windows_defender
+  group: 2
+  type: group
+  fields:
+    - name: service
+      type: group
+      fields:
+        - name: behavior_monitor.status
+          description: Windows Defender Behavior Monitor Status.
+          type: keyword
+        - name: ioav_protection.status
+          description: Windows Defender iOffice Antivirus Protection Status.
+          type: keyword
+        - name: on_access_protection.status
+          description: Windows Defender On Access Protection Status.
+          type: keyword
+        - name: real_time_protection.status
+          description: Windows Defender Real-time Procection Status.
+          type: keyword
+        - name: antimalware
+          type: group
+          fields:
+            - name: engine_version
+              description: Windows Defender Antimalware Engine Version.
+              type: keyword
+            - name: product_version
+              description: Windows Defender Antimalware Product Version.
+              type: keyword
+            - name: signature_version
+              description: Windows Defender Antimalware Signature Version.
+              type: keyword
+            - name: status
+              description: Windows Defender Antimalware Status.
+              type: keyword
+        - name: antispyware
+          type: group
+          fields:
+            - name: signature_version
+              description: Windows Defender Antispyware Signature Version.
+              type: keyword
+            - name: status
+              description: Windows Defender Antispyware Status.
+              type: keyword
+        - name: antivirus
+          type: group
+          fields:
+            - name: full_scan.signature_version
+              description: Windows Defender Antivirus Full Scan Version.
+              type: keyword
+            - name: quick_scan.signature_version
+              description: Windows Defender Antivirus Signature Version.
+              type: keyword
+            - name: status
+              description: Windows Defender Antivirus Status.
+              type: keyword
+        - name: nis
+          type: group
+          fields:
+            - name: engine_version
+              description: Windows Defender Network Inspection System Engine Version.
+              type: keyword
+            - name: signature_version
+              description: Windows Defender Network Inspection System Signature Version.
+              type: keyword
+            - name: status
+              description: Windows Defender Network Inspection System Status.
+              type: keyword
+- name: elastic_agent
+  type: group
+  fields:
+    - name: id
+      description: Elastic Agent Id.
+      type: keyword
+    - name: snapshot
+      description: Elastic Agent snapshot.
+      type: boolean
+    - name: version
+      description: Elastic Agent Version.
+      type: keyword
+- name: host.epp.product
+  description: Epp products installed
+  type: keyword
+- name: host.trellix.product
+  description: trellix products installed
+  type: keyword
diff --git a/packages/tychon/data_stream/tychon_epp/manifest.yml b/packages/tychon/data_stream/tychon_epp/manifest.yml
new file mode 100644
index 00000000000..c7770ac7802
--- /dev/null
+++ b/packages/tychon/data_stream/tychon_epp/manifest.yml
@@ -0,0 +1,32 @@
+title: Windows EPP Info
+type: logs
+streams:
+  - input: logfile
+    title: Windows EPP Info
+    description: Windows EPP Info
+    template_path: stream.yml.hbs
+    vars:
+      - name: paths
+        type: text
+        title: Windows EPP Info
+        multi: true
+        required: true
+        show_user: true
+        default:
+          - C:\ProgramData\TYCHONCLOUD\eventlogs\tychon_epp_info.json
+      - name: tags
+        type: text
+        title: Tags
+        multi: true
+        required: true
+        show_user: false
+        default:
+          - tychon-epp-info
+      - name: processors
+        type: yaml
+        title: Processors
+        multi: false
+        required: false
+        show_user: false
+        description: >
+          Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata. This executes in the agent before the logs are parsed. See [Processors](https://www.elastic.co/guide/en/beats/filebeat/current/filtering-and-enhancing-data.html) for details.
diff --git a/packages/tychon/data_stream/tychon_epp/sample_event.json b/packages/tychon/data_stream/tychon_epp/sample_event.json
new file mode 100644
index 00000000000..4b3beb399a0
--- /dev/null
+++ b/packages/tychon/data_stream/tychon_epp/sample_event.json
@@ -0,0 +1,13 @@
+{
+    "package.updateid": "9f2ff11a-e905-4dde-8cec-6d1f948613f7",
+    "package.product": "MicrosoftDefenderAntivirus",
+    "package.name": "SecurityIntelligenceUpdateforMicrosoftDefenderAntivirus-KB2267602(Version1.381.2926.0)",
+    "tychon.id": "5b30ba26bc503cf639fbe77cc38fb015b4e965dd7f4868d3f47f05c7b7f3dc68",
+    "tychon.realm": "TYCC9ED65C1B87545D19954D5C3AB93D947",
+    "package.reference": "https://go.microsoft.com/fwlink/?LinkId=52661",
+    "package.revision": 200,
+    "tychon.campaign": "7f979c0d-29f3-4e87-9edf-3cd854fdaf2b",
+    "": "Succeeded",
+    "package.description": "Installthisupdatetorevisethefilesthatareusedtodetectviruses,spyware,andotherpotentiallyunwantedsoftware.Onceyouhaveinstalledthisitem,itcannotberemoved.",
+    "package.installed": "2023-01-3009:21:18"
+}
\ No newline at end of file
diff --git a/packages/tychon/data_stream/tychon_stig/_dev/test/pipeline/test-stig.json b/packages/tychon/data_stream/tychon_stig/_dev/test/pipeline/test-stig.json
new file mode 100644
index 00000000000..d8b1adf8574
--- /dev/null
+++ b/packages/tychon/data_stream/tychon_stig/_dev/test/pipeline/test-stig.json
@@ -0,0 +1,60 @@
+{
+	"events": [
+		{
+			"rule.benchmark.profile.id": "xccdf_mil.disa.stig_profile_Disable_Slow_Rules",
+			"benchmark.name": "scap_mil.disa.stig_cref_U_MS_Windows_11_V1R2_STIG_SCAP_1-2_Benchmark-xccdf.xml",
+			"rule.weight": "10.0",
+			"rule.title": "",
+			"rule.id": "",
+			"rule.oval.refid": "",
+			"script.type": "powershell",
+			"host.os.build": "22000",
+			"host.ip": "10.1.9.112",
+			"rule.name": "xccdf_mil.disa.stig_rule_SV-253254r828846_rule",
+			"script.version": "0.1.0",
+			"host.hostname": "DESKTOP-TIUKL1R",
+			"host.hardware.manufacturer": "VMware, Inc.",
+			"benchmark.guid": "",
+			"script.start": "2023-06-15T20:14:11Z",
+			"host.os.name": "Microsoft Windows 11 Education N",
+			"id": "bd72307d1093421f95713515c770b79a_1CDA4D56-CF0A-AA55-FF70-B5C7BAEF9AEB_DESKTOP-TIUKL1R_WORKGROUP_oval:mil.disa.stig.windows11:def:253254_B5876182441699AE4B0B035ED3907DA0898FCA4BDE607D5320342F1862DE0379",
+			"rule.test_result": "not applicable",
+			"host.os.organization": "",
+			"host.hardware.cpu.caption": "Intel64 Family 6 Model 45 Stepping 7",
+			"benchmark.hash": "B5876182441699AE4B0B035ED3907DA0898FCA4BDE607D5320342F1862DE0379",
+			"host.hardware.owner": "dcuser",
+			"host.workgroup": "WORKGROUP",
+			"host.hardware.serial_number": "VMware-56 4d da 1c 0a cf 55 aa-ff 70 b5 c7 ba ef 9a eb",
+			"host.ipv4": "10.1.9.112",
+			"host.os.version": "10.0.22000",
+			"host.hardware.bios.name": "Phoenix Technologies LTD",
+			"host.type": "Workstation",
+			"script.name": "Invoke-TychonStigBenchmarkScan.ps1",
+			"oval.id": "oval:mil.disa.stig.windows11:def:253254",
+			"rule.finding_id": "",
+			"rule.oval.class": "compliance",
+			"rule.benchmark.title": "scap_mil.disa.stig_cref_U_MS_Windows_11_V1R2_STIG_SCAP_1-2_Benchmark-xccdf.xml",
+			"rule.benchmark.guid": "",
+			"host.id": "bd72307d1093421f95713515c770b79a_1CDA4D56-CF0A-AA55-FF70-B5C7BAEF9AEB_DESKTOP-TIUKL1R_WORKGROUP",
+			"oval.class": "compliance",
+			"host.biossn": "1CDA4D56-CF0A-AA55-FF70-B5C7BAEF9AEB",
+			"host.mac": "00:0C:29:EF:9A:EB",
+			"oval.refid": "",
+			"rule.severity": "medium",
+			"host.oem.model": "",
+			"host.uptime": "139370",
+			"benchmark.version": "1.2",
+			"script.current_time": "2023-06-15T20:19:35Z",
+			"benchmark.title": "scap_mil.disa.stig_cref_U_MS_Windows_11_V1R2_STIG_SCAP_1-2_Benchmark-xccdf.xml",
+			"rule.oval.id": "oval:mil.disa.stig.windows11:def:253254",
+			"benchmark.generated_utc": "2023-03-28T17:40:48",
+			"host.oem.manufacturer": "",
+			"host.os.description": "",
+			"script.current_duration": "324194.34",
+			"host.ipv6": "fe80::40d1:5287:42b9:5645",
+			"host.hardware.bios.version": "6.00",
+			"host.domain": "",
+			"host.os.family": "Windows"
+		}
+	]
+}
\ No newline at end of file
diff --git a/packages/tychon/data_stream/tychon_stig/_dev/test/pipeline/test-stig.json-config.yml b/packages/tychon/data_stream/tychon_stig/_dev/test/pipeline/test-stig.json-config.yml
new file mode 100644
index 00000000000..302199c74f9
--- /dev/null
+++ b/packages/tychon/data_stream/tychon_stig/_dev/test/pipeline/test-stig.json-config.yml
@@ -0,0 +1,3 @@
+dynamic_fields:
+  "@timestamp": ".*"
+  event.ingested: ".*"
diff --git a/packages/tychon/data_stream/tychon_stig/_dev/test/pipeline/test-stig.json-expected.json b/packages/tychon/data_stream/tychon_stig/_dev/test/pipeline/test-stig.json-expected.json
new file mode 100644
index 00000000000..8f7e9630636
--- /dev/null
+++ b/packages/tychon/data_stream/tychon_stig/_dev/test/pipeline/test-stig.json-expected.json
@@ -0,0 +1,98 @@
+{
+    "expected": [
+        {
+            "@timestamp": "2023-07-28T18:14:39.219921509Z",
+            "benchmark": {
+                "generated_utc": "2023-03-28T17:40:48",
+                "guid": "",
+                "hash": "B5876182441699AE4B0B035ED3907DA0898FCA4BDE607D5320342F1862DE0379",
+                "name": "scap_mil.disa.stig_cref_U_MS_Windows_11_V1R2_STIG_SCAP_1-2_Benchmark-xccdf.xml",
+                "title": "scap_mil.disa.stig_cref_U_MS_Windows_11_V1R2_STIG_SCAP_1-2_Benchmark-xccdf.xml",
+                "version": "1.2"
+            },
+            "ecs": {
+                "version": "8.8.0"
+            },
+            "event": {
+                "category": [
+                    "host"
+                ],
+                "ingested": "2023-07-28T18:14:39.219921509Z",
+                "kind": "state",
+                "module": "tychon"
+            },
+            "host": {
+                "biossn": "1CDA4D56-CF0A-AA55-FF70-B5C7BAEF9AEB",
+                "domain": "",
+                "hardware": {
+                    "bios": {
+                        "name": "Phoenix Technologies LTD",
+                        "version": "6.00"
+                    },
+                    "cpu": {
+                        "caption": "Intel64 Family 6 Model 45 Stepping 7"
+                    },
+                    "manufacturer": "VMware, Inc.",
+                    "owner": "dcuser",
+                    "serial_number": "VMware-56 4d da 1c 0a cf 55 aa-ff 70 b5 c7 ba ef 9a eb"
+                },
+                "hostname": "DESKTOP-TIUKL1R",
+                "id": "bd72307d1093421f95713515c770b79a_1CDA4D56-CF0A-AA55-FF70-B5C7BAEF9AEB_DESKTOP-TIUKL1R_WORKGROUP",
+                "ip": "10.1.9.112",
+                "ipv4": "10.1.9.112",
+                "ipv6": "fe80::40d1:5287:42b9:5645",
+                "mac": "00-0C-29-EF-9A-EB",
+                "oem": {
+                    "manufacturer": "",
+                    "model": ""
+                },
+                "os": {
+                    "build": "22000",
+                    "description": "",
+                    "family": "Windows",
+                    "name": "Microsoft Windows 11 Education N",
+                    "organization": "",
+                    "version": "10.0.22000"
+                },
+                "type": "Workstation",
+                "uptime": 139370,
+                "workgroup": "WORKGROUP"
+            },
+            "id": "bd72307d1093421f95713515c770b79a_1CDA4D56-CF0A-AA55-FF70-B5C7BAEF9AEB_DESKTOP-TIUKL1R_WORKGROUP_oval:mil.disa.stig.windows11:def:253254_B5876182441699AE4B0B035ED3907DA0898FCA4BDE607D5320342F1862DE0379",
+            "oval": {
+                "class": "compliance",
+                "id": "oval:mil.disa.stig.windows11:def:253254",
+                "refid": ""
+            },
+            "rule": {
+                "benchmark": {
+                    "guid": "",
+                    "profile": {
+                        "id": "xccdf_mil.disa.stig_profile_Disable_Slow_Rules"
+                    },
+                    "title": "scap_mil.disa.stig_cref_U_MS_Windows_11_V1R2_STIG_SCAP_1-2_Benchmark-xccdf.xml"
+                },
+                "finding_id": "",
+                "id": "",
+                "name": "xccdf_mil.disa.stig_rule_SV-253254r828846_rule",
+                "oval": {
+                    "class": "compliance",
+                    "id": "oval:mil.disa.stig.windows11:def:253254",
+                    "refid": ""
+                },
+                "result": "not applicable",
+                "severity": "medium",
+                "title": "",
+                "weight": 10.0
+            },
+            "script": {
+                "current_duration": 324194.34,
+                "current_time": "2023-06-15T20:19:35Z",
+                "name": "Invoke-TychonStigBenchmarkScan.ps1",
+                "start": "2023-06-15T20:14:11Z",
+                "type": "powershell",
+                "version": "0.1.0"
+            }
+        }
+    ]
+}
diff --git a/packages/tychon/data_stream/tychon_stig/agent/stream/stream.yml.hbs b/packages/tychon/data_stream/tychon_stig/agent/stream/stream.yml.hbs
new file mode 100644
index 00000000000..9d64e35f110
--- /dev/null
+++ b/packages/tychon/data_stream/tychon_stig/agent/stream/stream.yml.hbs
@@ -0,0 +1,22 @@
+paths:
+{{#each paths as |path|}}
+ - {{path}}
+{{/each}}
+tags:
+{{#if preserve_original_event}}
+  - preserve_original_event
+{{/if}}
+{{#each tags as |tag|}}
+  - {{tag}}
+{{/each}}
+{{#contains "forwarded" tags}}
+publisher_pipeline.disable_host: true
+{{/contains}}
+processors:
+- add_locale: ~
+{{#if processors}}
+{{processors}}
+{{/if}}
+json:
+  keys_under_root: true
+  expand_keys: true	
\ No newline at end of file
diff --git a/packages/tychon/data_stream/tychon_stig/elasticsearch/ingest_pipeline/default.yml b/packages/tychon/data_stream/tychon_stig/elasticsearch/ingest_pipeline/default.yml
new file mode 100644
index 00000000000..41c4482de43
--- /dev/null
+++ b/packages/tychon/data_stream/tychon_stig/elasticsearch/ingest_pipeline/default.yml
@@ -0,0 +1,69 @@
+---
+description: Pipeline for parsing TYCHON Windows Patches
+processors:  
+  - dot_expander:
+      field: "*"
+  - set:
+      if: "ctx.containsKey('tychon') && ctx.tychon.containsKey('id')"
+      field: 'host.id'
+      value: '{{tychon.id}}'  
+  - remove:
+      if: "ctx.containsKey('tychon') && ctx.tychon.containsKey('id')"
+      field: 'tychon'
+  - set:
+      if: "!(ctx.containsKey('id'))"
+      field: id
+      value: '{{host.id}}'  
+  - set:      
+      field: _id
+      value: '{{id}}'     
+  - set:
+      field: '@timestamp'
+      value: '{{_ingest.timestamp}}'
+  - set:
+      if: "ctx.containsKey('rule') && ctx.rule.containsKey('test_result')"
+      field: rule.result
+      value: '{{rule.test_result}}'
+  - remove:
+      if: "ctx.containsKey('rule') && ctx.rule.containsKey('test_result')"      
+      field: rule.test_result
+  - set:
+      field: ecs.version
+      value: '8.8.0'
+  - set:
+      field: event.kind
+      value: state
+  - set:
+      field: event.module
+      value: tychon
+  - set:
+      field: event.category
+      value: [host]
+  - set:
+      field: event.ingested
+      value: '{{_ingest.timestamp}}'
+  - convert:
+      field: host.uptime
+      type: long
+  - script:
+      source: ctx.host.mac = ctx.host.mac.replace(':','-')
+  - convert:
+      field: host.uptime
+      type: long
+  - gsub:
+      field: host.mac
+      pattern: ":"
+      replacement: "-"
+  - convert:
+      field: script.current_duration
+      type: float
+  - convert:
+      field: rule.weight
+      type: float
+on_failure:
+  - set:
+      field: event.kind
+      value: pipeline_error
+  - append:
+      field: error.message
+      value: '{{{ _ingest.on_failure_message }}}'
diff --git a/packages/tychon/data_stream/tychon_stig/fields/agent.yml b/packages/tychon/data_stream/tychon_stig/fields/agent.yml
new file mode 100644
index 00000000000..4542034fdd6
--- /dev/null
+++ b/packages/tychon/data_stream/tychon_stig/fields/agent.yml
@@ -0,0 +1,192 @@
+- name: cloud
+  title: Cloud
+  group: 2
+  description: Fields related to the cloud or infrastructure the events are coming from.
+  footnote: 'Examples: If Metricbeat is running on an EC2 host and fetches data from its host, the cloud info contains the data about this machine. If Metricbeat runs on a remote machine outside the cloud and fetches data from a service running in the cloud, the field contains cloud data from the machine the service is running on.'
+  type: group
+  fields:
+    - name: account.id
+      level: extended
+      type: keyword
+      ignore_above: 1024
+      description: 'The cloud account or organization id used to identify different entities in a multi-tenant environment.
+
+        Examples: AWS account id, Google Cloud ORG Id, or other unique identifier.'
+      example: 666777888999
+    - name: availability_zone
+      level: extended
+      type: keyword
+      ignore_above: 1024
+      description: Availability zone in which this host is running.
+      example: us-east-1c
+    - name: instance.id
+      level: extended
+      type: keyword
+      ignore_above: 1024
+      description: Instance ID of the host machine.
+      example: i-1234567890abcdef0
+    - name: instance.name
+      level: extended
+      type: keyword
+      ignore_above: 1024
+      description: Instance name of the host machine.
+    - name: machine.type
+      level: extended
+      type: keyword
+      ignore_above: 1024
+      description: Machine type of the host machine.
+      example: t2.medium
+    - name: provider
+      level: extended
+      type: keyword
+      ignore_above: 1024
+      description: Name of the cloud provider. Example values are aws, azure, gcp, or digitalocean.
+      example: aws
+    - name: region
+      level: extended
+      type: keyword
+      ignore_above: 1024
+      description: Region in which this host is running.
+      example: us-east-1
+    - name: project.id
+      type: keyword
+      description: Name of the project in Google Cloud.
+    - name: image.id
+      type: keyword
+      description: Image ID for the cloud instance.
+- name: container
+  title: Container
+  group: 2
+  description: 'Container fields are used for meta information about the specific container that is the source of information.
+
+    These fields help correlate data based containers from any runtime.'
+  type: group
+  fields:
+    - name: id
+      level: core
+      type: keyword
+      ignore_above: 1024
+      description: Unique container id.
+    - name: image.name
+      level: extended
+      type: keyword
+      ignore_above: 1024
+      description: Name of the image the container was built on.
+    - name: name
+      level: extended
+      type: keyword
+      ignore_above: 1024
+      description: Container name.
+- name: host
+  title: Host
+  group: 2
+  description: 'A host is defined as a general computing instance.
+
+    ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.'
+  type: group
+  fields:
+    - name: id
+      description: Unique host id. As hostname is not always unique, use values that are meaningful in your environment.
+      type: keyword
+    - name: biossn
+      description: Host BIOS Serial Number.
+      type: keyword
+    - name: domain
+      level: extended
+      type: keyword
+      ignore_above: 1024
+      description: 'Name of the domain of which the host is a member.
+
+        For example, on Windows this could be the host''s Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host''s LDAP provider.'
+      example: CONTOSO
+      default_field: false
+    - name: hostname
+      level: core
+      type: keyword
+      ignore_above: 1024
+      description: 'Hostname of the host.
+
+        It normally contains what the `hostname` command returns on the host machine.'
+    - name: ip
+      level: core
+      type: ip
+      description: Host ip addresses.
+    - name: ipv4      
+      level: core
+      type: keyword
+      description: Host ip v4 addresses.
+    - name: ipv6      
+      level: core
+      type: keyword
+      description: Host ip v6 addresses.
+    - name: mac
+      level: core
+      type: keyword
+      ignore_above: 1024
+      description: Host mac addresses.
+    - name: type
+      description: Type of host. For Cloud providers this can be the machine type like t2.medium. If vm, this could be the container, for example, or other information meaningful in your environment.
+      type: keyword
+    - name: uptime
+      description: Seconds the host has been up.
+      type: long
+    - name: workgroup
+      description: Host Workgroup Network Name.
+      type: keyword
+    - name: oem
+      type: group
+      fields:
+        - name: manufacturer
+          description: Host OEM Manufacturer.
+          type: keyword
+        - name: model
+          description: Host OEM Model.
+          type: keyword
+    - name: os
+      type: group
+      fields:
+        - name: build
+          description: Host OS Build.
+          type: keyword
+        - name: description
+          description: Host OS Description.
+          type: keyword
+        - name: family
+          description: OS family (such as redhat, debian, freebsd, windows).
+          type: keyword
+        - name: name
+          description: Operating system name, without the version.
+          type: keyword
+        - name: organization
+          description: Host OS Organization.
+          type: keyword
+        - name: version
+          description: Operating system version as a raw string.
+          type: keyword
+    - name: hardware
+      type: group
+      fields:
+        - name: bios
+          type: group
+          fields:
+            - name: name
+              description: Host BIOS Name.
+              type: keyword
+            - name: version
+              description: Host BIOS Version.
+              type: keyword
+        - name: cpu
+          type: group
+          fields:
+            - name: caption
+              description: Host CPU Caption.
+              type: keyword
+        - name: manufacturer
+          description: Host BIOS Manufacturer.
+          type: keyword
+        - name: owner
+          description: Host BIOS Owner.
+          type: keyword
+        - name: serial_number
+          description: Host BIOS Serial Number.
+          type: keyword
diff --git a/packages/tychon/data_stream/tychon_stig/fields/base-fields.yml b/packages/tychon/data_stream/tychon_stig/fields/base-fields.yml
new file mode 100644
index 00000000000..44a26fd137a
--- /dev/null
+++ b/packages/tychon/data_stream/tychon_stig/fields/base-fields.yml
@@ -0,0 +1,21 @@
+- name: input.type
+  description: Source file type.
+  type: keyword
+- name: log.offset
+  description: Source file current offset.
+  type: long
+- name: data_stream.type
+  type: constant_keyword
+  description: Data stream type.
+- name: data_stream.dataset
+  type: constant_keyword
+  description: Data stream dataset.
+- name: data_stream.namespace
+  type: constant_keyword
+  description: Data stream namespace.
+- name: event.module
+  type: keyword
+  description: Event module.
+- name: '@timestamp'
+  description: Event timestamp.
+  type: date
diff --git a/packages/tychon/data_stream/tychon_stig/fields/ecs.yml b/packages/tychon/data_stream/tychon_stig/fields/ecs.yml
new file mode 100644
index 00000000000..7329d8fd21c
--- /dev/null
+++ b/packages/tychon/data_stream/tychon_stig/fields/ecs.yml
@@ -0,0 +1,54 @@
+- external: ecs
+  name: package.description
+- external: ecs
+  name: package.name
+- external: ecs
+  name: package.reference
+- external: ecs
+  name: package.type
+- external: ecs
+  name: package.build_version
+- external: ecs
+  name: rule.name
+- external: ecs
+  name: event.kind
+- external: ecs
+  name: ecs.version
+- external: ecs
+  name: event.category
+- external: ecs
+  name: event.created
+- external: ecs
+  name: agent.ephemeral_id
+- external: ecs
+  name: agent.id
+- external: ecs
+  name: event.ingested
+- external: ecs
+  name: agent.name
+- external: ecs
+  name: agent.type
+- external: ecs
+  name: agent.version
+- external: ecs
+  name: event.agent_id_status
+- external: ecs
+  name: event.dataset
+- external: ecs
+  name: event.timezone
+- external: ecs
+  name: error.message
+- external: ecs
+  name: host.os.type
+- external: ecs
+  name: log.file.path
+- external: ecs
+  name: tags
+- external: ecs
+  name: host.architecture
+- external: ecs
+  name: host.name
+- external: ecs
+  name: host.os.kernel
+- external: ecs
+  name: host.os.platform
diff --git a/packages/tychon/data_stream/tychon_stig/fields/fields.yml b/packages/tychon/data_stream/tychon_stig/fields/fields.yml
new file mode 100644
index 00000000000..864e77b3f8f
--- /dev/null
+++ b/packages/tychon/data_stream/tychon_stig/fields/fields.yml
@@ -0,0 +1,126 @@
+- name: id
+  description: Tychon Unique Stig Id.
+  type: keyword
+- name: benchmark
+  type: group
+  fields:
+    - name: guid
+      description: Benchmark GUID.
+      type: keyword
+    - name: generated_utc
+      description: Benchmark UTC.
+      type: keyword
+    - name: hash
+      description: Benchmark SHA256 Hash
+      type: keyword
+    - name: name
+      description: Benchmark Name.
+      type: keyword
+    - name: title
+      description: Benchmark Title.
+      type: keyword
+    - name: version
+      description: Benchmark Version.
+      type: keyword
+    - name: list
+      description: Benchmark Summary Name List.
+      type: keyword
+    - name: count
+      description: Benchmark Summary Name List Item Count.
+      type: long
+- name: oval
+  type: group
+  fields:
+    - name: id
+      description: Open Vulnerabilities and Assessment Language Identifier.
+      type: keyword
+    - name: class
+      description: Open Vulnerabilities and Assessment Language Class.
+      type: keyword
+    - name: refid
+      description: Open Vulnerabilities and Assessment Language Rule Reference Identifier.
+      type: keyword
+- name: rule
+  type: group
+  fields:
+    - name: id
+      description: Benchmark Rule Identifier.
+      type: keyword
+    - name: finding_id
+      description: Benchmark Rule Finding Identifier.
+      type: keyword
+    - name: result
+      description: Benchmark Rule Results.
+      type: keyword
+    - name: severity
+      description: Benchmark Severity Status.
+      type: keyword
+    - name: stig_id
+      description: Stig rule id
+      type: keyword
+    - name: title
+      description: Benchmark Rule Title.
+      type: keyword
+    - name: vulnerability_id
+      description: Rule vulnerability id.
+      type: keyword
+    - name: weight
+      description: Benchmark Rule Weight.
+      type: float
+    - name: benchmark
+      type: group
+      fields:
+        - name: guid
+          description: Benchmark Rule GUID.
+          type: keyword
+        - name: profile.id
+          description: Benchmark Rule Profile Identifier.
+          type: keyword
+        - name: title
+          description: Benchmark Rule Title.
+          type: keyword
+    - name: oval
+      type: group
+      fields:
+        - name: id
+          description: Open Vulnerabilities and Assessment Language Identifier.
+          type: keyword
+        - name: class
+          description: Open Vulnerabilities and Assessment Language Class.
+          type: keyword
+        - name: refid
+          description: Open Vulnerabilities and Assessment Language Reference Identifier.
+          type: keyword
+- name: script
+  type: group
+  fields:
+    - name: current_duration
+      description: Scanner Script Duration.
+      type: long
+    - name: current_time
+      description: Current datetime.
+      type: date
+    - name: name
+      description: Scanner Script Name.
+      type: keyword
+    - name: start
+      description: Scanner Start datetime.
+      type: date
+    - name: type
+      description: Scanner Script Type.
+      type: keyword
+    - name: version
+      description: Scanner Script Version.
+      type: keyword
+- name: elastic_agent
+  type: group
+  fields:
+    - name: id
+      description: Elastic Agent Id.
+      type: keyword
+    - name: snapshot
+      description: Elastic Agent snapshot.
+      type: boolean
+    - name: version
+      description: Elastic Agent Version.
+      type: keyword
diff --git a/packages/tychon/data_stream/tychon_stig/manifest.yml b/packages/tychon/data_stream/tychon_stig/manifest.yml
new file mode 100644
index 00000000000..10c1782b32e
--- /dev/null
+++ b/packages/tychon/data_stream/tychon_stig/manifest.yml
@@ -0,0 +1,32 @@
+title: Windows STIG Info
+type: logs
+streams:
+  - input: logfile
+    title: Windows STIG Info
+    description: Windows STIG Info
+    template_path: stream.yml.hbs
+    vars:
+      - name: paths
+        type: text
+        title: Windows Patches Results
+        multi: true
+        required: true
+        show_user: true
+        default:
+          - C:\ProgramData\TYCHONCLOUD\eventlogs\tychon_stig_info.json
+      - name: tags
+        type: text
+        title: Tags
+        multi: true
+        required: true
+        show_user: false
+        default:
+          - tychon-stig-info
+      - name: processors
+        type: yaml
+        title: Processors
+        multi: false
+        required: false
+        show_user: false
+        description: >
+          Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata. This executes in the agent before the logs are parsed. See [Processors](https://www.elastic.co/guide/en/beats/filebeat/current/filtering-and-enhancing-data.html) for details.
diff --git a/packages/tychon/data_stream/tychon_stig/sample_event.json b/packages/tychon/data_stream/tychon_stig/sample_event.json
new file mode 100644
index 00000000000..4b3beb399a0
--- /dev/null
+++ b/packages/tychon/data_stream/tychon_stig/sample_event.json
@@ -0,0 +1,13 @@
+{
+    "package.updateid": "9f2ff11a-e905-4dde-8cec-6d1f948613f7",
+    "package.product": "MicrosoftDefenderAntivirus",
+    "package.name": "SecurityIntelligenceUpdateforMicrosoftDefenderAntivirus-KB2267602(Version1.381.2926.0)",
+    "tychon.id": "5b30ba26bc503cf639fbe77cc38fb015b4e965dd7f4868d3f47f05c7b7f3dc68",
+    "tychon.realm": "TYCC9ED65C1B87545D19954D5C3AB93D947",
+    "package.reference": "https://go.microsoft.com/fwlink/?LinkId=52661",
+    "package.revision": 200,
+    "tychon.campaign": "7f979c0d-29f3-4e87-9edf-3cd854fdaf2b",
+    "": "Succeeded",
+    "package.description": "Installthisupdatetorevisethefilesthatareusedtodetectviruses,spyware,andotherpotentiallyunwantedsoftware.Onceyouhaveinstalledthisitem,itcannotberemoved.",
+    "package.installed": "2023-01-3009:21:18"
+}
\ No newline at end of file
diff --git a/packages/tychon/img/TychonLogo.svg b/packages/tychon/img/TychonLogo.svg
new file mode 100644
index 00000000000..47b482d3444
--- /dev/null
+++ b/packages/tychon/img/TychonLogo.svg
@@ -0,0 +1,59 @@
+<?xml version="1.0" encoding="utf-8"?>
+<!-- Generator: Adobe Illustrator 15.1.0, SVG Export Plug-In . SVG Version: 6.00 Build 0)  -->
+<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">
+<svg version="1.1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px" width="301px"
+	 height="301px" viewBox="-18.009 12.04 301 301" enable-background="new -18.009 12.04 301 301" xml:space="preserve">
+<g id="Layer_5">
+	
+		<line fill="none" stroke="#000000" stroke-width="0.72" stroke-linecap="round" stroke-linejoin="round" stroke-miterlimit="10" x1="282.773" y1="46.653" x2="282.773" y2="279.257"/>
+	
+		<line fill="none" stroke="#000000" stroke-width="0.72" stroke-linecap="round" stroke-linejoin="round" stroke-miterlimit="10" x1="-18.009" y1="279.257" x2="-18.009" y2="46.653"/>
+	
+		<path fill="#002B49" stroke="#000000" stroke-width="0.72" stroke-linecap="round" stroke-linejoin="round" stroke-miterlimit="10" d="
+		M282.773,46.56c-0.004-19.065-17.992-34.52-40.182-34.52H22.172c-22.191,0-40.181,15.458-40.181,34.524v232.603
+		c0,19.067,17.99,34.524,40.181,34.524h0.104h220.42h-0.104c22.19,0,40.182-15.457,40.182-34.524"/>
+	
+		<line fill="none" stroke="#000000" stroke-width="0.72" stroke-linecap="round" stroke-linejoin="round" stroke-miterlimit="10" x1="22.276" y1="12.219" x2="242.696" y2="12.219"/>
+</g>
+<g id="Layer_3">
+	<g id="Layer_3_2_">
+		
+			<polyline fill="#F6F6F6" stroke="#002B49" stroke-width="3" stroke-linecap="round" stroke-linejoin="round" stroke-miterlimit="10" points="
+			131.585,295 129.703,294.116 127.711,293.118 125.828,292.121 123.947,291.015 121.954,289.797 120.071,288.58 118.189,287.251 
+			116.197,285.921 114.315,284.483 112.432,282.93 110.551,281.382 108.668,279.722 106.675,277.951 104.792,276.179 
+			102.91,274.295 101.028,272.303 99.145,270.31 97.374,268.206 95.491,266.103 93.609,263.889 91.838,261.564 90.067,259.128 
+			88.185,256.693 86.412,254.254 84.641,251.598 82.871,248.942 81.209,246.286 79.437,243.517 77.777,240.637 76.005,237.758 
+			74.345,234.77 72.795,231.67 71.133,228.57 69.473,225.359 67.924,222.149 66.373,218.937 64.823,215.503 63.384,212.184 
+			61.834,208.751 60.393,205.209 58.955,201.663 57.516,198.01 56.188,194.356 54.748,190.703 53.419,186.939 52.201,183.174 
+			50.872,179.3 49.656,175.424 48.437,171.439 47.219,167.563 46.112,163.579 45.005,159.481 43.897,155.497 42.79,151.399 
+			41.793,147.193 40.797,143.094 39.801,138.887 38.914,134.681 38.029,130.473 37.143,126.266 36.258,121.947 35.483,117.74 
+			34.708,113.423 33.932,109.104 32.493,100.468 31.275,91.832 30.169,83.085 29.061,74.45 28.175,65.703 27.4,57.067 27.4,56.956 
+			27.4,56.845 27.622,56.845 27.843,56.956 28.397,56.956 29.394,57.178 31.497,57.398 35.594,57.731 39.801,58.063 44.12,58.174 
+			48.326,58.174 50.429,58.174 52.644,58.063 54.748,57.953 56.851,57.841 59.066,57.621 61.169,57.398 63.273,57.178 
+			65.488,56.845 67.591,56.513 69.695,56.181 71.8,55.849 74.012,55.406 76.116,54.963 78.22,54.52 80.323,53.966 82.427,53.413 
+			84.531,52.749 86.524,52.195 88.627,51.531 90.731,50.866 92.724,50.092 94.717,49.427 96.821,48.542 98.813,47.767 
+			100.806,46.881 102.689,46.105 104.682,45.109 106.564,44.224 108.557,43.227 110.439,42.23 112.321,41.234 114.204,40.238 
+			117.857,38.023 121.4,35.809 124.943,33.373 128.264,30.937 131.585,28.391 134.907,30.937 138.229,33.373 141.771,35.809 
+			145.316,38.023 148.969,40.238 150.851,41.234 152.733,42.23 154.616,43.227 156.607,44.224 158.491,45.109 160.485,46.105 
+			162.366,46.881 164.358,47.767 166.351,48.542 168.457,49.427 170.447,50.092 172.441,50.866 174.546,51.531 176.648,52.195 
+			178.641,52.749 180.745,53.413 182.849,53.966 184.952,54.52 187.055,54.963 189.161,55.406 191.374,55.849 193.476,56.181 
+			195.581,56.513 197.685,56.845 199.897,57.178 202.004,57.398 204.106,57.621 206.321,57.841 208.425,57.953 210.529,58.063 
+			212.743,58.174 214.847,58.174 219.053,58.174 223.371,58.063 227.578,57.731 231.676,57.398 233.778,57.178 234.775,56.956 
+			235.328,56.956 235.551,56.845 235.771,56.845 235.771,56.956 235.771,57.067 234.997,65.703 234.11,74.45 233.005,83.085 
+			231.897,91.832 230.679,100.468 229.239,109.104 228.464,113.423 227.689,117.74 226.915,121.947 226.029,126.266 
+			225.143,130.473 224.256,134.681 223.371,138.887 222.376,143.094 221.38,147.193 220.383,151.399 219.273,155.497 
+			218.167,159.481 217.06,163.579 215.952,167.563 214.735,171.439 213.518,175.424 212.301,179.3 210.969,183.174 209.753,186.939 
+			208.425,190.703 206.986,194.356 205.656,198.01 204.218,201.663 202.778,205.209 201.339,208.751 199.788,212.184 
+			198.35,215.503 196.799,218.937 195.249,222.149 193.7,225.359 192.038,228.57 190.378,231.67 188.827,234.77 187.169,237.758 
+			185.396,240.637 183.734,243.517 181.963,246.286 180.302,248.942 178.531,251.598 176.76,254.254 174.987,256.693 
+			173.104,259.128 171.334,261.564 169.562,263.889 167.679,266.103 165.798,268.206 164.026,270.31 162.143,272.303 
+			160.262,274.295 158.379,276.179 156.498,277.951 154.505,279.722 152.623,281.382 150.74,282.93 148.859,284.483 
+			146.975,285.921 144.983,287.251 143.101,288.58 141.218,289.797 139.225,291.015 137.345,292.121 135.462,293.118 
+			133.468,294.116 131.585,295 		"/>
+	</g>
+</g>
+<g id="Layer_4">
+	<polygon fill="#002B49" stroke="#002B49" stroke-width="3" stroke-miterlimit="10" points="184.177,73.629 184.177,103.664 
+		148.654,103.664 148.654,259.394 115.441,259.394 115.441,103.664 78.996,103.664 78.996,73.629 	"/>
+</g>
+</svg>
diff --git a/packages/tychon/img/TychonScreenshot.png b/packages/tychon/img/TychonScreenshot.png
new file mode 100644
index 00000000000..9207bbeac58
Binary files /dev/null and b/packages/tychon/img/TychonScreenshot.png differ
diff --git a/packages/tychon/img/tychon-color.png b/packages/tychon/img/tychon-color.png
new file mode 100644
index 00000000000..0e2c6d9f1d5
Binary files /dev/null and b/packages/tychon/img/tychon-color.png differ
diff --git a/packages/tychon/kibana/dashboard/tychon-078edb40-d137-11e9-a2af-693b633cf871-stig.json b/packages/tychon/kibana/dashboard/tychon-078edb40-d137-11e9-a2af-693b633cf871-stig.json
new file mode 100644
index 00000000000..13a9275e9af
--- /dev/null
+++ b/packages/tychon/kibana/dashboard/tychon-078edb40-d137-11e9-a2af-693b633cf871-stig.json
@@ -0,0 +1,120 @@
+{
+    "attributes": {
+        "description": "Analyze the status your current STIG scans run against your endpoints.",
+        "kibanaSavedObjectMeta": {
+            "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"
+        },
+        "optionsJSON": "{\"hidePanelTitles\":false,\"useMargins\":true}",
+        "panelsJSON": "[{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":0,\"w\":13,\"h\":4,\"i\":\"c9a6aaf7-7ebd-43d6-ae37-eb8664d5c0c5\"},\"panelIndex\":\"c9a6aaf7-7ebd-43d6-ae37-eb8664d5c0c5\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsMetric\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"ed7c1bb4-5aac-45d4-9aff-06f4d4ad4a9a\",\"name\":\"indexpattern-datasource-layer-6fff9691-3ddd-4388-8285-de60ad5d992f\"}],\"state\":{\"visualization\":{\"layerId\":\"6fff9691-3ddd-4388-8285-de60ad5d992f\",\"layerType\":\"data\",\"palette\":{\"type\":\"palette\",\"name\":\"status\",\"params\":{\"name\":\"status\",\"reverse\":false,\"rangeType\":\"percent\",\"rangeMin\":0,\"rangeMax\":100,\"progression\":\"fixed\",\"stops\":[{\"color\":\"#209280\",\"stop\":33.33},{\"color\":\"#d6bf57\",\"stop\":66.66},{\"color\":\"#cc5642\",\"stop\":100}],\"steps\":3,\"colorStops\":[],\"continuity\":\"all\",\"maxSteps\":5}},\"metricAccessor\":\"71671d69-d31c-4a61-9ee3-68bacec8d16f\",\"maxAccessor\":\"a2a4b1f7-a375-41c3-8b87-261df67e20c0\",\"showBar\":true,\"progressDirection\":\"horizontal\",\"subtitle\":\"Failed tests to all tests.\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"6fff9691-3ddd-4388-8285-de60ad5d992f\":{\"columns\":{\"71671d69-d31c-4a61-9ee3-68bacec8d16f\":{\"label\":\"Total Failures\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"filter\":{\"query\":\"rule.result: \\\"fail\\\"\",\"language\":\"kuery\"},\"params\":{\"emptyAsNull\":false},\"customLabel\":true},\"a2a4b1f7-a375-41c3-8b87-261df67e20c0\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true},\"filter\":{\"query\":\"rule.result: \\\"fail\\\" or rule.result: \\\"pass\\\"\",\"language\":\"kuery\"}}},\"columnOrder\":[\"71671d69-d31c-4a61-9ee3-68bacec8d16f\",\"a2a4b1f7-a375-41c3-8b87-261df67e20c0\"],\"sampling\":1,\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":true,\"enhancements\":{}}},{\"version\":\"8.6.2\",\"type\":\"visualization\",\"gridData\":{\"x\":13,\"y\":0,\"w\":17,\"h\":4,\"i\":\"43863395-18af-4a6d-b628-90743756adce\"},\"panelIndex\":\"43863395-18af-4a6d-b628-90743756adce\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Total Systems\",\"panelRefName\":\"panel_43863395-18af-4a6d-b628-90743756adce\"},{\"version\":\"8.6.2\",\"type\":\"visualization\",\"gridData\":{\"x\":30,\"y\":0,\"w\":4,\"h\":8,\"i\":\"aa2bd77f-4729-41c8-aa01-ddd9dc160b33\"},\"panelIndex\":\"aa2bd77f-4729-41c8-aa01-ddd9dc160b33\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_aa2bd77f-4729-41c8-aa01-ddd9dc160b33\"},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":34,\"y\":0,\"w\":14,\"h\":20,\"i\":\"149977b6-c38d-4715-974d-641c1fc8e57b\"},\"panelIndex\":\"149977b6-c38d-4715-974d-641c1fc8e57b\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"ed7c1bb4-5aac-45d4-9aff-06f4d4ad4a9a\",\"name\":\"indexpattern-datasource-layer-5e88cf37-b3d3-4794-acb6-5e30cdcfd93e\"}],\"state\":{\"visualization\":{\"layerId\":\"5e88cf37-b3d3-4794-acb6-5e30cdcfd93e\",\"layerType\":\"data\",\"columns\":[{\"columnId\":\"3af96ad3-0927-4d98-926f-ff4a49627148\",\"oneClickFilter\":true},{\"columnId\":\"4136d2b6-93b1-42bb-ad71-6a19e3cc12b8\",\"alignment\":\"center\",\"colorMode\":\"cell\",\"palette\":{\"type\":\"palette\",\"name\":\"temperature\",\"params\":{\"stops\":[{\"color\":\"#6092c0\",\"stop\":0},{\"color\":\"#a8bfda\",\"stop\":20},{\"color\":\"#ebeff5\",\"stop\":40},{\"color\":\"#ecb385\",\"stop\":60},{\"color\":\"#e7664c\",\"stop\":80}],\"name\":\"temperature\",\"continuity\":\"above\",\"reverse\":false,\"rangeMin\":0,\"rangeMax\":null}},\"hidden\":false,\"summaryRow\":\"avg\"}]},\"query\":{\"query\":\"rule.result.score :*\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"5e88cf37-b3d3-4794-acb6-5e30cdcfd93e\":{\"columns\":{\"3af96ad3-0927-4d98-926f-ff4a49627148\":{\"label\":\"Benchmark\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"benchmarkname\",\"isBucketed\":true,\"params\":{\"size\":100,\"orderBy\":{\"type\":\"alphabetical\",\"fallback\":true},\"orderDirection\":\"asc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"4136d2b6-93b1-42bb-ad71-6a19e3cc12b8X0\":{\"label\":\"Part of Score %\",\"dataType\":\"number\",\"operationType\":\"sum\",\"sourceField\":\"rule.result.score\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"emptyAsNull\":false},\"customLabel\":true},\"4136d2b6-93b1-42bb-ad71-6a19e3cc12b8X1\":{\"label\":\"Part of Score %\",\"dataType\":\"number\",\"operationType\":\"sum\",\"sourceField\":\"rule.result.score\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"emptyAsNull\":false},\"customLabel\":true},\"4136d2b6-93b1-42bb-ad71-6a19e3cc12b8X2\":{\"label\":\"Part of Score %\",\"dataType\":\"number\",\"operationType\":\"overall_sum\",\"isBucketed\":false,\"scale\":\"ratio\",\"references\":[\"4136d2b6-93b1-42bb-ad71-6a19e3cc12b8X1\"],\"customLabel\":true},\"4136d2b6-93b1-42bb-ad71-6a19e3cc12b8X3\":{\"label\":\"Part of Score %\",\"dataType\":\"number\",\"operationType\":\"math\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"tinymathAst\":{\"type\":\"function\",\"name\":\"divide\",\"args\":[\"4136d2b6-93b1-42bb-ad71-6a19e3cc12b8X0\",\"4136d2b6-93b1-42bb-ad71-6a19e3cc12b8X2\"],\"location\":{\"min\":0,\"max\":62},\"text\":\"(sum(rule.result.score) / overall_sum(sum(rule.result.score)))\"}},\"references\":[\"4136d2b6-93b1-42bb-ad71-6a19e3cc12b8X0\",\"4136d2b6-93b1-42bb-ad71-6a19e3cc12b8X2\"],\"customLabel\":true},\"4136d2b6-93b1-42bb-ad71-6a19e3cc12b8\":{\"label\":\"Score %\",\"dataType\":\"number\",\"operationType\":\"formula\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"formula\":\"(sum(rule.result.score) / overall_sum(sum(rule.result.score)))\",\"isFormulaBroken\":false,\"format\":{\"id\":\"percent\",\"params\":{\"decimals\":0}}},\"references\":[\"4136d2b6-93b1-42bb-ad71-6a19e3cc12b8X3\"],\"customLabel\":true}},\"columnOrder\":[\"3af96ad3-0927-4d98-926f-ff4a49627148\",\"4136d2b6-93b1-42bb-ad71-6a19e3cc12b8\",\"4136d2b6-93b1-42bb-ad71-6a19e3cc12b8X0\",\"4136d2b6-93b1-42bb-ad71-6a19e3cc12b8X1\",\"4136d2b6-93b1-42bb-ad71-6a19e3cc12b8X2\",\"4136d2b6-93b1-42bb-ad71-6a19e3cc12b8X3\"],\"sampling\":1,\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{}}},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":4,\"w\":13,\"h\":4,\"i\":\"cec1fd74-b355-4dde-a4d0-a249bbe4f600\"},\"panelIndex\":\"cec1fd74-b355-4dde-a4d0-a249bbe4f600\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsMetric\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"ed7c1bb4-5aac-45d4-9aff-06f4d4ad4a9a\",\"name\":\"indexpattern-datasource-layer-6fff9691-3ddd-4388-8285-de60ad5d992f\"}],\"state\":{\"visualization\":{\"layerId\":\"6fff9691-3ddd-4388-8285-de60ad5d992f\",\"layerType\":\"data\",\"palette\":{\"name\":\"custom\",\"type\":\"palette\",\"params\":{\"steps\":3,\"name\":\"custom\",\"reverse\":false,\"rangeType\":\"percent\",\"rangeMin\":null,\"rangeMax\":null,\"progression\":\"fixed\",\"stops\":[{\"color\":\"#E7664C\",\"stop\":33.33},{\"color\":\"#DA8B45\",\"stop\":66.66},{\"color\":\"#6092C0\",\"stop\":100}],\"colorStops\":[{\"color\":\"#E7664C\",\"stop\":null},{\"color\":\"#DA8B45\",\"stop\":33.33},{\"color\":\"#6092C0\",\"stop\":66.66}],\"continuity\":\"all\",\"maxSteps\":5}},\"metricAccessor\":\"71671d69-d31c-4a61-9ee3-68bacec8d16f\",\"maxAccessor\":\"a2a4b1f7-a375-41c3-8b87-261df67e20c0\",\"showBar\":true,\"progressDirection\":\"horizontal\",\"subtitle\":\"Passed tests to all tests.\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"6fff9691-3ddd-4388-8285-de60ad5d992f\":{\"columns\":{\"71671d69-d31c-4a61-9ee3-68bacec8d16f\":{\"label\":\"Total Passes\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"filter\":{\"query\":\"rule.result: \\\"pass\\\"\",\"language\":\"kuery\"},\"params\":{\"emptyAsNull\":false},\"customLabel\":true},\"a2a4b1f7-a375-41c3-8b87-261df67e20c0\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true},\"filter\":{\"query\":\"rule.result: \\\"fail\\\" or rule.result: \\\"pass\\\"\",\"language\":\"kuery\"}}},\"columnOrder\":[\"71671d69-d31c-4a61-9ee3-68bacec8d16f\",\"a2a4b1f7-a375-41c3-8b87-261df67e20c0\"],\"sampling\":1,\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":true,\"enhancements\":{}},\"title\":\"\"},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":13,\"y\":4,\"w\":8,\"h\":10,\"i\":\"28e2a613-0d7f-4476-aed1-7175f2a18f28\"},\"panelIndex\":\"28e2a613-0d7f-4476-aed1-7175f2a18f28\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsPie\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"ed7c1bb4-5aac-45d4-9aff-06f4d4ad4a9a\",\"name\":\"indexpattern-datasource-layer-7ab9f589-0859-4a2d-a405-8041d7078f67\"}],\"state\":{\"visualization\":{\"shape\":\"donut\",\"layers\":[{\"layerId\":\"7ab9f589-0859-4a2d-a405-8041d7078f67\",\"primaryGroups\":[\"2e5e2a7f-5d61-4b93-b105-11d149d39607\"],\"secondaryGroups\":[],\"metrics\":[\"45feac65-b609-44f9-832f-b6d72365b5d8\"],\"numberDisplay\":\"percent\",\"categoryDisplay\":\"default\",\"legendDisplay\":\"default\",\"nestedLegend\":false,\"layerType\":\"data\",\"allowMultipleMetrics\":false}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"7ab9f589-0859-4a2d-a405-8041d7078f67\":{\"columns\":{\"2e5e2a7f-5d61-4b93-b105-11d149d39607\":{\"label\":\"OS Name\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.os.name\",\"isBucketed\":true,\"params\":{\"size\":10,\"orderBy\":{\"type\":\"column\",\"columnId\":\"45feac65-b609-44f9-832f-b6d72365b5d8\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false,\"secondaryFields\":[]},\"customLabel\":true},\"45feac65-b609-44f9-832f-b6d72365b5d8\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true}}},\"columnOrder\":[\"2e5e2a7f-5d61-4b93-b105-11d149d39607\",\"45feac65-b609-44f9-832f-b6d72365b5d8\"],\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Operating System\"},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":21,\"y\":4,\"w\":9,\"h\":10,\"i\":\"13f2d060-9d0e-4fba-9ab5-d2f3baeb0250\"},\"panelIndex\":\"13f2d060-9d0e-4fba-9ab5-d2f3baeb0250\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsPie\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"ed7c1bb4-5aac-45d4-9aff-06f4d4ad4a9a\",\"name\":\"indexpattern-datasource-layer-8d93f7aa-9914-492a-a515-42761f7602a6\"}],\"state\":{\"visualization\":{\"shape\":\"donut\",\"layers\":[{\"layerId\":\"8d93f7aa-9914-492a-a515-42761f7602a6\",\"primaryGroups\":[\"9fb8d8eb-a066-4a91-8fdc-2fb8a632698d\"],\"metrics\":[\"9185484c-03ef-4d02-8714-d3226d0fc7a2\"],\"numberDisplay\":\"percent\",\"categoryDisplay\":\"default\",\"legendDisplay\":\"default\",\"nestedLegend\":false,\"layerType\":\"data\",\"collapseFns\":{\"5d8b4201-d4ea-4da3-a2a8-a70c399b406e\":\"\"}}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"8d93f7aa-9914-492a-a515-42761f7602a6\":{\"columns\":{\"9185484c-03ef-4d02-8714-d3226d0fc7a2\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true}},\"9fb8d8eb-a066-4a91-8fdc-2fb8a632698d\":{\"label\":\"Top 3 values of host.os.kernel\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.os.kernel\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"9185484c-03ef-4d02-8714-d3226d0fc7a2\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false}}},\"columnOrder\":[\"9fb8d8eb-a066-4a91-8fdc-2fb8a632698d\",\"9185484c-03ef-4d02-8714-d3226d0fc7a2\"],\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Kernels\"},{\"version\":\"8.6.2\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":8,\"w\":13,\"h\":9,\"i\":\"d5a6b592-4fce-44a5-83c9-3e2a44a4aa0c\"},\"panelIndex\":\"d5a6b592-4fce-44a5-83c9-3e2a44a4aa0c\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Checks by Results and Severity\",\"panelRefName\":\"panel_d5a6b592-4fce-44a5-83c9-3e2a44a4aa0c\"},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":30,\"y\":8,\"w\":4,\"h\":23,\"i\":\"ca6d3287-d16e-4e2f-9216-6140f4f2b4c1\"},\"panelIndex\":\"ca6d3287-d16e-4e2f-9216-6140f4f2b4c1\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsGauge\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"ed7c1bb4-5aac-45d4-9aff-06f4d4ad4a9a\",\"name\":\"indexpattern-datasource-layer-771df181-6280-4ee3-b215-d26003efa966\"}],\"state\":{\"visualization\":{\"shape\":\"verticalBullet\",\"layerId\":\"771df181-6280-4ee3-b215-d26003efa966\",\"layerType\":\"data\",\"ticksPosition\":\"bands\",\"labelMajorMode\":\"auto\",\"metricAccessor\":\"33881eb3-ce77-4a4f-b41f-e74e4b17ff86\",\"maxAccessor\":\"e31a8da1-6c99-4e57-a6f6-510b5d44e88b\",\"palette\":{\"name\":\"custom\",\"type\":\"palette\",\"params\":{\"steps\":3,\"name\":\"custom\",\"reverse\":false,\"rangeType\":\"percent\",\"rangeMin\":null,\"rangeMax\":null,\"progression\":\"fixed\",\"stops\":[{\"color\":\"#AFB8C680\",\"stop\":33.33},{\"color\":\"#DA8B45\",\"stop\":66.66},{\"color\":\"#E7664C\",\"stop\":100}],\"colorStops\":[{\"color\":\"#AFB8C680\",\"stop\":null},{\"color\":\"#DA8B45\",\"stop\":33.33},{\"color\":\"#E7664C\",\"stop\":66.66}],\"continuity\":\"all\",\"maxSteps\":5}},\"colorMode\":\"palette\",\"minAccessor\":\"ccf28f2a-27d2-4cc2-a4c0-f9d06ea672dc\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"771df181-6280-4ee3-b215-d26003efa966\":{\"columns\":{\"33881eb3-ce77-4a4f-b41f-e74e4b17ff86\":{\"label\":\"Failure Score\",\"dataType\":\"number\",\"operationType\":\"sum\",\"sourceField\":\"rule.result.score\",\"isBucketed\":false,\"scale\":\"ratio\",\"filter\":{\"query\":\"rule.result: \\\"fail\\\"\",\"language\":\"kuery\"},\"params\":{\"emptyAsNull\":false},\"customLabel\":true},\"e31a8da1-6c99-4e57-a6f6-510b5d44e88b\":{\"label\":\"Sum of rule.weight\",\"dataType\":\"number\",\"operationType\":\"sum\",\"sourceField\":\"rule.weight\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"emptyAsNull\":true},\"filter\":{\"query\":\"rule.result : \\\"fail\\\" or rule.result : \\\"pass\\\"\",\"language\":\"kuery\"}},\"ccf28f2a-27d2-4cc2-a4c0-f9d06ea672dc\":{\"label\":\"Static value: 0\",\"dataType\":\"number\",\"operationType\":\"static_value\",\"isStaticValue\":true,\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"value\":\"0\"},\"references\":[]}},\"columnOrder\":[\"33881eb3-ce77-4a4f-b41f-e74e4b17ff86\",\"e31a8da1-6c99-4e57-a6f6-510b5d44e88b\",\"ccf28f2a-27d2-4cc2-a4c0-f9d06ea672dc\"],\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":true,\"enhancements\":{}}},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":13,\"y\":14,\"w\":17,\"h\":17,\"i\":\"634c2a2e-c6fa-414f-8479-1d797bbaa6be\"},\"panelIndex\":\"634c2a2e-c6fa-414f-8479-1d797bbaa6be\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Checks by Results and Severity\",\"panelRefName\":\"panel_634c2a2e-c6fa-414f-8479-1d797bbaa6be\"},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":17,\"w\":13,\"h\":14,\"i\":\"3d731c15-8a40-45e3-bb29-f6aed782e586\"},\"panelIndex\":\"3d731c15-8a40-45e3-bb29-f6aed782e586\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"ed7c1bb4-5aac-45d4-9aff-06f4d4ad4a9a\",\"name\":\"indexpattern-datasource-layer-cbc12900-bf4a-46dd-b2a6-bd0477c82967\"}],\"state\":{\"visualization\":{\"columns\":[{\"isTransposed\":false,\"columnId\":\"30c31964-540e-4717-bd75-e40ea661192e\",\"oneClickFilter\":true},{\"isTransposed\":false,\"columnId\":\"ff66c536-1d5f-4bb4-8890-ec64e448627a\",\"alignment\":\"center\",\"colorMode\":\"cell\",\"palette\":{\"type\":\"palette\",\"name\":\"temperature\",\"params\":{\"stops\":[{\"color\":\"#6092c0\",\"stop\":0},{\"color\":\"#a8bfda\",\"stop\":20},{\"color\":\"#ebeff5\",\"stop\":40},{\"color\":\"#ecb385\",\"stop\":60},{\"color\":\"#e7664c\",\"stop\":80}],\"name\":\"temperature\",\"continuity\":\"above\",\"reverse\":false,\"rangeMin\":0,\"rangeMax\":null}}},{\"columnId\":\"eca93477-2464-4ff3-bc2a-63468a90b200\",\"isTransposed\":false,\"alignment\":\"center\",\"oneClickFilter\":true},{\"columnId\":\"8bdbac72-279d-4c9a-a1b8-0bd49791e78d\",\"isTransposed\":false,\"oneClickFilter\":true,\"alignment\":\"center\"}],\"layerId\":\"cbc12900-bf4a-46dd-b2a6-bd0477c82967\",\"layerType\":\"data\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"cbc12900-bf4a-46dd-b2a6-bd0477c82967\":{\"columns\":{\"30c31964-540e-4717-bd75-e40ea661192e\":{\"label\":\"Hostname\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.hostname\",\"isBucketed\":true,\"params\":{\"size\":100,\"orderBy\":{\"type\":\"custom\"},\"orderAgg\":{\"label\":\"Sum of rule.result.score\",\"dataType\":\"number\",\"operationType\":\"sum\",\"sourceField\":\"rule.result.score\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"emptyAsNull\":true}},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"ff66c536-1d5f-4bb4-8890-ec64e448627a\":{\"label\":\"Overall Score\",\"dataType\":\"number\",\"operationType\":\"sum\",\"sourceField\":\"rule.result.score\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"emptyAsNull\":true},\"customLabel\":true},\"eca93477-2464-4ff3-bc2a-63468a90b200\":{\"label\":\"IP Address\",\"dataType\":\"ip\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.ip\",\"isBucketed\":true,\"params\":{\"size\":1,\"orderBy\":{\"type\":\"alphabetical\",\"fallback\":false},\"orderDirection\":\"asc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"8bdbac72-279d-4c9a-a1b8-0bd49791e78d\":{\"label\":\"Domain\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.domain\",\"isBucketed\":true,\"params\":{\"size\":1,\"orderBy\":{\"type\":\"alphabetical\",\"fallback\":false},\"orderDirection\":\"asc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true}},\"columnOrder\":[\"30c31964-540e-4717-bd75-e40ea661192e\",\"eca93477-2464-4ff3-bc2a-63468a90b200\",\"8bdbac72-279d-4c9a-a1b8-0bd49791e78d\",\"ff66c536-1d5f-4bb4-8890-ec64e448627a\"],\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Top 100 Vulnerable Hosts\"},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":34,\"y\":20,\"w\":14,\"h\":11,\"i\":\"5bf2f4f8-4744-4f94-b99d-69b88ff226d1\"},\"panelIndex\":\"5bf2f4f8-4744-4f94-b99d-69b88ff226d1\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"df491fbb-3f09-4ab0-995a-c2c549a9bc21\",\"name\":\"indexpattern-datasource-layer-0e956b5d-4b99-4efc-98a3-8b5ad23c4cab\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"preferredSeriesType\":\"area_stacked\",\"layers\":[{\"layerId\":\"0e956b5d-4b99-4efc-98a3-8b5ad23c4cab\",\"accessors\":[\"b876dcfc-0fd2-4fcb-9602-65c9ea2c85fe\"],\"position\":\"top\",\"seriesType\":\"area_stacked\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"cb589ffa-895e-453a-ad68-df02d014d992\"}]},\"query\":{\"query\":\"event.code: 8107\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"0e956b5d-4b99-4efc-98a3-8b5ad23c4cab\":{\"columns\":{\"cb589ffa-895e-453a-ad68-df02d014d992\":{\"label\":\"event.created\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"event.created\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"h\",\"includeEmptyRows\":true,\"dropPartials\":false,\"ignoreTimeRange\":true}},\"b876dcfc-0fd2-4fcb-9602-65c9ea2c85fe\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true}}},\"columnOrder\":[\"cb589ffa-895e-453a-ad68-df02d014d992\",\"b876dcfc-0fd2-4fcb-9602-65c9ea2c85fe\"],\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Benchmark Scan Rates\"},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":31,\"w\":11,\"h\":19,\"i\":\"100e003c-689d-4ccb-a36e-3a61c8aa1f37\"},\"panelIndex\":\"100e003c-689d-4ccb-a36e-3a61c8aa1f37\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"ed7c1bb4-5aac-45d4-9aff-06f4d4ad4a9a\",\"name\":\"indexpattern-datasource-layer-531949cb-8d36-4358-b503-c470db2357b8\"},{\"type\":\"index-pattern\",\"name\":\"e138c594-47e4-4f7e-a73e-d8179180ad04\",\"id\":\"ed7c1bb4-5aac-45d4-9aff-06f4d4ad4a9a\"}],\"state\":{\"visualization\":{\"layerId\":\"531949cb-8d36-4358-b503-c470db2357b8\",\"layerType\":\"data\",\"columns\":[{\"isTransposed\":false,\"columnId\":\"694097f4-e845-4f15-a42b-3fd4b5731141\"},{\"isTransposed\":false,\"columnId\":\"24eae38e-8e7e-40fd-aa3a-19cd55219b6c\"},{\"isTransposed\":false,\"columnId\":\"e2c1831b-bcc2-49b1-b286-a80e84bfebe1\"},{\"columnId\":\"20ad1142-7e78-47f7-8889-6069ad3f7a46\",\"isTransposed\":false,\"alignment\":\"center\"},{\"columnId\":\"2a90ac34-3274-49b2-bac3-2dac93b5e0a6\",\"isTransposed\":false,\"alignment\":\"center\"}],\"paging\":{\"enabled\":true,\"size\":30}},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[{\"meta\":{\"index\":\"e138c594-47e4-4f7e-a73e-d8179180ad04\",\"negate\":true,\"type\":\"phrase\",\"key\":\"STIG_ID\",\"params\":{\"query\":\"\"},\"disabled\":false,\"alias\":null},\"query\":{\"match_phrase\":{\"STIG_ID\":\"\"}},\"$state\":{\"store\":\"appState\"}}],\"datasourceStates\":{\"formBased\":{\"layers\":{\"531949cb-8d36-4358-b503-c470db2357b8\":{\"columns\":{\"694097f4-e845-4f15-a42b-3fd4b5731141\":{\"label\":\"Vuln ID\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"VULN_ID\",\"isBucketed\":true,\"params\":{\"size\":300,\"orderBy\":{\"type\":\"column\",\"columnId\":\"e2c1831b-bcc2-49b1-b286-a80e84bfebe1\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"24eae38e-8e7e-40fd-aa3a-19cd55219b6c\":{\"label\":\"Oval ID\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"rule.oval.id\",\"isBucketed\":true,\"params\":{\"size\":1,\"orderBy\":{\"type\":\"column\",\"columnId\":\"e2c1831b-bcc2-49b1-b286-a80e84bfebe1\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"e2c1831b-bcc2-49b1-b286-a80e84bfebe1\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true}},\"20ad1142-7e78-47f7-8889-6069ad3f7a46\":{\"label\":\"Result\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"rule.result\",\"isBucketed\":true,\"params\":{\"size\":1,\"orderBy\":{\"type\":\"column\",\"columnId\":\"e2c1831b-bcc2-49b1-b286-a80e84bfebe1\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"2a90ac34-3274-49b2-bac3-2dac93b5e0a6\":{\"label\":\"Weight\",\"dataType\":\"number\",\"operationType\":\"range\",\"sourceField\":\"rule.weight\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"includeEmptyRows\":true,\"type\":\"histogram\",\"ranges\":[{\"from\":0,\"to\":1000,\"label\":\"\"}],\"maxBars\":\"auto\"},\"customLabel\":true}},\"columnOrder\":[\"694097f4-e845-4f15-a42b-3fd4b5731141\",\"24eae38e-8e7e-40fd-aa3a-19cd55219b6c\",\"2a90ac34-3274-49b2-bac3-2dac93b5e0a6\",\"20ad1142-7e78-47f7-8889-6069ad3f7a46\",\"e2c1831b-bcc2-49b1-b286-a80e84bfebe1\"],\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Rule Results\"},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":11,\"y\":31,\"w\":37,\"h\":19,\"i\":\"0259e2ee-6cce-430e-8e87-d57537a418f0\"},\"panelIndex\":\"0259e2ee-6cce-430e-8e87-d57537a418f0\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsPie\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"ed7c1bb4-5aac-45d4-9aff-06f4d4ad4a9a\",\"name\":\"indexpattern-datasource-layer-159bfab9-7c23-4970-a3b5-5fbfe799e5f4\"}],\"state\":{\"visualization\":{\"shape\":\"treemap\",\"palette\":{\"type\":\"palette\",\"name\":\"temperature\"},\"layers\":[{\"layerId\":\"159bfab9-7c23-4970-a3b5-5fbfe799e5f4\",\"primaryGroups\":[\"55733772-e80d-4270-b1ec-3cb02c639a4a\"],\"secondaryGroups\":[],\"metrics\":[\"3f83400f-c042-46f1-acaa-22fc25d8fdbd\"],\"numberDisplay\":\"percent\",\"categoryDisplay\":\"default\",\"legendDisplay\":\"default\",\"nestedLegend\":false,\"layerType\":\"data\",\"collapseFns\":{\"55733772-e80d-4270-b1ec-3cb02c639a4a\":\"\"}}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"159bfab9-7c23-4970-a3b5-5fbfe799e5f4\":{\"columns\":{\"55733772-e80d-4270-b1ec-3cb02c639a4a\":{\"label\":\"Top 1000 values of rule.oval.id\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"rule.oval.id\",\"isBucketed\":true,\"params\":{\"size\":1000,\"orderBy\":{\"type\":\"column\",\"columnId\":\"3f83400f-c042-46f1-acaa-22fc25d8fdbd\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false}},\"3f83400f-c042-46f1-acaa-22fc25d8fdbd\":{\"label\":\"Sum of rule.result.score\",\"dataType\":\"number\",\"operationType\":\"sum\",\"sourceField\":\"rule.result.score\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"emptyAsNull\":true}}},\"columnOrder\":[\"55733772-e80d-4270-b1ec-3cb02c639a4a\",\"3f83400f-c042-46f1-acaa-22fc25d8fdbd\"],\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Rule Result Map\"}]",
+        "refreshInterval": {
+            "pause": true,
+            "value": 0
+        },
+        "timeFrom": "now-7d/d",
+        "timeRestore": true,
+        "timeTo": "now",
+        "title": "[TYCHON] STIG Report Dashboard",
+        "version": 1
+    },
+    "coreMigrationVersion": "8.6.2",
+    "created_at": "2023-06-22T20:16:52.285Z",
+    "id": "tychon-078edb40-d137-11e9-a2af-693b633cf871-stig",
+    "migrationVersion": {
+        "dashboard": "8.6.0"
+    },
+    "references": [
+        {
+            "id": "ed7c1bb4-5aac-45d4-9aff-06f4d4ad4a9a",
+            "name": "c9a6aaf7-7ebd-43d6-ae37-eb8664d5c0c5:indexpattern-datasource-layer-6fff9691-3ddd-4388-8285-de60ad5d992f",
+            "type": "index-pattern"
+        },
+        {
+            "id": "e6c0e460-c3da-11eb-8956-0b1a70e695fd",
+            "name": "43863395-18af-4a6d-b628-90743756adce:panel_43863395-18af-4a6d-b628-90743756adce",
+            "type": "visualization"
+        },
+        {
+            "id": "d954bdb0-3298-11ec-b058-cf4fefc29658",
+            "name": "aa2bd77f-4729-41c8-aa01-ddd9dc160b33:panel_aa2bd77f-4729-41c8-aa01-ddd9dc160b33",
+            "type": "visualization"
+        },
+        {
+            "id": "ed7c1bb4-5aac-45d4-9aff-06f4d4ad4a9a",
+            "name": "149977b6-c38d-4715-974d-641c1fc8e57b:indexpattern-datasource-layer-5e88cf37-b3d3-4794-acb6-5e30cdcfd93e",
+            "type": "index-pattern"
+        },
+        {
+            "id": "ed7c1bb4-5aac-45d4-9aff-06f4d4ad4a9a",
+            "name": "cec1fd74-b355-4dde-a4d0-a249bbe4f600:indexpattern-datasource-layer-6fff9691-3ddd-4388-8285-de60ad5d992f",
+            "type": "index-pattern"
+        },
+        {
+            "id": "ed7c1bb4-5aac-45d4-9aff-06f4d4ad4a9a",
+            "name": "28e2a613-0d7f-4476-aed1-7175f2a18f28:indexpattern-datasource-layer-7ab9f589-0859-4a2d-a405-8041d7078f67",
+            "type": "index-pattern"
+        },
+        {
+            "id": "ed7c1bb4-5aac-45d4-9aff-06f4d4ad4a9a",
+            "name": "13f2d060-9d0e-4fba-9ab5-d2f3baeb0250:indexpattern-datasource-layer-8d93f7aa-9914-492a-a515-42761f7602a6",
+            "type": "index-pattern"
+        },
+        {
+            "id": "837878a0-c3cb-11eb-8956-0b1a70e695fd",
+            "name": "d5a6b592-4fce-44a5-83c9-3e2a44a4aa0c:panel_d5a6b592-4fce-44a5-83c9-3e2a44a4aa0c",
+            "type": "visualization"
+        },
+        {
+            "id": "ed7c1bb4-5aac-45d4-9aff-06f4d4ad4a9a",
+            "name": "ca6d3287-d16e-4e2f-9216-6140f4f2b4c1:indexpattern-datasource-layer-771df181-6280-4ee3-b215-d26003efa966",
+            "type": "index-pattern"
+        },
+        {
+            "id": "1d1b99c0-c3e4-11eb-8956-0b1a70e695fd",
+            "name": "634c2a2e-c6fa-414f-8479-1d797bbaa6be:panel_634c2a2e-c6fa-414f-8479-1d797bbaa6be",
+            "type": "lens"
+        },
+        {
+            "id": "ed7c1bb4-5aac-45d4-9aff-06f4d4ad4a9a",
+            "name": "3d731c15-8a40-45e3-bb29-f6aed782e586:indexpattern-datasource-layer-cbc12900-bf4a-46dd-b2a6-bd0477c82967",
+            "type": "index-pattern"
+        },
+        {
+            "id": "df491fbb-3f09-4ab0-995a-c2c549a9bc21",
+            "name": "5bf2f4f8-4744-4f94-b99d-69b88ff226d1:indexpattern-datasource-layer-0e956b5d-4b99-4efc-98a3-8b5ad23c4cab",
+            "type": "index-pattern"
+        },
+        {
+            "id": "ed7c1bb4-5aac-45d4-9aff-06f4d4ad4a9a",
+            "name": "100e003c-689d-4ccb-a36e-3a61c8aa1f37:indexpattern-datasource-layer-531949cb-8d36-4358-b503-c470db2357b8",
+            "type": "index-pattern"
+        },
+        {
+            "id": "ed7c1bb4-5aac-45d4-9aff-06f4d4ad4a9a",
+            "name": "100e003c-689d-4ccb-a36e-3a61c8aa1f37:e138c594-47e4-4f7e-a73e-d8179180ad04",
+            "type": "index-pattern"
+        },
+        {
+            "id": "ed7c1bb4-5aac-45d4-9aff-06f4d4ad4a9a",
+            "name": "0259e2ee-6cce-430e-8e87-d57537a418f0:indexpattern-datasource-layer-159bfab9-7c23-4970-a3b5-5fbfe799e5f4",
+            "type": "index-pattern"
+        },
+        {
+            "id": "39b55820-10f2-11ee-af86-538da1394f27",
+            "name": "tag-ref-39b55820-10f2-11ee-af86-538da1394f27",
+            "type": "tag"
+        },
+        {
+            "id": "579051b0-10f2-11ee-af86-538da1394f27",
+            "name": "tag-ref-579051b0-10f2-11ee-af86-538da1394f27",
+            "type": "tag"
+        },
+        {
+            "id": "10af3800-10f3-11ee-af86-538da1394f27",
+            "name": "tag-ref-10af3800-10f3-11ee-af86-538da1394f27",
+            "type": "tag"
+        }
+    ],
+    "type": "dashboard",
+    "updated_at": "2023-06-22T20:16:52.285Z",
+    "version": "WzI4OTYzOCwxM10="
+}
\ No newline at end of file
diff --git a/packages/tychon/kibana/dashboard/tychon-267716e0-e9d8-11ed-9d4a-9513ae375d2b-epp.json b/packages/tychon/kibana/dashboard/tychon-267716e0-e9d8-11ed-9d4a-9513ae375d2b-epp.json
new file mode 100644
index 00000000000..d1d00455ff2
--- /dev/null
+++ b/packages/tychon/kibana/dashboard/tychon-267716e0-e9d8-11ed-9d4a-9513ae375d2b-epp.json
@@ -0,0 +1,114 @@
+{
+    "attributes": {
+        "description": "Records the status of Windows Defender Features and Versions ",
+        "kibanaSavedObjectMeta": {
+            "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"
+        },
+        "optionsJSON": "{\"useMargins\":true,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}",
+        "panelsJSON": "[{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":0,\"w\":4,\"h\":7,\"i\":\"f9a975c1-d99b-436b-9173-c616f0059426\"},\"panelIndex\":\"f9a975c1-d99b-436b-9173-c616f0059426\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsLegacyMetric\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"bb5226cd-c099-46d2-bb71-0257232c7d82\",\"name\":\"indexpattern-datasource-layer-69f12a8d-98b2-49f6-bbf5-4182bffc0572\"}],\"state\":{\"visualization\":{\"layerId\":\"69f12a8d-98b2-49f6-bbf5-4182bffc0572\",\"accessor\":\"8e04d29a-e144-4e68-a816-7e820fabc9b4\",\"layerType\":\"data\",\"colorMode\":\"None\",\"size\":\"l\",\"textAlign\":\"center\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"69f12a8d-98b2-49f6-bbf5-4182bffc0572\":{\"columns\":{\"8e04d29a-e144-4e68-a816-7e820fabc9b4\":{\"label\":\"Total Endpoints Tracked\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"host.hostname\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":true},\"customLabel\":true}},\"columnOrder\":[\"8e04d29a-e144-4e68-a816-7e820fabc9b4\"],\"sampling\":1,\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":true,\"enhancements\":{}}},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":4,\"y\":0,\"w\":5,\"h\":7,\"i\":\"dca19098-8eb9-440e-abf0-19ef55cee62c\"},\"panelIndex\":\"dca19098-8eb9-440e-abf0-19ef55cee62c\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsMetric\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"6c3bf5e0-0feb-4113-a417-ac5e69cd6e00\",\"name\":\"indexpattern-datasource-layer-3bf4a05d-75bb-449c-8fd1-34014d8a71e2\"}],\"state\":{\"visualization\":{\"layerId\":\"3bf4a05d-75bb-449c-8fd1-34014d8a71e2\",\"layerType\":\"data\",\"palette\":{\"type\":\"palette\",\"name\":\"status\",\"params\":{\"name\":\"status\",\"reverse\":false,\"rangeType\":\"number\",\"rangeMin\":null,\"rangeMax\":null,\"progression\":\"fixed\",\"stops\":[{\"color\":\"#209280\",\"stop\":1.33},{\"color\":\"#d6bf57\",\"stop\":2.66},{\"color\":\"#cc5642\",\"stop\":4}],\"steps\":3,\"colorStops\":[],\"continuity\":\"all\",\"maxSteps\":5}},\"metricAccessor\":\"82ce687c-6166-4fe3-bad6-69ddbc84ec76\",\"showBar\":true,\"maxAccessor\":\"7713b385-a222-4c2f-a03b-6c8d04045c8a\",\"progressDirection\":\"horizontal\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"3bf4a05d-75bb-449c-8fd1-34014d8a71e2\":{\"columns\":{\"82ce687c-6166-4fe3-bad6-69ddbc84ec76\":{\"label\":\"Systems with a Feature Disabled\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"host.hostname\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":true},\"customLabel\":true,\"filter\":{\"query\":\"windows_defender.service.antimalware.status : \\\"Disabled\\\" or windows_defender.service.antispyware.status :\\\"Disabled\\\" or windows_defender.service.antivirus.status : \\\"Disabled\\\" or windows_defender.service.behavior_monitor.status : \\\"Disabled\\\"  or windows_defender.service.ioav_protection.status : \\\"Disabled\\\" or windows_defender.service.nis.status : \\\"Disabled\\\"  or windows_defender.service.on_access_protection.status : \\\"Disabled\\\"  or windows_defender.service.real_time_protection.status : \\\"Disabled\\\" \",\"language\":\"kuery\"}},\"7713b385-a222-4c2f-a03b-6c8d04045c8a\":{\"label\":\"Unique count of agent.id\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"agent.id\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":true}}},\"columnOrder\":[\"82ce687c-6166-4fe3-bad6-69ddbc84ec76\",\"7713b385-a222-4c2f-a03b-6c8d04045c8a\"],\"sampling\":1,\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{}}},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":9,\"y\":0,\"w\":5,\"h\":7,\"i\":\"5fa1a00d-8e9c-441f-be66-9b5c01663fd7\"},\"panelIndex\":\"5fa1a00d-8e9c-441f-be66-9b5c01663fd7\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsMetric\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"6c3bf5e0-0feb-4113-a417-ac5e69cd6e00\",\"name\":\"indexpattern-datasource-layer-3bf4a05d-75bb-449c-8fd1-34014d8a71e2\"}],\"state\":{\"visualization\":{\"layerId\":\"3bf4a05d-75bb-449c-8fd1-34014d8a71e2\",\"layerType\":\"data\",\"palette\":{\"type\":\"palette\",\"name\":\"status\",\"params\":{\"name\":\"status\",\"reverse\":false,\"rangeType\":\"number\",\"rangeMin\":null,\"rangeMax\":null,\"progression\":\"fixed\",\"stops\":[{\"color\":\"#209280\",\"stop\":1.33},{\"color\":\"#d6bf57\",\"stop\":2.66},{\"color\":\"#cc5642\",\"stop\":4}],\"steps\":3,\"colorStops\":[],\"continuity\":\"all\",\"maxSteps\":5}},\"metricAccessor\":\"82ce687c-6166-4fe3-bad6-69ddbc84ec76\",\"showBar\":true,\"maxAccessor\":\"7713b385-a222-4c2f-a03b-6c8d04045c8a\",\"progressDirection\":\"horizontal\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"3bf4a05d-75bb-449c-8fd1-34014d8a71e2\":{\"columns\":{\"82ce687c-6166-4fe3-bad6-69ddbc84ec76\":{\"label\":\"Systems with Anti-Malware Disabled\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"host.hostname\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":false},\"customLabel\":true,\"filter\":{\"query\":\"windows_defender.service.antimalware.status : \\\"Disabled\\\"\",\"language\":\"kuery\"}},\"7713b385-a222-4c2f-a03b-6c8d04045c8a\":{\"label\":\"Unique count of agent.id\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"agent.id\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":true}}},\"columnOrder\":[\"82ce687c-6166-4fe3-bad6-69ddbc84ec76\",\"7713b385-a222-4c2f-a03b-6c8d04045c8a\"],\"sampling\":1,\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{}},\"title\":\"\"},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":14,\"y\":0,\"w\":5,\"h\":7,\"i\":\"4383ee4c-ec16-48c2-bb13-8f896a9519d4\"},\"panelIndex\":\"4383ee4c-ec16-48c2-bb13-8f896a9519d4\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsMetric\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"6c3bf5e0-0feb-4113-a417-ac5e69cd6e00\",\"name\":\"indexpattern-datasource-layer-3bf4a05d-75bb-449c-8fd1-34014d8a71e2\"}],\"state\":{\"visualization\":{\"layerId\":\"3bf4a05d-75bb-449c-8fd1-34014d8a71e2\",\"layerType\":\"data\",\"palette\":{\"type\":\"palette\",\"name\":\"status\",\"params\":{\"name\":\"status\",\"reverse\":false,\"rangeType\":\"number\",\"rangeMin\":null,\"rangeMax\":null,\"progression\":\"fixed\",\"stops\":[{\"color\":\"#209280\",\"stop\":1.33},{\"color\":\"#d6bf57\",\"stop\":2.66},{\"color\":\"#cc5642\",\"stop\":4}],\"steps\":3,\"colorStops\":[],\"continuity\":\"all\",\"maxSteps\":5}},\"metricAccessor\":\"82ce687c-6166-4fe3-bad6-69ddbc84ec76\",\"showBar\":true,\"maxAccessor\":\"7713b385-a222-4c2f-a03b-6c8d04045c8a\",\"progressDirection\":\"horizontal\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"3bf4a05d-75bb-449c-8fd1-34014d8a71e2\":{\"columns\":{\"82ce687c-6166-4fe3-bad6-69ddbc84ec76\":{\"label\":\"Systems with Anti-Spyware Disabled\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"host.hostname\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":false},\"customLabel\":true,\"filter\":{\"query\":\"windows_defender.service.antispyware.status :\\\"Disabled\\\"\",\"language\":\"kuery\"}},\"7713b385-a222-4c2f-a03b-6c8d04045c8a\":{\"label\":\"Unique count of agent.id\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"agent.id\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":true}}},\"columnOrder\":[\"82ce687c-6166-4fe3-bad6-69ddbc84ec76\",\"7713b385-a222-4c2f-a03b-6c8d04045c8a\"],\"sampling\":1,\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{}},\"title\":\"\"},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":19,\"y\":0,\"w\":5,\"h\":7,\"i\":\"4d4e6682-9758-4359-a6f0-1ba6ca5e40f5\"},\"panelIndex\":\"4d4e6682-9758-4359-a6f0-1ba6ca5e40f5\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsMetric\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"6c3bf5e0-0feb-4113-a417-ac5e69cd6e00\",\"name\":\"indexpattern-datasource-layer-3bf4a05d-75bb-449c-8fd1-34014d8a71e2\"}],\"state\":{\"visualization\":{\"layerId\":\"3bf4a05d-75bb-449c-8fd1-34014d8a71e2\",\"layerType\":\"data\",\"palette\":{\"type\":\"palette\",\"name\":\"status\",\"params\":{\"name\":\"status\",\"reverse\":false,\"rangeType\":\"number\",\"rangeMin\":null,\"rangeMax\":null,\"progression\":\"fixed\",\"stops\":[{\"color\":\"#209280\",\"stop\":1.33},{\"color\":\"#d6bf57\",\"stop\":2.66},{\"color\":\"#cc5642\",\"stop\":4}],\"steps\":3,\"colorStops\":[],\"continuity\":\"all\",\"maxSteps\":5}},\"metricAccessor\":\"82ce687c-6166-4fe3-bad6-69ddbc84ec76\",\"showBar\":true,\"maxAccessor\":\"7713b385-a222-4c2f-a03b-6c8d04045c8a\",\"progressDirection\":\"horizontal\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"3bf4a05d-75bb-449c-8fd1-34014d8a71e2\":{\"columns\":{\"82ce687c-6166-4fe3-bad6-69ddbc84ec76\":{\"label\":\"Systems with Anti-Virus Disabled\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"host.hostname\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":false},\"customLabel\":true,\"filter\":{\"query\":\"windows_defender.service.antivirus.status : \\\"Disabled\\\"\",\"language\":\"kuery\"}},\"7713b385-a222-4c2f-a03b-6c8d04045c8a\":{\"label\":\"Unique count of agent.id\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"agent.id\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":true}}},\"columnOrder\":[\"82ce687c-6166-4fe3-bad6-69ddbc84ec76\",\"7713b385-a222-4c2f-a03b-6c8d04045c8a\"],\"sampling\":1,\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{}},\"title\":\"\"},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":0,\"w\":5,\"h\":7,\"i\":\"d3b08c18-3a64-4ea0-95f1-39ac4198013d\"},\"panelIndex\":\"d3b08c18-3a64-4ea0-95f1-39ac4198013d\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsMetric\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"6c3bf5e0-0feb-4113-a417-ac5e69cd6e00\",\"name\":\"indexpattern-datasource-layer-3bf4a05d-75bb-449c-8fd1-34014d8a71e2\"}],\"state\":{\"visualization\":{\"layerId\":\"3bf4a05d-75bb-449c-8fd1-34014d8a71e2\",\"layerType\":\"data\",\"palette\":{\"type\":\"palette\",\"name\":\"status\",\"params\":{\"name\":\"status\",\"reverse\":false,\"rangeType\":\"number\",\"rangeMin\":null,\"rangeMax\":null,\"progression\":\"fixed\",\"stops\":[{\"color\":\"#209280\",\"stop\":1.33},{\"color\":\"#d6bf57\",\"stop\":2.66},{\"color\":\"#cc5642\",\"stop\":4}],\"steps\":3,\"colorStops\":[],\"continuity\":\"all\",\"maxSteps\":5}},\"metricAccessor\":\"82ce687c-6166-4fe3-bad6-69ddbc84ec76\",\"showBar\":true,\"maxAccessor\":\"7713b385-a222-4c2f-a03b-6c8d04045c8a\",\"progressDirection\":\"horizontal\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"3bf4a05d-75bb-449c-8fd1-34014d8a71e2\":{\"columns\":{\"82ce687c-6166-4fe3-bad6-69ddbc84ec76\":{\"label\":\"Systems with Behavior Monitor Disabled\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"host.hostname\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":false},\"customLabel\":true,\"filter\":{\"query\":\"windows_defender.service.behavior_monitor.status : \\\"Disabled\\\"\",\"language\":\"kuery\"}},\"7713b385-a222-4c2f-a03b-6c8d04045c8a\":{\"label\":\"Unique count of agent.id\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"agent.id\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":true}}},\"columnOrder\":[\"82ce687c-6166-4fe3-bad6-69ddbc84ec76\",\"7713b385-a222-4c2f-a03b-6c8d04045c8a\"],\"sampling\":1,\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{}},\"title\":\"\"},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":29,\"y\":0,\"w\":5,\"h\":7,\"i\":\"0336a4e3-a647-415d-84b5-fef984ac4a3f\"},\"panelIndex\":\"0336a4e3-a647-415d-84b5-fef984ac4a3f\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsMetric\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"6c3bf5e0-0feb-4113-a417-ac5e69cd6e00\",\"name\":\"indexpattern-datasource-layer-3bf4a05d-75bb-449c-8fd1-34014d8a71e2\"}],\"state\":{\"visualization\":{\"layerId\":\"3bf4a05d-75bb-449c-8fd1-34014d8a71e2\",\"layerType\":\"data\",\"palette\":{\"type\":\"palette\",\"name\":\"status\",\"params\":{\"name\":\"status\",\"reverse\":false,\"rangeType\":\"number\",\"rangeMin\":null,\"rangeMax\":null,\"progression\":\"fixed\",\"stops\":[{\"color\":\"#209280\",\"stop\":1.33},{\"color\":\"#d6bf57\",\"stop\":2.66},{\"color\":\"#cc5642\",\"stop\":4}],\"steps\":3,\"colorStops\":[],\"continuity\":\"all\",\"maxSteps\":5}},\"metricAccessor\":\"82ce687c-6166-4fe3-bad6-69ddbc84ec76\",\"showBar\":true,\"maxAccessor\":\"7713b385-a222-4c2f-a03b-6c8d04045c8a\",\"progressDirection\":\"horizontal\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"3bf4a05d-75bb-449c-8fd1-34014d8a71e2\":{\"columns\":{\"82ce687c-6166-4fe3-bad6-69ddbc84ec76\":{\"label\":\"Systems with IOAV Disabled\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"host.hostname\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":false},\"customLabel\":true,\"filter\":{\"query\":\"windows_defender.service.ioav_protection.status : \\\"Disabled\\\"\",\"language\":\"kuery\"}},\"7713b385-a222-4c2f-a03b-6c8d04045c8a\":{\"label\":\"Unique count of agent.id\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"agent.id\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":true}}},\"columnOrder\":[\"82ce687c-6166-4fe3-bad6-69ddbc84ec76\",\"7713b385-a222-4c2f-a03b-6c8d04045c8a\"],\"sampling\":1,\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{}},\"title\":\"\"},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":34,\"y\":0,\"w\":5,\"h\":7,\"i\":\"6a29e48e-892b-4c8a-a3de-8884fd1d9820\"},\"panelIndex\":\"6a29e48e-892b-4c8a-a3de-8884fd1d9820\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsMetric\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"6c3bf5e0-0feb-4113-a417-ac5e69cd6e00\",\"name\":\"indexpattern-datasource-layer-3bf4a05d-75bb-449c-8fd1-34014d8a71e2\"}],\"state\":{\"visualization\":{\"layerId\":\"3bf4a05d-75bb-449c-8fd1-34014d8a71e2\",\"layerType\":\"data\",\"palette\":{\"type\":\"palette\",\"name\":\"status\",\"params\":{\"name\":\"status\",\"reverse\":false,\"rangeType\":\"number\",\"rangeMin\":null,\"rangeMax\":null,\"progression\":\"fixed\",\"stops\":[{\"color\":\"#209280\",\"stop\":1.33},{\"color\":\"#d6bf57\",\"stop\":2.66},{\"color\":\"#cc5642\",\"stop\":4}],\"steps\":3,\"colorStops\":[],\"continuity\":\"all\",\"maxSteps\":5}},\"metricAccessor\":\"82ce687c-6166-4fe3-bad6-69ddbc84ec76\",\"showBar\":true,\"maxAccessor\":\"7713b385-a222-4c2f-a03b-6c8d04045c8a\",\"progressDirection\":\"horizontal\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"3bf4a05d-75bb-449c-8fd1-34014d8a71e2\":{\"columns\":{\"82ce687c-6166-4fe3-bad6-69ddbc84ec76\":{\"label\":\"Systems with NIS Disabled\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"host.hostname\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":false},\"customLabel\":true,\"filter\":{\"query\":\"windows_defender.service.nis.status : \\\"Disabled\\\" \",\"language\":\"kuery\"}},\"7713b385-a222-4c2f-a03b-6c8d04045c8a\":{\"label\":\"Unique count of agent.id\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"agent.id\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":true}}},\"columnOrder\":[\"82ce687c-6166-4fe3-bad6-69ddbc84ec76\",\"7713b385-a222-4c2f-a03b-6c8d04045c8a\"],\"sampling\":1,\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{}},\"title\":\"\"},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":39,\"y\":0,\"w\":5,\"h\":7,\"i\":\"ac716d8e-e533-4072-aa74-65848d4e0925\"},\"panelIndex\":\"ac716d8e-e533-4072-aa74-65848d4e0925\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsMetric\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"6c3bf5e0-0feb-4113-a417-ac5e69cd6e00\",\"name\":\"indexpattern-datasource-layer-3bf4a05d-75bb-449c-8fd1-34014d8a71e2\"}],\"state\":{\"visualization\":{\"layerId\":\"3bf4a05d-75bb-449c-8fd1-34014d8a71e2\",\"layerType\":\"data\",\"palette\":{\"type\":\"palette\",\"name\":\"status\",\"params\":{\"name\":\"status\",\"reverse\":false,\"rangeType\":\"number\",\"rangeMin\":null,\"rangeMax\":null,\"progression\":\"fixed\",\"stops\":[{\"color\":\"#209280\",\"stop\":1.33},{\"color\":\"#d6bf57\",\"stop\":2.66},{\"color\":\"#cc5642\",\"stop\":4}],\"steps\":3,\"colorStops\":[],\"continuity\":\"all\",\"maxSteps\":5}},\"metricAccessor\":\"82ce687c-6166-4fe3-bad6-69ddbc84ec76\",\"showBar\":true,\"maxAccessor\":\"7713b385-a222-4c2f-a03b-6c8d04045c8a\",\"progressDirection\":\"horizontal\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"3bf4a05d-75bb-449c-8fd1-34014d8a71e2\":{\"columns\":{\"82ce687c-6166-4fe3-bad6-69ddbc84ec76\":{\"label\":\"Systems with RealTime Protection Disabled\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"host.hostname\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":false},\"customLabel\":true,\"filter\":{\"query\":\"windows_defender.service.real_time_protection.status : \\\"Disabled\\\" \",\"language\":\"kuery\"}},\"7713b385-a222-4c2f-a03b-6c8d04045c8a\":{\"label\":\"Unique count of agent.id\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"agent.id\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":true}}},\"columnOrder\":[\"82ce687c-6166-4fe3-bad6-69ddbc84ec76\",\"7713b385-a222-4c2f-a03b-6c8d04045c8a\"],\"sampling\":1,\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{}},\"title\":\"\"},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":44,\"y\":0,\"w\":4,\"h\":7,\"i\":\"33d492ba-c62f-405e-84a2-c0254e8e743c\"},\"panelIndex\":\"33d492ba-c62f-405e-84a2-c0254e8e743c\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsMetric\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"6c3bf5e0-0feb-4113-a417-ac5e69cd6e00\",\"name\":\"indexpattern-datasource-layer-3bf4a05d-75bb-449c-8fd1-34014d8a71e2\"}],\"state\":{\"visualization\":{\"layerId\":\"3bf4a05d-75bb-449c-8fd1-34014d8a71e2\",\"layerType\":\"data\",\"palette\":{\"type\":\"palette\",\"name\":\"status\",\"params\":{\"name\":\"status\",\"reverse\":false,\"rangeType\":\"number\",\"rangeMin\":null,\"rangeMax\":null,\"progression\":\"fixed\",\"stops\":[{\"color\":\"#209280\",\"stop\":1.33},{\"color\":\"#d6bf57\",\"stop\":2.66},{\"color\":\"#cc5642\",\"stop\":4}],\"steps\":3,\"colorStops\":[],\"continuity\":\"all\",\"maxSteps\":5}},\"metricAccessor\":\"82ce687c-6166-4fe3-bad6-69ddbc84ec76\",\"showBar\":true,\"maxAccessor\":\"7713b385-a222-4c2f-a03b-6c8d04045c8a\",\"progressDirection\":\"horizontal\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"3bf4a05d-75bb-449c-8fd1-34014d8a71e2\":{\"columns\":{\"82ce687c-6166-4fe3-bad6-69ddbc84ec76\":{\"label\":\"Systems with On-Access Protection Disabled\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"host.hostname\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":false},\"customLabel\":true,\"filter\":{\"query\":\"windows_defender.service.on_access_protection.status : \\\"Disabled\\\" \",\"language\":\"kuery\"}},\"7713b385-a222-4c2f-a03b-6c8d04045c8a\":{\"label\":\"Unique count of agent.id\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"agent.id\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":true}}},\"columnOrder\":[\"82ce687c-6166-4fe3-bad6-69ddbc84ec76\",\"7713b385-a222-4c2f-a03b-6c8d04045c8a\"],\"sampling\":1,\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{}},\"title\":\"\"},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":15,\"w\":24,\"h\":8,\"i\":\"3e9e34b5-9c30-4ef2-b616-bd55af84812a\"},\"panelIndex\":\"3e9e34b5-9c30-4ef2-b616-bd55af84812a\",\"embeddableConfig\":{\"attributes\":{\"title\":\"Active Antivirus Assets\",\"description\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"6c3bf5e0-0feb-4113-a417-ac5e69cd6e00\",\"name\":\"indexpattern-datasource-layer-5b735852-dd75-405e-9611-03fcd2e0a96b\"}],\"state\":{\"visualization\":{\"layerId\":\"5b735852-dd75-405e-9611-03fcd2e0a96b\",\"layerType\":\"data\",\"columns\":[{\"isTransposed\":false,\"columnId\":\"485de305-7200-4ba9-b5f5-8af3932725a2\"},{\"isTransposed\":false,\"columnId\":\"33ceb4d0-aaf7-44b2-b3d7-cfe2be3369d9\"},{\"isTransposed\":false,\"columnId\":\"5108c5e3-f394-4061-b4a1-81d642c5b986\"},{\"isTransposed\":false,\"columnId\":\"c75b9cff-9203-42a5-aaae-3a7dea61fe25\"},{\"isTransposed\":false,\"columnId\":\"2cb5be2b-d061-4e44-a346-d2613e2d8552\"},{\"isTransposed\":false,\"columnId\":\"1eeff7e9-617e-415e-8642-c5b0b4b2f439\",\"hidden\":true}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"5b735852-dd75-405e-9611-03fcd2e0a96b\":{\"columns\":{\"485de305-7200-4ba9-b5f5-8af3932725a2\":{\"label\":\"Host IP\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.ipv4\",\"isBucketed\":true,\"params\":{\"size\":1,\"orderBy\":{\"type\":\"column\",\"columnId\":\"1eeff7e9-617e-415e-8642-c5b0b4b2f439\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"33ceb4d0-aaf7-44b2-b3d7-cfe2be3369d9\":{\"label\":\"Hostname\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.hostname\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"1eeff7e9-617e-415e-8642-c5b0b4b2f439\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"5108c5e3-f394-4061-b4a1-81d642c5b986\":{\"label\":\"Quick Scan Version\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"windows_defender.service.antivirus.quick_scan.signature_version\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"1eeff7e9-617e-415e-8642-c5b0b4b2f439\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"c75b9cff-9203-42a5-aaae-3a7dea61fe25\":{\"label\":\"Status\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"windows_defender.service.antivirus.status\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"1eeff7e9-617e-415e-8642-c5b0b4b2f439\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"2cb5be2b-d061-4e44-a346-d2613e2d8552\":{\"label\":\"Full Scan Version\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"windows_defender.service.antivirus.full_scan.signature_version\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"1eeff7e9-617e-415e-8642-c5b0b4b2f439\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"1eeff7e9-617e-415e-8642-c5b0b4b2f439\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true}}},\"columnOrder\":[\"33ceb4d0-aaf7-44b2-b3d7-cfe2be3369d9\",\"485de305-7200-4ba9-b5f5-8af3932725a2\",\"5108c5e3-f394-4061-b4a1-81d642c5b986\",\"2cb5be2b-d061-4e44-a346-d2613e2d8552\",\"c75b9cff-9203-42a5-aaae-3a7dea61fe25\",\"1eeff7e9-617e-415e-8642-c5b0b4b2f439\"],\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{},\"hidePanelTitles\":false},\"title\":\"Defender Antivirus\"},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":15,\"w\":24,\"h\":8,\"i\":\"dad722ab-af91-4d03-a313-faab0d9533c5\"},\"panelIndex\":\"dad722ab-af91-4d03-a313-faab0d9533c5\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"6c3bf5e0-0feb-4113-a417-ac5e69cd6e00\",\"name\":\"indexpattern-datasource-layer-140a1766-6ea5-4c9c-9c7c-244b239a9d96\"}],\"state\":{\"visualization\":{\"columns\":[{\"isTransposed\":false,\"columnId\":\"ed88526d-22bc-4fe9-bf8c-8054dcf29513\"},{\"isTransposed\":false,\"columnId\":\"3f5af84a-9f76-40dd-aceb-14d89c193701\"},{\"isTransposed\":false,\"columnId\":\"6659fc9a-979e-4207-be9a-c9f73f507897\"},{\"isTransposed\":false,\"columnId\":\"50793a11-2d90-4843-81df-3c65675a9efd\"},{\"isTransposed\":false,\"columnId\":\"100d1fb2-4db6-4ad3-9769-3cefdb067fb8\"},{\"isTransposed\":false,\"columnId\":\"3ae33139-d059-4477-890a-06dc7abfb798\",\"hidden\":true}],\"layerId\":\"140a1766-6ea5-4c9c-9c7c-244b239a9d96\",\"layerType\":\"data\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"140a1766-6ea5-4c9c-9c7c-244b239a9d96\":{\"columns\":{\"ed88526d-22bc-4fe9-bf8c-8054dcf29513\":{\"label\":\"Host IP\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.ipv4\",\"isBucketed\":true,\"params\":{\"size\":1,\"orderBy\":{\"type\":\"column\",\"columnId\":\"3ae33139-d059-4477-890a-06dc7abfb798\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"3f5af84a-9f76-40dd-aceb-14d89c193701\":{\"label\":\"Hostname\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.hostname\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"3ae33139-d059-4477-890a-06dc7abfb798\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"6659fc9a-979e-4207-be9a-c9f73f507897\":{\"label\":\"Signature Version\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"windows_defender.service.nis.signature_version\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"3ae33139-d059-4477-890a-06dc7abfb798\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"50793a11-2d90-4843-81df-3c65675a9efd\":{\"label\":\"Engine Version\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"windows_defender.service.nis.engine_version\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"3ae33139-d059-4477-890a-06dc7abfb798\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"100d1fb2-4db6-4ad3-9769-3cefdb067fb8\":{\"label\":\"Status\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"windows_defender.service.nis.status\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"3ae33139-d059-4477-890a-06dc7abfb798\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"3ae33139-d059-4477-890a-06dc7abfb798\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true}}},\"columnOrder\":[\"3f5af84a-9f76-40dd-aceb-14d89c193701\",\"ed88526d-22bc-4fe9-bf8c-8054dcf29513\",\"6659fc9a-979e-4207-be9a-c9f73f507897\",\"50793a11-2d90-4843-81df-3c65675a9efd\",\"100d1fb2-4db6-4ad3-9769-3cefdb067fb8\",\"3ae33139-d059-4477-890a-06dc7abfb798\"],\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Defender NIS\"},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":23,\"w\":24,\"h\":8,\"i\":\"3e1efdc5-02e7-46ff-bb1d-4642aa1f1327\"},\"panelIndex\":\"3e1efdc5-02e7-46ff-bb1d-4642aa1f1327\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"6c3bf5e0-0feb-4113-a417-ac5e69cd6e00\",\"name\":\"indexpattern-datasource-layer-a4583603-ba5e-4eb5-ab11-7d8f7d5586ce\"}],\"state\":{\"visualization\":{\"columns\":[{\"isTransposed\":false,\"columnId\":\"99cf82fa-4ea2-4168-bbe7-cd84efd5b468\"},{\"isTransposed\":false,\"columnId\":\"2ee1d67a-e5d4-4256-9f47-94c77fa3ee8a\"},{\"isTransposed\":false,\"columnId\":\"cfbf81d7-8896-4df5-8b79-4ff131d5d4b4\"},{\"isTransposed\":false,\"columnId\":\"56035903-0bcc-4140-99e4-17c30c1bb440\"},{\"isTransposed\":false,\"columnId\":\"ac68d3d0-92e3-469d-b504-cd609a201cc5\"},{\"isTransposed\":false,\"columnId\":\"e15a4e68-fbf1-40b2-aa20-d993a9e4a214\",\"hidden\":true}],\"layerId\":\"a4583603-ba5e-4eb5-ab11-7d8f7d5586ce\",\"layerType\":\"data\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"a4583603-ba5e-4eb5-ab11-7d8f7d5586ce\":{\"columns\":{\"99cf82fa-4ea2-4168-bbe7-cd84efd5b468\":{\"label\":\"Host IP\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.ipv4\",\"isBucketed\":true,\"params\":{\"size\":1,\"orderBy\":{\"type\":\"column\",\"columnId\":\"e15a4e68-fbf1-40b2-aa20-d993a9e4a214\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"2ee1d67a-e5d4-4256-9f47-94c77fa3ee8a\":{\"label\":\"Hostname\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.hostname\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"e15a4e68-fbf1-40b2-aa20-d993a9e4a214\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"cfbf81d7-8896-4df5-8b79-4ff131d5d4b4\":{\"label\":\"Product Version\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"windows_defender.service.antimalware.product_version\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"e15a4e68-fbf1-40b2-aa20-d993a9e4a214\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"56035903-0bcc-4140-99e4-17c30c1bb440\":{\"label\":\"Engine Version\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"windows_defender.service.antimalware.engine_version\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"e15a4e68-fbf1-40b2-aa20-d993a9e4a214\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"ac68d3d0-92e3-469d-b504-cd609a201cc5\":{\"label\":\"Status\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"windows_defender.service.antimalware.status\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"e15a4e68-fbf1-40b2-aa20-d993a9e4a214\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"e15a4e68-fbf1-40b2-aa20-d993a9e4a214\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true}}},\"columnOrder\":[\"2ee1d67a-e5d4-4256-9f47-94c77fa3ee8a\",\"99cf82fa-4ea2-4168-bbe7-cd84efd5b468\",\"cfbf81d7-8896-4df5-8b79-4ff131d5d4b4\",\"56035903-0bcc-4140-99e4-17c30c1bb440\",\"ac68d3d0-92e3-469d-b504-cd609a201cc5\",\"e15a4e68-fbf1-40b2-aa20-d993a9e4a214\"],\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Defender Antimalware\"},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":23,\"w\":24,\"h\":8,\"i\":\"08341f8a-a71d-414d-8b73-d1648e343d3c\"},\"panelIndex\":\"08341f8a-a71d-414d-8b73-d1648e343d3c\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"6c3bf5e0-0feb-4113-a417-ac5e69cd6e00\",\"name\":\"indexpattern-datasource-layer-6d406795-8e1a-4015-909d-8a0125090f83\"}],\"state\":{\"visualization\":{\"layerId\":\"6d406795-8e1a-4015-909d-8a0125090f83\",\"layerType\":\"data\",\"columns\":[{\"isTransposed\":false,\"columnId\":\"0acc6180-132d-4fc3-b32e-0f3ed79b1712\"},{\"isTransposed\":false,\"columnId\":\"c7fb6c5e-23c3-4584-8325-a715a3e55c0c\"},{\"isTransposed\":false,\"columnId\":\"7d79ed89-257d-412b-b67f-5e7e323485ae\"},{\"isTransposed\":false,\"columnId\":\"dd0ce9a1-5dd8-4836-b4ef-ea94d6b2592b\"},{\"isTransposed\":false,\"columnId\":\"1291d4e7-6e58-44b4-b7bf-3bb2542c2a07\",\"hidden\":true}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"6d406795-8e1a-4015-909d-8a0125090f83\":{\"columns\":{\"0acc6180-132d-4fc3-b32e-0f3ed79b1712\":{\"label\":\"Version\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"windows_defender.service.antispyware.signature_version\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"1291d4e7-6e58-44b4-b7bf-3bb2542c2a07\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"c7fb6c5e-23c3-4584-8325-a715a3e55c0c\":{\"label\":\"Status\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"windows_defender.service.antispyware.status\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"1291d4e7-6e58-44b4-b7bf-3bb2542c2a07\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"7d79ed89-257d-412b-b67f-5e7e323485ae\":{\"label\":\"Host IP\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.ipv4\",\"isBucketed\":true,\"params\":{\"size\":1,\"orderBy\":{\"type\":\"column\",\"columnId\":\"1291d4e7-6e58-44b4-b7bf-3bb2542c2a07\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"dd0ce9a1-5dd8-4836-b4ef-ea94d6b2592b\":{\"label\":\"Hostname\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.hostname\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"1291d4e7-6e58-44b4-b7bf-3bb2542c2a07\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"1291d4e7-6e58-44b4-b7bf-3bb2542c2a07\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true}}},\"columnOrder\":[\"dd0ce9a1-5dd8-4836-b4ef-ea94d6b2592b\",\"7d79ed89-257d-412b-b67f-5e7e323485ae\",\"0acc6180-132d-4fc3-b32e-0f3ed79b1712\",\"c7fb6c5e-23c3-4584-8325-a715a3e55c0c\",\"1291d4e7-6e58-44b4-b7bf-3bb2542c2a07\"],\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Defender Antispyware\"},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":7,\"w\":48,\"h\":8,\"i\":\"8bbedd4e-bc5e-413d-81a1-b17dd5152428\"},\"panelIndex\":\"8bbedd4e-bc5e-413d-81a1-b17dd5152428\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"6c3bf5e0-0feb-4113-a417-ac5e69cd6e00\",\"name\":\"indexpattern-datasource-layer-c98d407f-b7b6-4f65-bb36-e67d26a3b8cb\"}],\"state\":{\"visualization\":{\"layerId\":\"c98d407f-b7b6-4f65-bb36-e67d26a3b8cb\",\"layerType\":\"data\",\"columns\":[{\"isTransposed\":false,\"columnId\":\"c474b5fc-316d-4b04-a857-0476433994f5\"},{\"isTransposed\":false,\"columnId\":\"7114dee1-3e04-4de2-9f99-63d55defb006\",\"oneClickFilter\":true},{\"isTransposed\":false,\"columnId\":\"0f57cac6-9654-421a-8d33-9ef83fbfbea3\"},{\"isTransposed\":false,\"columnId\":\"9b9d897c-2547-4e0a-bb29-196338b39f13\"},{\"isTransposed\":false,\"columnId\":\"a5a7cc94-56a0-4570-a209-35cd8ef7b3f5\"},{\"isTransposed\":false,\"columnId\":\"6c95c57e-4555-492f-8ad6-40dbd3bb8b12\",\"hidden\":true}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"c98d407f-b7b6-4f65-bb36-e67d26a3b8cb\":{\"columns\":{\"c474b5fc-316d-4b04-a857-0476433994f5\":{\"label\":\"Host IP\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.ipv4\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"6c95c57e-4555-492f-8ad6-40dbd3bb8b12\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"7114dee1-3e04-4de2-9f99-63d55defb006\":{\"label\":\"Hostname\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.hostname\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"6c95c57e-4555-492f-8ad6-40dbd3bb8b12\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"0f57cac6-9654-421a-8d33-9ef83fbfbea3\":{\"label\":\"On Access Protection\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"windows_defender.service.on_access_protection.status\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"6c95c57e-4555-492f-8ad6-40dbd3bb8b12\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"9b9d897c-2547-4e0a-bb29-196338b39f13\":{\"label\":\"Real Time Protection\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"windows_defender.service.real_time_protection.status\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"6c95c57e-4555-492f-8ad6-40dbd3bb8b12\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"a5a7cc94-56a0-4570-a209-35cd8ef7b3f5\":{\"label\":\"IOAV Protection\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"windows_defender.service.ioav_protection.status\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"6c95c57e-4555-492f-8ad6-40dbd3bb8b12\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"6c95c57e-4555-492f-8ad6-40dbd3bb8b12\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true}}},\"columnOrder\":[\"7114dee1-3e04-4de2-9f99-63d55defb006\",\"c474b5fc-316d-4b04-a857-0476433994f5\",\"0f57cac6-9654-421a-8d33-9ef83fbfbea3\",\"9b9d897c-2547-4e0a-bb29-196338b39f13\",\"a5a7cc94-56a0-4570-a209-35cd8ef7b3f5\",\"6c95c57e-4555-492f-8ad6-40dbd3bb8b12\"],\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Defender Protection\"}]",
+        "timeRestore": false,
+        "title": " [TYCHON] Windows Defender Status",
+        "version": 1
+    },
+    "coreMigrationVersion": "8.6.2",
+    "created_at": "2023-06-22T19:54:10.979Z",
+    "id": "tychon-267716e0-e9d8-11ed-9d4a-9513ae375d2b-epp",
+    "migrationVersion": {
+        "dashboard": "8.6.0"
+    },
+    "references": [
+        {
+            "id": "bb5226cd-c099-46d2-bb71-0257232c7d82",
+            "name": "f9a975c1-d99b-436b-9173-c616f0059426:indexpattern-datasource-layer-69f12a8d-98b2-49f6-bbf5-4182bffc0572",
+            "type": "index-pattern"
+        },
+        {
+            "id": "6c3bf5e0-0feb-4113-a417-ac5e69cd6e00",
+            "name": "dca19098-8eb9-440e-abf0-19ef55cee62c:indexpattern-datasource-layer-3bf4a05d-75bb-449c-8fd1-34014d8a71e2",
+            "type": "index-pattern"
+        },
+        {
+            "id": "6c3bf5e0-0feb-4113-a417-ac5e69cd6e00",
+            "name": "5fa1a00d-8e9c-441f-be66-9b5c01663fd7:indexpattern-datasource-layer-3bf4a05d-75bb-449c-8fd1-34014d8a71e2",
+            "type": "index-pattern"
+        },
+        {
+            "id": "6c3bf5e0-0feb-4113-a417-ac5e69cd6e00",
+            "name": "4383ee4c-ec16-48c2-bb13-8f896a9519d4:indexpattern-datasource-layer-3bf4a05d-75bb-449c-8fd1-34014d8a71e2",
+            "type": "index-pattern"
+        },
+        {
+            "id": "6c3bf5e0-0feb-4113-a417-ac5e69cd6e00",
+            "name": "4d4e6682-9758-4359-a6f0-1ba6ca5e40f5:indexpattern-datasource-layer-3bf4a05d-75bb-449c-8fd1-34014d8a71e2",
+            "type": "index-pattern"
+        },
+        {
+            "id": "6c3bf5e0-0feb-4113-a417-ac5e69cd6e00",
+            "name": "d3b08c18-3a64-4ea0-95f1-39ac4198013d:indexpattern-datasource-layer-3bf4a05d-75bb-449c-8fd1-34014d8a71e2",
+            "type": "index-pattern"
+        },
+        {
+            "id": "6c3bf5e0-0feb-4113-a417-ac5e69cd6e00",
+            "name": "0336a4e3-a647-415d-84b5-fef984ac4a3f:indexpattern-datasource-layer-3bf4a05d-75bb-449c-8fd1-34014d8a71e2",
+            "type": "index-pattern"
+        },
+        {
+            "id": "6c3bf5e0-0feb-4113-a417-ac5e69cd6e00",
+            "name": "6a29e48e-892b-4c8a-a3de-8884fd1d9820:indexpattern-datasource-layer-3bf4a05d-75bb-449c-8fd1-34014d8a71e2",
+            "type": "index-pattern"
+        },
+        {
+            "id": "6c3bf5e0-0feb-4113-a417-ac5e69cd6e00",
+            "name": "ac716d8e-e533-4072-aa74-65848d4e0925:indexpattern-datasource-layer-3bf4a05d-75bb-449c-8fd1-34014d8a71e2",
+            "type": "index-pattern"
+        },
+        {
+            "id": "6c3bf5e0-0feb-4113-a417-ac5e69cd6e00",
+            "name": "33d492ba-c62f-405e-84a2-c0254e8e743c:indexpattern-datasource-layer-3bf4a05d-75bb-449c-8fd1-34014d8a71e2",
+            "type": "index-pattern"
+        },
+        {
+            "id": "6c3bf5e0-0feb-4113-a417-ac5e69cd6e00",
+            "name": "3e9e34b5-9c30-4ef2-b616-bd55af84812a:indexpattern-datasource-layer-5b735852-dd75-405e-9611-03fcd2e0a96b",
+            "type": "index-pattern"
+        },
+        {
+            "id": "6c3bf5e0-0feb-4113-a417-ac5e69cd6e00",
+            "name": "dad722ab-af91-4d03-a313-faab0d9533c5:indexpattern-datasource-layer-140a1766-6ea5-4c9c-9c7c-244b239a9d96",
+            "type": "index-pattern"
+        },
+        {
+            "id": "6c3bf5e0-0feb-4113-a417-ac5e69cd6e00",
+            "name": "3e1efdc5-02e7-46ff-bb1d-4642aa1f1327:indexpattern-datasource-layer-a4583603-ba5e-4eb5-ab11-7d8f7d5586ce",
+            "type": "index-pattern"
+        },
+        {
+            "id": "6c3bf5e0-0feb-4113-a417-ac5e69cd6e00",
+            "name": "08341f8a-a71d-414d-8b73-d1648e343d3c:indexpattern-datasource-layer-6d406795-8e1a-4015-909d-8a0125090f83",
+            "type": "index-pattern"
+        },
+        {
+            "id": "6c3bf5e0-0feb-4113-a417-ac5e69cd6e00",
+            "name": "8bbedd4e-bc5e-413d-81a1-b17dd5152428:indexpattern-datasource-layer-c98d407f-b7b6-4f65-bb36-e67d26a3b8cb",
+            "type": "index-pattern"
+        },
+        {
+            "id": "10af3800-10f3-11ee-af86-538da1394f27",
+            "name": "tag-ref-10af3800-10f3-11ee-af86-538da1394f27",
+            "type": "tag"
+        },
+        {
+            "id": "39b55820-10f2-11ee-af86-538da1394f27",
+            "name": "tag-ref-39b55820-10f2-11ee-af86-538da1394f27",
+            "type": "tag"
+        },
+        {
+            "id": "bae88930-1133-11ee-af86-538da1394f27",
+            "name": "tag-ref-bae88930-1133-11ee-af86-538da1394f27",
+            "type": "tag"
+        }
+    ],
+    "type": "dashboard",
+    "updated_at": "2023-06-22T19:54:10.979Z",
+    "version": "WzI4NTk4NiwxM10="
+}
\ No newline at end of file
diff --git a/packages/tychon/kibana/dashboard/tychon-75c383c0-e508-11ed-8a95-ab70156d4b18-cve.json b/packages/tychon/kibana/dashboard/tychon-75c383c0-e508-11ed-8a95-ab70156d4b18-cve.json
new file mode 100644
index 00000000000..f17a22ff011
--- /dev/null
+++ b/packages/tychon/kibana/dashboard/tychon-75c383c0-e508-11ed-8a95-ab70156d4b18-cve.json
@@ -0,0 +1,171 @@
+{
+    "attributes": {
+        "controlGroupInput": {
+            "chainingSystem": "HIERARCHICAL",
+            "controlStyle": "oneLine",
+            "ignoreParentSettingsJSON": "{\"ignoreFilters\":false,\"ignoreQuery\":false,\"ignoreTimerange\":false,\"ignoreValidations\":false}",
+            "panelsJSON": "{\"a8ba17fc-ba2f-4329-95f5-e4d645c5ae59\":{\"order\":0,\"width\":\"small\",\"grow\":false,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"host.ip\",\"title\":\"Host IP:\",\"id\":\"a8ba17fc-ba2f-4329-95f5-e4d645c5ae59\",\"enhancements\":{}}},\"1b36863c-a2c8-4696-b534-12cebeca49d1\":{\"order\":2,\"width\":\"small\",\"grow\":false,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"vulnerability.id\",\"title\":\"CVE ID\",\"id\":\"1b36863c-a2c8-4696-b534-12cebeca49d1\",\"enhancements\":{}}},\"67760ce6-5bda-4c39-8960-45439ff4d45b\":{\"order\":3,\"width\":\"small\",\"grow\":false,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"vulnerability.iava\",\"title\":\"IAVA ID:\",\"id\":\"67760ce6-5bda-4c39-8960-45439ff4d45b\",\"enhancements\":{}}},\"9c746f36-33ae-4b53-bb32-7153abb17ba4\":{\"order\":1,\"width\":\"medium\",\"grow\":false,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"host.mac\",\"title\":\"MAC Address\",\"id\":\"9c746f36-33ae-4b53-bb32-7153abb17ba4\",\"enhancements\":{}}},\"db910041-b09f-4b02-b3fe-70c3db05ff62\":{\"order\":4,\"width\":\"medium\",\"grow\":false,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"host.os.name\",\"title\":\"Operating System\",\"id\":\"db910041-b09f-4b02-b3fe-70c3db05ff62\",\"enhancements\":{}}}}"
+        },
+        "description": "",
+        "kibanaSavedObjectMeta": {
+            "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"
+        },
+        "optionsJSON": "{\"hidePanelTitles\":false,\"useMargins\":true}",
+        "panelsJSON": "[{\"version\":\"8.6.2\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":8,\"h\":5,\"i\":\"679a4e0d-72d6-4080-b8db-fe8c3191e740\"},\"panelIndex\":\"679a4e0d-72d6-4080-b8db-fe8c3191e740\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"\",\"description\":\"\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":false},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":40}}},\"uiState\":{},\"data\":{\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"vulnerability.id\",\"emptyAsNull\":false},\"schema\":\"metric\"}],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}}},\"enhancements\":{}},\"title\":\"Monitored CVE Count\"},{\"version\":\"8.6.2\",\"type\":\"visualization\",\"gridData\":{\"x\":8,\"y\":0,\"w\":7,\"h\":5,\"i\":\"373d6d39-77cd-4ee7-9632-27ed5cfad192\"},\"panelIndex\":\"373d6d39-77cd-4ee7-9632-27ed5cfad192\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"\",\"description\":\"\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":false},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":40}}},\"uiState\":{},\"data\":{\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"host.id\",\"emptyAsNull\":false},\"schema\":\"metric\"}],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}}},\"enhancements\":{}},\"title\":\"Host Monitored\"},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":15,\"y\":0,\"w\":3,\"h\":13,\"i\":\"886b38ad-89f2-4800-ae61-61bcdb4e3b07\"},\"panelIndex\":\"886b38ad-89f2-4800-ae61-61bcdb4e3b07\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsGauge\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"78931842-dc88-45d7-a6ee-d79fb9f615bd\",\"name\":\"indexpattern-datasource-layer-4f65679f-7137-49e2-8a1e-96c834742340\"}],\"state\":{\"visualization\":{\"layerId\":\"4f65679f-7137-49e2-8a1e-96c834742340\",\"layerType\":\"data\",\"shape\":\"verticalBullet\",\"palette\":{\"type\":\"palette\",\"name\":\"status\",\"params\":{\"name\":\"status\",\"reverse\":false,\"rangeType\":\"percent\",\"rangeMin\":0,\"rangeMax\":null,\"progression\":\"fixed\",\"stops\":[{\"color\":\"#20928080\",\"stop\":0},{\"color\":\"#D6BF5780\",\"stop\":33.33},{\"color\":\"#CC564280\",\"stop\":66.66}],\"steps\":3,\"continuity\":\"above\",\"maxSteps\":5}},\"ticksPosition\":\"bands\",\"labelMajorMode\":\"auto\",\"metricAccessor\":\"914d14b4-3e36-461c-99db-fc8a7311808b\",\"maxAccessor\":\"e0974009-2843-4825-a7d4-bb854cbe1667\",\"colorMode\":\"palette\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"4f65679f-7137-49e2-8a1e-96c834742340\":{\"columns\":{\"914d14b4-3e36-461c-99db-fc8a7311808b\":{\"label\":\"Failed Score Rank\",\"dataType\":\"number\",\"operationType\":\"sum\",\"sourceField\":\"vulnerability.score.base\",\"isBucketed\":false,\"scale\":\"ratio\",\"filter\":{\"query\":\"vulnerability.result : \\\"fail\\\" \",\"language\":\"kuery\"},\"params\":{\"emptyAsNull\":true},\"customLabel\":true},\"e0974009-2843-4825-a7d4-bb854cbe1667\":{\"label\":\"Total Possible Score\",\"dataType\":\"number\",\"operationType\":\"sum\",\"sourceField\":\"vulnerability.score.base\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"emptyAsNull\":false},\"customLabel\":true}},\"columnOrder\":[\"914d14b4-3e36-461c-99db-fc8a7311808b\",\"e0974009-2843-4825-a7d4-bb854cbe1667\"],\"sampling\":1,\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":true,\"enhancements\":{}}},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":18,\"y\":0,\"w\":8,\"h\":13,\"i\":\"750876f2-eaee-4c6f-89bd-603c2da274e1\"},\"panelIndex\":\"750876f2-eaee-4c6f-89bd-603c2da274e1\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"78931842-dc88-45d7-a6ee-d79fb9f615bd\",\"name\":\"indexpattern-datasource-layer-a738cb8e-6646-4501-9007-03b7d6cf4815\"},{\"type\":\"index-pattern\",\"name\":\"684eca00-cba8-4853-a931-4e9d535efaec\",\"id\":\"78931842-dc88-45d7-a6ee-d79fb9f615bd\"}],\"state\":{\"visualization\":{\"layerId\":\"a738cb8e-6646-4501-9007-03b7d6cf4815\",\"layerType\":\"data\",\"columns\":[{\"columnId\":\"83e85e09-da17-43c7-9def-0f133f0555ce\",\"oneClickFilter\":true},{\"columnId\":\"6a22339f-897e-4ab9-837d-7312b90c77fb\",\"alignment\":\"center\",\"colorMode\":\"cell\",\"palette\":{\"type\":\"palette\",\"name\":\"temperature\",\"params\":{\"stops\":[{\"color\":\"#6092c0\",\"stop\":0},{\"color\":\"#a8bfda\",\"stop\":20},{\"color\":\"#ebeff5\",\"stop\":40},{\"color\":\"#ecb385\",\"stop\":60},{\"color\":\"#e7664c\",\"stop\":80}],\"name\":\"temperature\",\"continuity\":\"above\",\"reverse\":false,\"rangeMin\":0,\"rangeMax\":null}},\"summaryRow\":\"sum\",\"isTransposed\":false},{\"columnId\":\"ff2782ef-dd0d-4657-ad0c-0b1778af8f3f\",\"isTransposed\":false,\"alignment\":\"center\",\"colorMode\":\"cell\",\"palette\":{\"name\":\"custom\",\"type\":\"palette\",\"params\":{\"steps\":5,\"stops\":[{\"color\":\"#e7664c\",\"stop\":20},{\"color\":\"#ecb385\",\"stop\":40},{\"color\":\"#ebeff5\",\"stop\":60},{\"color\":\"#a8bfda\",\"stop\":80},{\"color\":\"#6092c0\",\"stop\":100}],\"name\":\"custom\",\"colorStops\":[{\"color\":\"#e7664c\",\"stop\":0},{\"color\":\"#ecb385\",\"stop\":20},{\"color\":\"#ebeff5\",\"stop\":40},{\"color\":\"#a8bfda\",\"stop\":60},{\"color\":\"#6092c0\",\"stop\":80}],\"continuity\":\"above\",\"reverse\":false,\"rangeMin\":0,\"rangeMax\":null}},\"summaryRow\":\"sum\"},{\"columnId\":\"f7592c84-e21a-4ce1-a92e-f449ce39234c\",\"isTransposed\":false,\"alignment\":\"center\"},{\"columnId\":\"c83ccc80-c7ff-474e-8489-947456cee9a3\",\"isTransposed\":false,\"alignment\":\"center\",\"colorMode\":\"cell\",\"palette\":{\"type\":\"palette\",\"name\":\"temperature\",\"params\":{\"stops\":[{\"color\":\"#6092c0\",\"stop\":0},{\"color\":\"#a8bfda\",\"stop\":20},{\"color\":\"#ebeff5\",\"stop\":40},{\"color\":\"#ecb385\",\"stop\":60},{\"color\":\"#e7664c\",\"stop\":80}],\"name\":\"temperature\",\"continuity\":\"above\",\"reverse\":false,\"rangeMin\":0,\"rangeMax\":null}},\"summaryRow\":\"sum\",\"summaryLabel\":\"Total Score\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[{\"meta\":{\"index\":\"684eca00-cba8-4853-a931-4e9d535efaec\",\"negate\":true,\"type\":\"phrase\",\"key\":\"vulnerability.severity\",\"params\":{\"query\":\"\"},\"disabled\":false,\"alias\":null},\"query\":{\"match_phrase\":{\"vulnerability.severity\":\"\"}},\"$state\":{\"store\":\"appState\"}}],\"datasourceStates\":{\"formBased\":{\"layers\":{\"a738cb8e-6646-4501-9007-03b7d6cf4815\":{\"columns\":{\"83e85e09-da17-43c7-9def-0f133f0555ce\":{\"label\":\"NVD Severity\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"vulnerability.severity\",\"isBucketed\":true,\"params\":{\"size\":6,\"orderBy\":{\"type\":\"alphabetical\",\"fallback\":false},\"orderDirection\":\"asc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"6a22339f-897e-4ab9-837d-7312b90c77fb\":{\"label\":\"Total Fails\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"vulnerability.id\",\"isBucketed\":false,\"filter\":{\"query\":\"vulnerability.result : \\\"fail\\\" \",\"language\":\"kuery\"},\"params\":{\"emptyAsNull\":true},\"customLabel\":true},\"ff2782ef-dd0d-4657-ad0c-0b1778af8f3f\":{\"label\":\"Total  Passes\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"vulnerability.id\",\"isBucketed\":false,\"filter\":{\"query\":\"vulnerability.result : \\\"pass\\\" \",\"language\":\"kuery\"},\"params\":{\"emptyAsNull\":true},\"customLabel\":true},\"f7592c84-e21a-4ce1-a92e-f449ce39234c\":{\"label\":\"Total Possible Score\",\"dataType\":\"number\",\"operationType\":\"sum\",\"sourceField\":\"vulnerability.score.base\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"emptyAsNull\":true,\"format\":{\"id\":\"number\",\"params\":{\"decimals\":0}}},\"customLabel\":true},\"c83ccc80-c7ff-474e-8489-947456cee9a3\":{\"label\":\"Total Score\",\"dataType\":\"number\",\"operationType\":\"sum\",\"sourceField\":\"vulnerability.score.base\",\"isBucketed\":false,\"scale\":\"ratio\",\"filter\":{\"query\":\"vulnerability.result : \\\"fail\\\" \",\"language\":\"kuery\"},\"params\":{\"emptyAsNull\":true},\"customLabel\":true}},\"columnOrder\":[\"83e85e09-da17-43c7-9def-0f133f0555ce\",\"6a22339f-897e-4ab9-837d-7312b90c77fb\",\"ff2782ef-dd0d-4657-ad0c-0b1778af8f3f\",\"c83ccc80-c7ff-474e-8489-947456cee9a3\",\"f7592c84-e21a-4ce1-a92e-f449ce39234c\"],\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"NVD Severity Breakdown\"},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":26,\"y\":0,\"w\":8,\"h\":13,\"i\":\"27499756-536c-4e62-b081-addbffdff28d\"},\"panelIndex\":\"27499756-536c-4e62-b081-addbffdff28d\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"78931842-dc88-45d7-a6ee-d79fb9f615bd\",\"name\":\"indexpattern-datasource-layer-615410f0-96f3-43e9-9315-2a53fcaa5fdf\"},{\"type\":\"index-pattern\",\"name\":\"044d8cc9-a39b-4007-94e6-d34fd9dc0970\",\"id\":\"78931842-dc88-45d7-a6ee-d79fb9f615bd\"},{\"type\":\"index-pattern\",\"name\":\"27d89493-bc6a-4979-a35a-59a5983c3d4c\",\"id\":\"78931842-dc88-45d7-a6ee-d79fb9f615bd\"}],\"state\":{\"visualization\":{\"layerId\":\"615410f0-96f3-43e9-9315-2a53fcaa5fdf\",\"layerType\":\"data\",\"columns\":[{\"columnId\":\"ba7c701a-298f-4972-a3d7-14b8332adbef\",\"oneClickFilter\":true},{\"columnId\":\"e5331134-3535-412a-ae63-9406eb3a3c46\",\"alignment\":\"center\"},{\"columnId\":\"b6818356-b709-47f3-a5e7-eb8f19543c9a\",\"isTransposed\":false,\"alignment\":\"center\",\"colorMode\":\"cell\",\"palette\":{\"type\":\"palette\",\"name\":\"cool\",\"params\":{\"steps\":5,\"stops\":[{\"color\":\"#e0e8f2\",\"stop\":0},{\"color\":\"#c2d2e6\",\"stop\":20},{\"color\":\"#a2bcd9\",\"stop\":40},{\"color\":\"#82a7cd\",\"stop\":60},{\"color\":\"#6092c0\",\"stop\":80}],\"name\":\"cool\",\"continuity\":\"above\",\"reverse\":false,\"rangeMin\":0,\"rangeMax\":null}}}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[{\"meta\":{\"index\":\"044d8cc9-a39b-4007-94e6-d34fd9dc0970\",\"negate\":true,\"type\":\"phrase\",\"key\":\"vulnerability.iava\",\"params\":{\"query\":\"\"},\"disabled\":false,\"alias\":null},\"query\":{\"match_phrase\":{\"vulnerability.iava\":\"\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"index\":\"27d89493-bc6a-4979-a35a-59a5983c3d4c\",\"negate\":true,\"type\":\"phrase\",\"key\":\"vulnerability.iava_severity\",\"params\":{\"query\":\"\"},\"disabled\":false,\"alias\":null},\"query\":{\"match_phrase\":{\"vulnerability.iava_severity\":\"\"}},\"$state\":{\"store\":\"appState\"}}],\"datasourceStates\":{\"formBased\":{\"layers\":{\"615410f0-96f3-43e9-9315-2a53fcaa5fdf\":{\"columns\":{\"ba7c701a-298f-4972-a3d7-14b8332adbef\":{\"label\":\"IAVA Severity\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"vulnerability.iava_severity\",\"isBucketed\":true,\"params\":{\"size\":200,\"orderBy\":{\"type\":\"custom\"},\"orderAgg\":{\"label\":\"Last value of vulnerability.score.base\",\"dataType\":\"number\",\"operationType\":\"last_value\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"vulnerability.score.base\",\"filter\":{\"query\":\"vulnerability.score.base: *\",\"language\":\"kuery\"},\"params\":{\"sortField\":\"@timestamp\"}},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false,\"secondaryFields\":[]},\"customLabel\":true},\"e5331134-3535-412a-ae63-9406eb3a3c46\":{\"label\":\"Total Failures\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"vulnerability.iava\",\"filter\":{\"query\":\"vulnerability.result : \\\"fail\\\" \",\"language\":\"kuery\"},\"params\":{\"emptyAsNull\":true},\"customLabel\":true},\"b6818356-b709-47f3-a5e7-eb8f19543c9a\":{\"label\":\"Total Passed\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"filter\":{\"query\":\"vulnerability.result : \\\"pass\\\" \",\"language\":\"kuery\"},\"params\":{\"emptyAsNull\":true},\"customLabel\":true}},\"columnOrder\":[\"ba7c701a-298f-4972-a3d7-14b8332adbef\",\"e5331134-3535-412a-ae63-9406eb3a3c46\",\"b6818356-b709-47f3-a5e7-eb8f19543c9a\"],\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"IAVA Severity Breakdown\"},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":34,\"y\":0,\"w\":8,\"h\":13,\"i\":\"e6b5c9bd-b726-4be2-93ab-52e7125e3db1\"},\"panelIndex\":\"e6b5c9bd-b726-4be2-93ab-52e7125e3db1\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"78931842-dc88-45d7-a6ee-d79fb9f615bd\",\"name\":\"indexpattern-datasource-layer-615410f0-96f3-43e9-9315-2a53fcaa5fdf\"},{\"type\":\"index-pattern\",\"name\":\"28b051dd-fb8d-449a-b21a-2d70308979bb\",\"id\":\"78931842-dc88-45d7-a6ee-d79fb9f615bd\"}],\"state\":{\"visualization\":{\"layerId\":\"615410f0-96f3-43e9-9315-2a53fcaa5fdf\",\"layerType\":\"data\",\"columns\":[{\"columnId\":\"ba7c701a-298f-4972-a3d7-14b8332adbef\",\"oneClickFilter\":true},{\"columnId\":\"e5331134-3535-412a-ae63-9406eb3a3c46\",\"alignment\":\"center\",\"colorMode\":\"cell\",\"palette\":{\"name\":\"custom\",\"type\":\"palette\",\"params\":{\"steps\":5,\"stops\":[{\"color\":\"#29b122\",\"stop\":1},{\"color\":\"#f3bbaf\",\"stop\":40},{\"color\":\"#e99a89\",\"stop\":60},{\"color\":\"#db7965\",\"stop\":80},{\"color\":\"#cc5642\",\"stop\":100}],\"name\":\"custom\",\"colorStops\":[{\"color\":\"#29b122\",\"stop\":0},{\"color\":\"#f3bbaf\",\"stop\":1},{\"color\":\"#e99a89\",\"stop\":40},{\"color\":\"#db7965\",\"stop\":60},{\"color\":\"#cc5642\",\"stop\":80}],\"continuity\":\"above\",\"reverse\":false,\"rangeMin\":0,\"rangeMax\":null}}},{\"columnId\":\"b6818356-b709-47f3-a5e7-eb8f19543c9a\",\"isTransposed\":false,\"alignment\":\"center\",\"colorMode\":\"cell\",\"palette\":{\"name\":\"custom\",\"type\":\"palette\",\"params\":{\"steps\":5,\"stops\":[{\"color\":\"#6092c0\",\"stop\":20},{\"color\":\"#a8bfda\",\"stop\":40},{\"color\":\"#ebeff5\",\"stop\":60},{\"color\":\"#ecb385\",\"stop\":80},{\"color\":\"#e7664c\",\"stop\":100}],\"name\":\"custom\",\"colorStops\":[{\"color\":\"#6092c0\",\"stop\":0},{\"color\":\"#a8bfda\",\"stop\":20},{\"color\":\"#ebeff5\",\"stop\":40},{\"color\":\"#ecb385\",\"stop\":60},{\"color\":\"#e7664c\",\"stop\":80}],\"continuity\":\"above\",\"reverse\":false,\"rangeMin\":0,\"rangeMax\":null}}}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[{\"meta\":{\"index\":\"28b051dd-fb8d-449a-b21a-2d70308979bb\",\"negate\":true,\"type\":\"phrase\",\"key\":\"vulnerability.iava\",\"params\":{\"query\":\"\"},\"disabled\":false,\"alias\":null},\"query\":{\"match_phrase\":{\"vulnerability.iava\":\"\"}},\"$state\":{\"store\":\"appState\"}}],\"datasourceStates\":{\"formBased\":{\"layers\":{\"615410f0-96f3-43e9-9315-2a53fcaa5fdf\":{\"columns\":{\"ba7c701a-298f-4972-a3d7-14b8332adbef\":{\"label\":\"IAVA\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"vulnerability.iava\",\"isBucketed\":true,\"params\":{\"size\":200,\"orderBy\":{\"type\":\"column\",\"columnId\":\"e5331134-3535-412a-ae63-9406eb3a3c46\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"e5331134-3535-412a-ae63-9406eb3a3c46\":{\"label\":\"Total Failures\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"vulnerability.iava\",\"filter\":{\"query\":\"vulnerability.result : \\\"fail\\\" \",\"language\":\"kuery\"},\"params\":{\"emptyAsNull\":false},\"customLabel\":true},\"b6818356-b709-47f3-a5e7-eb8f19543c9a\":{\"label\":\"Total Passed\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"filter\":{\"query\":\"vulnerability.result : \\\"pass\\\" \",\"language\":\"kuery\"},\"params\":{\"emptyAsNull\":true},\"customLabel\":true}},\"columnOrder\":[\"ba7c701a-298f-4972-a3d7-14b8332adbef\",\"e5331134-3535-412a-ae63-9406eb3a3c46\",\"b6818356-b709-47f3-a5e7-eb8f19543c9a\"],\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"IAVA Results Breakdown\"},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":42,\"y\":0,\"w\":6,\"h\":13,\"i\":\"5dc1ffd0-8ed6-4d64-975b-7522c194ea8c\"},\"panelIndex\":\"5dc1ffd0-8ed6-4d64-975b-7522c194ea8c\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"78931842-dc88-45d7-a6ee-d79fb9f615bd\",\"name\":\"indexpattern-datasource-layer-325646e5-58ab-4512-851c-5171a5822fa8\"}],\"state\":{\"visualization\":{\"layerId\":\"325646e5-58ab-4512-851c-5171a5822fa8\",\"layerType\":\"data\",\"columns\":[{\"columnId\":\"75bf2861-0762-41a2-9122-8caa60904d4a\",\"isTransposed\":false,\"alignment\":\"center\",\"oneClickFilter\":true},{\"columnId\":\"648ee7b2-ff85-4404-aa14-175fe01845e5\",\"isTransposed\":false}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"325646e5-58ab-4512-851c-5171a5822fa8\":{\"columns\":{\"75bf2861-0762-41a2-9122-8caa60904d4a\":{\"label\":\"Year\",\"dataType\":\"number\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"vulnerability.year\",\"isBucketed\":true,\"params\":{\"size\":50,\"orderBy\":{\"type\":\"alphabetical\",\"fallback\":false},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"648ee7b2-ff85-4404-aa14-175fe01845e5\":{\"label\":\"Total\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"vulnerability.id\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":true},\"customLabel\":true}},\"columnOrder\":[\"75bf2861-0762-41a2-9122-8caa60904d4a\",\"648ee7b2-ff85-4404-aa14-175fe01845e5\"],\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Counts By CVE Year\"},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":5,\"w\":8,\"h\":4,\"i\":\"c83f05f4-47e2-4b2d-a359-c8ab8ac09e88\"},\"panelIndex\":\"c83f05f4-47e2-4b2d-a359-c8ab8ac09e88\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsMetric\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"78931842-dc88-45d7-a6ee-d79fb9f615bd\",\"name\":\"indexpattern-datasource-layer-1c5f04fa-1f1e-4252-908b-77a5c75bc993\"}],\"state\":{\"visualization\":{\"layerId\":\"1c5f04fa-1f1e-4252-908b-77a5c75bc993\",\"layerType\":\"data\",\"metricAccessor\":\"b8b589b9-1f8b-4ee0-bc97-40e09e2d8626\",\"maxAccessor\":\"649632a8-38c6-42d3-9946-08fd0c7017c8\",\"showBar\":true,\"palette\":{\"name\":\"custom\",\"type\":\"palette\",\"params\":{\"steps\":3,\"name\":\"custom\",\"reverse\":false,\"rangeType\":\"percent\",\"rangeMin\":null,\"rangeMax\":null,\"progression\":\"fixed\",\"stops\":[{\"color\":\"#cc5642\",\"stop\":33.33},{\"color\":\"#d6bf57\",\"stop\":66.66},{\"color\":\"#209280\",\"stop\":100}],\"colorStops\":[{\"color\":\"#cc5642\",\"stop\":null},{\"color\":\"#d6bf57\",\"stop\":33.33},{\"color\":\"#209280\",\"stop\":66.66}],\"continuity\":\"all\",\"maxSteps\":5}},\"progressDirection\":\"horizontal\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"1c5f04fa-1f1e-4252-908b-77a5c75bc993\":{\"columns\":{\"b8b589b9-1f8b-4ee0-bc97-40e09e2d8626\":{\"label\":\"Total Failed\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"vulnerability.id\",\"isBucketed\":false,\"filter\":{\"query\":\"vulnerability.result : \\\"fail\\\"  \",\"language\":\"kuery\"},\"params\":{\"emptyAsNull\":true,\"format\":{\"id\":\"number\",\"params\":{\"decimals\":2}}},\"customLabel\":true},\"649632a8-38c6-42d3-9946-08fd0c7017c8\":{\"label\":\"Vulnerability ID\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"vulnerability.id\",\"isBucketed\":false,\"filter\":{\"query\":\"vulnerability.result : \\\"pass\\\" or vulnerability.result : \\\"fail\\\" \",\"language\":\"kuery\"},\"params\":{\"emptyAsNull\":true},\"customLabel\":true}},\"columnOrder\":[\"b8b589b9-1f8b-4ee0-bc97-40e09e2d8626\",\"649632a8-38c6-42d3-9946-08fd0c7017c8\"],\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{}},\"title\":\"\"},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":8,\"y\":5,\"w\":7,\"h\":4,\"i\":\"ab52ed71-894c-466e-b53f-7f0dec7852be\"},\"panelIndex\":\"ab52ed71-894c-466e-b53f-7f0dec7852be\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsMetric\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"78931842-dc88-45d7-a6ee-d79fb9f615bd\",\"name\":\"indexpattern-datasource-layer-1c5f04fa-1f1e-4252-908b-77a5c75bc993\"}],\"state\":{\"visualization\":{\"layerId\":\"1c5f04fa-1f1e-4252-908b-77a5c75bc993\",\"layerType\":\"data\",\"metricAccessor\":\"b8b589b9-1f8b-4ee0-bc97-40e09e2d8626\",\"maxAccessor\":\"649632a8-38c6-42d3-9946-08fd0c7017c8\",\"showBar\":true,\"palette\":{\"name\":\"custom\",\"type\":\"palette\",\"params\":{\"steps\":3,\"name\":\"custom\",\"reverse\":false,\"rangeType\":\"percent\",\"rangeMin\":null,\"rangeMax\":null,\"progression\":\"fixed\",\"stops\":[{\"color\":\"#cc5642\",\"stop\":33.33},{\"color\":\"#d6bf57\",\"stop\":66.66},{\"color\":\"#209280\",\"stop\":100}],\"colorStops\":[{\"color\":\"#cc5642\",\"stop\":null},{\"color\":\"#d6bf57\",\"stop\":33.33},{\"color\":\"#209280\",\"stop\":66.66}],\"continuity\":\"all\",\"maxSteps\":5}},\"progressDirection\":\"horizontal\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"1c5f04fa-1f1e-4252-908b-77a5c75bc993\":{\"columns\":{\"b8b589b9-1f8b-4ee0-bc97-40e09e2d8626\":{\"label\":\"Hosts Failing Critical\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"host.id\",\"isBucketed\":false,\"filter\":{\"query\":\"vulnerability.result : \\\"fail\\\"  and vulnerability.severity : \\\"CRITICAL\\\" \",\"language\":\"kuery\"},\"params\":{\"emptyAsNull\":true,\"format\":{\"id\":\"number\",\"params\":{\"decimals\":2}}},\"customLabel\":true},\"649632a8-38c6-42d3-9946-08fd0c7017c8\":{\"label\":\"Vulnerability ID\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"host.id\",\"isBucketed\":false,\"filter\":{\"query\":\"vulnerability.id : *\",\"language\":\"kuery\"},\"params\":{\"emptyAsNull\":true},\"customLabel\":true}},\"columnOrder\":[\"b8b589b9-1f8b-4ee0-bc97-40e09e2d8626\",\"649632a8-38c6-42d3-9946-08fd0c7017c8\"],\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{}},\"title\":\"\"},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":9,\"w\":8,\"h\":4,\"i\":\"35429b34-65a5-4af0-99b6-b9980cdc13ba\"},\"panelIndex\":\"35429b34-65a5-4af0-99b6-b9980cdc13ba\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsMetric\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"78931842-dc88-45d7-a6ee-d79fb9f615bd\",\"name\":\"indexpattern-datasource-layer-1c5f04fa-1f1e-4252-908b-77a5c75bc993\"}],\"state\":{\"visualization\":{\"layerId\":\"1c5f04fa-1f1e-4252-908b-77a5c75bc993\",\"layerType\":\"data\",\"metricAccessor\":\"b8b589b9-1f8b-4ee0-bc97-40e09e2d8626\",\"maxAccessor\":\"649632a8-38c6-42d3-9946-08fd0c7017c8\",\"showBar\":true,\"palette\":{\"name\":\"custom\",\"type\":\"palette\",\"params\":{\"steps\":3,\"name\":\"custom\",\"reverse\":false,\"rangeType\":\"percent\",\"rangeMin\":null,\"rangeMax\":null,\"progression\":\"fixed\",\"stops\":[{\"color\":\"#cc5642\",\"stop\":33.33},{\"color\":\"#d6bf57\",\"stop\":66.66},{\"color\":\"#209280\",\"stop\":100}],\"colorStops\":[{\"color\":\"#cc5642\",\"stop\":null},{\"color\":\"#d6bf57\",\"stop\":33.33},{\"color\":\"#209280\",\"stop\":66.66}],\"continuity\":\"all\",\"maxSteps\":5}},\"progressDirection\":\"horizontal\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"1c5f04fa-1f1e-4252-908b-77a5c75bc993\":{\"columns\":{\"b8b589b9-1f8b-4ee0-bc97-40e09e2d8626\":{\"label\":\"Total Passed\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"vulnerability.id\",\"isBucketed\":false,\"filter\":{\"query\":\"vulnerability.result : \\\"pass\\\" \",\"language\":\"kuery\"},\"params\":{\"emptyAsNull\":true,\"format\":{\"id\":\"number\",\"params\":{\"decimals\":2}}},\"customLabel\":true},\"649632a8-38c6-42d3-9946-08fd0c7017c8\":{\"label\":\"Vulnerability ID\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"vulnerability.id\",\"isBucketed\":false,\"filter\":{\"query\":\"vulnerability.result : \\\"pass\\\" or vulnerability.result : \\\"fail\\\" \",\"language\":\"kuery\"},\"params\":{\"emptyAsNull\":true},\"customLabel\":true}},\"columnOrder\":[\"b8b589b9-1f8b-4ee0-bc97-40e09e2d8626\",\"649632a8-38c6-42d3-9946-08fd0c7017c8\"],\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":true,\"enhancements\":{}}},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":8,\"y\":9,\"w\":7,\"h\":4,\"i\":\"ec9edb3d-0069-489a-94a7-c7ee626b9f76\"},\"panelIndex\":\"ec9edb3d-0069-489a-94a7-c7ee626b9f76\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsMetric\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"78931842-dc88-45d7-a6ee-d79fb9f615bd\",\"name\":\"indexpattern-datasource-layer-1c5f04fa-1f1e-4252-908b-77a5c75bc993\"}],\"state\":{\"visualization\":{\"layerId\":\"1c5f04fa-1f1e-4252-908b-77a5c75bc993\",\"layerType\":\"data\",\"metricAccessor\":\"b8b589b9-1f8b-4ee0-bc97-40e09e2d8626\",\"maxAccessor\":\"649632a8-38c6-42d3-9946-08fd0c7017c8\",\"showBar\":true,\"palette\":{\"name\":\"custom\",\"type\":\"palette\",\"params\":{\"steps\":3,\"name\":\"custom\",\"reverse\":false,\"rangeType\":\"percent\",\"rangeMin\":null,\"rangeMax\":null,\"progression\":\"fixed\",\"stops\":[{\"color\":\"#cc5642\",\"stop\":33.33},{\"color\":\"#d6bf57\",\"stop\":66.66},{\"color\":\"#209280\",\"stop\":100}],\"colorStops\":[{\"color\":\"#cc5642\",\"stop\":null},{\"color\":\"#d6bf57\",\"stop\":33.33},{\"color\":\"#209280\",\"stop\":66.66}],\"continuity\":\"all\",\"maxSteps\":5}},\"progressDirection\":\"horizontal\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"1c5f04fa-1f1e-4252-908b-77a5c75bc993\":{\"columns\":{\"b8b589b9-1f8b-4ee0-bc97-40e09e2d8626\":{\"label\":\"Hosts Failing IAVA\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"host.id\",\"isBucketed\":false,\"filter\":{\"query\":\"vulnerability.result : \\\"fail\\\"  and vulnerability.iava : *\",\"language\":\"kuery\"},\"params\":{\"emptyAsNull\":true,\"format\":{\"id\":\"number\",\"params\":{\"decimals\":2}}},\"customLabel\":true},\"649632a8-38c6-42d3-9946-08fd0c7017c8\":{\"label\":\"Vulnerability ID\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"host.id\",\"isBucketed\":false,\"filter\":{\"query\":\"vulnerability.id : *\",\"language\":\"kuery\"},\"params\":{\"emptyAsNull\":true},\"customLabel\":true}},\"columnOrder\":[\"b8b589b9-1f8b-4ee0-bc97-40e09e2d8626\",\"649632a8-38c6-42d3-9946-08fd0c7017c8\"],\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{}},\"title\":\"\"},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":13,\"w\":15,\"h\":11,\"i\":\"f4148e30-8031-419e-aafc-375334eb93bb\"},\"panelIndex\":\"f4148e30-8031-419e-aafc-375334eb93bb\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"78931842-dc88-45d7-a6ee-d79fb9f615bd\",\"name\":\"indexpattern-datasource-layer-f2abbf0c-776c-41e1-a7ab-cd8c207389ed\"}],\"state\":{\"visualization\":{\"layerId\":\"f2abbf0c-776c-41e1-a7ab-cd8c207389ed\",\"layerType\":\"data\",\"columns\":[{\"columnId\":\"a821c037-534b-4114-8840-28b32f57547f\",\"oneClickFilter\":true},{\"columnId\":\"411d9d7b-bbc3-4c01-9337-8fa3b66b5573\",\"alignment\":\"center\",\"colorMode\":\"cell\",\"palette\":{\"type\":\"palette\",\"name\":\"temperature\",\"params\":{\"stops\":[{\"color\":\"#6092c0\",\"stop\":0},{\"color\":\"#a8bfda\",\"stop\":20},{\"color\":\"#ebeff5\",\"stop\":40},{\"color\":\"#ecb385\",\"stop\":60},{\"color\":\"#e7664c\",\"stop\":80}],\"name\":\"temperature\",\"continuity\":\"above\",\"reverse\":false,\"rangeMin\":0,\"rangeMax\":null}},\"width\":580.75},{\"columnId\":\"9a387a1a-6c45-40ac-b21c-75dc4ddd1c3e\",\"isTransposed\":false,\"alignment\":\"center\",\"colorMode\":\"cell\",\"palette\":{\"type\":\"palette\",\"name\":\"positive\",\"params\":{\"stops\":[{\"color\":\"#d6e9e4\",\"stop\":20},{\"color\":\"#aed3ca\",\"stop\":40},{\"color\":\"#85bdb1\",\"stop\":60},{\"color\":\"#5aa898\",\"stop\":80},{\"color\":\"#209280\",\"stop\":100}]}}},{\"columnId\":\"5593d99d-c179-424b-a38a-6f94751c3f4f\",\"isTransposed\":false,\"colorMode\":\"cell\",\"palette\":{\"type\":\"palette\",\"name\":\"temperature\",\"params\":{\"stops\":[{\"color\":\"#6092c0\",\"stop\":0},{\"color\":\"#a8bfda\",\"stop\":20},{\"color\":\"#ebeff5\",\"stop\":40},{\"color\":\"#ecb385\",\"stop\":60},{\"color\":\"#e7664c\",\"stop\":80}],\"name\":\"temperature\",\"continuity\":\"above\",\"reverse\":false,\"rangeMin\":0,\"rangeMax\":null}},\"alignment\":\"center\"},{\"columnId\":\"cedab1f5-eacf-4fa9-b83f-d8e602a149bc\",\"isTransposed\":false,\"alignment\":\"center\"}],\"sorting\":{\"columnId\":\"411d9d7b-bbc3-4c01-9337-8fa3b66b5573\",\"direction\":\"desc\"}},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"f2abbf0c-776c-41e1-a7ab-cd8c207389ed\":{\"columns\":{\"a821c037-534b-4114-8840-28b32f57547f\":{\"label\":\"Hostname\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.hostname\",\"isBucketed\":true,\"params\":{\"size\":200,\"orderBy\":{\"type\":\"column\",\"columnId\":\"411d9d7b-bbc3-4c01-9337-8fa3b66b5573\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"411d9d7b-bbc3-4c01-9337-8fa3b66b5573\":{\"label\":\"Total Failures\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"filter\":{\"query\":\"vulnerability.result : \\\"fail\\\" \",\"language\":\"kuery\"},\"params\":{\"emptyAsNull\":true,\"format\":{\"id\":\"number\",\"params\":{\"decimals\":0,\"suffix\":\"\"}}},\"customLabel\":true},\"9a387a1a-6c45-40ac-b21c-75dc4ddd1c3e\":{\"label\":\"Total Passes\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"vulnerability.id\",\"isBucketed\":false,\"filter\":{\"query\":\"vulnerability.result : \\\"pass\\\" \",\"language\":\"kuery\"},\"params\":{\"emptyAsNull\":true},\"customLabel\":true},\"5593d99d-c179-424b-a38a-6f94751c3f4f\":{\"label\":\"Failed IAVAs\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"vulnerability.id\",\"isBucketed\":false,\"filter\":{\"query\":\"vulnerability.iava : * and vulnerability.result : \\\"fail\\\" \",\"language\":\"kuery\"},\"params\":{\"emptyAsNull\":true},\"customLabel\":true},\"cedab1f5-eacf-4fa9-b83f-d8e602a149bc\":{\"label\":\"Domain\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.domain\",\"isBucketed\":true,\"params\":{\"size\":1,\"orderBy\":{\"type\":\"column\",\"columnId\":\"411d9d7b-bbc3-4c01-9337-8fa3b66b5573\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true}},\"columnOrder\":[\"a821c037-534b-4114-8840-28b32f57547f\",\"cedab1f5-eacf-4fa9-b83f-d8e602a149bc\",\"411d9d7b-bbc3-4c01-9337-8fa3b66b5573\",\"9a387a1a-6c45-40ac-b21c-75dc4ddd1c3e\",\"5593d99d-c179-424b-a38a-6f94751c3f4f\"],\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Top 200 Hosts by Failures\"},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":15,\"y\":13,\"w\":9,\"h\":11,\"i\":\"fa0504a4-ba9e-4429-b706-e429d42828a4\"},\"panelIndex\":\"fa0504a4-ba9e-4429-b706-e429d42828a4\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"df491fbb-3f09-4ab0-995a-c2c549a9bc21\",\"name\":\"indexpattern-datasource-layer-d9b506eb-03f8-4dd4-a72a-3cf98e84ada5\"}],\"state\":{\"visualization\":{\"layerId\":\"d9b506eb-03f8-4dd4-a72a-3cf98e84ada5\",\"layerType\":\"data\",\"columns\":[{\"columnId\":\"25103ba4-d45f-453d-ac4d-226600fbf532\",\"oneClickFilter\":true},{\"columnId\":\"46bb4591-4054-4b9b-a51e-961589046c64\",\"alignment\":\"center\"}]},\"query\":{\"query\":\"event.code : 8000\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"d9b506eb-03f8-4dd4-a72a-3cf98e84ada5\":{\"columns\":{\"25103ba4-d45f-453d-ac4d-226600fbf532\":{\"label\":\"Hostname\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.hostname\",\"isBucketed\":true,\"params\":{\"size\":100,\"orderBy\":{\"type\":\"column\",\"columnId\":\"46bb4591-4054-4b9b-a51e-961589046c64\"},\"orderDirection\":\"asc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"46bb4591-4054-4b9b-a51e-961589046c64\":{\"label\":\"Last Scan Reported\",\"dataType\":\"date\",\"operationType\":\"last_value\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"event.ingested\",\"filter\":{\"query\":\"event.ingested: *\",\"language\":\"kuery\"},\"timeShift\":\"\",\"params\":{\"sortField\":\"event.ingested\"},\"customLabel\":true}},\"columnOrder\":[\"25103ba4-d45f-453d-ac4d-226600fbf532\",\"46bb4591-4054-4b9b-a51e-961589046c64\"],\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Hosts Last Scan\"},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":13,\"w\":24,\"h\":11,\"i\":\"7a66b950-c869-4bdd-afb7-794cfcc5225b\"},\"panelIndex\":\"7a66b950-c869-4bdd-afb7-794cfcc5225b\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"df491fbb-3f09-4ab0-995a-c2c549a9bc21\",\"name\":\"indexpattern-datasource-layer-6597e88e-74e8-47dd-a41e-b0856b99a416\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"preferredSeriesType\":\"area_stacked\",\"layers\":[{\"layerId\":\"6597e88e-74e8-47dd-a41e-b0856b99a416\",\"accessors\":[\"e3310b41-0106-49dc-88fd-a1a867198197\"],\"position\":\"top\",\"seriesType\":\"area_stacked\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"2270dadf-b0b9-4a09-9e92-8ce74e2756fc\",\"splitAccessor\":\"29e7fd52-d400-468e-8162-2cfeb2c11cbf\"}]},\"query\":{\"query\":\"event.code : 8000 or event.code: 8001 or event.code: 8002\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"6597e88e-74e8-47dd-a41e-b0856b99a416\":{\"columns\":{\"29e7fd52-d400-468e-8162-2cfeb2c11cbf\":{\"label\":\"Top 5 values of event.code\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"event.code\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"e3310b41-0106-49dc-88fd-a1a867198197\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false}},\"2270dadf-b0b9-4a09-9e92-8ce74e2756fc\":{\"label\":\"@timestamp\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"@timestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\",\"includeEmptyRows\":true,\"dropPartials\":false}},\"e3310b41-0106-49dc-88fd-a1a867198197\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true}}},\"columnOrder\":[\"29e7fd52-d400-468e-8162-2cfeb2c11cbf\",\"2270dadf-b0b9-4a09-9e92-8ce74e2756fc\",\"e3310b41-0106-49dc-88fd-a1a867198197\"],\"sampling\":1,\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Scan Starts and Ends over Time\"},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":24,\"w\":48,\"h\":20,\"i\":\"26748b80-0759-4316-b554-d2309ea63ce6\"},\"panelIndex\":\"26748b80-0759-4316-b554-d2309ea63ce6\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"78931842-dc88-45d7-a6ee-d79fb9f615bd\",\"name\":\"indexpattern-datasource-layer-68551b69-50f5-4d7e-a51b-98dead9be7c2\"}],\"state\":{\"visualization\":{\"columns\":[{\"isTransposed\":false,\"columnId\":\"88fe4865-829d-4e1e-864d-5954609d283f\",\"oneClickFilter\":true},{\"isTransposed\":false,\"columnId\":\"342a7ea2-f259-4604-a28b-272bff538a02\",\"alignment\":\"center\"},{\"columnId\":\"4b8d6316-a5f3-4fb3-8bfb-0c36a2df4f4b\",\"isTransposed\":false},{\"columnId\":\"7422b908-e777-43a3-bad1-e8558ff15d4e\",\"isTransposed\":false,\"alignment\":\"center\"},{\"columnId\":\"3f2ff38f-876c-4d6f-acd3-86368cb61a8a\",\"isTransposed\":false,\"alignment\":\"center\",\"oneClickFilter\":true},{\"columnId\":\"d7cf9854-7dca-4331-927c-960f11be25bb\",\"isTransposed\":false,\"alignment\":\"center\",\"colorMode\":\"cell\",\"palette\":{\"name\":\"custom\",\"type\":\"palette\",\"params\":{\"steps\":5,\"stops\":[{\"color\":\"#89adf2\",\"stop\":20},{\"color\":\"#f3bbaf\",\"stop\":40},{\"color\":\"#e99a89\",\"stop\":60},{\"color\":\"#db7965\",\"stop\":80},{\"color\":\"#cc5642\",\"stop\":100}],\"name\":\"custom\",\"continuity\":\"above\",\"reverse\":false,\"rangeMin\":0,\"rangeMax\":null,\"colorStops\":[{\"color\":\"#89adf2\",\"stop\":0},{\"color\":\"#f3bbaf\",\"stop\":20},{\"color\":\"#e99a89\",\"stop\":40},{\"color\":\"#db7965\",\"stop\":60},{\"color\":\"#cc5642\",\"stop\":80}]}}}],\"layerId\":\"68551b69-50f5-4d7e-a51b-98dead9be7c2\",\"layerType\":\"data\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"68551b69-50f5-4d7e-a51b-98dead9be7c2\":{\"columns\":{\"88fe4865-829d-4e1e-864d-5954609d283f\":{\"label\":\"Vulnerability ID\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"vulnerability.id\",\"isBucketed\":true,\"params\":{\"size\":300,\"orderBy\":{\"type\":\"column\",\"columnId\":\"d7cf9854-7dca-4331-927c-960f11be25bb\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"342a7ea2-f259-4604-a28b-272bff538a02\":{\"label\":\"Total Reported\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"host.id\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":true},\"customLabel\":true},\"4b8d6316-a5f3-4fb3-8bfb-0c36a2df4f4b\":{\"label\":\"Reference\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"vulnerability.reference\",\"isBucketed\":true,\"params\":{\"size\":1,\"orderBy\":{\"type\":\"column\",\"columnId\":\"342a7ea2-f259-4604-a28b-272bff538a02\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"7422b908-e777-43a3-bad1-e8558ff15d4e\":{\"label\":\"Base Score\",\"dataType\":\"number\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"vulnerability.score.base\",\"isBucketed\":true,\"params\":{\"size\":1,\"orderBy\":{\"type\":\"column\",\"columnId\":\"342a7ea2-f259-4604-a28b-272bff538a02\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"3f2ff38f-876c-4d6f-acd3-86368cb61a8a\":{\"label\":\"Severity\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"vulnerability.severity\",\"isBucketed\":true,\"params\":{\"size\":1,\"orderBy\":{\"type\":\"column\",\"columnId\":\"342a7ea2-f259-4604-a28b-272bff538a02\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"d7cf9854-7dca-4331-927c-960f11be25bb\":{\"label\":\"Total Failures\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"host.id\",\"filter\":{\"query\":\"vulnerability.result : \\\"fail\\\" \",\"language\":\"kuery\"},\"params\":{\"emptyAsNull\":false},\"customLabel\":true}},\"columnOrder\":[\"88fe4865-829d-4e1e-864d-5954609d283f\",\"4b8d6316-a5f3-4fb3-8bfb-0c36a2df4f4b\",\"7422b908-e777-43a3-bad1-e8558ff15d4e\",\"3f2ff38f-876c-4d6f-acd3-86368cb61a8a\",\"d7cf9854-7dca-4331-927c-960f11be25bb\",\"342a7ea2-f259-4604-a28b-272bff538a02\"],\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{},\"hidePanelTitles\":false},\"title\":\"Top 200 CVEs by Failure Count\"}]",
+        "refreshInterval": {
+            "pause": true,
+            "value": 0
+        },
+        "timeFrom": "now-30d/d",
+        "timeRestore": true,
+        "timeTo": "now",
+        "title": "[TYCHON] - Vulnerability Dashboard",
+        "version": 1
+    },
+    "coreMigrationVersion": "8.6.2",
+    "created_at": "2023-06-22T15:20:14.754Z",
+    "id": "tychon-75c383c0-e508-11ed-8a95-ab70156d4b18-cve",
+    "migrationVersion": {
+        "dashboard": "8.6.0"
+    },
+    "references": [
+        {
+            "id": "bb5226cd-c099-46d2-bb71-0257232c7d82",
+            "name": "679a4e0d-72d6-4080-b8db-fe8c3191e740:kibanaSavedObjectMeta.searchSourceJSON.index",
+            "type": "index-pattern"
+        },
+        {
+            "id": "bb5226cd-c099-46d2-bb71-0257232c7d82",
+            "name": "373d6d39-77cd-4ee7-9632-27ed5cfad192:kibanaSavedObjectMeta.searchSourceJSON.index",
+            "type": "index-pattern"
+        },
+        {
+            "id": "78931842-dc88-45d7-a6ee-d79fb9f615bd",
+            "name": "886b38ad-89f2-4800-ae61-61bcdb4e3b07:indexpattern-datasource-layer-4f65679f-7137-49e2-8a1e-96c834742340",
+            "type": "index-pattern"
+        },
+        {
+            "id": "78931842-dc88-45d7-a6ee-d79fb9f615bd",
+            "name": "750876f2-eaee-4c6f-89bd-603c2da274e1:indexpattern-datasource-layer-a738cb8e-6646-4501-9007-03b7d6cf4815",
+            "type": "index-pattern"
+        },
+        {
+            "id": "78931842-dc88-45d7-a6ee-d79fb9f615bd",
+            "name": "750876f2-eaee-4c6f-89bd-603c2da274e1:684eca00-cba8-4853-a931-4e9d535efaec",
+            "type": "index-pattern"
+        },
+        {
+            "id": "78931842-dc88-45d7-a6ee-d79fb9f615bd",
+            "name": "27499756-536c-4e62-b081-addbffdff28d:indexpattern-datasource-layer-615410f0-96f3-43e9-9315-2a53fcaa5fdf",
+            "type": "index-pattern"
+        },
+        {
+            "id": "78931842-dc88-45d7-a6ee-d79fb9f615bd",
+            "name": "27499756-536c-4e62-b081-addbffdff28d:044d8cc9-a39b-4007-94e6-d34fd9dc0970",
+            "type": "index-pattern"
+        },
+        {
+            "id": "78931842-dc88-45d7-a6ee-d79fb9f615bd",
+            "name": "27499756-536c-4e62-b081-addbffdff28d:27d89493-bc6a-4979-a35a-59a5983c3d4c",
+            "type": "index-pattern"
+        },
+        {
+            "id": "78931842-dc88-45d7-a6ee-d79fb9f615bd",
+            "name": "e6b5c9bd-b726-4be2-93ab-52e7125e3db1:indexpattern-datasource-layer-615410f0-96f3-43e9-9315-2a53fcaa5fdf",
+            "type": "index-pattern"
+        },
+        {
+            "id": "78931842-dc88-45d7-a6ee-d79fb9f615bd",
+            "name": "e6b5c9bd-b726-4be2-93ab-52e7125e3db1:28b051dd-fb8d-449a-b21a-2d70308979bb",
+            "type": "index-pattern"
+        },
+        {
+            "id": "78931842-dc88-45d7-a6ee-d79fb9f615bd",
+            "name": "5dc1ffd0-8ed6-4d64-975b-7522c194ea8c:indexpattern-datasource-layer-325646e5-58ab-4512-851c-5171a5822fa8",
+            "type": "index-pattern"
+        },
+        {
+            "id": "78931842-dc88-45d7-a6ee-d79fb9f615bd",
+            "name": "c83f05f4-47e2-4b2d-a359-c8ab8ac09e88:indexpattern-datasource-layer-1c5f04fa-1f1e-4252-908b-77a5c75bc993",
+            "type": "index-pattern"
+        },
+        {
+            "id": "78931842-dc88-45d7-a6ee-d79fb9f615bd",
+            "name": "ab52ed71-894c-466e-b53f-7f0dec7852be:indexpattern-datasource-layer-1c5f04fa-1f1e-4252-908b-77a5c75bc993",
+            "type": "index-pattern"
+        },
+        {
+            "id": "78931842-dc88-45d7-a6ee-d79fb9f615bd",
+            "name": "35429b34-65a5-4af0-99b6-b9980cdc13ba:indexpattern-datasource-layer-1c5f04fa-1f1e-4252-908b-77a5c75bc993",
+            "type": "index-pattern"
+        },
+        {
+            "id": "78931842-dc88-45d7-a6ee-d79fb9f615bd",
+            "name": "ec9edb3d-0069-489a-94a7-c7ee626b9f76:indexpattern-datasource-layer-1c5f04fa-1f1e-4252-908b-77a5c75bc993",
+            "type": "index-pattern"
+        },
+        {
+            "id": "78931842-dc88-45d7-a6ee-d79fb9f615bd",
+            "name": "f4148e30-8031-419e-aafc-375334eb93bb:indexpattern-datasource-layer-f2abbf0c-776c-41e1-a7ab-cd8c207389ed",
+            "type": "index-pattern"
+        },
+        {
+            "id": "df491fbb-3f09-4ab0-995a-c2c549a9bc21",
+            "name": "fa0504a4-ba9e-4429-b706-e429d42828a4:indexpattern-datasource-layer-d9b506eb-03f8-4dd4-a72a-3cf98e84ada5",
+            "type": "index-pattern"
+        },
+        {
+            "id": "df491fbb-3f09-4ab0-995a-c2c549a9bc21",
+            "name": "7a66b950-c869-4bdd-afb7-794cfcc5225b:indexpattern-datasource-layer-6597e88e-74e8-47dd-a41e-b0856b99a416",
+            "type": "index-pattern"
+        },
+        {
+            "id": "78931842-dc88-45d7-a6ee-d79fb9f615bd",
+            "name": "26748b80-0759-4316-b554-d2309ea63ce6:indexpattern-datasource-layer-68551b69-50f5-4d7e-a51b-98dead9be7c2",
+            "type": "index-pattern"
+        },
+        {
+            "id": "78931842-dc88-45d7-a6ee-d79fb9f615bd",
+            "name": "controlGroup_a8ba17fc-ba2f-4329-95f5-e4d645c5ae59:optionsListDataView",
+            "type": "index-pattern"
+        },
+        {
+            "id": "78931842-dc88-45d7-a6ee-d79fb9f615bd",
+            "name": "controlGroup_1b36863c-a2c8-4696-b534-12cebeca49d1:optionsListDataView",
+            "type": "index-pattern"
+        },
+        {
+            "id": "78931842-dc88-45d7-a6ee-d79fb9f615bd",
+            "name": "controlGroup_67760ce6-5bda-4c39-8960-45439ff4d45b:optionsListDataView",
+            "type": "index-pattern"
+        },
+        {
+            "id": "78931842-dc88-45d7-a6ee-d79fb9f615bd",
+            "name": "controlGroup_9c746f36-33ae-4b53-bb32-7153abb17ba4:optionsListDataView",
+            "type": "index-pattern"
+        },
+        {
+            "id": "78931842-dc88-45d7-a6ee-d79fb9f615bd",
+            "name": "controlGroup_db910041-b09f-4b02-b3fe-70c3db05ff62:optionsListDataView",
+            "type": "index-pattern"
+        },
+        {
+            "id": "10af3800-10f3-11ee-af86-538da1394f27",
+            "name": "tag-ref-10af3800-10f3-11ee-af86-538da1394f27",
+            "type": "tag"
+        },
+        {
+            "id": "9c222660-1100-11ee-af86-538da1394f27",
+            "name": "tag-ref-9c222660-1100-11ee-af86-538da1394f27",
+            "type": "tag"
+        },
+        {
+            "id": "39b55820-10f2-11ee-af86-538da1394f27",
+            "name": "tag-ref-39b55820-10f2-11ee-af86-538da1394f27",
+            "type": "tag"
+        }
+    ],
+    "type": "dashboard",
+    "updated_at": "2023-06-22T15:20:14.754Z",
+    "version": "WzI4MTg4NiwxM10="
+}
\ No newline at end of file
diff --git a/packages/tychon/kibana/dashboard/tychon-e3cbb1a0-112a-11ee-af86-538da1394f27-log.json b/packages/tychon/kibana/dashboard/tychon-e3cbb1a0-112a-11ee-af86-538da1394f27-log.json
new file mode 100644
index 00000000000..18112bc2184
--- /dev/null
+++ b/packages/tychon/kibana/dashboard/tychon-e3cbb1a0-112a-11ee-af86-538da1394f27-log.json
@@ -0,0 +1,85 @@
+{
+    "attributes": {
+        "description": "Track TYCHON Agentless Event runs, ensure there are no errors and find hosts that are not sending report data.",
+        "kibanaSavedObjectMeta": {
+            "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"meta\":{\"alias\":null,\"negate\":false,\"disabled\":false,\"type\":\"phrase\",\"key\":\"event.provider\",\"params\":{\"query\":\"TYCHON\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match_phrase\":{\"event.provider\":\"TYCHON\"}},\"$state\":{\"store\":\"appState\"}}]}"
+        },
+        "optionsJSON": "{\"useMargins\":true,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}",
+        "panelsJSON": "[{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":0,\"w\":48,\"h\":9,\"i\":\"0d3c8367-8409-4931-accd-0b1dddd5895c\"},\"panelIndex\":\"0d3c8367-8409-4931-accd-0b1dddd5895c\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"df491fbb-3f09-4ab0-995a-c2c549a9bc21\",\"name\":\"indexpattern-datasource-layer-e7402bc7-e904-495e-9339-368e8238ddde\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"preferredSeriesType\":\"area_stacked\",\"layers\":[{\"layerId\":\"e7402bc7-e904-495e-9339-368e8238ddde\",\"accessors\":[\"16655ccf-fa72-4b4a-820a-1abc0f970605\"],\"position\":\"top\",\"seriesType\":\"area_stacked\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"56d44da7-b14d-4203-923a-ed4054adb0cf\",\"splitAccessor\":\"a4e593d8-b5ac-4ede-8a44-50d0d0a64af0\"}]},\"query\":{\"query\":\"event.provider : \\\"TYCHON\\\" \",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"e7402bc7-e904-495e-9339-368e8238ddde\":{\"columns\":{\"56d44da7-b14d-4203-923a-ed4054adb0cf\":{\"label\":\"@timestamp\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"@timestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\",\"includeEmptyRows\":true,\"dropPartials\":false}},\"16655ccf-fa72-4b4a-820a-1abc0f970605\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true}},\"a4e593d8-b5ac-4ede-8a44-50d0d0a64af0\":{\"label\":\"Event Codes\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"event.code\",\"isBucketed\":true,\"params\":{\"size\":10,\"orderBy\":{\"type\":\"column\",\"columnId\":\"16655ccf-fa72-4b4a-820a-1abc0f970605\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true}},\"columnOrder\":[\"a4e593d8-b5ac-4ede-8a44-50d0d0a64af0\",\"56d44da7-b14d-4203-923a-ed4054adb0cf\",\"16655ccf-fa72-4b4a-820a-1abc0f970605\"],\"sampling\":1,\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"TYCHON Events\"},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":9,\"w\":8,\"h\":29,\"i\":\"003ea62c-e6c6-4352-bbf3-56de3c4b27d5\"},\"panelIndex\":\"003ea62c-e6c6-4352-bbf3-56de3c4b27d5\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"df491fbb-3f09-4ab0-995a-c2c549a9bc21\",\"name\":\"indexpattern-datasource-layer-6c37a2a4-f317-4829-ae4c-ac399bb98cf8\"}],\"state\":{\"visualization\":{\"layerId\":\"6c37a2a4-f317-4829-ae4c-ac399bb98cf8\",\"layerType\":\"data\",\"columns\":[{\"columnId\":\"d0467eec-3e15-4567-8bec-0d645aa43766\",\"oneClickFilter\":true},{\"columnId\":\"68c6974a-897b-4580-9260-649e2e8097d0\",\"alignment\":\"center\"}],\"rowHeight\":\"single\",\"rowHeightLines\":1,\"headerRowHeight\":\"single\",\"headerRowHeightLines\":1,\"paging\":{\"size\":10,\"enabled\":false}},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"6c37a2a4-f317-4829-ae4c-ac399bb98cf8\":{\"columns\":{\"d0467eec-3e15-4567-8bec-0d645aa43766\":{\"label\":\"Hostname\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.hostname\",\"isBucketed\":true,\"params\":{\"size\":200,\"orderBy\":{\"type\":\"column\",\"columnId\":\"68c6974a-897b-4580-9260-649e2e8097d0\"},\"orderDirection\":\"asc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"68c6974a-897b-4580-9260-649e2e8097d0\":{\"label\":\"Last Event Received\",\"dataType\":\"date\",\"operationType\":\"last_value\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"event.ingested\",\"filter\":{\"query\":\"event.ingested: *\",\"language\":\"kuery\"},\"params\":{\"sortField\":\"event.ingested\"},\"customLabel\":true}},\"columnOrder\":[\"d0467eec-3e15-4567-8bec-0d645aa43766\",\"68c6974a-897b-4580-9260-649e2e8097d0\"],\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Top 200 Hosts Reporting Times\"},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":8,\"y\":9,\"w\":8,\"h\":29,\"i\":\"08c2bd9a-4e44-47e7-80b2-12ee8f6c848a\"},\"panelIndex\":\"08c2bd9a-4e44-47e7-80b2-12ee8f6c848a\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"df491fbb-3f09-4ab0-995a-c2c549a9bc21\",\"name\":\"indexpattern-datasource-layer-6c37a2a4-f317-4829-ae4c-ac399bb98cf8\"}],\"state\":{\"visualization\":{\"layerId\":\"6c37a2a4-f317-4829-ae4c-ac399bb98cf8\",\"layerType\":\"data\",\"columns\":[{\"columnId\":\"d0467eec-3e15-4567-8bec-0d645aa43766\",\"oneClickFilter\":true},{\"columnId\":\"68c6974a-897b-4580-9260-649e2e8097d0\",\"alignment\":\"center\"}],\"rowHeight\":\"single\",\"rowHeightLines\":1,\"headerRowHeight\":\"single\",\"headerRowHeightLines\":1,\"paging\":{\"size\":10,\"enabled\":false}},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"6c37a2a4-f317-4829-ae4c-ac399bb98cf8\":{\"columns\":{\"d0467eec-3e15-4567-8bec-0d645aa43766\":{\"label\":\"Hostname\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.hostname\",\"isBucketed\":true,\"params\":{\"size\":200,\"orderBy\":{\"type\":\"column\",\"columnId\":\"68c6974a-897b-4580-9260-649e2e8097d0\"},\"orderDirection\":\"asc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"68c6974a-897b-4580-9260-649e2e8097d0\":{\"label\":\"Last Vulnerability Scan \",\"dataType\":\"date\",\"operationType\":\"last_value\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"event.ingested\",\"filter\":{\"query\":\"event.code: 8000\",\"language\":\"kuery\"},\"params\":{\"sortField\":\"event.ingested\"},\"customLabel\":true}},\"columnOrder\":[\"d0467eec-3e15-4567-8bec-0d645aa43766\",\"68c6974a-897b-4580-9260-649e2e8097d0\"],\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Top 200 Hosts Vulnerability Scan\"},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":16,\"y\":9,\"w\":8,\"h\":29,\"i\":\"d06340ad-f85b-41d2-b355-a63935813f2a\"},\"panelIndex\":\"d06340ad-f85b-41d2-b355-a63935813f2a\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"df491fbb-3f09-4ab0-995a-c2c549a9bc21\",\"name\":\"indexpattern-datasource-layer-6c37a2a4-f317-4829-ae4c-ac399bb98cf8\"}],\"state\":{\"visualization\":{\"layerId\":\"6c37a2a4-f317-4829-ae4c-ac399bb98cf8\",\"layerType\":\"data\",\"columns\":[{\"columnId\":\"d0467eec-3e15-4567-8bec-0d645aa43766\",\"oneClickFilter\":true},{\"columnId\":\"68c6974a-897b-4580-9260-649e2e8097d0\",\"alignment\":\"center\"}],\"rowHeight\":\"single\",\"rowHeightLines\":1,\"headerRowHeight\":\"single\",\"headerRowHeightLines\":1,\"paging\":{\"size\":10,\"enabled\":false}},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"6c37a2a4-f317-4829-ae4c-ac399bb98cf8\":{\"columns\":{\"d0467eec-3e15-4567-8bec-0d645aa43766\":{\"label\":\"Hostname\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.hostname\",\"isBucketed\":true,\"params\":{\"size\":200,\"orderBy\":{\"type\":\"column\",\"columnId\":\"68c6974a-897b-4580-9260-649e2e8097d0\"},\"orderDirection\":\"asc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"68c6974a-897b-4580-9260-649e2e8097d0\":{\"label\":\"Last Vulnerability Scan \",\"dataType\":\"date\",\"operationType\":\"last_value\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"event.ingested\",\"filter\":{\"query\":\"event.code: \\\"8100\\\" \",\"language\":\"kuery\"},\"params\":{\"sortField\":\"event.ingested\"},\"customLabel\":true}},\"columnOrder\":[\"d0467eec-3e15-4567-8bec-0d645aa43766\",\"68c6974a-897b-4580-9260-649e2e8097d0\"],\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Top 200 Hosts STIG/SCAP Scan\"},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":9,\"w\":9,\"h\":10,\"i\":\"375c0c11-1577-4003-80f7-49eb9bc59ed6\"},\"panelIndex\":\"375c0c11-1577-4003-80f7-49eb9bc59ed6\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"df491fbb-3f09-4ab0-995a-c2c549a9bc21\",\"name\":\"indexpattern-datasource-layer-9718473a-bff7-48ea-86aa-04ffed5eed06\"}],\"state\":{\"visualization\":{\"layerId\":\"9718473a-bff7-48ea-86aa-04ffed5eed06\",\"layerType\":\"data\",\"columns\":[{\"columnId\":\"ee089046-8dd0-47f9-b094-31dc5a43d8ad\"},{\"columnId\":\"1690c6b9-3994-45fe-b5df-f969d2db8685\",\"alignment\":\"center\",\"summaryRow\":\"sum\",\"summaryLabel\":\"Total\"}],\"sorting\":{\"columnId\":\"1690c6b9-3994-45fe-b5df-f969d2db8685\",\"direction\":\"desc\"}},\"query\":{\"query\":\"event.provider : \\\"TYCHON\\\" \",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"9718473a-bff7-48ea-86aa-04ffed5eed06\":{\"columns\":{\"ee089046-8dd0-47f9-b094-31dc5a43d8ad\":{\"label\":\"Event Category\",\"dataType\":\"string\",\"operationType\":\"filters\",\"scale\":\"ordinal\",\"isBucketed\":true,\"params\":{\"filters\":[{\"label\":\"CVE Events\",\"input\":{\"query\":\"event.code \u003e= 8000 and event.code \u003c 8007\",\"language\":\"kuery\"}},{\"input\":{\"query\":\"event.code \u003e= 8100 and event.code \u003c=8108\",\"language\":\"kuery\"},\"label\":\"SCAP/STIG Events\"},{\"input\":{\"query\":\"event.code \u003e= 8200 and event.code \u003c= 8203\",\"language\":\"kuery\"},\"label\":\"EPP Events\"},{\"input\":{\"query\":\"event.code \u003e= 8900 and event.code \u003c= 8968\",\"language\":\"kuery\"},\"label\":\"TYCHON General Events\"}]},\"customLabel\":true},\"1690c6b9-3994-45fe-b5df-f969d2db8685\":{\"label\":\"Total Records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true},\"customLabel\":true}},\"columnOrder\":[\"ee089046-8dd0-47f9-b094-31dc5a43d8ad\",\"1690c6b9-3994-45fe-b5df-f969d2db8685\"],\"sampling\":1,\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Event Counts By Category\"},{\"version\":\"8.6.2\",\"type\":\"LOG_STREAM_EMBEDDABLE\",\"gridData\":{\"x\":33,\"y\":9,\"w\":15,\"h\":29,\"i\":\"bfd61155-5434-4118-9ab8-d9c7622aa296\"},\"panelIndex\":\"bfd61155-5434-4118-9ab8-d9c7622aa296\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Log stream\"},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":19,\"w\":9,\"h\":8,\"i\":\"51fd833e-0ffd-488e-9e08-d9342ccd6884\"},\"panelIndex\":\"51fd833e-0ffd-488e-9e08-d9342ccd6884\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"df491fbb-3f09-4ab0-995a-c2c549a9bc21\",\"name\":\"indexpattern-datasource-layer-9718473a-bff7-48ea-86aa-04ffed5eed06\"}],\"state\":{\"visualization\":{\"layerId\":\"9718473a-bff7-48ea-86aa-04ffed5eed06\",\"layerType\":\"data\",\"columns\":[{\"columnId\":\"ee089046-8dd0-47f9-b094-31dc5a43d8ad\"},{\"columnId\":\"1690c6b9-3994-45fe-b5df-f969d2db8685\",\"alignment\":\"center\",\"summaryRow\":\"sum\",\"summaryLabel\":\"Total\"}],\"sorting\":{\"columnId\":\"1690c6b9-3994-45fe-b5df-f969d2db8685\",\"direction\":\"desc\"}},\"query\":{\"query\":\"event.provider : \\\"TYCHON\\\" \",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"9718473a-bff7-48ea-86aa-04ffed5eed06\":{\"columns\":{\"ee089046-8dd0-47f9-b094-31dc5a43d8ad\":{\"label\":\"Event Category\",\"dataType\":\"string\",\"operationType\":\"filters\",\"scale\":\"ordinal\",\"isBucketed\":true,\"params\":{\"filters\":[{\"label\":\"Error Events\",\"input\":{\"query\":\"log.level : \\\"error\\\" \",\"language\":\"kuery\"}},{\"input\":{\"query\":\"log.level : \\\"warning\\\" \",\"language\":\"kuery\"},\"label\":\"Warning Events\"},{\"input\":{\"query\":\"log.level : \\\"information\\\" \",\"language\":\"kuery\"},\"label\":\"Information Events\"}]},\"customLabel\":true},\"1690c6b9-3994-45fe-b5df-f969d2db8685\":{\"label\":\"Total Records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":false},\"customLabel\":true}},\"columnOrder\":[\"ee089046-8dd0-47f9-b094-31dc5a43d8ad\",\"1690c6b9-3994-45fe-b5df-f969d2db8685\"],\"sampling\":1,\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Event Counts By Severity\"},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":27,\"w\":9,\"h\":11,\"i\":\"f560734b-0618-40e0-828a-a6e141cf62a2\"},\"panelIndex\":\"f560734b-0618-40e0-828a-a6e141cf62a2\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"df491fbb-3f09-4ab0-995a-c2c549a9bc21\",\"name\":\"indexpattern-datasource-layer-51fcf8c0-74c4-469b-a2c3-5581b411a908\"}],\"state\":{\"visualization\":{\"layerId\":\"51fcf8c0-74c4-469b-a2c3-5581b411a908\",\"layerType\":\"data\",\"columns\":[{\"columnId\":\"d8139485-6b46-45aa-8376-c2b28f89e022\"},{\"columnId\":\"568e03d3-c0c2-42db-8c81-e4cac6e39fa5\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"51fcf8c0-74c4-469b-a2c3-5581b411a908\":{\"columns\":{\"d8139485-6b46-45aa-8376-c2b28f89e022\":{\"label\":\"Errors:\",\"dataType\":\"string\",\"operationType\":\"filters\",\"scale\":\"ordinal\",\"isBucketed\":true,\"params\":{\"filters\":[{\"label\":\"Module Not Supported Error\",\"input\":{\"query\":\"event.provider:\\\"TYCHON\\\" and message:\\\"*is not supported\\\"\",\"language\":\"kuery\"}},{\"input\":{\"query\":\"event.provider : \\\"TYCHON\\\" and message:\\\"*not found in item*\\\"\",\"language\":\"kuery\"},\"label\":\"Item Not Found\"}]},\"customLabel\":true},\"568e03d3-c0c2-42db-8c81-e4cac6e39fa5\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true}}},\"columnOrder\":[\"d8139485-6b46-45aa-8376-c2b28f89e022\",\"568e03d3-c0c2-42db-8c81-e4cac6e39fa5\"],\"sampling\":1,\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{},\"hidePanelTitles\":false},\"title\":\"TYCHON Errors\"},{\"version\":\"8.6.2\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":38,\"w\":27,\"h\":38,\"i\":\"2a8fb3f0-8a3a-4f26-94d6-ef0454458190\"},\"panelIndex\":\"2a8fb3f0-8a3a-4f26-94d6-ef0454458190\",\"embeddableConfig\":{\"savedVis\":{\"id\":\"\",\"title\":\"\",\"description\":\"\",\"type\":\"markdown\",\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"### TYCHON Event ID  Mapping:\\n\\n|Category|Event ID|Event Type|Message Format|Source|Level|\\n| --- | --- | --- | --- | --- | --- |\\n|CVE| 8000\\t| TYCHON Vulnerability Check Started | Vulnerability Check Started\\t| TYCHON\\t|INFO |\\n|CVE| 8001\\t| TYCHON Vulnerability Check Failed\\t| Vulnerability Check Failed\\t| TYCHON\\t| ERROR\\n|CVE| 8002\\t| TYCHON Vulnerability Check Complete\\t| Vulnerability Check Complete\\t| TYCHON\\t| INFO\\n|CVE| 8003\\t| TYCHON CVE Check Passed\\t| Formatted scan output for passing test.\\t| TYCHON\\t| INFO\\n|CVE| 8004\\t| TYCHON CVE Check Failed\\t| Formatted scan output for failed test.\\t| TYCHON\\t| ERROR\\n|CVE| 8005\\t| TYCHON CVE Check Error\\t| Formatted scan output for test that reports an error.\\t| TYCHON\\t| WARN\\n|CVE|8006\\t| TYCHON CVE Delta Check Passed\\t| Formatted module output.\\t| TYCHON\\t| WARN\\n|STIG |8100 |TYCHON STIG Check Started\\t|TYCHON STIG Check Started\\t|TYCHON\\t|INFO\\n|STIG | 8101\\t|TYCHON STIG Check Failed\\t|TYCHON STIG Check Failed\\t|TYCHON\\t|ERROR\\n|STIG | 8102\\t|TYCHON STIG Check Complete\\t|TYCHON STIG Check Complete\\t|TYCHON\\t|INFO\\n|STIG | 8103\\t|TYCHON Benchmark Check Failed\\t|Formatted benchmark output\\t|TYCHON\\t|ERROR\\n|STIG | 8304\\t|TYCHON Benchmark Check Passed\\t|Formatted benchmark output\\t|TYCHON\\t|INFO\\n|STIG | 8105\\t|TYCHON Benchmark Check Error\\t|Formatted benchmark output\\t|TYCHON\\t|WARN\\n|STIG | 8106\\t|TYCHON Benchmark Delta Check Passed\\t|Formatted module output\\t|TYCHON\\t|WARN\\n|STIG | 8107\\t|TYCHON Benchmark Scan Start\\t|TYCHON Benchmark \u003cBENCHMARK NAME\u003e \u003cBENCHMARK ID\u003e\u003cPROFILE ID\u003e Scan Start\\t|TYCHON\\t|INFO\\n|STIG | 8108|TYCHON Benchmark Scan Complete\\t|TYCHON Benchmark \u003cBENCHMARK NAME\u003e \u003cBENCHMARK ID\u003e\u003cPROFILE ID\u003e Scan Complete.\\t|TYCHON\\t|INFO\\n|EPP|8200|TYCHON EPP Check Started\\t|TYCHON EPP Check Started\\t|TYCHON\\t|INFO\\n|EPP|8201|TYCHON EPP Check Completed\\t|TYCHON EPP Check Complete\\t|TYCHON\\t|ERROR\\n|EPP|8202|TYCHON EPP Setting Check Passed\\t|Formatted module output\\t|TYCHON\\t|INFO\\n|EPP|8203|TYCHON EPP Setting Check Failed\\t|Formatted module output\\t|TYCHON\\t|ERROR\\n|General|8900|TYCHON General Issue\\t|Free form\\t|TYCHON\\t|ERROR\\n|General|8901|TYCHON General Issue\\t|Free form\\t|TYCHON\\t|WARN\\n|General|8902|TYCHON General Issue\\t|Free form\\t|TYCHON\\t|INFO\\n|General|8968|TYCHON Script Start\\t|TYCHON Script Start \u003cScript Name\u003e, \u003cStart Time\u003e Expectation to include the start time as a field.\\t|TYCHON\\t|INFO\\n|General|8968|TYCHON Script Complete\\t|TYCHON Script Complete \u003cScript Name\u003e, \u003cCompletion Time\u003e Expectation to include the completion time as a field.\\t|TYCHON\\t|INFO\"},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"hidePanelTitles\":true,\"enhancements\":{}}},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":27,\"y\":38,\"w\":12,\"h\":19,\"i\":\"ffd3a473-3cb4-4ef1-95a2-19899211b020\"},\"panelIndex\":\"ffd3a473-3cb4-4ef1-95a2-19899211b020\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"df491fbb-3f09-4ab0-995a-c2c549a9bc21\",\"name\":\"indexpattern-datasource-layer-7291df4e-9082-4935-8fed-0f3d42910589\"}],\"state\":{\"visualization\":{\"layerId\":\"7291df4e-9082-4935-8fed-0f3d42910589\",\"layerType\":\"data\",\"columns\":[{\"columnId\":\"e4855ab7-72e1-4b6a-a668-c8a39ab3dba2\",\"alignment\":\"left\",\"oneClickFilter\":true},{\"columnId\":\"59d9fc9f-a21c-4b5b-a87b-b66b016505fa\",\"alignment\":\"center\"},{\"columnId\":\"56e6a432-6881-4338-b91c-a907653fbd8c\",\"isTransposed\":false,\"alignment\":\"center\"},{\"columnId\":\"1503adce-02f2-4ee6-a15d-9b76b98c40d8\",\"isTransposed\":false,\"alignment\":\"center\"},{\"columnId\":\"ca252885-1816-4144-a8b4-444d3e186b20\",\"isTransposed\":false,\"alignment\":\"center\"}],\"sorting\":{\"columnId\":\"e4855ab7-72e1-4b6a-a668-c8a39ab3dba2\",\"direction\":\"desc\"}},\"query\":{\"query\":\"event.code: 8101 or event.code: 8001 or event.code:8203\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"7291df4e-9082-4935-8fed-0f3d42910589\":{\"columns\":{\"e4855ab7-72e1-4b6a-a668-c8a39ab3dba2\":{\"label\":\"Date\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"event.ingested\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"d\",\"includeEmptyRows\":true,\"dropPartials\":false},\"customLabel\":true},\"59d9fc9f-a21c-4b5b-a87b-b66b016505fa\":{\"label\":\"Total Failures\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true},\"customLabel\":true},\"56e6a432-6881-4338-b91c-a907653fbd8c\":{\"label\":\"STIG Failures\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"filter\":{\"query\":\"event.code: 8101\",\"language\":\"kuery\"},\"params\":{\"emptyAsNull\":true},\"customLabel\":true},\"1503adce-02f2-4ee6-a15d-9b76b98c40d8\":{\"label\":\"Vulnerability Failures\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"filter\":{\"query\":\"event.code: 8001\",\"language\":\"kuery\"},\"params\":{\"emptyAsNull\":true},\"customLabel\":true},\"ca252885-1816-4144-a8b4-444d3e186b20\":{\"label\":\"EPP Failures\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"filter\":{\"query\":\"event.code: \\\"8203\\\" \",\"language\":\"kuery\"},\"params\":{\"emptyAsNull\":true},\"customLabel\":true}},\"columnOrder\":[\"e4855ab7-72e1-4b6a-a668-c8a39ab3dba2\",\"59d9fc9f-a21c-4b5b-a87b-b66b016505fa\",\"56e6a432-6881-4338-b91c-a907653fbd8c\",\"1503adce-02f2-4ee6-a15d-9b76b98c40d8\",\"ca252885-1816-4144-a8b4-444d3e186b20\"],\"sampling\":1,\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Scan Failures Per Day\"},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":39,\"y\":38,\"w\":9,\"h\":19,\"i\":\"6a813b1d-6a0b-414a-88e0-0c25bd7a5a2d\"},\"panelIndex\":\"6a813b1d-6a0b-414a-88e0-0c25bd7a5a2d\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsPie\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"df491fbb-3f09-4ab0-995a-c2c549a9bc21\",\"name\":\"indexpattern-datasource-layer-7c6422f1-c23f-49b2-8736-1971f6116592\"}],\"state\":{\"visualization\":{\"shape\":\"pie\",\"layers\":[{\"layerId\":\"7c6422f1-c23f-49b2-8736-1971f6116592\",\"primaryGroups\":[\"2416f259-6b27-465e-91da-4adafc040ead\"],\"metrics\":[\"387b0e2c-27c5-46f6-89da-8e2b10dc46c7\"],\"numberDisplay\":\"percent\",\"categoryDisplay\":\"default\",\"legendDisplay\":\"default\",\"nestedLegend\":false,\"layerType\":\"data\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"7c6422f1-c23f-49b2-8736-1971f6116592\":{\"columns\":{\"2416f259-6b27-465e-91da-4adafc040ead\":{\"label\":\"Top 5 values of host.os.name\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.os.name\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"387b0e2c-27c5-46f6-89da-8e2b10dc46c7\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false}},\"387b0e2c-27c5-46f6-89da-8e2b10dc46c7\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true}}},\"columnOrder\":[\"2416f259-6b27-465e-91da-4adafc040ead\",\"387b0e2c-27c5-46f6-89da-8e2b10dc46c7\"],\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Operating System Breakdown\"}]",
+        "refreshInterval": {
+            "pause": true,
+            "value": 0
+        },
+        "timeFrom": "now-7d/d",
+        "timeRestore": true,
+        "timeTo": "now",
+        "title": "[TYCHON] - Agentless Event Logs",
+        "version": 1
+    },
+    "coreMigrationVersion": "8.6.2",
+    "created_at": "2023-06-22T19:24:40.643Z",
+    "id": "tychon-e3cbb1a0-112a-11ee-af86-538da1394f27-log",
+    "migrationVersion": {
+        "dashboard": "8.6.0"
+    },
+    "references": [
+        {
+            "id": "df491fbb-3f09-4ab0-995a-c2c549a9bc21",
+            "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index",
+            "type": "index-pattern"
+        },
+        {
+            "id": "df491fbb-3f09-4ab0-995a-c2c549a9bc21",
+            "name": "0d3c8367-8409-4931-accd-0b1dddd5895c:indexpattern-datasource-layer-e7402bc7-e904-495e-9339-368e8238ddde",
+            "type": "index-pattern"
+        },
+        {
+            "id": "df491fbb-3f09-4ab0-995a-c2c549a9bc21",
+            "name": "003ea62c-e6c6-4352-bbf3-56de3c4b27d5:indexpattern-datasource-layer-6c37a2a4-f317-4829-ae4c-ac399bb98cf8",
+            "type": "index-pattern"
+        },
+        {
+            "id": "df491fbb-3f09-4ab0-995a-c2c549a9bc21",
+            "name": "08c2bd9a-4e44-47e7-80b2-12ee8f6c848a:indexpattern-datasource-layer-6c37a2a4-f317-4829-ae4c-ac399bb98cf8",
+            "type": "index-pattern"
+        },
+        {
+            "id": "df491fbb-3f09-4ab0-995a-c2c549a9bc21",
+            "name": "d06340ad-f85b-41d2-b355-a63935813f2a:indexpattern-datasource-layer-6c37a2a4-f317-4829-ae4c-ac399bb98cf8",
+            "type": "index-pattern"
+        },
+        {
+            "id": "df491fbb-3f09-4ab0-995a-c2c549a9bc21",
+            "name": "375c0c11-1577-4003-80f7-49eb9bc59ed6:indexpattern-datasource-layer-9718473a-bff7-48ea-86aa-04ffed5eed06",
+            "type": "index-pattern"
+        },
+        {
+            "id": "df491fbb-3f09-4ab0-995a-c2c549a9bc21",
+            "name": "51fd833e-0ffd-488e-9e08-d9342ccd6884:indexpattern-datasource-layer-9718473a-bff7-48ea-86aa-04ffed5eed06",
+            "type": "index-pattern"
+        },
+        {
+            "id": "df491fbb-3f09-4ab0-995a-c2c549a9bc21",
+            "name": "f560734b-0618-40e0-828a-a6e141cf62a2:indexpattern-datasource-layer-51fcf8c0-74c4-469b-a2c3-5581b411a908",
+            "type": "index-pattern"
+        },
+        {
+            "id": "df491fbb-3f09-4ab0-995a-c2c549a9bc21",
+            "name": "ffd3a473-3cb4-4ef1-95a2-19899211b020:indexpattern-datasource-layer-7291df4e-9082-4935-8fed-0f3d42910589",
+            "type": "index-pattern"
+        },
+        {
+            "id": "df491fbb-3f09-4ab0-995a-c2c549a9bc21",
+            "name": "6a813b1d-6a0b-414a-88e0-0c25bd7a5a2d:indexpattern-datasource-layer-7c6422f1-c23f-49b2-8736-1971f6116592",
+            "type": "index-pattern"
+        },
+        {
+            "id": "10af3800-10f3-11ee-af86-538da1394f27",
+            "name": "tag-ref-10af3800-10f3-11ee-af86-538da1394f27",
+            "type": "tag"
+        }
+    ],
+    "type": "dashboard",
+    "updated_at": "2023-06-22T19:24:40.643Z",
+    "version": "WzI4NDUzNSwxM10="
+}
\ No newline at end of file
diff --git a/packages/tychon/kibana/index_pattern/6c3bf5e0-0feb-4113-a417-ac5e69cd6e00.json b/packages/tychon/kibana/index_pattern/6c3bf5e0-0feb-4113-a417-ac5e69cd6e00.json
new file mode 100644
index 00000000000..4c752563bec
--- /dev/null
+++ b/packages/tychon/kibana/index_pattern/6c3bf5e0-0feb-4113-a417-ac5e69cd6e00.json
@@ -0,0 +1,23 @@
+{
+    "attributes": {
+        "fieldAttrs": "{}",
+        "fieldFormatMap": "{}",
+        "fields": "[]",
+        "name": "Windows Defender Status (TYCHON)",
+        "runtimeFieldMap": "{}",
+        "sourceFilters": "[]",
+        "timeFieldName": "event.ingested",
+        "title": "logs-tychon.tychon_epp*",
+        "typeMeta": "{}"
+    },
+    "coreMigrationVersion": "8.6.2",
+    "created_at": "2023-06-22T19:32:15.953Z",
+    "id": "6c3bf5e0-0feb-4113-a417-ac5e69cd6e00",
+    "migrationVersion": {
+        "index-pattern": "8.0.0"
+    },
+    "references": [],
+    "type": "index-pattern",
+    "updated_at": "2023-06-22T19:32:45.709Z",
+    "version": "WzI4NTA1MSwxM10="
+}
\ No newline at end of file
diff --git a/packages/tychon/kibana/index_pattern/78931842-dc88-45d7-a6ee-d79fb9f615bd.json b/packages/tychon/kibana/index_pattern/78931842-dc88-45d7-a6ee-d79fb9f615bd.json
new file mode 100644
index 00000000000..90a878e9fde
--- /dev/null
+++ b/packages/tychon/kibana/index_pattern/78931842-dc88-45d7-a6ee-d79fb9f615bd.json
@@ -0,0 +1,23 @@
+{
+    "attributes": {
+        "fieldAttrs": "{\"host.hostname\":{\"count\":2},\"vulnerability.iava\":{\"count\":1},\"vulnerability.id\":{\"count\":2},\"vulnerability.result\":{\"count\":2}}",
+        "fieldFormatMap": "{\"vulnerability.reference\":{\"id\":\"url\",\"params\":{}}}",
+        "fields": "[]",
+        "name": "Vulnerability Data (TYCHON)",
+        "runtimeFieldMap": "{}",
+        "sourceFilters": "[]",
+        "timeFieldName": "@timestamp",
+        "title": "logs-tychon.tychon_cve*",
+        "typeMeta": "{}"
+    },
+    "coreMigrationVersion": "8.6.2",
+    "created_at": "2023-06-20T13:44:21.061Z",
+    "id": "78931842-dc88-45d7-a6ee-d79fb9f615bd",
+    "migrationVersion": {
+        "index-pattern": "8.0.0"
+    },
+    "references": [],
+    "type": "index-pattern",
+    "updated_at": "2023-06-22T13:18:00.210Z",
+    "version": "WzI4MDk5OSwxM10="
+}
\ No newline at end of file
diff --git a/packages/tychon/kibana/index_pattern/df491fbb-3f09-4ab0-995a-c2c549a9bc21.json b/packages/tychon/kibana/index_pattern/df491fbb-3f09-4ab0-995a-c2c549a9bc21.json
new file mode 100644
index 00000000000..e13b9b39cd5
--- /dev/null
+++ b/packages/tychon/kibana/index_pattern/df491fbb-3f09-4ab0-995a-c2c549a9bc21.json
@@ -0,0 +1,23 @@
+{
+    "attributes": {
+        "fieldAttrs": "{\"event.provider\":{\"count\":1}}",
+        "fieldFormatMap": "{}",
+        "fields": "[]",
+        "name": "Windows Application Logs",
+        "runtimeFieldMap": "{}",
+        "sourceFilters": "[]",
+        "timeFieldName": "@timestamp",
+        "title": "logs-system.application*",
+        "typeMeta": "{}"
+    },
+    "coreMigrationVersion": "8.6.2",
+    "created_at": "2023-06-21T13:44:35.159Z",
+    "id": "df491fbb-3f09-4ab0-995a-c2c549a9bc21",
+    "migrationVersion": {
+        "index-pattern": "8.0.0"
+    },
+    "references": [],
+    "type": "index-pattern",
+    "updated_at": "2023-06-21T13:45:32.456Z",
+    "version": "WzI2NzU5NSwxM10="
+}
\ No newline at end of file
diff --git a/packages/tychon/kibana/index_pattern/ed7c1bb4-5aac-45d4-9aff-06f4d4ad4a9a.json b/packages/tychon/kibana/index_pattern/ed7c1bb4-5aac-45d4-9aff-06f4d4ad4a9a.json
new file mode 100644
index 00000000000..26cbbab3298
--- /dev/null
+++ b/packages/tychon/kibana/index_pattern/ed7c1bb4-5aac-45d4-9aff-06f4d4ad4a9a.json
@@ -0,0 +1,23 @@
+{
+    "attributes": {
+        "fieldAttrs": "{\"STIG_ID\":{\"count\":3},\"rule.id\":{\"count\":2},\"VULN_ID\":{\"count\":2},\"rule.result.score\":{\"count\":2},\"benchmark.name\":{\"count\":1},\"rule.finding_id\":{\"count\":1},\"rule.result\":{\"count\":1}}",
+        "fieldFormatMap": "{}",
+        "fields": "[]",
+        "name": "STIG SCAP Results (TYCHON)",
+        "runtimeFieldMap": "{\"STIG_ID\":{\"type\":\"keyword\",\"script\":{\"source\":\"if (doc[\\\"rule.id\\\"].length \u003e 0){\\r\\n    def rule_id = doc[\\\"rule.id\\\"].value;\\r\\nif (rule_id == ''){\\r\\n    def rule_name = doc[\\\"rule.name\\\"].value.replace('xccdf_mil.disa.stig_rule_','');\\r\\n    def iof = rule_name.indexOf('r');\\r\\n    emit(rule_name.substring(0, iof))\\r\\n}else{\\r\\n    emit(rule_id)\\r\\n}\\r\\n\\r\\n}\\r\\nelse{\\r\\n    emit(\\\"\\\")\\r\\n}\"}},\"VULN_ID\":{\"type\":\"keyword\",\"script\":{\"source\":\"if (doc[\\\"rule.id\\\"].length \u003e 0){\\r\\n    def rule_id = doc[\\\"rule.id\\\"].value;\\r\\nif (rule_id == ''){\\r\\n    def rule_name = doc[\\\"rule.name\\\"].value.replace('xccdf_mil.disa.stig_rule_','');\\r\\n    def iof = rule_name.indexOf('r');\\r\\n    emit(rule_name.substring(0, iof))\\r\\n}else{\\r\\n    emit(rule_id)\\r\\n}\\r\\n\\r\\n}\\r\\nelse{\\r\\n    emit(\\\"\\\")\\r\\n}\"}},\"rule.result.score\":{\"type\":\"long\",\"script\":{\"source\":\"if (doc[\\\"rule.result\\\"].length \u003e 0){\\r\\n    if (doc[\\\"rule.result\\\"].value == \\\"fail\\\"){\\r\\n        emit(10)\\r\\n    }else{\\r\\n        emit(0)\\r\\n    }\\r\\n        \\r\\n}\"}},\"benchmarkname\":{\"type\":\"keyword\",\"script\":{\"source\":\"if (doc[\\\"benchmark.name\\\"].length \u003e 0){\\r\\n    def namesplit = doc[\\\"benchmark.name\\\"].value.replace(\\\"scap_mil.disa.stig_cref_U_\\\",\\\"\\\").replace(\\\"_STIG_SCAP_1-2_Benchmark-xccdf.xml\\\", \\\"\\\");\\r\\n    emit(namesplit);\\r\\n}\\r\\n\\r\\n\\r\\n\"}}}",
+        "sourceFilters": "[]",
+        "timeFieldName": "@timestamp",
+        "title": "logs-tychon.tychon_stig*",
+        "typeMeta": "{}"
+    },
+    "coreMigrationVersion": "8.6.2",
+    "created_at": "2023-06-20T13:50:39.404Z",
+    "id": "ed7c1bb4-5aac-45d4-9aff-06f4d4ad4a9a",
+    "migrationVersion": {
+        "index-pattern": "8.0.0"
+    },
+    "references": [],
+    "type": "index-pattern",
+    "updated_at": "2023-06-21T19:05:32.364Z",
+    "version": "WzI3NDQxOCwxM10="
+}
\ No newline at end of file
diff --git a/packages/tychon/kibana/security_rule/10359860-1139-11ee-af86-538da1394f27_1.json b/packages/tychon/kibana/security_rule/10359860-1139-11ee-af86-538da1394f27_1.json
new file mode 100644
index 00000000000..6e8f8de1e22
--- /dev/null
+++ b/packages/tychon/kibana/security_rule/10359860-1139-11ee-af86-538da1394f27_1.json
@@ -0,0 +1,67 @@
+{
+    "id": "10359860-1139-11ee-af86-538da1394f27_1",
+    "type": "security-rule",
+    "attributes": {
+        "updated_at": "2023-06-22T20:12:10.268Z",
+        "updated_by": "elastic",
+        "created_at": "2023-06-22T20:12:08.840Z",
+        "created_by": "elastic",
+        "name": "CAT 1 IAVA Vulnerability Detected",
+        "tags": [
+            "TYCHON",
+            "CVE",
+            "CCRI"
+        ],
+        "interval": "5m",
+        "enabled": true,
+        "description": "A category one IAVA has been detected as being vulnerable",
+        "risk_score": 90,
+        "severity": "high",
+        "note": "Investigator should work to patch this system for this IAVA as quickly as possible.",
+        "license": "",
+        "output_index": "",
+        "meta": {
+            "from": "1m",
+            "kibana_siem_app_url": "https://10.1.9.250:5601/app/security"
+        },
+        "author": [
+            "TYCHON"
+        ],
+        "false_positives": [],
+        "from": "now-360s",
+        "rule_id": "10359860-1139-11ee-af86-538da1394f27",
+        "max_signals": 100,
+        "risk_score_mapping": [],
+        "severity_mapping": [],
+        "threat": [
+            {
+                "framework": "MITRE ATT\u0026CK",
+                "tactic": {
+                    "id": "TA0001",
+                    "reference": "https://attack.mitre.org/tactics/TA0001",
+                    "name": "Initial Access"
+                },
+                "technique": []
+            }
+        ],
+        "to": "now",
+        "references": [],
+        "version": 1,
+        "exceptions_list": [],
+        "immutable": false,
+        "related_integrations": [],
+        "required_fields": [],
+        "setup": "",
+        "type": "query",
+        "language": "kuery",
+        "index": [
+            "filebeat-*",
+            "logs-*",
+            "winlogbeat-*"
+        ],
+        "query": "vulnerability.iava_severity : \"CAT I\" and vulnerability.result : \"fail\" ",
+        "filters": [],
+        "throttle": "no_actions",
+        "actions": []
+    }
+}
\ No newline at end of file
diff --git a/packages/tychon/kibana/security_rule/2e5a7e20-1137-11ee-af86-538da1394f27_1.json b/packages/tychon/kibana/security_rule/2e5a7e20-1137-11ee-af86-538da1394f27_1.json
new file mode 100644
index 00000000000..2caf59e861f
--- /dev/null
+++ b/packages/tychon/kibana/security_rule/2e5a7e20-1137-11ee-af86-538da1394f27_1.json
@@ -0,0 +1,80 @@
+{
+    "id": "2e5a7e20-1137-11ee-af86-538da1394f27_1",
+    "type": "security-rule",
+    "attributes": {
+        "updated_at": "2023-06-22T19:58:42.404Z",
+        "updated_by": "elastic",
+        "created_at": "2023-06-22T19:58:40.371Z",
+        "created_by": "elastic",
+        "name": "Windows Defender Feature Reported as Disabled",
+        "tags": [
+            "TYCHON",
+            "EPP",
+            "CCRI"
+        ],
+        "interval": "5m",
+        "enabled": true,
+        "description": "A Feature in Windows Defender has been set to disabled in the latest report from the TYCHON Agentless Module",
+        "risk_score": 60,
+        "severity": "medium",
+        "note": "Analysts should look into the history of this endpoint to figure out when the feature was disabled and work to re-enable the feature.",
+        "license": "",
+        "output_index": "",
+        "meta": {
+            "from": "1m",
+            "kibana_siem_app_url": "https://10.1.9.250:5601/app/security"
+        },
+        "author": [
+            "TYCHON"
+        ],
+        "false_positives": [],
+        "from": "now-360s",
+        "rule_id": "2e5a7e20-1137-11ee-af86-538da1394f27",
+        "max_signals": 100,
+        "risk_score_mapping": [],
+        "severity_mapping": [],
+        "threat": [
+            {
+                "framework": "MITRE ATT\u0026CK",
+                "tactic": {
+                    "id": "TA0005",
+                    "reference": "https://attack.mitre.org/tactics/TA0005",
+                    "name": "Defense Evasion"
+                },
+                "technique": [
+                    {
+                        "id": "T1089",
+                        "reference": "https://attack.mitre.org/techniques/T1089",
+                        "name": "Disabling Security Tools",
+                        "subtechnique": []
+                    }
+                ]
+            }
+        ],
+        "to": "now",
+        "references": [],
+        "version": 1,
+        "exceptions_list": [],
+        "immutable": false,
+        "related_integrations": [],
+        "required_fields": [],
+        "setup": "",
+        "type": "query",
+        "language": "kuery",
+        "index": [
+            "apm-*-transaction*",
+            "auditbeat-*",
+            "endgame-*",
+            "filebeat-*",
+            "logs-*",
+            "packetbeat-*",
+            "traces-apm*",
+            "winlogbeat-*",
+            "-*elastic-cloud-logs-*"
+        ],
+        "query": "windows_defender.service.antimalware.status : \"Disabled\" or windows_defender.service.antispyware.status :\"Disabled\" or windows_defender.service.antivirus.status : \"Disabled\" or windows_defender.service.behavior_monitor.status : \"Disabled\"  or windows_defender.service.ioav_protection.status : \"Disabled\" or windows_defender.service.nis.status : \"Disabled\"  or windows_defender.service.on_access_protection.status : \"Disabled\"  or windows_defender.service.real_time_protection.status : \"Disabled\" ",
+        "filters": [],
+        "throttle": "no_actions",
+        "actions": []
+    }
+}
\ No newline at end of file
diff --git a/packages/tychon/kibana/security_rule/2e9c9ac0-1138-11ee-af86-538da1394f27_1.json b/packages/tychon/kibana/security_rule/2e9c9ac0-1138-11ee-af86-538da1394f27_1.json
new file mode 100644
index 00000000000..1d7f42e084b
--- /dev/null
+++ b/packages/tychon/kibana/security_rule/2e9c9ac0-1138-11ee-af86-538da1394f27_1.json
@@ -0,0 +1,67 @@
+{
+    "id": "2e9c9ac0-1138-11ee-af86-538da1394f27_1",
+    "type": "security-rule",
+    "attributes": {
+        "updated_at": "2023-06-22T20:05:51.349Z",
+        "updated_by": "elastic",
+        "created_at": "2023-06-22T20:05:49.618Z",
+        "created_by": "elastic",
+        "name": "Critical Vulnerability Failed",
+        "tags": [
+            "TYCHON",
+            "CCRI",
+            "CVE"
+        ],
+        "interval": "5m",
+        "enabled": true,
+        "description": "A vulnerability that has been categorized as Critical by NVD has been reported as failed.",
+        "risk_score": 90,
+        "severity": "high",
+        "note": "Investigators should get systems with critical vulnerabilities patched and ensure mitigations are in place while the system is vulenrable.",
+        "license": "",
+        "output_index": "",
+        "meta": {
+            "from": "1m",
+            "kibana_siem_app_url": "https://10.1.9.250:5601/app/security"
+        },
+        "author": [
+            "TYCHON"
+        ],
+        "false_positives": [],
+        "from": "now-360s",
+        "rule_id": "2e9c9ac0-1138-11ee-af86-538da1394f27",
+        "max_signals": 100,
+        "risk_score_mapping": [],
+        "severity_mapping": [],
+        "threat": [
+            {
+                "framework": "MITRE ATT\u0026CK",
+                "tactic": {
+                    "id": "TA0001",
+                    "reference": "https://attack.mitre.org/tactics/TA0001",
+                    "name": "Initial Access"
+                },
+                "technique": []
+            }
+        ],
+        "to": "now",
+        "references": [],
+        "version": 1,
+        "exceptions_list": [],
+        "immutable": false,
+        "related_integrations": [],
+        "required_fields": [],
+        "setup": "",
+        "type": "query",
+        "language": "kuery",
+        "index": [
+            "filebeat-*",
+            "logs-*",
+            "winlogbeat-*"
+        ],
+        "query": "vulnerability.severity :\"CRITICAL\" and vulnerability.result : \"fail\" ",
+        "filters": [],
+        "throttle": "no_actions",
+        "actions": []
+    }
+}
\ No newline at end of file
diff --git a/packages/tychon/kibana/security_rule/867e3450-1139-11ee-af86-538da1394f27_1.json b/packages/tychon/kibana/security_rule/867e3450-1139-11ee-af86-538da1394f27_1.json
new file mode 100644
index 00000000000..fd29265dac1
--- /dev/null
+++ b/packages/tychon/kibana/security_rule/867e3450-1139-11ee-af86-538da1394f27_1.json
@@ -0,0 +1,64 @@
+{
+    "id": "867e3450-1139-11ee-af86-538da1394f27_1",
+    "type": "security-rule",
+    "attributes": {
+        "updated_at": "2023-06-22T20:15:29.017Z",
+        "updated_by": "elastic",
+        "created_at": "2023-06-22T20:15:26.960Z",
+        "created_by": "elastic",
+        "name": "High STIG/SCAP Check Failed",
+        "tags": [
+            "TYCHON",
+            "CCRI",
+            "SCAP"
+        ],
+        "interval": "5m",
+        "enabled": true,
+        "description": "A High Severity STIG/SCAP Check failed on an endpoint.",
+        "risk_score": 60,
+        "severity": "medium",
+        "license": "",
+        "output_index": "",
+        "meta": {
+            "from": "1m",
+            "kibana_siem_app_url": "https://10.1.9.250:5601/app/security"
+        },
+        "author": [
+            "TYCHON"
+        ],
+        "false_positives": [],
+        "from": "now-360s",
+        "rule_id": "867e3450-1139-11ee-af86-538da1394f27",
+        "max_signals": 100,
+        "risk_score_mapping": [],
+        "severity_mapping": [],
+        "threat": [
+            {
+                "framework": "MITRE ATT\u0026CK",
+                "tactic": {
+                    "id": "TA0001",
+                    "reference": "https://attack.mitre.org/tactics/TA0001",
+                    "name": "Initial Access"
+                },
+                "technique": []
+            }
+        ],
+        "to": "now",
+        "references": [],
+        "version": 1,
+        "exceptions_list": [],
+        "immutable": false,
+        "related_integrations": [],
+        "required_fields": [],
+        "setup": "",
+        "type": "query",
+        "language": "kuery",
+        "index": [
+            "logs-*"
+        ],
+        "query": "rule.result : \"fail\" and rule.severity : \"high\" ",
+        "filters": [],
+        "throttle": "no_actions",
+        "actions": []
+    }
+}
\ No newline at end of file
diff --git a/packages/tychon/kibana/security_rule/934a39a0-1138-11ee-af86-538da1394f27_1.json b/packages/tychon/kibana/security_rule/934a39a0-1138-11ee-af86-538da1394f27_1.json
new file mode 100644
index 00000000000..04577f4fcf4
--- /dev/null
+++ b/packages/tychon/kibana/security_rule/934a39a0-1138-11ee-af86-538da1394f27_1.json
@@ -0,0 +1,65 @@
+{
+    "id": "934a39a0-1138-11ee-af86-538da1394f27_1",
+    "type": "security-rule",
+    "attributes": {
+        "updated_at": "2023-06-22T20:08:39.789Z",
+        "updated_by": "elastic",
+        "created_at": "2023-06-22T20:08:38.722Z",
+        "created_by": "elastic",
+        "name": "High Vulnerability Failed",
+        "tags": [
+            "TYCHON",
+            "CVE",
+            "CCRI"
+        ],
+        "interval": "5m",
+        "enabled": true,
+        "description": "A host with a high-severity CVE was flagged as being vulnerable.",
+        "risk_score": 60,
+        "severity": "medium",
+        "note": "Investigator should work to resolve this patch and keep a close monitor on this endpoint.",
+        "license": "",
+        "output_index": "",
+        "meta": {
+            "from": "1m",
+            "kibana_siem_app_url": "https://10.1.9.250:5601/app/security"
+        },
+        "author": [
+            "TYCHON"
+        ],
+        "false_positives": [],
+        "from": "now-360s",
+        "rule_id": "934a39a0-1138-11ee-af86-538da1394f27",
+        "max_signals": 100,
+        "risk_score_mapping": [],
+        "severity_mapping": [],
+        "threat": [
+            {
+                "framework": "MITRE ATT\u0026CK",
+                "tactic": {
+                    "id": "TA0001",
+                    "reference": "https://attack.mitre.org/tactics/TA0001",
+                    "name": "Initial Access"
+                },
+                "technique": []
+            }
+        ],
+        "to": "now",
+        "references": [],
+        "version": 1,
+        "exceptions_list": [],
+        "immutable": false,
+        "related_integrations": [],
+        "required_fields": [],
+        "setup": "",
+        "type": "query",
+        "language": "kuery",
+        "index": [
+            "logs-*"
+        ],
+        "query": "vulnerability.severity :\"HIGH\" and vulnerability.result : \"fail\" ",
+        "filters": [],
+        "throttle": "no_actions",
+        "actions": []
+    }
+}
\ No newline at end of file
diff --git a/packages/tychon/manifest.yml b/packages/tychon/manifest.yml
new file mode 100644
index 00000000000..c601df86679
--- /dev/null
+++ b/packages/tychon/manifest.yml
@@ -0,0 +1,35 @@
+format_version: 2.0.0
+name: tychon
+release: beta
+title: "TYCHON Agentless"
+version: 0.0.1
+source:
+  license: "Elastic-2.0"
+description: TYCHON Agentless delivers STIG, CVE/IAVA, and Endpoint Protection status without adding new server infrastructure or services to your endpoints. TYCHON datasets fully comply with vulnerability and STIG reporting standards and integrate into Comply-to-Connect for instant zero trust value.
+type: integration
+categories:
+  - config_management
+  - vulnerability_management
+conditions:
+  kibana.version: "^8.6.0"
+  elastic.subscription: "basic"
+screenshots:
+  - src: /img/TychonScreenshot.png
+    title: Tychon
+    size: 600x600
+    type: image/png
+icons:
+  - src: /img/TychonLogo.svg
+    title: Sample logo
+    size: 32x32
+    type: image/svg+xml
+policy_templates:
+  - name: tychon
+    title: Tychon
+    description: Tychon
+    inputs:
+      - type: logfile
+        title: Tychon
+        description: Tychon
+owner:
+  github: elastic/integrations