diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS index c9595d4d0fd..527d2988246 100644 --- a/.github/CODEOWNERS +++ b/.github/CODEOWNERS @@ -247,6 +247,7 @@ /packages/trellix_epo_cloud @elastic/security-external-integrations /packages/trend_micro_vision_one @elastic/security-external-integrations /packages/trendmicro @elastic/security-external-integrations +/packages/tychon @elastic/security-external-integrations /packages/udp @elastic/security-external-integrations /packages/universal_profiling_agent @elastic/profiling /packages/universal_profiling_collector @elastic/profiling diff --git a/packages/tychon/LICENSE.txt b/packages/tychon/LICENSE.txt new file mode 100644 index 00000000000..809108b857f --- /dev/null +++ b/packages/tychon/LICENSE.txt @@ -0,0 +1,93 @@ +Elastic License 2.0 + +URL: https://www.elastic.co/licensing/elastic-license + +## Acceptance + +By using the software, you agree to all of the terms and conditions below. + +## Copyright License + +The licensor grants you a non-exclusive, royalty-free, worldwide, +non-sublicensable, non-transferable license to use, copy, distribute, make +available, and prepare derivative works of the software, in each case subject to +the limitations and conditions below. + +## Limitations + +You may not provide the software to third parties as a hosted or managed +service, where the service provides users with access to any substantial set of +the features or functionality of the software. + +You may not move, change, disable, or circumvent the license key functionality +in the software, and you may not remove or obscure any functionality in the +software that is protected by the license key. + +You may not alter, remove, or obscure any licensing, copyright, or other notices +of the licensor in the software. Any use of the licensor’s trademarks is subject +to applicable law. + +## Patents + +The licensor grants you a license, under any patent claims the licensor can +license, or becomes able to license, to make, have made, use, sell, offer for +sale, import and have imported the software, in each case subject to the +limitations and conditions in this license. This license does not cover any +patent claims that you cause to be infringed by modifications or additions to +the software. If you or your company make any written claim that the software +infringes or contributes to infringement of any patent, your patent license for +the software granted under these terms ends immediately. If your company makes +such a claim, your patent license ends immediately for work on behalf of your +company. + +## Notices + +You must ensure that anyone who gets a copy of any part of the software from you +also gets a copy of these terms. + +If you modify the software, you must include in any modified copies of the +software prominent notices stating that you have modified the software. + +## No Other Rights + +These terms do not imply any licenses other than those expressly granted in +these terms. + +## Termination + +If you use the software in violation of these terms, such use is not licensed, +and your licenses will automatically terminate. If the licensor provides you +with a notice of your violation, and you cease all violation of this license no +later than 30 days after you receive that notice, your licenses will be +reinstated retroactively. However, if you violate these terms after such +reinstatement, any additional violation of these terms will cause your licenses +to terminate automatically and permanently. + +## No Liability + +*As far as the law allows, the software comes as is, without any warranty or +condition, and the licensor will not be liable to you for any damages arising +out of these terms or the use or nature of the software, under any kind of +legal claim.* + +## Definitions + +The **licensor** is the entity offering these terms, and the **software** is the +software the licensor makes available under these terms, including any portion +of it. + +**you** refers to the individual or entity agreeing to these terms. + +**your company** is any legal entity, sole proprietorship, or other kind of +organization that you work for, plus all organizations that have control over, +are under the control of, or are under common control with that +organization. **control** means ownership of substantially all the assets of an +entity, or the power to direct its management and policies by vote, contract, or +otherwise. Control can be direct or indirect. + +**your licenses** are all the licenses granted to you for the software under +these terms. + +**use** means anything you do with the software requiring one of your licenses. + +**trademark** means trademarks, service marks, and similar rights. diff --git a/packages/tychon/_dev/build/build.yml b/packages/tychon/_dev/build/build.yml new file mode 100644 index 00000000000..074278e5b1f --- /dev/null +++ b/packages/tychon/_dev/build/build.yml @@ -0,0 +1,3 @@ +dependencies: + ecs: + reference: git@v8.8.0 diff --git a/packages/tychon/_dev/build/docs/README.md b/packages/tychon/_dev/build/docs/README.md new file mode 100644 index 00000000000..92aef340987 --- /dev/null +++ b/packages/tychon/_dev/build/docs/README.md @@ -0,0 +1,21 @@ +# TYCHON Agentless + +[TYCHON Agentless](https://tychon.io/products/tychon-agentless/) is an integration that lets you collect TYCHON's gold source Master Endpoint Record data from endpoints, including vulnerability and STIG results, without heavy resource use or software installation. You can then investigate the TYCHON data using Elastic's analytics, visualizations, and dashboards. [Contact us to learn more.](https://tychon.io/start-a-free-trial/) + +## Compatibility + +* This integration supports Windows and RedHat/CENTOS Endpoint Operating Systems. +* This integration requires a TYCHON Agentless license. +* This integration requires [TYCHON Vulnerability Definition](https://support.tychon.io/) files. +* The Linux Endpoint requires RedHat's [OpenScap](https://www.open-scap.org/tools/openscap-base/) to be installed for STIG and CVE to report data. +* This integration supports Elastic 8.8+. + +## Returned Data Fields + +### ARP Table Information + +TYCHON scans Endpoint ARP Tables and returns the results. + +{{fields "tychon_arp"}} + +{{event "tychon_arp"}} diff --git a/packages/tychon/changelog.yml b/packages/tychon/changelog.yml new file mode 100644 index 00000000000..c6f3347eeb0 --- /dev/null +++ b/packages/tychon/changelog.yml @@ -0,0 +1,5 @@ +- version: 0.0.60 + changes: + - description: Initial release of package. + type: enhancement + link: https://github.com/joeperuzzi/integrations/pull/1 # FIXME Replace with the real PR link diff --git a/packages/tychon/data_stream/tychon_arp/_dev/deploy/docker/docker-compose.yml b/packages/tychon/data_stream/tychon_arp/_dev/deploy/docker/docker-compose.yml new file mode 100644 index 00000000000..e6678b59cf7 --- /dev/null +++ b/packages/tychon/data_stream/tychon_arp/_dev/deploy/docker/docker-compose.yml @@ -0,0 +1,18 @@ +version: '2.3' +services: + docker-custom-agent: + hostname: docker-custom-agent + image: "docker.elastic.co/beats/elastic-agent-complete:8.10.1" + pid: host + user: root + healthcheck: + test: "elastic-agent status" + retries: 180 + interval: 1s + environment: + FLEET_ENROLL: "1" + FLEET_INSECURE: "1" + FLEET_URL: "https://fleet-server:8220" + volumes: + #- /root/elasticIntegration/tychon/data_stream/tychon_arp/:/root/elasticIntegration/tychon/data_stream/tychon_arp + - ${SERVICE_LOGS_DIR}/var/log:/var/log \ No newline at end of file diff --git a/packages/tychon/data_stream/tychon_arp/_dev/deploy/docker/sample_logs/test-arp.json b/packages/tychon/data_stream/tychon_arp/_dev/deploy/docker/sample_logs/test-arp.json new file mode 100644 index 00000000000..dbef57f3df6 --- /dev/null +++ b/packages/tychon/data_stream/tychon_arp/_dev/deploy/docker/sample_logs/test-arp.json @@ -0,0 +1,43 @@ +{ + "script.type": "powershell", + "host.os.build": "22621", + "host.ip": "10.154.5.200", + "host.hostname": "DESKTOP-AF7CIQM", + "host.os.name": "Microsoft Windows 11 Pro", + "host.hardware.manufacturer": "Dell Inc.", + "@timestamp": "2023-08-16T05:22:36Z", + "script.start": "2023-08-16T05:22:36Z", + "destination.mac": "00-09-0F-AA-00-02", + "host.hardware.owner": "james_sudbury@msn.com", + "host.hardware.cpu.caption": "Intel64 Family 6 Model 141 Stepping 1", + "destination.hostname": "Request timed out (700 ms)", + "host.os.organization": "", + "host.workgroup": "WORKGROUP", + "host.hardware.serial_number": "HYLCKG3", + "host.ipv4": "10.154.5.200", + "host.os.version": "2009", + "network.direction": "external", + "host.hardware.bios.name": "Dell Inc.", + "host.type": "Workstation", + "network.type": "IPv4", + "destination.name": "Request timed out (700 ms)", + "host.id": "47b5d5906f7d4b288a1366b2f6483148_4C4C4544-0059-4C10-8043-C8C04F4B4733_DESKTOP-AF7CIQM_WORKGROUP", + "host.biossn": "4C4C4544-0059-4C10-8043-C8C04F4B4733", + "host.mac": "60:E3:2B:4B:40:E2", + "network.interface": "Ethernet 3", + "host.oem.model": "XPS 17 9710", + "host.uptime": "594263.4592614", + "id": "DESKTOP-AF7CIQM#6#10.70.4.15#10.70.4.16", + "script.current_time": "2023-08-16T05:22:37Z", + "script.name": "Get-TychonArpInfo.ps1", + "network.state": "dynamic", + "script.version": "2.3.53.0", + "host.oem.manufacturer": "Dell", + "host.os.description": "", + "script.current_duration": "1809.94", + "host.ipv6": "fe80::c2c9:f4e0:eb65:2c33", + "destination.ip": "10.70.4.16", + "host.hardware.bios.version": "1.20.1", + "host.domain": "", + "host.os.family": "Windows" +} \ No newline at end of file diff --git a/packages/tychon/data_stream/tychon_arp/_dev/deploy/docker/test-tychon_arp-config.yml b/packages/tychon/data_stream/tychon_arp/_dev/deploy/docker/test-tychon_arp-config.yml new file mode 100644 index 00000000000..e04b3fc8870 --- /dev/null +++ b/packages/tychon/data_stream/tychon_arp/_dev/deploy/docker/test-tychon_arp-config.yml @@ -0,0 +1,7 @@ +vars: ~ +input: filestream +data_stream: + vars: + paths: + - "{{SERVICE_LOGS_DIR}}" + diff --git a/packages/tychon/data_stream/tychon_arp/_dev/test/pipeline/test-arp.json b/packages/tychon/data_stream/tychon_arp/_dev/test/pipeline/test-arp.json new file mode 100644 index 00000000000..c01dac9287d --- /dev/null +++ b/packages/tychon/data_stream/tychon_arp/_dev/test/pipeline/test-arp.json @@ -0,0 +1,52 @@ +{ + "events": [ + { + "script.type": "powershell", + "host.os.build": "22621", + "host.ip": [ + "10.154.5.200" + ], + "host.hostname": "DESKTOP-AF7CIQM", + "host.os.name": "Microsoft Windows 11 Pro", + "host.hardware.manufacturer": "Dell Inc.", + "@timestamp": "2023-08-16T05:22:36Z", + "script.start": "2023-08-16T05:22:36Z", + "destination.mac": "00-09-0F-AA-00-02", + "host.hardware.owner": "james_sudbury@msn.com", + "host.hardware.cpu.caption": "Intel64 Family 6 Model 141 Stepping 1", + "destination.hostname": "Request timed out (700 ms)", + "host.os.organization": "", + "host.workgroup": "WORKGROUP", + "host.hardware.serial_number": "HYLCKG3", + "host.ipv4": "10.154.5.200", + "host.os.version": "2009", + "network.direction": "external", + "host.hardware.bios.name": "Dell Inc.", + "host.type": "Workstation", + "network.type": "IPv4", + "destination.name": "Request timed out (700 ms)", + "host.id": "47b5d5906f7d4b288a1366b2f6483148_4C4C4544-0059-4C10-8043-C8C04F4B4733_DESKTOP-AF7CIQM_WORKGROUP", + "host.biossn": "4C4C4544-0059-4C10-8043-C8C04F4B4733", + "host.mac": [ + "60:E3:2B:4B:40:E2" + ], + "network.interface": "Ethernet 3", + "host.oem.model": "XPS 17 9710", + "host.uptime": "594263.4592614", + "id": "DESKTOP-AF7CIQM#6#10.70.4.15#10.70.4.16", + "script.current_time": "2023-08-16T05:22:37Z", + "script.name": "Get-TychonArpInfo.ps1", + "network.state": "dynamic", + "script.version": "2.3.53.0", + "host.oem.manufacturer": "Dell", + "host.os.description": "", + "script.current_duration": "1809.94", + "host.ipv6": "fe80::c2c9:f4e0:eb65:2c33", + "destination.ip": "10.70.4.16", + "host.hardware.bios.version": "1.20.1", + "host.domain": "", + "host.os.family": "Windows", + "message": "{\n\t\t\t\"script.type\": \"powershell\",\n\t\t\t\"host.os.build\": \"22621\",\n\t\t\t\"host.ip\": [\n\t\t\t\t\"10.154.5.200\"\n\t\t\t],\n\t\t\t\"host.hostname\": \"DESKTOP-AF7CIQM\",\n\t\t\t\"host.os.name\": \"Microsoft Windows 11 Pro\",\n\t\t\t\"host.hardware.manufacturer\": \"Dell Inc.\",\n\t\t\t\"@timestamp\": \"2023-08-16T05:22:36Z\",\n\t\t\t\"script.start\": \"2023-08-16T05:22:36Z\",\n\t\t\t\"destination.mac\": \"00-09-0F-AA-00-02\",\n\t\t\t\"host.hardware.owner\": \"james_sudbury@msn.com\",\n\t\t\t\"host.hardware.cpu.caption\": \"Intel64 Family 6 Model 141 Stepping 1\",\n\t\t\t\"destination.hostname\": \"Request timed out (700 ms)\",\n\t\t\t\"host.os.organization\": \"\",\n\t\t\t\"host.workgroup\": \"WORKGROUP\",\n\t\t\t\"host.hardware.serial_number\": \"HYLCKG3\",\n\t\t\t\"host.ipv4\": \"10.154.5.200\",\n\t\t\t\"host.os.version\": \"2009\",\n\t\t\t\"network.direction\": \"external\",\n\t\t\t\"host.hardware.bios.name\": \"Dell Inc.\",\n\t\t\t\"host.type\": \"Workstation\",\n\t\t\t\"network.type\": \"IPv4\",\n\t\t\t\"destination.name\": \"Request timed out (700 ms)\",\n\t\t\t\"host.id\": \"47b5d5906f7d4b288a1366b2f6483148_4C4C4544-0059-4C10-8043-C8C04F4B4733_DESKTOP-AF7CIQM_WORKGROUP\",\n\t\t\t\"host.biossn\": \"4C4C4544-0059-4C10-8043-C8C04F4B4733\",\n\t\t\t\"host.mac\": [\n\t\t\t\t\"60:E3:2B:4B:40:E2\"\n\t\t\t],\n\t\t\t\"network.interface\": \"Ethernet 3\",\n\t\t\t\"host.oem.model\": \"XPS 17 9710\",\n\t\t\t\"host.uptime\": \"594263.4592614\",\n\t\t\t\"id\": \"DESKTOP-AF7CIQM#6#10.70.4.15#10.70.4.16\",\n\t\t\t\"script.current_time\": \"2023-08-16T05:22:37Z\",\n\t\t\t\"script.name\": \"Get-TychonArpInfo.ps1\",\n\t\t\t\"network.state\": \"dynamic\",\n\t\t\t\"script.version\": \"2.3.53.0\",\n\t\t\t\"host.oem.manufacturer\": \"Dell\",\n\t\t\t\"host.os.description\": \"\",\n\t\t\t\"script.current_duration\": \"1809.94\",\n\t\t\t\"host.ipv6\": \"fe80::c2c9:f4e0:eb65:2c33\",\n\t\t\t\"destination.ip\": \"10.70.4.16\",\n\t\t\t\"host.hardware.bios.version\": \"1.20.1\",\n\t\t\t\"host.domain\": \"\",\n\t\t\t\"host.os.family\": \"Windows\"\n\t\t}" + } + ] +} \ No newline at end of file diff --git a/packages/tychon/data_stream/tychon_arp/_dev/test/pipeline/test-arp.json-config.yml b/packages/tychon/data_stream/tychon_arp/_dev/test/pipeline/test-arp.json-config.yml new file mode 100644 index 00000000000..302199c74f9 --- /dev/null +++ b/packages/tychon/data_stream/tychon_arp/_dev/test/pipeline/test-arp.json-config.yml @@ -0,0 +1,3 @@ +dynamic_fields: + "@timestamp": ".*" + event.ingested: ".*" diff --git a/packages/tychon/data_stream/tychon_arp/_dev/test/pipeline/test-arp.json-expected.json b/packages/tychon/data_stream/tychon_arp/_dev/test/pipeline/test-arp.json-expected.json new file mode 100644 index 00000000000..fd50c5c9129 --- /dev/null +++ b/packages/tychon/data_stream/tychon_arp/_dev/test/pipeline/test-arp.json-expected.json @@ -0,0 +1,85 @@ +{ + "expected": [ + { + "@timestamp": "2023-10-05T13:48:07.498243391Z", + "destination": { + "hostname": "Request timed out (700 ms)", + "ip": "10.70.4.16", + "mac": "00-09-0F-AA-00-02", + "name": "Request timed out (700 ms)" + }, + "ecs": { + "version": "8.10.0" + }, + "event": { + "category": [ + "network" + ], + "ingested": "2023-10-05T13:48:07.498243391Z", + "kind": "state", + "module": "tychon", + "type": [ + "info" + ] + }, + "host": { + "biossn": "4C4C4544-0059-4C10-8043-C8C04F4B4733", + "domain": "", + "hardware": { + "bios": { + "name": "Dell Inc.", + "version": "1.20.1" + }, + "cpu": { + "caption": "Intel64 Family 6 Model 141 Stepping 1" + }, + "manufacturer": "Dell Inc.", + "owner": "james_sudbury@msn.com", + "serial_number": "HYLCKG3" + }, + "hostname": "DESKTOP-AF7CIQM", + "id": "47b5d5906f7d4b288a1366b2f6483148_4C4C4544-0059-4C10-8043-C8C04F4B4733_DESKTOP-AF7CIQM_WORKGROUP", + "ip": [ + "10.154.5.200" + ], + "ipv4": [ + "10.154.5.200" + ], + "ipv6": "fe80::c2c9:f4e0:eb65:2c33", + "mac": [ + "60-E3-2B-4B-40-E2" + ], + "oem": { + "manufacturer": "Dell", + "model": "XPS 17 9710" + }, + "os": { + "build": "22621", + "description": "", + "family": "Windows", + "name": "Microsoft Windows 11 Pro", + "organization": "", + "version": "2009" + }, + "type": "Workstation", + "uptime": 594263, + "workgroup": "WORKGROUP" + }, + "id": "DESKTOP-AF7CIQM#6#10.70.4.15#10.70.4.16", + "network": { + "direction": "external", + "interface": "Ethernet 3", + "state": "dynamic", + "type": "IPv4" + }, + "script": { + "current_duration": 1809, + "current_time": "2023-08-16T05:22:37Z", + "name": "Get-TychonArpInfo.ps1", + "start": "2023-08-16T05:22:36Z", + "type": "powershell", + "version": "2.3.53.0" + } + } + ] +} \ No newline at end of file diff --git a/packages/tychon/data_stream/tychon_arp/_dev/test/system/test-tychon_arp-config.yml b/packages/tychon/data_stream/tychon_arp/_dev/test/system/test-tychon_arp-config.yml new file mode 100644 index 00000000000..68ad33ad8de --- /dev/null +++ b/packages/tychon/data_stream/tychon_arp/_dev/test/system/test-tychon_arp-config.yml @@ -0,0 +1,6 @@ +vars: ~ +input: filestream +data_stream: + vars: + paths: + - "{{SERVICE_LOGS_DIR}}/tychoncloud/eventlogs/*" \ No newline at end of file diff --git a/packages/tychon/data_stream/tychon_arp/agent/stream/stream.yml.hbs b/packages/tychon/data_stream/tychon_arp/agent/stream/stream.yml.hbs new file mode 100644 index 00000000000..d78551445b8 --- /dev/null +++ b/packages/tychon/data_stream/tychon_arp/agent/stream/stream.yml.hbs @@ -0,0 +1,18 @@ +paths: +{{#each paths as |path|}} + - {{path}} +{{/each}} +prospector.scanner.exclude_files: [".gz$"] +tags: +{{#if preserve_original_event}} + - preserve_original_event +{{/if}} +{{#each tags as |tag|}} + - {{tag}} +{{/each}} +{{#contains "forwarded" tags}} +{{/contains}} +{{#if processors}} +processors: +{{processors}} +{{/if}} \ No newline at end of file diff --git a/packages/tychon/data_stream/tychon_arp/elasticsearch/ingest_pipeline/default.yml b/packages/tychon/data_stream/tychon_arp/elasticsearch/ingest_pipeline/default.yml new file mode 100644 index 00000000000..efae057d287 --- /dev/null +++ b/packages/tychon/data_stream/tychon_arp/elasticsearch/ingest_pipeline/default.yml @@ -0,0 +1,106 @@ +--- +description: Pipeline for TYCHON ARP Tables +processors: + - set: + field: event.module + value: tychon + - rename: + tag: rename_message + field: message + target_field: event.original + - json: + field: event.original + - dot_expander: + tag: expand_dots + field: '*' + - set: + field: "@timestamp" + value: "{{_ingest.timestamp}}" + - set: + field: event.ingested + value: "{{_ingest.timestamp}}" + - date: + tag: date_timestamp + field: '@timestamp' + formats: + - ISO8601 + - set: + field: ecs.version + value: 8.10.0 + - set: + field: event.kind + value: state + - gsub: + field: host.mac + pattern: ':' + replacement: '-' + ignore_missing: true + - uppercase: + field : destination.mac + - split: + field: host.ipv4 + separator: ',' + ignore_missing: true + - convert: + field: host.uptime + type: string + ignore_missing: true + - split: + field: host.uptime + separator: '\.+' + target_field: tempuptime + ignore_failure: true + - set: + field: host.uptime + value: '{{{tempuptime.0}}}' + ignore_failure: true + - remove: + field: tempuptime + ignore_failure: true + ignore_missing: true + - convert: + tag: convert_host_uptime + field: host.uptime + type: long + ignore_missing: true + - set: + field: event.category + value: [network] + - set: + field: event.type + value: [info] + - convert: + field: script.current_duration + type: string + ignore_missing: true + - split: + field: script.current_duration + separator: '\.+' + target_field: tempduration + ignore_failure: true + - set: + field: script.current_duration + value: '{{{tempduration.0}}}' + ignore_failure: true + - remove: + field: tempduration + ignore_failure: true + ignore_missing: true + - convert: + tag: convert_script_current_duration + field: script.current_duration + type: long + ignore_missing: true + - remove: + tag: remove_preserve_original_event + field: event.original + if: ctx.tags == null || !(ctx.tags.contains('preserve_original_event')) + ignore_failure: true + ignore_missing: true +on_failure: + - set: + field: event.kind + value: pipeline_error + - append: + field: error.message + value: 'Processor {{{_ingest.on_failure_processor_type}}} with tag {{{_ingest.on_failure_processor_tag}}} in pipeline {{{_ingest.on_failure_pipeline}}} failed with message: {{{_ingest.on_failure_message}}}' \ No newline at end of file diff --git a/packages/tychon/data_stream/tychon_arp/fields/agent.yml b/packages/tychon/data_stream/tychon_arp/fields/agent.yml new file mode 100644 index 00000000000..efacb477dd9 --- /dev/null +++ b/packages/tychon/data_stream/tychon_arp/fields/agent.yml @@ -0,0 +1,110 @@ +- name: id + description: TYCHON unique document identifier. + type: keyword +- name: tychon + type: group + fields: + - name: id + description: TYCHON unique host identifier. + type: keyword +- name: elastic_agent + type: group + fields: + - name: id + description: Elastic Agent Id. + type: keyword + - name: snapshot + description: Elastic Agent snapshot. + type: boolean + - name: version + description: Elastic Agent Version. + type: keyword +- name: script + type: group + fields: + - name: current_duration + description: Scanner Script Duration. + type: long + - name: current_time + description: Current datetime. + type: date + - name: name + description: Scanner Script Name. + type: keyword + - name: start + description: Scanner Start datetime. + type: date + - name: type + description: Scanner Script Type. + type: keyword + - name: version + description: Scanner Script Version. + type: version +- name: host + title: Host + group: 2 + description: 'A host is defined as a general computing instance. + + ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' + type: group + fields: + - name: biossn + description: Host BIOS Serial Number. + type: keyword + - name: ipv4 + description: Host IPv4 addresses. + type: ip + - name: ipv6 + description: Host IPv6 addresses. + type: keyword + - name: workgroup + description: Host Workgroup Network Name. + type: keyword + - name: oem + type: group + fields: + - name: manufacturer + description: Host OEM Manufacturer. + type: keyword + - name: model + description: Host OEM Model. + type: keyword + - name: os + type: group + fields: + - name: build + description: Host OS Build. + type: keyword + - name: description + description: Host OS Description. + type: text + - name: organization + description: Host OS Organization. + type: keyword + - name: hardware + type: group + fields: + - name: bios + type: group + fields: + - name: name + description: Host BIOS Name. + type: keyword + - name: version + description: Host BIOS Version. + type: keyword + - name: cpu + type: group + fields: + - name: caption + description: Host CPU Caption. + type: keyword + - name: manufacturer + description: Host BIOS Manufacturer. + type: keyword + - name: owner + description: Host BIOS Owner. + type: keyword + - name: serial_number + description: Host BIOS Serial Number. + type: keyword diff --git a/packages/tychon/data_stream/tychon_arp/fields/base-fields.yml b/packages/tychon/data_stream/tychon_arp/fields/base-fields.yml new file mode 100644 index 00000000000..58d1699586e --- /dev/null +++ b/packages/tychon/data_stream/tychon_arp/fields/base-fields.yml @@ -0,0 +1,12 @@ +- name: input + type: group + fields: + - name: type + description: Input Type. + type: keyword +- name: log + type: group + fields: + - name: offset + description: Log Offset. + type: long diff --git a/packages/tychon/data_stream/tychon_arp/fields/ecs.yml b/packages/tychon/data_stream/tychon_arp/fields/ecs.yml new file mode 100644 index 00000000000..1b0bb1256af --- /dev/null +++ b/packages/tychon/data_stream/tychon_arp/fields/ecs.yml @@ -0,0 +1,78 @@ +- external: ecs + name: '@timestamp' +- external: ecs + name: agent.ephemeral_id +- external: ecs + name: agent.id +- external: ecs + name: agent.name +- external: ecs + name: agent.type +- external: ecs + name: agent.version +- external: ecs + name: data_stream.dataset +- external: ecs + name: data_stream.namespace +- external: ecs + name: data_stream.type +- external: ecs + name: destination.ip +- external: ecs + name: destination.mac +- external: ecs + name: ecs.version +- external: ecs + name: event.agent_id_status +- external: ecs + name: event.category +- external: ecs + name: event.dataset +- external: ecs + name: event.kind +- external: ecs + name: event.module +- external: ecs + name: event.timezone +- external: ecs + name: host.architecture +- external: ecs + name: host.domain +- external: ecs + name: host.hostname +- external: ecs + name: host.id +- external: ecs + name: host.ip +- external: ecs + name: host.mac +- external: ecs + name: host.name +- external: ecs + name: host.os.family +- external: ecs + name: host.os.kernel +- external: ecs + name: host.os.name +- external: ecs + name: host.os.platform +- external: ecs + name: host.os.type +- external: ecs + name: host.os.version +- external: ecs + name: host.type +- external: ecs + name: host.uptime +- external: ecs + name: log.file.path +- external: ecs + name: network.direction +- external: ecs + name: network.type +- external: ecs + name: tags +- external: ecs + name: error.message +- external: ecs + name: event.ingested diff --git a/packages/tychon/data_stream/tychon_arp/fields/fields.yml b/packages/tychon/data_stream/tychon_arp/fields/fields.yml new file mode 100644 index 00000000000..796b93593cd --- /dev/null +++ b/packages/tychon/data_stream/tychon_arp/fields/fields.yml @@ -0,0 +1,17 @@ +- name: destination + type: group + fields: + - name: hostname + type: keyword + description: The Translated Hostname of the IP in the ARP Table + - name: name + type: keyword +- name: network + type: group + fields: + - name: interface + type: keyword + description: The interface the ARP Table has associated the destination. + - name: state + type: keyword + description: Current state diff --git a/packages/tychon/data_stream/tychon_arp/manifest.yml b/packages/tychon/data_stream/tychon_arp/manifest.yml new file mode 100644 index 00000000000..1ff996d9eef --- /dev/null +++ b/packages/tychon/data_stream/tychon_arp/manifest.yml @@ -0,0 +1,41 @@ +title: Endpoint Arp Table Information +type: logs +streams: + - input: filestream + title: Endpoint Arp Table Information + description: TYCHON will report on the entire ARP table from an endpoint. + template_path: stream.yml.hbs + vars: + - name: paths + type: text + title: TYCHON Output Arp Location + multi: true + required: true + show_user: true + default: + - C:\ProgramData\TYCHONCLOUD\eventlogs\tychon_arp_info.json + - /var/log/tychoncloud/eventlogs/tychon_arp_info.json + - name: tags + type: text + title: Tags + multi: true + required: true + show_user: false + default: + - tychon-arp-info + - name: preserve_original_event + required: true + show_user: true + title: Preserve original event + description: Preserves a raw copy of the original event, added to the field `event.original` + type: bool + multi: false + default: false + - name: processors + type: yaml + title: Processors + multi: false + required: false + show_user: false + description: >- + Processors are used to reduce the number of fields in the exported event or to enhance the event with metadata. This executes in the agent before the logs are parsed. See [Processors](https://www.elastic.co/guide/en/beats/filebeat/current/filtering-and-enhancing-data.html) for details. diff --git a/packages/tychon/data_stream/tychon_arp/sample_event.json b/packages/tychon/data_stream/tychon_arp/sample_event.json new file mode 100644 index 00000000000..1c515cea9d3 --- /dev/null +++ b/packages/tychon/data_stream/tychon_arp/sample_event.json @@ -0,0 +1,44 @@ +{ + "tychon.id": "c698e42cc0794fd19b2f9157a8a2c88b_737C4D56-5714-9415-3B54-352BA8936AF3_BOTANYBAYEP1_WORKGROUP", + "host.os.version": "2009", + "network.interface": "Ethernet0", + "host.ip": ["10.1.9.51"], + "host.hostname": "BOTANYBAYEP1", + "host.os.name": "Microsoft Windows 10 Pro", + "host.hardware.manufacturer": "VMware, Inc.", + "script.start": "2023-11-01T18:01:51Z", + "destination.mac": ["04-D5-90-F6-DE-A3"], + "host.hardware.owner": "admin", + "host.hardware.cpu.caption": "Intel64 Family 6 Model 45 Stepping 7", + "destination.hostname": "Request timed out (700 ms)", + "host.os.organization": "", + "host.workgroup": "WORKGROUP", + "host.hardware.serial_number": "VMware-56 4d 7c 73 14 57 15 94-3b 54 35 2b a8 93 6a f3", + "host.ipv4": "10.1.9.51", + "host.oem.manufacturer": "", + "network.direction": "external", + "host.hardware.bios.name": "Phoenix Technologies LTD", + "host.type": "Workstation", + "destination.name": "Request timed out (700 ms)", + "script.type": "powershell", + "host.id": "c698e42cc0794fd19b2f9157a8a2c88b_737C4D56-5714-9415-3B54-352BA8936AF3_BOTANYBAYEP1_WORKGROUP", + "host.biossn": "737C4D56-5714-9415-3B54-352BA8936AF3", + "host.mac": ["00-0C-29-93-6A-F3"], + "network.type": "IPv4", + "host.oem.model": "", + "host.uptime": 603361, + "id": "BOTANYBAYEP1#11#10.1.9.51#10.1.9.1", + "script.current_time": "2023-11-01T18:02:07Z", + "script.name": "Get-TychonArpInfo.ps1", + "network.state": "dynamic", + "script.version": "2.3.152.0", + "host.os.build": "19045", + "host.os.description": "", + "script.current_duration": 15988, + "host.ipv6": "", + "destination.ip": "10.1.9.1", + "host.hardware.bios.version": "6.00", + "host.domain": "", + "host.cloud.hosted": "false", + "host.os.family": "Windows" +} \ No newline at end of file diff --git a/packages/tychon/docs/README.md b/packages/tychon/docs/README.md new file mode 100644 index 00000000000..be48b4744b5 --- /dev/null +++ b/packages/tychon/docs/README.md @@ -0,0 +1,150 @@ +# TYCHON Agentless + +[TYCHON Agentless](https://tychon.io/products/tychon-agentless/) is an integration that lets you collect TYCHON's gold source Master Endpoint Record data from endpoints, including vulnerability and STIG results, without heavy resource use or software installation. You can then investigate the TYCHON data using Elastic's analytics, visualizations, and dashboards. [Contact us to learn more.](https://tychon.io/start-a-free-trial/) + +## Compatibility + +* This integration supports Windows and RedHat/CENTOS Endpoint Operating Systems. +* This integration requires a TYCHON Agentless license. +* This integration requires [TYCHON Vulnerability Definition](https://support.tychon.io/) files. +* The Linux Endpoint requires RedHat's [OpenScap](https://www.open-scap.org/tools/openscap-base/) to be installed for STIG and CVE to report data. +* This integration supports Elastic 8.8+. + +## Returned Data Fields + +### ARP Table Information + +TYCHON scans Endpoint ARP Tables and returns the results. + +**Exported fields** + +| Field | Description | Type | +|---|---|---| +| @timestamp | Date/time when the event originated. This is the date/time extracted from the event, typically representing when the event was generated by the source. If the event source has no original timestamp, this value is typically populated by the first time the event was received by the pipeline. Required field for all events. | date | +| agent.ephemeral_id | Ephemeral identifier of this agent (if one exists). This id normally changes across restarts, but `agent.id` does not. | keyword | +| agent.id | Unique identifier of this agent (if one exists). Example: For Beats this would be beat.id. | keyword | +| agent.name | Custom name of the agent. This is a name that can be given to an agent. This can be helpful if for example two Filebeat instances are running on the same host but a human readable separation is needed on which Filebeat instance data is coming from. | keyword | +| agent.type | Type of the agent. The agent type always stays the same and should be given by the agent used. In case of Filebeat the agent would always be Filebeat also if two Filebeat instances are run on the same machine. | keyword | +| agent.version | Version of the agent. | keyword | +| data_stream.dataset | The field can contain anything that makes sense to signify the source of the data. Examples include `nginx.access`, `prometheus`, `endpoint` etc. For data streams that otherwise fit, but that do not have dataset set we use the value "generic" for the dataset value. `event.dataset` should have the same value as `data_stream.dataset`. Beyond the Elasticsearch data stream naming criteria noted above, the `dataset` value has additional restrictions: \* Must not contain `-` \* No longer than 100 characters | constant_keyword | +| data_stream.namespace | A user defined namespace. Namespaces are useful to allow grouping of data. Many users already organize their indices this way, and the data stream naming scheme now provides this best practice as a default. Many users will populate this field with `default`. If no value is used, it falls back to `default`. Beyond the Elasticsearch index naming criteria noted above, `namespace` value has the additional restrictions: \* Must not contain `-` \* No longer than 100 characters | constant_keyword | +| data_stream.type | An overarching type for the data stream. Currently allowed values are "logs" and "metrics". We expect to also add "traces" and "synthetics" in the near future. | constant_keyword | +| destination.hostname | The Translated Hostname of the IP in the ARP Table | keyword | +| destination.ip | IP address of the destination (IPv4 or IPv6). | ip | +| destination.mac | MAC address of the destination. The notation format from RFC 7042 is suggested: Each octet (that is, 8-bit byte) is represented by two [uppercase] hexadecimal digits giving the value of the octet as an unsigned integer. Successive octets are separated by a hyphen. | keyword | +| destination.name | | keyword | +| ecs.version | ECS version this event conforms to. `ecs.version` is a required field and must exist in all events. When querying across multiple indices -- which may conform to slightly different ECS versions -- this field lets integrations adjust to the schema version of the events. | keyword | +| elastic_agent.id | Elastic Agent Id. | keyword | +| elastic_agent.snapshot | Elastic Agent snapshot. | boolean | +| elastic_agent.version | Elastic Agent Version. | keyword | +| error.message | Error message. | match_only_text | +| event.agent_id_status | Agents are normally responsible for populating the `agent.id` field value. If the system receiving events is capable of validating the value based on authentication information for the client then this field can be used to reflect the outcome of that validation. For example if the agent's connection is authenticated with mTLS and the client cert contains the ID of the agent to which the cert was issued then the `agent.id` value in events can be checked against the certificate. If the values match then `event.agent_id_status: verified` is added to the event, otherwise one of the other allowed values should be used. If no validation is performed then the field should be omitted. The allowed values are: `verified` - The `agent.id` field value matches expected value obtained from auth metadata. `mismatch` - The `agent.id` field value does not match the expected value obtained from auth metadata. `missing` - There was no `agent.id` field in the event to validate. `auth_metadata_missing` - There was no auth metadata or it was missing information about the agent ID. | keyword | +| event.category | This is one of four ECS Categorization Fields, and indicates the second level in the ECS category hierarchy. `event.category` represents the "big buckets" of ECS categories. For example, filtering on `event.category:process` yields all events relating to process activity. This field is closely related to `event.type`, which is used as a subcategory. This field is an array. This will allow proper categorization of some events that fall in multiple categories. | keyword | +| event.dataset | Name of the dataset. If an event source publishes more than one type of log or events (e.g. access log, error log), the dataset is used to specify which one the event comes from. It's recommended but not required to start the dataset name with the module name, followed by a dot, then the dataset name. | keyword | +| event.ingested | Timestamp when an event arrived in the central data store. This is different from `@timestamp`, which is when the event originally occurred. It's also different from `event.created`, which is meant to capture the first time an agent saw the event. In normal conditions, assuming no tampering, the timestamps should chronologically look like this: `@timestamp` \< `event.created` \< `event.ingested`. | date | +| event.kind | This is one of four ECS Categorization Fields, and indicates the highest level in the ECS category hierarchy. `event.kind` gives high-level information about what type of information the event contains, without being specific to the contents of the event. For example, values of this field distinguish alert events from metric events. The value of this field can be used to inform how these kinds of events should be handled. They may warrant different retention, different access control, it may also help understand whether the data coming in at a regular interval or not. | keyword | +| event.module | Name of the module this data is coming from. If your monitoring agent supports the concept of modules or plugins to process events of a given source (e.g. Apache logs), `event.module` should contain the name of this module. | keyword | +| event.timezone | This field should be populated when the event's timestamp does not include timezone information already (e.g. default Syslog timestamps). It's optional otherwise. Acceptable timezone formats are: a canonical ID (e.g. "Europe/Amsterdam"), abbreviated (e.g. "EST") or an HH:mm differential (e.g. "-05:00"). | keyword | +| host.architecture | Operating system architecture. | keyword | +| host.biossn | Host BIOS Serial Number. | keyword | +| host.domain | Name of the domain of which the host is a member. For example, on Windows this could be the host's Active Directory domain or NetBIOS domain name. For Linux this could be the domain of the host's LDAP provider. | keyword | +| host.hardware.bios.name | Host BIOS Name. | keyword | +| host.hardware.bios.version | Host BIOS Version. | keyword | +| host.hardware.cpu.caption | Host CPU Caption. | keyword | +| host.hardware.manufacturer | Host BIOS Manufacturer. | keyword | +| host.hardware.owner | Host BIOS Owner. | keyword | +| host.hardware.serial_number | Host BIOS Serial Number. | keyword | +| host.hostname | Hostname of the host. It normally contains what the `hostname` command returns on the host machine. | keyword | +| host.id | Unique host id. As hostname is not always unique, use values that are meaningful in your environment. Example: The current usage of `beat.name`. | keyword | +| host.ip | Host ip addresses. | ip | +| host.ipv4 | Host IPv4 addresses. | ip | +| host.ipv6 | Host IPv6 addresses. | keyword | +| host.mac | Host MAC addresses. The notation format from RFC 7042 is suggested: Each octet (that is, 8-bit byte) is represented by two [uppercase] hexadecimal digits giving the value of the octet as an unsigned integer. Successive octets are separated by a hyphen. | keyword | +| host.name | Name of the host. It can contain what hostname returns on Unix systems, the fully qualified domain name (FQDN), or a name specified by the user. The recommended value is the lowercase FQDN of the host. | keyword | +| host.oem.manufacturer | Host OEM Manufacturer. | keyword | +| host.oem.model | Host OEM Model. | keyword | +| host.os.build | Host OS Build. | keyword | +| host.os.description | Host OS Description. | text | +| host.os.family | OS family (such as redhat, debian, freebsd, windows). | keyword | +| host.os.kernel | Operating system kernel version as a raw string. | keyword | +| host.os.name | Operating system name, without the version. | keyword | +| host.os.name.text | Multi-field of `host.os.name`. | match_only_text | +| host.os.organization | Host OS Organization. | keyword | +| host.os.platform | Operating system platform (such centos, ubuntu, windows). | keyword | +| host.os.type | Use the `os.type` field to categorize the operating system into one of the broad commercial families. If the OS you're dealing with is not listed as an expected value, the field should not be populated. Please let us know by opening an issue with ECS, to propose its addition. | keyword | +| host.os.version | Operating system version as a raw string. | keyword | +| host.type | Type of host. For Cloud providers this can be the machine type like `t2.medium`. If vm, this could be the container, for example, or other information meaningful in your environment. | keyword | +| host.uptime | Seconds the host has been up. | long | +| host.workgroup | Host Workgroup Network Name. | keyword | +| id | TYCHON unique document identifier. | keyword | +| input.type | Input Type. | keyword | +| log.file.path | Full path to the log file this event came from, including the file name. It should include the drive letter, when appropriate. If the event wasn't read from a log file, do not populate this field. | keyword | +| log.offset | Log Offset. | long | +| network.direction | Direction of the network traffic. When mapping events from a host-based monitoring context, populate this field from the host's point of view, using the values "ingress" or "egress". When mapping events from a network or perimeter-based monitoring context, populate this field from the point of view of the network perimeter, using the values "inbound", "outbound", "internal" or "external". Note that "internal" is not crossing perimeter boundaries, and is meant to describe communication between two hosts within the perimeter. Note also that "external" is meant to describe traffic between two hosts that are external to the perimeter. This could for example be useful for ISPs or VPN service providers. | keyword | +| network.interface | The interface the ARP Table has associated the destination. | keyword | +| network.state | Current state | keyword | +| network.type | In the OSI Model this would be the Network Layer. ipv4, ipv6, ipsec, pim, etc The field value must be normalized to lowercase for querying. | keyword | +| script.current_duration | Scanner Script Duration. | long | +| script.current_time | Current datetime. | date | +| script.name | Scanner Script Name. | keyword | +| script.start | Scanner Start datetime. | date | +| script.type | Scanner Script Type. | keyword | +| script.version | Scanner Script Version. | version | +| tags | List of keywords used to tag each event. | keyword | +| tychon.id | TYCHON unique host identifier. | keyword | + + +An example event for `tychon_arp` looks as following: + +```json +{ + "tychon.id": "c698e42cc0794fd19b2f9157a8a2c88b_737C4D56-5714-9415-3B54-352BA8936AF3_BOTANYBAYEP1_WORKGROUP", + "host.os.version": "2009", + "network.interface": "Ethernet0", + "host.ip": [ + "10.1.9.51" + ], + "host.hostname": "BOTANYBAYEP1", + "host.os.name": "Microsoft Windows 10 Pro", + "host.hardware.manufacturer": "VMware, Inc.", + "script.start": "2023-11-01T18:01:51Z", + "destination.mac": [ + "04-d5-90-f6-de-a3" + ], + "host.hardware.owner": "admin", + "host.hardware.cpu.caption": "Intel64 Family 6 Model 45 Stepping 7", + "destination.hostname": "Request timed out (700 ms)", + "host.os.organization": "", + "host.workgroup": "WORKGROUP", + "host.hardware.serial_number": "VMware-56 4d 7c 73 14 57 15 94-3b 54 35 2b a8 93 6a f3", + "host.ipv4": "10.1.9.51", + "host.oem.manufacturer": "", + "network.direction": "external", + "host.hardware.bios.name": "Phoenix Technologies LTD", + "host.type": "Workstation", + "destination.name": "Request timed out (700 ms)", + "script.type": "powershell", + "host.id": "c698e42cc0794fd19b2f9157a8a2c88b_737C4D56-5714-9415-3B54-352BA8936AF3_BOTANYBAYEP1_WORKGROUP", + "host.biossn": "737C4D56-5714-9415-3B54-352BA8936AF3", + "host.mac": [ + "00:0C:29:93:6A:F3" + ], + "network.type": "IPv4", + "host.oem.model": "", + "host.uptime": "603361.260258", + "id": "BOTANYBAYEP1#11#10.1.9.51#10.1.9.1", + "script.current_time": "2023-11-01T18:02:07Z", + "script.name": "Get-TychonArpInfo.ps1", + "network.state": "dynamic", + "script.version": "2.3.152.0", + "host.os.build": "19045", + "host.os.description": "", + "script.current_duration": "15988.70", + "host.ipv6": "", + "destination.ip": "10.1.9.1", + "host.hardware.bios.version": "6.00", + "host.domain": "", + "host.cloud.hosted": "false", + "host.os.family": "Windows" +} +``` diff --git a/packages/tychon/elasticsearch/transform/arp/fields/agent.yml b/packages/tychon/elasticsearch/transform/arp/fields/agent.yml new file mode 100644 index 00000000000..efacb477dd9 --- /dev/null +++ b/packages/tychon/elasticsearch/transform/arp/fields/agent.yml @@ -0,0 +1,110 @@ +- name: id + description: TYCHON unique document identifier. + type: keyword +- name: tychon + type: group + fields: + - name: id + description: TYCHON unique host identifier. + type: keyword +- name: elastic_agent + type: group + fields: + - name: id + description: Elastic Agent Id. + type: keyword + - name: snapshot + description: Elastic Agent snapshot. + type: boolean + - name: version + description: Elastic Agent Version. + type: keyword +- name: script + type: group + fields: + - name: current_duration + description: Scanner Script Duration. + type: long + - name: current_time + description: Current datetime. + type: date + - name: name + description: Scanner Script Name. + type: keyword + - name: start + description: Scanner Start datetime. + type: date + - name: type + description: Scanner Script Type. + type: keyword + - name: version + description: Scanner Script Version. + type: version +- name: host + title: Host + group: 2 + description: 'A host is defined as a general computing instance. + + ECS host.* fields should be populated with details about the host on which the event happened, or from which the measurement was taken. Host types include hardware, virtual machines, Docker containers, and Kubernetes nodes.' + type: group + fields: + - name: biossn + description: Host BIOS Serial Number. + type: keyword + - name: ipv4 + description: Host IPv4 addresses. + type: ip + - name: ipv6 + description: Host IPv6 addresses. + type: keyword + - name: workgroup + description: Host Workgroup Network Name. + type: keyword + - name: oem + type: group + fields: + - name: manufacturer + description: Host OEM Manufacturer. + type: keyword + - name: model + description: Host OEM Model. + type: keyword + - name: os + type: group + fields: + - name: build + description: Host OS Build. + type: keyword + - name: description + description: Host OS Description. + type: text + - name: organization + description: Host OS Organization. + type: keyword + - name: hardware + type: group + fields: + - name: bios + type: group + fields: + - name: name + description: Host BIOS Name. + type: keyword + - name: version + description: Host BIOS Version. + type: keyword + - name: cpu + type: group + fields: + - name: caption + description: Host CPU Caption. + type: keyword + - name: manufacturer + description: Host BIOS Manufacturer. + type: keyword + - name: owner + description: Host BIOS Owner. + type: keyword + - name: serial_number + description: Host BIOS Serial Number. + type: keyword diff --git a/packages/tychon/elasticsearch/transform/arp/fields/base-fields.yml b/packages/tychon/elasticsearch/transform/arp/fields/base-fields.yml new file mode 100644 index 00000000000..58d1699586e --- /dev/null +++ b/packages/tychon/elasticsearch/transform/arp/fields/base-fields.yml @@ -0,0 +1,12 @@ +- name: input + type: group + fields: + - name: type + description: Input Type. + type: keyword +- name: log + type: group + fields: + - name: offset + description: Log Offset. + type: long diff --git a/packages/tychon/elasticsearch/transform/arp/fields/beats.yml b/packages/tychon/elasticsearch/transform/arp/fields/beats.yml new file mode 100644 index 00000000000..4724cac106c --- /dev/null +++ b/packages/tychon/elasticsearch/transform/arp/fields/beats.yml @@ -0,0 +1,54 @@ +- name: hostname + description: Name of host parsed from syslog message. + type: keyword +- name: http + type: group + fields: + - name: request + type: group + fields: + - name: referer + description: Referrer for this HTTP request. + type: keyword +- name: input + type: group + fields: + - name: type + description: Type of Filebeat input. + type: keyword +- name: log + type: group + fields: + - name: file + type: group + fields: + - name: path + description: Path to the log file. + type: keyword + - name: flags + description: Flags for the log file. + type: keyword + - name: offset + description: Offset of the entry in the log file. + type: long + - name: source + type: group + fields: + - name: address + description: Source address from which the log event was read / sent from. + type: keyword +- name: syslog + type: group + fields: + - name: facility + description: Syslog numeric facility of the event. + type: long + - name: facility_label + description: Syslog text-based facility of the event. + type: keyword + - name: priority + description: Syslog priority of the event. + type: long + - name: severity_label + description: Syslog text-based severity of the event. + type: keyword diff --git a/packages/tychon/elasticsearch/transform/arp/fields/ecs.yml b/packages/tychon/elasticsearch/transform/arp/fields/ecs.yml new file mode 100644 index 00000000000..1b0bb1256af --- /dev/null +++ b/packages/tychon/elasticsearch/transform/arp/fields/ecs.yml @@ -0,0 +1,78 @@ +- external: ecs + name: '@timestamp' +- external: ecs + name: agent.ephemeral_id +- external: ecs + name: agent.id +- external: ecs + name: agent.name +- external: ecs + name: agent.type +- external: ecs + name: agent.version +- external: ecs + name: data_stream.dataset +- external: ecs + name: data_stream.namespace +- external: ecs + name: data_stream.type +- external: ecs + name: destination.ip +- external: ecs + name: destination.mac +- external: ecs + name: ecs.version +- external: ecs + name: event.agent_id_status +- external: ecs + name: event.category +- external: ecs + name: event.dataset +- external: ecs + name: event.kind +- external: ecs + name: event.module +- external: ecs + name: event.timezone +- external: ecs + name: host.architecture +- external: ecs + name: host.domain +- external: ecs + name: host.hostname +- external: ecs + name: host.id +- external: ecs + name: host.ip +- external: ecs + name: host.mac +- external: ecs + name: host.name +- external: ecs + name: host.os.family +- external: ecs + name: host.os.kernel +- external: ecs + name: host.os.name +- external: ecs + name: host.os.platform +- external: ecs + name: host.os.type +- external: ecs + name: host.os.version +- external: ecs + name: host.type +- external: ecs + name: host.uptime +- external: ecs + name: log.file.path +- external: ecs + name: network.direction +- external: ecs + name: network.type +- external: ecs + name: tags +- external: ecs + name: error.message +- external: ecs + name: event.ingested diff --git a/packages/tychon/elasticsearch/transform/arp/fields/fields.yml b/packages/tychon/elasticsearch/transform/arp/fields/fields.yml new file mode 100644 index 00000000000..796b93593cd --- /dev/null +++ b/packages/tychon/elasticsearch/transform/arp/fields/fields.yml @@ -0,0 +1,17 @@ +- name: destination + type: group + fields: + - name: hostname + type: keyword + description: The Translated Hostname of the IP in the ARP Table + - name: name + type: keyword +- name: network + type: group + fields: + - name: interface + type: keyword + description: The interface the ARP Table has associated the destination. + - name: state + type: keyword + description: Current state diff --git a/packages/tychon/elasticsearch/transform/arp/manifest.yml b/packages/tychon/elasticsearch/transform/arp/manifest.yml new file mode 100644 index 00000000000..d2b4a81ca3c --- /dev/null +++ b/packages/tychon/elasticsearch/transform/arp/manifest.yml @@ -0,0 +1,12 @@ +start: true +destination_index_template: + mappings: + dynamic: true + _meta: {} + dynamic_templates: + - strings_as_keyword: + match_mapping_type: string + mapping: + ignore_above: 1024 + type: keyword + date_detection: true diff --git a/packages/tychon/elasticsearch/transform/arp/transform.yml b/packages/tychon/elasticsearch/transform/arp/transform.yml new file mode 100644 index 00000000000..f67a6a29fb6 --- /dev/null +++ b/packages/tychon/elasticsearch/transform/arp/transform.yml @@ -0,0 +1,19 @@ +source: + index: + - logs-tychon.tychon_arp-* +dest: + index: tychon_arp +frequency: 1h +sync: + time: + field: 'event.ingested' + delay: 60s +latest: + unique_key: + - id + sort: '@timestamp' +_meta: + fleet_transform_version: 1.0.3 + run_as_kibana_system: false + managed: true +description: This transformation ensures there is a running configuration of what ARP tables look like on an endpoint from TYCHON. diff --git a/packages/tychon/img/TYCHONScreenShot_1.png b/packages/tychon/img/TYCHONScreenShot_1.png new file mode 100644 index 00000000000..cdd181eb9c2 Binary files /dev/null and b/packages/tychon/img/TYCHONScreenShot_1.png differ diff --git a/packages/tychon/img/TYCHONScreenShot_2.png b/packages/tychon/img/TYCHONScreenShot_2.png new file mode 100644 index 00000000000..dcf2f73ae6d Binary files /dev/null and b/packages/tychon/img/TYCHONScreenShot_2.png differ diff --git a/packages/tychon/img/TychonLogo.svg b/packages/tychon/img/TychonLogo.svg new file mode 100644 index 00000000000..47b482d3444 --- /dev/null +++ b/packages/tychon/img/TychonLogo.svg @@ -0,0 +1,59 @@ + + + + + + + + + + + + + + + + + + + + + + + + diff --git a/packages/tychon/img/TychonScreenshot.png b/packages/tychon/img/TychonScreenshot.png new file mode 100644 index 00000000000..9207bbeac58 Binary files /dev/null and b/packages/tychon/img/TychonScreenshot.png differ diff --git a/packages/tychon/img/tychon-color.png b/packages/tychon/img/tychon-color.png new file mode 100644 index 00000000000..0e2c6d9f1d5 Binary files /dev/null and b/packages/tychon/img/tychon-color.png differ diff --git a/packages/tychon/kibana/dashboard/tychon-078edb40-d137-11e9-a2af-693b633cf871-stig.json b/packages/tychon/kibana/dashboard/tychon-078edb40-d137-11e9-a2af-693b633cf871-stig.json new file mode 100644 index 00000000000..116d2cee793 --- /dev/null +++ b/packages/tychon/kibana/dashboard/tychon-078edb40-d137-11e9-a2af-693b633cf871-stig.json @@ -0,0 +1,168 @@ +{ + "attributes": { + "controlGroupInput": { + "chainingSystem": "HIERARCHICAL", + "controlStyle": "oneLine", + "ignoreParentSettingsJSON": "{\"ignoreFilters\":false,\"ignoreQuery\":false,\"ignoreTimerange\":false,\"ignoreValidations\":false}", + "panelsJSON": "{\"49a66ed0-406a-4bd8-b21b-965eb1f497f9\":{\"type\":\"optionsListControl\",\"order\":0,\"grow\":false,\"width\":\"medium\",\"explicitInput\":{\"id\":\"49a66ed0-406a-4bd8-b21b-965eb1f497f9\",\"fieldName\":\"benchmark.name\",\"title\":\"Benchmark\",\"singleSelect\":false,\"enhancements\":{}}},\"dbbeb350-d58e-4ea2-8079-2b9d4478974f\":{\"type\":\"optionsListControl\",\"order\":1,\"grow\":false,\"width\":\"small\",\"explicitInput\":{\"id\":\"dbbeb350-d58e-4ea2-8079-2b9d4478974f\",\"fieldName\":\"rule.stig_id\",\"title\":\"STIG ID\",\"enhancements\":{}}},\"44a753fb-4299-48af-b65f-ebb50e7a8c3b\":{\"type\":\"optionsListControl\",\"order\":2,\"grow\":false,\"width\":\"small\",\"explicitInput\":{\"id\":\"44a753fb-4299-48af-b65f-ebb50e7a8c3b\",\"fieldName\":\"rule.finding_id\",\"title\":\"Finding ID\",\"singleSelect\":false,\"enhancements\":{}}},\"ac743466-b33c-422d-a482-e9a04f6351ca\":{\"type\":\"optionsListControl\",\"order\":3,\"grow\":false,\"width\":\"medium\",\"explicitInput\":{\"id\":\"ac743466-b33c-422d-a482-e9a04f6351ca\",\"fieldName\":\"rule.oval.id\",\"title\":\"OVAL ID\",\"enhancements\":{}}}}" + }, + "description": "Analyze the status of your current STIG scans run against your endpoints.", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "optionsJSON": "{\"useMargins\":true,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}", + "panelsJSON": "[{\"version\":\"8.8.2\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":0,\"w\":13,\"h\":4,\"i\":\"c9a6aaf7-7ebd-43d6-ae37-eb8664d5c0c5\"},\"panelIndex\":\"c9a6aaf7-7ebd-43d6-ae37-eb8664d5c0c5\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsMetric\",\"type\":\"lens\",\"references\":[{\"id\":\"ed7c1bb4-5aac-45d4-9aff-06f4d4ad4a9a\",\"name\":\"indexpattern-datasource-layer-6fff9691-3ddd-4388-8285-de60ad5d992f\",\"type\":\"index-pattern\"}],\"state\":{\"visualization\":{\"layerId\":\"6fff9691-3ddd-4388-8285-de60ad5d992f\",\"layerType\":\"data\",\"palette\":{\"type\":\"palette\",\"name\":\"status\",\"params\":{\"name\":\"status\",\"reverse\":false,\"rangeType\":\"percent\",\"rangeMin\":0,\"rangeMax\":100,\"progression\":\"fixed\",\"stops\":[{\"color\":\"#209280\",\"stop\":33.33},{\"color\":\"#d6bf57\",\"stop\":66.66},{\"color\":\"#cc5642\",\"stop\":100}],\"steps\":3,\"colorStops\":[],\"continuity\":\"all\",\"maxSteps\":5}},\"metricAccessor\":\"71671d69-d31c-4a61-9ee3-68bacec8d16f\",\"maxAccessor\":\"a2a4b1f7-a375-41c3-8b87-261df67e20c0\",\"showBar\":true,\"progressDirection\":\"horizontal\",\"subtitle\":\"Failed tests to all tests.\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"6fff9691-3ddd-4388-8285-de60ad5d992f\":{\"columns\":{\"71671d69-d31c-4a61-9ee3-68bacec8d16f\":{\"label\":\"Total Failures\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"filter\":{\"query\":\"rule.result: \\\"fail\\\"\",\"language\":\"kuery\"},\"params\":{\"emptyAsNull\":false},\"customLabel\":true},\"a2a4b1f7-a375-41c3-8b87-261df67e20c0\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true},\"filter\":{\"query\":\"rule.result: \\\"fail\\\" or rule.result: \\\"pass\\\"\",\"language\":\"kuery\"}}},\"columnOrder\":[\"71671d69-d31c-4a61-9ee3-68bacec8d16f\",\"a2a4b1f7-a375-41c3-8b87-261df67e20c0\"],\"sampling\":1,\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":true,\"enhancements\":{}}},{\"version\":\"8.8.2\",\"type\":\"lens\",\"gridData\":{\"x\":13,\"y\":0,\"w\":8,\"h\":6,\"i\":\"2b7c414a-b5fb-4a90-9231-26aaa796e7bf\"},\"panelIndex\":\"2b7c414a-b5fb-4a90-9231-26aaa796e7bf\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"description\":\"\",\"visualizationType\":\"lnsLegacyMetric\",\"type\":\"lens\",\"references\":[{\"id\":\"ed7c1bb4-5aac-45d4-9aff-06f4d4ad4a9a\",\"name\":\"indexpattern-datasource-layer-dd63da37-c38e-481c-8749-8d1939e14d4f\",\"type\":\"index-pattern\"}],\"state\":{\"visualization\":{\"layerId\":\"dd63da37-c38e-481c-8749-8d1939e14d4f\",\"accessor\":\"600ef522-0a03-40d3-8833-3090b2b3fe47\",\"layerType\":\"data\",\"titlePosition\":\"bottom\",\"textAlign\":\"center\",\"size\":\"xl\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"dd63da37-c38e-481c-8749-8d1939e14d4f\":{\"columns\":{\"600ef522-0a03-40d3-8833-3090b2b3fe47\":{\"label\":\"Total Hosts\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"tychon.id\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":true},\"customLabel\":true}},\"columnOrder\":[\"600ef522-0a03-40d3-8833-3090b2b3fe47\"],\"sampling\":1,\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":true,\"enhancements\":{}}},{\"version\":\"8.8.2\",\"type\":\"lens\",\"gridData\":{\"x\":21,\"y\":0,\"w\":9,\"h\":6,\"i\":\"6cb8b7bb-6752-4d80-b398-16c5b02eb0b6\"},\"panelIndex\":\"6cb8b7bb-6752-4d80-b398-16c5b02eb0b6\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"description\":\"\",\"visualizationType\":\"lnsLegacyMetric\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"ed7c1bb4-5aac-45d4-9aff-06f4d4ad4a9a\",\"name\":\"indexpattern-datasource-layer-bbddf942-4f39-4965-9729-159c62ef2d15\"}],\"state\":{\"visualization\":{\"layerId\":\"bbddf942-4f39-4965-9729-159c62ef2d15\",\"accessor\":\"c8b77c55-379a-4ac9-baae-bb94adc9f85d\",\"layerType\":\"data\",\"size\":\"xl\",\"titlePosition\":\"bottom\",\"textAlign\":\"center\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"bbddf942-4f39-4965-9729-159c62ef2d15\":{\"columns\":{\"c8b77c55-379a-4ac9-baae-bb94adc9f85d\":{\"label\":\"Total Rules\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true},\"customLabel\":true}},\"columnOrder\":[\"c8b77c55-379a-4ac9-baae-bb94adc9f85d\"],\"sampling\":1,\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":true,\"enhancements\":{}}},{\"version\":\"8.8.2\",\"type\":\"visualization\",\"gridData\":{\"x\":30,\"y\":0,\"w\":4,\"h\":11,\"i\":\"655f71a3-4dd4-4429-9163-46300ac07597\"},\"panelIndex\":\"655f71a3-4dd4-4429-9163-46300ac07597\",\"embeddableConfig\":{\"savedVis\":{\"id\":\"\",\"title\":\"\",\"description\":\"\",\"type\":\"markdown\",\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"| CCRI Score | Description |\\n| :------------ | :------------ |\\n| 20-100% | Critical Concern |\\n| 10-20% | Moderate Concern |\\n| 0-10% | Minor Concern |\\n| 0% | No Concern |\"},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"hidePanelTitles\":true,\"enhancements\":{}}},{\"version\":\"8.8.2\",\"type\":\"lens\",\"gridData\":{\"x\":34,\"y\":0,\"w\":14,\"h\":20,\"i\":\"149977b6-c38d-4715-974d-641c1fc8e57b\"},\"panelIndex\":\"149977b6-c38d-4715-974d-641c1fc8e57b\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"id\":\"ed7c1bb4-5aac-45d4-9aff-06f4d4ad4a9a\",\"name\":\"indexpattern-datasource-layer-5e88cf37-b3d3-4794-acb6-5e30cdcfd93e\",\"type\":\"index-pattern\"}],\"state\":{\"visualization\":{\"layerId\":\"5e88cf37-b3d3-4794-acb6-5e30cdcfd93e\",\"layerType\":\"data\",\"columns\":[{\"columnId\":\"3af96ad3-0927-4d98-926f-ff4a49627148\",\"oneClickFilter\":true},{\"columnId\":\"4136d2b6-93b1-42bb-ad71-6a19e3cc12b8\",\"alignment\":\"center\",\"colorMode\":\"cell\",\"palette\":{\"type\":\"palette\",\"name\":\"temperature\",\"params\":{\"stops\":[{\"color\":\"#6092c0\",\"stop\":0},{\"color\":\"#a8bfda\",\"stop\":20},{\"color\":\"#ebeff5\",\"stop\":40},{\"color\":\"#ecb385\",\"stop\":60},{\"color\":\"#e7664c\",\"stop\":80}],\"name\":\"temperature\",\"continuity\":\"above\",\"reverse\":false,\"rangeMin\":0,\"rangeMax\":null}},\"hidden\":false,\"summaryRow\":\"avg\"}]},\"query\":{\"query\":\"rule.result.score :*\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"5e88cf37-b3d3-4794-acb6-5e30cdcfd93e\":{\"columns\":{\"3af96ad3-0927-4d98-926f-ff4a49627148\":{\"label\":\"Benchmark\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"benchmarkname\",\"isBucketed\":true,\"params\":{\"size\":100,\"orderBy\":{\"type\":\"alphabetical\",\"fallback\":true},\"orderDirection\":\"asc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"4136d2b6-93b1-42bb-ad71-6a19e3cc12b8X0\":{\"label\":\"Part of Score %\",\"dataType\":\"number\",\"operationType\":\"sum\",\"sourceField\":\"rule.result.score\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"emptyAsNull\":false},\"customLabel\":true},\"4136d2b6-93b1-42bb-ad71-6a19e3cc12b8X1\":{\"label\":\"Part of Score %\",\"dataType\":\"number\",\"operationType\":\"sum\",\"sourceField\":\"rule.result.score\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"emptyAsNull\":false},\"customLabel\":true},\"4136d2b6-93b1-42bb-ad71-6a19e3cc12b8X2\":{\"label\":\"Part of Score %\",\"dataType\":\"number\",\"operationType\":\"overall_sum\",\"isBucketed\":false,\"scale\":\"ratio\",\"references\":[\"4136d2b6-93b1-42bb-ad71-6a19e3cc12b8X1\"],\"customLabel\":true},\"4136d2b6-93b1-42bb-ad71-6a19e3cc12b8X3\":{\"label\":\"Part of Score %\",\"dataType\":\"number\",\"operationType\":\"math\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"tinymathAst\":{\"type\":\"function\",\"name\":\"divide\",\"args\":[\"4136d2b6-93b1-42bb-ad71-6a19e3cc12b8X0\",\"4136d2b6-93b1-42bb-ad71-6a19e3cc12b8X2\"],\"location\":{\"min\":0,\"max\":62},\"text\":\"(sum(rule.result.score) / overall_sum(sum(rule.result.score)))\"}},\"references\":[\"4136d2b6-93b1-42bb-ad71-6a19e3cc12b8X0\",\"4136d2b6-93b1-42bb-ad71-6a19e3cc12b8X2\"],\"customLabel\":true},\"4136d2b6-93b1-42bb-ad71-6a19e3cc12b8\":{\"label\":\"Score %\",\"dataType\":\"number\",\"operationType\":\"formula\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"formula\":\"(sum(rule.result.score) / overall_sum(sum(rule.result.score)))\",\"isFormulaBroken\":false,\"format\":{\"id\":\"percent\",\"params\":{\"decimals\":0}}},\"references\":[\"4136d2b6-93b1-42bb-ad71-6a19e3cc12b8X3\"],\"customLabel\":true}},\"columnOrder\":[\"3af96ad3-0927-4d98-926f-ff4a49627148\",\"4136d2b6-93b1-42bb-ad71-6a19e3cc12b8\",\"4136d2b6-93b1-42bb-ad71-6a19e3cc12b8X0\",\"4136d2b6-93b1-42bb-ad71-6a19e3cc12b8X1\",\"4136d2b6-93b1-42bb-ad71-6a19e3cc12b8X2\",\"4136d2b6-93b1-42bb-ad71-6a19e3cc12b8X3\"],\"sampling\":1,\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{},\"hidePanelTitles\":true}},{\"version\":\"8.8.2\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":4,\"w\":13,\"h\":4,\"i\":\"cec1fd74-b355-4dde-a4d0-a249bbe4f600\"},\"panelIndex\":\"cec1fd74-b355-4dde-a4d0-a249bbe4f600\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsMetric\",\"type\":\"lens\",\"references\":[{\"id\":\"ed7c1bb4-5aac-45d4-9aff-06f4d4ad4a9a\",\"name\":\"indexpattern-datasource-layer-6fff9691-3ddd-4388-8285-de60ad5d992f\",\"type\":\"index-pattern\"}],\"state\":{\"visualization\":{\"layerId\":\"6fff9691-3ddd-4388-8285-de60ad5d992f\",\"layerType\":\"data\",\"palette\":{\"name\":\"custom\",\"type\":\"palette\",\"params\":{\"steps\":3,\"name\":\"custom\",\"reverse\":false,\"rangeType\":\"percent\",\"rangeMin\":null,\"rangeMax\":null,\"progression\":\"fixed\",\"stops\":[{\"color\":\"#E7664C\",\"stop\":33.33},{\"color\":\"#DA8B45\",\"stop\":66.66},{\"color\":\"#6092C0\",\"stop\":100}],\"colorStops\":[{\"color\":\"#E7664C\",\"stop\":null},{\"color\":\"#DA8B45\",\"stop\":33.33},{\"color\":\"#6092C0\",\"stop\":66.66}],\"continuity\":\"all\",\"maxSteps\":5}},\"metricAccessor\":\"71671d69-d31c-4a61-9ee3-68bacec8d16f\",\"maxAccessor\":\"a2a4b1f7-a375-41c3-8b87-261df67e20c0\",\"showBar\":true,\"progressDirection\":\"horizontal\",\"subtitle\":\"Passed tests to all tests.\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"6fff9691-3ddd-4388-8285-de60ad5d992f\":{\"columns\":{\"71671d69-d31c-4a61-9ee3-68bacec8d16f\":{\"label\":\"Total Passes\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"filter\":{\"query\":\"rule.result: \\\"pass\\\"\",\"language\":\"kuery\"},\"params\":{\"emptyAsNull\":false},\"customLabel\":true},\"a2a4b1f7-a375-41c3-8b87-261df67e20c0\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true},\"filter\":{\"query\":\"rule.result: \\\"fail\\\" or rule.result: \\\"pass\\\"\",\"language\":\"kuery\"}}},\"columnOrder\":[\"71671d69-d31c-4a61-9ee3-68bacec8d16f\",\"a2a4b1f7-a375-41c3-8b87-261df67e20c0\"],\"sampling\":1,\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":true,\"enhancements\":{}},\"title\":\"\"},{\"version\":\"8.8.2\",\"type\":\"lens\",\"gridData\":{\"x\":13,\"y\":6,\"w\":8,\"h\":10,\"i\":\"28e2a613-0d7f-4476-aed1-7175f2a18f28\"},\"panelIndex\":\"28e2a613-0d7f-4476-aed1-7175f2a18f28\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsPie\",\"type\":\"lens\",\"references\":[{\"id\":\"ed7c1bb4-5aac-45d4-9aff-06f4d4ad4a9a\",\"name\":\"indexpattern-datasource-layer-7ab9f589-0859-4a2d-a405-8041d7078f67\",\"type\":\"index-pattern\"}],\"state\":{\"visualization\":{\"shape\":\"donut\",\"layers\":[{\"layerId\":\"7ab9f589-0859-4a2d-a405-8041d7078f67\",\"primaryGroups\":[\"2e5e2a7f-5d61-4b93-b105-11d149d39607\"],\"secondaryGroups\":[],\"metrics\":[\"45feac65-b609-44f9-832f-b6d72365b5d8\"],\"numberDisplay\":\"percent\",\"categoryDisplay\":\"default\",\"legendDisplay\":\"default\",\"nestedLegend\":false,\"layerType\":\"data\",\"allowMultipleMetrics\":false}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"7ab9f589-0859-4a2d-a405-8041d7078f67\":{\"columns\":{\"2e5e2a7f-5d61-4b93-b105-11d149d39607\":{\"label\":\"OS Name\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.os.name\",\"isBucketed\":true,\"params\":{\"size\":10,\"orderBy\":{\"type\":\"column\",\"columnId\":\"45feac65-b609-44f9-832f-b6d72365b5d8\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false,\"secondaryFields\":[]},\"customLabel\":true},\"45feac65-b609-44f9-832f-b6d72365b5d8\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true}}},\"columnOrder\":[\"2e5e2a7f-5d61-4b93-b105-11d149d39607\",\"45feac65-b609-44f9-832f-b6d72365b5d8\"],\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Operating System\"},{\"version\":\"8.8.2\",\"type\":\"lens\",\"gridData\":{\"x\":21,\"y\":6,\"w\":9,\"h\":10,\"i\":\"13f2d060-9d0e-4fba-9ab5-d2f3baeb0250\"},\"panelIndex\":\"13f2d060-9d0e-4fba-9ab5-d2f3baeb0250\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsPie\",\"type\":\"lens\",\"references\":[{\"id\":\"ed7c1bb4-5aac-45d4-9aff-06f4d4ad4a9a\",\"name\":\"indexpattern-datasource-layer-8d93f7aa-9914-492a-a515-42761f7602a6\",\"type\":\"index-pattern\"}],\"state\":{\"visualization\":{\"shape\":\"donut\",\"layers\":[{\"layerId\":\"8d93f7aa-9914-492a-a515-42761f7602a6\",\"primaryGroups\":[\"9fb8d8eb-a066-4a91-8fdc-2fb8a632698d\"],\"metrics\":[\"9185484c-03ef-4d02-8714-d3226d0fc7a2\"],\"numberDisplay\":\"percent\",\"categoryDisplay\":\"default\",\"legendDisplay\":\"default\",\"nestedLegend\":false,\"layerType\":\"data\",\"collapseFns\":{\"5d8b4201-d4ea-4da3-a2a8-a70c399b406e\":\"\"}}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"8d93f7aa-9914-492a-a515-42761f7602a6\":{\"columns\":{\"9185484c-03ef-4d02-8714-d3226d0fc7a2\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true}},\"9fb8d8eb-a066-4a91-8fdc-2fb8a632698d\":{\"label\":\"Top 3 values of host.os.kernel\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.os.kernel\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"9185484c-03ef-4d02-8714-d3226d0fc7a2\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false}}},\"columnOrder\":[\"9fb8d8eb-a066-4a91-8fdc-2fb8a632698d\",\"9185484c-03ef-4d02-8714-d3226d0fc7a2\"],\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Kernels\"},{\"version\":\"8.8.2\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":8,\"w\":13,\"h\":8,\"i\":\"87fa7e60-7def-4b15-a49b-1f651cfee463\"},\"panelIndex\":\"87fa7e60-7def-4b15-a49b-1f651cfee463\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"description\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"id\":\"ed7c1bb4-5aac-45d4-9aff-06f4d4ad4a9a\",\"name\":\"indexpattern-datasource-layer-93bb9ce5-6dc1-41ec-bff3-f8c606cab5c9\",\"type\":\"index-pattern\"}],\"state\":{\"visualization\":{\"columns\":[{\"columnId\":\"ecc959a5-6cb4-43ed-bd8e-c8a11c51d3d2\",\"isTransposed\":false},{\"columnId\":\"31cd5bd5-bf05-4039-a241-c75a16ad9165\",\"isTransposed\":false,\"summaryRow\":\"sum\",\"summaryLabel\":\"Total\"},{\"columnId\":\"87f792ec-41cb-4052-ae3c-8e39032305c0\",\"isTransposed\":false,\"summaryRow\":\"sum\",\"summaryLabel\":\"Total\"}],\"layerId\":\"93bb9ce5-6dc1-41ec-bff3-f8c606cab5c9\",\"layerType\":\"data\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"93bb9ce5-6dc1-41ec-bff3-f8c606cab5c9\":{\"columns\":{\"ecc959a5-6cb4-43ed-bd8e-c8a11c51d3d2\":{\"label\":\"Severity\",\"dataType\":\"string\",\"operationType\":\"filters\",\"scale\":\"ordinal\",\"isBucketed\":true,\"params\":{\"filters\":[{\"input\":{\"query\":\"rule.severity :\\\"high\\\" \",\"language\":\"kuery\"},\"label\":\"CAT I\"},{\"input\":{\"query\":\"rule.severity : \\\"medium\\\" \",\"language\":\"kuery\"},\"label\":\"CAT II\"},{\"input\":{\"query\":\"rule.severity : \\\"low\\\" \",\"language\":\"kuery\"},\"label\":\"CAT III\"}]},\"customLabel\":true},\"31cd5bd5-bf05-4039-a241-c75a16ad9165\":{\"label\":\"Total Fails\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"filter\":{\"query\":\"rule.result : \\\"fail\\\" \",\"language\":\"kuery\"},\"params\":{\"emptyAsNull\":false},\"customLabel\":true},\"87f792ec-41cb-4052-ae3c-8e39032305c0\":{\"label\":\"Total Pass\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"filter\":{\"query\":\"rule.result : \\\"pass\\\" \",\"language\":\"kuery\"},\"params\":{\"emptyAsNull\":true},\"customLabel\":true}},\"columnOrder\":[\"ecc959a5-6cb4-43ed-bd8e-c8a11c51d3d2\",\"31cd5bd5-bf05-4039-a241-c75a16ad9165\",\"87f792ec-41cb-4052-ae3c-8e39032305c0\"],\"sampling\":1,\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"description\":\"Passes and Fails broken down by the rule severity level.\",\"enhancements\":{}},\"title\":\"Severity Breakdown\"},{\"version\":\"8.8.2\",\"type\":\"lens\",\"gridData\":{\"x\":30,\"y\":11,\"w\":4,\"h\":20,\"i\":\"ca6d3287-d16e-4e2f-9216-6140f4f2b4c1\"},\"panelIndex\":\"ca6d3287-d16e-4e2f-9216-6140f4f2b4c1\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsGauge\",\"type\":\"lens\",\"references\":[{\"id\":\"ed7c1bb4-5aac-45d4-9aff-06f4d4ad4a9a\",\"name\":\"indexpattern-datasource-layer-771df181-6280-4ee3-b215-d26003efa966\",\"type\":\"index-pattern\"}],\"state\":{\"visualization\":{\"shape\":\"verticalBullet\",\"layerId\":\"771df181-6280-4ee3-b215-d26003efa966\",\"layerType\":\"data\",\"ticksPosition\":\"bands\",\"labelMajorMode\":\"auto\",\"metricAccessor\":\"33881eb3-ce77-4a4f-b41f-e74e4b17ff86\",\"maxAccessor\":\"e31a8da1-6c99-4e57-a6f6-510b5d44e88b\",\"palette\":{\"name\":\"custom\",\"type\":\"palette\",\"params\":{\"steps\":3,\"name\":\"custom\",\"reverse\":false,\"rangeType\":\"percent\",\"rangeMin\":null,\"rangeMax\":null,\"progression\":\"fixed\",\"stops\":[{\"color\":\"#AFB8C680\",\"stop\":33.33},{\"color\":\"#DA8B45\",\"stop\":66.66},{\"color\":\"#E7664C\",\"stop\":100}],\"colorStops\":[{\"color\":\"#AFB8C680\",\"stop\":null},{\"color\":\"#DA8B45\",\"stop\":33.33},{\"color\":\"#E7664C\",\"stop\":66.66}],\"continuity\":\"all\",\"maxSteps\":5}},\"colorMode\":\"palette\",\"minAccessor\":\"ccf28f2a-27d2-4cc2-a4c0-f9d06ea672dc\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"771df181-6280-4ee3-b215-d26003efa966\":{\"columns\":{\"33881eb3-ce77-4a4f-b41f-e74e4b17ff86\":{\"label\":\"Failure Score\",\"dataType\":\"number\",\"operationType\":\"sum\",\"sourceField\":\"rule.result.score\",\"isBucketed\":false,\"scale\":\"ratio\",\"filter\":{\"query\":\"rule.result: \\\"fail\\\"\",\"language\":\"kuery\"},\"params\":{\"emptyAsNull\":false},\"customLabel\":true},\"e31a8da1-6c99-4e57-a6f6-510b5d44e88b\":{\"label\":\"Sum of rule.weight\",\"dataType\":\"number\",\"operationType\":\"sum\",\"sourceField\":\"rule.weight\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"emptyAsNull\":true},\"filter\":{\"query\":\"rule.result : \\\"fail\\\" or rule.result : \\\"pass\\\"\",\"language\":\"kuery\"}},\"ccf28f2a-27d2-4cc2-a4c0-f9d06ea672dc\":{\"label\":\"Static value: 0\",\"dataType\":\"number\",\"operationType\":\"static_value\",\"isStaticValue\":true,\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"value\":\"0\"},\"references\":[]}},\"columnOrder\":[\"33881eb3-ce77-4a4f-b41f-e74e4b17ff86\",\"e31a8da1-6c99-4e57-a6f6-510b5d44e88b\",\"ccf28f2a-27d2-4cc2-a4c0-f9d06ea672dc\"],\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":true,\"enhancements\":{}}},{\"version\":\"8.8.2\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":16,\"w\":30,\"h\":15,\"i\":\"3d731c15-8a40-45e3-bb29-f6aed782e586\"},\"panelIndex\":\"3d731c15-8a40-45e3-bb29-f6aed782e586\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"description\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"ed7c1bb4-5aac-45d4-9aff-06f4d4ad4a9a\",\"name\":\"indexpattern-datasource-layer-cbc12900-bf4a-46dd-b2a6-bd0477c82967\"}],\"state\":{\"visualization\":{\"columns\":[{\"isTransposed\":false,\"columnId\":\"30c31964-540e-4717-bd75-e40ea661192e\",\"oneClickFilter\":true},{\"isTransposed\":false,\"columnId\":\"ff66c536-1d5f-4bb4-8890-ec64e448627a\",\"alignment\":\"center\",\"colorMode\":\"cell\",\"palette\":{\"type\":\"palette\",\"name\":\"temperature\",\"params\":{\"stops\":[{\"color\":\"#6092c0\",\"stop\":0},{\"color\":\"#a8bfda\",\"stop\":20},{\"color\":\"#ebeff5\",\"stop\":40},{\"color\":\"#ecb385\",\"stop\":60},{\"color\":\"#e7664c\",\"stop\":80}],\"name\":\"temperature\",\"continuity\":\"above\",\"reverse\":false,\"rangeMin\":0,\"rangeMax\":null}}},{\"columnId\":\"eca93477-2464-4ff3-bc2a-63468a90b200\",\"isTransposed\":false,\"alignment\":\"center\",\"oneClickFilter\":true},{\"columnId\":\"8bdbac72-279d-4c9a-a1b8-0bd49791e78d\",\"isTransposed\":false,\"oneClickFilter\":false,\"alignment\":\"center\"},{\"columnId\":\"d84fce0c-6ffe-47fe-a85c-6286ca255f7f\",\"isTransposed\":true}],\"layerId\":\"cbc12900-bf4a-46dd-b2a6-bd0477c82967\",\"layerType\":\"data\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"cbc12900-bf4a-46dd-b2a6-bd0477c82967\":{\"columns\":{\"30c31964-540e-4717-bd75-e40ea661192e\":{\"label\":\"Hostname\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.hostname\",\"isBucketed\":true,\"params\":{\"size\":100,\"orderBy\":{\"type\":\"custom\"},\"orderAgg\":{\"label\":\"Sum of rule.result.score\",\"dataType\":\"number\",\"operationType\":\"sum\",\"sourceField\":\"rule.result.score\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"emptyAsNull\":true}},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"ff66c536-1d5f-4bb4-8890-ec64e448627a\":{\"label\":\"Overall Score\",\"dataType\":\"number\",\"operationType\":\"sum\",\"sourceField\":\"rule.result.score\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"emptyAsNull\":false},\"customLabel\":true},\"eca93477-2464-4ff3-bc2a-63468a90b200\":{\"label\":\"IP Address\",\"dataType\":\"ip\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.ip\",\"isBucketed\":true,\"params\":{\"size\":1,\"orderBy\":{\"type\":\"alphabetical\",\"fallback\":false},\"orderDirection\":\"asc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"8bdbac72-279d-4c9a-a1b8-0bd49791e78d\":{\"label\":\"Domain\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.domain\",\"isBucketed\":true,\"params\":{\"size\":1,\"orderBy\":{\"type\":\"alphabetical\",\"fallback\":false},\"orderDirection\":\"asc\",\"otherBucket\":false,\"missingBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"d84fce0c-6ffe-47fe-a85c-6286ca255f7f\":{\"label\":\"Benchmark Name\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"benchmark.name\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"ff66c536-1d5f-4bb4-8890-ec64e448627a\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true}},\"columnOrder\":[\"d84fce0c-6ffe-47fe-a85c-6286ca255f7f\",\"30c31964-540e-4717-bd75-e40ea661192e\",\"eca93477-2464-4ff3-bc2a-63468a90b200\",\"8bdbac72-279d-4c9a-a1b8-0bd49791e78d\",\"ff66c536-1d5f-4bb4-8890-ec64e448627a\"],\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{\"dynamicActions\":{\"events\":[{\"eventId\":\"3c0dfe4d-c571-4127-ba6c-7362042cf2e2\",\"triggers\":[\"FILTER_TRIGGER\"],\"action\":{\"factoryId\":\"DASHBOARD_TO_DASHBOARD_DRILLDOWN\",\"name\":\"View Benchmark Results for this Endpoint\",\"config\":{\"useCurrentFilters\":true,\"useCurrentDateRange\":true,\"openInNewTab\":false}}}]}},\"description\":\"By host breakdown of failing STIG checks and the sum of their score.\"},\"title\":\"Top 100 Vulnerable Hosts\"},{\"version\":\"8.8.2\",\"type\":\"lens\",\"gridData\":{\"x\":34,\"y\":20,\"w\":14,\"h\":11,\"i\":\"5bf2f4f8-4744-4f94-b99d-69b88ff226d1\"},\"panelIndex\":\"5bf2f4f8-4744-4f94-b99d-69b88ff226d1\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"id\":\"df491fbb-3f09-4ab0-995a-c2c549a9bc21\",\"name\":\"indexpattern-datasource-layer-0e956b5d-4b99-4efc-98a3-8b5ad23c4cab\",\"type\":\"index-pattern\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"preferredSeriesType\":\"area_stacked\",\"layers\":[{\"layerId\":\"0e956b5d-4b99-4efc-98a3-8b5ad23c4cab\",\"accessors\":[\"b876dcfc-0fd2-4fcb-9602-65c9ea2c85fe\"],\"position\":\"top\",\"seriesType\":\"area_stacked\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"cb589ffa-895e-453a-ad68-df02d014d992\"}]},\"query\":{\"query\":\"event.code: 8107\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"0e956b5d-4b99-4efc-98a3-8b5ad23c4cab\":{\"columns\":{\"cb589ffa-895e-453a-ad68-df02d014d992\":{\"label\":\"event.created\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"event.created\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"h\",\"includeEmptyRows\":true,\"dropPartials\":false,\"ignoreTimeRange\":true}},\"b876dcfc-0fd2-4fcb-9602-65c9ea2c85fe\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true}}},\"columnOrder\":[\"cb589ffa-895e-453a-ad68-df02d014d992\",\"b876dcfc-0fd2-4fcb-9602-65c9ea2c85fe\"],\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{},\"description\":\"This is the event trigger of Benchmark scans completed on endpoints. This is not based on results but on the event log flagging that a scan was completed. \"},\"title\":\"Benchmark Scan Rates\"},{\"version\":\"8.8.2\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":31,\"w\":11,\"h\":25,\"i\":\"100e003c-689d-4ccb-a36e-3a61c8aa1f37\"},\"panelIndex\":\"100e003c-689d-4ccb-a36e-3a61c8aa1f37\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"description\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"ed7c1bb4-5aac-45d4-9aff-06f4d4ad4a9a\",\"name\":\"indexpattern-datasource-layer-531949cb-8d36-4358-b503-c470db2357b8\"},{\"type\":\"index-pattern\",\"name\":\"68fe6bfd-8554-40ce-9803-f0fa1fa5f047\",\"id\":\"ed7c1bb4-5aac-45d4-9aff-06f4d4ad4a9a\"}],\"state\":{\"visualization\":{\"layerId\":\"531949cb-8d36-4358-b503-c470db2357b8\",\"layerType\":\"data\",\"columns\":[{\"isTransposed\":false,\"columnId\":\"694097f4-e845-4f15-a42b-3fd4b5731141\"},{\"isTransposed\":false,\"columnId\":\"24eae38e-8e7e-40fd-aa3a-19cd55219b6c\"},{\"isTransposed\":false,\"columnId\":\"e2c1831b-bcc2-49b1-b286-a80e84bfebe1\"},{\"columnId\":\"20ad1142-7e78-47f7-8889-6069ad3f7a46\",\"isTransposed\":false,\"alignment\":\"center\"},{\"columnId\":\"2a90ac34-3274-49b2-bac3-2dac93b5e0a6\",\"isTransposed\":false,\"alignment\":\"center\"}],\"paging\":{\"enabled\":true,\"size\":30}},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[{\"meta\":{\"index\":\"68fe6bfd-8554-40ce-9803-f0fa1fa5f047\",\"negate\":true,\"type\":\"phrase\",\"key\":\"STIG_ID\",\"params\":{\"query\":\"\"},\"disabled\":false,\"alias\":null},\"query\":{\"match_phrase\":{\"STIG_ID\":\"\"}},\"$state\":{\"store\":\"appState\"}}],\"datasourceStates\":{\"formBased\":{\"layers\":{\"531949cb-8d36-4358-b503-c470db2357b8\":{\"columns\":{\"694097f4-e845-4f15-a42b-3fd4b5731141\":{\"label\":\"Vuln ID\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"VULN_ID\",\"isBucketed\":true,\"params\":{\"size\":300,\"orderBy\":{\"type\":\"column\",\"columnId\":\"e2c1831b-bcc2-49b1-b286-a80e84bfebe1\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"24eae38e-8e7e-40fd-aa3a-19cd55219b6c\":{\"label\":\"STIG ID\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"rule.stig_id\",\"isBucketed\":true,\"params\":{\"size\":1,\"orderBy\":{\"type\":\"column\",\"columnId\":\"e2c1831b-bcc2-49b1-b286-a80e84bfebe1\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false,\"secondaryFields\":[]},\"customLabel\":true},\"e2c1831b-bcc2-49b1-b286-a80e84bfebe1\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true}},\"20ad1142-7e78-47f7-8889-6069ad3f7a46\":{\"label\":\"Result\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"rule.result\",\"isBucketed\":true,\"params\":{\"size\":1,\"orderBy\":{\"type\":\"column\",\"columnId\":\"e2c1831b-bcc2-49b1-b286-a80e84bfebe1\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"2a90ac34-3274-49b2-bac3-2dac93b5e0a6\":{\"label\":\"Finding ID\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"rule.finding_id\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"e2c1831b-bcc2-49b1-b286-a80e84bfebe1\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false,\"secondaryFields\":[]},\"customLabel\":true}},\"columnOrder\":[\"694097f4-e845-4f15-a42b-3fd4b5731141\",\"24eae38e-8e7e-40fd-aa3a-19cd55219b6c\",\"2a90ac34-3274-49b2-bac3-2dac93b5e0a6\",\"20ad1142-7e78-47f7-8889-6069ad3f7a46\",\"e2c1831b-bcc2-49b1-b286-a80e84bfebe1\"],\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Rule Results\"},{\"version\":\"8.8.2\",\"type\":\"lens\",\"gridData\":{\"x\":11,\"y\":31,\"w\":37,\"h\":11,\"i\":\"e9b5a9c0-5358-43e6-bcf3-ca3dbfe6ee60\"},\"panelIndex\":\"e9b5a9c0-5358-43e6-bcf3-ca3dbfe6ee60\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"description\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"id\":\"7d972a32-d117-4963-a7bf-58fc65fb1ee8\",\"name\":\"indexpattern-datasource-layer-324940c5-7336-4d83-afd8-f132999ad21d\",\"type\":\"index-pattern\"},{\"id\":\"7d972a32-d117-4963-a7bf-58fc65fb1ee8\",\"name\":\"de7d5fcd-69c9-489a-ad14-e43451dc3eaa\",\"type\":\"index-pattern\"},{\"id\":\"7d972a32-d117-4963-a7bf-58fc65fb1ee8\",\"name\":\"82886999-a1d2-44ca-9355-6473b13151a2\",\"type\":\"index-pattern\"}],\"state\":{\"visualization\":{\"title\":\"Empty XY chart\",\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"valueLabels\":\"hide\",\"preferredSeriesType\":\"area\",\"layers\":[{\"layerId\":\"324940c5-7336-4d83-afd8-f132999ad21d\",\"accessors\":[\"c7ed6ef5-293c-4841-8d4b-44ba3a962b27\"],\"position\":\"top\",\"seriesType\":\"area\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"4c922613-246c-4854-8a29-4a64075d585e\",\"splitAccessor\":\"9fe8831b-a25f-4432-874b-af29a49486d1\",\"palette\":{\"type\":\"palette\",\"name\":\"temperature\"}}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[{\"meta\":{\"index\":\"de7d5fcd-69c9-489a-ad14-e43451dc3eaa\",\"negate\":true,\"type\":\"phrase\",\"key\":\"rule.result\",\"params\":{\"query\":\"not applicable\"},\"disabled\":false,\"alias\":null},\"query\":{\"match_phrase\":{\"rule.result\":\"not applicable\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"index\":\"82886999-a1d2-44ca-9355-6473b13151a2\",\"negate\":true,\"type\":\"phrase\",\"key\":\"rule.result\",\"params\":{\"query\":\"unknown\"},\"disabled\":false,\"alias\":null},\"query\":{\"match_phrase\":{\"rule.result\":\"unknown\"}},\"$state\":{\"store\":\"appState\"}}],\"datasourceStates\":{\"formBased\":{\"layers\":{\"324940c5-7336-4d83-afd8-f132999ad21d\":{\"columns\":{\"4c922613-246c-4854-8a29-4a64075d585e\":{\"label\":\"event.ingested\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"event.ingested\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\",\"includeEmptyRows\":true,\"dropPartials\":false}},\"c7ed6ef5-293c-4841-8d4b-44ba3a962b27\":{\"label\":\"STIG Counts\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true},\"customLabel\":true},\"9fe8831b-a25f-4432-874b-af29a49486d1\":{\"label\":\"Top 4 values of rule.result\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"rule.result\",\"isBucketed\":true,\"params\":{\"size\":4,\"orderBy\":{\"type\":\"column\",\"columnId\":\"c7ed6ef5-293c-4841-8d4b-44ba3a962b27\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false}}},\"columnOrder\":[\"9fe8831b-a25f-4432-874b-af29a49486d1\",\"4c922613-246c-4854-8a29-4a64075d585e\",\"c7ed6ef5-293c-4841-8d4b-44ba3a962b27\"],\"sampling\":1,\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"description\":\"TYCHON continuously reports the status of STIG results, this is the history of those results.\",\"enhancements\":{}},\"title\":\"STIG Scan Results History \"},{\"version\":\"8.8.2\",\"type\":\"lens\",\"gridData\":{\"x\":11,\"y\":42,\"w\":37,\"h\":14,\"i\":\"0259e2ee-6cce-430e-8e87-d57537a418f0\"},\"panelIndex\":\"0259e2ee-6cce-430e-8e87-d57537a418f0\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsPie\",\"type\":\"lens\",\"references\":[{\"id\":\"ed7c1bb4-5aac-45d4-9aff-06f4d4ad4a9a\",\"name\":\"indexpattern-datasource-layer-159bfab9-7c23-4970-a3b5-5fbfe799e5f4\",\"type\":\"index-pattern\"}],\"state\":{\"visualization\":{\"shape\":\"treemap\",\"palette\":{\"type\":\"palette\",\"name\":\"temperature\"},\"layers\":[{\"layerId\":\"159bfab9-7c23-4970-a3b5-5fbfe799e5f4\",\"primaryGroups\":[\"55733772-e80d-4270-b1ec-3cb02c639a4a\"],\"secondaryGroups\":[],\"metrics\":[\"3f83400f-c042-46f1-acaa-22fc25d8fdbd\"],\"numberDisplay\":\"percent\",\"categoryDisplay\":\"default\",\"legendDisplay\":\"default\",\"nestedLegend\":false,\"layerType\":\"data\",\"collapseFns\":{\"55733772-e80d-4270-b1ec-3cb02c639a4a\":\"\"}}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"159bfab9-7c23-4970-a3b5-5fbfe799e5f4\":{\"columns\":{\"55733772-e80d-4270-b1ec-3cb02c639a4a\":{\"label\":\"Top 1000 values of rule.oval.id\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"rule.oval.id\",\"isBucketed\":true,\"params\":{\"size\":1000,\"orderBy\":{\"type\":\"column\",\"columnId\":\"3f83400f-c042-46f1-acaa-22fc25d8fdbd\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false}},\"3f83400f-c042-46f1-acaa-22fc25d8fdbd\":{\"label\":\"Sum of rule.result.score\",\"dataType\":\"number\",\"operationType\":\"sum\",\"sourceField\":\"rule.result.score\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"emptyAsNull\":true}}},\"columnOrder\":[\"55733772-e80d-4270-b1ec-3cb02c639a4a\",\"3f83400f-c042-46f1-acaa-22fc25d8fdbd\"],\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Rule Result Map\"}]", + "refreshInterval": { + "pause": true, + "value": 0 + }, + "timeFrom": "now-7d/d", + "timeRestore": true, + "timeTo": "now", + "title": "[TYCHON] STIG Report Dashboard", + "version": 1 + }, + "coreMigrationVersion": "8.8.0", + "created_at": "2023-08-31T11:43:43.382Z", + "id": "tychon-078edb40-d137-11e9-a2af-693b633cf871-stig", + "migrationVersion": { + "dashboard": "8.6.0" + }, + "managed": true, + "references": [ + { + "id": "ed7c1bb4-5aac-45d4-9aff-06f4d4ad4a9a", + "name": "c9a6aaf7-7ebd-43d6-ae37-eb8664d5c0c5:indexpattern-datasource-layer-6fff9691-3ddd-4388-8285-de60ad5d992f", + "type": "index-pattern" + }, + { + "id": "ed7c1bb4-5aac-45d4-9aff-06f4d4ad4a9a", + "name": "2b7c414a-b5fb-4a90-9231-26aaa796e7bf:indexpattern-datasource-layer-dd63da37-c38e-481c-8749-8d1939e14d4f", + "type": "index-pattern" + }, + { + "id": "ed7c1bb4-5aac-45d4-9aff-06f4d4ad4a9a", + "name": "6cb8b7bb-6752-4d80-b398-16c5b02eb0b6:indexpattern-datasource-layer-bbddf942-4f39-4965-9729-159c62ef2d15", + "type": "index-pattern" + }, + { + "id": "ed7c1bb4-5aac-45d4-9aff-06f4d4ad4a9a", + "name": "149977b6-c38d-4715-974d-641c1fc8e57b:indexpattern-datasource-layer-5e88cf37-b3d3-4794-acb6-5e30cdcfd93e", + "type": "index-pattern" + }, + { + "id": "ed7c1bb4-5aac-45d4-9aff-06f4d4ad4a9a", + "name": "cec1fd74-b355-4dde-a4d0-a249bbe4f600:indexpattern-datasource-layer-6fff9691-3ddd-4388-8285-de60ad5d992f", + "type": "index-pattern" + }, + { + "id": "ed7c1bb4-5aac-45d4-9aff-06f4d4ad4a9a", + "name": "28e2a613-0d7f-4476-aed1-7175f2a18f28:indexpattern-datasource-layer-7ab9f589-0859-4a2d-a405-8041d7078f67", + "type": "index-pattern" + }, + { + "id": "ed7c1bb4-5aac-45d4-9aff-06f4d4ad4a9a", + "name": "13f2d060-9d0e-4fba-9ab5-d2f3baeb0250:indexpattern-datasource-layer-8d93f7aa-9914-492a-a515-42761f7602a6", + "type": "index-pattern" + }, + { + "id": "ed7c1bb4-5aac-45d4-9aff-06f4d4ad4a9a", + "name": "87fa7e60-7def-4b15-a49b-1f651cfee463:indexpattern-datasource-layer-93bb9ce5-6dc1-41ec-bff3-f8c606cab5c9", + "type": "index-pattern" + }, + { + "id": "ed7c1bb4-5aac-45d4-9aff-06f4d4ad4a9a", + "name": "ca6d3287-d16e-4e2f-9216-6140f4f2b4c1:indexpattern-datasource-layer-771df181-6280-4ee3-b215-d26003efa966", + "type": "index-pattern" + }, + { + "id": "ed7c1bb4-5aac-45d4-9aff-06f4d4ad4a9a", + "name": "3d731c15-8a40-45e3-bb29-f6aed782e586:indexpattern-datasource-layer-cbc12900-bf4a-46dd-b2a6-bd0477c82967", + "type": "index-pattern" + }, + { + "id": "tychon-e1c9c490-41a5-11ee-83e4-c92ed141b9e5-stig", + "name": "3d731c15-8a40-45e3-bb29-f6aed782e586:drilldown:DASHBOARD_TO_DASHBOARD_DRILLDOWN:3c0dfe4d-c571-4127-ba6c-7362042cf2e2:dashboardId", + "type": "dashboard" + }, + { + "id": "df491fbb-3f09-4ab0-995a-c2c549a9bc21", + "name": "5bf2f4f8-4744-4f94-b99d-69b88ff226d1:indexpattern-datasource-layer-0e956b5d-4b99-4efc-98a3-8b5ad23c4cab", + "type": "index-pattern" + }, + { + "id": "ed7c1bb4-5aac-45d4-9aff-06f4d4ad4a9a", + "name": "100e003c-689d-4ccb-a36e-3a61c8aa1f37:indexpattern-datasource-layer-531949cb-8d36-4358-b503-c470db2357b8", + "type": "index-pattern" + }, + { + "id": "ed7c1bb4-5aac-45d4-9aff-06f4d4ad4a9a", + "name": "100e003c-689d-4ccb-a36e-3a61c8aa1f37:68fe6bfd-8554-40ce-9803-f0fa1fa5f047", + "type": "index-pattern" + }, + { + "id": "7d972a32-d117-4963-a7bf-58fc65fb1ee8", + "name": "e9b5a9c0-5358-43e6-bcf3-ca3dbfe6ee60:indexpattern-datasource-layer-324940c5-7336-4d83-afd8-f132999ad21d", + "type": "index-pattern" + }, + { + "id": "7d972a32-d117-4963-a7bf-58fc65fb1ee8", + "name": "e9b5a9c0-5358-43e6-bcf3-ca3dbfe6ee60:de7d5fcd-69c9-489a-ad14-e43451dc3eaa", + "type": "index-pattern" + }, + { + "id": "7d972a32-d117-4963-a7bf-58fc65fb1ee8", + "name": "e9b5a9c0-5358-43e6-bcf3-ca3dbfe6ee60:82886999-a1d2-44ca-9355-6473b13151a2", + "type": "index-pattern" + }, + { + "id": "ed7c1bb4-5aac-45d4-9aff-06f4d4ad4a9a", + "name": "0259e2ee-6cce-430e-8e87-d57537a418f0:indexpattern-datasource-layer-159bfab9-7c23-4970-a3b5-5fbfe799e5f4", + "type": "index-pattern" + }, + { + "id": "ed7c1bb4-5aac-45d4-9aff-06f4d4ad4a9a", + "name": "controlGroup_49a66ed0-406a-4bd8-b21b-965eb1f497f9:optionsListDataView", + "type": "index-pattern" + }, + { + "id": "ed7c1bb4-5aac-45d4-9aff-06f4d4ad4a9a", + "name": "controlGroup_dbbeb350-d58e-4ea2-8079-2b9d4478974f:optionsListDataView", + "type": "index-pattern" + }, + { + "id": "ed7c1bb4-5aac-45d4-9aff-06f4d4ad4a9a", + "name": "controlGroup_44a753fb-4299-48af-b65f-ebb50e7a8c3b:optionsListDataView", + "type": "index-pattern" + }, + { + "id": "ed7c1bb4-5aac-45d4-9aff-06f4d4ad4a9a", + "name": "controlGroup_ac743466-b33c-422d-a482-e9a04f6351ca:optionsListDataView", + "type": "index-pattern" + }, + { + "id": "tychon-5a3ae0c0-3dbf-11ee-9610-15dee918f31a", + "name": "tag-ref-tychon-5a3ae0c0-3dbf-11ee-9610-15dee918f31a", + "type": "tag" + }, + { + "id": "tychon-10af3800-10f3-11ee-af86-538da1394f27", + "name": "tag-ref-tychon-10af3800-10f3-11ee-af86-538da1394f27", + "type": "tag" + }, + { + "id": "tychon-579051b0-10f2-11ee-af86-538da1394f27", + "name": "tag-ref-tychon-579051b0-10f2-11ee-af86-538da1394f27", + "type": "tag" + }, + { + "id": "tychon-39b55820-10f2-11ee-af86-538da1394f27", + "name": "tag-ref-tychon-39b55820-10f2-11ee-af86-538da1394f27", + "type": "tag" + } + ], + "type": "dashboard", + "typeMigrationVersion": "8.7.0", + "updated_at": "2023-08-31T11:43:43.382Z", + "version": "WzM0MDEsNF0=" +} \ No newline at end of file diff --git a/packages/tychon/kibana/dashboard/tychon-0c036be0-3de5-11ee-9610-15dee918f31a-exposedservice.json b/packages/tychon/kibana/dashboard/tychon-0c036be0-3de5-11ee-9610-15dee918f31a-exposedservice.json new file mode 100644 index 00000000000..648f4ef5f5d --- /dev/null +++ b/packages/tychon/kibana/dashboard/tychon-0c036be0-3de5-11ee-9610-15dee918f31a-exposedservice.json @@ -0,0 +1,106 @@ +{ + "attributes": { + "controlGroupInput": { + "chainingSystem": "HIERARCHICAL", + "controlStyle": "oneLine", + "ignoreParentSettingsJSON": "{\"ignoreFilters\":false,\"ignoreQuery\":false,\"ignoreTimerange\":false,\"ignoreValidations\":false}", + "panelsJSON": "{\"b1548c53-ca3d-47b3-bc05-664ddc1e045a\":{\"order\":0,\"width\":\"large\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"host.hostname\",\"title\":\"Hostname\",\"singleSelect\":true,\"hideExclude\":true,\"hideExists\":true,\"id\":\"b1548c53-ca3d-47b3-bc05-664ddc1e045a\",\"enhancements\":{},\"selectedOptions\":[]}}}" + }, + "description": "The \"TYCHON Endpoint Browser\" dashboard provides host visualization data for a single endpoint at a time. The dashboard is a set of several individual views broken down by tabs near the top of the screen. The TYCHON Endpoint Browser – Services and Ports view displays all Services found on hosts, as well as listening ports and ARP Tables.", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "optionsJSON": "{\"useMargins\":true,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}", + "panelsJSON": "[{\"version\":\"8.6.2\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":48,\"h\":3,\"i\":\"7ce4caed-f1dc-4d52-934f-bf01a1c79c50\"},\"panelIndex\":\"7ce4caed-f1dc-4d52-934f-bf01a1c79c50\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_7ce4caed-f1dc-4d52-934f-bf01a1c79c50\"},{\"version\":\"8.6.2\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":3,\"w\":16,\"h\":5,\"i\":\"79df6d59-56ab-4ee3-addd-87cd507061e9\"},\"panelIndex\":\"79df6d59-56ab-4ee3-addd-87cd507061e9\",\"embeddableConfig\":{\"savedVis\":{\"id\":\"\",\"title\":\"\",\"description\":\"\",\"type\":\"markdown\",\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"### Services and Ports\\nTYCHON reports what ports are open at the time of the check. It records what process and command was used to open the port and correlates that process if it was started as a service.\"},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"hidePanelTitles\":true,\"enhancements\":{}}},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":16,\"y\":3,\"w\":32,\"h\":51,\"i\":\"90112a9f-2161-4263-bc42-8af46aeb05e4\"},\"panelIndex\":\"90112a9f-2161-4263-bc42-8af46aeb05e4\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"c6b645d3-dd29-43f2-b831-49e29ffd5b6c\",\"name\":\"indexpattern-datasource-layer-9a26db3f-b1d3-4fb3-8b88-91eec3c3bac6\"}],\"state\":{\"visualization\":{\"columns\":[{\"isTransposed\":false,\"columnId\":\"f0f0e83f-7af8-46e0-8e52-bfb7c6a96968\",\"width\":259.0666666666667},{\"isTransposed\":false,\"columnId\":\"8816caf5-40ad-44a7-8196-f8d2c3ca0edf\",\"hidden\":true},{\"columnId\":\"66204765-468d-419c-9ea9-d073900e559f\",\"isTransposed\":false,\"alignment\":\"center\",\"width\":110.39999999999998},{\"columnId\":\"6ec1bb1d-7e6e-4b12-ab95-bcec881d02fc\",\"isTransposed\":false},{\"columnId\":\"bfbad6ce-a8e2-4f07-96e3-f2e0ee3de92d\",\"isTransposed\":false,\"alignment\":\"center\",\"width\":169.39999999999998},{\"columnId\":\"8d7e5159-9321-4909-b291-9d44a246e217\",\"isTransposed\":false,\"width\":413.5666666666666},{\"columnId\":\"70ec6dba-dbad-4f8c-81a9-b7f5c094e641\",\"isTransposed\":false},{\"columnId\":\"baacc6bf-fc31-430c-b112-2ba01c97aa21\",\"isTransposed\":false,\"alignment\":\"center\"},{\"columnId\":\"7bcc4134-d33c-44a4-aa9f-cc143f006e31\",\"isTransposed\":false,\"alignment\":\"center\"},{\"columnId\":\"1738b58d-80b9-4562-98ef-316a0319e8d1\",\"isTransposed\":false}],\"layerId\":\"9a26db3f-b1d3-4fb3-8b88-91eec3c3bac6\",\"layerType\":\"data\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"9a26db3f-b1d3-4fb3-8b88-91eec3c3bac6\":{\"columns\":{\"f0f0e83f-7af8-46e0-8e52-bfb7c6a96968\":{\"label\":\"Service Name\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"service.name\",\"isBucketed\":true,\"params\":{\"size\":150,\"orderBy\":{\"type\":\"column\",\"columnId\":\"7bcc4134-d33c-44a4-aa9f-cc143f006e31\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"8816caf5-40ad-44a7-8196-f8d2c3ca0edf\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true}},\"66204765-468d-419c-9ea9-d073900e559f\":{\"label\":\"Protocol\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"network.transport\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"8816caf5-40ad-44a7-8196-f8d2c3ca0edf\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"6ec1bb1d-7e6e-4b12-ab95-bcec881d02fc\":{\"label\":\"Command Line Used\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"process.command_line\",\"isBucketed\":true,\"params\":{\"size\":10,\"orderBy\":{\"type\":\"column\",\"columnId\":\"8816caf5-40ad-44a7-8196-f8d2c3ca0edf\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"bfbad6ce-a8e2-4f07-96e3-f2e0ee3de92d\":{\"label\":\"Port Number\",\"dataType\":\"number\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"source.port\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"8816caf5-40ad-44a7-8196-f8d2c3ca0edf\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"8d7e5159-9321-4909-b291-9d44a246e217\":{\"label\":\"User\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"process.user.name\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"8816caf5-40ad-44a7-8196-f8d2c3ca0edf\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"70ec6dba-dbad-4f8c-81a9-b7f5c094e641\":{\"label\":\"Service Description\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"service.description\",\"isBucketed\":true,\"params\":{\"size\":1,\"orderBy\":{\"type\":\"column\",\"columnId\":\"8816caf5-40ad-44a7-8196-f8d2c3ca0edf\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"baacc6bf-fc31-430c-b112-2ba01c97aa21\":{\"label\":\"Last State\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"service.state\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"8816caf5-40ad-44a7-8196-f8d2c3ca0edf\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"7bcc4134-d33c-44a4-aa9f-cc143f006e31\":{\"label\":\"Last Seen\",\"dataType\":\"date\",\"operationType\":\"last_value\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"@timestamp\",\"filter\":{\"query\":\"@timestamp: *\",\"language\":\"kuery\"},\"params\":{\"sortField\":\"@timestamp\"},\"customLabel\":true},\"1738b58d-80b9-4562-98ef-316a0319e8d1\":{\"label\":\"Process Name\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"process.name\",\"isBucketed\":true,\"params\":{\"size\":100,\"orderBy\":{\"type\":\"column\",\"columnId\":\"7bcc4134-d33c-44a4-aa9f-cc143f006e31\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true}},\"columnOrder\":[\"1738b58d-80b9-4562-98ef-316a0319e8d1\",\"f0f0e83f-7af8-46e0-8e52-bfb7c6a96968\",\"70ec6dba-dbad-4f8c-81a9-b7f5c094e641\",\"bfbad6ce-a8e2-4f07-96e3-f2e0ee3de92d\",\"66204765-468d-419c-9ea9-d073900e559f\",\"6ec1bb1d-7e6e-4b12-ab95-bcec881d02fc\",\"8d7e5159-9321-4909-b291-9d44a246e217\",\"baacc6bf-fc31-430c-b112-2ba01c97aa21\",\"8816caf5-40ad-44a7-8196-f8d2c3ca0edf\",\"7bcc4134-d33c-44a4-aa9f-cc143f006e31\"],\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{},\"hidePanelTitles\":false},\"title\":\"Listening Ports\"},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":8,\"w\":8,\"h\":8,\"i\":\"d43241be-bffb-4076-9153-27424a7c9154\"},\"panelIndex\":\"d43241be-bffb-4076-9153-27424a7c9154\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsLegacyMetric\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"c6b645d3-dd29-43f2-b831-49e29ffd5b6c\",\"name\":\"indexpattern-datasource-layer-dd4e1981-717a-4e31-a959-c13317ad6f77\"}],\"state\":{\"visualization\":{\"layerId\":\"dd4e1981-717a-4e31-a959-c13317ad6f77\",\"accessor\":\"ff8cf41e-40d1-4bf9-a828-aa521b19ea54\",\"layerType\":\"data\",\"titlePosition\":\"bottom\",\"textAlign\":\"center\",\"size\":\"l\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"dd4e1981-717a-4e31-a959-c13317ad6f77\":{\"columns\":{\"ff8cf41e-40d1-4bf9-a828-aa521b19ea54\":{\"label\":\"Total Unique Listening Ports\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"source.port\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":false},\"customLabel\":true}},\"columnOrder\":[\"ff8cf41e-40d1-4bf9-a828-aa521b19ea54\"],\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":true,\"enhancements\":{}}},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":8,\"y\":8,\"w\":8,\"h\":8,\"i\":\"39d605bd-cd52-4e81-90fc-15dde8a50450\"},\"panelIndex\":\"39d605bd-cd52-4e81-90fc-15dde8a50450\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsLegacyMetric\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"c6b645d3-dd29-43f2-b831-49e29ffd5b6c\",\"name\":\"indexpattern-datasource-layer-4bcc97dc-80c1-4c57-9a0c-aacd0a6a6be1\"}],\"state\":{\"visualization\":{\"layerId\":\"4bcc97dc-80c1-4c57-9a0c-aacd0a6a6be1\",\"accessor\":\"216dce16-7856-405d-8c0d-92246e7c3511\",\"layerType\":\"data\",\"size\":\"l\",\"textAlign\":\"center\",\"titlePosition\":\"bottom\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"4bcc97dc-80c1-4c57-9a0c-aacd0a6a6be1\":{\"columns\":{\"216dce16-7856-405d-8c0d-92246e7c3511\":{\"label\":\"Total Unique Processes Hosting Ports\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"process.hash.sha1\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":false},\"customLabel\":true}},\"columnOrder\":[\"216dce16-7856-405d-8c0d-92246e7c3511\"],\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":true,\"enhancements\":{}}},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":16,\"w\":8,\"h\":8,\"i\":\"fd1293f8-ebe9-460f-81ab-a4ada0b42050\"},\"panelIndex\":\"fd1293f8-ebe9-460f-81ab-a4ada0b42050\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsLegacyMetric\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"c6b645d3-dd29-43f2-b831-49e29ffd5b6c\",\"name\":\"indexpattern-datasource-layer-dd4e1981-717a-4e31-a959-c13317ad6f77\"}],\"state\":{\"visualization\":{\"layerId\":\"dd4e1981-717a-4e31-a959-c13317ad6f77\",\"accessor\":\"ff8cf41e-40d1-4bf9-a828-aa521b19ea54\",\"layerType\":\"data\",\"titlePosition\":\"bottom\",\"textAlign\":\"center\",\"size\":\"l\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"dd4e1981-717a-4e31-a959-c13317ad6f77\":{\"columns\":{\"ff8cf41e-40d1-4bf9-a828-aa521b19ea54\":{\"label\":\"Total Unique Users Hosting Ports\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"process.user.name\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":false},\"customLabel\":true}},\"columnOrder\":[\"ff8cf41e-40d1-4bf9-a828-aa521b19ea54\"],\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{},\"hidePanelTitles\":true}},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":8,\"y\":16,\"w\":8,\"h\":8,\"i\":\"9c36f7cb-cd04-43e3-80c7-8ec29e797343\"},\"panelIndex\":\"9c36f7cb-cd04-43e3-80c7-8ec29e797343\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsLegacyMetric\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"c6b645d3-dd29-43f2-b831-49e29ffd5b6c\",\"name\":\"indexpattern-datasource-layer-dd4e1981-717a-4e31-a959-c13317ad6f77\"}],\"state\":{\"visualization\":{\"layerId\":\"dd4e1981-717a-4e31-a959-c13317ad6f77\",\"accessor\":\"ff8cf41e-40d1-4bf9-a828-aa521b19ea54\",\"layerType\":\"data\",\"titlePosition\":\"bottom\",\"textAlign\":\"center\",\"size\":\"l\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"dd4e1981-717a-4e31-a959-c13317ad6f77\":{\"columns\":{\"ff8cf41e-40d1-4bf9-a828-aa521b19ea54\":{\"label\":\"Total Unique Services Hosting Ports\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"service.name\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":false},\"customLabel\":true}},\"columnOrder\":[\"ff8cf41e-40d1-4bf9-a828-aa521b19ea54\"],\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{},\"hidePanelTitles\":true}},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":24,\"w\":16,\"h\":30,\"i\":\"4c945e75-db31-435b-b558-76d8cf5b391c\"},\"panelIndex\":\"4c945e75-db31-435b-b558-76d8cf5b391c\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"8532a0b4-2a02-4dfa-b6aa-aabe01125b61\",\"name\":\"indexpattern-datasource-layer-f5451e54-90d4-4c69-a6a9-c600ac385e14\"}],\"state\":{\"visualization\":{\"layerId\":\"f5451e54-90d4-4c69-a6a9-c600ac385e14\",\"layerType\":\"data\",\"columns\":[{\"columnId\":\"6b3d57ed-b00b-44ac-a81e-d944444689bb\"},{\"columnId\":\"5a004af6-8051-49f8-9cd3-76e2fef40ee1\",\"isTransposed\":false},{\"columnId\":\"92d6eed0-f933-4ac5-bdf6-6c7baf36f8fa\",\"isTransposed\":false,\"alignment\":\"center\"},{\"columnId\":\"304d888e-452b-4c1c-8433-f9bf5ccc9483\",\"isTransposed\":false}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"f5451e54-90d4-4c69-a6a9-c600ac385e14\":{\"columns\":{\"6b3d57ed-b00b-44ac-a81e-d944444689bb\":{\"label\":\"IP Address\",\"dataType\":\"ip\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"destination.ip\",\"isBucketed\":true,\"params\":{\"size\":100,\"orderBy\":{\"type\":\"column\",\"columnId\":\"92d6eed0-f933-4ac5-bdf6-6c7baf36f8fa\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"5a004af6-8051-49f8-9cd3-76e2fef40ee1\":{\"label\":\"MAC\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"destination.mac\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"92d6eed0-f933-4ac5-bdf6-6c7baf36f8fa\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"92d6eed0-f933-4ac5-bdf6-6c7baf36f8fa\":{\"label\":\"Last Seen\",\"dataType\":\"date\",\"operationType\":\"last_value\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"event.ingested\",\"filter\":{\"query\":\"event.ingested: *\",\"language\":\"kuery\"},\"params\":{\"sortField\":\"@timestamp\"},\"customLabel\":true},\"304d888e-452b-4c1c-8433-f9bf5ccc9483\":{\"label\":\"Hostname\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"destination.hostname\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"92d6eed0-f933-4ac5-bdf6-6c7baf36f8fa\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true}},\"columnOrder\":[\"6b3d57ed-b00b-44ac-a81e-d944444689bb\",\"5a004af6-8051-49f8-9cd3-76e2fef40ee1\",\"304d888e-452b-4c1c-8433-f9bf5ccc9483\",\"92d6eed0-f933-4ac5-bdf6-6c7baf36f8fa\"],\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Arp History\"}]", + "refreshInterval": { + "pause": true, + "value": 0 + }, + "timeFrom": "now-24h/h", + "timeRestore": true, + "timeTo": "now", + "title": "[TYCHON] Endpoint Browser - Services and Ports", + "version": 1 + }, + "coreMigrationVersion": "8.6.2", + "created_at": "2023-08-23T20:49:39.888Z", + "id": "tychon-0c036be0-3de5-11ee-9610-15dee918f31a-exposedservice", + "migrationVersion": { + "dashboard": "8.6.0" + }, + "references": [ + { + "id": "tychon-ee4b44b0-40e6-11ee-8111-21f5f34f6dfc", + "name": "7ce4caed-f1dc-4d52-934f-bf01a1c79c50:panel_7ce4caed-f1dc-4d52-934f-bf01a1c79c50", + "type": "visualization" + }, + { + "id": "c6b645d3-dd29-43f2-b831-49e29ffd5b6c", + "name": "90112a9f-2161-4263-bc42-8af46aeb05e4:indexpattern-datasource-layer-9a26db3f-b1d3-4fb3-8b88-91eec3c3bac6", + "type": "index-pattern" + }, + { + "id": "c6b645d3-dd29-43f2-b831-49e29ffd5b6c", + "name": "d43241be-bffb-4076-9153-27424a7c9154:indexpattern-datasource-layer-dd4e1981-717a-4e31-a959-c13317ad6f77", + "type": "index-pattern" + }, + { + "id": "c6b645d3-dd29-43f2-b831-49e29ffd5b6c", + "name": "39d605bd-cd52-4e81-90fc-15dde8a50450:indexpattern-datasource-layer-4bcc97dc-80c1-4c57-9a0c-aacd0a6a6be1", + "type": "index-pattern" + }, + { + "id": "c6b645d3-dd29-43f2-b831-49e29ffd5b6c", + "name": "fd1293f8-ebe9-460f-81ab-a4ada0b42050:indexpattern-datasource-layer-dd4e1981-717a-4e31-a959-c13317ad6f77", + "type": "index-pattern" + }, + { + "id": "c6b645d3-dd29-43f2-b831-49e29ffd5b6c", + "name": "9c36f7cb-cd04-43e3-80c7-8ec29e797343:indexpattern-datasource-layer-dd4e1981-717a-4e31-a959-c13317ad6f77", + "type": "index-pattern" + }, + { + "id": "8532a0b4-2a02-4dfa-b6aa-aabe01125b61", + "name": "4c945e75-db31-435b-b558-76d8cf5b391c:indexpattern-datasource-layer-f5451e54-90d4-4c69-a6a9-c600ac385e14", + "type": "index-pattern" + }, + { + "id": "bb5226cd-c099-46d2-bb71-0257232c7d82", + "name": "controlGroup_b1548c53-ca3d-47b3-bc05-664ddc1e045a:optionsListDataView", + "type": "index-pattern" + }, + { + "id": "c957d710-3d4c-11ee-9610-15dee918f31a", + "name": "tag-ref-c957d710-3d4c-11ee-9610-15dee918f31a", + "type": "tag" + }, + { + "id": "a3922360-3de6-11ee-9610-15dee918f31a", + "name": "tag-ref-a3922360-3de6-11ee-9610-15dee918f31a", + "type": "tag" + }, + { + "id": "026431f0-3de5-11ee-9610-15dee918f31a", + "name": "tag-ref-026431f0-3de5-11ee-9610-15dee918f31a", + "type": "tag" + }, + { + "id": "e2bb7d40-3de4-11ee-9610-15dee918f31a", + "name": "tag-ref-e2bb7d40-3de4-11ee-9610-15dee918f31a", + "type": "tag" + }, + { + "id": "10af3800-10f3-11ee-af86-538da1394f27", + "name": "tag-ref-10af3800-10f3-11ee-af86-538da1394f27", + "type": "tag" + }, + { + "id": "e18d6100-3c85-11ee-9610-15dee918f31a", + "name": "tag-ref-e18d6100-3c85-11ee-9610-15dee918f31a", + "type": "tag" + } + ], + "type": "dashboard", + "updated_at": "2023-08-23T20:49:39.888Z", + "version": "WzgyMTMzMiwyMl0=" +} \ No newline at end of file diff --git a/packages/tychon/kibana/dashboard/tychon-19325010-4597-11ee-83e4-c92ed141b9e5-hardware.json b/packages/tychon/kibana/dashboard/tychon-19325010-4597-11ee-83e4-c92ed141b9e5-hardware.json new file mode 100644 index 00000000000..d9bc571261d --- /dev/null +++ b/packages/tychon/kibana/dashboard/tychon-19325010-4597-11ee-83e4-c92ed141b9e5-hardware.json @@ -0,0 +1,95 @@ +{ + "attributes": { + "description": "TYCHON Collects information about all the hardware attached to a device and centrally reports them for device identification and alerting.", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "optionsJSON": "{\"useMargins\":true,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}", + "panelsJSON": "[{\"version\":\"8.6.2\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":7,\"h\":9,\"i\":\"17c7be63-f9af-43b2-b072-46419958ea46\"},\"panelIndex\":\"17c7be63-f9af-43b2-b072-46419958ea46\",\"embeddableConfig\":{\"savedVis\":{\"id\":\"\",\"title\":\"\",\"description\":\"\",\"type\":\"markdown\",\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"### Hardware\\nTYCHON collects information about all the hardware attached to a device, this is a running configuration which means devices will update on each execution of its check.\"},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"hidePanelTitles\":true,\"enhancements\":{}}},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":7,\"y\":0,\"w\":6,\"h\":9,\"i\":\"7ba08a47-401e-4d22-a992-9c49fc569971\"},\"panelIndex\":\"7ba08a47-401e-4d22-a992-9c49fc569971\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsLegacyMetric\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"a57870ef-07d8-4d12-a067-8c66eefd10ca\",\"name\":\"indexpattern-datasource-layer-a1cda907-11f0-4670-aa5e-e3e30f1d24e9\"}],\"state\":{\"visualization\":{\"layerId\":\"a1cda907-11f0-4670-aa5e-e3e30f1d24e9\",\"accessor\":\"fc348028-9e09-4cd5-940b-ef83d2359eed\",\"layerType\":\"data\",\"size\":\"xl\",\"textAlign\":\"center\",\"titlePosition\":\"bottom\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"a1cda907-11f0-4670-aa5e-e3e30f1d24e9\":{\"columns\":{\"fc348028-9e09-4cd5-940b-ef83d2359eed\":{\"label\":\"Total Number of Devices\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true},\"customLabel\":true}},\"columnOrder\":[\"fc348028-9e09-4cd5-940b-ef83d2359eed\"],\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":true,\"enhancements\":{}}},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":13,\"y\":0,\"w\":5,\"h\":9,\"i\":\"2e2bf3e3-dff8-43f1-a238-14c583057748\"},\"panelIndex\":\"2e2bf3e3-dff8-43f1-a238-14c583057748\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsMetric\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"a57870ef-07d8-4d12-a067-8c66eefd10ca\",\"name\":\"indexpattern-datasource-layer-180f9fce-b975-42dc-b910-16129cc7ce18\"}],\"state\":{\"visualization\":{\"layerId\":\"180f9fce-b975-42dc-b910-16129cc7ce18\",\"layerType\":\"data\",\"metricAccessor\":\"11470769-8f79-4e86-82ee-4ca06d1d68b9\",\"maxAccessor\":\"a1bf5eb6-4030-44c9-9be1-f817716c0c81\",\"showBar\":true},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"180f9fce-b975-42dc-b910-16129cc7ce18\":{\"columns\":{\"11470769-8f79-4e86-82ee-4ca06d1d68b9\":{\"label\":\"Total Missing\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"filter\":{\"query\":\"device.present : false \",\"language\":\"kuery\"},\"params\":{\"emptyAsNull\":false},\"customLabel\":true},\"a1bf5eb6-4030-44c9-9be1-f817716c0c81\":{\"label\":\"Total Devices\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true},\"customLabel\":true}},\"columnOrder\":[\"11470769-8f79-4e86-82ee-4ca06d1d68b9\",\"a1bf5eb6-4030-44c9-9be1-f817716c0c81\"],\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":true,\"enhancements\":{}}},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":18,\"y\":0,\"w\":30,\"h\":9,\"i\":\"c113e347-dd42-4bc1-9aef-335a839532a6\"},\"panelIndex\":\"c113e347-dd42-4bc1-9aef-335a839532a6\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"df491fbb-3f09-4ab0-995a-c2c549a9bc21\",\"name\":\"indexpattern-datasource-layer-98992589-ad15-4ced-9b63-1024a02e5ffc\"}],\"state\":{\"visualization\":{\"title\":\"Empty XY chart\",\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"valueLabels\":\"hide\",\"preferredSeriesType\":\"area\",\"layers\":[{\"layerId\":\"98992589-ad15-4ced-9b63-1024a02e5ffc\",\"accessors\":[\"65039f2f-1a79-47a9-8bce-bc7973880d19\"],\"position\":\"top\",\"seriesType\":\"area\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"6cf9b997-b221-4440-b5eb-2e5ca62085c6\",\"yConfig\":[{\"forAccessor\":\"65039f2f-1a79-47a9-8bce-bc7973880d19\",\"color\":\"#6092c0\"}]}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"98992589-ad15-4ced-9b63-1024a02e5ffc\":{\"columns\":{\"6cf9b997-b221-4440-b5eb-2e5ca62085c6\":{\"label\":\"@timestamp\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"@timestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\",\"includeEmptyRows\":true,\"dropPartials\":false}},\"65039f2f-1a79-47a9-8bce-bc7973880d19\":{\"label\":\"Completed\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"filter\":{\"query\":\"event.provider : \\\"TYCHON\\\" and event.code: 8572 \",\"language\":\"kuery\"},\"params\":{\"emptyAsNull\":true},\"customLabel\":true}},\"columnOrder\":[\"6cf9b997-b221-4440-b5eb-2e5ca62085c6\",\"65039f2f-1a79-47a9-8bce-bc7973880d19\"],\"sampling\":1,\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Hardware Check Runs\"},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":9,\"w\":9,\"h\":32,\"i\":\"dddc033e-26c8-4d25-8eaf-7a71e4ede5d1\"},\"panelIndex\":\"dddc033e-26c8-4d25-8eaf-7a71e4ede5d1\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"a57870ef-07d8-4d12-a067-8c66eefd10ca\",\"name\":\"indexpattern-datasource-layer-de0ffd5a-a84b-408a-8918-277dff49c8b3\"}],\"state\":{\"visualization\":{\"columns\":[{\"isTransposed\":false,\"columnId\":\"365f3728-0ff7-4aa1-b698-5c0f73e18885\"},{\"isTransposed\":false,\"columnId\":\"a2dd15c9-029c-45c5-9ffc-2128d8339b73\"}],\"layerId\":\"de0ffd5a-a84b-408a-8918-277dff49c8b3\",\"layerType\":\"data\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"de0ffd5a-a84b-408a-8918-277dff49c8b3\":{\"columns\":{\"365f3728-0ff7-4aa1-b698-5c0f73e18885\":{\"label\":\"Class Name\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"device.class\",\"isBucketed\":true,\"params\":{\"size\":100,\"orderBy\":{\"type\":\"column\",\"columnId\":\"a2dd15c9-029c-45c5-9ffc-2128d8339b73\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"a2dd15c9-029c-45c5-9ffc-2128d8339b73\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true}}},\"columnOrder\":[\"365f3728-0ff7-4aa1-b698-5c0f73e18885\",\"a2dd15c9-029c-45c5-9ffc-2128d8339b73\"],\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Device Class\"},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":9,\"y\":9,\"w\":17,\"h\":32,\"i\":\"c8b42e5a-83d8-4825-a492-da98c13a1a08\"},\"panelIndex\":\"c8b42e5a-83d8-4825-a492-da98c13a1a08\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"a57870ef-07d8-4d12-a067-8c66eefd10ca\",\"name\":\"indexpattern-datasource-layer-34a2436c-07dc-498a-be40-8cb262419c05\"}],\"state\":{\"visualization\":{\"columns\":[{\"isTransposed\":false,\"columnId\":\"a95f71cb-2e47-4697-bf7e-85ad057c2d40\"},{\"isTransposed\":false,\"columnId\":\"81d20c1a-4966-49ba-b8f7-8bd498efe960\"}],\"layerId\":\"34a2436c-07dc-498a-be40-8cb262419c05\",\"layerType\":\"data\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"34a2436c-07dc-498a-be40-8cb262419c05\":{\"columns\":{\"a95f71cb-2e47-4697-bf7e-85ad057c2d40\":{\"label\":\"Device Name\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"device.name\",\"isBucketed\":true,\"params\":{\"size\":150,\"orderBy\":{\"type\":\"column\",\"columnId\":\"81d20c1a-4966-49ba-b8f7-8bd498efe960\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"81d20c1a-4966-49ba-b8f7-8bd498efe960\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true}}},\"columnOrder\":[\"a95f71cb-2e47-4697-bf7e-85ad057c2d40\",\"81d20c1a-4966-49ba-b8f7-8bd498efe960\"],\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Device List\"},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":26,\"y\":9,\"w\":22,\"h\":32,\"i\":\"4ac216eb-8bcc-494f-9b81-a9fe59ae81ab\"},\"panelIndex\":\"4ac216eb-8bcc-494f-9b81-a9fe59ae81ab\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"a57870ef-07d8-4d12-a067-8c66eefd10ca\",\"name\":\"indexpattern-datasource-layer-ac03e011-a4b2-4b4d-aa4a-cd03927d0caa\"}],\"state\":{\"visualization\":{\"layerId\":\"ac03e011-a4b2-4b4d-aa4a-cd03927d0caa\",\"layerType\":\"data\",\"columns\":[{\"isTransposed\":false,\"columnId\":\"620db13d-b1cc-43ca-9c44-3ebce5134c4b\"},{\"columnId\":\"4ef80e17-b12d-4590-b3d6-ea41e57bb312\"},{\"columnId\":\"598c6951-5020-415f-a8a8-db6f45a2b048\",\"isTransposed\":false,\"oneClickFilter\":true},{\"columnId\":\"28411865-706a-414c-b332-07d027efcd8d\",\"isTransposed\":false}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"ac03e011-a4b2-4b4d-aa4a-cd03927d0caa\":{\"columns\":{\"620db13d-b1cc-43ca-9c44-3ebce5134c4b\":{\"label\":\"IP\",\"dataType\":\"ip\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.ip\",\"isBucketed\":true,\"params\":{\"size\":1,\"orderBy\":{\"type\":\"alphabetical\",\"fallback\":false},\"orderDirection\":\"asc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"4ef80e17-b12d-4590-b3d6-ea41e57bb312\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true}},\"598c6951-5020-415f-a8a8-db6f45a2b048\":{\"label\":\"Hostname\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.name\",\"isBucketed\":true,\"params\":{\"size\":100,\"orderBy\":{\"type\":\"column\",\"columnId\":\"4ef80e17-b12d-4590-b3d6-ea41e57bb312\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"28411865-706a-414c-b332-07d027efcd8d\":{\"label\":\"Domain\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.domain\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"4ef80e17-b12d-4590-b3d6-ea41e57bb312\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true}},\"columnOrder\":[\"598c6951-5020-415f-a8a8-db6f45a2b048\",\"620db13d-b1cc-43ca-9c44-3ebce5134c4b\",\"28411865-706a-414c-b332-07d027efcd8d\",\"4ef80e17-b12d-4590-b3d6-ea41e57bb312\"],\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{\"dynamicActions\":{\"events\":[{\"eventId\":\"90abb6a6-a494-4eb6-a02d-c2a1e8ee11a8\",\"triggers\":[\"FILTER_TRIGGER\"],\"action\":{\"factoryId\":\"DASHBOARD_TO_DASHBOARD_DRILLDOWN\",\"name\":\"Hardware Info in Endpoint Browser\",\"config\":{\"useCurrentFilters\":true,\"useCurrentDateRange\":true,\"openInNewTab\":false}}}]}}},\"title\":\"Top 100 Hosts\"},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":41,\"w\":26,\"h\":26,\"i\":\"0d51f28d-c2bd-4b50-ab4f-ffb355da70e6\"},\"panelIndex\":\"0d51f28d-c2bd-4b50-ab4f-ffb355da70e6\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsPie\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"a57870ef-07d8-4d12-a067-8c66eefd10ca\",\"name\":\"indexpattern-datasource-layer-81933fcc-92fd-4aff-a302-cb7b541a46d7\"}],\"state\":{\"visualization\":{\"shape\":\"donut\",\"layers\":[{\"layerId\":\"81933fcc-92fd-4aff-a302-cb7b541a46d7\",\"primaryGroups\":[\"f827526d-46e8-4209-8473-083bd58d1690\"],\"metrics\":[\"a8290c50-0d81-465f-b289-1d4f0b891052\"],\"numberDisplay\":\"percent\",\"categoryDisplay\":\"default\",\"legendDisplay\":\"show\",\"nestedLegend\":false,\"layerType\":\"data\",\"legendPosition\":\"top\",\"legendMaxLines\":2}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"81933fcc-92fd-4aff-a302-cb7b541a46d7\":{\"columns\":{\"f827526d-46e8-4209-8473-083bd58d1690\":{\"label\":\"Top 10 values of device.manufacturer\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"device.manufacturer\",\"isBucketed\":true,\"params\":{\"size\":10,\"orderBy\":{\"type\":\"column\",\"columnId\":\"a8290c50-0d81-465f-b289-1d4f0b891052\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false}},\"a8290c50-0d81-465f-b289-1d4f0b891052\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true}}},\"columnOrder\":[\"f827526d-46e8-4209-8473-083bd58d1690\",\"a8290c50-0d81-465f-b289-1d4f0b891052\"],\"sampling\":1,\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{}}},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":26,\"y\":41,\"w\":22,\"h\":26,\"i\":\"3c97fa95-19e7-468c-8f1e-b0c7792b4efd\"},\"panelIndex\":\"3c97fa95-19e7-468c-8f1e-b0c7792b4efd\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"a57870ef-07d8-4d12-a067-8c66eefd10ca\",\"name\":\"indexpattern-datasource-layer-b2e94ae9-2e1f-4a2f-b746-c80ae4d5f2d1\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"preferredSeriesType\":\"bar_horizontal\",\"layers\":[{\"layerId\":\"b2e94ae9-2e1f-4a2f-b746-c80ae4d5f2d1\",\"accessors\":[\"e4ac8fc3-809c-4fd0-aa94-e68a0a59a4a2\"],\"position\":\"top\",\"seriesType\":\"bar_horizontal\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"9385acc2-ff0d-4789-98d1-8da9ca6e54d9\",\"yConfig\":[{\"forAccessor\":\"e4ac8fc3-809c-4fd0-aa94-e68a0a59a4a2\",\"color\":\"#6092c0\"}]}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"b2e94ae9-2e1f-4a2f-b746-c80ae4d5f2d1\":{\"columns\":{\"9385acc2-ff0d-4789-98d1-8da9ca6e54d9\":{\"label\":\"Operating System\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.os.name\",\"isBucketed\":true,\"params\":{\"size\":10,\"orderBy\":{\"type\":\"column\",\"columnId\":\"e4ac8fc3-809c-4fd0-aa94-e68a0a59a4a2\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"e4ac8fc3-809c-4fd0-aa94-e68a0a59a4a2\":{\"label\":\"Total Endpoints\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"tychon.id\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":true},\"customLabel\":true}},\"columnOrder\":[\"9385acc2-ff0d-4789-98d1-8da9ca6e54d9\",\"e4ac8fc3-809c-4fd0-aa94-e68a0a59a4a2\"],\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{}}}]", + "refreshInterval": { + "pause": true, + "value": 0 + }, + "timeFrom": "now-30d/d", + "timeRestore": true, + "timeTo": "now", + "title": "[TYCHON] Hardware Inventory", + "version": 1 + }, + "coreMigrationVersion": "8.6.2", + "created_at": "2023-08-28T11:39:42.189Z", + "id": "tychon-19325010-4597-11ee-83e4-c92ed141b9e5-hardware", + "migrationVersion": { + "dashboard": "8.6.0" + }, + "references": [ + { + "id": "a57870ef-07d8-4d12-a067-8c66eefd10ca", + "name": "7ba08a47-401e-4d22-a992-9c49fc569971:indexpattern-datasource-layer-a1cda907-11f0-4670-aa5e-e3e30f1d24e9", + "type": "index-pattern" + }, + { + "id": "a57870ef-07d8-4d12-a067-8c66eefd10ca", + "name": "2e2bf3e3-dff8-43f1-a238-14c583057748:indexpattern-datasource-layer-180f9fce-b975-42dc-b910-16129cc7ce18", + "type": "index-pattern" + }, + { + "id": "df491fbb-3f09-4ab0-995a-c2c549a9bc21", + "name": "c113e347-dd42-4bc1-9aef-335a839532a6:indexpattern-datasource-layer-98992589-ad15-4ced-9b63-1024a02e5ffc", + "type": "index-pattern" + }, + { + "id": "a57870ef-07d8-4d12-a067-8c66eefd10ca", + "name": "dddc033e-26c8-4d25-8eaf-7a71e4ede5d1:indexpattern-datasource-layer-de0ffd5a-a84b-408a-8918-277dff49c8b3", + "type": "index-pattern" + }, + { + "id": "a57870ef-07d8-4d12-a067-8c66eefd10ca", + "name": "c8b42e5a-83d8-4825-a492-da98c13a1a08:indexpattern-datasource-layer-34a2436c-07dc-498a-be40-8cb262419c05", + "type": "index-pattern" + }, + { + "id": "a57870ef-07d8-4d12-a067-8c66eefd10ca", + "name": "4ac216eb-8bcc-494f-9b81-a9fe59ae81ab:indexpattern-datasource-layer-ac03e011-a4b2-4b4d-aa4a-cd03927d0caa", + "type": "index-pattern" + }, + { + "id": "tychon-993e07a0-3e02-11ee-9610-15dee918f31a-hardware", + "name": "4ac216eb-8bcc-494f-9b81-a9fe59ae81ab:drilldown:DASHBOARD_TO_DASHBOARD_DRILLDOWN:90abb6a6-a494-4eb6-a02d-c2a1e8ee11a8:dashboardId", + "type": "dashboard" + }, + { + "id": "a57870ef-07d8-4d12-a067-8c66eefd10ca", + "name": "0d51f28d-c2bd-4b50-ab4f-ffb355da70e6:indexpattern-datasource-layer-81933fcc-92fd-4aff-a302-cb7b541a46d7", + "type": "index-pattern" + }, + { + "id": "a57870ef-07d8-4d12-a067-8c66eefd10ca", + "name": "3c97fa95-19e7-468c-8f1e-b0c7792b4efd:indexpattern-datasource-layer-b2e94ae9-2e1f-4a2f-b746-c80ae4d5f2d1", + "type": "index-pattern" + }, + { + "id": "tychon-5a3ae0c0-3dbf-11ee-9610-15dee918f31a", + "name": "tag-ref-tychon-5a3ae0c0-3dbf-11ee-9610-15dee918f31a", + "type": "tag" + }, + { + "id": "tychon-7b7ab4c0-3e02-11ee-9610-15dee918f31a", + "name": "tag-ref-tychon-7b7ab4c0-3e02-11ee-9610-15dee918f31a", + "type": "tag" + }, + { + "id": "tychon-e18d6100-3c85-11ee-9610-15dee918f31a", + "name": "tag-ref-tychon-e18d6100-3c85-11ee-9610-15dee918f31a", + "type": "tag" + }, + { + "id": "tychon-10af3800-10f3-11ee-af86-538da1394f27", + "name": "tag-ref-tychon-10af3800-10f3-11ee-af86-538da1394f27", + "type": "tag" + } + ], + "type": "dashboard", + "updated_at": "2023-08-28T11:39:42.189Z", + "version": "Wzg5NjcxNywyMl0=" +} \ No newline at end of file diff --git a/packages/tychon/kibana/dashboard/tychon-1af57010-41b6-11ee-83e4-c92ed141b9e5-networkadapter.json b/packages/tychon/kibana/dashboard/tychon-1af57010-41b6-11ee-83e4-c92ed141b9e5-networkadapter.json new file mode 100644 index 00000000000..fbf2fcc9447 --- /dev/null +++ b/packages/tychon/kibana/dashboard/tychon-1af57010-41b6-11ee-83e4-c92ed141b9e5-networkadapter.json @@ -0,0 +1,91 @@ +{ + "attributes": { + "controlGroupInput": { + "chainingSystem": "HIERARCHICAL", + "controlStyle": "oneLine", + "ignoreParentSettingsJSON": "{\"ignoreFilters\":false,\"ignoreQuery\":false,\"ignoreTimerange\":false,\"ignoreValidations\":false}", + "panelsJSON": "{\"a888c608-f4d6-4b9e-89e5-b23938eae614\":{\"order\":0,\"width\":\"large\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"title\":\"Hostname\",\"fieldName\":\"host.hostname\",\"singleSelect\":true,\"hideExclude\":true,\"hideExists\":true,\"id\":\"a888c608-f4d6-4b9e-89e5-b23938eae614\",\"enhancements\":{}}}}" + }, + "description": "The \"TYCHON Endpoint Browser\" dashboard provides host visualization data for a single endpoint at a time. The dashboard is a set of several individual views broken down by tabs near the top of the screen. The TYCHON Endpoint Browser – Network Cards view displays information about every physical and virtual network interface attached to the endpoint. TYCHON also captures wireless identification information, drivers, dhcp/wins server information, and more.", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "optionsJSON": "{\"useMargins\":true,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}", + "panelsJSON": "[{\"version\":\"8.6.2\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":48,\"h\":3,\"i\":\"89be3f45-0b62-42ac-83fa-2f2f7f9857cb\"},\"panelIndex\":\"89be3f45-0b62-42ac-83fa-2f2f7f9857cb\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_89be3f45-0b62-42ac-83fa-2f2f7f9857cb\"},{\"version\":\"8.6.2\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":3,\"w\":6,\"h\":11,\"i\":\"40b4e937-487e-44aa-86f1-dbc38e0c2278\"},\"panelIndex\":\"40b4e937-487e-44aa-86f1-dbc38e0c2278\",\"embeddableConfig\":{\"savedVis\":{\"id\":\"\",\"title\":\"\",\"description\":\"\",\"type\":\"markdown\",\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"### Network Adapters\\nTYCHON collects all the Network Adapters, virtual and physical, attached to a device. The endpoint will report on the driver it uses, as well as IP-based information for both IP versions 4 and 6. TYCHON will also report connected wireless information if a WIFI adapter is attached to the host.\"},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"hidePanelTitles\":true,\"enhancements\":{}}},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":6,\"y\":3,\"w\":5,\"h\":11,\"i\":\"084075d4-a371-4a99-9bf0-627c41cf8b53\"},\"panelIndex\":\"084075d4-a371-4a99-9bf0-627c41cf8b53\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsLegacyMetric\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"e886429e-9532-4f44-bb36-6465fe760866\",\"name\":\"indexpattern-datasource-layer-af5e1785-c716-4020-a4af-3349819785f8\"}],\"state\":{\"visualization\":{\"layerId\":\"af5e1785-c716-4020-a4af-3349819785f8\",\"accessor\":\"2d4e6a8a-eba5-49c6-a626-be25534c183d\",\"layerType\":\"data\",\"titlePosition\":\"bottom\",\"size\":\"xl\",\"textAlign\":\"center\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"af5e1785-c716-4020-a4af-3349819785f8\":{\"columns\":{\"2d4e6a8a-eba5-49c6-a626-be25534c183d\":{\"label\":\"Total Network Adapters\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"host.adapter.id\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":true},\"customLabel\":true}},\"columnOrder\":[\"2d4e6a8a-eba5-49c6-a626-be25534c183d\"],\"sampling\":1,\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":true,\"enhancements\":{}}},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":11,\"y\":3,\"w\":37,\"h\":11,\"i\":\"f9cc6faa-ea73-4da4-97ab-08f81e9cb3fe\"},\"panelIndex\":\"f9cc6faa-ea73-4da4-97ab-08f81e9cb3fe\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"e886429e-9532-4f44-bb36-6465fe760866\",\"name\":\"indexpattern-datasource-layer-ff6a221f-469c-4ef6-a8e1-3f697430331c\"}],\"state\":{\"visualization\":{\"columns\":[{\"isTransposed\":false,\"columnId\":\"709554a2-6b92-446a-8924-35460cb0962b\"},{\"columnId\":\"9c48cd5b-dbef-4c40-a417-27bfdf6b4721\",\"isTransposed\":false},{\"columnId\":\"886a311d-40aa-44de-9feb-6a9a2d9cc915\",\"isTransposed\":false},{\"columnId\":\"d440007c-1904-4e96-b222-df218f750a23\",\"isTransposed\":false,\"alignment\":\"center\"},{\"columnId\":\"e7108e0d-22b2-4f89-9f2b-290ecb6ccca9\",\"isTransposed\":false}],\"layerId\":\"ff6a221f-469c-4ef6-a8e1-3f697430331c\",\"layerType\":\"data\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"ff6a221f-469c-4ef6-a8e1-3f697430331c\":{\"columns\":{\"709554a2-6b92-446a-8924-35460cb0962b\":{\"label\":\"Driver Name\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.adapter.driver.name\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"e7108e0d-22b2-4f89-9f2b-290ecb6ccca9\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"9c48cd5b-dbef-4c40-a417-27bfdf6b4721\":{\"label\":\"Driver File\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.adapter.driver.file_name\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"e7108e0d-22b2-4f89-9f2b-290ecb6ccca9\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"886a311d-40aa-44de-9feb-6a9a2d9cc915\":{\"label\":\"Provider\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.adapter.driver.provider\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"e7108e0d-22b2-4f89-9f2b-290ecb6ccca9\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"d440007c-1904-4e96-b222-df218f750a23\":{\"label\":\"Version\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.adapter.driver.version\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"e7108e0d-22b2-4f89-9f2b-290ecb6ccca9\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"e7108e0d-22b2-4f89-9f2b-290ecb6ccca9\":{\"label\":\"Driver Date\",\"dataType\":\"date\",\"operationType\":\"last_value\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"host.adapter.driver.date\",\"filter\":{\"query\":\"host.adapter.driver.date: *\",\"language\":\"kuery\"},\"params\":{\"sortField\":\"@timestamp\"},\"customLabel\":true}},\"columnOrder\":[\"709554a2-6b92-446a-8924-35460cb0962b\",\"d440007c-1904-4e96-b222-df218f750a23\",\"9c48cd5b-dbef-4c40-a417-27bfdf6b4721\",\"886a311d-40aa-44de-9feb-6a9a2d9cc915\",\"e7108e0d-22b2-4f89-9f2b-290ecb6ccca9\"],\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Driver Information\"},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":14,\"w\":48,\"h\":10,\"i\":\"15c69399-dcbc-4881-bc99-4818e466265c\"},\"panelIndex\":\"15c69399-dcbc-4881-bc99-4818e466265c\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"e886429e-9532-4f44-bb36-6465fe760866\",\"name\":\"indexpattern-datasource-layer-6a5dd59a-90ba-4d4e-ab97-e829b8d2deb7\"}],\"state\":{\"visualization\":{\"columns\":[{\"isTransposed\":false,\"columnId\":\"b1e9f075-199d-446c-8433-c2730dfc96bd\",\"width\":216.75454545454545},{\"isTransposed\":false,\"columnId\":\"08b29813-ec38-4395-8a88-7c889625a8e2\",\"hidden\":true},{\"columnId\":\"879a60e7-10d5-42f8-b2c1-01ea749635cb\",\"isTransposed\":false,\"width\":173.97118181818183},{\"columnId\":\"69b26d50-3416-47ef-aa4e-9d2c689b0b63\",\"isTransposed\":false,\"alignment\":\"center\",\"collapseFn\":\"\"},{\"columnId\":\"8ab455b8-c910-4c6a-bcef-affc5bb67e8d\",\"isTransposed\":false,\"alignment\":\"center\",\"width\":116.52673737373738},{\"columnId\":\"602140d9-4086-44be-abc5-897301f23eff\",\"isTransposed\":false,\"alignment\":\"center\"},{\"columnId\":\"f1e5a62a-3593-4d6a-93dc-b907a0c92d91\",\"isTransposed\":false,\"width\":133.65173737373738},{\"columnId\":\"e1189c3c-f074-4ea5-bdc1-dbf36939e37a\",\"isTransposed\":false,\"alignment\":\"center\",\"width\":109.50888023088024},{\"columnId\":\"169ce68c-3a37-46f0-b5ec-009e53190781\",\"isTransposed\":false,\"alignment\":\"center\"},{\"columnId\":\"be1f5181-4560-439a-abb0-bb6c83c22136\",\"isTransposed\":false,\"alignment\":\"center\"},{\"columnId\":\"fc864c56-0a4b-493a-ad61-6ccf28b29ef1\",\"isTransposed\":false,\"width\":94.45454545454547,\"alignment\":\"center\"},{\"columnId\":\"c971cbdc-b632-4b4c-b31d-007efef17ea7\",\"isTransposed\":false,\"alignment\":\"center\",\"width\":121.0790909090909},{\"columnId\":\"0c76bafc-3ee0-4f81-84df-4c2d4360b3bd\",\"isTransposed\":false}],\"layerId\":\"6a5dd59a-90ba-4d4e-ab97-e829b8d2deb7\",\"layerType\":\"data\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"6a5dd59a-90ba-4d4e-ab97-e829b8d2deb7\":{\"columns\":{\"b1e9f075-199d-446c-8433-c2730dfc96bd\":{\"label\":\"IP Address\",\"dataType\":\"ip\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.adapter.ip\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"08b29813-ec38-4395-8a88-7c889625a8e2\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"08b29813-ec38-4395-8a88-7c889625a8e2\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true}},\"879a60e7-10d5-42f8-b2c1-01ea749635cb\":{\"label\":\"MAC Address\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.adapter.mac\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"08b29813-ec38-4395-8a88-7c889625a8e2\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"69b26d50-3416-47ef-aa4e-9d2c689b0b63\":{\"label\":\"Domain\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.adapter.domain\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"08b29813-ec38-4395-8a88-7c889625a8e2\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"8ab455b8-c910-4c6a-bcef-affc5bb67e8d\":{\"label\":\"Link Speed\",\"dataType\":\"number\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.adapter.link_speed\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"08b29813-ec38-4395-8a88-7c889625a8e2\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false,\"format\":{\"id\":\"number\",\"params\":{\"decimals\":2}}},\"customLabel\":true},\"602140d9-4086-44be-abc5-897301f23eff\":{\"label\":\"Media Type\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.adapter.media.type\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"08b29813-ec38-4395-8a88-7c889625a8e2\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"f1e5a62a-3593-4d6a-93dc-b907a0c92d91\":{\"label\":\"Gateway\",\"dataType\":\"ip\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.adapter.gateway\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"08b29813-ec38-4395-8a88-7c889625a8e2\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"e1189c3c-f074-4ea5-bdc1-dbf36939e37a\":{\"label\":\"MTU\",\"dataType\":\"number\",\"operationType\":\"range\",\"sourceField\":\"host.adapter.mtu\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"includeEmptyRows\":true,\"type\":\"histogram\",\"ranges\":[{\"from\":0,\"to\":1000,\"label\":\"\"}],\"maxBars\":\"auto\"},\"customLabel\":true},\"169ce68c-3a37-46f0-b5ec-009e53190781\":{\"label\":\"WINS Server\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.adapter.wins_server\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"08b29813-ec38-4395-8a88-7c889625a8e2\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"be1f5181-4560-439a-abb0-bb6c83c22136\":{\"label\":\"VLAN ID\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.adapter.vlan.id\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"08b29813-ec38-4395-8a88-7c889625a8e2\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"fc864c56-0a4b-493a-ad61-6ccf28b29ef1\":{\"label\":\"Subnet\",\"dataType\":\"number\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.adapter.subnet_bit\",\"isBucketed\":true,\"params\":{\"size\":1,\"orderBy\":{\"type\":\"alphabetical\",\"fallback\":false},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"c971cbdc-b632-4b4c-b31d-007efef17ea7\":{\"label\":\"Virtual\",\"dataType\":\"boolean\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.adapter.virtual\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"08b29813-ec38-4395-8a88-7c889625a8e2\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"0c76bafc-3ee0-4f81-84df-4c2d4360b3bd\":{\"label\":\"Alias\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.adapter.alias\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"08b29813-ec38-4395-8a88-7c889625a8e2\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true}},\"columnOrder\":[\"b1e9f075-199d-446c-8433-c2730dfc96bd\",\"fc864c56-0a4b-493a-ad61-6ccf28b29ef1\",\"879a60e7-10d5-42f8-b2c1-01ea749635cb\",\"69b26d50-3416-47ef-aa4e-9d2c689b0b63\",\"8ab455b8-c910-4c6a-bcef-affc5bb67e8d\",\"602140d9-4086-44be-abc5-897301f23eff\",\"f1e5a62a-3593-4d6a-93dc-b907a0c92d91\",\"e1189c3c-f074-4ea5-bdc1-dbf36939e37a\",\"169ce68c-3a37-46f0-b5ec-009e53190781\",\"be1f5181-4560-439a-abb0-bb6c83c22136\",\"c971cbdc-b632-4b4c-b31d-007efef17ea7\",\"0c76bafc-3ee0-4f81-84df-4c2d4360b3bd\",\"08b29813-ec38-4395-8a88-7c889625a8e2\"],\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Network Card Info\"},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":24,\"w\":14,\"h\":7,\"i\":\"a028776c-7f2e-46e7-b7a0-4b7541293e41\"},\"panelIndex\":\"a028776c-7f2e-46e7-b7a0-4b7541293e41\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"e886429e-9532-4f44-bb36-6465fe760866\",\"name\":\"indexpattern-datasource-layer-6a5f4190-04a3-4ad6-9a21-ca8517a3de08\"}],\"state\":{\"visualization\":{\"columns\":[{\"columnId\":\"169f84ee-3fc5-42ee-85b5-0809636c9075\",\"isTransposed\":false,\"alignment\":\"center\"},{\"columnId\":\"1648b1b2-3c66-46bf-8d7b-0812b1a8f85d\",\"isTransposed\":false,\"alignment\":\"center\"},{\"columnId\":\"33a05cbb-825f-4b2b-8354-2ae40a593309\",\"isTransposed\":false},{\"columnId\":\"9d5546e2-9c37-469d-aefc-11c45ba73d0c\",\"isTransposed\":false}],\"layerId\":\"6a5f4190-04a3-4ad6-9a21-ca8517a3de08\",\"layerType\":\"data\"},\"query\":{\"query\":\"host.adapter.dhcp.enabled : true\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"6a5f4190-04a3-4ad6-9a21-ca8517a3de08\":{\"columns\":{\"169f84ee-3fc5-42ee-85b5-0809636c9075\":{\"label\":\"Lease Expires\",\"dataType\":\"date\",\"operationType\":\"last_value\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"host.adapter.dhcp.lease_expires\",\"filter\":{\"query\":\"host.adapter.dhcp.lease_expires: *\",\"language\":\"kuery\"},\"params\":{\"sortField\":\"@timestamp\"},\"customLabel\":true},\"1648b1b2-3c66-46bf-8d7b-0812b1a8f85d\":{\"label\":\"Lease Obtained\",\"dataType\":\"date\",\"operationType\":\"last_value\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"host.adapter.dhcp.lease_obtained\",\"filter\":{\"query\":\"host.adapter.dhcp.lease_obtained: *\",\"language\":\"kuery\"},\"params\":{\"sortField\":\"@timestamp\"},\"customLabel\":true},\"33a05cbb-825f-4b2b-8354-2ae40a593309\":{\"label\":\"Top 3 values of host.adapter.ip\",\"dataType\":\"ip\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.adapter.ip\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"169f84ee-3fc5-42ee-85b5-0809636c9075\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false}},\"9d5546e2-9c37-469d-aefc-11c45ba73d0c\":{\"label\":\"DHCP Server\",\"dataType\":\"ip\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.adapter.dhcp.server\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"169f84ee-3fc5-42ee-85b5-0809636c9075\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true}},\"columnOrder\":[\"33a05cbb-825f-4b2b-8354-2ae40a593309\",\"9d5546e2-9c37-469d-aefc-11c45ba73d0c\",\"169f84ee-3fc5-42ee-85b5-0809636c9075\",\"1648b1b2-3c66-46bf-8d7b-0812b1a8f85d\"],\"sampling\":1,\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"DHCP Information\"},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":14,\"y\":24,\"w\":34,\"h\":7,\"i\":\"b67d31de-03fe-4151-94b5-33ee802a20ae\"},\"panelIndex\":\"b67d31de-03fe-4151-94b5-33ee802a20ae\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"e886429e-9532-4f44-bb36-6465fe760866\",\"name\":\"indexpattern-datasource-layer-c5561883-030e-440b-9c1d-213e698c5b49\"}],\"state\":{\"visualization\":{\"layerId\":\"c5561883-030e-440b-9c1d-213e698c5b49\",\"layerType\":\"data\",\"columns\":[{\"isTransposed\":false,\"columnId\":\"e0e7b347-b072-41ed-8937-3a83de5f2555\"},{\"columnId\":\"4a2c3854-b909-47e1-a1fa-306163e857a6\",\"isTransposed\":false,\"alignment\":\"center\"},{\"columnId\":\"c6d2c172-9bb9-4444-8137-61ddba2c1c32\",\"isTransposed\":false},{\"columnId\":\"11b024cd-e49d-4b7d-83f4-e3f166cfc941\",\"isTransposed\":false},{\"columnId\":\"789086fb-0e1c-4541-a898-f788cb907cff\",\"isTransposed\":false},{\"columnId\":\"730a85a0-b35e-4f94-bdc5-a5227d02d2cd\",\"isTransposed\":false},{\"columnId\":\"33e14b38-1516-484a-b91f-15a98b79e330\",\"isTransposed\":false},{\"columnId\":\"5c8e3b75-49d8-4fa9-9700-a41806cb4364\",\"isTransposed\":false},{\"columnId\":\"09fe6e46-ea11-4357-bb69-81633e6607e9\",\"isTransposed\":false,\"alignment\":\"center\"}]},\"query\":{\"query\":\"host.adapter.wifi.enabled : true\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"c5561883-030e-440b-9c1d-213e698c5b49\":{\"columns\":{\"e0e7b347-b072-41ed-8937-3a83de5f2555\":{\"label\":\"SSID\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.adapter.wifi.ssid\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"4a2c3854-b909-47e1-a1fa-306163e857a6\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"4a2c3854-b909-47e1-a1fa-306163e857a6\":{\"label\":\"Last value of host.adapter.wifi.signal_percent\",\"dataType\":\"number\",\"operationType\":\"last_value\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"host.adapter.wifi.signal_percent\",\"filter\":{\"query\":\"host.adapter.wifi.signal_percent: *\",\"language\":\"kuery\"},\"params\":{\"sortField\":\"@timestamp\",\"format\":{\"id\":\"percent\",\"params\":{\"decimals\":2}}}},\"c6d2c172-9bb9-4444-8137-61ddba2c1c32\":{\"label\":\"WIFI Authentication\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.adapter.wifi.authentication\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"4a2c3854-b909-47e1-a1fa-306163e857a6\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"11b024cd-e49d-4b7d-83f4-e3f166cfc941\":{\"label\":\"WIFI Cipher\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.adapter.wifi.cipher\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"4a2c3854-b909-47e1-a1fa-306163e857a6\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"789086fb-0e1c-4541-a898-f788cb907cff\":{\"label\":\"BSSID\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.adapter.wifi.bssid\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"4a2c3854-b909-47e1-a1fa-306163e857a6\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"730a85a0-b35e-4f94-bdc5-a5227d02d2cd\":{\"label\":\"Band\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.adapter.wifi.band\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"4a2c3854-b909-47e1-a1fa-306163e857a6\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"33e14b38-1516-484a-b91f-15a98b79e330\":{\"label\":\"Radio Type\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.adapter.wifi.radio_type\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"4a2c3854-b909-47e1-a1fa-306163e857a6\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"5c8e3b75-49d8-4fa9-9700-a41806cb4364\":{\"label\":\"Channel\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.adapter.wifi.channel\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"4a2c3854-b909-47e1-a1fa-306163e857a6\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"09fe6e46-ea11-4357-bb69-81633e6607e9\":{\"label\":\"IP\",\"dataType\":\"ip\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.adapter.ip\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"4a2c3854-b909-47e1-a1fa-306163e857a6\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true}},\"columnOrder\":[\"09fe6e46-ea11-4357-bb69-81633e6607e9\",\"e0e7b347-b072-41ed-8937-3a83de5f2555\",\"789086fb-0e1c-4541-a898-f788cb907cff\",\"c6d2c172-9bb9-4444-8137-61ddba2c1c32\",\"11b024cd-e49d-4b7d-83f4-e3f166cfc941\",\"730a85a0-b35e-4f94-bdc5-a5227d02d2cd\",\"33e14b38-1516-484a-b91f-15a98b79e330\",\"5c8e3b75-49d8-4fa9-9700-a41806cb4364\",\"4a2c3854-b909-47e1-a1fa-306163e857a6\"],\"sampling\":1,\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"WIFI Connections\"}]", + "refreshInterval": { + "pause": true, + "value": 0 + }, + "timeFrom": "now-30d/d", + "timeRestore": true, + "timeTo": "now", + "title": "[TYCHON] Endpoint Browser - Network Cards", + "version": 1 + }, + "coreMigrationVersion": "8.6.2", + "created_at": "2023-08-23T20:42:39.548Z", + "id": "tychon-1af57010-41b6-11ee-83e4-c92ed141b9e5-networkadapter", + "migrationVersion": { + "dashboard": "8.6.0" + }, + "references": [ + { + "id": "tychon-ee4b44b0-40e6-11ee-8111-21f5f34f6dfc", + "name": "89be3f45-0b62-42ac-83fa-2f2f7f9857cb:panel_89be3f45-0b62-42ac-83fa-2f2f7f9857cb", + "type": "visualization" + }, + { + "id": "e886429e-9532-4f44-bb36-6465fe760866", + "name": "084075d4-a371-4a99-9bf0-627c41cf8b53:indexpattern-datasource-layer-af5e1785-c716-4020-a4af-3349819785f8", + "type": "index-pattern" + }, + { + "id": "e886429e-9532-4f44-bb36-6465fe760866", + "name": "f9cc6faa-ea73-4da4-97ab-08f81e9cb3fe:indexpattern-datasource-layer-ff6a221f-469c-4ef6-a8e1-3f697430331c", + "type": "index-pattern" + }, + { + "id": "e886429e-9532-4f44-bb36-6465fe760866", + "name": "15c69399-dcbc-4881-bc99-4818e466265c:indexpattern-datasource-layer-6a5dd59a-90ba-4d4e-ab97-e829b8d2deb7", + "type": "index-pattern" + }, + { + "id": "e886429e-9532-4f44-bb36-6465fe760866", + "name": "a028776c-7f2e-46e7-b7a0-4b7541293e41:indexpattern-datasource-layer-6a5f4190-04a3-4ad6-9a21-ca8517a3de08", + "type": "index-pattern" + }, + { + "id": "e886429e-9532-4f44-bb36-6465fe760866", + "name": "b67d31de-03fe-4151-94b5-33ee802a20ae:indexpattern-datasource-layer-c5561883-030e-440b-9c1d-213e698c5b49", + "type": "index-pattern" + }, + { + "id": "bb5226cd-c099-46d2-bb71-0257232c7d82", + "name": "controlGroup_a888c608-f4d6-4b9e-89e5-b23938eae614:optionsListDataView", + "type": "index-pattern" + }, + { + "id": "a3922360-3de6-11ee-9610-15dee918f31a", + "name": "tag-ref-a3922360-3de6-11ee-9610-15dee918f31a", + "type": "tag" + }, + { + "id": "e18d6100-3c85-11ee-9610-15dee918f31a", + "name": "tag-ref-e18d6100-3c85-11ee-9610-15dee918f31a", + "type": "tag" + }, + { + "id": "10af3800-10f3-11ee-af86-538da1394f27", + "name": "tag-ref-10af3800-10f3-11ee-af86-538da1394f27", + "type": "tag" + }, + { + "id": "11990b80-41b6-11ee-83e4-c92ed141b9e5", + "name": "tag-ref-11990b80-41b6-11ee-83e4-c92ed141b9e5", + "type": "tag" + } + ], + "type": "dashboard", + "updated_at": "2023-08-23T20:42:39.548Z", + "version": "WzgyMDM1NCwyMl0=" +} \ No newline at end of file diff --git a/packages/tychon/kibana/dashboard/tychon-267716e0-e9d8-11ed-9d4a-9513ae375d2b-epp.json b/packages/tychon/kibana/dashboard/tychon-267716e0-e9d8-11ed-9d4a-9513ae375d2b-epp.json new file mode 100644 index 00000000000..bbbebbaf91a --- /dev/null +++ b/packages/tychon/kibana/dashboard/tychon-267716e0-e9d8-11ed-9d4a-9513ae375d2b-epp.json @@ -0,0 +1,250 @@ +{ + "attributes": { + "description": "TYCHON captures the status of Trellix, Elastic Defender, and Windows Defender features and versions on endpoints and reports the information in this dashboard.", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "optionsJSON": "{\"useMargins\":true,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}", + "panelsJSON": "[{\"version\":\"8.6.2\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":7,\"h\":14,\"i\":\"d2e09597-e06f-4cf8-8bfd-88d40612b89e\"},\"panelIndex\":\"d2e09597-e06f-4cf8-8bfd-88d40612b89e\",\"embeddableConfig\":{\"savedVis\":{\"id\":\"\",\"title\":\"\",\"description\":\"\",\"type\":\"markdown\",\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"### Endpoint Protection Status\\nTYCHON tracks specific Endpoint Protection vendors for enabled features, installed software, and definition versions. Currently, TYCHON supports Trellix, Elastic Defender, and Windows Defender.\"},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"hidePanelTitles\":true,\"enhancements\":{}}},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":7,\"y\":0,\"w\":4,\"h\":7,\"i\":\"f9a975c1-d99b-436b-9173-c616f0059426\"},\"panelIndex\":\"f9a975c1-d99b-436b-9173-c616f0059426\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsLegacyMetric\",\"type\":\"lens\",\"references\":[{\"name\":\"indexpattern-datasource-layer-69f12a8d-98b2-49f6-bbf5-4182bffc0572\",\"id\":\"bb5226cd-c099-46d2-bb71-0257232c7d82\",\"type\":\"index-pattern\"}],\"state\":{\"visualization\":{\"layerId\":\"69f12a8d-98b2-49f6-bbf5-4182bffc0572\",\"accessor\":\"8e04d29a-e144-4e68-a816-7e820fabc9b4\",\"layerType\":\"data\",\"colorMode\":\"None\",\"size\":\"l\",\"textAlign\":\"center\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"69f12a8d-98b2-49f6-bbf5-4182bffc0572\":{\"columns\":{\"8e04d29a-e144-4e68-a816-7e820fabc9b4\":{\"label\":\"Total Endpoints Tracked\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"host.hostname\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":true},\"customLabel\":true}},\"columnOrder\":[\"8e04d29a-e144-4e68-a816-7e820fabc9b4\"],\"sampling\":1,\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":true,\"enhancements\":{}}},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":11,\"y\":0,\"w\":4,\"h\":7,\"i\":\"dca19098-8eb9-440e-abf0-19ef55cee62c\"},\"panelIndex\":\"dca19098-8eb9-440e-abf0-19ef55cee62c\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsMetric\",\"type\":\"lens\",\"references\":[{\"name\":\"indexpattern-datasource-layer-3bf4a05d-75bb-449c-8fd1-34014d8a71e2\",\"id\":\"6c3bf5e0-0feb-4113-a417-ac5e69cd6e00\",\"type\":\"index-pattern\"}],\"state\":{\"visualization\":{\"layerId\":\"3bf4a05d-75bb-449c-8fd1-34014d8a71e2\",\"layerType\":\"data\",\"palette\":{\"type\":\"palette\",\"name\":\"status\",\"params\":{\"name\":\"status\",\"reverse\":false,\"rangeType\":\"number\",\"rangeMin\":null,\"rangeMax\":null,\"progression\":\"fixed\",\"stops\":[{\"color\":\"#209280\",\"stop\":1.33},{\"color\":\"#d6bf57\",\"stop\":2.66},{\"color\":\"#cc5642\",\"stop\":4}],\"steps\":3,\"colorStops\":[],\"continuity\":\"all\",\"maxSteps\":5}},\"metricAccessor\":\"82ce687c-6166-4fe3-bad6-69ddbc84ec76\",\"showBar\":true,\"maxAccessor\":\"7713b385-a222-4c2f-a03b-6c8d04045c8a\",\"progressDirection\":\"horizontal\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"3bf4a05d-75bb-449c-8fd1-34014d8a71e2\":{\"columns\":{\"82ce687c-6166-4fe3-bad6-69ddbc84ec76\":{\"label\":\"Systems with a Feature Disabled\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"host.hostname\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":true},\"customLabel\":true,\"filter\":{\"query\":\"windows_defender.service.antimalware.status : \\\"Disabled\\\" or windows_defender.service.antispyware.status :\\\"Disabled\\\" or windows_defender.service.antivirus.status : \\\"Disabled\\\" or windows_defender.service.behavior_monitor.status : \\\"Disabled\\\" or windows_defender.service.ioav_protection.status : \\\"Disabled\\\" or windows_defender.service.nis.status : \\\"Disabled\\\" or windows_defender.service.on_access_protection.status : \\\"Disabled\\\" or windows_defender.service.real_time_protection.status : \\\"Disabled\\\" \",\"language\":\"kuery\"}},\"7713b385-a222-4c2f-a03b-6c8d04045c8a\":{\"label\":\"Unique count of agent.id\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"agent.id\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":true}}},\"columnOrder\":[\"82ce687c-6166-4fe3-bad6-69ddbc84ec76\",\"7713b385-a222-4c2f-a03b-6c8d04045c8a\"],\"sampling\":1,\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{}}},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":15,\"y\":0,\"w\":4,\"h\":7,\"i\":\"4383ee4c-ec16-48c2-bb13-8f896a9519d4\"},\"panelIndex\":\"4383ee4c-ec16-48c2-bb13-8f896a9519d4\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsMetric\",\"type\":\"lens\",\"references\":[{\"name\":\"indexpattern-datasource-layer-3bf4a05d-75bb-449c-8fd1-34014d8a71e2\",\"id\":\"6c3bf5e0-0feb-4113-a417-ac5e69cd6e00\",\"type\":\"index-pattern\"}],\"state\":{\"visualization\":{\"layerId\":\"3bf4a05d-75bb-449c-8fd1-34014d8a71e2\",\"layerType\":\"data\",\"palette\":{\"type\":\"palette\",\"name\":\"status\",\"params\":{\"name\":\"status\",\"reverse\":false,\"rangeType\":\"number\",\"rangeMin\":null,\"rangeMax\":null,\"progression\":\"fixed\",\"stops\":[{\"color\":\"#209280\",\"stop\":1.33},{\"color\":\"#d6bf57\",\"stop\":2.66},{\"color\":\"#cc5642\",\"stop\":4}],\"steps\":3,\"colorStops\":[],\"continuity\":\"all\",\"maxSteps\":5}},\"metricAccessor\":\"82ce687c-6166-4fe3-bad6-69ddbc84ec76\",\"showBar\":true,\"maxAccessor\":\"7713b385-a222-4c2f-a03b-6c8d04045c8a\",\"progressDirection\":\"horizontal\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"3bf4a05d-75bb-449c-8fd1-34014d8a71e2\":{\"columns\":{\"82ce687c-6166-4fe3-bad6-69ddbc84ec76\":{\"label\":\"Systems with Anti-Spyware Disabled\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"host.hostname\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":false},\"customLabel\":true,\"filter\":{\"query\":\"windows_defender.service.antispyware.status :\\\"Disabled\\\"\",\"language\":\"kuery\"}},\"7713b385-a222-4c2f-a03b-6c8d04045c8a\":{\"label\":\"Unique count of agent.id\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"agent.id\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":true}}},\"columnOrder\":[\"82ce687c-6166-4fe3-bad6-69ddbc84ec76\",\"7713b385-a222-4c2f-a03b-6c8d04045c8a\"],\"sampling\":1,\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{}},\"title\":\"\"},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":19,\"y\":0,\"w\":4,\"h\":7,\"i\":\"d3b08c18-3a64-4ea0-95f1-39ac4198013d\"},\"panelIndex\":\"d3b08c18-3a64-4ea0-95f1-39ac4198013d\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsMetric\",\"type\":\"lens\",\"references\":[{\"name\":\"indexpattern-datasource-layer-3bf4a05d-75bb-449c-8fd1-34014d8a71e2\",\"id\":\"6c3bf5e0-0feb-4113-a417-ac5e69cd6e00\",\"type\":\"index-pattern\"}],\"state\":{\"visualization\":{\"layerId\":\"3bf4a05d-75bb-449c-8fd1-34014d8a71e2\",\"layerType\":\"data\",\"palette\":{\"type\":\"palette\",\"name\":\"status\",\"params\":{\"name\":\"status\",\"reverse\":false,\"rangeType\":\"number\",\"rangeMin\":null,\"rangeMax\":null,\"progression\":\"fixed\",\"stops\":[{\"color\":\"#209280\",\"stop\":1.33},{\"color\":\"#d6bf57\",\"stop\":2.66},{\"color\":\"#cc5642\",\"stop\":4}],\"steps\":3,\"colorStops\":[],\"continuity\":\"all\",\"maxSteps\":5}},\"metricAccessor\":\"82ce687c-6166-4fe3-bad6-69ddbc84ec76\",\"showBar\":true,\"maxAccessor\":\"7713b385-a222-4c2f-a03b-6c8d04045c8a\",\"progressDirection\":\"horizontal\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"3bf4a05d-75bb-449c-8fd1-34014d8a71e2\":{\"columns\":{\"82ce687c-6166-4fe3-bad6-69ddbc84ec76\":{\"label\":\"Systems with Behavior Monitor Disabled\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"host.hostname\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":false},\"customLabel\":true,\"filter\":{\"query\":\"windows_defender.service.behavior_monitor.status : \\\"Disabled\\\"\",\"language\":\"kuery\"}},\"7713b385-a222-4c2f-a03b-6c8d04045c8a\":{\"label\":\"Unique count of agent.id\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"agent.id\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":true}}},\"columnOrder\":[\"82ce687c-6166-4fe3-bad6-69ddbc84ec76\",\"7713b385-a222-4c2f-a03b-6c8d04045c8a\"],\"sampling\":1,\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{}},\"title\":\"\"},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":23,\"y\":0,\"w\":4,\"h\":7,\"i\":\"ac716d8e-e533-4072-aa74-65848d4e0925\"},\"panelIndex\":\"ac716d8e-e533-4072-aa74-65848d4e0925\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsMetric\",\"type\":\"lens\",\"references\":[{\"name\":\"indexpattern-datasource-layer-3bf4a05d-75bb-449c-8fd1-34014d8a71e2\",\"id\":\"6c3bf5e0-0feb-4113-a417-ac5e69cd6e00\",\"type\":\"index-pattern\"}],\"state\":{\"visualization\":{\"layerId\":\"3bf4a05d-75bb-449c-8fd1-34014d8a71e2\",\"layerType\":\"data\",\"palette\":{\"type\":\"palette\",\"name\":\"status\",\"params\":{\"name\":\"status\",\"reverse\":false,\"rangeType\":\"number\",\"rangeMin\":null,\"rangeMax\":null,\"progression\":\"fixed\",\"stops\":[{\"color\":\"#209280\",\"stop\":1.33},{\"color\":\"#d6bf57\",\"stop\":2.66},{\"color\":\"#cc5642\",\"stop\":4}],\"steps\":3,\"colorStops\":[],\"continuity\":\"all\",\"maxSteps\":5}},\"metricAccessor\":\"82ce687c-6166-4fe3-bad6-69ddbc84ec76\",\"showBar\":true,\"maxAccessor\":\"7713b385-a222-4c2f-a03b-6c8d04045c8a\",\"progressDirection\":\"horizontal\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"3bf4a05d-75bb-449c-8fd1-34014d8a71e2\":{\"columns\":{\"82ce687c-6166-4fe3-bad6-69ddbc84ec76\":{\"label\":\"Systems with RealTime Protection Disabled\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"host.hostname\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":false},\"customLabel\":true,\"filter\":{\"query\":\"windows_defender.service.real_time_protection.status : \\\"Disabled\\\" \",\"language\":\"kuery\"}},\"7713b385-a222-4c2f-a03b-6c8d04045c8a\":{\"label\":\"Unique count of agent.id\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"agent.id\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":true}}},\"columnOrder\":[\"82ce687c-6166-4fe3-bad6-69ddbc84ec76\",\"7713b385-a222-4c2f-a03b-6c8d04045c8a\"],\"sampling\":1,\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{}},\"title\":\"\"},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":27,\"y\":0,\"w\":4,\"h\":7,\"i\":\"e5b0bf6c-69e6-4892-b691-9bc21f0c6b25\"},\"panelIndex\":\"e5b0bf6c-69e6-4892-b691-9bc21f0c6b25\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsLegacyMetric\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"6c3bf5e0-0feb-4113-a417-ac5e69cd6e00\",\"name\":\"indexpattern-datasource-layer-69f12a8d-98b2-49f6-bbf5-4182bffc0572\"}],\"state\":{\"visualization\":{\"layerId\":\"69f12a8d-98b2-49f6-bbf5-4182bffc0572\",\"accessor\":\"8e04d29a-e144-4e68-a816-7e820fabc9b4\",\"layerType\":\"data\",\"colorMode\":\"None\",\"size\":\"l\",\"textAlign\":\"center\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"69f12a8d-98b2-49f6-bbf5-4182bffc0572\":{\"columns\":{\"8e04d29a-e144-4e68-a816-7e820fabc9b4\":{\"label\":\"Total Trellix Endpoints Tracked\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"host.hostname\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":false},\"customLabel\":true,\"filter\":{\"query\":\"not trellix.service.ens.version : \\\"\\\" or not trellix.service.accm.version :\\\"\\\" or not trellix.service.dlp.version :\\\"\\\" or not trellix.service.pa.version : \\\"\\\"\",\"language\":\"kuery\"}}},\"columnOrder\":[\"8e04d29a-e144-4e68-a816-7e820fabc9b4\"],\"sampling\":1,\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":true,\"enhancements\":{}},\"title\":\"\"},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":31,\"y\":0,\"w\":4,\"h\":7,\"i\":\"bc5b8947-a82b-44d5-bea7-addfad736ad2\"},\"panelIndex\":\"bc5b8947-a82b-44d5-bea7-addfad736ad2\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsMetric\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"6c3bf5e0-0feb-4113-a417-ac5e69cd6e00\",\"name\":\"indexpattern-datasource-layer-3bf4a05d-75bb-449c-8fd1-34014d8a71e2\"}],\"state\":{\"visualization\":{\"layerId\":\"3bf4a05d-75bb-449c-8fd1-34014d8a71e2\",\"layerType\":\"data\",\"palette\":{\"type\":\"palette\",\"name\":\"status\",\"params\":{\"name\":\"status\",\"reverse\":false,\"rangeType\":\"number\",\"rangeMin\":null,\"rangeMax\":null,\"progression\":\"fixed\",\"stops\":[{\"color\":\"#209280\",\"stop\":1.33},{\"color\":\"#d6bf57\",\"stop\":2.66},{\"color\":\"#cc5642\",\"stop\":4}],\"steps\":3,\"colorStops\":[],\"continuity\":\"all\",\"maxSteps\":5}},\"metricAccessor\":\"82ce687c-6166-4fe3-bad6-69ddbc84ec76\",\"showBar\":true,\"maxAccessor\":\"7713b385-a222-4c2f-a03b-6c8d04045c8a\",\"progressDirection\":\"horizontal\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"3bf4a05d-75bb-449c-8fd1-34014d8a71e2\":{\"columns\":{\"82ce687c-6166-4fe3-bad6-69ddbc84ec76\":{\"label\":\"Systems with ENS Not Running\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"host.hostname\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":false},\"customLabel\":true,\"filter\":{\"query\":\"not trellix.service.ens.status : \\\"Running\\\" and not trellix.service.ens.version : \\\"\\\"\",\"language\":\"kuery\"}},\"7713b385-a222-4c2f-a03b-6c8d04045c8a\":{\"label\":\"Unique count of agent.id\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"agent.id\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":false},\"filter\":{\"query\":\"not trellix.service.ens.version : \\\"\\\"\",\"language\":\"kuery\"}}},\"columnOrder\":[\"82ce687c-6166-4fe3-bad6-69ddbc84ec76\",\"7713b385-a222-4c2f-a03b-6c8d04045c8a\"],\"sampling\":1,\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{}},\"title\":\"\"},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":35,\"y\":0,\"w\":4,\"h\":7,\"i\":\"370c3dc5-5a15-4347-b9a7-7d75ac86cb10\"},\"panelIndex\":\"370c3dc5-5a15-4347-b9a7-7d75ac86cb10\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsMetric\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"6c3bf5e0-0feb-4113-a417-ac5e69cd6e00\",\"name\":\"indexpattern-datasource-layer-3bf4a05d-75bb-449c-8fd1-34014d8a71e2\"}],\"state\":{\"visualization\":{\"layerId\":\"3bf4a05d-75bb-449c-8fd1-34014d8a71e2\",\"layerType\":\"data\",\"palette\":{\"type\":\"palette\",\"name\":\"status\",\"params\":{\"name\":\"status\",\"reverse\":false,\"rangeType\":\"number\",\"rangeMin\":null,\"rangeMax\":null,\"progression\":\"fixed\",\"stops\":[{\"color\":\"#209280\",\"stop\":1.33},{\"color\":\"#d6bf57\",\"stop\":2.66},{\"color\":\"#cc5642\",\"stop\":4}],\"steps\":3,\"colorStops\":[],\"continuity\":\"all\",\"maxSteps\":5}},\"metricAccessor\":\"82ce687c-6166-4fe3-bad6-69ddbc84ec76\",\"showBar\":true,\"maxAccessor\":\"7713b385-a222-4c2f-a03b-6c8d04045c8a\",\"progressDirection\":\"horizontal\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"3bf4a05d-75bb-449c-8fd1-34014d8a71e2\":{\"columns\":{\"82ce687c-6166-4fe3-bad6-69ddbc84ec76\":{\"label\":\"Systems with PA Not Running\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"host.hostname\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":false},\"customLabel\":true,\"filter\":{\"query\":\"not trellix.service.pa.status : \\\"Running\\\" and not trellix.service.pa.version : \\\"\\\"\",\"language\":\"kuery\"}},\"7713b385-a222-4c2f-a03b-6c8d04045c8a\":{\"label\":\"Unique count of agent.id\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"agent.id\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":false},\"filter\":{\"query\":\"not trellix.service.pa.version : \\\"\\\"\",\"language\":\"kuery\"}}},\"columnOrder\":[\"82ce687c-6166-4fe3-bad6-69ddbc84ec76\",\"7713b385-a222-4c2f-a03b-6c8d04045c8a\"],\"sampling\":1,\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{}},\"title\":\"\"},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":39,\"y\":0,\"w\":4,\"h\":7,\"i\":\"116cc01e-5861-4993-baaf-3f0cc2a312cf\"},\"panelIndex\":\"116cc01e-5861-4993-baaf-3f0cc2a312cf\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsLegacyMetric\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"6c3bf5e0-0feb-4113-a417-ac5e69cd6e00\",\"name\":\"indexpattern-datasource-layer-69f12a8d-98b2-49f6-bbf5-4182bffc0572\"}],\"state\":{\"visualization\":{\"layerId\":\"69f12a8d-98b2-49f6-bbf5-4182bffc0572\",\"accessor\":\"8e04d29a-e144-4e68-a816-7e820fabc9b4\",\"layerType\":\"data\",\"colorMode\":\"None\",\"size\":\"l\",\"textAlign\":\"center\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"69f12a8d-98b2-49f6-bbf5-4182bffc0572\":{\"columns\":{\"8e04d29a-e144-4e68-a816-7e820fabc9b4\":{\"label\":\"Total Elastic Defender Tracked\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"host.hostname\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":false},\"customLabel\":true,\"filter\":{\"query\":\"not elastic.service.endpoint.behavior_protection : \\\"\\\" and not elastic.service.endpoint.malware : \\\"\\\" and not elastic.service.endpoint.memory_protection : \\\"\\\"\",\"language\":\"kuery\"}}},\"columnOrder\":[\"8e04d29a-e144-4e68-a816-7e820fabc9b4\"],\"sampling\":1,\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":true,\"enhancements\":{}},\"title\":\"\"},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":43,\"y\":0,\"w\":4,\"h\":7,\"i\":\"94022264-e2ce-4661-b384-b2b5454b02c8\"},\"panelIndex\":\"94022264-e2ce-4661-b384-b2b5454b02c8\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsMetric\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"6c3bf5e0-0feb-4113-a417-ac5e69cd6e00\",\"name\":\"indexpattern-datasource-layer-3bf4a05d-75bb-449c-8fd1-34014d8a71e2\"}],\"state\":{\"visualization\":{\"layerId\":\"3bf4a05d-75bb-449c-8fd1-34014d8a71e2\",\"layerType\":\"data\",\"palette\":{\"type\":\"palette\",\"name\":\"status\",\"params\":{\"name\":\"status\",\"reverse\":false,\"rangeType\":\"number\",\"rangeMin\":null,\"rangeMax\":null,\"progression\":\"fixed\",\"stops\":[{\"color\":\"#209280\",\"stop\":1.33},{\"color\":\"#d6bf57\",\"stop\":2.66},{\"color\":\"#cc5642\",\"stop\":4}],\"steps\":3,\"colorStops\":[],\"continuity\":\"all\",\"maxSteps\":5}},\"metricAccessor\":\"82ce687c-6166-4fe3-bad6-69ddbc84ec76\",\"showBar\":true,\"maxAccessor\":\"7713b385-a222-4c2f-a03b-6c8d04045c8a\",\"progressDirection\":\"horizontal\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"3bf4a05d-75bb-449c-8fd1-34014d8a71e2\":{\"columns\":{\"82ce687c-6166-4fe3-bad6-69ddbc84ec76\":{\"label\":\"Systems with Elastic Malware Protection Not Protecting\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"host.hostname\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":false},\"customLabel\":true,\"filter\":{\"query\":\"not elastic.service.endpoint.malware: \\\"\\\" and not elastic.service.endpoint.malware : \\\"prevent\\\"\",\"language\":\"kuery\"}},\"7713b385-a222-4c2f-a03b-6c8d04045c8a\":{\"label\":\"Unique count of agent.id\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"agent.id\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":false},\"filter\":{\"query\":\"not elastic.service.endpoint.version : \\\"\\\"\",\"language\":\"kuery\"}}},\"columnOrder\":[\"82ce687c-6166-4fe3-bad6-69ddbc84ec76\",\"7713b385-a222-4c2f-a03b-6c8d04045c8a\"],\"sampling\":1,\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{}},\"title\":\"\"},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":7,\"y\":7,\"w\":4,\"h\":7,\"i\":\"0336a4e3-a647-415d-84b5-fef984ac4a3f\"},\"panelIndex\":\"0336a4e3-a647-415d-84b5-fef984ac4a3f\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsMetric\",\"type\":\"lens\",\"references\":[{\"name\":\"indexpattern-datasource-layer-3bf4a05d-75bb-449c-8fd1-34014d8a71e2\",\"id\":\"6c3bf5e0-0feb-4113-a417-ac5e69cd6e00\",\"type\":\"index-pattern\"}],\"state\":{\"visualization\":{\"layerId\":\"3bf4a05d-75bb-449c-8fd1-34014d8a71e2\",\"layerType\":\"data\",\"palette\":{\"type\":\"palette\",\"name\":\"status\",\"params\":{\"name\":\"status\",\"reverse\":false,\"rangeType\":\"number\",\"rangeMin\":null,\"rangeMax\":null,\"progression\":\"fixed\",\"stops\":[{\"color\":\"#209280\",\"stop\":1.33},{\"color\":\"#d6bf57\",\"stop\":2.66},{\"color\":\"#cc5642\",\"stop\":4}],\"steps\":3,\"colorStops\":[],\"continuity\":\"all\",\"maxSteps\":5}},\"metricAccessor\":\"82ce687c-6166-4fe3-bad6-69ddbc84ec76\",\"showBar\":true,\"maxAccessor\":\"7713b385-a222-4c2f-a03b-6c8d04045c8a\",\"progressDirection\":\"horizontal\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"3bf4a05d-75bb-449c-8fd1-34014d8a71e2\":{\"columns\":{\"82ce687c-6166-4fe3-bad6-69ddbc84ec76\":{\"label\":\"Systems with IOAV Disabled\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"host.hostname\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":false},\"customLabel\":true,\"filter\":{\"query\":\"windows_defender.service.ioav_protection.status : \\\"Disabled\\\"\",\"language\":\"kuery\"}},\"7713b385-a222-4c2f-a03b-6c8d04045c8a\":{\"label\":\"Unique count of agent.id\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"agent.id\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":true}}},\"columnOrder\":[\"82ce687c-6166-4fe3-bad6-69ddbc84ec76\",\"7713b385-a222-4c2f-a03b-6c8d04045c8a\"],\"sampling\":1,\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{}},\"title\":\"\"},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":11,\"y\":7,\"w\":4,\"h\":7,\"i\":\"5fa1a00d-8e9c-441f-be66-9b5c01663fd7\"},\"panelIndex\":\"5fa1a00d-8e9c-441f-be66-9b5c01663fd7\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsMetric\",\"type\":\"lens\",\"references\":[{\"name\":\"indexpattern-datasource-layer-3bf4a05d-75bb-449c-8fd1-34014d8a71e2\",\"id\":\"6c3bf5e0-0feb-4113-a417-ac5e69cd6e00\",\"type\":\"index-pattern\"}],\"state\":{\"visualization\":{\"layerId\":\"3bf4a05d-75bb-449c-8fd1-34014d8a71e2\",\"layerType\":\"data\",\"palette\":{\"type\":\"palette\",\"name\":\"status\",\"params\":{\"name\":\"status\",\"reverse\":false,\"rangeType\":\"number\",\"rangeMin\":null,\"rangeMax\":null,\"progression\":\"fixed\",\"stops\":[{\"color\":\"#209280\",\"stop\":1.33},{\"color\":\"#d6bf57\",\"stop\":2.66},{\"color\":\"#cc5642\",\"stop\":4}],\"steps\":3,\"colorStops\":[],\"continuity\":\"all\",\"maxSteps\":5}},\"metricAccessor\":\"82ce687c-6166-4fe3-bad6-69ddbc84ec76\",\"showBar\":true,\"maxAccessor\":\"7713b385-a222-4c2f-a03b-6c8d04045c8a\",\"progressDirection\":\"horizontal\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"3bf4a05d-75bb-449c-8fd1-34014d8a71e2\":{\"columns\":{\"82ce687c-6166-4fe3-bad6-69ddbc84ec76\":{\"label\":\"Systems with Anti-Malware Disabled\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"host.hostname\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":false},\"customLabel\":true,\"filter\":{\"query\":\"windows_defender.service.antimalware.status : \\\"Disabled\\\"\",\"language\":\"kuery\"}},\"7713b385-a222-4c2f-a03b-6c8d04045c8a\":{\"label\":\"Unique count of agent.id\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"agent.id\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":true}}},\"columnOrder\":[\"82ce687c-6166-4fe3-bad6-69ddbc84ec76\",\"7713b385-a222-4c2f-a03b-6c8d04045c8a\"],\"sampling\":1,\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{}},\"title\":\"\"},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":15,\"y\":7,\"w\":4,\"h\":7,\"i\":\"4d4e6682-9758-4359-a6f0-1ba6ca5e40f5\"},\"panelIndex\":\"4d4e6682-9758-4359-a6f0-1ba6ca5e40f5\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsMetric\",\"type\":\"lens\",\"references\":[{\"name\":\"indexpattern-datasource-layer-3bf4a05d-75bb-449c-8fd1-34014d8a71e2\",\"id\":\"6c3bf5e0-0feb-4113-a417-ac5e69cd6e00\",\"type\":\"index-pattern\"}],\"state\":{\"visualization\":{\"layerId\":\"3bf4a05d-75bb-449c-8fd1-34014d8a71e2\",\"layerType\":\"data\",\"palette\":{\"type\":\"palette\",\"name\":\"status\",\"params\":{\"name\":\"status\",\"reverse\":false,\"rangeType\":\"number\",\"rangeMin\":null,\"rangeMax\":null,\"progression\":\"fixed\",\"stops\":[{\"color\":\"#209280\",\"stop\":1.33},{\"color\":\"#d6bf57\",\"stop\":2.66},{\"color\":\"#cc5642\",\"stop\":4}],\"steps\":3,\"colorStops\":[],\"continuity\":\"all\",\"maxSteps\":5}},\"metricAccessor\":\"82ce687c-6166-4fe3-bad6-69ddbc84ec76\",\"showBar\":true,\"maxAccessor\":\"7713b385-a222-4c2f-a03b-6c8d04045c8a\",\"progressDirection\":\"horizontal\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"3bf4a05d-75bb-449c-8fd1-34014d8a71e2\":{\"columns\":{\"82ce687c-6166-4fe3-bad6-69ddbc84ec76\":{\"label\":\"Systems with Anti-Virus Disabled\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"host.hostname\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":false},\"customLabel\":true,\"filter\":{\"query\":\"windows_defender.service.antivirus.status : \\\"Disabled\\\"\",\"language\":\"kuery\"}},\"7713b385-a222-4c2f-a03b-6c8d04045c8a\":{\"label\":\"Unique count of agent.id\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"agent.id\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":true}}},\"columnOrder\":[\"82ce687c-6166-4fe3-bad6-69ddbc84ec76\",\"7713b385-a222-4c2f-a03b-6c8d04045c8a\"],\"sampling\":1,\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{}},\"title\":\"\"},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":19,\"y\":7,\"w\":4,\"h\":7,\"i\":\"6a29e48e-892b-4c8a-a3de-8884fd1d9820\"},\"panelIndex\":\"6a29e48e-892b-4c8a-a3de-8884fd1d9820\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsMetric\",\"type\":\"lens\",\"references\":[{\"name\":\"indexpattern-datasource-layer-3bf4a05d-75bb-449c-8fd1-34014d8a71e2\",\"id\":\"6c3bf5e0-0feb-4113-a417-ac5e69cd6e00\",\"type\":\"index-pattern\"}],\"state\":{\"visualization\":{\"layerId\":\"3bf4a05d-75bb-449c-8fd1-34014d8a71e2\",\"layerType\":\"data\",\"palette\":{\"type\":\"palette\",\"name\":\"status\",\"params\":{\"name\":\"status\",\"reverse\":false,\"rangeType\":\"number\",\"rangeMin\":null,\"rangeMax\":null,\"progression\":\"fixed\",\"stops\":[{\"color\":\"#209280\",\"stop\":1.33},{\"color\":\"#d6bf57\",\"stop\":2.66},{\"color\":\"#cc5642\",\"stop\":4}],\"steps\":3,\"colorStops\":[],\"continuity\":\"all\",\"maxSteps\":5}},\"metricAccessor\":\"82ce687c-6166-4fe3-bad6-69ddbc84ec76\",\"showBar\":true,\"maxAccessor\":\"7713b385-a222-4c2f-a03b-6c8d04045c8a\",\"progressDirection\":\"horizontal\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"3bf4a05d-75bb-449c-8fd1-34014d8a71e2\":{\"columns\":{\"82ce687c-6166-4fe3-bad6-69ddbc84ec76\":{\"label\":\"Systems with NIS Disabled\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"host.hostname\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":false},\"customLabel\":true,\"filter\":{\"query\":\"windows_defender.service.nis.status : \\\"Disabled\\\" \",\"language\":\"kuery\"}},\"7713b385-a222-4c2f-a03b-6c8d04045c8a\":{\"label\":\"Unique count of agent.id\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"agent.id\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":true}}},\"columnOrder\":[\"82ce687c-6166-4fe3-bad6-69ddbc84ec76\",\"7713b385-a222-4c2f-a03b-6c8d04045c8a\"],\"sampling\":1,\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{}},\"title\":\"\"},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":23,\"y\":7,\"w\":4,\"h\":7,\"i\":\"33d492ba-c62f-405e-84a2-c0254e8e743c\"},\"panelIndex\":\"33d492ba-c62f-405e-84a2-c0254e8e743c\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsMetric\",\"type\":\"lens\",\"references\":[{\"name\":\"indexpattern-datasource-layer-3bf4a05d-75bb-449c-8fd1-34014d8a71e2\",\"id\":\"6c3bf5e0-0feb-4113-a417-ac5e69cd6e00\",\"type\":\"index-pattern\"}],\"state\":{\"visualization\":{\"layerId\":\"3bf4a05d-75bb-449c-8fd1-34014d8a71e2\",\"layerType\":\"data\",\"palette\":{\"type\":\"palette\",\"name\":\"status\",\"params\":{\"name\":\"status\",\"reverse\":false,\"rangeType\":\"number\",\"rangeMin\":null,\"rangeMax\":null,\"progression\":\"fixed\",\"stops\":[{\"color\":\"#209280\",\"stop\":1.33},{\"color\":\"#d6bf57\",\"stop\":2.66},{\"color\":\"#cc5642\",\"stop\":4}],\"steps\":3,\"colorStops\":[],\"continuity\":\"all\",\"maxSteps\":5}},\"metricAccessor\":\"82ce687c-6166-4fe3-bad6-69ddbc84ec76\",\"showBar\":true,\"maxAccessor\":\"7713b385-a222-4c2f-a03b-6c8d04045c8a\",\"progressDirection\":\"horizontal\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"3bf4a05d-75bb-449c-8fd1-34014d8a71e2\":{\"columns\":{\"82ce687c-6166-4fe3-bad6-69ddbc84ec76\":{\"label\":\"Systems with On-Access Protection Disabled\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"host.hostname\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":false},\"customLabel\":true,\"filter\":{\"query\":\"windows_defender.service.on_access_protection.status : \\\"Disabled\\\" \",\"language\":\"kuery\"}},\"7713b385-a222-4c2f-a03b-6c8d04045c8a\":{\"label\":\"Unique count of agent.id\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"agent.id\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":true}}},\"columnOrder\":[\"82ce687c-6166-4fe3-bad6-69ddbc84ec76\",\"7713b385-a222-4c2f-a03b-6c8d04045c8a\"],\"sampling\":1,\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{}},\"title\":\"\"},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":27,\"y\":7,\"w\":4,\"h\":7,\"i\":\"685110fd-a3a4-441b-b9b6-42316b8e33ee\"},\"panelIndex\":\"685110fd-a3a4-441b-b9b6-42316b8e33ee\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsMetric\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"6c3bf5e0-0feb-4113-a417-ac5e69cd6e00\",\"name\":\"indexpattern-datasource-layer-3bf4a05d-75bb-449c-8fd1-34014d8a71e2\"}],\"state\":{\"visualization\":{\"layerId\":\"3bf4a05d-75bb-449c-8fd1-34014d8a71e2\",\"layerType\":\"data\",\"palette\":{\"type\":\"palette\",\"name\":\"status\",\"params\":{\"name\":\"status\",\"reverse\":false,\"rangeType\":\"number\",\"rangeMin\":null,\"rangeMax\":null,\"progression\":\"fixed\",\"stops\":[{\"color\":\"#209280\",\"stop\":1.33},{\"color\":\"#d6bf57\",\"stop\":2.66},{\"color\":\"#cc5642\",\"stop\":4}],\"steps\":3,\"colorStops\":[],\"continuity\":\"all\",\"maxSteps\":5}},\"metricAccessor\":\"82ce687c-6166-4fe3-bad6-69ddbc84ec76\",\"showBar\":true,\"maxAccessor\":\"7713b385-a222-4c2f-a03b-6c8d04045c8a\",\"progressDirection\":\"horizontal\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"3bf4a05d-75bb-449c-8fd1-34014d8a71e2\":{\"columns\":{\"82ce687c-6166-4fe3-bad6-69ddbc84ec76\":{\"label\":\"Systems with ACCM Not Running\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"host.hostname\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":false},\"customLabel\":true,\"filter\":{\"query\":\"not trellix.service.accm.status : \\\"Running\\\" and not trellix.service.accm.version : \\\"\\\"\",\"language\":\"kuery\"}},\"7713b385-a222-4c2f-a03b-6c8d04045c8a\":{\"label\":\"Unique count of agent.id\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"agent.id\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":true},\"filter\":{\"query\":\"not trellix.service.accm.version : \\\"\\\"\",\"language\":\"kuery\"}}},\"columnOrder\":[\"82ce687c-6166-4fe3-bad6-69ddbc84ec76\",\"7713b385-a222-4c2f-a03b-6c8d04045c8a\"],\"sampling\":1,\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{}},\"title\":\"\"},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":31,\"y\":7,\"w\":4,\"h\":7,\"i\":\"f985f8a3-3272-43d8-90e6-76e56aac5f91\"},\"panelIndex\":\"f985f8a3-3272-43d8-90e6-76e56aac5f91\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsMetric\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"6c3bf5e0-0feb-4113-a417-ac5e69cd6e00\",\"name\":\"indexpattern-datasource-layer-3bf4a05d-75bb-449c-8fd1-34014d8a71e2\"}],\"state\":{\"visualization\":{\"layerId\":\"3bf4a05d-75bb-449c-8fd1-34014d8a71e2\",\"layerType\":\"data\",\"palette\":{\"type\":\"palette\",\"name\":\"status\",\"params\":{\"name\":\"status\",\"reverse\":false,\"rangeType\":\"number\",\"rangeMin\":null,\"rangeMax\":null,\"progression\":\"fixed\",\"stops\":[{\"color\":\"#209280\",\"stop\":1.33},{\"color\":\"#d6bf57\",\"stop\":2.66},{\"color\":\"#cc5642\",\"stop\":4}],\"steps\":3,\"colorStops\":[],\"continuity\":\"all\",\"maxSteps\":5}},\"metricAccessor\":\"82ce687c-6166-4fe3-bad6-69ddbc84ec76\",\"showBar\":true,\"maxAccessor\":\"7713b385-a222-4c2f-a03b-6c8d04045c8a\",\"progressDirection\":\"horizontal\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"3bf4a05d-75bb-449c-8fd1-34014d8a71e2\":{\"columns\":{\"82ce687c-6166-4fe3-bad6-69ddbc84ec76\":{\"label\":\"Systems with DLP Not Running\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"host.hostname\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":false},\"customLabel\":true,\"filter\":{\"query\":\"not trellix.service.dlp.status : \\\"Running\\\" and not trellix.service.dlp.version : \\\"\\\"\",\"language\":\"kuery\"}},\"7713b385-a222-4c2f-a03b-6c8d04045c8a\":{\"label\":\"Unique count of agent.id\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"agent.id\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":false},\"filter\":{\"query\":\"not trellix.service.dlp.version : \\\"\\\"\",\"language\":\"kuery\"}}},\"columnOrder\":[\"82ce687c-6166-4fe3-bad6-69ddbc84ec76\",\"7713b385-a222-4c2f-a03b-6c8d04045c8a\"],\"sampling\":1,\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{}},\"title\":\"\"},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":35,\"y\":7,\"w\":4,\"h\":7,\"i\":\"16205847-2ebc-46db-bc4b-606228f52996\"},\"panelIndex\":\"16205847-2ebc-46db-bc4b-606228f52996\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsMetric\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"6c3bf5e0-0feb-4113-a417-ac5e69cd6e00\",\"name\":\"indexpattern-datasource-layer-3bf4a05d-75bb-449c-8fd1-34014d8a71e2\"}],\"state\":{\"visualization\":{\"layerId\":\"3bf4a05d-75bb-449c-8fd1-34014d8a71e2\",\"layerType\":\"data\",\"palette\":{\"type\":\"palette\",\"name\":\"status\",\"params\":{\"name\":\"status\",\"reverse\":false,\"rangeType\":\"number\",\"rangeMin\":null,\"rangeMax\":null,\"progression\":\"fixed\",\"stops\":[{\"color\":\"#209280\",\"stop\":1.33},{\"color\":\"#d6bf57\",\"stop\":2.66},{\"color\":\"#cc5642\",\"stop\":4}],\"steps\":3,\"colorStops\":[],\"continuity\":\"all\",\"maxSteps\":5}},\"metricAccessor\":\"82ce687c-6166-4fe3-bad6-69ddbc84ec76\",\"showBar\":true,\"maxAccessor\":\"7713b385-a222-4c2f-a03b-6c8d04045c8a\",\"progressDirection\":\"horizontal\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"3bf4a05d-75bb-449c-8fd1-34014d8a71e2\":{\"columns\":{\"82ce687c-6166-4fe3-bad6-69ddbc84ec76\":{\"label\":\"Systems with RSD Not Running\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"host.hostname\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":false},\"customLabel\":true,\"filter\":{\"query\":\"not trellix.service.rsd.status : \\\"Running\\\" and not trellix.service.rsd.version : \\\"\\\"\",\"language\":\"kuery\"}},\"7713b385-a222-4c2f-a03b-6c8d04045c8a\":{\"label\":\"Unique count of agent.id\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"agent.id\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":false},\"filter\":{\"query\":\"not trellix.service.rsd.version : \\\"\\\"\",\"language\":\"kuery\"}}},\"columnOrder\":[\"82ce687c-6166-4fe3-bad6-69ddbc84ec76\",\"7713b385-a222-4c2f-a03b-6c8d04045c8a\"],\"sampling\":1,\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{}},\"title\":\"\"},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":39,\"y\":7,\"w\":4,\"h\":7,\"i\":\"fb20b198-fe52-4bb3-b6dd-d4d74855ca73\"},\"panelIndex\":\"fb20b198-fe52-4bb3-b6dd-d4d74855ca73\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsMetric\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"6c3bf5e0-0feb-4113-a417-ac5e69cd6e00\",\"name\":\"indexpattern-datasource-layer-3bf4a05d-75bb-449c-8fd1-34014d8a71e2\"}],\"state\":{\"visualization\":{\"layerId\":\"3bf4a05d-75bb-449c-8fd1-34014d8a71e2\",\"layerType\":\"data\",\"palette\":{\"type\":\"palette\",\"name\":\"status\",\"params\":{\"name\":\"status\",\"reverse\":false,\"rangeType\":\"number\",\"rangeMin\":null,\"rangeMax\":null,\"progression\":\"fixed\",\"stops\":[{\"color\":\"#209280\",\"stop\":1.33},{\"color\":\"#d6bf57\",\"stop\":2.66},{\"color\":\"#cc5642\",\"stop\":4}],\"steps\":3,\"colorStops\":[],\"continuity\":\"all\",\"maxSteps\":5}},\"metricAccessor\":\"82ce687c-6166-4fe3-bad6-69ddbc84ec76\",\"showBar\":true,\"maxAccessor\":\"7713b385-a222-4c2f-a03b-6c8d04045c8a\",\"progressDirection\":\"horizontal\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"3bf4a05d-75bb-449c-8fd1-34014d8a71e2\":{\"columns\":{\"82ce687c-6166-4fe3-bad6-69ddbc84ec76\":{\"label\":\"Systems with Elastic Behavior Protection Not Protecting\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"host.hostname\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":false},\"customLabel\":true,\"filter\":{\"query\":\"not elastic.service.endpoint.behavior_protection : \\\"\\\" and not elastic.service.endpoint.behavior_protection : \\\"prevent\\\"\",\"language\":\"kuery\"}},\"7713b385-a222-4c2f-a03b-6c8d04045c8a\":{\"label\":\"Unique count of agent.id\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"agent.id\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":false},\"filter\":{\"query\":\"not elastic.service.endpoint.version : \\\"\\\"\",\"language\":\"kuery\"}}},\"columnOrder\":[\"82ce687c-6166-4fe3-bad6-69ddbc84ec76\",\"7713b385-a222-4c2f-a03b-6c8d04045c8a\"],\"sampling\":1,\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{}},\"title\":\"\"},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":43,\"y\":7,\"w\":4,\"h\":7,\"i\":\"5b9ce41f-1950-4c60-8322-a6aa80be383d\"},\"panelIndex\":\"5b9ce41f-1950-4c60-8322-a6aa80be383d\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsMetric\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"6c3bf5e0-0feb-4113-a417-ac5e69cd6e00\",\"name\":\"indexpattern-datasource-layer-3bf4a05d-75bb-449c-8fd1-34014d8a71e2\"}],\"state\":{\"visualization\":{\"layerId\":\"3bf4a05d-75bb-449c-8fd1-34014d8a71e2\",\"layerType\":\"data\",\"palette\":{\"type\":\"palette\",\"name\":\"status\",\"params\":{\"name\":\"status\",\"reverse\":false,\"rangeType\":\"number\",\"rangeMin\":null,\"rangeMax\":null,\"progression\":\"fixed\",\"stops\":[{\"color\":\"#209280\",\"stop\":1.33},{\"color\":\"#d6bf57\",\"stop\":2.66},{\"color\":\"#cc5642\",\"stop\":4}],\"steps\":3,\"colorStops\":[],\"continuity\":\"all\",\"maxSteps\":5}},\"metricAccessor\":\"82ce687c-6166-4fe3-bad6-69ddbc84ec76\",\"showBar\":true,\"maxAccessor\":\"7713b385-a222-4c2f-a03b-6c8d04045c8a\",\"progressDirection\":\"horizontal\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"3bf4a05d-75bb-449c-8fd1-34014d8a71e2\":{\"columns\":{\"82ce687c-6166-4fe3-bad6-69ddbc84ec76\":{\"label\":\"Systems with Elastic Memory Protection Not Protecting\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"host.hostname\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":false},\"customLabel\":true,\"filter\":{\"query\":\"not elastic.service.endpoint.memory_protection: \\\"\\\" and not elastic.service.endpoint..memory_protection: \\\"prevent\\\"\",\"language\":\"kuery\"}},\"7713b385-a222-4c2f-a03b-6c8d04045c8a\":{\"label\":\"Unique count of agent.id\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"agent.id\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":false},\"filter\":{\"query\":\"not elastic.service.endpoint.version : \\\"\\\"\",\"language\":\"kuery\"}}},\"columnOrder\":[\"82ce687c-6166-4fe3-bad6-69ddbc84ec76\",\"7713b385-a222-4c2f-a03b-6c8d04045c8a\"],\"sampling\":1,\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{}},\"title\":\"\"},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":14,\"w\":24,\"h\":8,\"i\":\"8bbedd4e-bc5e-413d-81a1-b17dd5152428\"},\"panelIndex\":\"8bbedd4e-bc5e-413d-81a1-b17dd5152428\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"name\":\"indexpattern-datasource-layer-c98d407f-b7b6-4f65-bb36-e67d26a3b8cb\",\"id\":\"6c3bf5e0-0feb-4113-a417-ac5e69cd6e00\",\"type\":\"index-pattern\"}],\"state\":{\"visualization\":{\"layerId\":\"c98d407f-b7b6-4f65-bb36-e67d26a3b8cb\",\"layerType\":\"data\",\"columns\":[{\"isTransposed\":false,\"columnId\":\"c474b5fc-316d-4b04-a857-0476433994f5\"},{\"isTransposed\":false,\"columnId\":\"7114dee1-3e04-4de2-9f99-63d55defb006\",\"oneClickFilter\":true},{\"isTransposed\":false,\"columnId\":\"0f57cac6-9654-421a-8d33-9ef83fbfbea3\"},{\"isTransposed\":false,\"columnId\":\"9b9d897c-2547-4e0a-bb29-196338b39f13\"},{\"isTransposed\":false,\"columnId\":\"a5a7cc94-56a0-4570-a209-35cd8ef7b3f5\"},{\"isTransposed\":false,\"columnId\":\"6c95c57e-4555-492f-8ad6-40dbd3bb8b12\",\"hidden\":true}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"c98d407f-b7b6-4f65-bb36-e67d26a3b8cb\":{\"columns\":{\"c474b5fc-316d-4b04-a857-0476433994f5\":{\"label\":\"Host IP\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.ipv4\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"6c95c57e-4555-492f-8ad6-40dbd3bb8b12\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"7114dee1-3e04-4de2-9f99-63d55defb006\":{\"label\":\"Hostname\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.hostname\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"6c95c57e-4555-492f-8ad6-40dbd3bb8b12\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"0f57cac6-9654-421a-8d33-9ef83fbfbea3\":{\"label\":\"On Access Protection\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"windows_defender.service.on_access_protection.status\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"6c95c57e-4555-492f-8ad6-40dbd3bb8b12\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"9b9d897c-2547-4e0a-bb29-196338b39f13\":{\"label\":\"Real Time Protection\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"windows_defender.service.real_time_protection.status\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"6c95c57e-4555-492f-8ad6-40dbd3bb8b12\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"a5a7cc94-56a0-4570-a209-35cd8ef7b3f5\":{\"label\":\"IOAV Protection\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"windows_defender.service.ioav_protection.status\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"6c95c57e-4555-492f-8ad6-40dbd3bb8b12\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"6c95c57e-4555-492f-8ad6-40dbd3bb8b12\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true}}},\"columnOrder\":[\"7114dee1-3e04-4de2-9f99-63d55defb006\",\"c474b5fc-316d-4b04-a857-0476433994f5\",\"0f57cac6-9654-421a-8d33-9ef83fbfbea3\",\"9b9d897c-2547-4e0a-bb29-196338b39f13\",\"a5a7cc94-56a0-4570-a209-35cd8ef7b3f5\",\"6c95c57e-4555-492f-8ad6-40dbd3bb8b12\"],\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{\"dynamicActions\":{\"events\":[{\"eventId\":\"e00a8c06-9b49-4cb8-9cd5-598dbcb26113\",\"triggers\":[\"FILTER_TRIGGER\"],\"action\":{\"factoryId\":\"DASHBOARD_TO_DASHBOARD_DRILLDOWN\",\"name\":\"Drill to Endpoint Browser for System\",\"config\":{\"useCurrentFilters\":false,\"useCurrentDateRange\":true,\"openInNewTab\":false}}}]}}},\"title\":\"Defender Protection\"},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":14,\"w\":24,\"h\":8,\"i\":\"5b7f5afe-074d-4b2e-8a81-53c925c2b698\"},\"panelIndex\":\"5b7f5afe-074d-4b2e-8a81-53c925c2b698\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"6c3bf5e0-0feb-4113-a417-ac5e69cd6e00\",\"name\":\"indexpattern-datasource-layer-f0204bf6-51c3-4a5a-a267-b9d92c0bdcae\"}],\"state\":{\"visualization\":{\"columns\":[{\"columnId\":\"85aea8a2-c9c3-4118-8503-c6b9df2c890a\",\"isTransposed\":false},{\"columnId\":\"4d4418c0-d3dd-4bc7-8f4b-78fe0a8afaac\",\"isTransposed\":false,\"oneClickFilter\":true},{\"columnId\":\"8763a5c5-efbe-4ccb-bdb5-8372b47f69ee\",\"isTransposed\":false,\"hidden\":true},{\"columnId\":\"76affbdb-026e-4c4d-ba16-8420cbf56dda\",\"isTransposed\":false},{\"columnId\":\"eff89e1e-c098-4819-a4de-eb050dbbcd13\",\"isTransposed\":false},{\"columnId\":\"7e2c653a-cc31-404e-847d-913fb28c20b8\",\"isTransposed\":false},{\"columnId\":\"aa495d01-49df-4dfa-9117-2efb3d4407b5\",\"isTransposed\":false}],\"layerId\":\"f0204bf6-51c3-4a5a-a267-b9d92c0bdcae\",\"layerType\":\"data\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"f0204bf6-51c3-4a5a-a267-b9d92c0bdcae\":{\"columns\":{\"85aea8a2-c9c3-4118-8503-c6b9df2c890a\":{\"label\":\"Elastic Agent Status\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"elastic.service.agent.status\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"8763a5c5-efbe-4ccb-bdb5-8372b47f69ee\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false,\"secondaryFields\":[]},\"customLabel\":true},\"4d4418c0-d3dd-4bc7-8f4b-78fe0a8afaac\":{\"label\":\"Hostname\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.hostname\",\"isBucketed\":true,\"params\":{\"size\":100,\"orderBy\":{\"type\":\"column\",\"columnId\":\"8763a5c5-efbe-4ccb-bdb5-8372b47f69ee\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"8763a5c5-efbe-4ccb-bdb5-8372b47f69ee\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true}},\"76affbdb-026e-4c4d-ba16-8420cbf56dda\":{\"label\":\"IP\",\"dataType\":\"ip\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.ip\",\"isBucketed\":true,\"params\":{\"size\":1,\"orderBy\":{\"type\":\"column\",\"columnId\":\"8763a5c5-efbe-4ccb-bdb5-8372b47f69ee\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"eff89e1e-c098-4819-a4de-eb050dbbcd13\":{\"label\":\"Elastic Endpoint Status\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"elastic.service.endpoint.status\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"8763a5c5-efbe-4ccb-bdb5-8372b47f69ee\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false,\"secondaryFields\":[]},\"customLabel\":true},\"7e2c653a-cc31-404e-847d-913fb28c20b8\":{\"label\":\"Elastic Agent Version\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"elastic.service.agent.version\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"8763a5c5-efbe-4ccb-bdb5-8372b47f69ee\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"aa495d01-49df-4dfa-9117-2efb3d4407b5\":{\"label\":\"Elastic Endpoint Version\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"elastic.service.endpoint.version\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"8763a5c5-efbe-4ccb-bdb5-8372b47f69ee\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true}},\"columnOrder\":[\"4d4418c0-d3dd-4bc7-8f4b-78fe0a8afaac\",\"76affbdb-026e-4c4d-ba16-8420cbf56dda\",\"85aea8a2-c9c3-4118-8503-c6b9df2c890a\",\"7e2c653a-cc31-404e-847d-913fb28c20b8\",\"eff89e1e-c098-4819-a4de-eb050dbbcd13\",\"aa495d01-49df-4dfa-9117-2efb3d4407b5\",\"8763a5c5-efbe-4ccb-bdb5-8372b47f69ee\"],\"sampling\":1,\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{\"dynamicActions\":{\"events\":[{\"eventId\":\"9dd45bd7-37df-4418-bcf0-00b80fe159a5\",\"triggers\":[\"FILTER_TRIGGER\"],\"action\":{\"factoryId\":\"DASHBOARD_TO_DASHBOARD_DRILLDOWN\",\"name\":\"Drill to Endpoint Browser for System\",\"config\":{\"useCurrentFilters\":false,\"useCurrentDateRange\":true,\"openInNewTab\":false}}}]}}},\"title\":\"Elastic Endpoint Status \"},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":22,\"w\":24,\"h\":8,\"i\":\"3e9e34b5-9c30-4ef2-b616-bd55af84812a\"},\"panelIndex\":\"3e9e34b5-9c30-4ef2-b616-bd55af84812a\",\"embeddableConfig\":{\"attributes\":{\"title\":\"Active Antivirus Assets\",\"description\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"6c3bf5e0-0feb-4113-a417-ac5e69cd6e00\",\"name\":\"indexpattern-datasource-layer-5b735852-dd75-405e-9611-03fcd2e0a96b\"}],\"state\":{\"visualization\":{\"layerId\":\"5b735852-dd75-405e-9611-03fcd2e0a96b\",\"layerType\":\"data\",\"columns\":[{\"isTransposed\":false,\"columnId\":\"485de305-7200-4ba9-b5f5-8af3932725a2\"},{\"isTransposed\":false,\"columnId\":\"33ceb4d0-aaf7-44b2-b3d7-cfe2be3369d9\",\"oneClickFilter\":true},{\"isTransposed\":false,\"columnId\":\"5108c5e3-f394-4061-b4a1-81d642c5b986\"},{\"isTransposed\":false,\"columnId\":\"c75b9cff-9203-42a5-aaae-3a7dea61fe25\"},{\"isTransposed\":false,\"columnId\":\"2cb5be2b-d061-4e44-a346-d2613e2d8552\"},{\"isTransposed\":false,\"columnId\":\"1eeff7e9-617e-415e-8642-c5b0b4b2f439\",\"hidden\":true}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"5b735852-dd75-405e-9611-03fcd2e0a96b\":{\"columns\":{\"485de305-7200-4ba9-b5f5-8af3932725a2\":{\"label\":\"Host IP\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.ipv4\",\"isBucketed\":true,\"params\":{\"size\":1,\"orderBy\":{\"type\":\"column\",\"columnId\":\"1eeff7e9-617e-415e-8642-c5b0b4b2f439\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"33ceb4d0-aaf7-44b2-b3d7-cfe2be3369d9\":{\"label\":\"Hostname\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.hostname\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"1eeff7e9-617e-415e-8642-c5b0b4b2f439\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"5108c5e3-f394-4061-b4a1-81d642c5b986\":{\"label\":\"Quick Scan Version\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"windows_defender.service.antivirus.quick_scan.signature_version\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"1eeff7e9-617e-415e-8642-c5b0b4b2f439\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"c75b9cff-9203-42a5-aaae-3a7dea61fe25\":{\"label\":\"Status\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"windows_defender.service.antivirus.status\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"1eeff7e9-617e-415e-8642-c5b0b4b2f439\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"2cb5be2b-d061-4e44-a346-d2613e2d8552\":{\"label\":\"Full Scan Version\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"windows_defender.service.antivirus.full_scan.signature_version\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"1eeff7e9-617e-415e-8642-c5b0b4b2f439\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"1eeff7e9-617e-415e-8642-c5b0b4b2f439\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true}}},\"columnOrder\":[\"33ceb4d0-aaf7-44b2-b3d7-cfe2be3369d9\",\"485de305-7200-4ba9-b5f5-8af3932725a2\",\"5108c5e3-f394-4061-b4a1-81d642c5b986\",\"2cb5be2b-d061-4e44-a346-d2613e2d8552\",\"c75b9cff-9203-42a5-aaae-3a7dea61fe25\",\"1eeff7e9-617e-415e-8642-c5b0b4b2f439\"],\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{\"dynamicActions\":{\"events\":[{\"eventId\":\"5aa080e4-d756-4967-92d3-f92a920b315f\",\"triggers\":[\"FILTER_TRIGGER\"],\"action\":{\"factoryId\":\"DASHBOARD_TO_DASHBOARD_DRILLDOWN\",\"name\":\"Drill to Endpoint Browser for System\",\"config\":{\"useCurrentFilters\":false,\"useCurrentDateRange\":true,\"openInNewTab\":false}}}]}},\"hidePanelTitles\":false},\"title\":\"Defender Antivirus\"},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":22,\"w\":24,\"h\":8,\"i\":\"469ca4f4-f561-461b-8067-52e9ccdd675d\"},\"panelIndex\":\"469ca4f4-f561-461b-8067-52e9ccdd675d\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"6c3bf5e0-0feb-4113-a417-ac5e69cd6e00\",\"name\":\"indexpattern-datasource-layer-f0204bf6-51c3-4a5a-a267-b9d92c0bdcae\"}],\"state\":{\"visualization\":{\"columns\":[{\"columnId\":\"85aea8a2-c9c3-4118-8503-c6b9df2c890a\",\"isTransposed\":false},{\"columnId\":\"4d4418c0-d3dd-4bc7-8f4b-78fe0a8afaac\",\"isTransposed\":false,\"oneClickFilter\":true},{\"columnId\":\"8763a5c5-efbe-4ccb-bdb5-8372b47f69ee\",\"isTransposed\":false,\"hidden\":true},{\"columnId\":\"76affbdb-026e-4c4d-ba16-8420cbf56dda\",\"isTransposed\":false},{\"columnId\":\"eff89e1e-c098-4819-a4de-eb050dbbcd13\",\"isTransposed\":false},{\"columnId\":\"d15c5d0e-53c9-4e95-a815-ebbd0ace6b47\",\"isTransposed\":false}],\"layerId\":\"f0204bf6-51c3-4a5a-a267-b9d92c0bdcae\",\"layerType\":\"data\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"f0204bf6-51c3-4a5a-a267-b9d92c0bdcae\":{\"columns\":{\"85aea8a2-c9c3-4118-8503-c6b9df2c890a\":{\"label\":\"Trellix ENS Status\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"trellix.service.ens.status\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"8763a5c5-efbe-4ccb-bdb5-8372b47f69ee\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false,\"secondaryFields\":[]},\"customLabel\":true},\"4d4418c0-d3dd-4bc7-8f4b-78fe0a8afaac\":{\"label\":\"Hostname\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.hostname\",\"isBucketed\":true,\"params\":{\"size\":100,\"orderBy\":{\"type\":\"column\",\"columnId\":\"8763a5c5-efbe-4ccb-bdb5-8372b47f69ee\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"8763a5c5-efbe-4ccb-bdb5-8372b47f69ee\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true}},\"76affbdb-026e-4c4d-ba16-8420cbf56dda\":{\"label\":\"IP\",\"dataType\":\"ip\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.ip\",\"isBucketed\":true,\"params\":{\"size\":1,\"orderBy\":{\"type\":\"column\",\"columnId\":\"8763a5c5-efbe-4ccb-bdb5-8372b47f69ee\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"eff89e1e-c098-4819-a4de-eb050dbbcd13\":{\"label\":\"Trellix ENS Version\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"trellix.service.ens.version\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"8763a5c5-efbe-4ccb-bdb5-8372b47f69ee\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false,\"secondaryFields\":[]},\"customLabel\":true},\"d15c5d0e-53c9-4e95-a815-ebbd0ace6b47\":{\"label\":\"ENS Signature Version\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"trellix.service.ens.signature_version\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"8763a5c5-efbe-4ccb-bdb5-8372b47f69ee\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true}},\"columnOrder\":[\"4d4418c0-d3dd-4bc7-8f4b-78fe0a8afaac\",\"76affbdb-026e-4c4d-ba16-8420cbf56dda\",\"85aea8a2-c9c3-4118-8503-c6b9df2c890a\",\"eff89e1e-c098-4819-a4de-eb050dbbcd13\",\"d15c5d0e-53c9-4e95-a815-ebbd0ace6b47\",\"8763a5c5-efbe-4ccb-bdb5-8372b47f69ee\"],\"sampling\":1,\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{\"dynamicActions\":{\"events\":[{\"eventId\":\"39600cce-a379-46d1-9b6a-42c97b06c32d\",\"triggers\":[\"FILTER_TRIGGER\"],\"action\":{\"factoryId\":\"DASHBOARD_TO_DASHBOARD_DRILLDOWN\",\"name\":\"Drill to Endpoint Browser for System\",\"config\":{\"useCurrentFilters\":false,\"useCurrentDateRange\":true,\"openInNewTab\":false}}}]}}},\"title\":\"Trellix Endpoint Security Status\"},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":30,\"w\":24,\"h\":8,\"i\":\"3e1efdc5-02e7-46ff-bb1d-4642aa1f1327\"},\"panelIndex\":\"3e1efdc5-02e7-46ff-bb1d-4642aa1f1327\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"6c3bf5e0-0feb-4113-a417-ac5e69cd6e00\",\"name\":\"indexpattern-datasource-layer-a4583603-ba5e-4eb5-ab11-7d8f7d5586ce\"}],\"state\":{\"visualization\":{\"columns\":[{\"isTransposed\":false,\"columnId\":\"99cf82fa-4ea2-4168-bbe7-cd84efd5b468\"},{\"isTransposed\":false,\"columnId\":\"2ee1d67a-e5d4-4256-9f47-94c77fa3ee8a\",\"oneClickFilter\":true},{\"isTransposed\":false,\"columnId\":\"cfbf81d7-8896-4df5-8b79-4ff131d5d4b4\"},{\"isTransposed\":false,\"columnId\":\"56035903-0bcc-4140-99e4-17c30c1bb440\"},{\"isTransposed\":false,\"columnId\":\"ac68d3d0-92e3-469d-b504-cd609a201cc5\"},{\"isTransposed\":false,\"columnId\":\"e15a4e68-fbf1-40b2-aa20-d993a9e4a214\",\"hidden\":true}],\"layerId\":\"a4583603-ba5e-4eb5-ab11-7d8f7d5586ce\",\"layerType\":\"data\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"a4583603-ba5e-4eb5-ab11-7d8f7d5586ce\":{\"columns\":{\"99cf82fa-4ea2-4168-bbe7-cd84efd5b468\":{\"label\":\"Host IP\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.ipv4\",\"isBucketed\":true,\"params\":{\"size\":1,\"orderBy\":{\"type\":\"column\",\"columnId\":\"e15a4e68-fbf1-40b2-aa20-d993a9e4a214\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"2ee1d67a-e5d4-4256-9f47-94c77fa3ee8a\":{\"label\":\"Hostname\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.hostname\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"e15a4e68-fbf1-40b2-aa20-d993a9e4a214\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"cfbf81d7-8896-4df5-8b79-4ff131d5d4b4\":{\"label\":\"Product Version\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"windows_defender.service.antimalware.product_version\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"e15a4e68-fbf1-40b2-aa20-d993a9e4a214\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"56035903-0bcc-4140-99e4-17c30c1bb440\":{\"label\":\"Engine Version\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"windows_defender.service.antimalware.engine_version\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"e15a4e68-fbf1-40b2-aa20-d993a9e4a214\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"ac68d3d0-92e3-469d-b504-cd609a201cc5\":{\"label\":\"Status\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"windows_defender.service.antimalware.status\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"e15a4e68-fbf1-40b2-aa20-d993a9e4a214\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"e15a4e68-fbf1-40b2-aa20-d993a9e4a214\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true}}},\"columnOrder\":[\"2ee1d67a-e5d4-4256-9f47-94c77fa3ee8a\",\"99cf82fa-4ea2-4168-bbe7-cd84efd5b468\",\"cfbf81d7-8896-4df5-8b79-4ff131d5d4b4\",\"56035903-0bcc-4140-99e4-17c30c1bb440\",\"ac68d3d0-92e3-469d-b504-cd609a201cc5\",\"e15a4e68-fbf1-40b2-aa20-d993a9e4a214\"],\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{\"dynamicActions\":{\"events\":[{\"eventId\":\"8d9908e0-205b-43ec-8fd4-343ce4057237\",\"triggers\":[\"FILTER_TRIGGER\"],\"action\":{\"factoryId\":\"DASHBOARD_TO_DASHBOARD_DRILLDOWN\",\"name\":\"Drill to Endpoint Browser for System\",\"config\":{\"useCurrentFilters\":false,\"useCurrentDateRange\":true,\"openInNewTab\":false}}}]}}},\"title\":\"Defender Antimalware\"},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":46,\"w\":24,\"h\":8,\"i\":\"d0f95b46-cb78-4246-b605-cf764851569e\"},\"panelIndex\":\"d0f95b46-cb78-4246-b605-cf764851569e\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"6c3bf5e0-0feb-4113-a417-ac5e69cd6e00\",\"name\":\"indexpattern-datasource-layer-f0204bf6-51c3-4a5a-a267-b9d92c0bdcae\"}],\"state\":{\"visualization\":{\"columns\":[{\"columnId\":\"85aea8a2-c9c3-4118-8503-c6b9df2c890a\",\"isTransposed\":false},{\"columnId\":\"4d4418c0-d3dd-4bc7-8f4b-78fe0a8afaac\",\"isTransposed\":false,\"oneClickFilter\":true},{\"columnId\":\"8763a5c5-efbe-4ccb-bdb5-8372b47f69ee\",\"isTransposed\":false,\"hidden\":true},{\"columnId\":\"76affbdb-026e-4c4d-ba16-8420cbf56dda\",\"isTransposed\":false},{\"columnId\":\"eff89e1e-c098-4819-a4de-eb050dbbcd13\",\"isTransposed\":false}],\"layerId\":\"f0204bf6-51c3-4a5a-a267-b9d92c0bdcae\",\"layerType\":\"data\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"f0204bf6-51c3-4a5a-a267-b9d92c0bdcae\":{\"columns\":{\"85aea8a2-c9c3-4118-8503-c6b9df2c890a\":{\"label\":\"ACCM Status\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"trellix.service.accm.status\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"8763a5c5-efbe-4ccb-bdb5-8372b47f69ee\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false,\"secondaryFields\":[]},\"customLabel\":true},\"4d4418c0-d3dd-4bc7-8f4b-78fe0a8afaac\":{\"label\":\"Hostname\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.hostname\",\"isBucketed\":true,\"params\":{\"size\":100,\"orderBy\":{\"type\":\"column\",\"columnId\":\"8763a5c5-efbe-4ccb-bdb5-8372b47f69ee\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"8763a5c5-efbe-4ccb-bdb5-8372b47f69ee\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true}},\"76affbdb-026e-4c4d-ba16-8420cbf56dda\":{\"label\":\"IP\",\"dataType\":\"ip\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.ip\",\"isBucketed\":true,\"params\":{\"size\":1,\"orderBy\":{\"type\":\"column\",\"columnId\":\"8763a5c5-efbe-4ccb-bdb5-8372b47f69ee\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"eff89e1e-c098-4819-a4de-eb050dbbcd13\":{\"label\":\"ACCM Version\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"trellix.service.accm.version\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"8763a5c5-efbe-4ccb-bdb5-8372b47f69ee\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false,\"secondaryFields\":[]},\"customLabel\":true}},\"columnOrder\":[\"4d4418c0-d3dd-4bc7-8f4b-78fe0a8afaac\",\"76affbdb-026e-4c4d-ba16-8420cbf56dda\",\"85aea8a2-c9c3-4118-8503-c6b9df2c890a\",\"eff89e1e-c098-4819-a4de-eb050dbbcd13\",\"8763a5c5-efbe-4ccb-bdb5-8372b47f69ee\"],\"sampling\":1,\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{\"dynamicActions\":{\"events\":[{\"eventId\":\"9b0c3115-07d2-4a63-be6e-424b453fd041\",\"triggers\":[\"FILTER_TRIGGER\"],\"action\":{\"factoryId\":\"DASHBOARD_TO_DASHBOARD_DRILLDOWN\",\"name\":\"Drill to Endpoint Browser for System\",\"config\":{\"useCurrentFilters\":false,\"useCurrentDateRange\":true,\"openInNewTab\":false}}}]}}},\"title\":\"ACCM Status\"},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":38,\"w\":24,\"h\":8,\"i\":\"08341f8a-a71d-414d-8b73-d1648e343d3c\"},\"panelIndex\":\"08341f8a-a71d-414d-8b73-d1648e343d3c\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"6c3bf5e0-0feb-4113-a417-ac5e69cd6e00\",\"name\":\"indexpattern-datasource-layer-6d406795-8e1a-4015-909d-8a0125090f83\"}],\"state\":{\"visualization\":{\"layerId\":\"6d406795-8e1a-4015-909d-8a0125090f83\",\"layerType\":\"data\",\"columns\":[{\"isTransposed\":false,\"columnId\":\"0acc6180-132d-4fc3-b32e-0f3ed79b1712\"},{\"isTransposed\":false,\"columnId\":\"c7fb6c5e-23c3-4584-8325-a715a3e55c0c\"},{\"isTransposed\":false,\"columnId\":\"7d79ed89-257d-412b-b67f-5e7e323485ae\"},{\"isTransposed\":false,\"columnId\":\"dd0ce9a1-5dd8-4836-b4ef-ea94d6b2592b\",\"hidden\":false,\"oneClickFilter\":true},{\"isTransposed\":false,\"columnId\":\"1291d4e7-6e58-44b4-b7bf-3bb2542c2a07\",\"hidden\":true}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"6d406795-8e1a-4015-909d-8a0125090f83\":{\"columns\":{\"0acc6180-132d-4fc3-b32e-0f3ed79b1712\":{\"label\":\"Version\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"windows_defender.service.antispyware.signature_version\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"1291d4e7-6e58-44b4-b7bf-3bb2542c2a07\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"c7fb6c5e-23c3-4584-8325-a715a3e55c0c\":{\"label\":\"Status\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"windows_defender.service.antispyware.status\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"1291d4e7-6e58-44b4-b7bf-3bb2542c2a07\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"7d79ed89-257d-412b-b67f-5e7e323485ae\":{\"label\":\"Host IP\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.ipv4\",\"isBucketed\":true,\"params\":{\"size\":1,\"orderBy\":{\"type\":\"column\",\"columnId\":\"1291d4e7-6e58-44b4-b7bf-3bb2542c2a07\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"dd0ce9a1-5dd8-4836-b4ef-ea94d6b2592b\":{\"label\":\"Hostname\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.hostname\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"1291d4e7-6e58-44b4-b7bf-3bb2542c2a07\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"1291d4e7-6e58-44b4-b7bf-3bb2542c2a07\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true}}},\"columnOrder\":[\"dd0ce9a1-5dd8-4836-b4ef-ea94d6b2592b\",\"7d79ed89-257d-412b-b67f-5e7e323485ae\",\"0acc6180-132d-4fc3-b32e-0f3ed79b1712\",\"c7fb6c5e-23c3-4584-8325-a715a3e55c0c\",\"1291d4e7-6e58-44b4-b7bf-3bb2542c2a07\"],\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{\"dynamicActions\":{\"events\":[{\"eventId\":\"641eddc6-5d50-4512-9409-a6d9f49e7e8a\",\"triggers\":[\"FILTER_TRIGGER\"],\"action\":{\"factoryId\":\"DASHBOARD_TO_DASHBOARD_DRILLDOWN\",\"name\":\"Drill to Endpoint Browser for System\",\"config\":{\"useCurrentFilters\":false,\"useCurrentDateRange\":true,\"openInNewTab\":false}}}]}}},\"title\":\"Defender Antispyware\"},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":30,\"w\":24,\"h\":8,\"i\":\"79fcc1f0-f7d1-4ac5-8b1a-790dcd1ca676\"},\"panelIndex\":\"79fcc1f0-f7d1-4ac5-8b1a-790dcd1ca676\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"6c3bf5e0-0feb-4113-a417-ac5e69cd6e00\",\"name\":\"indexpattern-datasource-layer-f0204bf6-51c3-4a5a-a267-b9d92c0bdcae\"}],\"state\":{\"visualization\":{\"columns\":[{\"columnId\":\"85aea8a2-c9c3-4118-8503-c6b9df2c890a\",\"isTransposed\":false},{\"columnId\":\"4d4418c0-d3dd-4bc7-8f4b-78fe0a8afaac\",\"isTransposed\":false,\"oneClickFilter\":true},{\"columnId\":\"8763a5c5-efbe-4ccb-bdb5-8372b47f69ee\",\"isTransposed\":false,\"hidden\":true},{\"columnId\":\"76affbdb-026e-4c4d-ba16-8420cbf56dda\",\"isTransposed\":false},{\"columnId\":\"eff89e1e-c098-4819-a4de-eb050dbbcd13\",\"isTransposed\":false}],\"layerId\":\"f0204bf6-51c3-4a5a-a267-b9d92c0bdcae\",\"layerType\":\"data\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"f0204bf6-51c3-4a5a-a267-b9d92c0bdcae\":{\"columns\":{\"85aea8a2-c9c3-4118-8503-c6b9df2c890a\":{\"label\":\"RSD Status\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"trellix.service.rsd.status\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"8763a5c5-efbe-4ccb-bdb5-8372b47f69ee\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false,\"secondaryFields\":[]},\"customLabel\":true},\"4d4418c0-d3dd-4bc7-8f4b-78fe0a8afaac\":{\"label\":\"Hostname\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.hostname\",\"isBucketed\":true,\"params\":{\"size\":100,\"orderBy\":{\"type\":\"column\",\"columnId\":\"8763a5c5-efbe-4ccb-bdb5-8372b47f69ee\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"8763a5c5-efbe-4ccb-bdb5-8372b47f69ee\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true}},\"76affbdb-026e-4c4d-ba16-8420cbf56dda\":{\"label\":\"IP\",\"dataType\":\"ip\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.ip\",\"isBucketed\":true,\"params\":{\"size\":1,\"orderBy\":{\"type\":\"column\",\"columnId\":\"8763a5c5-efbe-4ccb-bdb5-8372b47f69ee\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"eff89e1e-c098-4819-a4de-eb050dbbcd13\":{\"label\":\"RSD Version\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"trellix.service.rsd.version\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"8763a5c5-efbe-4ccb-bdb5-8372b47f69ee\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false,\"secondaryFields\":[]},\"customLabel\":true}},\"columnOrder\":[\"4d4418c0-d3dd-4bc7-8f4b-78fe0a8afaac\",\"76affbdb-026e-4c4d-ba16-8420cbf56dda\",\"85aea8a2-c9c3-4118-8503-c6b9df2c890a\",\"eff89e1e-c098-4819-a4de-eb050dbbcd13\",\"8763a5c5-efbe-4ccb-bdb5-8372b47f69ee\"],\"sampling\":1,\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{\"dynamicActions\":{\"events\":[{\"eventId\":\"04264bb0-25f8-4128-b7dc-821f46b7dd54\",\"triggers\":[\"FILTER_TRIGGER\"],\"action\":{\"factoryId\":\"DASHBOARD_TO_DASHBOARD_DRILLDOWN\",\"name\":\"Drill to Endpoint Browser for System\",\"config\":{\"useCurrentFilters\":false,\"useCurrentDateRange\":true,\"openInNewTab\":false}}}]}}},\"title\":\"Trellix Rogue System Detection \"},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":46,\"w\":24,\"h\":8,\"i\":\"dad722ab-af91-4d03-a313-faab0d9533c5\"},\"panelIndex\":\"dad722ab-af91-4d03-a313-faab0d9533c5\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"6c3bf5e0-0feb-4113-a417-ac5e69cd6e00\",\"name\":\"indexpattern-datasource-layer-140a1766-6ea5-4c9c-9c7c-244b239a9d96\"}],\"state\":{\"visualization\":{\"columns\":[{\"isTransposed\":false,\"columnId\":\"ed88526d-22bc-4fe9-bf8c-8054dcf29513\"},{\"isTransposed\":false,\"columnId\":\"3f5af84a-9f76-40dd-aceb-14d89c193701\",\"oneClickFilter\":true},{\"isTransposed\":false,\"columnId\":\"6659fc9a-979e-4207-be9a-c9f73f507897\"},{\"isTransposed\":false,\"columnId\":\"50793a11-2d90-4843-81df-3c65675a9efd\"},{\"isTransposed\":false,\"columnId\":\"100d1fb2-4db6-4ad3-9769-3cefdb067fb8\"},{\"isTransposed\":false,\"columnId\":\"3ae33139-d059-4477-890a-06dc7abfb798\",\"hidden\":true}],\"layerId\":\"140a1766-6ea5-4c9c-9c7c-244b239a9d96\",\"layerType\":\"data\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"140a1766-6ea5-4c9c-9c7c-244b239a9d96\":{\"columns\":{\"ed88526d-22bc-4fe9-bf8c-8054dcf29513\":{\"label\":\"Host IP\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.ipv4\",\"isBucketed\":true,\"params\":{\"size\":1,\"orderBy\":{\"type\":\"column\",\"columnId\":\"3ae33139-d059-4477-890a-06dc7abfb798\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"3f5af84a-9f76-40dd-aceb-14d89c193701\":{\"label\":\"Hostname\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.hostname\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"3ae33139-d059-4477-890a-06dc7abfb798\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"6659fc9a-979e-4207-be9a-c9f73f507897\":{\"label\":\"Signature Version\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"windows_defender.service.nis.signature_version\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"3ae33139-d059-4477-890a-06dc7abfb798\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"50793a11-2d90-4843-81df-3c65675a9efd\":{\"label\":\"Engine Version\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"windows_defender.service.nis.engine_version\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"3ae33139-d059-4477-890a-06dc7abfb798\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"100d1fb2-4db6-4ad3-9769-3cefdb067fb8\":{\"label\":\"Status\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"windows_defender.service.nis.status\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"3ae33139-d059-4477-890a-06dc7abfb798\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"3ae33139-d059-4477-890a-06dc7abfb798\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true}}},\"columnOrder\":[\"3f5af84a-9f76-40dd-aceb-14d89c193701\",\"ed88526d-22bc-4fe9-bf8c-8054dcf29513\",\"6659fc9a-979e-4207-be9a-c9f73f507897\",\"50793a11-2d90-4843-81df-3c65675a9efd\",\"100d1fb2-4db6-4ad3-9769-3cefdb067fb8\",\"3ae33139-d059-4477-890a-06dc7abfb798\"],\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{\"dynamicActions\":{\"events\":[{\"eventId\":\"24732923-c957-4110-8558-e38a86ad50bf\",\"triggers\":[\"FILTER_TRIGGER\"],\"action\":{\"factoryId\":\"DASHBOARD_TO_DASHBOARD_DRILLDOWN\",\"name\":\"Drill to Endpoint Browser for System\",\"config\":{\"useCurrentFilters\":false,\"useCurrentDateRange\":true,\"openInNewTab\":false}}}]}}},\"title\":\"Defender NIS\"},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":38,\"w\":24,\"h\":8,\"i\":\"426f8706-b652-422d-a763-19eb6a28916f\"},\"panelIndex\":\"426f8706-b652-422d-a763-19eb6a28916f\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"6c3bf5e0-0feb-4113-a417-ac5e69cd6e00\",\"name\":\"indexpattern-datasource-layer-f0204bf6-51c3-4a5a-a267-b9d92c0bdcae\"}],\"state\":{\"visualization\":{\"columns\":[{\"columnId\":\"85aea8a2-c9c3-4118-8503-c6b9df2c890a\",\"isTransposed\":false},{\"columnId\":\"4d4418c0-d3dd-4bc7-8f4b-78fe0a8afaac\",\"isTransposed\":false,\"oneClickFilter\":true},{\"columnId\":\"8763a5c5-efbe-4ccb-bdb5-8372b47f69ee\",\"isTransposed\":false,\"hidden\":true},{\"columnId\":\"76affbdb-026e-4c4d-ba16-8420cbf56dda\",\"isTransposed\":false},{\"columnId\":\"eff89e1e-c098-4819-a4de-eb050dbbcd13\",\"isTransposed\":false}],\"layerId\":\"f0204bf6-51c3-4a5a-a267-b9d92c0bdcae\",\"layerType\":\"data\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"f0204bf6-51c3-4a5a-a267-b9d92c0bdcae\":{\"columns\":{\"85aea8a2-c9c3-4118-8503-c6b9df2c890a\":{\"label\":\"Policy Auditor Status\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"trellix.service.pa.status\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"8763a5c5-efbe-4ccb-bdb5-8372b47f69ee\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false,\"secondaryFields\":[]},\"customLabel\":true},\"4d4418c0-d3dd-4bc7-8f4b-78fe0a8afaac\":{\"label\":\"Hostname\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.hostname\",\"isBucketed\":true,\"params\":{\"size\":100,\"orderBy\":{\"type\":\"column\",\"columnId\":\"8763a5c5-efbe-4ccb-bdb5-8372b47f69ee\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"8763a5c5-efbe-4ccb-bdb5-8372b47f69ee\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true}},\"76affbdb-026e-4c4d-ba16-8420cbf56dda\":{\"label\":\"IP\",\"dataType\":\"ip\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.ip\",\"isBucketed\":true,\"params\":{\"size\":1,\"orderBy\":{\"type\":\"column\",\"columnId\":\"8763a5c5-efbe-4ccb-bdb5-8372b47f69ee\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"eff89e1e-c098-4819-a4de-eb050dbbcd13\":{\"label\":\"Policy Auditor Version\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"trellix.service.pa.version\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"8763a5c5-efbe-4ccb-bdb5-8372b47f69ee\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false,\"secondaryFields\":[]},\"customLabel\":true}},\"columnOrder\":[\"4d4418c0-d3dd-4bc7-8f4b-78fe0a8afaac\",\"76affbdb-026e-4c4d-ba16-8420cbf56dda\",\"85aea8a2-c9c3-4118-8503-c6b9df2c890a\",\"eff89e1e-c098-4819-a4de-eb050dbbcd13\",\"8763a5c5-efbe-4ccb-bdb5-8372b47f69ee\"],\"sampling\":1,\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{\"dynamicActions\":{\"events\":[{\"eventId\":\"547ea5a0-a1ae-4a90-8cd0-7ad0e177b613\",\"triggers\":[\"FILTER_TRIGGER\"],\"action\":{\"factoryId\":\"DASHBOARD_TO_DASHBOARD_DRILLDOWN\",\"name\":\"Drill to Endpoint Browser for System\",\"config\":{\"useCurrentFilters\":false,\"useCurrentDateRange\":true,\"openInNewTab\":false}}}]}}},\"title\":\"Trellix Policy Auditor Status\"}]", + "refreshInterval": { + "pause": true, + "value": 0 + }, + "timeFrom": "now-30d/d", + "timeRestore": true, + "timeTo": "now", + "title": " [TYCHON] Endpoint Protection Status", + "version": 1 + }, + "coreMigrationVersion": "8.6.2", + "created_at": "2023-08-23T21:17:53.197Z", + "id": "tychon-267716e0-e9d8-11ed-9d4a-9513ae375d2b-epp", + "migrationVersion": { + "dashboard": "8.6.0" + }, + "references": [ + { + "id": "bb5226cd-c099-46d2-bb71-0257232c7d82", + "name": "f9a975c1-d99b-436b-9173-c616f0059426:indexpattern-datasource-layer-69f12a8d-98b2-49f6-bbf5-4182bffc0572", + "type": "index-pattern" + }, + { + "id": "6c3bf5e0-0feb-4113-a417-ac5e69cd6e00", + "name": "dca19098-8eb9-440e-abf0-19ef55cee62c:indexpattern-datasource-layer-3bf4a05d-75bb-449c-8fd1-34014d8a71e2", + "type": "index-pattern" + }, + { + "id": "6c3bf5e0-0feb-4113-a417-ac5e69cd6e00", + "name": "4383ee4c-ec16-48c2-bb13-8f896a9519d4:indexpattern-datasource-layer-3bf4a05d-75bb-449c-8fd1-34014d8a71e2", + "type": "index-pattern" + }, + { + "id": "6c3bf5e0-0feb-4113-a417-ac5e69cd6e00", + "name": "d3b08c18-3a64-4ea0-95f1-39ac4198013d:indexpattern-datasource-layer-3bf4a05d-75bb-449c-8fd1-34014d8a71e2", + "type": "index-pattern" + }, + { + "id": "6c3bf5e0-0feb-4113-a417-ac5e69cd6e00", + "name": "ac716d8e-e533-4072-aa74-65848d4e0925:indexpattern-datasource-layer-3bf4a05d-75bb-449c-8fd1-34014d8a71e2", + "type": "index-pattern" + }, + { + "id": "6c3bf5e0-0feb-4113-a417-ac5e69cd6e00", + "name": "e5b0bf6c-69e6-4892-b691-9bc21f0c6b25:indexpattern-datasource-layer-69f12a8d-98b2-49f6-bbf5-4182bffc0572", + "type": "index-pattern" + }, + { + "id": "6c3bf5e0-0feb-4113-a417-ac5e69cd6e00", + "name": "bc5b8947-a82b-44d5-bea7-addfad736ad2:indexpattern-datasource-layer-3bf4a05d-75bb-449c-8fd1-34014d8a71e2", + "type": "index-pattern" + }, + { + "id": "6c3bf5e0-0feb-4113-a417-ac5e69cd6e00", + "name": "370c3dc5-5a15-4347-b9a7-7d75ac86cb10:indexpattern-datasource-layer-3bf4a05d-75bb-449c-8fd1-34014d8a71e2", + "type": "index-pattern" + }, + { + "id": "6c3bf5e0-0feb-4113-a417-ac5e69cd6e00", + "name": "116cc01e-5861-4993-baaf-3f0cc2a312cf:indexpattern-datasource-layer-69f12a8d-98b2-49f6-bbf5-4182bffc0572", + "type": "index-pattern" + }, + { + "id": "6c3bf5e0-0feb-4113-a417-ac5e69cd6e00", + "name": "94022264-e2ce-4661-b384-b2b5454b02c8:indexpattern-datasource-layer-3bf4a05d-75bb-449c-8fd1-34014d8a71e2", + "type": "index-pattern" + }, + { + "id": "6c3bf5e0-0feb-4113-a417-ac5e69cd6e00", + "name": "0336a4e3-a647-415d-84b5-fef984ac4a3f:indexpattern-datasource-layer-3bf4a05d-75bb-449c-8fd1-34014d8a71e2", + "type": "index-pattern" + }, + { + "id": "6c3bf5e0-0feb-4113-a417-ac5e69cd6e00", + "name": "5fa1a00d-8e9c-441f-be66-9b5c01663fd7:indexpattern-datasource-layer-3bf4a05d-75bb-449c-8fd1-34014d8a71e2", + "type": "index-pattern" + }, + { + "id": "6c3bf5e0-0feb-4113-a417-ac5e69cd6e00", + "name": "4d4e6682-9758-4359-a6f0-1ba6ca5e40f5:indexpattern-datasource-layer-3bf4a05d-75bb-449c-8fd1-34014d8a71e2", + "type": "index-pattern" + }, + { + "id": "6c3bf5e0-0feb-4113-a417-ac5e69cd6e00", + "name": "6a29e48e-892b-4c8a-a3de-8884fd1d9820:indexpattern-datasource-layer-3bf4a05d-75bb-449c-8fd1-34014d8a71e2", + "type": "index-pattern" + }, + { + "id": "6c3bf5e0-0feb-4113-a417-ac5e69cd6e00", + "name": "33d492ba-c62f-405e-84a2-c0254e8e743c:indexpattern-datasource-layer-3bf4a05d-75bb-449c-8fd1-34014d8a71e2", + "type": "index-pattern" + }, + { + "id": "6c3bf5e0-0feb-4113-a417-ac5e69cd6e00", + "name": "685110fd-a3a4-441b-b9b6-42316b8e33ee:indexpattern-datasource-layer-3bf4a05d-75bb-449c-8fd1-34014d8a71e2", + "type": "index-pattern" + }, + { + "id": "6c3bf5e0-0feb-4113-a417-ac5e69cd6e00", + "name": "f985f8a3-3272-43d8-90e6-76e56aac5f91:indexpattern-datasource-layer-3bf4a05d-75bb-449c-8fd1-34014d8a71e2", + "type": "index-pattern" + }, + { + "id": "6c3bf5e0-0feb-4113-a417-ac5e69cd6e00", + "name": "16205847-2ebc-46db-bc4b-606228f52996:indexpattern-datasource-layer-3bf4a05d-75bb-449c-8fd1-34014d8a71e2", + "type": "index-pattern" + }, + { + "id": "6c3bf5e0-0feb-4113-a417-ac5e69cd6e00", + "name": "fb20b198-fe52-4bb3-b6dd-d4d74855ca73:indexpattern-datasource-layer-3bf4a05d-75bb-449c-8fd1-34014d8a71e2", + "type": "index-pattern" + }, + { + "id": "6c3bf5e0-0feb-4113-a417-ac5e69cd6e00", + "name": "5b9ce41f-1950-4c60-8322-a6aa80be383d:indexpattern-datasource-layer-3bf4a05d-75bb-449c-8fd1-34014d8a71e2", + "type": "index-pattern" + }, + { + "id": "6c3bf5e0-0feb-4113-a417-ac5e69cd6e00", + "name": "8bbedd4e-bc5e-413d-81a1-b17dd5152428:indexpattern-datasource-layer-c98d407f-b7b6-4f65-bb36-e67d26a3b8cb", + "type": "index-pattern" + }, + { + "id": "tychon-b85e87c0-41ab-11ee-83e4-c92ed141b9e5-epp", + "name": "8bbedd4e-bc5e-413d-81a1-b17dd5152428:drilldown:DASHBOARD_TO_DASHBOARD_DRILLDOWN:e00a8c06-9b49-4cb8-9cd5-598dbcb26113:dashboardId", + "type": "dashboard" + }, + { + "id": "6c3bf5e0-0feb-4113-a417-ac5e69cd6e00", + "name": "5b7f5afe-074d-4b2e-8a81-53c925c2b698:indexpattern-datasource-layer-f0204bf6-51c3-4a5a-a267-b9d92c0bdcae", + "type": "index-pattern" + }, + { + "id": "tychon-b85e87c0-41ab-11ee-83e4-c92ed141b9e5-epp", + "name": "5b7f5afe-074d-4b2e-8a81-53c925c2b698:drilldown:DASHBOARD_TO_DASHBOARD_DRILLDOWN:9dd45bd7-37df-4418-bcf0-00b80fe159a5:dashboardId", + "type": "dashboard" + }, + { + "id": "6c3bf5e0-0feb-4113-a417-ac5e69cd6e00", + "name": "3e9e34b5-9c30-4ef2-b616-bd55af84812a:indexpattern-datasource-layer-5b735852-dd75-405e-9611-03fcd2e0a96b", + "type": "index-pattern" + }, + { + "id": "tychon-b85e87c0-41ab-11ee-83e4-c92ed141b9e5-epp", + "name": "3e9e34b5-9c30-4ef2-b616-bd55af84812a:drilldown:DASHBOARD_TO_DASHBOARD_DRILLDOWN:5aa080e4-d756-4967-92d3-f92a920b315f:dashboardId", + "type": "dashboard" + }, + { + "id": "6c3bf5e0-0feb-4113-a417-ac5e69cd6e00", + "name": "469ca4f4-f561-461b-8067-52e9ccdd675d:indexpattern-datasource-layer-f0204bf6-51c3-4a5a-a267-b9d92c0bdcae", + "type": "index-pattern" + }, + { + "id": "tychon-b85e87c0-41ab-11ee-83e4-c92ed141b9e5-epp", + "name": "469ca4f4-f561-461b-8067-52e9ccdd675d:drilldown:DASHBOARD_TO_DASHBOARD_DRILLDOWN:39600cce-a379-46d1-9b6a-42c97b06c32d:dashboardId", + "type": "dashboard" + }, + { + "id": "6c3bf5e0-0feb-4113-a417-ac5e69cd6e00", + "name": "3e1efdc5-02e7-46ff-bb1d-4642aa1f1327:indexpattern-datasource-layer-a4583603-ba5e-4eb5-ab11-7d8f7d5586ce", + "type": "index-pattern" + }, + { + "id": "tychon-b85e87c0-41ab-11ee-83e4-c92ed141b9e5-epp", + "name": "3e1efdc5-02e7-46ff-bb1d-4642aa1f1327:drilldown:DASHBOARD_TO_DASHBOARD_DRILLDOWN:8d9908e0-205b-43ec-8fd4-343ce4057237:dashboardId", + "type": "dashboard" + }, + { + "id": "6c3bf5e0-0feb-4113-a417-ac5e69cd6e00", + "name": "d0f95b46-cb78-4246-b605-cf764851569e:indexpattern-datasource-layer-f0204bf6-51c3-4a5a-a267-b9d92c0bdcae", + "type": "index-pattern" + }, + { + "id": "tychon-b85e87c0-41ab-11ee-83e4-c92ed141b9e5-epp", + "name": "d0f95b46-cb78-4246-b605-cf764851569e:drilldown:DASHBOARD_TO_DASHBOARD_DRILLDOWN:9b0c3115-07d2-4a63-be6e-424b453fd041:dashboardId", + "type": "dashboard" + }, + { + "id": "6c3bf5e0-0feb-4113-a417-ac5e69cd6e00", + "name": "08341f8a-a71d-414d-8b73-d1648e343d3c:indexpattern-datasource-layer-6d406795-8e1a-4015-909d-8a0125090f83", + "type": "index-pattern" + }, + { + "id": "tychon-b85e87c0-41ab-11ee-83e4-c92ed141b9e5-epp", + "name": "08341f8a-a71d-414d-8b73-d1648e343d3c:drilldown:DASHBOARD_TO_DASHBOARD_DRILLDOWN:641eddc6-5d50-4512-9409-a6d9f49e7e8a:dashboardId", + "type": "dashboard" + }, + { + "id": "6c3bf5e0-0feb-4113-a417-ac5e69cd6e00", + "name": "79fcc1f0-f7d1-4ac5-8b1a-790dcd1ca676:indexpattern-datasource-layer-f0204bf6-51c3-4a5a-a267-b9d92c0bdcae", + "type": "index-pattern" + }, + { + "id": "tychon-b85e87c0-41ab-11ee-83e4-c92ed141b9e5-epp", + "name": "79fcc1f0-f7d1-4ac5-8b1a-790dcd1ca676:drilldown:DASHBOARD_TO_DASHBOARD_DRILLDOWN:04264bb0-25f8-4128-b7dc-821f46b7dd54:dashboardId", + "type": "dashboard" + }, + { + "id": "6c3bf5e0-0feb-4113-a417-ac5e69cd6e00", + "name": "dad722ab-af91-4d03-a313-faab0d9533c5:indexpattern-datasource-layer-140a1766-6ea5-4c9c-9c7c-244b239a9d96", + "type": "index-pattern" + }, + { + "id": "tychon-b85e87c0-41ab-11ee-83e4-c92ed141b9e5-epp", + "name": "dad722ab-af91-4d03-a313-faab0d9533c5:drilldown:DASHBOARD_TO_DASHBOARD_DRILLDOWN:24732923-c957-4110-8558-e38a86ad50bf:dashboardId", + "type": "dashboard" + }, + { + "id": "6c3bf5e0-0feb-4113-a417-ac5e69cd6e00", + "name": "426f8706-b652-422d-a763-19eb6a28916f:indexpattern-datasource-layer-f0204bf6-51c3-4a5a-a267-b9d92c0bdcae", + "type": "index-pattern" + }, + { + "id": "tychon-b85e87c0-41ab-11ee-83e4-c92ed141b9e5-epp", + "name": "426f8706-b652-422d-a763-19eb6a28916f:drilldown:DASHBOARD_TO_DASHBOARD_DRILLDOWN:547ea5a0-a1ae-4a90-8cd0-7ad0e177b613:dashboardId", + "type": "dashboard" + }, + { + "id": "bae88930-1133-11ee-af86-538da1394f27", + "name": "tag-ref-bae88930-1133-11ee-af86-538da1394f27", + "type": "tag" + }, + { + "id": "10af3800-10f3-11ee-af86-538da1394f27", + "name": "tag-ref-10af3800-10f3-11ee-af86-538da1394f27", + "type": "tag" + }, + { + "id": "39b55820-10f2-11ee-af86-538da1394f27", + "name": "tag-ref-39b55820-10f2-11ee-af86-538da1394f27", + "type": "tag" + }, + { + "id": "5a3ae0c0-3dbf-11ee-9610-15dee918f31a", + "name": "tag-ref-5a3ae0c0-3dbf-11ee-9610-15dee918f31a", + "type": "tag" + } + ], + "type": "dashboard", + "updated_at": "2023-08-23T21:17:53.197Z", + "version": "WzgyMjcwNiwyMl0=" +} \ No newline at end of file diff --git a/packages/tychon/kibana/dashboard/tychon-2bd4ca50-3dfd-11ee-9610-15dee918f31a-softwareinventory.json b/packages/tychon/kibana/dashboard/tychon-2bd4ca50-3dfd-11ee-9610-15dee918f31a-softwareinventory.json new file mode 100644 index 00000000000..195fc2fb98f --- /dev/null +++ b/packages/tychon/kibana/dashboard/tychon-2bd4ca50-3dfd-11ee-9610-15dee918f31a-softwareinventory.json @@ -0,0 +1,86 @@ +{ + "attributes": { + "controlGroupInput": { + "chainingSystem": "HIERARCHICAL", + "controlStyle": "oneLine", + "ignoreParentSettingsJSON": "{\"ignoreFilters\":false,\"ignoreQuery\":false,\"ignoreTimerange\":false,\"ignoreValidations\":false}", + "panelsJSON": "{\"8f5ba1f4-07f6-41a9-85c0-6060d10c200a\":{\"order\":0,\"width\":\"large\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"host.hostname\",\"title\":\"Hostname\",\"singleSelect\":true,\"hideExists\":true,\"hideExclude\":true,\"id\":\"8f5ba1f4-07f6-41a9-85c0-6060d10c200a\",\"enhancements\":{}}}}" + }, + "description": "The \"TYCHON Endpoint Browser\" dashboard provides host visualization data for a single endpoint at a time. The dashboard is a set of several individual views broken down by tabs near the top of the screen. The TYCHON Endpoint Browser – Software Inventory view displays all installed Applications and Products on a computer, its version, and the last time it was seen.", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "optionsJSON": "{\"useMargins\":true,\"syncColors\":true,\"syncCursor\":true,\"syncTooltips\":true,\"hidePanelTitles\":false}", + "panelsJSON": "[{\"version\":\"8.6.2\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":48,\"h\":3,\"i\":\"341d7ddd-16bc-4f9d-ab47-a7f337ad3a76\"},\"panelIndex\":\"341d7ddd-16bc-4f9d-ab47-a7f337ad3a76\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true},\"panelRefName\":\"panel_341d7ddd-16bc-4f9d-ab47-a7f337ad3a76\"},{\"version\":\"8.6.2\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":3,\"w\":5,\"h\":10,\"i\":\"f9aaeeaf-3553-4857-b4e6-d6d73056341e\"},\"panelIndex\":\"f9aaeeaf-3553-4857-b4e6-d6d73056341e\",\"embeddableConfig\":{\"savedVis\":{\"id\":\"\",\"title\":\"\",\"description\":\"\",\"type\":\"markdown\",\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"### Software Installed\\nTYCHON reports both Windows Store applications and typical installed programs. TYCHON does not drop records when applications are removed and will update apps when they are added or upgraded.\"},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"hidePanelTitles\":true,\"enhancements\":{}}},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":5,\"y\":3,\"w\":7,\"h\":10,\"i\":\"ea1f4eb7-c8ef-4907-a106-734dac97ec4b\"},\"panelIndex\":\"ea1f4eb7-c8ef-4907-a106-734dac97ec4b\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsLegacyMetric\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"e0015160-781d-4885-9ae6-04230d059bfb\",\"name\":\"indexpattern-datasource-layer-8edfce3b-22f2-4c48-a63f-825b9418bcf3\"}],\"state\":{\"visualization\":{\"layerId\":\"8edfce3b-22f2-4c48-a63f-825b9418bcf3\",\"accessor\":\"e78025b8-c96b-45bd-8202-8b5a06fb8355\",\"layerType\":\"data\",\"titlePosition\":\"bottom\",\"size\":\"l\",\"textAlign\":\"center\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"8edfce3b-22f2-4c48-a63f-825b9418bcf3\":{\"columns\":{\"e78025b8-c96b-45bd-8202-8b5a06fb8355\":{\"label\":\"Total Software Installed\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"package.id\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":false},\"customLabel\":true}},\"columnOrder\":[\"e78025b8-c96b-45bd-8202-8b5a06fb8355\"],\"sampling\":1,\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":true,\"enhancements\":{}}},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":12,\"y\":3,\"w\":10,\"h\":10,\"i\":\"b75181e4-77ee-4c10-b857-154234080c8c\"},\"panelIndex\":\"b75181e4-77ee-4c10-b857-154234080c8c\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsPie\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"e0015160-781d-4885-9ae6-04230d059bfb\",\"name\":\"indexpattern-datasource-layer-03a2e212-519d-46f5-868b-a7c914f289e0\"}],\"state\":{\"visualization\":{\"shape\":\"mosaic\",\"palette\":{\"type\":\"palette\",\"name\":\"cool\"},\"layers\":[{\"layerId\":\"03a2e212-519d-46f5-868b-a7c914f289e0\",\"primaryGroups\":[\"cbf846c8-f838-4483-8097-2225de0b3d57\"],\"secondaryGroups\":[],\"metrics\":[\"dd21a1e4-6110-4b11-a1a7-674a03e262c0\"],\"numberDisplay\":\"percent\",\"categoryDisplay\":\"default\",\"legendDisplay\":\"default\",\"nestedLegend\":false,\"layerType\":\"data\",\"allowMultipleMetrics\":false}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"03a2e212-519d-46f5-868b-a7c914f289e0\":{\"columns\":{\"cbf846c8-f838-4483-8097-2225de0b3d57\":{\"label\":\"Package Types\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"package.type\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"dd21a1e4-6110-4b11-a1a7-674a03e262c0\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"dd21a1e4-6110-4b11-a1a7-674a03e262c0\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true}}},\"columnOrder\":[\"cbf846c8-f838-4483-8097-2225de0b3d57\",\"dd21a1e4-6110-4b11-a1a7-674a03e262c0\"],\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Software Type\"},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":22,\"y\":3,\"w\":26,\"h\":10,\"i\":\"92b47b97-ad52-40c2-9b89-bbde77e7f00e\"},\"panelIndex\":\"92b47b97-ad52-40c2-9b89-bbde77e7f00e\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"e0015160-781d-4885-9ae6-04230d059bfb\",\"name\":\"indexpattern-datasource-layer-057703a5-7f81-4be1-82c4-2f27bbf2615c\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"preferredSeriesType\":\"bar_horizontal\",\"layers\":[{\"layerId\":\"057703a5-7f81-4be1-82c4-2f27bbf2615c\",\"accessors\":[\"3ffc6314-731f-4048-b5b6-a1d673384858\"],\"position\":\"top\",\"seriesType\":\"bar_horizontal\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"888ceeac-4036-4b29-a96a-c49d9b4602c3\",\"yConfig\":[{\"forAccessor\":\"3ffc6314-731f-4048-b5b6-a1d673384858\",\"color\":\"#6092c0\"}]}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"057703a5-7f81-4be1-82c4-2f27bbf2615c\":{\"columns\":{\"888ceeac-4036-4b29-a96a-c49d9b4602c3\":{\"label\":\"Publisher\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"package.publisher\",\"isBucketed\":true,\"params\":{\"size\":10,\"orderBy\":{\"type\":\"column\",\"columnId\":\"3ffc6314-731f-4048-b5b6-a1d673384858\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"3ffc6314-731f-4048-b5b6-a1d673384858\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true}}},\"columnOrder\":[\"888ceeac-4036-4b29-a96a-c49d9b4602c3\",\"3ffc6314-731f-4048-b5b6-a1d673384858\"],\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Software By Publisher\"},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":13,\"w\":48,\"h\":33,\"i\":\"6e3b23f2-6754-4dda-a428-f68e622ed411\"},\"panelIndex\":\"6e3b23f2-6754-4dda-a428-f68e622ed411\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"e0015160-781d-4885-9ae6-04230d059bfb\",\"name\":\"indexpattern-datasource-layer-a8eb0e1b-2c4e-4717-b533-0b39e227a2a8\"}],\"state\":{\"visualization\":{\"layerId\":\"a8eb0e1b-2c4e-4717-b533-0b39e227a2a8\",\"layerType\":\"data\",\"columns\":[{\"columnId\":\"bd55582e-c727-4f43-93cf-c1dfbfc46c40\",\"alignment\":\"left\"},{\"columnId\":\"529bf337-2458-4752-a815-7a5d0d84dc32\",\"hidden\":true},{\"columnId\":\"a4df1e47-a590-44d4-8bc5-e120c094a1ca\",\"isTransposed\":false,\"alignment\":\"left\"},{\"columnId\":\"a20d1958-fa8e-476c-acf9-74c0323c65d3\",\"isTransposed\":false,\"alignment\":\"center\"},{\"columnId\":\"28fd934b-7413-4196-b397-f42832cfa4c1\",\"isTransposed\":false,\"alignment\":\"center\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"a8eb0e1b-2c4e-4717-b533-0b39e227a2a8\":{\"columns\":{\"bd55582e-c727-4f43-93cf-c1dfbfc46c40\":{\"label\":\"Name\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"package.name\",\"isBucketed\":true,\"params\":{\"size\":500,\"orderBy\":{\"type\":\"column\",\"columnId\":\"529bf337-2458-4752-a815-7a5d0d84dc32\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"529bf337-2458-4752-a815-7a5d0d84dc32\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true}},\"a4df1e47-a590-44d4-8bc5-e120c094a1ca\":{\"label\":\"Version\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"package.version\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"529bf337-2458-4752-a815-7a5d0d84dc32\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"a20d1958-fa8e-476c-acf9-74c0323c65d3\":{\"label\":\"Type\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"package.type\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"529bf337-2458-4752-a815-7a5d0d84dc32\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false,\"secondaryFields\":[]},\"customLabel\":true},\"28fd934b-7413-4196-b397-f42832cfa4c1\":{\"label\":\"Last Seen\",\"dataType\":\"date\",\"operationType\":\"last_value\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"@timestamp\",\"filter\":{\"query\":\"@timestamp: *\",\"language\":\"kuery\"},\"params\":{\"sortField\":\"@timestamp\"},\"customLabel\":true}},\"columnOrder\":[\"bd55582e-c727-4f43-93cf-c1dfbfc46c40\",\"a4df1e47-a590-44d4-8bc5-e120c094a1ca\",\"a20d1958-fa8e-476c-acf9-74c0323c65d3\",\"529bf337-2458-4752-a815-7a5d0d84dc32\",\"28fd934b-7413-4196-b397-f42832cfa4c1\"],\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Installed Software and Applications\"}]", + "refreshInterval": { + "pause": true, + "value": 0 + }, + "timeFrom": "now-24h/h", + "timeRestore": true, + "timeTo": "now", + "title": "[TYCHON] Endpoint Browser - Software Inventory", + "version": 1 + }, + "coreMigrationVersion": "8.6.2", + "created_at": "2023-08-23T20:46:31.347Z", + "id": "tychon-2bd4ca50-3dfd-11ee-9610-15dee918f31a-softwareinventory", + "migrationVersion": { + "dashboard": "8.6.0" + }, + "references": [ + { + "id": "tychon-ee4b44b0-40e6-11ee-8111-21f5f34f6dfc", + "name": "341d7ddd-16bc-4f9d-ab47-a7f337ad3a76:panel_341d7ddd-16bc-4f9d-ab47-a7f337ad3a76", + "type": "visualization" + }, + { + "id": "e0015160-781d-4885-9ae6-04230d059bfb", + "name": "ea1f4eb7-c8ef-4907-a106-734dac97ec4b:indexpattern-datasource-layer-8edfce3b-22f2-4c48-a63f-825b9418bcf3", + "type": "index-pattern" + }, + { + "id": "e0015160-781d-4885-9ae6-04230d059bfb", + "name": "b75181e4-77ee-4c10-b857-154234080c8c:indexpattern-datasource-layer-03a2e212-519d-46f5-868b-a7c914f289e0", + "type": "index-pattern" + }, + { + "id": "e0015160-781d-4885-9ae6-04230d059bfb", + "name": "92b47b97-ad52-40c2-9b89-bbde77e7f00e:indexpattern-datasource-layer-057703a5-7f81-4be1-82c4-2f27bbf2615c", + "type": "index-pattern" + }, + { + "id": "e0015160-781d-4885-9ae6-04230d059bfb", + "name": "6e3b23f2-6754-4dda-a428-f68e622ed411:indexpattern-datasource-layer-a8eb0e1b-2c4e-4717-b533-0b39e227a2a8", + "type": "index-pattern" + }, + { + "id": "bb5226cd-c099-46d2-bb71-0257232c7d82", + "name": "controlGroup_8f5ba1f4-07f6-41a9-85c0-6060d10c200a:optionsListDataView", + "type": "index-pattern" + }, + { + "id": "a3922360-3de6-11ee-9610-15dee918f31a", + "name": "tag-ref-a3922360-3de6-11ee-9610-15dee918f31a", + "type": "tag" + }, + { + "id": "e18d6100-3c85-11ee-9610-15dee918f31a", + "name": "tag-ref-e18d6100-3c85-11ee-9610-15dee918f31a", + "type": "tag" + }, + { + "id": "10af3800-10f3-11ee-af86-538da1394f27", + "name": "tag-ref-10af3800-10f3-11ee-af86-538da1394f27", + "type": "tag" + }, + { + "id": "27edf330-3dfd-11ee-9610-15dee918f31a", + "name": "tag-ref-27edf330-3dfd-11ee-9610-15dee918f31a", + "type": "tag" + } + ], + "type": "dashboard", + "updated_at": "2023-08-23T20:46:31.347Z", + "version": "WzgyMDk3MSwyMl0=" +} \ No newline at end of file diff --git a/packages/tychon/kibana/dashboard/tychon-2de7a3c0-3e08-11ee-9610-15dee918f31a-cve.json b/packages/tychon/kibana/dashboard/tychon-2de7a3c0-3e08-11ee-9610-15dee918f31a-cve.json new file mode 100644 index 00000000000..e187b2f0425 --- /dev/null +++ b/packages/tychon/kibana/dashboard/tychon-2de7a3c0-3e08-11ee-9610-15dee918f31a-cve.json @@ -0,0 +1,116 @@ +{ + "attributes": { + "controlGroupInput": { + "chainingSystem": "HIERARCHICAL", + "controlStyle": "oneLine", + "ignoreParentSettingsJSON": "{\"ignoreFilters\":false,\"ignoreQuery\":false,\"ignoreTimerange\":false,\"ignoreValidations\":false}", + "panelsJSON": "{\"8c4d7403-b7c0-4274-9e12-cec69c62e01e\":{\"order\":0,\"width\":\"large\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"host.hostname\",\"title\":\"Hostname\",\"singleSelect\":true,\"hideExclude\":true,\"hideExists\":true,\"id\":\"8c4d7403-b7c0-4274-9e12-cec69c62e01e\",\"enhancements\":{},\"selectedOptions\":[]}}}" + }, + "description": "The \"TYCHON Endpoint Browser\" dashboard provides host visualization data for a single endpoint at a time. The dashboard is a set of several individual views broken down by tabs near the top of the screen. The TYCHON Endpoint Browser – Vulnerabilities view displays all CVEs checked by TYCHON and reported as passed or failed.", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "optionsJSON": "{\"useMargins\":true,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}", + "panelsJSON": "[{\"version\":\"8.6.2\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":48,\"h\":3,\"i\":\"e243d9ab-d083-4b45-88a2-9581bf3689ae\"},\"panelIndex\":\"e243d9ab-d083-4b45-88a2-9581bf3689ae\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_e243d9ab-d083-4b45-88a2-9581bf3689ae\"},{\"version\":\"8.6.2\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":3,\"w\":7,\"h\":8,\"i\":\"9c9464be-67ab-4220-bbab-50cfda4e211f\"},\"panelIndex\":\"9c9464be-67ab-4220-bbab-50cfda4e211f\",\"embeddableConfig\":{\"savedVis\":{\"id\":\"\",\"title\":\"\",\"description\":\"\",\"type\":\"markdown\",\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"### Vulnerabilities\\nTYCHON will scan and report what CVEs are vulnerable on an endpoint, this is a local check using OVAL and customized content. Severity and third-party identifiers like IAVA and CISA dates are pre-correlated at the endpoint in its definition.\"},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"hidePanelTitles\":true,\"enhancements\":{}}},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":16,\"y\":3,\"w\":8,\"h\":8,\"i\":\"18ef0327-ab0a-46d7-ac9c-bf8d01e28eba\"},\"panelIndex\":\"18ef0327-ab0a-46d7-ac9c-bf8d01e28eba\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsLegacyMetric\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"78931842-dc88-45d7-a6ee-d79fb9f615bd\",\"name\":\"indexpattern-datasource-layer-b5de6e20-9f56-4bec-b4b3-1acb9eb2e76b\"}],\"state\":{\"visualization\":{\"layerId\":\"b5de6e20-9f56-4bec-b4b3-1acb9eb2e76b\",\"accessor\":\"f0df1a7d-307a-40d6-9925-8afb18d9808c\",\"layerType\":\"data\",\"textAlign\":\"center\",\"titlePosition\":\"bottom\",\"size\":\"l\",\"colorMode\":\"Labels\",\"palette\":{\"name\":\"custom\",\"type\":\"palette\",\"params\":{\"steps\":3,\"name\":\"custom\",\"reverse\":false,\"rangeType\":\"number\",\"rangeMin\":null,\"rangeMax\":null,\"progression\":\"fixed\",\"stops\":[{\"color\":\"#209280\",\"stop\":0},{\"color\":\"#209280\",\"stop\":1},{\"color\":\"#cc5642\",\"stop\":100}],\"colorStops\":[{\"color\":\"#209280\",\"stop\":null},{\"color\":\"#209280\",\"stop\":0},{\"color\":\"#cc5642\",\"stop\":1}],\"continuity\":\"all\",\"maxSteps\":5}}},\"query\":{\"query\":\"vulnerability.due_date \u003c now and vulnerability.result : \\\"fail\\\" \",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"b5de6e20-9f56-4bec-b4b3-1acb9eb2e76b\":{\"columns\":{\"f0df1a7d-307a-40d6-9925-8afb18d9808c\":{\"label\":\"Failed Vulnerabilities Pass Due\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"vulnerability.id\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":false},\"customLabel\":true}},\"columnOrder\":[\"f0df1a7d-307a-40d6-9925-8afb18d9808c\"],\"sampling\":1,\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":true,\"enhancements\":{}}},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":3,\"w\":8,\"h\":8,\"i\":\"0f3331b8-da1a-452c-a1b0-39a5558a1379\"},\"panelIndex\":\"0f3331b8-da1a-452c-a1b0-39a5558a1379\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsLegacyMetric\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"78931842-dc88-45d7-a6ee-d79fb9f615bd\",\"name\":\"indexpattern-datasource-layer-b5de6e20-9f56-4bec-b4b3-1acb9eb2e76b\"}],\"state\":{\"visualization\":{\"layerId\":\"b5de6e20-9f56-4bec-b4b3-1acb9eb2e76b\",\"accessor\":\"f0df1a7d-307a-40d6-9925-8afb18d9808c\",\"layerType\":\"data\",\"textAlign\":\"center\",\"titlePosition\":\"bottom\",\"size\":\"l\"},\"query\":{\"query\":\"vulnerability.result : \\\"fail\\\" \",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"b5de6e20-9f56-4bec-b4b3-1acb9eb2e76b\":{\"columns\":{\"f0df1a7d-307a-40d6-9925-8afb18d9808c\":{\"label\":\"Total Failed Vulnerabilities\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"vulnerability.id\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":false},\"customLabel\":true}},\"columnOrder\":[\"f0df1a7d-307a-40d6-9925-8afb18d9808c\"],\"sampling\":1,\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{},\"hidePanelTitles\":true}},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":32,\"y\":3,\"w\":8,\"h\":8,\"i\":\"91a3fb55-660d-48ec-89f2-4e5b3122b49b\"},\"panelIndex\":\"91a3fb55-660d-48ec-89f2-4e5b3122b49b\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsLegacyMetric\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"78931842-dc88-45d7-a6ee-d79fb9f615bd\",\"name\":\"indexpattern-datasource-layer-b5de6e20-9f56-4bec-b4b3-1acb9eb2e76b\"}],\"state\":{\"visualization\":{\"layerId\":\"b5de6e20-9f56-4bec-b4b3-1acb9eb2e76b\",\"accessor\":\"f0df1a7d-307a-40d6-9925-8afb18d9808c\",\"layerType\":\"data\",\"textAlign\":\"center\",\"titlePosition\":\"bottom\",\"size\":\"l\"},\"query\":{\"query\":\"vulnerability.result : \\\"fail\\\" and vulnerability.due_date_reason : \\\"iava\\\" \",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"b5de6e20-9f56-4bec-b4b3-1acb9eb2e76b\":{\"columns\":{\"f0df1a7d-307a-40d6-9925-8afb18d9808c\":{\"label\":\"Total IAVA Failed Vulnerabilities\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"vulnerability.id\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":false},\"customLabel\":true}},\"columnOrder\":[\"f0df1a7d-307a-40d6-9925-8afb18d9808c\"],\"sampling\":1,\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{},\"hidePanelTitles\":true},\"title\":\"\"},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":40,\"y\":3,\"w\":8,\"h\":8,\"i\":\"ecee7b3f-f07e-4911-bb36-405e687f3ae0\"},\"panelIndex\":\"ecee7b3f-f07e-4911-bb36-405e687f3ae0\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsLegacyMetric\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"78931842-dc88-45d7-a6ee-d79fb9f615bd\",\"name\":\"indexpattern-datasource-layer-b5de6e20-9f56-4bec-b4b3-1acb9eb2e76b\"}],\"state\":{\"visualization\":{\"layerId\":\"b5de6e20-9f56-4bec-b4b3-1acb9eb2e76b\",\"accessor\":\"f0df1a7d-307a-40d6-9925-8afb18d9808c\",\"layerType\":\"data\",\"textAlign\":\"center\",\"titlePosition\":\"bottom\",\"size\":\"l\"},\"query\":{\"query\":\"vulnerability.result : \\\"fail\\\" and vulnerability.due_date_reason : \\\"cisa\\\" \",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"b5de6e20-9f56-4bec-b4b3-1acb9eb2e76b\":{\"columns\":{\"f0df1a7d-307a-40d6-9925-8afb18d9808c\":{\"label\":\"Total CISA Failed Vulnerabilities\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"vulnerability.id\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":false},\"customLabel\":true}},\"columnOrder\":[\"f0df1a7d-307a-40d6-9925-8afb18d9808c\"],\"sampling\":1,\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{},\"hidePanelTitles\":true},\"title\":\"\"},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":7,\"y\":3,\"w\":9,\"h\":8,\"i\":\"eadda9a3-732f-4ad7-81fb-7abc16fe4bd2\"},\"panelIndex\":\"eadda9a3-732f-4ad7-81fb-7abc16fe4bd2\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsLegacyMetric\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"78931842-dc88-45d7-a6ee-d79fb9f615bd\",\"name\":\"indexpattern-datasource-layer-cd8f844b-1401-4c37-9b58-7ee816064353\"}],\"state\":{\"visualization\":{\"layerId\":\"cd8f844b-1401-4c37-9b58-7ee816064353\",\"accessor\":\"4db8ade0-256f-4272-99a0-61495a90c327\",\"layerType\":\"data\",\"colorMode\":\"None\",\"size\":\"l\",\"titlePosition\":\"bottom\",\"textAlign\":\"center\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"cd8f844b-1401-4c37-9b58-7ee816064353\":{\"columns\":{\"4db8ade0-256f-4272-99a0-61495a90c327\":{\"label\":\"Total Vulnerabilities\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"vulnerability.id\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":false},\"customLabel\":true}},\"columnOrder\":[\"4db8ade0-256f-4272-99a0-61495a90c327\"],\"sampling\":1,\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":true,\"enhancements\":{}}},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":32,\"y\":11,\"w\":16,\"h\":16,\"i\":\"721cfff2-211b-4e21-a5a7-874dcd0e6edc\"},\"panelIndex\":\"721cfff2-211b-4e21-a5a7-874dcd0e6edc\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"78931842-dc88-45d7-a6ee-d79fb9f615bd\",\"name\":\"indexpattern-datasource-layer-9f9cf1ce-1e59-4b0f-a264-04b877d4dfba\"}],\"state\":{\"visualization\":{\"title\":\"Empty XY chart\",\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"valueLabels\":\"hide\",\"preferredSeriesType\":\"bar_horizontal\",\"layers\":[{\"layerId\":\"9f9cf1ce-1e59-4b0f-a264-04b877d4dfba\",\"accessors\":[\"c3ae2971-d1a3-447e-9679-439492ce7757\"],\"position\":\"top\",\"seriesType\":\"bar_horizontal\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"efb8128a-a1e5-46bb-8278-9c81fb97f741\",\"yConfig\":[{\"forAccessor\":\"c3ae2971-d1a3-447e-9679-439492ce7757\",\"color\":\"#6092c0\"}]}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"9f9cf1ce-1e59-4b0f-a264-04b877d4dfba\":{\"columns\":{\"efb8128a-a1e5-46bb-8278-9c81fb97f741\":{\"label\":\"Severity\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"vulnerability.severity\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"c3ae2971-d1a3-447e-9679-439492ce7757\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"c3ae2971-d1a3-447e-9679-439492ce7757\":{\"label\":\"Unique count of vulnerability.id\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"vulnerability.id\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":true}}},\"columnOrder\":[\"efb8128a-a1e5-46bb-8278-9c81fb97f741\",\"c3ae2971-d1a3-447e-9679-439492ce7757\"],\"sampling\":1,\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Vulnerabilities By Severity\"},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":11,\"w\":32,\"h\":15,\"i\":\"30647fae-03f0-46a0-b6a6-96f4b9692227\"},\"panelIndex\":\"30647fae-03f0-46a0-b6a6-96f4b9692227\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"78931842-dc88-45d7-a6ee-d79fb9f615bd\",\"name\":\"indexpattern-datasource-layer-d268dc70-0f0d-443b-b702-d08241bc0733\"}],\"state\":{\"visualization\":{\"columns\":[{\"isTransposed\":false,\"columnId\":\"ac337e99-130a-4af6-a771-32b72b41ea02\",\"alignment\":\"left\"},{\"columnId\":\"5e9e7b30-a800-4757-b55c-e7bc60ed32be\",\"isTransposed\":false},{\"columnId\":\"9d6c754b-aacd-4f6a-8f86-1fb01e957616\",\"isTransposed\":false,\"alignment\":\"center\",\"colorMode\":\"cell\",\"palette\":{\"name\":\"custom\",\"type\":\"palette\",\"params\":{\"steps\":5,\"stops\":[{\"color\":\"#D6BF57\",\"stop\":4},{\"color\":\"#d69d57\",\"stop\":6},{\"color\":\"#e7664c\",\"stop\":8},{\"color\":\"#cc5642\",\"stop\":100}],\"name\":\"custom\",\"colorStops\":[{\"color\":\"#D6BF57\",\"stop\":0},{\"color\":\"#d69d57\",\"stop\":4},{\"color\":\"#e7664c\",\"stop\":6},{\"color\":\"#cc5642\",\"stop\":8}],\"continuity\":\"above\",\"reverse\":false,\"rangeMin\":0,\"rangeMax\":null}}},{\"columnId\":\"eeb56262-f4a7-451c-9a81-dfb12bc296c6\",\"isTransposed\":false},{\"columnId\":\"7c5f284d-4d53-4b1d-bde1-dd7d0b6eaac9\",\"isTransposed\":false,\"alignment\":\"center\"},{\"columnId\":\"c97d1951-13d7-4266-a021-151ea9e8b441\",\"isTransposed\":false},{\"columnId\":\"05257a37-66cb-4415-979e-b99535b47e1d\",\"isTransposed\":false,\"alignment\":\"center\"}],\"layerId\":\"d268dc70-0f0d-443b-b702-d08241bc0733\",\"layerType\":\"data\",\"sorting\":{\"columnId\":\"eeb56262-f4a7-451c-9a81-dfb12bc296c6\",\"direction\":\"asc\"}},\"query\":{\"query\":\"vulnerability.result : \\\"fail\\\" \",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"d268dc70-0f0d-443b-b702-d08241bc0733\":{\"columns\":{\"ac337e99-130a-4af6-a771-32b72b41ea02\":{\"label\":\"Vulnerability ID\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"vulnerability.id\",\"isBucketed\":true,\"params\":{\"size\":200,\"orderBy\":{\"type\":\"column\",\"columnId\":\"9d6c754b-aacd-4f6a-8f86-1fb01e957616\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"5e9e7b30-a800-4757-b55c-e7bc60ed32be\":{\"label\":\"Title\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"vulnerability.title\",\"isBucketed\":true,\"params\":{\"size\":1,\"orderBy\":{\"type\":\"column\",\"columnId\":\"9d6c754b-aacd-4f6a-8f86-1fb01e957616\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false,\"secondaryFields\":[]},\"customLabel\":true},\"9d6c754b-aacd-4f6a-8f86-1fb01e957616\":{\"label\":\"NVD Score\",\"dataType\":\"number\",\"operationType\":\"max\",\"sourceField\":\"vulnerability.score.base\",\"isBucketed\":false,\"scale\":\"ratio\",\"filter\":{\"query\":\"vulnerability.result: *\",\"language\":\"kuery\"},\"params\":{\"emptyAsNull\":true},\"customLabel\":true},\"eeb56262-f4a7-451c-9a81-dfb12bc296c6\":{\"label\":\"Result\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"vulnerability.result\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"9d6c754b-aacd-4f6a-8f86-1fb01e957616\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"7c5f284d-4d53-4b1d-bde1-dd7d0b6eaac9\":{\"label\":\"IAVA\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"vulnerability.iava\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"9d6c754b-aacd-4f6a-8f86-1fb01e957616\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"c97d1951-13d7-4266-a021-151ea9e8b441\":{\"label\":\"Due Date\",\"dataType\":\"date\",\"operationType\":\"last_value\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"vulnerability.due_date\",\"filter\":{\"query\":\"vulnerability.due_date: *\",\"language\":\"kuery\"},\"params\":{\"sortField\":\"@timestamp\"},\"customLabel\":true},\"05257a37-66cb-4415-979e-b99535b47e1d\":{\"label\":\"Due Date Category\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"vulnerability.due_date_reason\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"9d6c754b-aacd-4f6a-8f86-1fb01e957616\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true}},\"columnOrder\":[\"ac337e99-130a-4af6-a771-32b72b41ea02\",\"5e9e7b30-a800-4757-b55c-e7bc60ed32be\",\"eeb56262-f4a7-451c-9a81-dfb12bc296c6\",\"7c5f284d-4d53-4b1d-bde1-dd7d0b6eaac9\",\"05257a37-66cb-4415-979e-b99535b47e1d\",\"c97d1951-13d7-4266-a021-151ea9e8b441\",\"9d6c754b-aacd-4f6a-8f86-1fb01e957616\"],\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Failed CVEs\"},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":32,\"y\":27,\"w\":16,\"h\":18,\"i\":\"b146db26-e963-43f4-b2cd-60eb96128506\"},\"panelIndex\":\"b146db26-e963-43f4-b2cd-60eb96128506\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsPie\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"78931842-dc88-45d7-a6ee-d79fb9f615bd\",\"name\":\"indexpattern-datasource-layer-52771762-574a-44e5-b312-212bca766745\"}],\"state\":{\"visualization\":{\"shape\":\"pie\",\"palette\":{\"type\":\"palette\",\"name\":\"complimentary\"},\"layers\":[{\"layerId\":\"52771762-574a-44e5-b312-212bca766745\",\"primaryGroups\":[\"21eb78e0-4d9a-4896-b595-ed36a4c81086\"],\"metrics\":[\"d694059d-3e12-48e0-8534-c02795963840\"],\"numberDisplay\":\"value\",\"categoryDisplay\":\"default\",\"legendDisplay\":\"default\",\"nestedLegend\":false,\"layerType\":\"data\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"52771762-574a-44e5-b312-212bca766745\":{\"columns\":{\"21eb78e0-4d9a-4896-b595-ed36a4c81086\":{\"label\":\"Top 20 values of vulnerability.year\",\"dataType\":\"number\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"vulnerability.year\",\"isBucketed\":true,\"params\":{\"size\":20,\"orderBy\":{\"type\":\"column\",\"columnId\":\"d694059d-3e12-48e0-8534-c02795963840\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false}},\"d694059d-3e12-48e0-8534-c02795963840\":{\"label\":\"Unique count of vulnerability.id\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"vulnerability.id\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":true}}},\"columnOrder\":[\"21eb78e0-4d9a-4896-b595-ed36a4c81086\",\"d694059d-3e12-48e0-8534-c02795963840\"],\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Vulnerabilities by Year\"},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":26,\"w\":32,\"h\":19,\"i\":\"a004f187-6f6e-4875-b63e-2b50db064884\"},\"panelIndex\":\"a004f187-6f6e-4875-b63e-2b50db064884\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"78931842-dc88-45d7-a6ee-d79fb9f615bd\",\"name\":\"indexpattern-datasource-layer-d268dc70-0f0d-443b-b702-d08241bc0733\"}],\"state\":{\"visualization\":{\"columns\":[{\"isTransposed\":false,\"columnId\":\"ac337e99-130a-4af6-a771-32b72b41ea02\",\"alignment\":\"left\"},{\"columnId\":\"5e9e7b30-a800-4757-b55c-e7bc60ed32be\",\"isTransposed\":false},{\"columnId\":\"9d6c754b-aacd-4f6a-8f86-1fb01e957616\",\"isTransposed\":false,\"alignment\":\"center\",\"colorMode\":\"cell\",\"palette\":{\"name\":\"custom\",\"type\":\"palette\",\"params\":{\"steps\":5,\"stops\":[{\"color\":\"#45e245\",\"stop\":3},{\"color\":\"#d69d57\",\"stop\":5},{\"color\":\"#df7d6c\",\"stop\":7},{\"color\":\"#e63410\",\"stop\":7.599999904632568}],\"name\":\"custom\",\"colorStops\":[{\"color\":\"#45e245\",\"stop\":1},{\"color\":\"#d69d57\",\"stop\":3},{\"color\":\"#df7d6c\",\"stop\":5},{\"color\":\"#e63410\",\"stop\":7}],\"continuity\":\"none\",\"reverse\":false,\"rangeMin\":1,\"rangeMax\":10,\"rangeType\":\"number\"}}},{\"columnId\":\"eeb56262-f4a7-451c-9a81-dfb12bc296c6\",\"isTransposed\":false},{\"columnId\":\"cc9726cd-0333-4030-8ef7-8ca6a134cd74\",\"isTransposed\":false,\"alignment\":\"center\"}],\"layerId\":\"d268dc70-0f0d-443b-b702-d08241bc0733\",\"layerType\":\"data\",\"sorting\":{\"columnId\":\"eeb56262-f4a7-451c-9a81-dfb12bc296c6\",\"direction\":\"asc\"}},\"query\":{\"query\":\"vulnerability.result : \\\"pass\\\" \",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"d268dc70-0f0d-443b-b702-d08241bc0733\":{\"columns\":{\"ac337e99-130a-4af6-a771-32b72b41ea02\":{\"label\":\"Vulnerability ID\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"vulnerability.id\",\"isBucketed\":true,\"params\":{\"size\":200,\"orderBy\":{\"type\":\"column\",\"columnId\":\"9d6c754b-aacd-4f6a-8f86-1fb01e957616\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"5e9e7b30-a800-4757-b55c-e7bc60ed32be\":{\"label\":\"Title\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"vulnerability.title\",\"isBucketed\":true,\"params\":{\"size\":1,\"orderBy\":{\"type\":\"column\",\"columnId\":\"9d6c754b-aacd-4f6a-8f86-1fb01e957616\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false,\"secondaryFields\":[]},\"customLabel\":true},\"9d6c754b-aacd-4f6a-8f86-1fb01e957616\":{\"label\":\"NVD Score\",\"dataType\":\"number\",\"operationType\":\"max\",\"sourceField\":\"vulnerability.score.base\",\"isBucketed\":false,\"scale\":\"ratio\",\"filter\":{\"query\":\"vulnerability.result: *\",\"language\":\"kuery\"},\"params\":{\"emptyAsNull\":true},\"customLabel\":true},\"eeb56262-f4a7-451c-9a81-dfb12bc296c6\":{\"label\":\"Result\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"vulnerability.result\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"9d6c754b-aacd-4f6a-8f86-1fb01e957616\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"cc9726cd-0333-4030-8ef7-8ca6a134cd74\":{\"label\":\"IAVA\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"vulnerability.iava\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"9d6c754b-aacd-4f6a-8f86-1fb01e957616\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true}},\"columnOrder\":[\"ac337e99-130a-4af6-a771-32b72b41ea02\",\"5e9e7b30-a800-4757-b55c-e7bc60ed32be\",\"eeb56262-f4a7-451c-9a81-dfb12bc296c6\",\"cc9726cd-0333-4030-8ef7-8ca6a134cd74\",\"9d6c754b-aacd-4f6a-8f86-1fb01e957616\"],\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Passed CVEs\"}]", + "refreshInterval": { + "pause": true, + "value": 0 + }, + "timeFrom": "now-30d/d", + "timeRestore": true, + "timeTo": "now", + "title": "[TYCHON] Endpoint Browser - Vulnerabilities ", + "version": 1 + }, + "coreMigrationVersion": "8.6.2", + "created_at": "2023-08-23T20:51:50.468Z", + "id": "tychon-2de7a3c0-3e08-11ee-9610-15dee918f31a-cve", + "migrationVersion": { + "dashboard": "8.6.0" + }, + "references": [ + { + "id": "tychon-ee4b44b0-40e6-11ee-8111-21f5f34f6dfc", + "name": "e243d9ab-d083-4b45-88a2-9581bf3689ae:panel_e243d9ab-d083-4b45-88a2-9581bf3689ae", + "type": "visualization" + }, + { + "id": "78931842-dc88-45d7-a6ee-d79fb9f615bd", + "name": "18ef0327-ab0a-46d7-ac9c-bf8d01e28eba:indexpattern-datasource-layer-b5de6e20-9f56-4bec-b4b3-1acb9eb2e76b", + "type": "index-pattern" + }, + { + "id": "78931842-dc88-45d7-a6ee-d79fb9f615bd", + "name": "0f3331b8-da1a-452c-a1b0-39a5558a1379:indexpattern-datasource-layer-b5de6e20-9f56-4bec-b4b3-1acb9eb2e76b", + "type": "index-pattern" + }, + { + "id": "78931842-dc88-45d7-a6ee-d79fb9f615bd", + "name": "91a3fb55-660d-48ec-89f2-4e5b3122b49b:indexpattern-datasource-layer-b5de6e20-9f56-4bec-b4b3-1acb9eb2e76b", + "type": "index-pattern" + }, + { + "id": "78931842-dc88-45d7-a6ee-d79fb9f615bd", + "name": "ecee7b3f-f07e-4911-bb36-405e687f3ae0:indexpattern-datasource-layer-b5de6e20-9f56-4bec-b4b3-1acb9eb2e76b", + "type": "index-pattern" + }, + { + "id": "78931842-dc88-45d7-a6ee-d79fb9f615bd", + "name": "eadda9a3-732f-4ad7-81fb-7abc16fe4bd2:indexpattern-datasource-layer-cd8f844b-1401-4c37-9b58-7ee816064353", + "type": "index-pattern" + }, + { + "id": "78931842-dc88-45d7-a6ee-d79fb9f615bd", + "name": "721cfff2-211b-4e21-a5a7-874dcd0e6edc:indexpattern-datasource-layer-9f9cf1ce-1e59-4b0f-a264-04b877d4dfba", + "type": "index-pattern" + }, + { + "id": "78931842-dc88-45d7-a6ee-d79fb9f615bd", + "name": "30647fae-03f0-46a0-b6a6-96f4b9692227:indexpattern-datasource-layer-d268dc70-0f0d-443b-b702-d08241bc0733", + "type": "index-pattern" + }, + { + "id": "78931842-dc88-45d7-a6ee-d79fb9f615bd", + "name": "b146db26-e963-43f4-b2cd-60eb96128506:indexpattern-datasource-layer-52771762-574a-44e5-b312-212bca766745", + "type": "index-pattern" + }, + { + "id": "78931842-dc88-45d7-a6ee-d79fb9f615bd", + "name": "a004f187-6f6e-4875-b63e-2b50db064884:indexpattern-datasource-layer-d268dc70-0f0d-443b-b702-d08241bc0733", + "type": "index-pattern" + }, + { + "id": "bb5226cd-c099-46d2-bb71-0257232c7d82", + "name": "controlGroup_8c4d7403-b7c0-4274-9e12-cec69c62e01e:optionsListDataView", + "type": "index-pattern" + }, + { + "id": "tychon-a3922360-3de6-11ee-9610-15dee918f31a", + "name": "tag-ref-a3922360-3de6-11ee-9610-15dee918f31a", + "type": "tag" + }, + { + "id": "tychon-9c222660-1100-11ee-af86-538da1394f27", + "name": "tag-ref-9c222660-1100-11ee-af86-538da1394f27", + "type": "tag" + }, + { + "id": "tychon-10af3800-10f3-11ee-af86-538da1394f27", + "name": "tag-ref-10af3800-10f3-11ee-af86-538da1394f27", + "type": "tag" + }, + { + "id": "tychon-39b55820-10f2-11ee-af86-538da1394f27", + "name": "tag-ref-39b55820-10f2-11ee-af86-538da1394f27", + "type": "tag" + }, + { + "id": "tychon-e18d6100-3c85-11ee-9610-15dee918f31a", + "name": "tag-ref-e18d6100-3c85-11ee-9610-15dee918f31a", + "type": "tag" + } + ], + "type": "dashboard", + "updated_at": "2023-08-23T20:51:50.468Z", + "version": "WzgyMTUxMywyMl0=" +} \ No newline at end of file diff --git a/packages/tychon/kibana/dashboard/tychon-380b6c10-3dbd-11ee-9610-15dee918f31a-harddrive.json b/packages/tychon/kibana/dashboard/tychon-380b6c10-3dbd-11ee-9610-15dee918f31a-harddrive.json new file mode 100644 index 00000000000..92a033e8db0 --- /dev/null +++ b/packages/tychon/kibana/dashboard/tychon-380b6c10-3dbd-11ee-9610-15dee918f31a-harddrive.json @@ -0,0 +1,91 @@ +{ + "attributes": { + "controlGroupInput": { + "chainingSystem": "HIERARCHICAL", + "controlStyle": "oneLine", + "ignoreParentSettingsJSON": "{\"ignoreFilters\":false,\"ignoreQuery\":false,\"ignoreTimerange\":false,\"ignoreValidations\":false}", + "panelsJSON": "{\"fddd86d2-bc58-48d0-880d-f1d537f90bdc\":{\"order\":0,\"width\":\"large\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"host.hostname\",\"title\":\"Hostname\",\"singleSelect\":true,\"hideExclude\":true,\"hideExists\":true,\"id\":\"fddd86d2-bc58-48d0-880d-f1d537f90bdc\",\"enhancements\":{}}}}" + }, + "description": "The \"TYCHON Endpoint Browser\" dashboard provides host visualization data for a single endpoint at a time. The dashboard is a set of several individual views broken down by tabs near the top of the screen. The TYCHON Endpoint Browser – Drives and Disks view displays current Hard Drive and Partitions attached to endpoints at the time TYCHON performed its check.", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "optionsJSON": "{\"useMargins\":true,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}", + "panelsJSON": "[{\"version\":\"8.6.2\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":48,\"h\":3,\"i\":\"d8ad9dec-a73f-4cc6-b9d3-c175e2b6feea\"},\"panelIndex\":\"d8ad9dec-a73f-4cc6-b9d3-c175e2b6feea\",\"embeddableConfig\":{\"savedVis\":{\"id\":\"\",\"title\":\"\",\"description\":\"\",\"type\":\"markdown\",\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"[Host Info](/app/dashboards#/view/6165bf50-3dbf-11ee-9610-15dee918f31a) | [Drives and Disks](/app/dashboards#/view/380b6c10-3dbd-11ee-9610-15dee918f31a) | [Apps and Software](/app/dashboards#/view/2bd4ca50-3dfd-11ee-9610-15dee918f31a) | [Hardware](/app/dashboards#/view/993e07a0-3e02-11ee-9610-15dee918f31a) | [Vulnerabilities](/app/dashboards#/view/2de7a3c0-3e08-11ee-9610-15dee918f31a) | Benchmark Results | Patches | [Services and Ports](/app/dashboards#/view/0c036be0-3de5-11ee-9610-15dee918f31a) | Protections\"},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_d8ad9dec-a73f-4cc6-b9d3-c175e2b6feea\"},{\"version\":\"8.6.2\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":3,\"w\":6,\"h\":12,\"i\":\"fa484c10-d1a8-45e8-9385-be1a0df6ddba\"},\"panelIndex\":\"fa484c10-d1a8-45e8-9385-be1a0df6ddba\",\"embeddableConfig\":{\"savedVis\":{\"id\":\"\",\"title\":\"\",\"description\":\"\",\"type\":\"markdown\",\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"### Drives and Volumes\\nInvestigate the hard drives and volumes attached to this endpoint. TYCHON will evaluate this dataset every hour and report all attached drives (hard drives, cd roms, etc.) and all assigned volumes (c:\\\\, d:\\\\, boot, etc.). You will be able to investigate the hardware in-use, the size of the volume and other datapoints critical to the function of the compute on this device.\"},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"hidePanelTitles\":true,\"enhancements\":{}}},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":6,\"y\":3,\"w\":5,\"h\":6,\"i\":\"aba0b52b-5f8e-4c87-956d-eea8f7c385fb\"},\"panelIndex\":\"aba0b52b-5f8e-4c87-956d-eea8f7c385fb\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsLegacyMetric\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"2dc584bc-c446-4150-b561-1415a45ebe87\",\"name\":\"indexpattern-datasource-layer-7cbc7137-0f64-4584-a31c-272e19b5be9a\"}],\"state\":{\"visualization\":{\"layerId\":\"7cbc7137-0f64-4584-a31c-272e19b5be9a\",\"accessor\":\"06ea4772-193a-450f-a877-f50c5a4e283a\",\"layerType\":\"data\",\"titlePosition\":\"bottom\",\"size\":\"l\",\"textAlign\":\"center\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"7cbc7137-0f64-4584-a31c-272e19b5be9a\":{\"columns\":{\"06ea4772-193a-450f-a877-f50c5a4e283a\":{\"label\":\"Total Number of Drives\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true},\"customLabel\":true}},\"columnOrder\":[\"06ea4772-193a-450f-a877-f50c5a4e283a\"],\"sampling\":1,\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":true,\"enhancements\":{}}},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":11,\"y\":3,\"w\":37,\"h\":12,\"i\":\"f40d683e-92a6-422e-876c-4363f16dade0\"},\"panelIndex\":\"f40d683e-92a6-422e-876c-4363f16dade0\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"62456a9a-bd4c-4b57-b6b5-5556b6869ce5\",\"name\":\"indexpattern-datasource-layer-ab5ae478-53f7-419a-a1ec-7b08492df989\"}],\"state\":{\"visualization\":{\"columns\":[{\"isTransposed\":false,\"columnId\":\"bb301745-ba84-41cf-a000-5c7bdf0ae217\"},{\"isTransposed\":false,\"columnId\":\"dc614c64-8d46-46ac-b6a7-419bc064d294\",\"alignment\":\"center\",\"colorMode\":\"cell\",\"palette\":{\"name\":\"custom\",\"type\":\"palette\",\"params\":{\"steps\":5,\"stops\":[{\"color\":\"#cc5642\",\"stop\":10},{\"color\":\"#e7664c\",\"stop\":30},{\"color\":\"#d6bf57\",\"stop\":60},{\"color\":\"#54b399\",\"stop\":80},{\"color\":\"#209280\",\"stop\":100}],\"name\":\"custom\",\"colorStops\":[{\"color\":\"#cc5642\",\"stop\":0},{\"color\":\"#e7664c\",\"stop\":10},{\"color\":\"#d6bf57\",\"stop\":30},{\"color\":\"#54b399\",\"stop\":60},{\"color\":\"#209280\",\"stop\":80}],\"continuity\":\"above\",\"reverse\":false,\"rangeMin\":0,\"rangeMax\":null,\"rangeType\":\"percent\"}}},{\"columnId\":\"31942166-8460-454d-af8d-2f4c3ea1ac36\",\"isTransposed\":false},{\"columnId\":\"6e3c8cf1-6de2-4760-9e2b-24be0f13b383\",\"isTransposed\":false},{\"columnId\":\"c362c064-87fe-4a40-abae-a2fe669d0d9e\",\"isTransposed\":false},{\"columnId\":\"a22124c5-1d7c-4bf4-96b1-1acbfeae8a69\",\"isTransposed\":false,\"colorMode\":\"cell\",\"palette\":{\"name\":\"custom\",\"type\":\"palette\",\"params\":{\"steps\":5,\"stops\":[{\"color\":\"#6092C0\",\"stop\":1},{\"color\":\"#54b399\",\"stop\":90},{\"color\":\"#d9816f\",\"stop\":95},{\"color\":\"#cc5642\",\"stop\":100}],\"name\":\"custom\",\"colorStops\":[{\"color\":\"#6092C0\",\"stop\":0},{\"color\":\"#54b399\",\"stop\":1},{\"color\":\"#d9816f\",\"stop\":90},{\"color\":\"#cc5642\",\"stop\":95}],\"continuity\":\"above\",\"reverse\":false,\"rangeMin\":0,\"rangeMax\":null}}},{\"columnId\":\"e3caee5f-96aa-404c-ba25-e1dbd58f75ee\",\"isTransposed\":false,\"alignment\":\"center\"}],\"layerId\":\"ab5ae478-53f7-419a-a1ec-7b08492df989\",\"layerType\":\"data\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"ab5ae478-53f7-419a-a1ec-7b08492df989\":{\"columns\":{\"bb301745-ba84-41cf-a000-5c7bdf0ae217\":{\"label\":\"Drive Letter\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"volume.drive.letter\",\"isBucketed\":true,\"params\":{\"size\":15,\"orderBy\":{\"type\":\"column\",\"columnId\":\"dc614c64-8d46-46ac-b6a7-419bc064d294\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"dc614c64-8d46-46ac-b6a7-419bc064d294\":{\"label\":\"Freespace\",\"dataType\":\"number\",\"operationType\":\"last_value\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"volume.freespace\",\"filter\":{\"query\":\"volume.freespace: *\",\"language\":\"kuery\"},\"params\":{\"sortField\":\"@timestamp\",\"format\":{\"id\":\"bytes\",\"params\":{\"decimals\":2}}},\"customLabel\":true},\"31942166-8460-454d-af8d-2f4c3ea1ac36\":{\"label\":\"File System\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"volume.file_system\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"dc614c64-8d46-46ac-b6a7-419bc064d294\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false,\"secondaryFields\":[]},\"customLabel\":true},\"6e3c8cf1-6de2-4760-9e2b-24be0f13b383\":{\"label\":\"Total Size\",\"dataType\":\"number\",\"operationType\":\"last_value\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"volume.size\",\"filter\":{\"query\":\"volume.size: *\",\"language\":\"kuery\"},\"params\":{\"sortField\":\"@timestamp\",\"format\":{\"id\":\"bytes\",\"params\":{\"decimals\":2}}},\"customLabel\":true},\"c362c064-87fe-4a40-abae-a2fe669d0d9e\":{\"label\":\"Volume Name\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"volume.name\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"dc614c64-8d46-46ac-b6a7-419bc064d294\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"a22124c5-1d7c-4bf4-96b1-1acbfeae8a69\":{\"label\":\"Percent Full\",\"dataType\":\"number\",\"operationType\":\"median\",\"sourceField\":\"volume.percent_full\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"emptyAsNull\":true},\"customLabel\":true},\"e3caee5f-96aa-404c-ba25-e1dbd58f75ee\":{\"label\":\"System Volume\",\"dataType\":\"boolean\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"volume.system_volume\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"dc614c64-8d46-46ac-b6a7-419bc064d294\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false,\"secondaryFields\":[]},\"customLabel\":true}},\"columnOrder\":[\"bb301745-ba84-41cf-a000-5c7bdf0ae217\",\"c362c064-87fe-4a40-abae-a2fe669d0d9e\",\"31942166-8460-454d-af8d-2f4c3ea1ac36\",\"e3caee5f-96aa-404c-ba25-e1dbd58f75ee\",\"dc614c64-8d46-46ac-b6a7-419bc064d294\",\"6e3c8cf1-6de2-4760-9e2b-24be0f13b383\",\"a22124c5-1d7c-4bf4-96b1-1acbfeae8a69\"],\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Volumes\"},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":15,\"w\":48,\"h\":8,\"i\":\"20040d41-ab77-43a7-b5e2-a962b042275c\"},\"panelIndex\":\"20040d41-ab77-43a7-b5e2-a962b042275c\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"2dc584bc-c446-4150-b561-1415a45ebe87\",\"name\":\"indexpattern-datasource-layer-9836a928-d429-4c9f-be78-970504fd7573\"}],\"state\":{\"visualization\":{\"columns\":[{\"isTransposed\":false,\"columnId\":\"466ad901-c0e8-4f1c-a36f-b8c8370de454\"},{\"columnId\":\"a8ee904a-9d39-496b-a859-9bc09827b706\",\"isTransposed\":false},{\"columnId\":\"8a78a361-1cac-40b6-a0f4-f4f1253f0941\",\"isTransposed\":false,\"oneClickFilter\":false},{\"columnId\":\"ee278da4-5b1a-4e70-b4db-7ffc47a3c227\",\"isTransposed\":false},{\"columnId\":\"5b76281a-e942-4469-ae3a-5d756240a842\",\"isTransposed\":false},{\"columnId\":\"a3c42a2e-e6c9-44ce-88ed-0664fb15a79f\",\"isTransposed\":false,\"colorMode\":\"cell\",\"palette\":{\"type\":\"palette\",\"name\":\"positive\",\"params\":{\"stops\":[{\"color\":\"#d6e9e4\",\"stop\":20},{\"color\":\"#aed3ca\",\"stop\":40},{\"color\":\"#85bdb1\",\"stop\":60},{\"color\":\"#5aa898\",\"stop\":80},{\"color\":\"#209280\",\"stop\":100}]}},\"alignment\":\"center\"},{\"columnId\":\"ef7ef096-329c-45a0-91b3-85e31ddbfcb7\",\"isTransposed\":false},{\"columnId\":\"da851de3-b924-48b8-afaa-588e632a6cdb\",\"isTransposed\":false},{\"columnId\":\"7f594f0b-a1ca-4244-bfbc-84b803eff59f\",\"isTransposed\":false}],\"layerId\":\"9836a928-d429-4c9f-be78-970504fd7573\",\"layerType\":\"data\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"9836a928-d429-4c9f-be78-970504fd7573\":{\"columns\":{\"466ad901-c0e8-4f1c-a36f-b8c8370de454\":{\"label\":\"Name\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"disk.name\",\"isBucketed\":true,\"params\":{\"size\":10,\"orderBy\":{\"type\":\"column\",\"columnId\":\"a3c42a2e-e6c9-44ce-88ed-0664fb15a79f\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"a8ee904a-9d39-496b-a859-9bc09827b706\":{\"label\":\"Boot Device\",\"dataType\":\"boolean\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"disk.is_boot\",\"isBucketed\":true,\"params\":{\"size\":1,\"orderBy\":{\"type\":\"column\",\"columnId\":\"a3c42a2e-e6c9-44ce-88ed-0664fb15a79f\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"8a78a361-1cac-40b6-a0f4-f4f1253f0941\":{\"label\":\"Health\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"disk.health_status\",\"isBucketed\":true,\"params\":{\"size\":1,\"orderBy\":{\"type\":\"column\",\"columnId\":\"a3c42a2e-e6c9-44ce-88ed-0664fb15a79f\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"ee278da4-5b1a-4e70-b4db-7ffc47a3c227\":{\"label\":\"Model\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"disk.model\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"a3c42a2e-e6c9-44ce-88ed-0664fb15a79f\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"5b76281a-e942-4469-ae3a-5d756240a842\":{\"label\":\"Manufacturer\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"disk.manufacturer\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"a3c42a2e-e6c9-44ce-88ed-0664fb15a79f\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"a3c42a2e-e6c9-44ce-88ed-0664fb15a79f\":{\"label\":\"Sum of disk.size\",\"dataType\":\"number\",\"operationType\":\"sum\",\"sourceField\":\"disk.size\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"emptyAsNull\":true,\"format\":{\"id\":\"bytes\",\"params\":{\"decimals\":2}}}},\"ef7ef096-329c-45a0-91b3-85e31ddbfcb7\":{\"label\":\"Offline\",\"dataType\":\"boolean\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"disk.offline\",\"isBucketed\":true,\"params\":{\"size\":1,\"orderBy\":{\"type\":\"column\",\"columnId\":\"a3c42a2e-e6c9-44ce-88ed-0664fb15a79f\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"da851de3-b924-48b8-afaa-588e632a6cdb\":{\"label\":\"Serial Number\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"disk.serial_number\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"a3c42a2e-e6c9-44ce-88ed-0664fb15a79f\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"7f594f0b-a1ca-4244-bfbc-84b803eff59f\":{\"label\":\"Firmware Version\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"disk.firmware.version\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"a3c42a2e-e6c9-44ce-88ed-0664fb15a79f\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false,\"secondaryFields\":[]},\"customLabel\":true}},\"columnOrder\":[\"466ad901-c0e8-4f1c-a36f-b8c8370de454\",\"ee278da4-5b1a-4e70-b4db-7ffc47a3c227\",\"5b76281a-e942-4469-ae3a-5d756240a842\",\"a8ee904a-9d39-496b-a859-9bc09827b706\",\"8a78a361-1cac-40b6-a0f4-f4f1253f0941\",\"ef7ef096-329c-45a0-91b3-85e31ddbfcb7\",\"da851de3-b924-48b8-afaa-588e632a6cdb\",\"7f594f0b-a1ca-4244-bfbc-84b803eff59f\",\"a3c42a2e-e6c9-44ce-88ed-0664fb15a79f\"],\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Disk Info\"},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":23,\"w\":48,\"h\":7,\"i\":\"4944f397-3eac-4bf8-a31e-8f6477febb89\"},\"panelIndex\":\"4944f397-3eac-4bf8-a31e-8f6477febb89\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"2dc584bc-c446-4150-b561-1415a45ebe87\",\"name\":\"indexpattern-datasource-layer-cb34ca0a-d538-48ee-ba32-3a258367dcc6\"}],\"state\":{\"visualization\":{\"columns\":[{\"isTransposed\":false,\"columnId\":\"8ad0cfb3-0f6d-4812-83a5-9839604bd3bf\",\"alignment\":\"center\"},{\"isTransposed\":false,\"columnId\":\"927d6f73-38bc-4ab6-b19d-53a7ca3969bf\"},{\"columnId\":\"a0c8e3f2-e88a-4fc8-acc1-3a73985a5e81\",\"isTransposed\":false,\"alignment\":\"center\"},{\"columnId\":\"1149bbca-2c04-4d09-822d-dc0a4a0d419e\",\"isTransposed\":false},{\"columnId\":\"4f2d2bac-b756-40d3-80ac-8ff4be4cd605\",\"isTransposed\":false,\"alignment\":\"center\"},{\"columnId\":\"b9ce9f0e-8634-42b2-8717-f64db6f1d7ae\",\"isTransposed\":false,\"alignment\":\"center\"},{\"columnId\":\"faab2332-ae0e-4731-8443-d8beb158987e\",\"isTransposed\":false,\"alignment\":\"center\"}],\"layerId\":\"cb34ca0a-d538-48ee-ba32-3a258367dcc6\",\"layerType\":\"data\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"cb34ca0a-d538-48ee-ba32-3a258367dcc6\":{\"columns\":{\"8ad0cfb3-0f6d-4812-83a5-9839604bd3bf\":{\"label\":\"Adapter Location\",\"dataType\":\"number\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"disk.location.adapter\",\"isBucketed\":true,\"params\":{\"size\":10,\"orderBy\":{\"type\":\"column\",\"columnId\":\"927d6f73-38bc-4ab6-b19d-53a7ca3969bf\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false,\"secondaryFields\":[]},\"customLabel\":true},\"927d6f73-38bc-4ab6-b19d-53a7ca3969bf\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true}},\"a0c8e3f2-e88a-4fc8-acc1-3a73985a5e81\":{\"label\":\"Bus Location\",\"dataType\":\"number\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"disk.location.bus\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"927d6f73-38bc-4ab6-b19d-53a7ca3969bf\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"1149bbca-2c04-4d09-822d-dc0a4a0d419e\":{\"label\":\"Disk Name\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"disk.name\",\"isBucketed\":true,\"params\":{\"size\":10,\"orderBy\":{\"type\":\"column\",\"columnId\":\"927d6f73-38bc-4ab6-b19d-53a7ca3969bf\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"4f2d2bac-b756-40d3-80ac-8ff4be4cd605\":{\"label\":\"PCI Slot\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"disk.location.pci_slot\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"927d6f73-38bc-4ab6-b19d-53a7ca3969bf\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"b9ce9f0e-8634-42b2-8717-f64db6f1d7ae\":{\"label\":\"Function\",\"dataType\":\"number\",\"operationType\":\"range\",\"sourceField\":\"disk.location.function\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"includeEmptyRows\":true,\"type\":\"histogram\",\"ranges\":[{\"from\":0,\"to\":1000,\"label\":\"\"}],\"maxBars\":\"auto\"},\"customLabel\":true},\"faab2332-ae0e-4731-8443-d8beb158987e\":{\"label\":\"Device Location\",\"dataType\":\"number\",\"operationType\":\"range\",\"sourceField\":\"disk.location.device\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"includeEmptyRows\":true,\"type\":\"histogram\",\"ranges\":[{\"from\":0,\"to\":1000,\"label\":\"\"}],\"maxBars\":\"auto\"},\"customLabel\":true}},\"columnOrder\":[\"1149bbca-2c04-4d09-822d-dc0a4a0d419e\",\"4f2d2bac-b756-40d3-80ac-8ff4be4cd605\",\"8ad0cfb3-0f6d-4812-83a5-9839604bd3bf\",\"a0c8e3f2-e88a-4fc8-acc1-3a73985a5e81\",\"b9ce9f0e-8634-42b2-8717-f64db6f1d7ae\",\"faab2332-ae0e-4731-8443-d8beb158987e\",\"927d6f73-38bc-4ab6-b19d-53a7ca3969bf\"],\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Disk Locations\"},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":6,\"y\":9,\"w\":5,\"h\":6,\"i\":\"13d03391-5f61-4049-833c-e90f550134ee\"},\"panelIndex\":\"13d03391-5f61-4049-833c-e90f550134ee\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsLegacyMetric\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"62456a9a-bd4c-4b57-b6b5-5556b6869ce5\",\"name\":\"indexpattern-datasource-layer-7cbc7137-0f64-4584-a31c-272e19b5be9a\"}],\"state\":{\"visualization\":{\"layerId\":\"7cbc7137-0f64-4584-a31c-272e19b5be9a\",\"accessor\":\"06ea4772-193a-450f-a877-f50c5a4e283a\",\"layerType\":\"data\",\"titlePosition\":\"bottom\",\"size\":\"l\",\"textAlign\":\"center\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"7cbc7137-0f64-4584-a31c-272e19b5be9a\":{\"columns\":{\"06ea4772-193a-450f-a877-f50c5a4e283a\":{\"label\":\"Total Number of Volumes\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true},\"customLabel\":true}},\"columnOrder\":[\"06ea4772-193a-450f-a877-f50c5a4e283a\"],\"sampling\":1,\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":true,\"enhancements\":{}},\"title\":\"\"}]", + "refreshInterval": { + "pause": true, + "value": 0 + }, + "timeFrom": "now-24h", + "timeRestore": true, + "timeTo": "now", + "title": "[TYCHON] Endpoint Browser - Drives and Disks", + "version": 1 + }, + "coreMigrationVersion": "8.6.2", + "created_at": "2023-08-23T20:45:01.909Z", + "id": "tychon-380b6c10-3dbd-11ee-9610-15dee918f31a-harddrive", + "migrationVersion": { + "dashboard": "8.6.0" + }, + "references": [ + { + "id": "tychon-ee4b44b0-40e6-11ee-8111-21f5f34f6dfc", + "name": "d8ad9dec-a73f-4cc6-b9d3-c175e2b6feea:panel_d8ad9dec-a73f-4cc6-b9d3-c175e2b6feea", + "type": "visualization" + }, + { + "id": "2dc584bc-c446-4150-b561-1415a45ebe87", + "name": "aba0b52b-5f8e-4c87-956d-eea8f7c385fb:indexpattern-datasource-layer-7cbc7137-0f64-4584-a31c-272e19b5be9a", + "type": "index-pattern" + }, + { + "id": "62456a9a-bd4c-4b57-b6b5-5556b6869ce5", + "name": "f40d683e-92a6-422e-876c-4363f16dade0:indexpattern-datasource-layer-ab5ae478-53f7-419a-a1ec-7b08492df989", + "type": "index-pattern" + }, + { + "id": "2dc584bc-c446-4150-b561-1415a45ebe87", + "name": "20040d41-ab77-43a7-b5e2-a962b042275c:indexpattern-datasource-layer-9836a928-d429-4c9f-be78-970504fd7573", + "type": "index-pattern" + }, + { + "id": "2dc584bc-c446-4150-b561-1415a45ebe87", + "name": "4944f397-3eac-4bf8-a31e-8f6477febb89:indexpattern-datasource-layer-cb34ca0a-d538-48ee-ba32-3a258367dcc6", + "type": "index-pattern" + }, + { + "id": "62456a9a-bd4c-4b57-b6b5-5556b6869ce5", + "name": "13d03391-5f61-4049-833c-e90f550134ee:indexpattern-datasource-layer-7cbc7137-0f64-4584-a31c-272e19b5be9a", + "type": "index-pattern" + }, + { + "id": "bb5226cd-c099-46d2-bb71-0257232c7d82", + "name": "controlGroup_fddd86d2-bc58-48d0-880d-f1d537f90bdc:optionsListDataView", + "type": "index-pattern" + }, + { + "id": "7f851220-3d41-11ee-9610-15dee918f31a", + "name": "tag-ref-7f851220-3d41-11ee-9610-15dee918f31a", + "type": "tag" + }, + { + "id": "e18d6100-3c85-11ee-9610-15dee918f31a", + "name": "tag-ref-e18d6100-3c85-11ee-9610-15dee918f31a", + "type": "tag" + }, + { + "id": "10af3800-10f3-11ee-af86-538da1394f27", + "name": "tag-ref-10af3800-10f3-11ee-af86-538da1394f27", + "type": "tag" + }, + { + "id": "a3922360-3de6-11ee-9610-15dee918f31a", + "name": "tag-ref-a3922360-3de6-11ee-9610-15dee918f31a", + "type": "tag" + } + ], + "type": "dashboard", + "updated_at": "2023-08-23T20:45:01.909Z", + "version": "WzgyMDc1MywyMl0=" +} \ No newline at end of file diff --git a/packages/tychon/kibana/dashboard/tychon-3cb855d0-3c5e-11ee-8557-a7ea91123f8b-networkadapter.json b/packages/tychon/kibana/dashboard/tychon-3cb855d0-3c5e-11ee-8557-a7ea91123f8b-networkadapter.json new file mode 100644 index 00000000000..ea6671fe98c --- /dev/null +++ b/packages/tychon/kibana/dashboard/tychon-3cb855d0-3c5e-11ee-8557-a7ea91123f8b-networkadapter.json @@ -0,0 +1,104 @@ +{ + "attributes": { + "description": "TYCHON collects all network adapters attached to computers. It tracks WIFI modules, DHCP lease information as well as Hardware data like drivers and MAC addresses.", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "optionsJSON": "{\"useMargins\":true,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}", + "panelsJSON": "[{\"version\":\"8.6.2\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":5,\"h\":12,\"i\":\"d49517b7-b398-4f73-8ece-762088585b93\"},\"panelIndex\":\"d49517b7-b398-4f73-8ece-762088585b93\",\"embeddableConfig\":{\"savedVis\":{\"id\":\"\",\"title\":\"\",\"description\":\"\",\"type\":\"markdown\",\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"### Network Adapters\\n\\nTYCHON collects network adapters, including their settings and the hardware associated with them, on an hourly basis. This is a running configuration of the endpoint; updates are sent for previously identified adapters and new records are sent if they are found.\"},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"hidePanelTitles\":true,\"enhancements\":{}}},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":5,\"y\":0,\"w\":8,\"h\":12,\"i\":\"7f62756c-e202-4cfe-941c-efadbe5e5d44\"},\"panelIndex\":\"7f62756c-e202-4cfe-941c-efadbe5e5d44\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsPie\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"e886429e-9532-4f44-bb36-6465fe760866\",\"name\":\"indexpattern-datasource-layer-d0ae3dee-4383-481f-aef0-daf860c05856\"}],\"state\":{\"visualization\":{\"shape\":\"donut\",\"layers\":[{\"layerId\":\"d0ae3dee-4383-481f-aef0-daf860c05856\",\"primaryGroups\":[\"5d80b5b5-18f3-4e68-89ea-9e8f4f3a5513\"],\"metrics\":[\"bd0319f0-b85b-481d-abde-21648d07caa7\"],\"numberDisplay\":\"percent\",\"categoryDisplay\":\"default\",\"legendDisplay\":\"hide\",\"nestedLegend\":false,\"layerType\":\"data\",\"percentDecimals\":1,\"emptySizeRatio\":0.7,\"collapseFns\":{\"5d80b5b5-18f3-4e68-89ea-9e8f4f3a5513\":\"\"}}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"d0ae3dee-4383-481f-aef0-daf860c05856\":{\"columns\":{\"5d80b5b5-18f3-4e68-89ea-9e8f4f3a5513\":{\"label\":\"Top 5 values of host.adapter.ip_filter.enabled\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.adapter.ip_filter.enabled\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"bd0319f0-b85b-481d-abde-21648d07caa7\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false}},\"bd0319f0-b85b-481d-abde-21648d07caa7\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true}}},\"columnOrder\":[\"5d80b5b5-18f3-4e68-89ea-9e8f4f3a5513\",\"bd0319f0-b85b-481d-abde-21648d07caa7\"],\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"IP Filtering Enabled\"},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":13,\"y\":0,\"w\":9,\"h\":12,\"i\":\"e32e4e7e-d84d-4f31-9a0d-a57ab471c406\"},\"panelIndex\":\"e32e4e7e-d84d-4f31-9a0d-a57ab471c406\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsPie\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"e886429e-9532-4f44-bb36-6465fe760866\",\"name\":\"indexpattern-datasource-layer-8c16b6e7-b3ab-468a-be34-9eaa64761bc4\"}],\"state\":{\"visualization\":{\"shape\":\"donut\",\"layers\":[{\"layerId\":\"8c16b6e7-b3ab-468a-be34-9eaa64761bc4\",\"primaryGroups\":[\"da1553ec-49af-40ed-ae81-3f0f934cb82c\"],\"metrics\":[\"e9a53c29-8278-4d38-86d9-c3d714781f13\"],\"numberDisplay\":\"percent\",\"categoryDisplay\":\"default\",\"legendDisplay\":\"default\",\"nestedLegend\":false,\"layerType\":\"data\",\"emptySizeRatio\":0.7}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"8c16b6e7-b3ab-468a-be34-9eaa64761bc4\":{\"columns\":{\"da1553ec-49af-40ed-ae81-3f0f934cb82c\":{\"label\":\"Top 5 values of host.adapter.dhcp.enabled\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.adapter.dhcp.enabled\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"e9a53c29-8278-4d38-86d9-c3d714781f13\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false}},\"e9a53c29-8278-4d38-86d9-c3d714781f13\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true}}},\"columnOrder\":[\"da1553ec-49af-40ed-ae81-3f0f934cb82c\",\"e9a53c29-8278-4d38-86d9-c3d714781f13\"],\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"DHCP Enabled\"},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":22,\"y\":0,\"w\":9,\"h\":12,\"i\":\"9936786e-a55c-4b9a-aa4b-b8d980f57126\"},\"panelIndex\":\"9936786e-a55c-4b9a-aa4b-b8d980f57126\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsPie\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"e886429e-9532-4f44-bb36-6465fe760866\",\"name\":\"indexpattern-datasource-layer-89d857bd-b2bf-4a46-a223-daa5fbc8d974\"}],\"state\":{\"visualization\":{\"shape\":\"donut\",\"layers\":[{\"layerId\":\"89d857bd-b2bf-4a46-a223-daa5fbc8d974\",\"primaryGroups\":[\"ab2f98ea-92e9-4b85-8ac9-83aa0cadfcef\"],\"metrics\":[\"85eb49da-cefb-4e08-b5e1-8a420138b003\"],\"numberDisplay\":\"percent\",\"categoryDisplay\":\"default\",\"legendDisplay\":\"default\",\"nestedLegend\":false,\"layerType\":\"data\",\"emptySizeRatio\":0.7}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"89d857bd-b2bf-4a46-a223-daa5fbc8d974\":{\"columns\":{\"ab2f98ea-92e9-4b85-8ac9-83aa0cadfcef\":{\"label\":\"Top 5 values of host.adapter.wifi.enabled\",\"dataType\":\"boolean\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.adapter.wifi.enabled\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"85eb49da-cefb-4e08-b5e1-8a420138b003\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false,\"secondaryFields\":[]},\"customLabel\":false},\"85eb49da-cefb-4e08-b5e1-8a420138b003\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true}}},\"columnOrder\":[\"ab2f98ea-92e9-4b85-8ac9-83aa0cadfcef\",\"85eb49da-cefb-4e08-b5e1-8a420138b003\"],\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Wifi Enabled\"},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":31,\"y\":0,\"w\":9,\"h\":12,\"i\":\"df122ed7-85d7-41b1-a9a9-047e43b8f3a1\"},\"panelIndex\":\"df122ed7-85d7-41b1-a9a9-047e43b8f3a1\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"e886429e-9532-4f44-bb36-6465fe760866\",\"name\":\"indexpattern-datasource-layer-478c5274-7721-46c2-b0f5-d42bd3449cce\"}],\"state\":{\"visualization\":{\"layerId\":\"478c5274-7721-46c2-b0f5-d42bd3449cce\",\"layerType\":\"data\",\"columns\":[{\"columnId\":\"2601cadf-de30-40c7-84fb-c3f338ccc376\"},{\"columnId\":\"cb480377-d348-4319-9392-8cd5de727be0\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"478c5274-7721-46c2-b0f5-d42bd3449cce\":{\"columns\":{\"2601cadf-de30-40c7-84fb-c3f338ccc376\":{\"label\":\"WIFI Authentication\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.adapter.wifi.authentication\",\"isBucketed\":true,\"params\":{\"size\":20,\"orderBy\":{\"type\":\"column\",\"columnId\":\"cb480377-d348-4319-9392-8cd5de727be0\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"cb480377-d348-4319-9392-8cd5de727be0\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true}}},\"columnOrder\":[\"2601cadf-de30-40c7-84fb-c3f338ccc376\",\"cb480377-d348-4319-9392-8cd5de727be0\"],\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Top WIFI Authentication\"},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":40,\"y\":0,\"w\":8,\"h\":12,\"i\":\"d648a9c0-0648-419b-b79b-71e1ee8a9a72\"},\"panelIndex\":\"d648a9c0-0648-419b-b79b-71e1ee8a9a72\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"e886429e-9532-4f44-bb36-6465fe760866\",\"name\":\"indexpattern-datasource-layer-a9f337a1-9ff1-4aae-ad4f-594b27fae2b3\"}],\"state\":{\"visualization\":{\"layerId\":\"a9f337a1-9ff1-4aae-ad4f-594b27fae2b3\",\"layerType\":\"data\",\"columns\":[{\"columnId\":\"59edd0fe-bf89-4d01-bbd4-02affe8ec26b\"},{\"columnId\":\"066b12e0-e98d-463e-9786-758d37cdd4cb\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"a9f337a1-9ff1-4aae-ad4f-594b27fae2b3\":{\"columns\":{\"59edd0fe-bf89-4d01-bbd4-02affe8ec26b\":{\"label\":\"WIFI Cipher\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.adapter.wifi.cipher\",\"isBucketed\":true,\"params\":{\"size\":20,\"orderBy\":{\"type\":\"column\",\"columnId\":\"066b12e0-e98d-463e-9786-758d37cdd4cb\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"066b12e0-e98d-463e-9786-758d37cdd4cb\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true}}},\"columnOrder\":[\"59edd0fe-bf89-4d01-bbd4-02affe8ec26b\",\"066b12e0-e98d-463e-9786-758d37cdd4cb\"],\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Top WIFI Ciphers\"},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":12,\"w\":31,\"h\":12,\"i\":\"543e1534-9b02-483a-a90d-64133a9f3949\"},\"panelIndex\":\"543e1534-9b02-483a-a90d-64133a9f3949\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"df491fbb-3f09-4ab0-995a-c2c549a9bc21\",\"name\":\"indexpattern-datasource-layer-aeef0279-8407-4694-9a27-0c3160e7ac86\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"preferredSeriesType\":\"line\",\"layers\":[{\"layerId\":\"aeef0279-8407-4694-9a27-0c3160e7ac86\",\"accessors\":[\"bfa9be94-5153-418c-89aa-3629fc8e8977\"],\"position\":\"top\",\"seriesType\":\"line\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"f5441746-7ad5-47c1-a7f1-5bb1c1ebbc5b\",\"yConfig\":[{\"forAccessor\":\"bfa9be94-5153-418c-89aa-3629fc8e8977\",\"color\":\"#6092c0\"}]}]},\"query\":{\"query\":\"event.code:8502 \",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"aeef0279-8407-4694-9a27-0c3160e7ac86\":{\"columns\":{\"f5441746-7ad5-47c1-a7f1-5bb1c1ebbc5b\":{\"label\":\"events\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"event.ingested\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"d\",\"includeEmptyRows\":true,\"dropPartials\":false},\"customLabel\":true},\"bfa9be94-5153-418c-89aa-3629fc8e8977\":{\"label\":\"Reporting Hosts\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"host.id\",\"params\":{\"emptyAsNull\":true},\"customLabel\":true}},\"columnOrder\":[\"f5441746-7ad5-47c1-a7f1-5bb1c1ebbc5b\",\"bfa9be94-5153-418c-89aa-3629fc8e8977\"],\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{}}},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":31,\"y\":12,\"w\":17,\"h\":12,\"i\":\"1f76e42c-0430-4e02-97bb-62ebd19fd592\"},\"panelIndex\":\"1f76e42c-0430-4e02-97bb-62ebd19fd592\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"e886429e-9532-4f44-bb36-6465fe760866\",\"name\":\"indexpattern-datasource-layer-3c9abebd-e23f-413d-abb5-f2bcca35a2f4\"}],\"state\":{\"visualization\":{\"columns\":[{\"columnId\":\"97ec5e03-9fbc-4f67-8023-d03a325cd9c1\",\"isTransposed\":false},{\"columnId\":\"afb2746e-d5b5-4e13-b935-4d5c2d553258\",\"isTransposed\":false}],\"layerId\":\"3c9abebd-e23f-413d-abb5-f2bcca35a2f4\",\"layerType\":\"data\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"3c9abebd-e23f-413d-abb5-f2bcca35a2f4\":{\"columns\":{\"97ec5e03-9fbc-4f67-8023-d03a325cd9c1\":{\"label\":\"SSID\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.adapter.wifi.ssid\",\"isBucketed\":true,\"params\":{\"size\":100,\"orderBy\":{\"type\":\"column\",\"columnId\":\"afb2746e-d5b5-4e13-b935-4d5c2d553258\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"afb2746e-d5b5-4e13-b935-4d5c2d553258\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true}}},\"columnOrder\":[\"97ec5e03-9fbc-4f67-8023-d03a325cd9c1\",\"afb2746e-d5b5-4e13-b935-4d5c2d553258\"],\"sampling\":1,\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Wireless SSIDs\"},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":24,\"w\":31,\"h\":15,\"i\":\"c6dfaa90-2cfe-4e80-9df0-668ed93cc376\"},\"panelIndex\":\"c6dfaa90-2cfe-4e80-9df0-668ed93cc376\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"e886429e-9532-4f44-bb36-6465fe760866\",\"name\":\"indexpattern-datasource-layer-32ff30b7-29b3-4d44-ad6b-75b5ac82b7d1\"}],\"state\":{\"visualization\":{\"columns\":[{\"isTransposed\":false,\"columnId\":\"844bced9-2788-47f0-a95c-866804591aab\"},{\"isTransposed\":false,\"columnId\":\"7824c0bb-7bc5-4b20-a164-2c9ba76b0b20\"},{\"isTransposed\":false,\"columnId\":\"3c7a969e-bdf4-466b-8992-d15d21ed19a4\"},{\"isTransposed\":false,\"columnId\":\"97cd8085-627d-4dc1-b014-3b9a9281a580\"},{\"isTransposed\":false,\"columnId\":\"64ab5703-ecdb-4c44-9ea2-4a79689c8a33\"},{\"isTransposed\":false,\"columnId\":\"887116a6-6ac3-4495-a2b0-dffe493e7963\",\"hidden\":true},{\"columnId\":\"fd305582-42c8-4034-af5b-9bad7687ca56\",\"isTransposed\":false,\"oneClickFilter\":true}],\"layerId\":\"32ff30b7-29b3-4d44-ad6b-75b5ac82b7d1\",\"layerType\":\"data\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"32ff30b7-29b3-4d44-ad6b-75b5ac82b7d1\":{\"columns\":{\"844bced9-2788-47f0-a95c-866804591aab\":{\"label\":\"Host IP\",\"dataType\":\"ip\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.ip\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"887116a6-6ac3-4495-a2b0-dffe493e7963\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"7824c0bb-7bc5-4b20-a164-2c9ba76b0b20\":{\"label\":\"MAC\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.mac\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"887116a6-6ac3-4495-a2b0-dffe493e7963\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"3c7a969e-bdf4-466b-8992-d15d21ed19a4\":{\"label\":\"Adapter IP\",\"dataType\":\"ip\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.adapter.ip\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"887116a6-6ac3-4495-a2b0-dffe493e7963\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"97cd8085-627d-4dc1-b014-3b9a9281a580\":{\"label\":\"Adapter MAC\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.adapter.mac\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"887116a6-6ac3-4495-a2b0-dffe493e7963\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"64ab5703-ecdb-4c44-9ea2-4a79689c8a33\":{\"label\":\"Domain\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.domain\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"887116a6-6ac3-4495-a2b0-dffe493e7963\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"887116a6-6ac3-4495-a2b0-dffe493e7963\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true}},\"fd305582-42c8-4034-af5b-9bad7687ca56\":{\"label\":\"Hostname\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.hostname\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"887116a6-6ac3-4495-a2b0-dffe493e7963\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true}},\"columnOrder\":[\"844bced9-2788-47f0-a95c-866804591aab\",\"7824c0bb-7bc5-4b20-a164-2c9ba76b0b20\",\"3c7a969e-bdf4-466b-8992-d15d21ed19a4\",\"97cd8085-627d-4dc1-b014-3b9a9281a580\",\"64ab5703-ecdb-4c44-9ea2-4a79689c8a33\",\"fd305582-42c8-4034-af5b-9bad7687ca56\",\"887116a6-6ac3-4495-a2b0-dffe493e7963\"],\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{\"dynamicActions\":{\"events\":[{\"eventId\":\"f98ddf9f-1272-4629-a78f-34be39b396c9\",\"triggers\":[\"FILTER_TRIGGER\"],\"action\":{\"factoryId\":\"DASHBOARD_TO_DASHBOARD_DRILLDOWN\",\"name\":\"Go to Dashboard\",\"config\":{\"useCurrentFilters\":false,\"useCurrentDateRange\":true,\"openInNewTab\":false}}}]}},\"hidePanelTitles\":false},\"title\":\"Adapter Information\"},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":31,\"y\":24,\"w\":17,\"h\":29,\"i\":\"b6ab1ca4-6059-46f3-aeb5-179d697bd31e\"},\"panelIndex\":\"b6ab1ca4-6059-46f3-aeb5-179d697bd31e\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"e886429e-9532-4f44-bb36-6465fe760866\",\"name\":\"indexpattern-datasource-layer-b2b81cdf-b376-4b7b-8c8a-2dcba80a5592\"}],\"state\":{\"visualization\":{\"columns\":[{\"isTransposed\":false,\"columnId\":\"db31a9cd-02fb-4e53-8189-6b4cf20e622b\",\"oneClickFilter\":true},{\"isTransposed\":false,\"columnId\":\"60a1e7e5-b330-4283-801d-5257bd50d8ff\"},{\"isTransposed\":false,\"columnId\":\"cc510be1-9910-472e-9293-4d969fed4df5\"},{\"isTransposed\":false,\"columnId\":\"298203d5-0914-4aaa-97a8-bd1a1c99f441\",\"width\":164.4,\"hidden\":true},{\"columnId\":\"09a3d3c8-e208-4954-aa8f-cc0e9adbb427\",\"isTransposed\":false,\"alignment\":\"center\"},{\"columnId\":\"84773659-f553-44c6-a891-2a319c961733\",\"isTransposed\":false,\"alignment\":\"center\"}],\"layerId\":\"b2b81cdf-b376-4b7b-8c8a-2dcba80a5592\",\"layerType\":\"data\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"b2b81cdf-b376-4b7b-8c8a-2dcba80a5592\":{\"columns\":{\"db31a9cd-02fb-4e53-8189-6b4cf20e622b\":{\"label\":\"Hostname\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.hostname\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"298203d5-0914-4aaa-97a8-bd1a1c99f441\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"60a1e7e5-b330-4283-801d-5257bd50d8ff\":{\"label\":\"DHCP Server\",\"dataType\":\"ip\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.adapter.dhcp.server\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"298203d5-0914-4aaa-97a8-bd1a1c99f441\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"cc510be1-9910-472e-9293-4d969fed4df5\":{\"label\":\"DHCP Enabled\",\"dataType\":\"boolean\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.adapter.dhcp.enabled\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"298203d5-0914-4aaa-97a8-bd1a1c99f441\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"298203d5-0914-4aaa-97a8-bd1a1c99f441\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true}},\"09a3d3c8-e208-4954-aa8f-cc0e9adbb427\":{\"label\":\"Lease Expires\",\"dataType\":\"date\",\"operationType\":\"last_value\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"host.adapter.dhcp.lease_expires\",\"filter\":{\"query\":\"host.adapter.dhcp.lease_expires: *\",\"language\":\"kuery\"},\"params\":{\"sortField\":\"@timestamp\"},\"customLabel\":true},\"84773659-f553-44c6-a891-2a319c961733\":{\"label\":\"Lease Obtained\",\"dataType\":\"date\",\"operationType\":\"last_value\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"host.adapter.dhcp.lease_obtained\",\"filter\":{\"query\":\"host.adapter.dhcp.lease_obtained: *\",\"language\":\"kuery\"},\"params\":{\"sortField\":\"@timestamp\"},\"customLabel\":true}},\"columnOrder\":[\"db31a9cd-02fb-4e53-8189-6b4cf20e622b\",\"60a1e7e5-b330-4283-801d-5257bd50d8ff\",\"cc510be1-9910-472e-9293-4d969fed4df5\",\"298203d5-0914-4aaa-97a8-bd1a1c99f441\",\"09a3d3c8-e208-4954-aa8f-cc0e9adbb427\",\"84773659-f553-44c6-a891-2a319c961733\"],\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{\"dynamicActions\":{\"events\":[{\"eventId\":\"06b99334-2f3a-4fea-88a9-f8ff484a0273\",\"triggers\":[\"FILTER_TRIGGER\"],\"action\":{\"factoryId\":\"DASHBOARD_TO_DASHBOARD_DRILLDOWN\",\"name\":\"Go to Dashboard\",\"config\":{\"useCurrentFilters\":false,\"useCurrentDateRange\":true,\"openInNewTab\":false}}}]}},\"hidePanelTitles\":false},\"title\":\"DHCP Leases\"},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":39,\"w\":31,\"h\":14,\"i\":\"e44243ce-1dd7-4d08-bdfd-ada361b702ba\"},\"panelIndex\":\"e44243ce-1dd7-4d08-bdfd-ada361b702ba\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"e886429e-9532-4f44-bb36-6465fe760866\",\"name\":\"indexpattern-datasource-layer-5d4423cc-ea65-4dde-b95c-c03fc25f421e\"}],\"state\":{\"visualization\":{\"columns\":[{\"isTransposed\":false,\"columnId\":\"80d969cb-519d-4f44-896e-414e3855ff30\"},{\"isTransposed\":false,\"columnId\":\"49a08f10-2a5d-45a1-80f4-c1217d6a3ba9\"},{\"isTransposed\":false,\"columnId\":\"5ed2292c-513d-4a4b-81f0-450b471824bf\"},{\"isTransposed\":false,\"columnId\":\"0d310f9d-a56d-4091-979d-170a9f4c6933\"},{\"isTransposed\":false,\"columnId\":\"4ebd68ae-b793-42be-a295-0271f7ab93cb\",\"width\":139.66666666666666,\"hidden\":true}],\"layerId\":\"5d4423cc-ea65-4dde-b95c-c03fc25f421e\",\"layerType\":\"data\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"5d4423cc-ea65-4dde-b95c-c03fc25f421e\":{\"columns\":{\"80d969cb-519d-4f44-896e-414e3855ff30\":{\"label\":\"Driver Name\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.adapter.driver.name\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"4ebd68ae-b793-42be-a295-0271f7ab93cb\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"49a08f10-2a5d-45a1-80f4-c1217d6a3ba9\":{\"label\":\"Driver Provider\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.adapter.driver.provider\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"4ebd68ae-b793-42be-a295-0271f7ab93cb\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"5ed2292c-513d-4a4b-81f0-450b471824bf\":{\"label\":\"Version\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.adapter.driver.version\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"4ebd68ae-b793-42be-a295-0271f7ab93cb\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"0d310f9d-a56d-4091-979d-170a9f4c6933\":{\"label\":\"File\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.adapter.driver.file_name\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"4ebd68ae-b793-42be-a295-0271f7ab93cb\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"4ebd68ae-b793-42be-a295-0271f7ab93cb\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true}}},\"columnOrder\":[\"80d969cb-519d-4f44-896e-414e3855ff30\",\"49a08f10-2a5d-45a1-80f4-c1217d6a3ba9\",\"5ed2292c-513d-4a4b-81f0-450b471824bf\",\"0d310f9d-a56d-4091-979d-170a9f4c6933\",\"4ebd68ae-b793-42be-a295-0271f7ab93cb\"],\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{},\"hidePanelTitles\":false},\"title\":\"Network Card Drivers\"}]", + "timeRestore": false, + "title": "[TYCHON] Host Network Adapters", + "version": 1 + }, + "coreMigrationVersion": "8.6.2", + "created_at": "2023-08-24T11:25:58.181Z", + "id": "tychon-3cb855d0-3c5e-11ee-8557-a7ea91123f8b-networkadapter", + "migrationVersion": { + "dashboard": "8.6.0" + }, + "references": [ + { + "id": "e886429e-9532-4f44-bb36-6465fe760866", + "name": "7f62756c-e202-4cfe-941c-efadbe5e5d44:indexpattern-datasource-layer-d0ae3dee-4383-481f-aef0-daf860c05856", + "type": "index-pattern" + }, + { + "id": "e886429e-9532-4f44-bb36-6465fe760866", + "name": "e32e4e7e-d84d-4f31-9a0d-a57ab471c406:indexpattern-datasource-layer-8c16b6e7-b3ab-468a-be34-9eaa64761bc4", + "type": "index-pattern" + }, + { + "id": "e886429e-9532-4f44-bb36-6465fe760866", + "name": "9936786e-a55c-4b9a-aa4b-b8d980f57126:indexpattern-datasource-layer-89d857bd-b2bf-4a46-a223-daa5fbc8d974", + "type": "index-pattern" + }, + { + "id": "e886429e-9532-4f44-bb36-6465fe760866", + "name": "df122ed7-85d7-41b1-a9a9-047e43b8f3a1:indexpattern-datasource-layer-478c5274-7721-46c2-b0f5-d42bd3449cce", + "type": "index-pattern" + }, + { + "id": "e886429e-9532-4f44-bb36-6465fe760866", + "name": "d648a9c0-0648-419b-b79b-71e1ee8a9a72:indexpattern-datasource-layer-a9f337a1-9ff1-4aae-ad4f-594b27fae2b3", + "type": "index-pattern" + }, + { + "id": "df491fbb-3f09-4ab0-995a-c2c549a9bc21", + "name": "543e1534-9b02-483a-a90d-64133a9f3949:indexpattern-datasource-layer-aeef0279-8407-4694-9a27-0c3160e7ac86", + "type": "index-pattern" + }, + { + "id": "e886429e-9532-4f44-bb36-6465fe760866", + "name": "1f76e42c-0430-4e02-97bb-62ebd19fd592:indexpattern-datasource-layer-3c9abebd-e23f-413d-abb5-f2bcca35a2f4", + "type": "index-pattern" + }, + { + "id": "e886429e-9532-4f44-bb36-6465fe760866", + "name": "c6dfaa90-2cfe-4e80-9df0-668ed93cc376:indexpattern-datasource-layer-32ff30b7-29b3-4d44-ad6b-75b5ac82b7d1", + "type": "index-pattern" + }, + { + "id": "tychon-1af57010-41b6-11ee-83e4-c92ed141b9e5-networkadapter", + "name": "c6dfaa90-2cfe-4e80-9df0-668ed93cc376:drilldown:DASHBOARD_TO_DASHBOARD_DRILLDOWN:f98ddf9f-1272-4629-a78f-34be39b396c9:dashboardId", + "type": "dashboard" + }, + { + "id": "e886429e-9532-4f44-bb36-6465fe760866", + "name": "b6ab1ca4-6059-46f3-aeb5-179d697bd31e:indexpattern-datasource-layer-b2b81cdf-b376-4b7b-8c8a-2dcba80a5592", + "type": "index-pattern" + }, + { + "id": "tychon-1af57010-41b6-11ee-83e4-c92ed141b9e5-networkadapter", + "name": "b6ab1ca4-6059-46f3-aeb5-179d697bd31e:drilldown:DASHBOARD_TO_DASHBOARD_DRILLDOWN:06b99334-2f3a-4fea-88a9-f8ff484a0273:dashboardId", + "type": "dashboard" + }, + { + "id": "e886429e-9532-4f44-bb36-6465fe760866", + "name": "e44243ce-1dd7-4d08-bdfd-ada361b702ba:indexpattern-datasource-layer-5d4423cc-ea65-4dde-b95c-c03fc25f421e", + "type": "index-pattern" + }, + { + "id": "11990b80-41b6-11ee-83e4-c92ed141b9e5", + "name": "tag-ref-11990b80-41b6-11ee-83e4-c92ed141b9e5", + "type": "tag" + }, + { + "id": "e18d6100-3c85-11ee-9610-15dee918f31a", + "name": "tag-ref-e18d6100-3c85-11ee-9610-15dee918f31a", + "type": "tag" + }, + { + "id": "10af3800-10f3-11ee-af86-538da1394f27", + "name": "tag-ref-10af3800-10f3-11ee-af86-538da1394f27", + "type": "tag" + }, + { + "id": "5a3ae0c0-3dbf-11ee-9610-15dee918f31a", + "name": "tag-ref-5a3ae0c0-3dbf-11ee-9610-15dee918f31a", + "type": "tag" + } + ], + "type": "dashboard", + "updated_at": "2023-08-24T11:25:58.181Z", + "version": "WzgyNzcwNywyMl0=" +} \ No newline at end of file diff --git a/packages/tychon/kibana/dashboard/tychon-6165bf50-3dbf-11ee-9610-15dee918f31a-host.json b/packages/tychon/kibana/dashboard/tychon-6165bf50-3dbf-11ee-9610-15dee918f31a-host.json new file mode 100644 index 00000000000..666bee04e0e --- /dev/null +++ b/packages/tychon/kibana/dashboard/tychon-6165bf50-3dbf-11ee-9610-15dee918f31a-host.json @@ -0,0 +1,151 @@ +{ + "attributes": { + "controlGroupInput": { + "chainingSystem": "HIERARCHICAL", + "controlStyle": "oneLine", + "ignoreParentSettingsJSON": "{\"ignoreFilters\":false,\"ignoreQuery\":false,\"ignoreTimerange\":false,\"ignoreValidations\":false}", + "panelsJSON": "{\"374dee3b-0adb-43f7-87d4-a8b9c1c9c1c5\":{\"order\":0,\"width\":\"large\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"host.hostname\",\"title\":\"Hostname\",\"singleSelect\":true,\"hideExclude\":true,\"hideExists\":true,\"id\":\"374dee3b-0adb-43f7-87d4-a8b9c1c9c1c5\",\"enhancements\":{}}}}" + }, + "description": "The \"TYCHON Endpoint Browser\" dashboard provides host visualization data for a single endpoint at a time. The dashboard is a set of several individual views broken down by tabs near the top of the screen. The TYCHON Endpoint Browser – Host Information view displays overall Operating System data and summary information from its subordinate datasets (disks, drives, vulnerabilities, benchmarks, etc.).", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "optionsJSON": "{\"useMargins\":true,\"syncColors\":true,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}", + "panelsJSON": "[{\"version\":\"8.6.2\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":48,\"h\":3,\"i\":\"2d1446f2-6aee-4a7c-84e2-aeffa6c5cf9d\"},\"panelIndex\":\"2d1446f2-6aee-4a7c-84e2-aeffa6c5cf9d\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_2d1446f2-6aee-4a7c-84e2-aeffa6c5cf9d\"},{\"version\":\"8.6.2\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":3,\"w\":6,\"h\":10,\"i\":\"a5029f8a-476b-4375-bb7a-d60889ade8a4\"},\"panelIndex\":\"a5029f8a-476b-4375-bb7a-d60889ade8a4\",\"embeddableConfig\":{\"savedVis\":{\"id\":\"\",\"title\":\"\",\"description\":\"\",\"type\":\"metrics\",\"params\":{\"time_range_mode\":\"entire_time_range\",\"id\":\"92d62e85-e917-436d-b8d3-f69df24ed02b\",\"type\":\"markdown\",\"series\":[{\"time_range_mode\":\"entire_time_range\",\"id\":\"5c94a663-8135-4c09-acdf-a8e828c62ef4\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"palette\":{\"type\":\"palette\",\"name\":\"default\"},\"metrics\":[{\"order\":\"desc\",\"agg_with\":\"concat\",\"id\":\"2f2e4338-bd68-4176-966b-1f6aae9574e6\",\"type\":\"top_hit\",\"field\":\"host.os.name\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"default\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"override_index_pattern\":0,\"series_drop_last_bucket\":0,\"label\":\"osname\",\"var_name\":\"osname\"},{\"time_range_mode\":\"entire_time_range\",\"id\":\"f04dc8d0-4151-11ee-982a-2bb4f2d49090\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"palette\":{\"type\":\"palette\",\"name\":\"default\"},\"metrics\":[{\"order\":\"desc\",\"agg_with\":\"concat\",\"id\":\"f04dc8d1-4151-11ee-982a-2bb4f2d49090\",\"type\":\"top_hit\",\"field\":\"host.architecture\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"default\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"override_index_pattern\":0,\"series_drop_last_bucket\":0,\"label\":\"hostarch\",\"var_name\":\"hostarch\"},{\"time_range_mode\":\"entire_time_range\",\"id\":\"07d09d20-4152-11ee-982a-2bb4f2d49090\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"palette\":{\"type\":\"palette\",\"name\":\"default\"},\"metrics\":[{\"order\":\"desc\",\"agg_with\":\"concat\",\"id\":\"07d09d21-4152-11ee-982a-2bb4f2d49090\",\"type\":\"top_hit\",\"field\":\"host.os.kernel\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"default\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"override_index_pattern\":0,\"series_drop_last_bucket\":0,\"label\":\"hostkern\",\"var_name\":\"hostkern\"},{\"time_range_mode\":\"entire_time_range\",\"id\":\"24089510-4152-11ee-982a-2bb4f2d49090\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"palette\":{\"type\":\"palette\",\"name\":\"default\"},\"metrics\":[{\"order\":\"desc\",\"agg_with\":\"concat\",\"id\":\"24089511-4152-11ee-982a-2bb4f2d49090\",\"type\":\"top_hit\",\"field\":\"host.os.version\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"default\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"override_index_pattern\":0,\"series_drop_last_bucket\":0,\"label\":\"osver\",\"var_name\":\"osver\"},{\"time_range_mode\":\"entire_time_range\",\"id\":\"b292c170-4152-11ee-982a-2bb4f2d49090\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"palette\":{\"type\":\"palette\",\"name\":\"default\"},\"metrics\":[{\"order\":\"desc\",\"agg_with\":\"concat\",\"id\":\"b292c171-4152-11ee-982a-2bb4f2d49090\",\"type\":\"top_hit\",\"field\":\"host.os.description\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"default\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"override_index_pattern\":0,\"series_drop_last_bucket\":0,\"label\":\"osdesc\",\"var_name\":\"osdesc\"},{\"time_range_mode\":\"entire_time_range\",\"id\":\"d3de77c0-4152-11ee-982a-2bb4f2d49090\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"palette\":{\"type\":\"palette\",\"name\":\"default\"},\"metrics\":[{\"order\":\"desc\",\"agg_with\":\"concat\",\"id\":\"d3de77c1-4152-11ee-982a-2bb4f2d49090\",\"type\":\"top_hit\",\"field\":\"host.os.edition\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"default\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"override_index_pattern\":0,\"series_drop_last_bucket\":0,\"label\":\"osedition\",\"var_name\":\"osedition\"},{\"time_range_mode\":\"entire_time_range\",\"id\":\"230bf020-4153-11ee-982a-2bb4f2d49090\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"palette\":{\"type\":\"palette\",\"name\":\"default\"},\"metrics\":[{\"order\":\"desc\",\"agg_with\":\"concat\",\"id\":\"230bf021-4153-11ee-982a-2bb4f2d49090\",\"type\":\"top_hit\",\"field\":\"host.os.organization\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"default\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"override_index_pattern\":0,\"series_drop_last_bucket\":0,\"label\":\"osorg\",\"var_name\":\"osorg\"},{\"time_range_mode\":\"entire_time_range\",\"id\":\"3b35d9e0-4153-11ee-982a-2bb4f2d49090\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"palette\":{\"type\":\"palette\",\"name\":\"default\"},\"metrics\":[{\"order\":\"desc\",\"agg_with\":\"concat\",\"id\":\"3b35d9e1-4153-11ee-982a-2bb4f2d49090\",\"type\":\"top_hit\",\"field\":\"host.os.platform\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"default\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"override_index_pattern\":0,\"series_drop_last_bucket\":0,\"label\":\"osplatform\",\"var_name\":\"osplatform\"},{\"time_range_mode\":\"entire_time_range\",\"id\":\"82b7d200-4153-11ee-982a-2bb4f2d49090\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"palette\":{\"type\":\"palette\",\"name\":\"default\"},\"metrics\":[{\"order\":\"desc\",\"agg_with\":\"concat\",\"id\":\"82b7d201-4153-11ee-982a-2bb4f2d49090\",\"type\":\"top_hit\",\"field\":\"host.os.build\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"default\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"override_index_pattern\":0,\"series_drop_last_bucket\":0,\"label\":\"osbuild\",\"var_name\":\"osbuild\"}],\"time_field\":\"\",\"use_kibana_indexes\":true,\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"truncate_legend\":1,\"max_lines_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"drop_last_bucket\":0,\"isModelInvalid\":false,\"markdown\":\"**Platform:** {{ osplatform.osplatform.last.formatted }} \\\\\\r\\n**Operating System:** {{ osname.osname.last.formatted }} \\\\\\r\\n**Architecture:** {{ hostarch.hostarch.last.formatted }} \\\\\\r\\n**Kernel:** {{ hostkern.hostkern.last.formatted }} \\\\\\r\\n**Version:** {{ osver.osver.last.formatted }} \\\\\\r\\n**Build:** {{ osbuild.osbuild.last.formatted }} \\\\\\r\\n**Description:** {{ osdesc.osdesc.last.formatted }} \\\\\\r\\n**Edition:** {{ osedition.osedition.last.formatted }} \\\\\\r\\n**Organization:** {{ osorg.osorg.last.formatted }}\",\"index_pattern_ref_name\":\"metrics_a5029f8a-476b-4375-bb7a-d60889ade8a4_0_index_pattern\"},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"OS Information\"},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":6,\"y\":3,\"w\":17,\"h\":5,\"i\":\"8ecc8919-ac6e-4281-a356-05f552ccf10f\"},\"panelIndex\":\"8ecc8919-ac6e-4281-a356-05f552ccf10f\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"9267bb1b-cf22-4417-8cfb-6606848140a7\",\"name\":\"indexpattern-datasource-layer-f4ed5a42-075e-4684-a82d-9b69f3ff5212\"}],\"state\":{\"visualization\":{\"layerId\":\"f4ed5a42-075e-4684-a82d-9b69f3ff5212\",\"layerType\":\"data\",\"columns\":[{\"columnId\":\"5db71250-e4a6-4352-9841-60bda3bb3d61\",\"hidden\":true},{\"columnId\":\"5ed56c44-5133-41e1-a6b9-53625ce522d3\",\"isTransposed\":false},{\"columnId\":\"18ea8a72-e8df-47b2-ad13-56ae22d6e75e\",\"isTransposed\":false},{\"columnId\":\"6b659b27-bfc8-452e-b8f9-3893e43a24ab\",\"isTransposed\":false}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"f4ed5a42-075e-4684-a82d-9b69f3ff5212\":{\"columns\":{\"5db71250-e4a6-4352-9841-60bda3bb3d61\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true}},\"5ed56c44-5133-41e1-a6b9-53625ce522d3\":{\"label\":\"BIOS Name\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.hardware.bios.name\",\"isBucketed\":true,\"params\":{\"size\":2,\"orderBy\":{\"type\":\"column\",\"columnId\":\"5db71250-e4a6-4352-9841-60bda3bb3d61\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"18ea8a72-e8df-47b2-ad13-56ae22d6e75e\":{\"label\":\"BIOS Version\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.hardware.bios.version\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"5db71250-e4a6-4352-9841-60bda3bb3d61\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"6b659b27-bfc8-452e-b8f9-3893e43a24ab\":{\"label\":\"BIOS Serialnumber\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.biossn\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"5db71250-e4a6-4352-9841-60bda3bb3d61\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true}},\"columnOrder\":[\"5ed56c44-5133-41e1-a6b9-53625ce522d3\",\"18ea8a72-e8df-47b2-ad13-56ae22d6e75e\",\"6b659b27-bfc8-452e-b8f9-3893e43a24ab\",\"5db71250-e4a6-4352-9841-60bda3bb3d61\"],\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Host BIOS Information\"},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":23,\"y\":3,\"w\":25,\"h\":5,\"i\":\"fd21cc47-2ac3-4a88-8598-c458a47d1e90\"},\"panelIndex\":\"fd21cc47-2ac3-4a88-8598-c458a47d1e90\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"9267bb1b-cf22-4417-8cfb-6606848140a7\",\"name\":\"indexpattern-datasource-layer-596cb7b8-af7b-40db-affa-e7591c0165be\"}],\"state\":{\"visualization\":{\"columns\":[{\"isTransposed\":false,\"columnId\":\"703fc954-3aab-4cea-b5b5-ec2b68e311bb\"},{\"isTransposed\":false,\"columnId\":\"0f437a99-d536-4931-ae23-18509767b878\",\"hidden\":true},{\"columnId\":\"84fbf0d5-cd51-41c0-a7c7-6072fd807f0b\",\"isTransposed\":false},{\"columnId\":\"b9936688-2921-4cc7-b058-e0fc26c376ec\",\"isTransposed\":false},{\"columnId\":\"074126a4-578b-4f8d-85df-0a460025e011\",\"isTransposed\":false,\"alignment\":\"center\"}],\"layerId\":\"596cb7b8-af7b-40db-affa-e7591c0165be\",\"layerType\":\"data\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"596cb7b8-af7b-40db-affa-e7591c0165be\":{\"columns\":{\"703fc954-3aab-4cea-b5b5-ec2b68e311bb\":{\"label\":\"System Manufacturer\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.hardware.manufacturer\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"0f437a99-d536-4931-ae23-18509767b878\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"0f437a99-d536-4931-ae23-18509767b878\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true}},\"84fbf0d5-cd51-41c0-a7c7-6072fd807f0b\":{\"label\":\"Owner\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.hardware.owner\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"0f437a99-d536-4931-ae23-18509767b878\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"b9936688-2921-4cc7-b058-e0fc26c376ec\":{\"label\":\"Serial Number\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.hardware.serial_number\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"0f437a99-d536-4931-ae23-18509767b878\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"074126a4-578b-4f8d-85df-0a460025e011\":{\"label\":\"Domain\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.domain\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"0f437a99-d536-4931-ae23-18509767b878\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true}},\"columnOrder\":[\"703fc954-3aab-4cea-b5b5-ec2b68e311bb\",\"84fbf0d5-cd51-41c0-a7c7-6072fd807f0b\",\"b9936688-2921-4cc7-b058-e0fc26c376ec\",\"074126a4-578b-4f8d-85df-0a460025e011\",\"0f437a99-d536-4931-ae23-18509767b878\"],\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Computer Info\"},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":6,\"y\":8,\"w\":42,\"h\":5,\"i\":\"7412b1ca-0c47-4905-aa6a-474686887f76\"},\"panelIndex\":\"7412b1ca-0c47-4905-aa6a-474686887f76\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"a264bf8d-abc3-4789-9f4c-bf76397e06ba\",\"name\":\"indexpattern-datasource-layer-21cf6cf3-6399-4b45-8e70-849aa6623d06\"}],\"state\":{\"visualization\":{\"columns\":[{\"isTransposed\":false,\"columnId\":\"0f5c4a52-d271-4328-95b6-6c69453180bc\",\"width\":387.2857142857143},{\"isTransposed\":false,\"columnId\":\"52e60488-e5d3-40c2-80a0-07344374be6d\"},{\"columnId\":\"b718099c-427c-4132-95e5-660deafe078c\",\"isTransposed\":false},{\"columnId\":\"54346d91-c191-4452-a917-df1c036d9795\",\"isTransposed\":false,\"alignment\":\"center\",\"width\":188.61904761904765},{\"columnId\":\"0d7c7fc3-2b87-4d1b-9032-2a962327b5b6\",\"isTransposed\":false,\"alignment\":\"center\",\"width\":196.21904761904761},{\"columnId\":\"eba3a044-1b3b-4a95-85a1-b16eda075894\",\"isTransposed\":false,\"alignment\":\"center\",\"width\":217.71904761904761},{\"columnId\":\"1d0ad394-868c-4a94-984b-20325b2e1304\",\"isTransposed\":false,\"alignment\":\"center\"},{\"columnId\":\"18b6d48d-b1d6-4d14-8f46-f7132ab3ecff\",\"isTransposed\":false,\"alignment\":\"center\"},{\"columnId\":\"fa120ad2-0f99-4d28-bc0d-e387ad82614b\",\"isTransposed\":false,\"alignment\":\"center\"}],\"layerId\":\"21cf6cf3-6399-4b45-8e70-849aa6623d06\",\"layerType\":\"data\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"21cf6cf3-6399-4b45-8e70-849aa6623d06\":{\"columns\":{\"0f5c4a52-d271-4328-95b6-6c69453180bc\":{\"label\":\"Name\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.cpu.name\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"52e60488-e5d3-40c2-80a0-07344374be6d\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"52e60488-e5d3-40c2-80a0-07344374be6d\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true}},\"b718099c-427c-4132-95e5-660deafe078c\":{\"label\":\"Manufacturer\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.cpu.manufacturer\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"52e60488-e5d3-40c2-80a0-07344374be6d\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"54346d91-c191-4452-a917-df1c036d9795\":{\"label\":\"Cores\",\"dataType\":\"number\",\"operationType\":\"range\",\"sourceField\":\"host.cpu.number_of_cores\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"includeEmptyRows\":true,\"type\":\"histogram\",\"ranges\":[{\"from\":0,\"to\":1000,\"label\":\"\"}],\"maxBars\":\"auto\"},\"customLabel\":true},\"0d7c7fc3-2b87-4d1b-9032-2a962327b5b6\":{\"label\":\"Processors\",\"dataType\":\"number\",\"operationType\":\"range\",\"sourceField\":\"host.cpu.number_of_logical_processors\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"includeEmptyRows\":true,\"type\":\"histogram\",\"ranges\":[{\"from\":0,\"to\":1000,\"label\":\"\"}],\"maxBars\":\"auto\"},\"customLabel\":true},\"eba3a044-1b3b-4a95-85a1-b16eda075894\":{\"label\":\"Speed GHZ\",\"dataType\":\"number\",\"operationType\":\"range\",\"sourceField\":\"host.cpu.speed\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"includeEmptyRows\":true,\"type\":\"histogram\",\"ranges\":[{\"from\":0,\"to\":1000,\"label\":\"\"}],\"maxBars\":\"auto\"},\"customLabel\":true},\"1d0ad394-868c-4a94-984b-20325b2e1304\":{\"label\":\"Virtualization Enabled\",\"dataType\":\"boolean\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.cpu.virtualization_firmware_enabled\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"52e60488-e5d3-40c2-80a0-07344374be6d\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"18b6d48d-b1d6-4d14-8f46-f7132ab3ecff\":{\"label\":\"Family\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.cpu.family\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"52e60488-e5d3-40c2-80a0-07344374be6d\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"fa120ad2-0f99-4d28-bc0d-e387ad82614b\":{\"label\":\"Clock Speed\",\"dataType\":\"number\",\"operationType\":\"range\",\"sourceField\":\"host.cpu.clockspeed\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"includeEmptyRows\":true,\"type\":\"histogram\",\"ranges\":[{\"from\":0,\"to\":1000,\"label\":\"\"}],\"maxBars\":\"auto\"},\"customLabel\":true}},\"columnOrder\":[\"0f5c4a52-d271-4328-95b6-6c69453180bc\",\"b718099c-427c-4132-95e5-660deafe078c\",\"54346d91-c191-4452-a917-df1c036d9795\",\"0d7c7fc3-2b87-4d1b-9032-2a962327b5b6\",\"eba3a044-1b3b-4a95-85a1-b16eda075894\",\"fa120ad2-0f99-4d28-bc0d-e387ad82614b\",\"1d0ad394-868c-4a94-984b-20325b2e1304\",\"18b6d48d-b1d6-4d14-8f46-f7132ab3ecff\",\"52e60488-e5d3-40c2-80a0-07344374be6d\"],\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"System CPU\"},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":13,\"w\":6,\"h\":6,\"i\":\"88c54662-3d8e-4484-9bad-ab4d1aac4ffc\"},\"panelIndex\":\"88c54662-3d8e-4484-9bad-ab4d1aac4ffc\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsLegacyMetric\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"78931842-dc88-45d7-a6ee-d79fb9f615bd\",\"name\":\"indexpattern-datasource-layer-72f117b5-7ab9-41e7-a1f4-423f8b423707\"}],\"state\":{\"visualization\":{\"layerId\":\"72f117b5-7ab9-41e7-a1f4-423f8b423707\",\"accessor\":\"0e0ad3dc-89f4-471c-bf9c-55e1fa0cc457\",\"layerType\":\"data\",\"titlePosition\":\"bottom\",\"textAlign\":\"center\",\"colorMode\":\"Labels\",\"palette\":{\"name\":\"custom\",\"type\":\"palette\",\"params\":{\"steps\":3,\"name\":\"custom\",\"reverse\":false,\"rangeType\":\"number\",\"rangeMin\":null,\"rangeMax\":null,\"progression\":\"fixed\",\"stops\":[{\"color\":\"#209280\",\"stop\":1},{\"color\":\"#CB4848\",\"stop\":4}],\"colorStops\":[{\"color\":\"#209280\",\"stop\":null},{\"color\":\"#CB4848\",\"stop\":1}],\"continuity\":\"all\",\"maxSteps\":5}},\"size\":\"xl\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"72f117b5-7ab9-41e7-a1f4-423f8b423707\":{\"columns\":{\"0e0ad3dc-89f4-471c-bf9c-55e1fa0cc457\":{\"label\":\"Failing Vulnerabilities\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"vulnerability.id\",\"isBucketed\":false,\"filter\":{\"query\":\"vulnerability.result : \\\"fail\\\" \",\"language\":\"kuery\"},\"params\":{\"emptyAsNull\":false},\"customLabel\":true}},\"columnOrder\":[\"0e0ad3dc-89f4-471c-bf9c-55e1fa0cc457\"],\"sampling\":1,\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":true,\"enhancements\":{\"dynamicActions\":{\"events\":[{\"eventId\":\"69270630-ea7e-41db-a897-69da6ff72cdf\",\"triggers\":[\"FILTER_TRIGGER\"],\"action\":{\"factoryId\":\"DASHBOARD_TO_DASHBOARD_DRILLDOWN\",\"name\":\"View Vulnerabilities for this endpoint\",\"config\":{\"useCurrentFilters\":true,\"useCurrentDateRange\":true,\"openInNewTab\":false}}}]}}}},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":6,\"y\":13,\"w\":42,\"h\":7,\"i\":\"5ba071e0-cef6-4e8f-b34a-11b1cc806714\"},\"panelIndex\":\"5ba071e0-cef6-4e8f-b34a-11b1cc806714\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"e886429e-9532-4f44-bb36-6465fe760866\",\"name\":\"indexpattern-datasource-layer-56f3ea8a-a52d-462c-a5d6-2446d6826ad2\"}],\"state\":{\"visualization\":{\"layerId\":\"56f3ea8a-a52d-462c-a5d6-2446d6826ad2\",\"layerType\":\"data\",\"columns\":[{\"isTransposed\":false,\"columnId\":\"359f23a5-abc4-4204-bbf3-16951a7c5d72\",\"alignment\":\"center\"},{\"columnId\":\"34e5c607-4963-4388-a2d1-5c925ff7ea54\",\"isTransposed\":false,\"hidden\":true},{\"columnId\":\"85ee823b-6334-4687-ab5f-43570c69996c\",\"isTransposed\":false},{\"columnId\":\"ab0584bf-ccba-47f9-8185-655880391447\",\"isTransposed\":false,\"width\":118.66666666666663,\"alignment\":\"center\"},{\"columnId\":\"99c6b2d5-c246-46a3-86dd-55d9e30491fd\",\"isTransposed\":false,\"alignment\":\"center\"},{\"columnId\":\"f3863ce5-8d01-4f5e-a42b-137410f47c41\",\"isTransposed\":false,\"alignment\":\"center\"},{\"columnId\":\"52fb95cb-0446-4db0-93d7-d79a7fea0344\",\"isTransposed\":false,\"alignment\":\"center\",\"width\":156.66666666666669},{\"columnId\":\"697b46cb-1d88-49da-9761-25a974891b4a\",\"isTransposed\":false,\"alignment\":\"center\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"56f3ea8a-a52d-462c-a5d6-2446d6826ad2\":{\"columns\":{\"359f23a5-abc4-4204-bbf3-16951a7c5d72\":{\"label\":\"IP\",\"dataType\":\"ip\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.adapter.ip\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"34e5c607-4963-4388-a2d1-5c925ff7ea54\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"34e5c607-4963-4388-a2d1-5c925ff7ea54\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true}},\"85ee823b-6334-4687-ab5f-43570c69996c\":{\"label\":\"Alias\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.adapter.alias\",\"isBucketed\":true,\"params\":{\"size\":50,\"orderBy\":{\"type\":\"column\",\"columnId\":\"34e5c607-4963-4388-a2d1-5c925ff7ea54\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"ab0584bf-ccba-47f9-8185-655880391447\":{\"label\":\"DHCP\",\"dataType\":\"boolean\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.adapter.dhcp.enabled\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"34e5c607-4963-4388-a2d1-5c925ff7ea54\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"99c6b2d5-c246-46a3-86dd-55d9e30491fd\":{\"label\":\"Gateway\",\"dataType\":\"ip\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.adapter.gateway\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"34e5c607-4963-4388-a2d1-5c925ff7ea54\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"f3863ce5-8d01-4f5e-a42b-137410f47c41\":{\"label\":\"MAC Address\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.adapter.mac\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"34e5c607-4963-4388-a2d1-5c925ff7ea54\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"52fb95cb-0446-4db0-93d7-d79a7fea0344\":{\"label\":\"Vitual\",\"dataType\":\"boolean\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.adapter.virtual\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"34e5c607-4963-4388-a2d1-5c925ff7ea54\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"697b46cb-1d88-49da-9761-25a974891b4a\":{\"label\":\"Connected SSID\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.adapter.wifi.ssid\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"34e5c607-4963-4388-a2d1-5c925ff7ea54\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true}},\"columnOrder\":[\"85ee823b-6334-4687-ab5f-43570c69996c\",\"359f23a5-abc4-4204-bbf3-16951a7c5d72\",\"ab0584bf-ccba-47f9-8185-655880391447\",\"99c6b2d5-c246-46a3-86dd-55d9e30491fd\",\"f3863ce5-8d01-4f5e-a42b-137410f47c41\",\"52fb95cb-0446-4db0-93d7-d79a7fea0344\",\"697b46cb-1d88-49da-9761-25a974891b4a\",\"34e5c607-4963-4388-a2d1-5c925ff7ea54\"],\"sampling\":1,\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{\"dynamicActions\":{\"events\":[{\"eventId\":\"601d0e2a-08ac-4442-bbfc-fdfb6ed68c0b\",\"triggers\":[\"FILTER_TRIGGER\"],\"action\":{\"factoryId\":\"DASHBOARD_TO_DASHBOARD_DRILLDOWN\",\"name\":\"View Network Cards Details\",\"config\":{\"useCurrentFilters\":true,\"useCurrentDateRange\":true,\"openInNewTab\":false}}}]}}},\"title\":\"Network Adapters\"},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":19,\"w\":6,\"h\":6,\"i\":\"d64e1165-e5d6-46d2-abb9-e4315e238f9e\"},\"panelIndex\":\"d64e1165-e5d6-46d2-abb9-e4315e238f9e\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsLegacyMetric\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"ed7c1bb4-5aac-45d4-9aff-06f4d4ad4a9a\",\"name\":\"indexpattern-datasource-layer-72f117b5-7ab9-41e7-a1f4-423f8b423707\"}],\"state\":{\"visualization\":{\"layerId\":\"72f117b5-7ab9-41e7-a1f4-423f8b423707\",\"accessor\":\"42fcfbaf-a528-4d05-8486-2bbf3a01d173\",\"layerType\":\"data\",\"titlePosition\":\"bottom\",\"textAlign\":\"center\",\"colorMode\":\"Labels\",\"palette\":{\"name\":\"custom\",\"type\":\"palette\",\"params\":{\"steps\":3,\"name\":\"custom\",\"reverse\":false,\"rangeType\":\"number\",\"rangeMin\":null,\"rangeMax\":null,\"progression\":\"fixed\",\"stops\":[{\"color\":\"#209280\",\"stop\":1},{\"color\":\"#cb4848\",\"stop\":64}],\"colorStops\":[{\"color\":\"#209280\",\"stop\":null},{\"color\":\"#cb4848\",\"stop\":1}],\"continuity\":\"all\",\"maxSteps\":5}},\"size\":\"xl\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"72f117b5-7ab9-41e7-a1f4-423f8b423707\":{\"columns\":{\"42fcfbaf-a528-4d05-8486-2bbf3a01d173\":{\"label\":\"Failed High SCAP\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"rule.id\",\"isBucketed\":false,\"filter\":{\"query\":\"rule.result : \\\"fail\\\" and rule.severity : \\\"high\\\" \",\"language\":\"kuery\"},\"params\":{\"emptyAsNull\":false},\"customLabel\":true}},\"columnOrder\":[\"42fcfbaf-a528-4d05-8486-2bbf3a01d173\"],\"sampling\":1,\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":true,\"enhancements\":{\"dynamicActions\":{\"events\":[{\"eventId\":\"5726c30e-a24d-4b78-9d26-deb2771144bd\",\"triggers\":[\"FILTER_TRIGGER\"],\"action\":{\"factoryId\":\"DASHBOARD_TO_DASHBOARD_DRILLDOWN\",\"name\":\"View Hosts Benchmark Data\",\"config\":{\"useCurrentFilters\":false,\"useCurrentDateRange\":true,\"openInNewTab\":false}}}]}}},\"title\":\"\"},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":6,\"y\":20,\"w\":42,\"h\":7,\"i\":\"0a48a778-6cb1-44c3-89b8-76d6169e29a8\"},\"panelIndex\":\"0a48a778-6cb1-44c3-89b8-76d6169e29a8\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"62456a9a-bd4c-4b57-b6b5-5556b6869ce5\",\"name\":\"indexpattern-datasource-layer-7fbad8bf-b2fd-44ee-b47b-5b2260b8498d\"}],\"state\":{\"visualization\":{\"columns\":[{\"isTransposed\":false,\"columnId\":\"2e01df65-7787-4e15-86e3-a45eed285033\"},{\"isTransposed\":false,\"columnId\":\"d65a1a00-5ae8-443b-82bc-62dce81f7ac5\"},{\"columnId\":\"ed56a46c-f9da-4d58-b0f3-06e0ecc264ef\",\"isTransposed\":false},{\"columnId\":\"d5c5e6ac-d61c-4bf2-94de-62b85d9e945a\",\"isTransposed\":false,\"alignment\":\"center\"},{\"columnId\":\"37ea1f0a-2f23-4435-9866-6d11677ca86b\",\"isTransposed\":false,\"alignment\":\"center\"}],\"layerId\":\"7fbad8bf-b2fd-44ee-b47b-5b2260b8498d\",\"layerType\":\"data\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"7fbad8bf-b2fd-44ee-b47b-5b2260b8498d\":{\"columns\":{\"2e01df65-7787-4e15-86e3-a45eed285033\":{\"label\":\"Percent Full\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"volume.percent_full\",\"isBucketed\":true,\"params\":{\"size\":10,\"orderBy\":{\"type\":\"alphabetical\",\"fallback\":true},\"orderDirection\":\"asc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"d65a1a00-5ae8-443b-82bc-62dce81f7ac5\":{\"label\":\"Drive\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"volume.drive.letter\",\"isBucketed\":true,\"params\":{\"size\":10,\"orderBy\":{\"type\":\"alphabetical\",\"fallback\":true},\"orderDirection\":\"asc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"ed56a46c-f9da-4d58-b0f3-06e0ecc264ef\":{\"label\":\"Name\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"volume.name\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"alphabetical\",\"fallback\":true},\"orderDirection\":\"asc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"d5c5e6ac-d61c-4bf2-94de-62b85d9e945a\":{\"label\":\"Total Size\",\"dataType\":\"string\",\"operationType\":\"last_value\",\"isBucketed\":false,\"scale\":\"ordinal\",\"sourceField\":\"volume.size\",\"filter\":{\"query\":\"volume.size: *\",\"language\":\"kuery\"},\"params\":{\"sortField\":\"@timestamp\"},\"customLabel\":true},\"37ea1f0a-2f23-4435-9866-6d11677ca86b\":{\"label\":\"Freespace\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"volume.freespace\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"alphabetical\",\"fallback\":true},\"orderDirection\":\"asc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true}},\"columnOrder\":[\"d65a1a00-5ae8-443b-82bc-62dce81f7ac5\",\"2e01df65-7787-4e15-86e3-a45eed285033\",\"ed56a46c-f9da-4d58-b0f3-06e0ecc264ef\",\"37ea1f0a-2f23-4435-9866-6d11677ca86b\",\"d5c5e6ac-d61c-4bf2-94de-62b85d9e945a\"],\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{\"dynamicActions\":{\"events\":[{\"eventId\":\"97fe566e-2647-47dc-a6fb-ccbbc69f8985\",\"triggers\":[\"FILTER_TRIGGER\"],\"action\":{\"factoryId\":\"DASHBOARD_TO_DASHBOARD_DRILLDOWN\",\"name\":\"View Volumes and Drives for this Endpoint\",\"config\":{\"useCurrentFilters\":true,\"useCurrentDateRange\":true,\"openInNewTab\":false}}}]}}},\"title\":\"Volumes \"},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":25,\"w\":6,\"h\":7,\"i\":\"9b009011-6f72-4379-a69b-21e6feedfce7\"},\"panelIndex\":\"9b009011-6f72-4379-a69b-21e6feedfce7\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsMetric\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"9267bb1b-cf22-4417-8cfb-6606848140a7\",\"name\":\"indexpattern-datasource-layer-4ac1c77b-306c-4a94-b080-f204193d6efd\"}],\"state\":{\"visualization\":{\"layerId\":\"4ac1c77b-306c-4a94-b080-f204193d6efd\",\"layerType\":\"data\",\"metricAccessor\":\"2bcd5106-f375-4a03-bb55-a5b2ecfcd869\",\"maxAccessor\":\"00b8ad38-df28-49ec-a473-348fd0305876\",\"showBar\":true,\"palette\":{\"name\":\"custom\",\"type\":\"palette\",\"params\":{\"steps\":3,\"name\":\"custom\",\"reverse\":false,\"rangeType\":\"number\",\"rangeMin\":null,\"rangeMax\":null,\"progression\":\"fixed\",\"stops\":[{\"color\":\"#209280\",\"stop\":1},{\"color\":\"#d6bf57\",\"stop\":4},{\"color\":\"#cc5642\",\"stop\":14}],\"colorStops\":[{\"color\":\"#209280\",\"stop\":null},{\"color\":\"#d6bf57\",\"stop\":1},{\"color\":\"#cc5642\",\"stop\":4}],\"continuity\":\"all\",\"maxSteps\":5}},\"progressDirection\":\"horizontal\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"4ac1c77b-306c-4a94-b080-f204193d6efd\":{\"columns\":{\"2bcd5106-f375-4a03-bb55-a5b2ecfcd869X0\":{\"label\":\"Part of Virtualization Security Features Disabled\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"filter\":{\"query\":\"event.deviceguard.credentialguard.enabled : false \",\"language\":\"kuery\"},\"params\":{\"emptyAsNull\":false},\"customLabel\":true},\"2bcd5106-f375-4a03-bb55-a5b2ecfcd869X1\":{\"label\":\"Part of Virtualization Security Features Disabled\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"filter\":{\"query\":\"event.deviceguard.credentialguard.running: false\",\"language\":\"kuery\"},\"params\":{\"emptyAsNull\":false},\"customLabel\":true},\"2bcd5106-f375-4a03-bb55-a5b2ecfcd869X2\":{\"label\":\"Part of Virtualization Security Features Disabled\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"filter\":{\"query\":\"event.deviceguard.virtualizationbasedsecurity.status:Off\",\"language\":\"kuery\"},\"params\":{\"emptyAsNull\":false},\"customLabel\":true},\"2bcd5106-f375-4a03-bb55-a5b2ecfcd869X3\":{\"label\":\"Part of Virtualization Security Features Disabled\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"filter\":{\"query\":\"event.deviceguard.basevirtualizationsupport.available : false\",\"language\":\"kuery\"},\"params\":{\"emptyAsNull\":false},\"customLabel\":true},\"2bcd5106-f375-4a03-bb55-a5b2ecfcd869X4\":{\"label\":\"Part of Virtualization Security Features Disabled\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"filter\":{\"query\":\"event.deviceguard.dmaprotection.available : false \",\"language\":\"kuery\"},\"params\":{\"emptyAsNull\":false},\"customLabel\":true},\"2bcd5106-f375-4a03-bb55-a5b2ecfcd869X5\":{\"label\":\"Part of Virtualization Security Features Disabled\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"filter\":{\"query\":\"event.deviceguard.secureboot.available:false\",\"language\":\"kuery\"},\"params\":{\"emptyAsNull\":false},\"customLabel\":true},\"2bcd5106-f375-4a03-bb55-a5b2ecfcd869X6\":{\"label\":\"Part of Virtualization Security Features Disabled\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"filter\":{\"query\":\"event.deviceguard.hypervisorenforcedcodeint.enabled: false\",\"language\":\"kuery\"},\"params\":{\"emptyAsNull\":false},\"customLabel\":true},\"2bcd5106-f375-4a03-bb55-a5b2ecfcd869X7\":{\"label\":\"Part of Virtualization Security Features Disabled\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"filter\":{\"query\":\"event.deviceguard.hypervisorenforcedcodeint.running: false\",\"language\":\"kuery\"},\"params\":{\"emptyAsNull\":false},\"customLabel\":true},\"2bcd5106-f375-4a03-bb55-a5b2ecfcd869X8\":{\"label\":\"Part of Virtualization Security Features Disabled\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"filter\":{\"query\":\"event.deviceguard.securememoverwrite.available : false\",\"language\":\"kuery\"},\"params\":{\"emptyAsNull\":false},\"customLabel\":true},\"2bcd5106-f375-4a03-bb55-a5b2ecfcd869X9\":{\"label\":\"Part of Virtualization Security Features Disabled\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"filter\":{\"query\":\"event.deviceguard.smmsecuritymigrations.available : false\",\"language\":\"kuery\"},\"params\":{\"emptyAsNull\":false},\"customLabel\":true},\"2bcd5106-f375-4a03-bb55-a5b2ecfcd869X10\":{\"label\":\"Part of Virtualization Security Features Disabled\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"filter\":{\"query\":\"event.deviceguard.systemguardsecurelaunch.enabled : false\",\"language\":\"kuery\"},\"params\":{\"emptyAsNull\":false},\"customLabel\":true},\"2bcd5106-f375-4a03-bb55-a5b2ecfcd869X11\":{\"label\":\"Part of Virtualization Security Features Disabled\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"filter\":{\"query\":\"event.deviceguard.systemguardsecurelaunch.running : false\",\"language\":\"kuery\"},\"params\":{\"emptyAsNull\":false},\"customLabel\":true},\"2bcd5106-f375-4a03-bb55-a5b2ecfcd869X12\":{\"label\":\"Part of Virtualization Security Features Disabled\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"filter\":{\"query\":\"event.deviceguard.ueficodereadonly.available : false\",\"language\":\"kuery\"},\"params\":{\"emptyAsNull\":false},\"customLabel\":true},\"2bcd5106-f375-4a03-bb55-a5b2ecfcd869X13\":{\"label\":\"Part of Virtualization Security Features Disabled\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"filter\":{\"query\":\"event.deviceguard.usermodecodeintegrity.policyenforcement: \\\"Off\\\" \",\"language\":\"kuery\"},\"params\":{\"emptyAsNull\":false},\"customLabel\":true},\"2bcd5106-f375-4a03-bb55-a5b2ecfcd869X14\":{\"label\":\"Part of Virtualization Security Features Disabled\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"filter\":{\"query\":\"event.ufi.enabled: false \",\"language\":\"kuery\"},\"params\":{\"emptyAsNull\":false},\"customLabel\":true},\"2bcd5106-f375-4a03-bb55-a5b2ecfcd869X15\":{\"label\":\"Part of Virtualization Security Features Disabled\",\"dataType\":\"number\",\"operationType\":\"math\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"tinymathAst\":{\"type\":\"function\",\"name\":\"add\",\"args\":[{\"type\":\"function\",\"name\":\"add\",\"args\":[{\"type\":\"function\",\"name\":\"add\",\"args\":[{\"type\":\"function\",\"name\":\"add\",\"args\":[{\"type\":\"function\",\"name\":\"add\",\"args\":[{\"type\":\"function\",\"name\":\"add\",\"args\":[{\"type\":\"function\",\"name\":\"add\",\"args\":[{\"type\":\"function\",\"name\":\"add\",\"args\":[{\"type\":\"function\",\"name\":\"add\",\"args\":[{\"type\":\"function\",\"name\":\"add\",\"args\":[{\"type\":\"function\",\"name\":\"add\",\"args\":[{\"type\":\"function\",\"name\":\"add\",\"args\":[{\"type\":\"function\",\"name\":\"add\",\"args\":[{\"type\":\"function\",\"name\":\"add\",\"args\":[\"2bcd5106-f375-4a03-bb55-a5b2ecfcd869X0\",\"2bcd5106-f375-4a03-bb55-a5b2ecfcd869X1\"]},\"2bcd5106-f375-4a03-bb55-a5b2ecfcd869X2\"]},\"2bcd5106-f375-4a03-bb55-a5b2ecfcd869X3\"]},\"2bcd5106-f375-4a03-bb55-a5b2ecfcd869X4\"]},\"2bcd5106-f375-4a03-bb55-a5b2ecfcd869X5\"]},\"2bcd5106-f375-4a03-bb55-a5b2ecfcd869X6\"]},\"2bcd5106-f375-4a03-bb55-a5b2ecfcd869X7\"]},\"2bcd5106-f375-4a03-bb55-a5b2ecfcd869X8\"]},\"2bcd5106-f375-4a03-bb55-a5b2ecfcd869X9\"]},\"2bcd5106-f375-4a03-bb55-a5b2ecfcd869X10\"]},\"2bcd5106-f375-4a03-bb55-a5b2ecfcd869X11\"]},\"2bcd5106-f375-4a03-bb55-a5b2ecfcd869X12\"]},\"2bcd5106-f375-4a03-bb55-a5b2ecfcd869X13\"]},\"2bcd5106-f375-4a03-bb55-a5b2ecfcd869X14\"],\"location\":{\"min\":0,\"max\":1030},\"text\":\"count(kql='event.deviceguard.credentialguard.enabled : false ')+\\r\\ncount(kql='event.deviceguard.credentialguard.running: false')+\\r\\ncount(kql='event.deviceguard.virtualizationbasedsecurity.status:Off')+\\r\\ncount(kql='event.deviceguard.basevirtualizationsupport.available : false')+\\r\\ncount(kql='event.deviceguard.dmaprotection.available : false ')+\\r\\ncount(kql='event.deviceguard.secureboot.available:false')+\\r\\ncount(kql='event.deviceguard.hypervisorenforcedcodeint.enabled: false')+\\r\\ncount(kql='event.deviceguard.hypervisorenforcedcodeint.running: false')+\\r\\ncount(kql='event.deviceguard.securememoverwrite.available : false')+\\r\\ncount(kql='event.deviceguard.smmsecuritymigrations.available : false')+\\r\\ncount(kql='event.deviceguard.systemguardsecurelaunch.enabled : false')+\\r\\ncount(kql='event.deviceguard.systemguardsecurelaunch.running : false')+\\r\\ncount(kql='event.deviceguard.ueficodereadonly.available : false')+\\r\\ncount(kql='event.deviceguard.usermodecodeintegrity.policyenforcement: \\\"Off\\\" ')+\\r\\ncount(kql='event.ufi.enabled: false ')\"}},\"references\":[\"2bcd5106-f375-4a03-bb55-a5b2ecfcd869X0\",\"2bcd5106-f375-4a03-bb55-a5b2ecfcd869X1\",\"2bcd5106-f375-4a03-bb55-a5b2ecfcd869X2\",\"2bcd5106-f375-4a03-bb55-a5b2ecfcd869X3\",\"2bcd5106-f375-4a03-bb55-a5b2ecfcd869X4\",\"2bcd5106-f375-4a03-bb55-a5b2ecfcd869X5\",\"2bcd5106-f375-4a03-bb55-a5b2ecfcd869X6\",\"2bcd5106-f375-4a03-bb55-a5b2ecfcd869X7\",\"2bcd5106-f375-4a03-bb55-a5b2ecfcd869X8\",\"2bcd5106-f375-4a03-bb55-a5b2ecfcd869X9\",\"2bcd5106-f375-4a03-bb55-a5b2ecfcd869X10\",\"2bcd5106-f375-4a03-bb55-a5b2ecfcd869X11\",\"2bcd5106-f375-4a03-bb55-a5b2ecfcd869X12\",\"2bcd5106-f375-4a03-bb55-a5b2ecfcd869X13\",\"2bcd5106-f375-4a03-bb55-a5b2ecfcd869X14\"],\"customLabel\":true},\"2bcd5106-f375-4a03-bb55-a5b2ecfcd869\":{\"label\":\"Virtualization Security Features Disabled\",\"dataType\":\"number\",\"operationType\":\"formula\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"formula\":\"count(kql='event.deviceguard.credentialguard.enabled : false ')+\\r\\ncount(kql='event.deviceguard.credentialguard.running: false')+\\r\\ncount(kql='event.deviceguard.virtualizationbasedsecurity.status:Off')+\\r\\ncount(kql='event.deviceguard.basevirtualizationsupport.available : false')+\\r\\ncount(kql='event.deviceguard.dmaprotection.available : false ')+\\r\\ncount(kql='event.deviceguard.secureboot.available:false')+\\r\\ncount(kql='event.deviceguard.hypervisorenforcedcodeint.enabled: false')+\\r\\ncount(kql='event.deviceguard.hypervisorenforcedcodeint.running: false')+\\r\\ncount(kql='event.deviceguard.securememoverwrite.available : false')+\\r\\ncount(kql='event.deviceguard.smmsecuritymigrations.available : false')+\\r\\ncount(kql='event.deviceguard.systemguardsecurelaunch.enabled : false')+\\r\\ncount(kql='event.deviceguard.systemguardsecurelaunch.running : false')+\\r\\ncount(kql='event.deviceguard.ueficodereadonly.available : false')+\\r\\ncount(kql='event.deviceguard.usermodecodeintegrity.policyenforcement: \\\"Off\\\" ')+\\r\\ncount(kql='event.ufi.enabled: false ')\",\"isFormulaBroken\":false},\"references\":[\"2bcd5106-f375-4a03-bb55-a5b2ecfcd869X15\"],\"customLabel\":true},\"00b8ad38-df28-49ec-a473-348fd0305876\":{\"label\":\"Static value: 15\",\"dataType\":\"number\",\"operationType\":\"static_value\",\"isStaticValue\":true,\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"value\":\"15\"},\"references\":[]}},\"columnOrder\":[\"2bcd5106-f375-4a03-bb55-a5b2ecfcd869\",\"2bcd5106-f375-4a03-bb55-a5b2ecfcd869X0\",\"2bcd5106-f375-4a03-bb55-a5b2ecfcd869X1\",\"2bcd5106-f375-4a03-bb55-a5b2ecfcd869X2\",\"2bcd5106-f375-4a03-bb55-a5b2ecfcd869X3\",\"2bcd5106-f375-4a03-bb55-a5b2ecfcd869X4\",\"00b8ad38-df28-49ec-a473-348fd0305876\",\"2bcd5106-f375-4a03-bb55-a5b2ecfcd869X5\",\"2bcd5106-f375-4a03-bb55-a5b2ecfcd869X6\",\"2bcd5106-f375-4a03-bb55-a5b2ecfcd869X7\",\"2bcd5106-f375-4a03-bb55-a5b2ecfcd869X8\",\"2bcd5106-f375-4a03-bb55-a5b2ecfcd869X9\",\"2bcd5106-f375-4a03-bb55-a5b2ecfcd869X10\",\"2bcd5106-f375-4a03-bb55-a5b2ecfcd869X11\",\"2bcd5106-f375-4a03-bb55-a5b2ecfcd869X12\",\"2bcd5106-f375-4a03-bb55-a5b2ecfcd869X13\",\"2bcd5106-f375-4a03-bb55-a5b2ecfcd869X14\",\"2bcd5106-f375-4a03-bb55-a5b2ecfcd869X15\"],\"sampling\":1,\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{\"dynamicActions\":{\"events\":[{\"eventId\":\"c3bbd434-5b28-4d1a-8013-b1553f622b22\",\"triggers\":[\"FILTER_TRIGGER\"],\"action\":{\"factoryId\":\"DASHBOARD_TO_DASHBOARD_DRILLDOWN\",\"name\":\"View Protection Status for Endpoint\",\"config\":{\"useCurrentFilters\":false,\"useCurrentDateRange\":true,\"openInNewTab\":false}}}]}},\"hidePanelTitles\":true}},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":6,\"y\":27,\"w\":42,\"h\":5,\"i\":\"58ca195d-92a8-4a9d-bd11-1954002c8693\"},\"panelIndex\":\"58ca195d-92a8-4a9d-bd11-1954002c8693\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"9267bb1b-cf22-4417-8cfb-6606848140a7\",\"name\":\"indexpattern-datasource-layer-bae2bbb2-5c2c-406b-8deb-d02970643aa0\"}],\"state\":{\"visualization\":{\"columns\":[{\"columnId\":\"7652d41d-2e97-48fd-93e2-e824d0429eb7\",\"isTransposed\":false},{\"columnId\":\"6f018424-e6a2-4360-be1e-df25d68727f5\",\"isTransposed\":false,\"hidden\":true},{\"columnId\":\"936ad955-bf89-4c25-908d-d8d4e1e71bb0\",\"isTransposed\":false},{\"columnId\":\"795022df-3834-4ba5-b1a4-b747e4da1e2a\",\"isTransposed\":false},{\"columnId\":\"c984f83e-d094-47ea-87d2-3dcd7154ae37\",\"isTransposed\":false}],\"layerId\":\"bae2bbb2-5c2c-406b-8deb-d02970643aa0\",\"layerType\":\"data\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"bae2bbb2-5c2c-406b-8deb-d02970643aa0\":{\"columns\":{\"7652d41d-2e97-48fd-93e2-e824d0429eb7\":{\"label\":\"AntiVirus Name\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.security.antivirus.name\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"6f018424-e6a2-4360-be1e-df25d68727f5\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"6f018424-e6a2-4360-be1e-df25d68727f5\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true}},\"936ad955-bf89-4c25-908d-d8d4e1e71bb0\":{\"label\":\"AV Exists\",\"dataType\":\"boolean\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.security.antivirus.exists\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"6f018424-e6a2-4360-be1e-df25d68727f5\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"795022df-3834-4ba5-b1a4-b747e4da1e2a\":{\"label\":\"State\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.security.antivirus.state\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"6f018424-e6a2-4360-be1e-df25d68727f5\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"c984f83e-d094-47ea-87d2-3dcd7154ae37\":{\"label\":\"Status\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.security.antivirus.status\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"6f018424-e6a2-4360-be1e-df25d68727f5\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true}},\"columnOrder\":[\"936ad955-bf89-4c25-908d-d8d4e1e71bb0\",\"7652d41d-2e97-48fd-93e2-e824d0429eb7\",\"795022df-3834-4ba5-b1a4-b747e4da1e2a\",\"c984f83e-d094-47ea-87d2-3dcd7154ae37\",\"6f018424-e6a2-4360-be1e-df25d68727f5\"],\"sampling\":1,\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{\"dynamicActions\":{\"events\":[{\"eventId\":\"e7f01244-f435-4359-ab17-7faca8d78f98\",\"triggers\":[\"FILTER_TRIGGER\"],\"action\":{\"factoryId\":\"DASHBOARD_TO_DASHBOARD_DRILLDOWN\",\"name\":\"View Protection Status for Endpoint\",\"config\":{\"useCurrentFilters\":true,\"useCurrentDateRange\":true,\"openInNewTab\":false}}}]}}},\"title\":\"Antivirus Status\"},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":32,\"w\":48,\"h\":4,\"i\":\"5a0cbef6-cb66-4850-8dd1-4fc4f81ddaf2\"},\"panelIndex\":\"5a0cbef6-cb66-4850-8dd1-4fc4f81ddaf2\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"9267bb1b-cf22-4417-8cfb-6606848140a7\",\"name\":\"indexpattern-datasource-layer-ee0f709e-2211-41d5-afc0-086b3eb4d692\"}],\"state\":{\"visualization\":{\"columns\":[{\"columnId\":\"4bae6e8b-82e3-4e86-b8cc-017cd41c4cdc\",\"isTransposed\":false},{\"columnId\":\"6d563e2d-f0dd-40fc-b9c4-c003f69b6fd7\",\"isTransposed\":false},{\"columnId\":\"be8ac2ad-1ff9-4123-9ca6-ab95e7b1a50f\",\"isTransposed\":false},{\"columnId\":\"41f62f4c-295f-424b-b44f-452ed3b0dcd0\",\"isTransposed\":false},{\"columnId\":\"f80b87d6-0e6b-4489-863b-0164f889b4e6\",\"isTransposed\":false,\"width\":695}],\"layerId\":\"ee0f709e-2211-41d5-afc0-086b3eb4d692\",\"layerType\":\"data\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"ee0f709e-2211-41d5-afc0-086b3eb4d692\":{\"columns\":{\"4bae6e8b-82e3-4e86-b8cc-017cd41c4cdc\":{\"label\":\"TYCHON Agent Version\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"tychon.version.agent\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"be8ac2ad-1ff9-4123-9ca6-ab95e7b1a50f\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"6d563e2d-f0dd-40fc-b9c4-c003f69b6fd7\":{\"label\":\"Content Version\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"tychon.version.content\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"be8ac2ad-1ff9-4123-9ca6-ab95e7b1a50f\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"be8ac2ad-1ff9-4123-9ca6-ab95e7b1a50f\":{\"label\":\"OVAL Def Date\",\"dataType\":\"date\",\"operationType\":\"last_value\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"tychon.definition.oval\",\"filter\":{\"query\":\"tychon.definition.oval: *\",\"language\":\"kuery\"},\"params\":{\"sortField\":\"@timestamp\"},\"customLabel\":true},\"41f62f4c-295f-424b-b44f-452ed3b0dcd0\":{\"label\":\"SCAP Def Date\",\"dataType\":\"date\",\"operationType\":\"last_value\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"tychon.definition.stig\",\"filter\":{\"query\":\"tychon.definition.stig: *\",\"language\":\"kuery\"},\"params\":{\"sortField\":\"@timestamp\"},\"customLabel\":true},\"f80b87d6-0e6b-4489-863b-0164f889b4e6\":{\"label\":\"ID\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"tychon.id\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"be8ac2ad-1ff9-4123-9ca6-ab95e7b1a50f\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true}},\"columnOrder\":[\"f80b87d6-0e6b-4489-863b-0164f889b4e6\",\"4bae6e8b-82e3-4e86-b8cc-017cd41c4cdc\",\"6d563e2d-f0dd-40fc-b9c4-c003f69b6fd7\",\"be8ac2ad-1ff9-4123-9ca6-ab95e7b1a50f\",\"41f62f4c-295f-424b-b44f-452ed3b0dcd0\"],\"sampling\":1,\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"TYCHON Agentless Info\"},{\"version\":\"8.6.2\",\"type\":\"LOG_STREAM_EMBEDDABLE\",\"gridData\":{\"x\":0,\"y\":36,\"w\":48,\"h\":17,\"i\":\"649e620d-4cf9-4c17-978b-113e3df64c46\"},\"panelIndex\":\"649e620d-4cf9-4c17-978b-113e3df64c46\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Log stream\"}]", + "refreshInterval": { + "pause": true, + "value": 0 + }, + "timeFrom": "now-30d/d", + "timeRestore": true, + "timeTo": "now", + "title": "[TYCHON] Endpoint Browser - Host Information", + "version": 1 + }, + "coreMigrationVersion": "8.6.2", + "created_at": "2023-08-24T15:35:21.428Z", + "id": "tychon-6165bf50-3dbf-11ee-9610-15dee918f31a-host", + "migrationVersion": { + "dashboard": "8.6.0" + }, + "references": [ + { + "id": "tychon-ee4b44b0-40e6-11ee-8111-21f5f34f6dfc", + "name": "2d1446f2-6aee-4a7c-84e2-aeffa6c5cf9d:panel_2d1446f2-6aee-4a7c-84e2-aeffa6c5cf9d", + "type": "visualization" + }, + { + "id": "9267bb1b-cf22-4417-8cfb-6606848140a7", + "name": "a5029f8a-476b-4375-bb7a-d60889ade8a4:metrics_a5029f8a-476b-4375-bb7a-d60889ade8a4_0_index_pattern", + "type": "index-pattern" + }, + { + "id": "9267bb1b-cf22-4417-8cfb-6606848140a7", + "name": "8ecc8919-ac6e-4281-a356-05f552ccf10f:indexpattern-datasource-layer-f4ed5a42-075e-4684-a82d-9b69f3ff5212", + "type": "index-pattern" + }, + { + "id": "9267bb1b-cf22-4417-8cfb-6606848140a7", + "name": "fd21cc47-2ac3-4a88-8598-c458a47d1e90:indexpattern-datasource-layer-596cb7b8-af7b-40db-affa-e7591c0165be", + "type": "index-pattern" + }, + { + "id": "a264bf8d-abc3-4789-9f4c-bf76397e06ba", + "name": "7412b1ca-0c47-4905-aa6a-474686887f76:indexpattern-datasource-layer-21cf6cf3-6399-4b45-8e70-849aa6623d06", + "type": "index-pattern" + }, + { + "id": "78931842-dc88-45d7-a6ee-d79fb9f615bd", + "name": "88c54662-3d8e-4484-9bad-ab4d1aac4ffc:indexpattern-datasource-layer-72f117b5-7ab9-41e7-a1f4-423f8b423707", + "type": "index-pattern" + }, + { + "id": "tychon-2de7a3c0-3e08-11ee-9610-15dee918f31a-cve", + "name": "88c54662-3d8e-4484-9bad-ab4d1aac4ffc:drilldown:DASHBOARD_TO_DASHBOARD_DRILLDOWN:69270630-ea7e-41db-a897-69da6ff72cdf:dashboardId", + "type": "dashboard" + }, + { + "id": "e886429e-9532-4f44-bb36-6465fe760866", + "name": "5ba071e0-cef6-4e8f-b34a-11b1cc806714:indexpattern-datasource-layer-56f3ea8a-a52d-462c-a5d6-2446d6826ad2", + "type": "index-pattern" + }, + { + "id": "tychon-1af57010-41b6-11ee-83e4-c92ed141b9e5-networkadapter", + "name": "5ba071e0-cef6-4e8f-b34a-11b1cc806714:drilldown:DASHBOARD_TO_DASHBOARD_DRILLDOWN:601d0e2a-08ac-4442-bbfc-fdfb6ed68c0b:dashboardId", + "type": "dashboard" + }, + { + "id": "ed7c1bb4-5aac-45d4-9aff-06f4d4ad4a9a", + "name": "d64e1165-e5d6-46d2-abb9-e4315e238f9e:indexpattern-datasource-layer-72f117b5-7ab9-41e7-a1f4-423f8b423707", + "type": "index-pattern" + }, + { + "id": "tychon-e1c9c490-41a5-11ee-83e4-c92ed141b9e5-stig", + "name": "d64e1165-e5d6-46d2-abb9-e4315e238f9e:drilldown:DASHBOARD_TO_DASHBOARD_DRILLDOWN:5726c30e-a24d-4b78-9d26-deb2771144bd:dashboardId", + "type": "dashboard" + }, + { + "id": "62456a9a-bd4c-4b57-b6b5-5556b6869ce5", + "name": "0a48a778-6cb1-44c3-89b8-76d6169e29a8:indexpattern-datasource-layer-7fbad8bf-b2fd-44ee-b47b-5b2260b8498d", + "type": "index-pattern" + }, + { + "id": "tychon-380b6c10-3dbd-11ee-9610-15dee918f31a-harddrive", + "name": "0a48a778-6cb1-44c3-89b8-76d6169e29a8:drilldown:DASHBOARD_TO_DASHBOARD_DRILLDOWN:97fe566e-2647-47dc-a6fb-ccbbc69f8985:dashboardId", + "type": "dashboard" + }, + { + "id": "9267bb1b-cf22-4417-8cfb-6606848140a7", + "name": "9b009011-6f72-4379-a69b-21e6feedfce7:indexpattern-datasource-layer-4ac1c77b-306c-4a94-b080-f204193d6efd", + "type": "index-pattern" + }, + { + "id": "tychon-b85e87c0-41ab-11ee-83e4-c92ed141b9e5-epp", + "name": "9b009011-6f72-4379-a69b-21e6feedfce7:drilldown:DASHBOARD_TO_DASHBOARD_DRILLDOWN:c3bbd434-5b28-4d1a-8013-b1553f622b22:dashboardId", + "type": "dashboard" + }, + { + "id": "9267bb1b-cf22-4417-8cfb-6606848140a7", + "name": "58ca195d-92a8-4a9d-bd11-1954002c8693:indexpattern-datasource-layer-bae2bbb2-5c2c-406b-8deb-d02970643aa0", + "type": "index-pattern" + }, + { + "id": "tychon-b85e87c0-41ab-11ee-83e4-c92ed141b9e5-epp", + "name": "58ca195d-92a8-4a9d-bd11-1954002c8693:drilldown:DASHBOARD_TO_DASHBOARD_DRILLDOWN:e7f01244-f435-4359-ab17-7faca8d78f98:dashboardId", + "type": "dashboard" + }, + { + "id": "9267bb1b-cf22-4417-8cfb-6606848140a7", + "name": "5a0cbef6-cb66-4850-8dd1-4fc4f81ddaf2:indexpattern-datasource-layer-ee0f709e-2211-41d5-afc0-086b3eb4d692", + "type": "index-pattern" + }, + { + "id": "bb5226cd-c099-46d2-bb71-0257232c7d82", + "name": "controlGroup_374dee3b-0adb-43f7-87d4-a8b9c1c9c1c5:optionsListDataView", + "type": "index-pattern" + }, + { + "id": "e18d6100-3c85-11ee-9610-15dee918f31a", + "name": "tag-ref-e18d6100-3c85-11ee-9610-15dee918f31a", + "type": "tag" + }, + { + "id": "10af3800-10f3-11ee-af86-538da1394f27", + "name": "tag-ref-10af3800-10f3-11ee-af86-538da1394f27", + "type": "tag" + }, + { + "id": "5a3ae0c0-3dbf-11ee-9610-15dee918f31a", + "name": "tag-ref-5a3ae0c0-3dbf-11ee-9610-15dee918f31a", + "type": "tag" + }, + { + "id": "a3922360-3de6-11ee-9610-15dee918f31a", + "name": "tag-ref-a3922360-3de6-11ee-9610-15dee918f31a", + "type": "tag" + } + ], + "type": "dashboard", + "updated_at": "2023-08-24T15:35:21.428Z", + "version": "WzgzMzgzMywyMl0=" +} \ No newline at end of file diff --git a/packages/tychon/kibana/dashboard/tychon-75c383c0-e508-11ed-8a95-ab70156d4b18-cve.json b/packages/tychon/kibana/dashboard/tychon-75c383c0-e508-11ed-8a95-ab70156d4b18-cve.json new file mode 100644 index 00000000000..46af8bafe1f --- /dev/null +++ b/packages/tychon/kibana/dashboard/tychon-75c383c0-e508-11ed-8a95-ab70156d4b18-cve.json @@ -0,0 +1,136 @@ +{ + "attributes": { + "description": "TYCHON scans vulnerabilities on every endpoint, it has thousands of checks and leverages the OVAL standard to determine if a CVE applies to an endpoint. TYCHON updates scan results for failed vulnerabilities every hour and performs full vulnerability checks at every reboot of a computer. The results and findings are displayed in this dashboard.", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "optionsJSON": "{\"useMargins\":true,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}", + "panelsJSON": "[{\"version\":\"8.8.2\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":0,\"w\":4,\"h\":5,\"i\":\"c727c528-622b-4fb7-857e-e3bcfe0751fd\"},\"panelIndex\":\"c727c528-622b-4fb7-857e-e3bcfe0751fd\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"description\":\"\",\"visualizationType\":\"lnsLegacyMetric\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"78931842-dc88-45d7-a6ee-d79fb9f615bd\",\"name\":\"indexpattern-datasource-layer-0682870a-1465-4a9d-be3e-c4863b7582ea\"}],\"state\":{\"visualization\":{\"layerId\":\"0682870a-1465-4a9d-be3e-c4863b7582ea\",\"accessor\":\"e7d4cc9e-5f43-472d-959d-e0ba1333952b\",\"layerType\":\"data\",\"size\":\"xl\",\"textAlign\":\"center\",\"titlePosition\":\"bottom\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"0682870a-1465-4a9d-be3e-c4863b7582ea\":{\"columns\":{\"e7d4cc9e-5f43-472d-959d-e0ba1333952b\":{\"label\":\"Total Vulnerability Count\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"vulnerability.id\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":false},\"customLabel\":true}},\"columnOrder\":[\"e7d4cc9e-5f43-472d-959d-e0ba1333952b\"],\"sampling\":1,\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":true,\"enhancements\":{}}},{\"version\":\"8.8.2\",\"type\":\"lens\",\"gridData\":{\"x\":4,\"y\":0,\"w\":4,\"h\":5,\"i\":\"cab4478f-def6-426a-9c1d-b960cb9e03e9\"},\"panelIndex\":\"cab4478f-def6-426a-9c1d-b960cb9e03e9\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"description\":\"\",\"visualizationType\":\"lnsLegacyMetric\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"78931842-dc88-45d7-a6ee-d79fb9f615bd\",\"name\":\"indexpattern-datasource-layer-0682870a-1465-4a9d-be3e-c4863b7582ea\"}],\"state\":{\"visualization\":{\"layerId\":\"0682870a-1465-4a9d-be3e-c4863b7582ea\",\"accessor\":\"e7d4cc9e-5f43-472d-959d-e0ba1333952b\",\"layerType\":\"data\",\"size\":\"xl\",\"textAlign\":\"center\",\"titlePosition\":\"bottom\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"0682870a-1465-4a9d-be3e-c4863b7582ea\":{\"columns\":{\"e7d4cc9e-5f43-472d-959d-e0ba1333952b\":{\"label\":\"Total Asset Count\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"tychon.id\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":false},\"customLabel\":true}},\"columnOrder\":[\"e7d4cc9e-5f43-472d-959d-e0ba1333952b\"],\"sampling\":1,\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":true,\"enhancements\":{}},\"title\":\"\"},{\"version\":\"8.8.2\",\"type\":\"lens\",\"gridData\":{\"x\":8,\"y\":0,\"w\":8,\"h\":13,\"i\":\"c34200e8-bd83-4a77-9b2f-dc4c87bc1ad9\"},\"panelIndex\":\"c34200e8-bd83-4a77-9b2f-dc4c87bc1ad9\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"description\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"5be62502-2bab-4d66-97ff-d9373963c50d\",\"name\":\"indexpattern-datasource-layer-017cbeff-136b-4bcd-a68f-1d9bb899aa4b\"}],\"state\":{\"visualization\":{\"columns\":[{\"columnId\":\"949c9440-9dd3-49e4-8476-8ff7d5b0e4b7\",\"isTransposed\":false,\"oneClickFilter\":true},{\"columnId\":\"e1ab1f7d-bcb4-4c68-b383-8662ed9a3adf\",\"isTransposed\":false}],\"layerId\":\"017cbeff-136b-4bcd-a68f-1d9bb899aa4b\",\"layerType\":\"data\"},\"query\":{\"query\":\"vulnerability.result : \\\"fail\\\" and vulnerability.due_date \u003e \\\"1970-01-01\\\" and vulnerability.due_date \u003c now\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"017cbeff-136b-4bcd-a68f-1d9bb899aa4b\":{\"columns\":{\"949c9440-9dd3-49e4-8476-8ff7d5b0e4b7\":{\"label\":\"CVE ID\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"vulnerability.id\",\"isBucketed\":true,\"params\":{\"size\":50,\"orderBy\":{\"type\":\"column\",\"columnId\":\"e1ab1f7d-bcb4-4c68-b383-8662ed9a3adf\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"e1ab1f7d-bcb4-4c68-b383-8662ed9a3adf\":{\"label\":\"Due Date\",\"dataType\":\"date\",\"operationType\":\"last_value\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"vulnerability.due_date\",\"filter\":{\"query\":\"vulnerability.due_date: *\",\"language\":\"kuery\"},\"params\":{\"sortField\":\"vulnerability.due_date\"},\"customLabel\":true}},\"columnOrder\":[\"949c9440-9dd3-49e4-8476-8ff7d5b0e4b7\",\"e1ab1f7d-bcb4-4c68-b383-8662ed9a3adf\"],\"sampling\":1,\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"description\":\"TYCHON gives a \\\"due date\\\" for vulnerabilities when they meet certain criteria. It uses CISA reported date, then 18 days from an IAVA release, or 30 days from the release of a critical severity CVE.\",\"enhancements\":{}},\"title\":\"Vulnerabilities Failing Past Due\"},{\"version\":\"8.8.2\",\"type\":\"lens\",\"gridData\":{\"x\":16,\"y\":0,\"w\":16,\"h\":13,\"i\":\"d4f17392-b10b-4343-82ea-a7e374333327\"},\"panelIndex\":\"d4f17392-b10b-4343-82ea-a7e374333327\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"description\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"78931842-dc88-45d7-a6ee-d79fb9f615bd\",\"name\":\"indexpattern-datasource-layer-2aca319d-8aef-4230-afa2-3fc928a03f8d\"},{\"type\":\"index-pattern\",\"name\":\"4e2f597d-d225-4927-8a8f-a9c968bd4a21\",\"id\":\"78931842-dc88-45d7-a6ee-d79fb9f615bd\"}],\"state\":{\"visualization\":{\"columns\":[{\"columnId\":\"4be56e8d-3d14-4175-80c8-222f40fd9659\",\"isTransposed\":false,\"oneClickFilter\":true},{\"columnId\":\"98af4dc8-b5fd-49fe-979f-fdcd1b012600\",\"isTransposed\":false,\"colorMode\":\"cell\",\"palette\":{\"type\":\"palette\",\"name\":\"temperature\",\"params\":{\"stops\":[{\"color\":\"#6092c0\",\"stop\":0},{\"color\":\"#a8bfda\",\"stop\":20},{\"color\":\"#ebeff5\",\"stop\":40},{\"color\":\"#ecb385\",\"stop\":60},{\"color\":\"#e7664c\",\"stop\":80}],\"name\":\"temperature\",\"continuity\":\"above\",\"reverse\":false,\"rangeMin\":0,\"rangeMax\":null}},\"alignment\":\"center\",\"summaryRow\":\"sum\"},{\"columnId\":\"2c114e7a-fd2b-4a07-a4c1-9438782e8f5b\",\"isTransposed\":false,\"alignment\":\"center\",\"colorMode\":\"cell\",\"palette\":{\"type\":\"palette\",\"name\":\"positive\",\"params\":{\"stops\":[{\"color\":\"#d6e9e4\",\"stop\":20},{\"color\":\"#aed3ca\",\"stop\":40},{\"color\":\"#85bdb1\",\"stop\":60},{\"color\":\"#5aa898\",\"stop\":80},{\"color\":\"#209280\",\"stop\":100}]}},\"summaryRow\":\"sum\"},{\"columnId\":\"f55eae82-d6a8-4314-9eac-c4e5f68a521e\",\"isTransposed\":false,\"alignment\":\"center\",\"colorMode\":\"cell\",\"palette\":{\"type\":\"palette\",\"name\":\"temperature\",\"params\":{\"stops\":[{\"color\":\"#6092c0\",\"stop\":0},{\"color\":\"#a8bfda\",\"stop\":20},{\"color\":\"#ebeff5\",\"stop\":40},{\"color\":\"#ecb385\",\"stop\":60},{\"color\":\"#e7664c\",\"stop\":80}],\"name\":\"temperature\",\"continuity\":\"above\",\"reverse\":false,\"rangeMin\":0,\"rangeMax\":null}},\"summaryRow\":\"sum\"},{\"columnId\":\"2bf89fa2-fa5e-49d4-ae94-69caf1677afd\",\"isTransposed\":false}],\"layerId\":\"2aca319d-8aef-4230-afa2-3fc928a03f8d\",\"layerType\":\"data\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[{\"meta\":{\"disabled\":false,\"negate\":true,\"alias\":null,\"index\":\"4e2f597d-d225-4927-8a8f-a9c968bd4a21\",\"key\":\"vulnerability.severity\",\"field\":\"vulnerability.severity\",\"params\":{\"query\":\"\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"vulnerability.severity\":\"\"}},\"$state\":{\"store\":\"appState\"}}],\"datasourceStates\":{\"formBased\":{\"layers\":{\"2aca319d-8aef-4230-afa2-3fc928a03f8d\":{\"columns\":{\"4be56e8d-3d14-4175-80c8-222f40fd9659\":{\"label\":\"NVD Severity\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"vulnerability.severity\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"alphabetical\",\"fallback\":false},\"orderDirection\":\"asc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"98af4dc8-b5fd-49fe-979f-fdcd1b012600\":{\"label\":\"Total Failures\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"vulnerability.id\",\"isBucketed\":false,\"filter\":{\"query\":\"vulnerability.result : \\\"fail\\\" \",\"language\":\"kuery\"},\"params\":{\"emptyAsNull\":false},\"customLabel\":true},\"2c114e7a-fd2b-4a07-a4c1-9438782e8f5b\":{\"label\":\"Total Passed\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"vulnerability.id\",\"isBucketed\":false,\"filter\":{\"query\":\"vulnerability.result : \\\"pass\\\" \",\"language\":\"kuery\"},\"params\":{\"emptyAsNull\":true},\"customLabel\":true},\"f55eae82-d6a8-4314-9eac-c4e5f68a521e\":{\"label\":\"Total Score\",\"dataType\":\"number\",\"operationType\":\"sum\",\"sourceField\":\"vulnerability.score.base\",\"isBucketed\":false,\"scale\":\"ratio\",\"filter\":{\"query\":\"vulnerability.result : \\\"fail\\\" \",\"language\":\"kuery\"},\"params\":{\"emptyAsNull\":false},\"customLabel\":true},\"2bf89fa2-fa5e-49d4-ae94-69caf1677afd\":{\"label\":\"Total Possible Score\",\"dataType\":\"number\",\"operationType\":\"sum\",\"sourceField\":\"vulnerability.score.base\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"emptyAsNull\":false},\"customLabel\":true}},\"columnOrder\":[\"4be56e8d-3d14-4175-80c8-222f40fd9659\",\"98af4dc8-b5fd-49fe-979f-fdcd1b012600\",\"2c114e7a-fd2b-4a07-a4c1-9438782e8f5b\",\"f55eae82-d6a8-4314-9eac-c4e5f68a521e\",\"2bf89fa2-fa5e-49d4-ae94-69caf1677afd\"],\"sampling\":1,\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"description\":\"TYCHON uses NVD version 2 and 3 scores to evaluate risk scores for CVE vulnerabilities. \",\"enhancements\":{}},\"title\":\"NVD Severity Breakdown\"},{\"version\":\"8.8.2\",\"type\":\"lens\",\"gridData\":{\"x\":32,\"y\":0,\"w\":8,\"h\":9,\"i\":\"5cb629a9-cd1d-4c34-80d0-bd4f89f8c7a3\"},\"panelIndex\":\"5cb629a9-cd1d-4c34-80d0-bd4f89f8c7a3\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"description\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"78931842-dc88-45d7-a6ee-d79fb9f615bd\",\"name\":\"indexpattern-datasource-layer-2aca319d-8aef-4230-afa2-3fc928a03f8d\"},{\"type\":\"index-pattern\",\"name\":\"f9b1376a-2b15-459b-83e8-808684076ee2\",\"id\":\"78931842-dc88-45d7-a6ee-d79fb9f615bd\"}],\"state\":{\"visualization\":{\"columns\":[{\"columnId\":\"4be56e8d-3d14-4175-80c8-222f40fd9659\",\"isTransposed\":false,\"oneClickFilter\":true},{\"columnId\":\"98af4dc8-b5fd-49fe-979f-fdcd1b012600\",\"isTransposed\":false,\"colorMode\":\"cell\",\"palette\":{\"type\":\"palette\",\"name\":\"temperature\",\"params\":{\"stops\":[{\"color\":\"#6092c0\",\"stop\":0},{\"color\":\"#a8bfda\",\"stop\":20},{\"color\":\"#ebeff5\",\"stop\":40},{\"color\":\"#ecb385\",\"stop\":60},{\"color\":\"#e7664c\",\"stop\":80}],\"name\":\"temperature\",\"continuity\":\"above\",\"reverse\":false,\"rangeMin\":0,\"rangeMax\":null}},\"alignment\":\"center\",\"summaryRow\":\"sum\"},{\"columnId\":\"2c114e7a-fd2b-4a07-a4c1-9438782e8f5b\",\"isTransposed\":false,\"alignment\":\"center\",\"colorMode\":\"cell\",\"palette\":{\"type\":\"palette\",\"name\":\"positive\",\"params\":{\"stops\":[{\"color\":\"#d6e9e4\",\"stop\":20},{\"color\":\"#aed3ca\",\"stop\":40},{\"color\":\"#85bdb1\",\"stop\":60},{\"color\":\"#5aa898\",\"stop\":80},{\"color\":\"#209280\",\"stop\":100}]}},\"summaryRow\":\"sum\"}],\"layerId\":\"2aca319d-8aef-4230-afa2-3fc928a03f8d\",\"layerType\":\"data\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[{\"meta\":{\"disabled\":false,\"negate\":true,\"alias\":null,\"index\":\"f9b1376a-2b15-459b-83e8-808684076ee2\",\"key\":\"vulnerability.iava_severity\",\"field\":\"vulnerability.iava_severity\",\"params\":{\"query\":\"\"},\"type\":\"phrase\"},\"query\":{\"match_phrase\":{\"vulnerability.iava_severity\":\"\"}},\"$state\":{\"store\":\"appState\"}}],\"datasourceStates\":{\"formBased\":{\"layers\":{\"2aca319d-8aef-4230-afa2-3fc928a03f8d\":{\"columns\":{\"4be56e8d-3d14-4175-80c8-222f40fd9659\":{\"label\":\"NVD Severity\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"vulnerability.iava_severity\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"alphabetical\",\"fallback\":false},\"orderDirection\":\"asc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false,\"secondaryFields\":[]},\"customLabel\":true},\"98af4dc8-b5fd-49fe-979f-fdcd1b012600\":{\"label\":\"Total Failures\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"vulnerability.id\",\"isBucketed\":false,\"filter\":{\"query\":\"vulnerability.result : \\\"fail\\\" \",\"language\":\"kuery\"},\"params\":{\"emptyAsNull\":false},\"customLabel\":true},\"2c114e7a-fd2b-4a07-a4c1-9438782e8f5b\":{\"label\":\"Total Passed\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"vulnerability.id\",\"isBucketed\":false,\"filter\":{\"query\":\"vulnerability.result : \\\"pass\\\" \",\"language\":\"kuery\"},\"params\":{\"emptyAsNull\":true},\"customLabel\":true}},\"columnOrder\":[\"4be56e8d-3d14-4175-80c8-222f40fd9659\",\"98af4dc8-b5fd-49fe-979f-fdcd1b012600\",\"2c114e7a-fd2b-4a07-a4c1-9438782e8f5b\"],\"sampling\":1,\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"description\":\"TYCHON aligns its vulnerabilities to DISA IAVA to help associate the risk with failing checks.\",\"enhancements\":{}},\"title\":\"IAVA Severity Breakdown \"},{\"version\":\"8.8.2\",\"type\":\"lens\",\"gridData\":{\"x\":40,\"y\":0,\"w\":8,\"h\":32,\"i\":\"9d7c1a54-bcc4-4ee3-9fb0-bcc83768d8bb\"},\"panelIndex\":\"9d7c1a54-bcc4-4ee3-9fb0-bcc83768d8bb\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"description\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"78931842-dc88-45d7-a6ee-d79fb9f615bd\",\"name\":\"indexpattern-datasource-layer-10dc586e-9120-457f-bd25-337e235c0ede\"}],\"state\":{\"visualization\":{\"columns\":[{\"columnId\":\"0bddfe81-b0e4-4eca-9e82-6f5072578ee7\",\"isTransposed\":false,\"oneClickFilter\":true,\"alignment\":\"center\"},{\"columnId\":\"b5204440-d65a-4c58-a048-242c2bc8c9da\",\"isTransposed\":false,\"alignment\":\"center\"},{\"columnId\":\"ff6c9cbe-26b9-4185-b86d-e41dbc60c1c6\",\"isTransposed\":false,\"alignment\":\"center\",\"colorMode\":\"cell\",\"palette\":{\"type\":\"palette\",\"name\":\"negative\",\"params\":{\"stops\":[{\"color\":\"#fbddd6\",\"stop\":0},{\"color\":\"#f3bbaf\",\"stop\":20},{\"color\":\"#e99a89\",\"stop\":40},{\"color\":\"#db7965\",\"stop\":60},{\"color\":\"#cc5642\",\"stop\":80}],\"name\":\"negative\",\"continuity\":\"above\",\"reverse\":false,\"rangeMin\":0,\"rangeMax\":null}}}],\"layerId\":\"10dc586e-9120-457f-bd25-337e235c0ede\",\"layerType\":\"data\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"10dc586e-9120-457f-bd25-337e235c0ede\":{\"columns\":{\"0bddfe81-b0e4-4eca-9e82-6f5072578ee7\":{\"label\":\"Year\",\"dataType\":\"number\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"vulnerability.year\",\"isBucketed\":true,\"params\":{\"size\":30,\"orderBy\":{\"type\":\"column\",\"columnId\":\"b5204440-d65a-4c58-a048-242c2bc8c9da\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"b5204440-d65a-4c58-a048-242c2bc8c9da\":{\"label\":\"Total Count\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true},\"customLabel\":true},\"ff6c9cbe-26b9-4185-b86d-e41dbc60c1c6\":{\"label\":\"Failing Counts\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"vulnerability.id\",\"filter\":{\"query\":\"vulnerability.result : \\\"fail\\\" \",\"language\":\"kuery\"},\"params\":{\"emptyAsNull\":true},\"customLabel\":true}},\"columnOrder\":[\"0bddfe81-b0e4-4eca-9e82-6f5072578ee7\",\"b5204440-d65a-4c58-a048-242c2bc8c9da\",\"ff6c9cbe-26b9-4185-b86d-e41dbc60c1c6\"],\"sampling\":1,\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Counts By Year\"},{\"version\":\"8.8.2\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":5,\"w\":4,\"h\":4,\"i\":\"43687602-22dc-4c1c-8eaa-b73bf8684e2b\"},\"panelIndex\":\"43687602-22dc-4c1c-8eaa-b73bf8684e2b\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"description\":\"\",\"visualizationType\":\"lnsMetric\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"78931842-dc88-45d7-a6ee-d79fb9f615bd\",\"name\":\"indexpattern-datasource-layer-f8c69b31-1e26-48da-bfce-173a232da856\"}],\"state\":{\"visualization\":{\"layerId\":\"f8c69b31-1e26-48da-bfce-173a232da856\",\"layerType\":\"data\",\"metricAccessor\":\"70df2efb-db8e-43ab-bd8e-35efab122186\",\"maxAccessor\":\"64227f18-dfeb-4263-acbd-a4bc6e800520\",\"showBar\":true,\"color\":\"#E7664C\",\"progressDirection\":\"horizontal\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"f8c69b31-1e26-48da-bfce-173a232da856\":{\"columns\":{\"70df2efb-db8e-43ab-bd8e-35efab122186\":{\"label\":\"Total Fails\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"filter\":{\"query\":\"vulnerability.result : \\\"fail\\\" \",\"language\":\"kuery\"},\"params\":{\"emptyAsNull\":true},\"customLabel\":true},\"64227f18-dfeb-4263-acbd-a4bc6e800520\":{\"label\":\"Total Count\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true},\"customLabel\":true}},\"columnOrder\":[\"70df2efb-db8e-43ab-bd8e-35efab122186\",\"64227f18-dfeb-4263-acbd-a4bc6e800520\"],\"sampling\":1,\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":true,\"enhancements\":{}}},{\"version\":\"8.8.2\",\"type\":\"lens\",\"gridData\":{\"x\":4,\"y\":5,\"w\":4,\"h\":4,\"i\":\"8e5d38ea-9796-49e2-bbb7-02db91569c4b\"},\"panelIndex\":\"8e5d38ea-9796-49e2-bbb7-02db91569c4b\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"description\":\"\",\"visualizationType\":\"lnsMetric\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"78931842-dc88-45d7-a6ee-d79fb9f615bd\",\"name\":\"indexpattern-datasource-layer-f8c69b31-1e26-48da-bfce-173a232da856\"}],\"state\":{\"visualization\":{\"layerId\":\"f8c69b31-1e26-48da-bfce-173a232da856\",\"layerType\":\"data\",\"metricAccessor\":\"70df2efb-db8e-43ab-bd8e-35efab122186\",\"maxAccessor\":\"64227f18-dfeb-4263-acbd-a4bc6e800520\",\"showBar\":true,\"color\":\"#E7664C\",\"progressDirection\":\"horizontal\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"f8c69b31-1e26-48da-bfce-173a232da856\":{\"columns\":{\"70df2efb-db8e-43ab-bd8e-35efab122186\":{\"label\":\"Hosts Failing\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"tychon.id\",\"isBucketed\":false,\"filter\":{\"query\":\"vulnerability.result : \\\"fail\\\" \",\"language\":\"kuery\"},\"params\":{\"emptyAsNull\":true},\"customLabel\":true},\"64227f18-dfeb-4263-acbd-a4bc6e800520\":{\"label\":\"Unique count of tychon.id\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"tychon.id\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":true}}},\"columnOrder\":[\"70df2efb-db8e-43ab-bd8e-35efab122186\",\"64227f18-dfeb-4263-acbd-a4bc6e800520\"],\"sampling\":1,\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":true,\"enhancements\":{}},\"title\":\"\"},{\"version\":\"8.8.2\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":9,\"w\":4,\"h\":4,\"i\":\"69a84b6a-5fd8-47b0-ac56-4b36579689c3\"},\"panelIndex\":\"69a84b6a-5fd8-47b0-ac56-4b36579689c3\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"description\":\"\",\"visualizationType\":\"lnsMetric\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"78931842-dc88-45d7-a6ee-d79fb9f615bd\",\"name\":\"indexpattern-datasource-layer-f8c69b31-1e26-48da-bfce-173a232da856\"}],\"state\":{\"visualization\":{\"layerId\":\"f8c69b31-1e26-48da-bfce-173a232da856\",\"layerType\":\"data\",\"metricAccessor\":\"70df2efb-db8e-43ab-bd8e-35efab122186\",\"maxAccessor\":\"64227f18-dfeb-4263-acbd-a4bc6e800520\",\"showBar\":true,\"color\":\"#54B399\",\"progressDirection\":\"horizontal\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"f8c69b31-1e26-48da-bfce-173a232da856\":{\"columns\":{\"70df2efb-db8e-43ab-bd8e-35efab122186\":{\"label\":\"Total Passed\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"filter\":{\"query\":\"vulnerability.result : \\\"pass\\\" \",\"language\":\"kuery\"},\"params\":{\"emptyAsNull\":true},\"customLabel\":true},\"64227f18-dfeb-4263-acbd-a4bc6e800520\":{\"label\":\"Total Count\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true},\"customLabel\":true}},\"columnOrder\":[\"70df2efb-db8e-43ab-bd8e-35efab122186\",\"64227f18-dfeb-4263-acbd-a4bc6e800520\"],\"sampling\":1,\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":true,\"enhancements\":{}},\"title\":\"\"},{\"version\":\"8.8.2\",\"type\":\"lens\",\"gridData\":{\"x\":4,\"y\":9,\"w\":4,\"h\":4,\"i\":\"e77342b9-6b1d-4c31-ae74-65550418decb\"},\"panelIndex\":\"e77342b9-6b1d-4c31-ae74-65550418decb\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"description\":\"\",\"visualizationType\":\"lnsMetric\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"78931842-dc88-45d7-a6ee-d79fb9f615bd\",\"name\":\"indexpattern-datasource-layer-f8c69b31-1e26-48da-bfce-173a232da856\"}],\"state\":{\"visualization\":{\"layerId\":\"f8c69b31-1e26-48da-bfce-173a232da856\",\"layerType\":\"data\",\"metricAccessor\":\"70df2efb-db8e-43ab-bd8e-35efab122186\",\"maxAccessor\":\"64227f18-dfeb-4263-acbd-a4bc6e800520\",\"showBar\":true,\"color\":\"#E7664C\",\"progressDirection\":\"horizontal\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"f8c69b31-1e26-48da-bfce-173a232da856\":{\"columns\":{\"70df2efb-db8e-43ab-bd8e-35efab122186\":{\"label\":\"Hosts Failing IAVA\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"tychon.id\",\"isBucketed\":false,\"filter\":{\"query\":\"vulnerability.result : \\\"fail\\\" and not vulnerability.iava : \\\"\\\"\",\"language\":\"kuery\"},\"params\":{\"emptyAsNull\":true},\"customLabel\":true},\"64227f18-dfeb-4263-acbd-a4bc6e800520\":{\"label\":\"Unique count of tychon.id\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"tychon.id\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":true}}},\"columnOrder\":[\"70df2efb-db8e-43ab-bd8e-35efab122186\",\"64227f18-dfeb-4263-acbd-a4bc6e800520\"],\"sampling\":1,\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":true,\"enhancements\":{}},\"title\":\"\"},{\"version\":\"8.8.2\",\"type\":\"lens\",\"gridData\":{\"x\":32,\"y\":9,\"w\":8,\"h\":23,\"i\":\"9d985147-542e-444e-95de-86b72e141def\"},\"panelIndex\":\"9d985147-542e-444e-95de-86b72e141def\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"description\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"78931842-dc88-45d7-a6ee-d79fb9f615bd\",\"name\":\"indexpattern-datasource-layer-10dc586e-9120-457f-bd25-337e235c0ede\"},{\"type\":\"index-pattern\",\"name\":\"8da78282-bb0e-4b32-b6c4-5b6fcb752b4d\",\"id\":\"78931842-dc88-45d7-a6ee-d79fb9f615bd\"}],\"state\":{\"visualization\":{\"columns\":[{\"columnId\":\"0bddfe81-b0e4-4eca-9e82-6f5072578ee7\",\"isTransposed\":false,\"oneClickFilter\":true,\"alignment\":\"center\"},{\"columnId\":\"ff6c9cbe-26b9-4185-b86d-e41dbc60c1c6\",\"isTransposed\":false,\"alignment\":\"center\",\"colorMode\":\"cell\",\"palette\":{\"type\":\"palette\",\"name\":\"negative\",\"params\":{\"stops\":[{\"color\":\"#fbddd6\",\"stop\":0},{\"color\":\"#f3bbaf\",\"stop\":20},{\"color\":\"#e99a89\",\"stop\":40},{\"color\":\"#db7965\",\"stop\":60},{\"color\":\"#cc5642\",\"stop\":80}],\"name\":\"negative\",\"continuity\":\"above\",\"reverse\":false,\"rangeMin\":0,\"rangeMax\":null}}}],\"layerId\":\"10dc586e-9120-457f-bd25-337e235c0ede\",\"layerType\":\"data\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[{\"meta\":{\"index\":\"8da78282-bb0e-4b32-b6c4-5b6fcb752b4d\",\"type\":\"phrase\",\"key\":\"vulnerability.iava\",\"params\":{\"query\":\"\"},\"disabled\":false,\"negate\":true,\"alias\":null},\"query\":{\"match_phrase\":{\"vulnerability.iava\":\"\"}},\"$state\":{\"store\":\"appState\"}}],\"datasourceStates\":{\"formBased\":{\"layers\":{\"10dc586e-9120-457f-bd25-337e235c0ede\":{\"columns\":{\"0bddfe81-b0e4-4eca-9e82-6f5072578ee7\":{\"label\":\"IAVA ID\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"vulnerability.iava\",\"isBucketed\":true,\"params\":{\"size\":30,\"orderBy\":{\"type\":\"column\",\"columnId\":\"ff6c9cbe-26b9-4185-b86d-e41dbc60c1c6\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false,\"secondaryFields\":[]},\"customLabel\":true},\"ff6c9cbe-26b9-4185-b86d-e41dbc60c1c6\":{\"label\":\"Failing Counts\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"vulnerability.id\",\"filter\":{\"query\":\"vulnerability.result : \\\"fail\\\" \",\"language\":\"kuery\"},\"params\":{\"emptyAsNull\":false},\"customLabel\":true}},\"columnOrder\":[\"0bddfe81-b0e4-4eca-9e82-6f5072578ee7\",\"ff6c9cbe-26b9-4185-b86d-e41dbc60c1c6\"],\"sampling\":1,\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{},\"description\":\"DISA IAVA IDs and the total number of failures.\"},\"title\":\"IAVA IDs\"},{\"version\":\"8.8.2\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":13,\"w\":13,\"h\":19,\"i\":\"fbd0fbab-9136-49c6-9b75-46bd3f8d987b\"},\"panelIndex\":\"fbd0fbab-9136-49c6-9b75-46bd3f8d987b\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"description\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"78931842-dc88-45d7-a6ee-d79fb9f615bd\",\"name\":\"indexpattern-datasource-layer-2b0af3cf-2577-4225-b801-4dbc1c6d10c3\"}],\"state\":{\"visualization\":{\"columns\":[{\"columnId\":\"2209b20f-7ba7-4118-8ec1-1b860ce5c335\",\"isTransposed\":false,\"oneClickFilter\":true},{\"columnId\":\"96b1c955-f220-47d9-a69f-a01099cd252f\",\"isTransposed\":false,\"alignment\":\"center\",\"colorMode\":\"cell\",\"palette\":{\"type\":\"palette\",\"name\":\"negative\",\"params\":{\"stops\":[{\"color\":\"#fbddd6\",\"stop\":0},{\"color\":\"#f3bbaf\",\"stop\":20},{\"color\":\"#e99a89\",\"stop\":40},{\"color\":\"#db7965\",\"stop\":60},{\"color\":\"#cc5642\",\"stop\":80}],\"name\":\"negative\",\"continuity\":\"above\",\"reverse\":false,\"rangeMin\":0,\"rangeMax\":null}}},{\"columnId\":\"235c5841-8650-4f0d-b15e-e3d9b27ceabc\",\"isTransposed\":false},{\"columnId\":\"41beb024-d85d-4652-a507-97071212c25f\",\"isTransposed\":false}],\"layerId\":\"2b0af3cf-2577-4225-b801-4dbc1c6d10c3\",\"layerType\":\"data\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"2b0af3cf-2577-4225-b801-4dbc1c6d10c3\":{\"columns\":{\"2209b20f-7ba7-4118-8ec1-1b860ce5c335\":{\"label\":\"Hostname\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.hostname\",\"isBucketed\":true,\"params\":{\"size\":200,\"orderBy\":{\"type\":\"column\",\"columnId\":\"96b1c955-f220-47d9-a69f-a01099cd252f\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"96b1c955-f220-47d9-a69f-a01099cd252f\":{\"label\":\"Total Failing\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"vulnerability.id\",\"isBucketed\":false,\"filter\":{\"query\":\"vulnerability.result : \\\"fail\\\" \",\"language\":\"kuery\"},\"params\":{\"emptyAsNull\":true},\"customLabel\":true},\"235c5841-8650-4f0d-b15e-e3d9b27ceabc\":{\"label\":\"IP\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.ip\",\"isBucketed\":true,\"params\":{\"size\":1,\"orderBy\":{\"type\":\"column\",\"columnId\":\"96b1c955-f220-47d9-a69f-a01099cd252f\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"41beb024-d85d-4652-a507-97071212c25f\":{\"label\":\"MAC\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.mac\",\"isBucketed\":true,\"params\":{\"size\":1,\"orderBy\":{\"type\":\"column\",\"columnId\":\"96b1c955-f220-47d9-a69f-a01099cd252f\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true}},\"columnOrder\":[\"2209b20f-7ba7-4118-8ec1-1b860ce5c335\",\"235c5841-8650-4f0d-b15e-e3d9b27ceabc\",\"41beb024-d85d-4652-a507-97071212c25f\",\"96b1c955-f220-47d9-a69f-a01099cd252f\"],\"sampling\":1,\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"description\":\"The Top 200 hosts that are reporting failed vulnerabilities, this is a total count of fails. \",\"enhancements\":{\"dynamicActions\":{\"events\":[{\"eventId\":\"96e39190-5ea2-4199-993b-6e2657b8299b\",\"triggers\":[\"FILTER_TRIGGER\"],\"action\":{\"factoryId\":\"DASHBOARD_TO_DASHBOARD_DRILLDOWN\",\"name\":\"Navigate to Endpoint Browser\",\"config\":{\"useCurrentFilters\":false,\"useCurrentDateRange\":true,\"openInNewTab\":true}}}]}}},\"title\":\"Top 200 Failing Hosts\"},{\"version\":\"8.8.2\",\"type\":\"lens\",\"gridData\":{\"x\":13,\"y\":13,\"w\":19,\"h\":19,\"i\":\"1e383218-85c2-48c6-a653-25b2f0c0d869\"},\"panelIndex\":\"1e383218-85c2-48c6-a653-25b2f0c0d869\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"description\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"5be62502-2bab-4d66-97ff-d9373963c50d\",\"name\":\"indexpattern-datasource-layer-21c4a9b8-f5ce-418b-9466-605c2742d8d9\"},{\"type\":\"index-pattern\",\"name\":\"d50ba03c-dcd0-469e-a4c2-1a02d99263d8\",\"id\":\"5be62502-2bab-4d66-97ff-d9373963c50d\"}],\"state\":{\"visualization\":{\"title\":\"Empty XY chart\",\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"valueLabels\":\"hide\",\"preferredSeriesType\":\"area\",\"layers\":[{\"layerId\":\"21c4a9b8-f5ce-418b-9466-605c2742d8d9\",\"accessors\":[\"83ac325a-0162-45d4-b642-33f73351c8d2\"],\"position\":\"top\",\"seriesType\":\"area\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"132c8097-326e-4f5b-81fa-df708221c0ee\",\"splitAccessor\":\"b57de897-5bb8-42a6-8158-571e3fda028a\",\"palette\":{\"type\":\"palette\",\"name\":\"status\"}}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[{\"meta\":{\"index\":\"d50ba03c-dcd0-469e-a4c2-1a02d99263d8\",\"negate\":true,\"type\":\"phrase\",\"key\":\"vulnerability.result\",\"params\":{\"query\":\"unknown\"},\"disabled\":false,\"alias\":null},\"query\":{\"match_phrase\":{\"vulnerability.result\":\"unknown\"}},\"$state\":{\"store\":\"appState\"}}],\"datasourceStates\":{\"formBased\":{\"layers\":{\"21c4a9b8-f5ce-418b-9466-605c2742d8d9\":{\"columns\":{\"132c8097-326e-4f5b-81fa-df708221c0ee\":{\"label\":\"event.ingested\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"event.ingested\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\",\"includeEmptyRows\":true,\"dropPartials\":false}},\"83ac325a-0162-45d4-b642-33f73351c8d2\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true}},\"b57de897-5bb8-42a6-8158-571e3fda028a\":{\"label\":\"Top 3 values of vulnerability.result\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"vulnerability.result\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"83ac325a-0162-45d4-b642-33f73351c8d2\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false}}},\"columnOrder\":[\"b57de897-5bb8-42a6-8158-571e3fda028a\",\"132c8097-326e-4f5b-81fa-df708221c0ee\",\"83ac325a-0162-45d4-b642-33f73351c8d2\"],\"sampling\":1,\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"description\":\"A complete history of all vulnerabilities status over time.\",\"enhancements\":{}},\"title\":\"Vulnerability Results Historical Status\"},{\"version\":\"8.8.2\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":32,\"w\":48,\"h\":22,\"i\":\"0cc0c389-dc34-4831-ba8e-6f651ee8a793\"},\"panelIndex\":\"0cc0c389-dc34-4831-ba8e-6f651ee8a793\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"description\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"5be62502-2bab-4d66-97ff-d9373963c50d\",\"name\":\"indexpattern-datasource-layer-c1cf2b61-d20b-40c8-8a05-678aaa9f2358\"}],\"state\":{\"visualization\":{\"columns\":[{\"columnId\":\"66252270-26d7-4524-9a63-1885224cb57e\",\"isTransposed\":false,\"alignment\":\"center\",\"summaryRow\":\"sum\",\"colorMode\":\"cell\",\"palette\":{\"type\":\"palette\",\"name\":\"complimentary\",\"params\":{\"stops\":[{\"color\":\"#6092c0\",\"stop\":0},{\"color\":\"#a6c1db\",\"stop\":20},{\"color\":\"#ebeff5\",\"stop\":40},{\"color\":\"#e3bd9d\",\"stop\":60},{\"color\":\"#da8b45\",\"stop\":80}],\"name\":\"complimentary\",\"continuity\":\"above\",\"reverse\":false,\"rangeMin\":0,\"rangeMax\":null}}},{\"columnId\":\"a8438ac2-fb97-4ac8-9f2c-2a0308725c01\",\"isTransposed\":false,\"oneClickFilter\":true},{\"columnId\":\"ebec492d-2edd-46fd-95ee-ca6c191dc2ed\",\"isTransposed\":false},{\"columnId\":\"e0e551be-9366-40fb-80eb-942569b9fdb3\",\"isTransposed\":false,\"alignment\":\"center\",\"oneClickFilter\":true},{\"columnId\":\"1ca90a06-f5e5-46ca-9402-65517773efac\",\"isTransposed\":false},{\"columnId\":\"0bae816d-069c-4b6b-ac1f-220e5c3b3e3c\",\"isTransposed\":false},{\"columnId\":\"3b94ade7-e7f2-4c92-9450-ac63c31f2a59\",\"isTransposed\":false,\"alignment\":\"center\"},{\"columnId\":\"7a438fd4-a307-4cc9-85f4-855203fccfc5\",\"isTransposed\":false,\"alignment\":\"center\"}],\"layerId\":\"c1cf2b61-d20b-40c8-8a05-678aaa9f2358\",\"layerType\":\"data\",\"sorting\":{\"columnId\":\"66252270-26d7-4524-9a63-1885224cb57e\",\"direction\":\"desc\"}},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"c1cf2b61-d20b-40c8-8a05-678aaa9f2358\":{\"columns\":{\"66252270-26d7-4524-9a63-1885224cb57e\":{\"label\":\"Total Failures\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"tychon.id\",\"isBucketed\":false,\"filter\":{\"query\":\"rule.test_result : \\\"fail\\\"\",\"language\":\"kuery\"},\"params\":{\"emptyAsNull\":false},\"customLabel\":true},\"a8438ac2-fb97-4ac8-9f2c-2a0308725c01\":{\"label\":\"CVE ID\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"vulnerability.id\",\"isBucketed\":true,\"params\":{\"size\":200,\"orderBy\":{\"type\":\"column\",\"columnId\":\"66252270-26d7-4524-9a63-1885224cb57e\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false,\"accuracyMode\":false},\"customLabel\":true},\"ebec492d-2edd-46fd-95ee-ca6c191dc2ed\":{\"label\":\"Reference\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"vulnerability.reference\",\"isBucketed\":true,\"params\":{\"size\":1,\"orderBy\":{\"type\":\"alphabetical\",\"fallback\":false},\"orderDirection\":\"asc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"e0e551be-9366-40fb-80eb-942569b9fdb3\":{\"label\":\"Severity\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"vulnerability.severity\",\"isBucketed\":true,\"params\":{\"size\":1,\"orderBy\":{\"type\":\"alphabetical\",\"fallback\":false},\"orderDirection\":\"asc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"1ca90a06-f5e5-46ca-9402-65517773efac\":{\"label\":\"NVD Score\",\"dataType\":\"number\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"vulnerability.score.base\",\"isBucketed\":true,\"params\":{\"size\":1,\"orderBy\":{\"type\":\"alphabetical\",\"fallback\":false},\"orderDirection\":\"asc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"0bae816d-069c-4b6b-ac1f-220e5c3b3e3c\":{\"label\":\"TItle\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"vulnerability.title\",\"isBucketed\":true,\"params\":{\"size\":1,\"orderBy\":{\"type\":\"alphabetical\",\"fallback\":false},\"orderDirection\":\"asc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"3b94ade7-e7f2-4c92-9450-ac63c31f2a59\":{\"label\":\"Due Date\",\"dataType\":\"date\",\"operationType\":\"last_value\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"vulnerability.due_date\",\"filter\":{\"query\":\"vulnerability.due_date: *\",\"language\":\"kuery\"},\"params\":{\"sortField\":\"vulnerability.due_date\"},\"customLabel\":true},\"7a438fd4-a307-4cc9-85f4-855203fccfc5\":{\"label\":\"Due Date Reason\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"vulnerability.due_date_reason\",\"isBucketed\":true,\"params\":{\"size\":1,\"orderBy\":{\"type\":\"column\",\"columnId\":\"66252270-26d7-4524-9a63-1885224cb57e\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true}},\"columnOrder\":[\"a8438ac2-fb97-4ac8-9f2c-2a0308725c01\",\"0bae816d-069c-4b6b-ac1f-220e5c3b3e3c\",\"e0e551be-9366-40fb-80eb-942569b9fdb3\",\"1ca90a06-f5e5-46ca-9402-65517773efac\",\"ebec492d-2edd-46fd-95ee-ca6c191dc2ed\",\"7a438fd4-a307-4cc9-85f4-855203fccfc5\",\"3b94ade7-e7f2-4c92-9450-ac63c31f2a59\",\"66252270-26d7-4524-9a63-1885224cb57e\"],\"sampling\":1,\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"description\":\"CVE IDs that have been reported by the TYCHON scan engine.\",\"enhancements\":{}},\"title\":\"CVE List\"}]", + "refreshInterval": { + "pause": true, + "value": 60000 + }, + "timeFrom": "now-30d/d", + "timeRestore": true, + "timeTo": "now", + "title": "[TYCHON] - Vulnerability Dashboard", + "version": 1 + }, + "coreMigrationVersion": "8.8.0", + "created_at": "2023-08-31T18:48:53.917Z", + "id": "tychon-75c383c0-e508-11ed-8a95-ab70156d4b18-cve", + "managed": false, + "references": [ + { + "id": "78931842-dc88-45d7-a6ee-d79fb9f615bd", + "name": "c727c528-622b-4fb7-857e-e3bcfe0751fd:indexpattern-datasource-layer-0682870a-1465-4a9d-be3e-c4863b7582ea", + "type": "index-pattern" + }, + { + "id": "78931842-dc88-45d7-a6ee-d79fb9f615bd", + "name": "cab4478f-def6-426a-9c1d-b960cb9e03e9:indexpattern-datasource-layer-0682870a-1465-4a9d-be3e-c4863b7582ea", + "type": "index-pattern" + }, + { + "id": "5be62502-2bab-4d66-97ff-d9373963c50d", + "name": "c34200e8-bd83-4a77-9b2f-dc4c87bc1ad9:indexpattern-datasource-layer-017cbeff-136b-4bcd-a68f-1d9bb899aa4b", + "type": "index-pattern" + }, + { + "id": "78931842-dc88-45d7-a6ee-d79fb9f615bd", + "name": "d4f17392-b10b-4343-82ea-a7e374333327:indexpattern-datasource-layer-2aca319d-8aef-4230-afa2-3fc928a03f8d", + "type": "index-pattern" + }, + { + "id": "78931842-dc88-45d7-a6ee-d79fb9f615bd", + "name": "d4f17392-b10b-4343-82ea-a7e374333327:4e2f597d-d225-4927-8a8f-a9c968bd4a21", + "type": "index-pattern" + }, + { + "id": "78931842-dc88-45d7-a6ee-d79fb9f615bd", + "name": "5cb629a9-cd1d-4c34-80d0-bd4f89f8c7a3:indexpattern-datasource-layer-2aca319d-8aef-4230-afa2-3fc928a03f8d", + "type": "index-pattern" + }, + { + "id": "78931842-dc88-45d7-a6ee-d79fb9f615bd", + "name": "5cb629a9-cd1d-4c34-80d0-bd4f89f8c7a3:f9b1376a-2b15-459b-83e8-808684076ee2", + "type": "index-pattern" + }, + { + "id": "78931842-dc88-45d7-a6ee-d79fb9f615bd", + "name": "9d7c1a54-bcc4-4ee3-9fb0-bcc83768d8bb:indexpattern-datasource-layer-10dc586e-9120-457f-bd25-337e235c0ede", + "type": "index-pattern" + }, + { + "id": "78931842-dc88-45d7-a6ee-d79fb9f615bd", + "name": "43687602-22dc-4c1c-8eaa-b73bf8684e2b:indexpattern-datasource-layer-f8c69b31-1e26-48da-bfce-173a232da856", + "type": "index-pattern" + }, + { + "id": "78931842-dc88-45d7-a6ee-d79fb9f615bd", + "name": "8e5d38ea-9796-49e2-bbb7-02db91569c4b:indexpattern-datasource-layer-f8c69b31-1e26-48da-bfce-173a232da856", + "type": "index-pattern" + }, + { + "id": "78931842-dc88-45d7-a6ee-d79fb9f615bd", + "name": "69a84b6a-5fd8-47b0-ac56-4b36579689c3:indexpattern-datasource-layer-f8c69b31-1e26-48da-bfce-173a232da856", + "type": "index-pattern" + }, + { + "id": "78931842-dc88-45d7-a6ee-d79fb9f615bd", + "name": "e77342b9-6b1d-4c31-ae74-65550418decb:indexpattern-datasource-layer-f8c69b31-1e26-48da-bfce-173a232da856", + "type": "index-pattern" + }, + { + "id": "78931842-dc88-45d7-a6ee-d79fb9f615bd", + "name": "9d985147-542e-444e-95de-86b72e141def:indexpattern-datasource-layer-10dc586e-9120-457f-bd25-337e235c0ede", + "type": "index-pattern" + }, + { + "id": "78931842-dc88-45d7-a6ee-d79fb9f615bd", + "name": "9d985147-542e-444e-95de-86b72e141def:8da78282-bb0e-4b32-b6c4-5b6fcb752b4d", + "type": "index-pattern" + }, + { + "id": "78931842-dc88-45d7-a6ee-d79fb9f615bd", + "name": "fbd0fbab-9136-49c6-9b75-46bd3f8d987b:indexpattern-datasource-layer-2b0af3cf-2577-4225-b801-4dbc1c6d10c3", + "type": "index-pattern" + }, + { + "id": "tychon-2de7a3c0-3e08-11ee-9610-15dee918f31a-cve", + "name": "fbd0fbab-9136-49c6-9b75-46bd3f8d987b:drilldown:DASHBOARD_TO_DASHBOARD_DRILLDOWN:96e39190-5ea2-4199-993b-6e2657b8299b:dashboardId", + "type": "dashboard" + }, + { + "id": "5be62502-2bab-4d66-97ff-d9373963c50d", + "name": "1e383218-85c2-48c6-a653-25b2f0c0d869:indexpattern-datasource-layer-21c4a9b8-f5ce-418b-9466-605c2742d8d9", + "type": "index-pattern" + }, + { + "id": "5be62502-2bab-4d66-97ff-d9373963c50d", + "name": "1e383218-85c2-48c6-a653-25b2f0c0d869:d50ba03c-dcd0-469e-a4c2-1a02d99263d8", + "type": "index-pattern" + }, + { + "id": "5be62502-2bab-4d66-97ff-d9373963c50d", + "name": "0cc0c389-dc34-4831-ba8e-6f651ee8a793:indexpattern-datasource-layer-c1cf2b61-d20b-40c8-8a05-678aaa9f2358", + "type": "index-pattern" + }, + { + "id": "tychon-5a3ae0c0-3dbf-11ee-9610-15dee918f31a", + "name": "tag-ref-tychon-5a3ae0c0-3dbf-11ee-9610-15dee918f31a", + "type": "tag" + }, + { + "id": "tychon-9c222660-1100-11ee-af86-538da1394f27", + "name": "tag-ref-tychon-9c222660-1100-11ee-af86-538da1394f27", + "type": "tag" + } + ], + "type": "dashboard", + "migrationVersion": { + "dashboard": "8.7.0" + }, + "updated_at": "2023-08-31T18:48:53.917Z", + "version": "WzQzODksNF0=" +} \ No newline at end of file diff --git a/packages/tychon/kibana/dashboard/tychon-8082ac00-3d41-11ee-9610-15dee918f31a-harddrive.json b/packages/tychon/kibana/dashboard/tychon-8082ac00-3d41-11ee-9610-15dee918f31a-harddrive.json new file mode 100644 index 00000000000..1a7d118acd1 --- /dev/null +++ b/packages/tychon/kibana/dashboard/tychon-8082ac00-3d41-11ee-9610-15dee918f31a-harddrive.json @@ -0,0 +1,100 @@ +{ + "attributes": { + "description": "TYCHON collects information about hard drives and volumes attached to computers.", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "optionsJSON": "{\"useMargins\":true,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}", + "panelsJSON": "[{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":0,\"w\":28,\"h\":27,\"i\":\"b5ddabd8-3016-4232-b28b-06d714106a89\"},\"panelIndex\":\"b5ddabd8-3016-4232-b28b-06d714106a89\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"2dc584bc-c446-4150-b561-1415a45ebe87\",\"name\":\"indexpattern-datasource-layer-221c8cb0-1779-45ef-8d12-3923317e3366\"}],\"state\":{\"visualization\":{\"columns\":[{\"isTransposed\":false,\"columnId\":\"72a526ec-1d67-4606-a5ff-fecbe1b12ee6\"},{\"isTransposed\":false,\"columnId\":\"aebe1da3-7bee-43ec-8a75-a8be55373d20\"},{\"isTransposed\":false,\"columnId\":\"040edfd5-86a3-4298-9068-e97f6828acc2\"},{\"isTransposed\":false,\"columnId\":\"317c7190-beca-4bee-80ad-791840ec4b41\"},{\"isTransposed\":false,\"columnId\":\"82052aa7-a5b0-4b79-9d2e-7f8ccc5808cf\"}],\"layerId\":\"221c8cb0-1779-45ef-8d12-3923317e3366\",\"layerType\":\"data\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"221c8cb0-1779-45ef-8d12-3923317e3366\":{\"columns\":{\"72a526ec-1d67-4606-a5ff-fecbe1b12ee6\":{\"label\":\"Name\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"disk.name\",\"isBucketed\":true,\"params\":{\"size\":10000,\"orderBy\":{\"type\":\"column\",\"columnId\":\"82052aa7-a5b0-4b79-9d2e-7f8ccc5808cf\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"aebe1da3-7bee-43ec-8a75-a8be55373d20\":{\"label\":\"Model\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"disk.model\",\"isBucketed\":true,\"params\":{\"size\":10,\"orderBy\":{\"type\":\"column\",\"columnId\":\"82052aa7-a5b0-4b79-9d2e-7f8ccc5808cf\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"040edfd5-86a3-4298-9068-e97f6828acc2\":{\"label\":\"Manufacturer\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"disk.manufacturer\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"82052aa7-a5b0-4b79-9d2e-7f8ccc5808cf\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"317c7190-beca-4bee-80ad-791840ec4b41\":{\"label\":\"Partition Style\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"disk.partition_style\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"82052aa7-a5b0-4b79-9d2e-7f8ccc5808cf\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"82052aa7-a5b0-4b79-9d2e-7f8ccc5808cf\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true}}},\"columnOrder\":[\"72a526ec-1d67-4606-a5ff-fecbe1b12ee6\",\"aebe1da3-7bee-43ec-8a75-a8be55373d20\",\"040edfd5-86a3-4298-9068-e97f6828acc2\",\"317c7190-beca-4bee-80ad-791840ec4b41\",\"82052aa7-a5b0-4b79-9d2e-7f8ccc5808cf\"],\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{},\"hidePanelTitles\":false},\"title\":\"Physical Disks\"},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":28,\"y\":0,\"w\":13,\"h\":17,\"i\":\"6859fbab-c985-4bfe-9100-8c5e5326021d\"},\"panelIndex\":\"6859fbab-c985-4bfe-9100-8c5e5326021d\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsMetric\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"2dc584bc-c446-4150-b561-1415a45ebe87\",\"name\":\"indexpattern-datasource-layer-002038df-af67-4b41-9b1c-06b855c4713e\"}],\"state\":{\"visualization\":{\"layerId\":\"002038df-af67-4b41-9b1c-06b855c4713e\",\"layerType\":\"data\",\"metricAccessor\":\"6090f9f1-96d7-4a5c-8828-00ff9ac2c3ba\",\"breakdownByAccessor\":\"9dffdf45-9da5-41d1-8c37-437e1d70306e\",\"maxCols\":2},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"002038df-af67-4b41-9b1c-06b855c4713e\":{\"columns\":{\"6090f9f1-96d7-4a5c-8828-00ff9ac2c3ba\":{\"label\":\"Avg Disk Size\",\"dataType\":\"number\",\"operationType\":\"average\",\"sourceField\":\"disk.size\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"emptyAsNull\":true},\"customLabel\":true},\"9dffdf45-9da5-41d1-8c37-437e1d70306e\":{\"label\":\"Top 10 values of host.hardware.manufacturer\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.hardware.manufacturer\",\"isBucketed\":true,\"params\":{\"size\":10,\"orderBy\":{\"type\":\"column\",\"columnId\":\"6090f9f1-96d7-4a5c-8828-00ff9ac2c3ba\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false}}},\"columnOrder\":[\"9dffdf45-9da5-41d1-8c37-437e1d70306e\",\"6090f9f1-96d7-4a5c-8828-00ff9ac2c3ba\"],\"sampling\":1,\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Avg Disk Size by Manufacturer\"},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":41,\"y\":0,\"w\":7,\"h\":17,\"i\":\"cb0c8de2-4fd0-4911-9e61-adab9c11c090\"},\"panelIndex\":\"cb0c8de2-4fd0-4911-9e61-adab9c11c090\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsMetric\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"2dc584bc-c446-4150-b561-1415a45ebe87\",\"name\":\"indexpattern-datasource-layer-488a6893-9138-46f9-adbe-e8ce2c47e8bd\"}],\"state\":{\"visualization\":{\"layerId\":\"488a6893-9138-46f9-adbe-e8ce2c47e8bd\",\"layerType\":\"data\",\"metricAccessor\":\"6d005070-a8da-48b0-b946-da89fbabd90e\",\"breakdownByAccessor\":\"d990970c-7e22-4928-805b-18a6962b6799\",\"color\":\"#ededed\",\"maxCols\":1,\"collapseFn\":\"\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"488a6893-9138-46f9-adbe-e8ce2c47e8bd\":{\"columns\":{\"6d005070-a8da-48b0-b946-da89fbabd90e\":{\"label\":\"Avg Disk Size\",\"dataType\":\"number\",\"operationType\":\"average\",\"sourceField\":\"disk.size\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"emptyAsNull\":true,\"format\":{\"id\":\"bytes\",\"params\":{\"decimals\":2}}},\"customLabel\":true},\"d990970c-7e22-4928-805b-18a6962b6799\":{\"label\":\"Operating System\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.os.platform\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"6d005070-a8da-48b0-b946-da89fbabd90e\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true}},\"columnOrder\":[\"d990970c-7e22-4928-805b-18a6962b6799\",\"6d005070-a8da-48b0-b946-da89fbabd90e\"],\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{}}},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":28,\"y\":17,\"w\":5,\"h\":23,\"i\":\"db1eb37d-8675-44d1-891a-9a8a7c2e8ade\"},\"panelIndex\":\"db1eb37d-8675-44d1-891a-9a8a7c2e8ade\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsGauge\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"2dc584bc-c446-4150-b561-1415a45ebe87\",\"name\":\"indexpattern-datasource-layer-6d559375-a858-4fbb-a7cf-2f8fe9e1c7f3\"}],\"state\":{\"visualization\":{\"shape\":\"verticalBullet\",\"layerId\":\"6d559375-a858-4fbb-a7cf-2f8fe9e1c7f3\",\"layerType\":\"data\",\"ticksPosition\":\"bands\",\"labelMajorMode\":\"auto\",\"metricAccessor\":\"4f64099d-20b2-4d74-ba9e-05a9ff5c498e\",\"palette\":{\"name\":\"custom\",\"type\":\"palette\",\"params\":{\"steps\":3,\"name\":\"custom\",\"reverse\":false,\"rangeType\":\"percent\",\"rangeMin\":null,\"rangeMax\":null,\"progression\":\"fixed\",\"stops\":[{\"color\":\"#94C5F4\",\"stop\":33.33},{\"color\":\"#7AABDA\",\"stop\":66.66},{\"color\":\"#6092C0\",\"stop\":100}],\"colorStops\":[{\"color\":\"#94C5F4\",\"stop\":null},{\"color\":\"#7AABDA\",\"stop\":33.33},{\"color\":\"#6092C0\",\"stop\":66.66}],\"continuity\":\"all\",\"maxSteps\":5}},\"colorMode\":\"palette\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"6d559375-a858-4fbb-a7cf-2f8fe9e1c7f3\":{\"columns\":{\"4f64099d-20b2-4d74-ba9e-05a9ff5c498e\":{\"label\":\"System Disk\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"disk.system\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":true,\"format\":{\"id\":\"number\",\"params\":{\"decimals\":0}}},\"customLabel\":true}},\"columnOrder\":[\"4f64099d-20b2-4d74-ba9e-05a9ff5c498e\"],\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{}}},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":33,\"y\":17,\"w\":5,\"h\":23,\"i\":\"f85bb00e-3b05-48b5-a447-fb210ba95ff9\"},\"panelIndex\":\"f85bb00e-3b05-48b5-a447-fb210ba95ff9\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsGauge\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"2dc584bc-c446-4150-b561-1415a45ebe87\",\"name\":\"indexpattern-datasource-layer-064d2f28-8ccf-4c45-a28e-5a5816cd7617\"}],\"state\":{\"visualization\":{\"layerId\":\"064d2f28-8ccf-4c45-a28e-5a5816cd7617\",\"layerType\":\"data\",\"shape\":\"verticalBullet\",\"palette\":{\"name\":\"custom\",\"type\":\"palette\",\"params\":{\"steps\":3,\"name\":\"custom\",\"reverse\":false,\"rangeType\":\"percent\",\"rangeMin\":null,\"rangeMax\":null,\"progression\":\"fixed\",\"stops\":[{\"color\":\"#94C5F4\",\"stop\":33.33},{\"color\":\"#7AABDA\",\"stop\":66.66},{\"color\":\"#6092C0\",\"stop\":100}],\"colorStops\":[{\"color\":\"#94C5F4\",\"stop\":null},{\"color\":\"#7AABDA\",\"stop\":33.33},{\"color\":\"#6092C0\",\"stop\":66.66}],\"continuity\":\"all\",\"maxSteps\":5}},\"ticksPosition\":\"bands\",\"labelMajorMode\":\"auto\",\"metricAccessor\":\"986480e5-18b5-4695-85ce-5266db9d4f47\",\"colorMode\":\"palette\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"064d2f28-8ccf-4c45-a28e-5a5816cd7617\":{\"columns\":{\"986480e5-18b5-4695-85ce-5266db9d4f47\":{\"label\":\"Bootable Drive\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"disk.boot_from\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":true},\"customLabel\":true}},\"columnOrder\":[\"986480e5-18b5-4695-85ce-5266db9d4f47\"],\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{}}},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":38,\"y\":17,\"w\":5,\"h\":23,\"i\":\"d401251f-ad81-4c51-9844-f7b09319b927\"},\"panelIndex\":\"d401251f-ad81-4c51-9844-f7b09319b927\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsGauge\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"2dc584bc-c446-4150-b561-1415a45ebe87\",\"name\":\"indexpattern-datasource-layer-e8b77360-a165-4a1b-8178-1269a1ddcce0\"}],\"state\":{\"visualization\":{\"layerId\":\"e8b77360-a165-4a1b-8178-1269a1ddcce0\",\"layerType\":\"data\",\"shape\":\"verticalBullet\",\"palette\":{\"name\":\"custom\",\"type\":\"palette\",\"params\":{\"steps\":3,\"name\":\"custom\",\"reverse\":false,\"rangeType\":\"percent\",\"rangeMin\":null,\"rangeMax\":null,\"progression\":\"fixed\",\"stops\":[{\"color\":\"#94C5F4\",\"stop\":33.33},{\"color\":\"#7AABDA\",\"stop\":66.66},{\"color\":\"#6092C0\",\"stop\":100}],\"colorStops\":[{\"color\":\"#94C5F4\",\"stop\":null},{\"color\":\"#7AABDA\",\"stop\":33.33},{\"color\":\"#6092C0\",\"stop\":66.66}],\"continuity\":\"all\",\"maxSteps\":5}},\"ticksPosition\":\"bands\",\"labelMajorMode\":\"auto\",\"metricAccessor\":\"838e1571-1035-4b70-be49-400aec480639\",\"colorMode\":\"palette\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"e8b77360-a165-4a1b-8178-1269a1ddcce0\":{\"columns\":{\"838e1571-1035-4b70-be49-400aec480639\":{\"label\":\"Clustered\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"disk.clustered\",\"isBucketed\":false,\"params\":{\"format\":{\"id\":\"number\",\"params\":{\"decimals\":0}},\"emptyAsNull\":false},\"customLabel\":true}},\"columnOrder\":[\"838e1571-1035-4b70-be49-400aec480639\"],\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{}}},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":43,\"y\":17,\"w\":5,\"h\":23,\"i\":\"3d2627b6-09a8-41ff-8e43-9deb9125cf9b\"},\"panelIndex\":\"3d2627b6-09a8-41ff-8e43-9deb9125cf9b\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsGauge\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"2dc584bc-c446-4150-b561-1415a45ebe87\",\"name\":\"indexpattern-datasource-layer-9c59f356-6617-4fb4-8d1d-0a31def292f8\"}],\"state\":{\"visualization\":{\"layerId\":\"9c59f356-6617-4fb4-8d1d-0a31def292f8\",\"layerType\":\"data\",\"shape\":\"verticalBullet\",\"palette\":{\"name\":\"custom\",\"type\":\"palette\",\"params\":{\"steps\":3,\"name\":\"custom\",\"reverse\":false,\"rangeType\":\"percent\",\"rangeMin\":null,\"rangeMax\":null,\"progression\":\"fixed\",\"stops\":[{\"color\":\"#94C5F4\",\"stop\":33},{\"color\":\"#7AABDA\",\"stop\":66.5},{\"color\":\"#6092C0\",\"stop\":100}],\"colorStops\":[{\"color\":\"#94C5F4\",\"stop\":null},{\"color\":\"#7AABDA\",\"stop\":33},{\"color\":\"#6092C0\",\"stop\":66.5}],\"continuity\":\"all\",\"maxSteps\":5}},\"ticksPosition\":\"bands\",\"labelMajorMode\":\"auto\",\"metricAccessor\":\"771f348e-4c25-4739-ab12-de837a5611fb\",\"colorMode\":\"palette\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"9c59f356-6617-4fb4-8d1d-0a31def292f8\":{\"columns\":{\"771f348e-4c25-4739-ab12-de837a5611fb\":{\"label\":\"Highly Available\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"disk.highly_available\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":true},\"customLabel\":true}},\"columnOrder\":[\"771f348e-4c25-4739-ab12-de837a5611fb\"],\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{}}},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":27,\"w\":10,\"h\":13,\"i\":\"af88c038-d0f3-4189-acbc-4c61caca3bdb\"},\"panelIndex\":\"af88c038-d0f3-4189-acbc-4c61caca3bdb\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsPie\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"2dc584bc-c446-4150-b561-1415a45ebe87\",\"name\":\"indexpattern-datasource-layer-f62528d5-75c0-4261-a0e4-b78884ac618b\"}],\"state\":{\"visualization\":{\"shape\":\"donut\",\"palette\":{\"type\":\"palette\",\"name\":\"status\"},\"layers\":[{\"layerId\":\"f62528d5-75c0-4261-a0e4-b78884ac618b\",\"primaryGroups\":[\"64a6a506-ad81-42bf-9fef-6df18bacd6c7\"],\"metrics\":[\"4a013b2a-4c57-4c45-afb7-8f5a70f2bb3d\"],\"numberDisplay\":\"percent\",\"categoryDisplay\":\"hide\",\"legendDisplay\":\"hide\",\"nestedLegend\":false,\"layerType\":\"data\",\"emptySizeRatio\":0.7}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"f62528d5-75c0-4261-a0e4-b78884ac618b\":{\"columns\":{\"64a6a506-ad81-42bf-9fef-6df18bacd6c7\":{\"label\":\"Top 5 values of disk.health_status\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"disk.health_status\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"4a013b2a-4c57-4c45-afb7-8f5a70f2bb3d\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false}},\"4a013b2a-4c57-4c45-afb7-8f5a70f2bb3d\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true}}},\"columnOrder\":[\"64a6a506-ad81-42bf-9fef-6df18bacd6c7\",\"4a013b2a-4c57-4c45-afb7-8f5a70f2bb3d\"],\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Overall drive health\"},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":10,\"y\":27,\"w\":10,\"h\":13,\"i\":\"452aa111-8e0c-4403-9c94-3602ec607617\"},\"panelIndex\":\"452aa111-8e0c-4403-9c94-3602ec607617\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsPie\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"2dc584bc-c446-4150-b561-1415a45ebe87\",\"name\":\"indexpattern-datasource-layer-b6a3c283-b27e-4ea5-a36d-ff799f06dc70\"}],\"state\":{\"visualization\":{\"shape\":\"donut\",\"palette\":{\"type\":\"palette\",\"name\":\"status\"},\"layers\":[{\"layerId\":\"b6a3c283-b27e-4ea5-a36d-ff799f06dc70\",\"primaryGroups\":[\"94813be9-4122-4d2d-a449-f24cc8a62167\"],\"metrics\":[\"a3a8c58a-64ec-4424-a1dd-355a86f6f615\"],\"numberDisplay\":\"hidden\",\"categoryDisplay\":\"hide\",\"legendDisplay\":\"hide\",\"nestedLegend\":false,\"layerType\":\"data\",\"emptySizeRatio\":0.7}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"b6a3c283-b27e-4ea5-a36d-ff799f06dc70\":{\"columns\":{\"a3a8c58a-64ec-4424-a1dd-355a86f6f615\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true}},\"94813be9-4122-4d2d-a449-f24cc8a62167\":{\"label\":\"Top 2 values of disk.offline\",\"dataType\":\"boolean\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"disk.offline\",\"isBucketed\":true,\"params\":{\"size\":2,\"orderBy\":{\"type\":\"column\",\"columnId\":\"a3a8c58a-64ec-4424-a1dd-355a86f6f615\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false}}},\"columnOrder\":[\"94813be9-4122-4d2d-a449-f24cc8a62167\",\"a3a8c58a-64ec-4424-a1dd-355a86f6f615\"],\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Disk Offline\"},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":20,\"y\":27,\"w\":8,\"h\":13,\"i\":\"56fbe10e-dff8-4436-8a42-588b38208cfc\"},\"panelIndex\":\"56fbe10e-dff8-4436-8a42-588b38208cfc\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsMetric\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"2dc584bc-c446-4150-b561-1415a45ebe87\",\"name\":\"indexpattern-datasource-layer-521e98b0-32d0-48f4-b3a8-1d5673af21ca\"}],\"state\":{\"visualization\":{\"layerId\":\"521e98b0-32d0-48f4-b3a8-1d5673af21ca\",\"layerType\":\"data\",\"breakdownByAccessor\":\"0dea645b-ae9c-4d11-8a3f-6823e94f2e6d\",\"metricAccessor\":\"c0892a53-0ed3-47c0-8dbc-03288c3acefa\",\"maxCols\":2,\"collapseFn\":\"\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"521e98b0-32d0-48f4-b3a8-1d5673af21ca\":{\"columns\":{\"0dea645b-ae9c-4d11-8a3f-6823e94f2e6d\":{\"label\":\"Top 2 values of disk.operational_status\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"disk.operational_status\",\"isBucketed\":true,\"params\":{\"size\":2,\"orderBy\":{\"type\":\"column\",\"columnId\":\"c0892a53-0ed3-47c0-8dbc-03288c3acefa\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false}},\"c0892a53-0ed3-47c0-8dbc-03288c3acefa\":{\"label\":\"Count of Disks\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"disk.serial_number\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":true},\"customLabel\":true}},\"columnOrder\":[\"0dea645b-ae9c-4d11-8a3f-6823e94f2e6d\",\"c0892a53-0ed3-47c0-8dbc-03288c3acefa\"],\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{}}}]", + "refreshInterval": { + "pause": true, + "value": 0 + }, + "timeFrom": "now-30d/d", + "timeRestore": true, + "timeTo": "now", + "title": "[TYCHON] Host Drives", + "version": 1 + }, + "coreMigrationVersion": "8.6.2", + "created_at": "2023-08-23T19:54:38.220Z", + "id": "tychon-8082ac00-3d41-11ee-9610-15dee918f31a-harddrive", + "migrationVersion": { + "dashboard": "8.6.0" + }, + "references": [ + { + "id": "2dc584bc-c446-4150-b561-1415a45ebe87", + "name": "b5ddabd8-3016-4232-b28b-06d714106a89:indexpattern-datasource-layer-221c8cb0-1779-45ef-8d12-3923317e3366", + "type": "index-pattern" + }, + { + "id": "2dc584bc-c446-4150-b561-1415a45ebe87", + "name": "6859fbab-c985-4bfe-9100-8c5e5326021d:indexpattern-datasource-layer-002038df-af67-4b41-9b1c-06b855c4713e", + "type": "index-pattern" + }, + { + "id": "2dc584bc-c446-4150-b561-1415a45ebe87", + "name": "cb0c8de2-4fd0-4911-9e61-adab9c11c090:indexpattern-datasource-layer-488a6893-9138-46f9-adbe-e8ce2c47e8bd", + "type": "index-pattern" + }, + { + "id": "2dc584bc-c446-4150-b561-1415a45ebe87", + "name": "db1eb37d-8675-44d1-891a-9a8a7c2e8ade:indexpattern-datasource-layer-6d559375-a858-4fbb-a7cf-2f8fe9e1c7f3", + "type": "index-pattern" + }, + { + "id": "2dc584bc-c446-4150-b561-1415a45ebe87", + "name": "f85bb00e-3b05-48b5-a447-fb210ba95ff9:indexpattern-datasource-layer-064d2f28-8ccf-4c45-a28e-5a5816cd7617", + "type": "index-pattern" + }, + { + "id": "2dc584bc-c446-4150-b561-1415a45ebe87", + "name": "d401251f-ad81-4c51-9844-f7b09319b927:indexpattern-datasource-layer-e8b77360-a165-4a1b-8178-1269a1ddcce0", + "type": "index-pattern" + }, + { + "id": "2dc584bc-c446-4150-b561-1415a45ebe87", + "name": "3d2627b6-09a8-41ff-8e43-9deb9125cf9b:indexpattern-datasource-layer-9c59f356-6617-4fb4-8d1d-0a31def292f8", + "type": "index-pattern" + }, + { + "id": "2dc584bc-c446-4150-b561-1415a45ebe87", + "name": "af88c038-d0f3-4189-acbc-4c61caca3bdb:indexpattern-datasource-layer-f62528d5-75c0-4261-a0e4-b78884ac618b", + "type": "index-pattern" + }, + { + "id": "2dc584bc-c446-4150-b561-1415a45ebe87", + "name": "452aa111-8e0c-4403-9c94-3602ec607617:indexpattern-datasource-layer-b6a3c283-b27e-4ea5-a36d-ff799f06dc70", + "type": "index-pattern" + }, + { + "id": "2dc584bc-c446-4150-b561-1415a45ebe87", + "name": "56fbe10e-dff8-4436-8a42-588b38208cfc:indexpattern-datasource-layer-521e98b0-32d0-48f4-b3a8-1d5673af21ca", + "type": "index-pattern" + }, + { + "id": "7f851220-3d41-11ee-9610-15dee918f31a", + "name": "tag-ref-7f851220-3d41-11ee-9610-15dee918f31a", + "type": "tag" + }, + { + "id": "e18d6100-3c85-11ee-9610-15dee918f31a", + "name": "tag-ref-e18d6100-3c85-11ee-9610-15dee918f31a", + "type": "tag" + }, + { + "id": "10af3800-10f3-11ee-af86-538da1394f27", + "name": "tag-ref-10af3800-10f3-11ee-af86-538da1394f27", + "type": "tag" + }, + { + "id": "5a3ae0c0-3dbf-11ee-9610-15dee918f31a", + "name": "tag-ref-5a3ae0c0-3dbf-11ee-9610-15dee918f31a", + "type": "tag" + } + ], + "type": "dashboard", + "updated_at": "2023-08-23T19:54:38.220Z", + "version": "WzgxODg4MiwyMl0=" +} \ No newline at end of file diff --git a/packages/tychon/kibana/dashboard/tychon-8c858ea0-3c74-11ee-8557-a7ea91123f8b-cpu.json b/packages/tychon/kibana/dashboard/tychon-8c858ea0-3c74-11ee-8557-a7ea91123f8b-cpu.json new file mode 100644 index 00000000000..b93e7292bf0 --- /dev/null +++ b/packages/tychon/kibana/dashboard/tychon-8c858ea0-3c74-11ee-8557-a7ea91123f8b-cpu.json @@ -0,0 +1,106 @@ +{ + "attributes": { + "controlGroupInput": { + "chainingSystem": "HIERARCHICAL", + "controlStyle": "oneLine", + "ignoreParentSettingsJSON": "{\"ignoreFilters\":false,\"ignoreQuery\":false,\"ignoreTimerange\":false,\"ignoreValidations\":false}", + "panelsJSON": "{\"37c0c6aa-5a66-4423-8f05-c055e3679ed7\":{\"order\":0,\"width\":\"small\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"host.hostname\",\"title\":\"host.hostname\",\"id\":\"37c0c6aa-5a66-4423-8f05-c055e3679ed7\",\"enhancements\":{}}}}" + }, + "description": "TYCHON collects the CPUs attached to an endpoint and records it as part of an endpoint's current state.", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "optionsJSON": "{\"useMargins\":true,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}", + "panelsJSON": "[{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":0,\"w\":6,\"h\":13,\"i\":\"d484eecf-9300-4edc-86ad-1d364f2cd912\"},\"panelIndex\":\"d484eecf-9300-4edc-86ad-1d364f2cd912\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsLegacyMetric\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"a264bf8d-abc3-4789-9f4c-bf76397e06ba\",\"name\":\"indexpattern-datasource-layer-1c2d45ad-d83f-47e4-9ae4-c10df0f06b45\"}],\"state\":{\"visualization\":{\"layerId\":\"1c2d45ad-d83f-47e4-9ae4-c10df0f06b45\",\"accessor\":\"11e77fc2-d3fa-4e24-bc42-c85b39e12f0b\",\"layerType\":\"data\",\"titlePosition\":\"bottom\",\"textAlign\":\"center\",\"size\":\"m\",\"colorMode\":\"None\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"1c2d45ad-d83f-47e4-9ae4-c10df0f06b45\":{\"columns\":{\"11e77fc2-d3fa-4e24-bc42-c85b39e12f0b\":{\"label\":\"Reporting Hosts\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"tychon.id\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":false},\"customLabel\":true}},\"columnOrder\":[\"11e77fc2-d3fa-4e24-bc42-c85b39e12f0b\"],\"sampling\":1,\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":true,\"enhancements\":{}}},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":6,\"y\":0,\"w\":6,\"h\":13,\"i\":\"c546b60e-cb07-4096-a664-ddc9c3cfdf34\"},\"panelIndex\":\"c546b60e-cb07-4096-a664-ddc9c3cfdf34\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsLegacyMetric\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"a264bf8d-abc3-4789-9f4c-bf76397e06ba\",\"name\":\"indexpattern-datasource-layer-1572e37a-4766-4cd7-9241-7bf6dd20f0d9\"}],\"state\":{\"visualization\":{\"layerId\":\"1572e37a-4766-4cd7-9241-7bf6dd20f0d9\",\"accessor\":\"6649c4f7-3f42-40eb-8b0e-763b91c56d8d\",\"layerType\":\"data\",\"titlePosition\":\"bottom\",\"textAlign\":\"center\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"1572e37a-4766-4cd7-9241-7bf6dd20f0d9\":{\"columns\":{\"6649c4f7-3f42-40eb-8b0e-763b91c56d8d\":{\"label\":\"Avg Clockspeed\",\"dataType\":\"number\",\"operationType\":\"average\",\"sourceField\":\"host.cpu.clockspeed\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"emptyAsNull\":true,\"format\":{\"id\":\"number\",\"params\":{\"decimals\":0}}},\"customLabel\":true}},\"columnOrder\":[\"6649c4f7-3f42-40eb-8b0e-763b91c56d8d\"],\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{},\"hidePanelTitles\":true}},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":12,\"y\":0,\"w\":6,\"h\":13,\"i\":\"a6b31f35-2b50-4382-91ab-d4d444435cd5\"},\"panelIndex\":\"a6b31f35-2b50-4382-91ab-d4d444435cd5\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsLegacyMetric\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"a264bf8d-abc3-4789-9f4c-bf76397e06ba\",\"name\":\"indexpattern-datasource-layer-1572e37a-4766-4cd7-9241-7bf6dd20f0d9\"}],\"state\":{\"visualization\":{\"layerId\":\"1572e37a-4766-4cd7-9241-7bf6dd20f0d9\",\"accessor\":\"6649c4f7-3f42-40eb-8b0e-763b91c56d8d\",\"layerType\":\"data\",\"titlePosition\":\"bottom\",\"textAlign\":\"center\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"1572e37a-4766-4cd7-9241-7bf6dd20f0d9\":{\"columns\":{\"6649c4f7-3f42-40eb-8b0e-763b91c56d8d\":{\"label\":\"Avg CPU Speed\",\"dataType\":\"number\",\"operationType\":\"average\",\"sourceField\":\"host.cpu.speed\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"emptyAsNull\":true,\"format\":{\"id\":\"number\",\"params\":{\"decimals\":0}}},\"customLabel\":true}},\"columnOrder\":[\"6649c4f7-3f42-40eb-8b0e-763b91c56d8d\"],\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{},\"hidePanelTitles\":true},\"title\":\"\"},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":18,\"y\":0,\"w\":6,\"h\":13,\"i\":\"1fd537c1-8c02-4381-8205-51082031f6e8\"},\"panelIndex\":\"1fd537c1-8c02-4381-8205-51082031f6e8\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsLegacyMetric\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"a264bf8d-abc3-4789-9f4c-bf76397e06ba\",\"name\":\"indexpattern-datasource-layer-cb07cf4d-d716-4baf-be01-16f87e981373\"},{\"type\":\"index-pattern\",\"name\":\"4e5bed99-c054-480f-97cb-e4add7cda1ec\",\"id\":\"a264bf8d-abc3-4789-9f4c-bf76397e06ba\"}],\"state\":{\"visualization\":{\"layerId\":\"cb07cf4d-d716-4baf-be01-16f87e981373\",\"accessor\":\"d5f83eee-7539-4f81-b82f-df6437e6c19b\",\"layerType\":\"data\",\"titlePosition\":\"bottom\",\"textAlign\":\"center\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[{\"meta\":{\"index\":\"4e5bed99-c054-480f-97cb-e4add7cda1ec\",\"type\":\"exists\",\"key\":\"tychon.id\",\"value\":\"exists\",\"disabled\":false,\"negate\":false,\"alias\":null},\"query\":{\"exists\":{\"field\":\"tychon.id\"}},\"$state\":{\"store\":\"appState\"}}],\"datasourceStates\":{\"formBased\":{\"layers\":{\"cb07cf4d-d716-4baf-be01-16f87e981373\":{\"columns\":{\"d5f83eee-7539-4f81-b82f-df6437e6c19b\":{\"label\":\"Virtualized Firmware Enabled\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"tychon.id\",\"isBucketed\":false,\"filter\":{\"query\":\"host.cpu.virtualization_firmware_enabled : true \",\"language\":\"kuery\"},\"params\":{\"emptyAsNull\":true},\"customLabel\":true}},\"columnOrder\":[\"d5f83eee-7539-4f81-b82f-df6437e6c19b\"],\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":true,\"enhancements\":{}},\"title\":\"Virtualization Firmware Enabled\"},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":0,\"w\":24,\"h\":13,\"i\":\"082ec4db-99e5-4bcb-a0bf-1b574d96e0ab\"},\"panelIndex\":\"082ec4db-99e5-4bcb-a0bf-1b574d96e0ab\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"a264bf8d-abc3-4789-9f4c-bf76397e06ba\",\"name\":\"indexpattern-datasource-layer-31533f5b-1ffc-42a1-8f19-d84d8bbf6fc3\"}],\"state\":{\"visualization\":{\"columns\":[{\"isTransposed\":false,\"columnId\":\"4ca765a0-4fd5-43c8-ba75-0dbad474e481\"},{\"isTransposed\":false,\"columnId\":\"42dd2ee2-bc93-420d-accf-98ce681d07e6\",\"hidden\":true,\"colorMode\":\"cell\",\"palette\":{\"type\":\"palette\",\"name\":\"positive\",\"params\":{\"stops\":[{\"color\":\"#d6e9e4\",\"stop\":20},{\"color\":\"#aed3ca\",\"stop\":40},{\"color\":\"#85bdb1\",\"stop\":60},{\"color\":\"#5aa898\",\"stop\":80},{\"color\":\"#209280\",\"stop\":100}]}},\"summaryRow\":\"avg\"},{\"columnId\":\"ca5a9861-c2f3-410a-be88-410a360f15a5\",\"isTransposed\":false,\"oneClickFilter\":true},{\"columnId\":\"10a4327d-d156-471f-9695-32836a13f2c7\",\"isTransposed\":false,\"alignment\":\"center\",\"summaryRow\":\"avg\"}],\"layerId\":\"31533f5b-1ffc-42a1-8f19-d84d8bbf6fc3\",\"layerType\":\"data\",\"sorting\":{\"columnId\":\"10a4327d-d156-471f-9695-32836a13f2c7\",\"direction\":\"asc\"}},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"31533f5b-1ffc-42a1-8f19-d84d8bbf6fc3\":{\"columns\":{\"4ca765a0-4fd5-43c8-ba75-0dbad474e481\":{\"label\":\"Name\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.cpu.name\",\"isBucketed\":true,\"params\":{\"size\":100,\"orderBy\":{\"type\":\"column\",\"columnId\":\"42dd2ee2-bc93-420d-accf-98ce681d07e6\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"42dd2ee2-bc93-420d-accf-98ce681d07e6\":{\"label\":\"CPU Speed\",\"dataType\":\"number\",\"operationType\":\"min\",\"sourceField\":\"host.cpu.speed\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"emptyAsNull\":true},\"customLabel\":true},\"ca5a9861-c2f3-410a-be88-410a360f15a5\":{\"label\":\"Manufacturer\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.cpu.manufacturer\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"42dd2ee2-bc93-420d-accf-98ce681d07e6\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"10a4327d-d156-471f-9695-32836a13f2c7\":{\"label\":\"CPU Speed\",\"dataType\":\"number\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.cpu.speed\",\"isBucketed\":true,\"params\":{\"size\":1,\"orderBy\":{\"type\":\"alphabetical\",\"fallback\":false},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false,\"format\":{\"id\":\"number\",\"params\":{\"decimals\":0}}},\"customLabel\":true}},\"columnOrder\":[\"4ca765a0-4fd5-43c8-ba75-0dbad474e481\",\"ca5a9861-c2f3-410a-be88-410a360f15a5\",\"10a4327d-d156-471f-9695-32836a13f2c7\",\"42dd2ee2-bc93-420d-accf-98ce681d07e6\"],\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Top 100 Chipsets\"},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":13,\"w\":48,\"h\":21,\"i\":\"c0e77f2e-4bb6-4ee2-af50-248b3cc98549\"},\"panelIndex\":\"c0e77f2e-4bb6-4ee2-af50-248b3cc98549\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"a264bf8d-abc3-4789-9f4c-bf76397e06ba\",\"name\":\"indexpattern-datasource-layer-759ddcaa-7578-426f-9a74-24c6026ed05b\"}],\"state\":{\"visualization\":{\"columns\":[{\"isTransposed\":false,\"columnId\":\"a76b7191-7ce1-41ce-8df5-868260fc46b6\"},{\"isTransposed\":false,\"columnId\":\"87934d9d-9e53-437e-a9db-b9c9cb30c95e\"},{\"isTransposed\":false,\"columnId\":\"7e900d75-20d0-43bf-8dea-bf4d594416af\"},{\"isTransposed\":false,\"columnId\":\"9a1d7d63-2ee6-4bc4-9ff5-1a35a12cbdd7\"},{\"isTransposed\":false,\"columnId\":\"724d8257-99b5-4149-9007-f97df1355eac\",\"hidden\":true},{\"isTransposed\":false,\"columnId\":\"d56fc6a7-9748-47c7-8379-a29823b578bb\"},{\"isTransposed\":false,\"columnId\":\"8cb19bc9-6ac6-42e1-a7b7-7abea80ac2b2\"},{\"isTransposed\":false,\"columnId\":\"00f91685-a38f-449d-94c3-5f2428aec1b4\"}],\"layerId\":\"759ddcaa-7578-426f-9a74-24c6026ed05b\",\"layerType\":\"data\",\"paging\":{\"size\":10,\"enabled\":true},\"rowHeight\":\"auto\",\"headerRowHeight\":\"auto\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"759ddcaa-7578-426f-9a74-24c6026ed05b\":{\"columns\":{\"a76b7191-7ce1-41ce-8df5-868260fc46b6\":{\"label\":\"Hostname\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.hostname\",\"isBucketed\":true,\"params\":{\"size\":10000,\"orderBy\":{\"type\":\"column\",\"columnId\":\"724d8257-99b5-4149-9007-f97df1355eac\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"87934d9d-9e53-437e-a9db-b9c9cb30c95e\":{\"label\":\"IP Address\",\"dataType\":\"ip\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.ip\",\"isBucketed\":true,\"params\":{\"size\":1,\"orderBy\":{\"type\":\"column\",\"columnId\":\"724d8257-99b5-4149-9007-f97df1355eac\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"7e900d75-20d0-43bf-8dea-bf4d594416af\":{\"label\":\"Architecture\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.architecture\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"724d8257-99b5-4149-9007-f97df1355eac\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"9a1d7d63-2ee6-4bc4-9ff5-1a35a12cbdd7\":{\"label\":\"MAC\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.mac\",\"isBucketed\":true,\"params\":{\"size\":1,\"orderBy\":{\"type\":\"column\",\"columnId\":\"724d8257-99b5-4149-9007-f97df1355eac\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"724d8257-99b5-4149-9007-f97df1355eac\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true}},\"d56fc6a7-9748-47c7-8379-a29823b578bb\":{\"label\":\"# of Cores\",\"dataType\":\"number\",\"operationType\":\"sum\",\"sourceField\":\"host.cpu.number_of_cores\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"emptyAsNull\":true},\"customLabel\":true},\"8cb19bc9-6ac6-42e1-a7b7-7abea80ac2b2\":{\"label\":\"Logical Processors\",\"dataType\":\"number\",\"operationType\":\"sum\",\"sourceField\":\"host.cpu.number_of_logical_processors\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"emptyAsNull\":true},\"customLabel\":true},\"00f91685-a38f-449d-94c3-5f2428aec1b4\":{\"label\":\"CPU Speed\",\"dataType\":\"number\",\"operationType\":\"sum\",\"sourceField\":\"host.cpu.speed\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"emptyAsNull\":true,\"format\":{\"id\":\"number\",\"params\":{\"decimals\":0}}},\"customLabel\":true}},\"columnOrder\":[\"a76b7191-7ce1-41ce-8df5-868260fc46b6\",\"87934d9d-9e53-437e-a9db-b9c9cb30c95e\",\"7e900d75-20d0-43bf-8dea-bf4d594416af\",\"9a1d7d63-2ee6-4bc4-9ff5-1a35a12cbdd7\",\"724d8257-99b5-4149-9007-f97df1355eac\",\"d56fc6a7-9748-47c7-8379-a29823b578bb\",\"8cb19bc9-6ac6-42e1-a7b7-7abea80ac2b2\",\"00f91685-a38f-449d-94c3-5f2428aec1b4\"],\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{\"dynamicActions\":{\"events\":[{\"eventId\":\"5c2fbf68-47f9-403f-a3a9-71b9b7c870ef\",\"triggers\":[\"FILTER_TRIGGER\"],\"action\":{\"factoryId\":\"DASHBOARD_TO_DASHBOARD_DRILLDOWN\",\"name\":\"View TYCHON Host Information\",\"config\":{\"useCurrentFilters\":true,\"useCurrentDateRange\":true,\"openInNewTab\":false}}}]}},\"hidePanelTitles\":false},\"title\":\"Host List\"},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":34,\"w\":48,\"h\":10,\"i\":\"86be9e95-687e-4826-b72c-3d2b4f574a85\"},\"panelIndex\":\"86be9e95-687e-4826-b72c-3d2b4f574a85\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"a264bf8d-abc3-4789-9f4c-bf76397e06ba\",\"name\":\"indexpattern-datasource-layer-ca388af1-4820-4a41-b392-da6c505cfc19\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"preferredSeriesType\":\"line\",\"layers\":[{\"layerId\":\"ca388af1-4820-4a41-b392-da6c505cfc19\",\"accessors\":[\"4801ad21-f333-4454-968c-49415af0dc0b\"],\"position\":\"top\",\"seriesType\":\"line\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"37228917-276b-4623-b15e-f3426e2f4a0b\",\"yConfig\":[{\"forAccessor\":\"4801ad21-f333-4454-968c-49415af0dc0b\",\"color\":\"#6092c0\"}]}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"ca388af1-4820-4a41-b392-da6c505cfc19\":{\"columns\":{\"37228917-276b-4623-b15e-f3426e2f4a0b\":{\"label\":\"Report Events\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"event.ingested\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\",\"includeEmptyRows\":true,\"dropPartials\":false},\"customLabel\":true},\"4801ad21-f333-4454-968c-49415af0dc0bX0\":{\"label\":\"Part of Reporting Hosts\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":false},\"customLabel\":true},\"4801ad21-f333-4454-968c-49415af0dc0b\":{\"label\":\"Reporting Hosts\",\"dataType\":\"number\",\"operationType\":\"formula\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"formula\":\"count()\",\"isFormulaBroken\":false},\"references\":[\"4801ad21-f333-4454-968c-49415af0dc0bX0\"],\"customLabel\":true}},\"columnOrder\":[\"37228917-276b-4623-b15e-f3426e2f4a0b\",\"4801ad21-f333-4454-968c-49415af0dc0b\",\"4801ad21-f333-4454-968c-49415af0dc0bX0\"],\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{},\"hidePanelTitles\":false},\"title\":\"Events Reported over Time\"}]", + "refreshInterval": { + "pause": true, + "value": 0 + }, + "timeFrom": "now-30d/d", + "timeRestore": true, + "timeTo": "now", + "title": "[TYCHON] Host CPUs", + "version": 1 + }, + "coreMigrationVersion": "8.6.2", + "created_at": "2023-08-23T20:53:52.146Z", + "id": "tychon-8c858ea0-3c74-11ee-8557-a7ea91123f8b-cpu", + "migrationVersion": { + "dashboard": "8.6.0" + }, + "references": [ + { + "id": "a264bf8d-abc3-4789-9f4c-bf76397e06ba", + "name": "d484eecf-9300-4edc-86ad-1d364f2cd912:indexpattern-datasource-layer-1c2d45ad-d83f-47e4-9ae4-c10df0f06b45", + "type": "index-pattern" + }, + { + "id": "a264bf8d-abc3-4789-9f4c-bf76397e06ba", + "name": "c546b60e-cb07-4096-a664-ddc9c3cfdf34:indexpattern-datasource-layer-1572e37a-4766-4cd7-9241-7bf6dd20f0d9", + "type": "index-pattern" + }, + { + "id": "a264bf8d-abc3-4789-9f4c-bf76397e06ba", + "name": "a6b31f35-2b50-4382-91ab-d4d444435cd5:indexpattern-datasource-layer-1572e37a-4766-4cd7-9241-7bf6dd20f0d9", + "type": "index-pattern" + }, + { + "id": "a264bf8d-abc3-4789-9f4c-bf76397e06ba", + "name": "1fd537c1-8c02-4381-8205-51082031f6e8:indexpattern-datasource-layer-cb07cf4d-d716-4baf-be01-16f87e981373", + "type": "index-pattern" + }, + { + "id": "a264bf8d-abc3-4789-9f4c-bf76397e06ba", + "name": "1fd537c1-8c02-4381-8205-51082031f6e8:4e5bed99-c054-480f-97cb-e4add7cda1ec", + "type": "index-pattern" + }, + { + "id": "a264bf8d-abc3-4789-9f4c-bf76397e06ba", + "name": "082ec4db-99e5-4bcb-a0bf-1b574d96e0ab:indexpattern-datasource-layer-31533f5b-1ffc-42a1-8f19-d84d8bbf6fc3", + "type": "index-pattern" + }, + { + "id": "a264bf8d-abc3-4789-9f4c-bf76397e06ba", + "name": "c0e77f2e-4bb6-4ee2-af50-248b3cc98549:indexpattern-datasource-layer-759ddcaa-7578-426f-9a74-24c6026ed05b", + "type": "index-pattern" + }, + { + "id": "tychon-6165bf50-3dbf-11ee-9610-15dee918f31a-host", + "name": "c0e77f2e-4bb6-4ee2-af50-248b3cc98549:drilldown:DASHBOARD_TO_DASHBOARD_DRILLDOWN:5c2fbf68-47f9-403f-a3a9-71b9b7c870ef:dashboardId", + "type": "dashboard" + }, + { + "id": "a264bf8d-abc3-4789-9f4c-bf76397e06ba", + "name": "86be9e95-687e-4826-b72c-3d2b4f574a85:indexpattern-datasource-layer-ca388af1-4820-4a41-b392-da6c505cfc19", + "type": "index-pattern" + }, + { + "id": "a264bf8d-abc3-4789-9f4c-bf76397e06ba", + "name": "controlGroup_37c0c6aa-5a66-4423-8f05-c055e3679ed7:optionsListDataView", + "type": "index-pattern" + }, + { + "id": "b08ff050-41c5-11ee-83e4-c92ed141b9e5", + "name": "tag-ref-b08ff050-41c5-11ee-83e4-c92ed141b9e5", + "type": "tag" + }, + { + "id": "e18d6100-3c85-11ee-9610-15dee918f31a", + "name": "tag-ref-e18d6100-3c85-11ee-9610-15dee918f31a", + "type": "tag" + }, + { + "id": "10af3800-10f3-11ee-af86-538da1394f27", + "name": "tag-ref-10af3800-10f3-11ee-af86-538da1394f27", + "type": "tag" + }, + { + "id": "5a3ae0c0-3dbf-11ee-9610-15dee918f31a", + "name": "tag-ref-5a3ae0c0-3dbf-11ee-9610-15dee918f31a", + "type": "tag" + } + ], + "type": "dashboard", + "updated_at": "2023-08-23T20:53:52.146Z", + "version": "WzgyMTY0NiwyMl0=" +} \ No newline at end of file diff --git a/packages/tychon/kibana/dashboard/tychon-993e07a0-3e02-11ee-9610-15dee918f31a-hardware.json b/packages/tychon/kibana/dashboard/tychon-993e07a0-3e02-11ee-9610-15dee918f31a-hardware.json new file mode 100644 index 00000000000..e3bc9982610 --- /dev/null +++ b/packages/tychon/kibana/dashboard/tychon-993e07a0-3e02-11ee-9610-15dee918f31a-hardware.json @@ -0,0 +1,96 @@ +{ + "attributes": { + "controlGroupInput": { + "chainingSystem": "HIERARCHICAL", + "controlStyle": "oneLine", + "ignoreParentSettingsJSON": "{\"ignoreFilters\":false,\"ignoreQuery\":false,\"ignoreTimerange\":false,\"ignoreValidations\":false}", + "panelsJSON": "{\"2b9581fc-f55b-46f5-bf71-0cbfba5cc9ae\":{\"order\":0,\"width\":\"medium\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"host.hostname\",\"title\":\"Hostname\",\"singleSelect\":true,\"hideExclude\":true,\"hideExists\":true,\"id\":\"2b9581fc-f55b-46f5-bf71-0cbfba5cc9ae\",\"enhancements\":{},\"selectedOptions\":[]}}}" + }, + "description": "The \"TYCHON Endpoint Browser\" dashboard provides host visualization data for a single endpoint at a time. The dashboard is a set of several individual views broken down by tabs near the top of the screen. The TYCHON Endpoint Browser – Hardware Inventory view displays all hardware currently or previously attached to a computer.", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "optionsJSON": "{\"useMargins\":true,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}", + "panelsJSON": "[{\"version\":\"8.6.2\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":48,\"h\":3,\"i\":\"ae9194f3-7df8-415d-870c-3480f12e4971\"},\"panelIndex\":\"ae9194f3-7df8-415d-870c-3480f12e4971\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_ae9194f3-7df8-415d-870c-3480f12e4971\"},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":28,\"y\":3,\"w\":20,\"h\":14,\"i\":\"f065275d-50bf-4f95-a7a8-90d7bbaafacb\"},\"panelIndex\":\"f065275d-50bf-4f95-a7a8-90d7bbaafacb\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"a57870ef-07d8-4d12-a067-8c66eefd10ca\",\"name\":\"indexpattern-datasource-layer-7c2eef60-6291-469e-976b-a5f2ed860552\"}],\"state\":{\"visualization\":{\"title\":\"Empty XY chart\",\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"valueLabels\":\"hide\",\"preferredSeriesType\":\"bar_horizontal\",\"layers\":[{\"layerId\":\"7c2eef60-6291-469e-976b-a5f2ed860552\",\"accessors\":[\"431903e4-23c5-4170-b4b6-5b4c46d85fba\"],\"position\":\"top\",\"seriesType\":\"bar_horizontal\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"76354b85-6c58-49a1-a1f7-2f0d0fd30970\",\"yConfig\":[{\"forAccessor\":\"431903e4-23c5-4170-b4b6-5b4c46d85fba\",\"color\":\"#6092c0\"}]}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"7c2eef60-6291-469e-976b-a5f2ed860552\":{\"columns\":{\"76354b85-6c58-49a1-a1f7-2f0d0fd30970\":{\"label\":\"Manufacturer\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"device.manufacturer\",\"isBucketed\":true,\"params\":{\"size\":15,\"orderBy\":{\"type\":\"column\",\"columnId\":\"431903e4-23c5-4170-b4b6-5b4c46d85fba\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"431903e4-23c5-4170-b4b6-5b4c46d85fba\":{\"label\":\"Count of device.manufacturer\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"device.manufacturer\",\"params\":{\"emptyAsNull\":true}}},\"columnOrder\":[\"76354b85-6c58-49a1-a1f7-2f0d0fd30970\",\"431903e4-23c5-4170-b4b6-5b4c46d85fba\"],\"sampling\":1,\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Top 15 Device Manufacturers\"},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":3,\"w\":6,\"h\":14,\"i\":\"fe594ff8-c22c-40c4-9ab2-e9b2fea85847\"},\"panelIndex\":\"fe594ff8-c22c-40c4-9ab2-e9b2fea85847\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsLegacyMetric\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"a57870ef-07d8-4d12-a067-8c66eefd10ca\",\"name\":\"indexpattern-datasource-layer-6c93481d-09a6-47eb-857d-e98b13758ec8\"}],\"state\":{\"visualization\":{\"layerId\":\"6c93481d-09a6-47eb-857d-e98b13758ec8\",\"accessor\":\"8bf6ff37-6dc7-442a-bbd5-629562840b8c\",\"layerType\":\"data\",\"titlePosition\":\"bottom\",\"size\":\"l\",\"textAlign\":\"center\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"6c93481d-09a6-47eb-857d-e98b13758ec8\":{\"columns\":{\"8bf6ff37-6dc7-442a-bbd5-629562840b8c\":{\"label\":\"Total Device Count\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":false},\"customLabel\":true}},\"columnOrder\":[\"8bf6ff37-6dc7-442a-bbd5-629562840b8c\"],\"sampling\":1,\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":true,\"enhancements\":{}}},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":6,\"y\":3,\"w\":12,\"h\":7,\"i\":\"26f1102d-2afc-4e57-ac53-25d4cb848ed5\"},\"panelIndex\":\"26f1102d-2afc-4e57-ac53-25d4cb848ed5\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsMetric\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"a57870ef-07d8-4d12-a067-8c66eefd10ca\",\"name\":\"indexpattern-datasource-layer-16326d6b-8de2-4f2f-945f-3d9a23538c43\"}],\"state\":{\"visualization\":{\"layerId\":\"16326d6b-8de2-4f2f-945f-3d9a23538c43\",\"layerType\":\"data\",\"metricAccessor\":\"3e10af95-976a-44c0-8a98-d7fade76dda6\",\"maxAccessor\":\"e1a9c4eb-e9e4-425a-abdd-7c0a829be528\",\"showBar\":true},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"16326d6b-8de2-4f2f-945f-3d9a23538c43\":{\"columns\":{\"3e10af95-976a-44c0-8a98-d7fade76dda6\":{\"label\":\"Total Present\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"device.present\",\"filter\":{\"query\":\"device.present : true\",\"language\":\"kuery\"},\"params\":{\"emptyAsNull\":false},\"customLabel\":true},\"e1a9c4eb-e9e4-425a-abdd-7c0a829be528\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true}}},\"columnOrder\":[\"3e10af95-976a-44c0-8a98-d7fade76dda6\",\"e1a9c4eb-e9e4-425a-abdd-7c0a829be528\"],\"sampling\":1,\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":true,\"enhancements\":{}}},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":18,\"y\":3,\"w\":10,\"h\":14,\"i\":\"0ef9aa2c-73b1-4b65-89cc-1c68441fe5b9\"},\"panelIndex\":\"0ef9aa2c-73b1-4b65-89cc-1c68441fe5b9\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsPie\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"a57870ef-07d8-4d12-a067-8c66eefd10ca\",\"name\":\"indexpattern-datasource-layer-82dd98f7-71b6-4e8f-84b2-a5bacc5afa97\"}],\"state\":{\"visualization\":{\"shape\":\"donut\",\"layers\":[{\"layerId\":\"82dd98f7-71b6-4e8f-84b2-a5bacc5afa97\",\"primaryGroups\":[\"bf8b9c18-8de4-41de-9651-3b2bf7787362\"],\"metrics\":[\"ba99dfe6-7e5f-45d3-a688-2bd52ef92c5f\"],\"numberDisplay\":\"percent\",\"categoryDisplay\":\"default\",\"legendDisplay\":\"default\",\"nestedLegend\":false,\"layerType\":\"data\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"82dd98f7-71b6-4e8f-84b2-a5bacc5afa97\":{\"columns\":{\"bf8b9c18-8de4-41de-9651-3b2bf7787362\":{\"label\":\"Device Type\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"device.class\",\"isBucketed\":true,\"params\":{\"size\":15,\"orderBy\":{\"type\":\"column\",\"columnId\":\"ba99dfe6-7e5f-45d3-a688-2bd52ef92c5f\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[\"System\"],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"ba99dfe6-7e5f-45d3-a688-2bd52ef92c5f\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true}}},\"columnOrder\":[\"bf8b9c18-8de4-41de-9651-3b2bf7787362\",\"ba99dfe6-7e5f-45d3-a688-2bd52ef92c5f\"],\"sampling\":1,\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Device Type Breakdown\"},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":6,\"y\":10,\"w\":12,\"h\":7,\"i\":\"ce341abb-5aea-4712-969d-9748b4de78af\"},\"panelIndex\":\"ce341abb-5aea-4712-969d-9748b4de78af\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsMetric\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"a57870ef-07d8-4d12-a067-8c66eefd10ca\",\"name\":\"indexpattern-datasource-layer-16326d6b-8de2-4f2f-945f-3d9a23538c43\"}],\"state\":{\"visualization\":{\"layerId\":\"16326d6b-8de2-4f2f-945f-3d9a23538c43\",\"layerType\":\"data\",\"metricAccessor\":\"3e10af95-976a-44c0-8a98-d7fade76dda6\",\"maxAccessor\":\"e1a9c4eb-e9e4-425a-abdd-7c0a829be528\",\"showBar\":true},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"16326d6b-8de2-4f2f-945f-3d9a23538c43\":{\"columns\":{\"3e10af95-976a-44c0-8a98-d7fade76dda6\":{\"label\":\"Total Missing\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"device.present\",\"filter\":{\"query\":\"device.present : false \",\"language\":\"kuery\"},\"params\":{\"emptyAsNull\":false},\"customLabel\":true},\"e1a9c4eb-e9e4-425a-abdd-7c0a829be528\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true}}},\"columnOrder\":[\"3e10af95-976a-44c0-8a98-d7fade76dda6\",\"e1a9c4eb-e9e4-425a-abdd-7c0a829be528\"],\"sampling\":1,\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":true,\"enhancements\":{}},\"title\":\"\"},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":17,\"w\":48,\"h\":36,\"i\":\"5ff3e63e-e71b-4b11-a07c-9c1315d604ce\"},\"panelIndex\":\"5ff3e63e-e71b-4b11-a07c-9c1315d604ce\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"a57870ef-07d8-4d12-a067-8c66eefd10ca\",\"name\":\"indexpattern-datasource-layer-4f761e14-aaf2-4318-ad8c-83d391b55ef3\"}],\"state\":{\"visualization\":{\"columns\":[{\"columnId\":\"83a1475f-1b10-4670-8a5c-d02639c31b16\",\"isTransposed\":false},{\"columnId\":\"807673da-bcf0-4a23-8fc6-e49efcfcd6d3\",\"isTransposed\":false,\"alignment\":\"center\"},{\"columnId\":\"5d04b4db-7c47-429b-baa4-dcde47c17256\",\"isTransposed\":false},{\"columnId\":\"206f4ddf-480c-4fa8-b76b-a277ee56c6d3\",\"isTransposed\":false,\"alignment\":\"center\"},{\"columnId\":\"bd378ce9-b1e3-4ee9-ac61-dcac3c668582\",\"isTransposed\":false,\"alignment\":\"center\"},{\"columnId\":\"b6aaa1bc-ba97-4a64-be3e-7b165d3c84b7\",\"isTransposed\":false,\"alignment\":\"center\"}],\"layerId\":\"4f761e14-aaf2-4318-ad8c-83d391b55ef3\",\"layerType\":\"data\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"4f761e14-aaf2-4318-ad8c-83d391b55ef3\":{\"columns\":{\"83a1475f-1b10-4670-8a5c-d02639c31b16\":{\"label\":\"Name\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"device.name\",\"isBucketed\":true,\"params\":{\"size\":250,\"orderBy\":{\"type\":\"column\",\"columnId\":\"807673da-bcf0-4a23-8fc6-e49efcfcd6d3\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"807673da-bcf0-4a23-8fc6-e49efcfcd6d3\":{\"label\":\"Last Reported\",\"dataType\":\"date\",\"operationType\":\"last_value\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"@timestamp\",\"filter\":{\"query\":\"@timestamp: *\",\"language\":\"kuery\"},\"params\":{\"sortField\":\"@timestamp\"},\"customLabel\":true},\"5d04b4db-7c47-429b-baa4-dcde47c17256\":{\"label\":\"Manufacturer\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"device.manufacturer\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"807673da-bcf0-4a23-8fc6-e49efcfcd6d3\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false,\"secondaryFields\":[]},\"customLabel\":true},\"206f4ddf-480c-4fa8-b76b-a277ee56c6d3\":{\"label\":\"Present\",\"dataType\":\"boolean\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"device.present\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"807673da-bcf0-4a23-8fc6-e49efcfcd6d3\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"bd378ce9-b1e3-4ee9-ac61-dcac3c668582\":{\"label\":\"Device Type\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"device.class\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"807673da-bcf0-4a23-8fc6-e49efcfcd6d3\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"b6aaa1bc-ba97-4a64-be3e-7b165d3c84b7\":{\"label\":\"ID\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"device.id\",\"isBucketed\":true,\"params\":{\"size\":1,\"orderBy\":{\"type\":\"column\",\"columnId\":\"807673da-bcf0-4a23-8fc6-e49efcfcd6d3\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true}},\"columnOrder\":[\"83a1475f-1b10-4670-8a5c-d02639c31b16\",\"5d04b4db-7c47-429b-baa4-dcde47c17256\",\"206f4ddf-480c-4fa8-b76b-a277ee56c6d3\",\"bd378ce9-b1e3-4ee9-ac61-dcac3c668582\",\"b6aaa1bc-ba97-4a64-be3e-7b165d3c84b7\",\"807673da-bcf0-4a23-8fc6-e49efcfcd6d3\"],\"sampling\":1,\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Device List\"}]", + "refreshInterval": { + "pause": true, + "value": 0 + }, + "timeFrom": "now-7d/d", + "timeRestore": true, + "timeTo": "now", + "title": "[TYCHON] Endpoint Browser - Hardware Inventory", + "version": 1 + }, + "coreMigrationVersion": "8.6.2", + "created_at": "2023-08-23T20:47:46.348Z", + "id": "tychon-993e07a0-3e02-11ee-9610-15dee918f31a-hardware", + "migrationVersion": { + "dashboard": "8.6.0" + }, + "references": [ + { + "id": "tychon-ee4b44b0-40e6-11ee-8111-21f5f34f6dfc", + "name": "ae9194f3-7df8-415d-870c-3480f12e4971:panel_ae9194f3-7df8-415d-870c-3480f12e4971", + "type": "visualization" + }, + { + "id": "a57870ef-07d8-4d12-a067-8c66eefd10ca", + "name": "f065275d-50bf-4f95-a7a8-90d7bbaafacb:indexpattern-datasource-layer-7c2eef60-6291-469e-976b-a5f2ed860552", + "type": "index-pattern" + }, + { + "id": "a57870ef-07d8-4d12-a067-8c66eefd10ca", + "name": "fe594ff8-c22c-40c4-9ab2-e9b2fea85847:indexpattern-datasource-layer-6c93481d-09a6-47eb-857d-e98b13758ec8", + "type": "index-pattern" + }, + { + "id": "a57870ef-07d8-4d12-a067-8c66eefd10ca", + "name": "26f1102d-2afc-4e57-ac53-25d4cb848ed5:indexpattern-datasource-layer-16326d6b-8de2-4f2f-945f-3d9a23538c43", + "type": "index-pattern" + }, + { + "id": "a57870ef-07d8-4d12-a067-8c66eefd10ca", + "name": "0ef9aa2c-73b1-4b65-89cc-1c68441fe5b9:indexpattern-datasource-layer-82dd98f7-71b6-4e8f-84b2-a5bacc5afa97", + "type": "index-pattern" + }, + { + "id": "a57870ef-07d8-4d12-a067-8c66eefd10ca", + "name": "ce341abb-5aea-4712-969d-9748b4de78af:indexpattern-datasource-layer-16326d6b-8de2-4f2f-945f-3d9a23538c43", + "type": "index-pattern" + }, + { + "id": "a57870ef-07d8-4d12-a067-8c66eefd10ca", + "name": "5ff3e63e-e71b-4b11-a07c-9c1315d604ce:indexpattern-datasource-layer-4f761e14-aaf2-4318-ad8c-83d391b55ef3", + "type": "index-pattern" + }, + { + "id": "bb5226cd-c099-46d2-bb71-0257232c7d82", + "name": "controlGroup_2b9581fc-f55b-46f5-bf71-0cbfba5cc9ae:optionsListDataView", + "type": "index-pattern" + }, + { + "id": "a3922360-3de6-11ee-9610-15dee918f31a", + "name": "tag-ref-a3922360-3de6-11ee-9610-15dee918f31a", + "type": "tag" + }, + { + "id": "10af3800-10f3-11ee-af86-538da1394f27", + "name": "tag-ref-10af3800-10f3-11ee-af86-538da1394f27", + "type": "tag" + }, + { + "id": "e18d6100-3c85-11ee-9610-15dee918f31a", + "name": "tag-ref-e18d6100-3c85-11ee-9610-15dee918f31a", + "type": "tag" + }, + { + "id": "7b7ab4c0-3e02-11ee-9610-15dee918f31a", + "name": "tag-ref-7b7ab4c0-3e02-11ee-9610-15dee918f31a", + "type": "tag" + } + ], + "type": "dashboard", + "updated_at": "2023-08-23T20:47:46.348Z", + "version": "WzgyMTE0NywyMl0=" +} \ No newline at end of file diff --git a/packages/tychon/kibana/dashboard/tychon-b85e87c0-41ab-11ee-83e4-c92ed141b9e5-epp.json b/packages/tychon/kibana/dashboard/tychon-b85e87c0-41ab-11ee-83e4-c92ed141b9e5-epp.json new file mode 100644 index 00000000000..ac948619cd8 --- /dev/null +++ b/packages/tychon/kibana/dashboard/tychon-b85e87c0-41ab-11ee-83e4-c92ed141b9e5-epp.json @@ -0,0 +1,106 @@ +{ + "attributes": { + "controlGroupInput": { + "chainingSystem": "HIERARCHICAL", + "controlStyle": "oneLine", + "ignoreParentSettingsJSON": "{\"ignoreFilters\":false,\"ignoreQuery\":false,\"ignoreTimerange\":false,\"ignoreValidations\":false}", + "panelsJSON": "{\"a9a1905e-d884-49b1-9f30-bae69dd0f668\":{\"order\":0,\"width\":\"large\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"host.hostname\",\"title\":\"Hostname\",\"id\":\"a9a1905e-d884-49b1-9f30-bae69dd0f668\",\"existsSelected\":false,\"hideExists\":true,\"hideExclude\":true,\"singleSelect\":true,\"enhancements\":{}}}}" + }, + "description": "The \"TYCHON Endpoint Browser\" dashboard provides host visualization data for a single endpoint at a time. The dashboard is a set of several individual views broken down by tabs near the top of the screen. The TYCHON Endpoint Browser – Endpoint Protection view displays the status of your AV vendors and virtualization protection mechanisms, whether they are enabled, and if they are up to date.", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "optionsJSON": "{\"useMargins\":true,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}", + "panelsJSON": "[{\"version\":\"8.6.2\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":48,\"h\":3,\"i\":\"02c59767-547c-4cda-bba5-77ad8a00a068\"},\"panelIndex\":\"02c59767-547c-4cda-bba5-77ad8a00a068\",\"embeddableConfig\":{\"enhancements\":{},\"hidePanelTitles\":true},\"panelRefName\":\"panel_02c59767-547c-4cda-bba5-77ad8a00a068\"},{\"version\":\"8.6.2\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":3,\"w\":9,\"h\":10,\"i\":\"cefa3c11-9742-4955-9569-40a38489d62a\"},\"panelIndex\":\"cefa3c11-9742-4955-9569-40a38489d62a\",\"embeddableConfig\":{\"savedVis\":{\"id\":\"\",\"title\":\"\",\"description\":\"\",\"type\":\"markdown\",\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"### Endpoint Protections\\nTYCHON monitors the endpoint for installed endpoint protection software. TYCHON integrates with EPP vendors to report the status of each specific vendor and its features to ensure all the proper protections are in place.\"},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"enhancements\":{},\"hidePanelTitles\":true}},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":9,\"y\":3,\"w\":39,\"h\":5,\"i\":\"12e45058-431b-4504-a6ea-b37cdb08043d\"},\"panelIndex\":\"12e45058-431b-4504-a6ea-b37cdb08043d\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"6c3bf5e0-0feb-4113-a417-ac5e69cd6e00\",\"name\":\"indexpattern-datasource-layer-9aeae475-3f70-4b1f-8e37-3d09bb018588\"}],\"state\":{\"visualization\":{\"layerId\":\"9aeae475-3f70-4b1f-8e37-3d09bb018588\",\"layerType\":\"data\",\"columns\":[{\"columnId\":\"de290752-f19c-48d6-88b4-bbacb0a643ba\",\"alignment\":\"center\"},{\"columnId\":\"1a761e73-7d11-44ba-b41d-12792debe4cc\",\"isTransposed\":false,\"hidden\":true},{\"columnId\":\"7f900bc4-4ed6-456b-9e5f-b77e10a1109c\",\"isTransposed\":false,\"alignment\":\"center\"},{\"columnId\":\"6b4ec867-8b7e-4d41-8b61-5615715413eb\",\"isTransposed\":false,\"alignment\":\"center\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"9aeae475-3f70-4b1f-8e37-3d09bb018588\":{\"columns\":{\"de290752-f19c-48d6-88b4-bbacb0a643ba\":{\"label\":\"Elastic Defender Behavior Protection\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"elastic.service.endpoint.behavior_protection\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"1a761e73-7d11-44ba-b41d-12792debe4cc\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"1a761e73-7d11-44ba-b41d-12792debe4cc\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true}},\"7f900bc4-4ed6-456b-9e5f-b77e10a1109c\":{\"label\":\"Elastic Defender Anti-Malware\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"elastic.service.endpoint.malware\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"1a761e73-7d11-44ba-b41d-12792debe4cc\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"6b4ec867-8b7e-4d41-8b61-5615715413eb\":{\"label\":\"Elastic Defender Memory Protection\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"elastic.service.endpoint.memory_protection\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"1a761e73-7d11-44ba-b41d-12792debe4cc\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true}},\"columnOrder\":[\"de290752-f19c-48d6-88b4-bbacb0a643ba\",\"7f900bc4-4ed6-456b-9e5f-b77e10a1109c\",\"6b4ec867-8b7e-4d41-8b61-5615715413eb\",\"1a761e73-7d11-44ba-b41d-12792debe4cc\"],\"sampling\":1,\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Elastic Defender Feature Status\"},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":9,\"y\":8,\"w\":39,\"h\":5,\"i\":\"ea31c98b-3c46-4f95-a986-c4693b92b89e\"},\"panelIndex\":\"ea31c98b-3c46-4f95-a986-c4693b92b89e\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"9267bb1b-cf22-4417-8cfb-6606848140a7\",\"name\":\"indexpattern-datasource-layer-5387a34a-b7b2-4177-9083-335cf4e9a3bf\"}],\"state\":{\"visualization\":{\"layerId\":\"5387a34a-b7b2-4177-9083-335cf4e9a3bf\",\"layerType\":\"data\",\"columns\":[{\"columnId\":\"fdfec985-df5b-4716-b4b7-fc583b364c03\",\"alignment\":\"center\"},{\"columnId\":\"f6bca86d-5a9b-4e18-902b-a573c57e734f\",\"hidden\":true},{\"columnId\":\"3e2f3d28-d02f-4e67-954e-ca5dbf0f5cec\",\"isTransposed\":false,\"alignment\":\"center\"},{\"columnId\":\"bfc72b21-55c2-4913-bcff-15362a0f8500\",\"isTransposed\":false,\"alignment\":\"center\"},{\"columnId\":\"005add0c-a692-4d2d-9758-6beb27289076\",\"isTransposed\":false,\"alignment\":\"center\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"5387a34a-b7b2-4177-9083-335cf4e9a3bf\":{\"columns\":{\"fdfec985-df5b-4716-b4b7-fc583b364c03\":{\"label\":\"TPM Present\",\"dataType\":\"boolean\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.tpm.present\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"f6bca86d-5a9b-4e18-902b-a573c57e734f\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"f6bca86d-5a9b-4e18-902b-a573c57e734f\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true}},\"3e2f3d28-d02f-4e67-954e-ca5dbf0f5cec\":{\"label\":\"TPM Digest\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.tpm.digest.id\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"f6bca86d-5a9b-4e18-902b-a573c57e734f\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"bfc72b21-55c2-4913-bcff-15362a0f8500\":{\"label\":\"TPM Compliant\",\"dataType\":\"boolean\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.tpm.compliant\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"f6bca86d-5a9b-4e18-902b-a573c57e734f\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"005add0c-a692-4d2d-9758-6beb27289076\":{\"label\":\"TPM Version\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.tpm.version\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"f6bca86d-5a9b-4e18-902b-a573c57e734f\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true}},\"columnOrder\":[\"fdfec985-df5b-4716-b4b7-fc583b364c03\",\"3e2f3d28-d02f-4e67-954e-ca5dbf0f5cec\",\"bfc72b21-55c2-4913-bcff-15362a0f8500\",\"005add0c-a692-4d2d-9758-6beb27289076\",\"f6bca86d-5a9b-4e18-902b-a573c57e734f\"],\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Trusted Platform Module Status\"},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":13,\"w\":48,\"h\":5,\"i\":\"21705463-1697-44dc-9a09-62df26148332\"},\"panelIndex\":\"21705463-1697-44dc-9a09-62df26148332\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"6c3bf5e0-0feb-4113-a417-ac5e69cd6e00\",\"name\":\"indexpattern-datasource-layer-75c713fc-0fdd-431c-8bc6-ecfb247c176e\"}],\"state\":{\"visualization\":{\"columns\":[{\"columnId\":\"dd967aec-5d3a-4e98-b8bb-1861bff07184\",\"isTransposed\":false,\"colorMode\":\"none\",\"alignment\":\"center\",\"hidden\":true},{\"columnId\":\"d9295119-6956-41e0-8b42-ac2e47a370de\",\"isTransposed\":false,\"alignment\":\"center\"},{\"columnId\":\"e4e1c126-d5c4-4037-84c4-8eaf12358e54\",\"isTransposed\":false,\"alignment\":\"center\"},{\"columnId\":\"33408527-4b67-4ab8-985a-5f4b9bcb0618\",\"isTransposed\":false,\"alignment\":\"center\"},{\"columnId\":\"f01de7cd-f7e8-462d-baa9-896b85f6c3eb\",\"isTransposed\":false,\"alignment\":\"center\"},{\"columnId\":\"6956a5b0-f8ac-48c5-befe-9e3b671f2639\",\"isTransposed\":false,\"alignment\":\"center\"},{\"columnId\":\"5133c9fb-f2af-4ded-ace4-bf47124e75e3\",\"isTransposed\":false,\"alignment\":\"center\"},{\"columnId\":\"5560824c-b749-475f-8423-603ee0107b9e\",\"isTransposed\":false,\"alignment\":\"center\"}],\"layerId\":\"75c713fc-0fdd-431c-8bc6-ecfb247c176e\",\"layerType\":\"data\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"75c713fc-0fdd-431c-8bc6-ecfb247c176e\":{\"columns\":{\"dd967aec-5d3a-4e98-b8bb-1861bff07184\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true}},\"d9295119-6956-41e0-8b42-ac2e47a370de\":{\"label\":\"Elastic Agent Version\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"elastic.service.agent.version\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"dd967aec-5d3a-4e98-b8bb-1861bff07184\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"e4e1c126-d5c4-4037-84c4-8eaf12358e54\":{\"label\":\"Trellix ENS Version\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"trellix.service.ens.version\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"dd967aec-5d3a-4e98-b8bb-1861bff07184\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"33408527-4b67-4ab8-985a-5f4b9bcb0618\":{\"label\":\"Trellix PA Version\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"trellix.service.pa.version\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"dd967aec-5d3a-4e98-b8bb-1861bff07184\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false,\"secondaryFields\":[]},\"customLabel\":true},\"f01de7cd-f7e8-462d-baa9-896b85f6c3eb\":{\"label\":\"Trellix DLP Version\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"trellix.service.dlp.version\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"dd967aec-5d3a-4e98-b8bb-1861bff07184\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"6956a5b0-f8ac-48c5-befe-9e3b671f2639\":{\"label\":\"ACCM Version\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"trellix.service.accm.version\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"dd967aec-5d3a-4e98-b8bb-1861bff07184\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"5133c9fb-f2af-4ded-ace4-bf47124e75e3\":{\"label\":\"RSD Version\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"trellix.service.rsd.version\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"dd967aec-5d3a-4e98-b8bb-1861bff07184\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"5560824c-b749-475f-8423-603ee0107b9e\":{\"label\":\"Elastic Endpoint Version\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"elastic.service.endpoint.version\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"dd967aec-5d3a-4e98-b8bb-1861bff07184\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true}},\"columnOrder\":[\"d9295119-6956-41e0-8b42-ac2e47a370de\",\"5560824c-b749-475f-8423-603ee0107b9e\",\"e4e1c126-d5c4-4037-84c4-8eaf12358e54\",\"33408527-4b67-4ab8-985a-5f4b9bcb0618\",\"f01de7cd-f7e8-462d-baa9-896b85f6c3eb\",\"5133c9fb-f2af-4ded-ace4-bf47124e75e3\",\"6956a5b0-f8ac-48c5-befe-9e3b671f2639\",\"dd967aec-5d3a-4e98-b8bb-1861bff07184\"],\"sampling\":1,\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Third-Party Protection Software Versions\"},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":18,\"w\":48,\"h\":5,\"i\":\"a8c6851c-3730-4c20-b9e0-43af84a176d0\"},\"panelIndex\":\"a8c6851c-3730-4c20-b9e0-43af84a176d0\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"6c3bf5e0-0feb-4113-a417-ac5e69cd6e00\",\"name\":\"indexpattern-datasource-layer-04332c65-6c71-4235-8823-49823d7deda5\"}],\"state\":{\"visualization\":{\"columns\":[{\"columnId\":\"dbfeb47c-32b6-474c-8677-dae820f07b2d\",\"isTransposed\":false,\"hidden\":true},{\"columnId\":\"512f9032-b127-4739-b5bf-3eb959638ff5\",\"isTransposed\":false,\"alignment\":\"center\"},{\"columnId\":\"f4d3274b-0ee5-442f-8eeb-b41e5fa7f953\",\"isTransposed\":false,\"alignment\":\"center\"},{\"columnId\":\"91e23a0c-ed3b-4ad7-bc5e-53f4c6fab562\",\"isTransposed\":false,\"alignment\":\"center\"},{\"columnId\":\"cf12a36e-89b5-4367-b35f-9afb91f70d09\",\"isTransposed\":false,\"alignment\":\"center\"},{\"columnId\":\"c05bb470-b273-4a26-bf5d-a81b3c58767f\",\"isTransposed\":false,\"alignment\":\"center\"},{\"columnId\":\"76f77c25-4df6-4e7a-94ec-a88f4e9c8677\",\"isTransposed\":false,\"alignment\":\"center\"},{\"columnId\":\"0ac16482-70d8-47af-9017-43495072b88a\",\"isTransposed\":false,\"alignment\":\"center\"}],\"layerId\":\"04332c65-6c71-4235-8823-49823d7deda5\",\"layerType\":\"data\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"04332c65-6c71-4235-8823-49823d7deda5\":{\"columns\":{\"dbfeb47c-32b6-474c-8677-dae820f07b2d\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true}},\"512f9032-b127-4739-b5bf-3eb959638ff5\":{\"label\":\"Elastic Agent Status\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"elastic.service.agent.status\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"dbfeb47c-32b6-474c-8677-dae820f07b2d\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"f4d3274b-0ee5-442f-8eeb-b41e5fa7f953\":{\"label\":\"Elastic Endpoint Status\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"elastic.service.endpoint.status\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"dbfeb47c-32b6-474c-8677-dae820f07b2d\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"91e23a0c-ed3b-4ad7-bc5e-53f4c6fab562\":{\"label\":\"Trellix ENS Status\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"trellix.service.ens.status\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"dbfeb47c-32b6-474c-8677-dae820f07b2d\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"cf12a36e-89b5-4367-b35f-9afb91f70d09\":{\"label\":\"Trellix DLP Status\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"trellix.service.dlp.status\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"dbfeb47c-32b6-474c-8677-dae820f07b2d\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"c05bb470-b273-4a26-bf5d-a81b3c58767f\":{\"label\":\"Trellix PA Status\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"trellix.service.pa.status\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"dbfeb47c-32b6-474c-8677-dae820f07b2d\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"76f77c25-4df6-4e7a-94ec-a88f4e9c8677\":{\"label\":\"Trellix RSD Status\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"trellix.service.rsd.status\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"dbfeb47c-32b6-474c-8677-dae820f07b2d\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"0ac16482-70d8-47af-9017-43495072b88a\":{\"label\":\"ACCM Status\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"trellix.service.accm.status\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"dbfeb47c-32b6-474c-8677-dae820f07b2d\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true}},\"columnOrder\":[\"512f9032-b127-4739-b5bf-3eb959638ff5\",\"f4d3274b-0ee5-442f-8eeb-b41e5fa7f953\",\"91e23a0c-ed3b-4ad7-bc5e-53f4c6fab562\",\"c05bb470-b273-4a26-bf5d-a81b3c58767f\",\"cf12a36e-89b5-4367-b35f-9afb91f70d09\",\"76f77c25-4df6-4e7a-94ec-a88f4e9c8677\",\"0ac16482-70d8-47af-9017-43495072b88a\",\"dbfeb47c-32b6-474c-8677-dae820f07b2d\"],\"sampling\":1,\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Third-Party Protection Software Status\"},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":23,\"w\":48,\"h\":5,\"i\":\"52a76f9f-e799-4d4a-b9e4-eae7014038e4\"},\"panelIndex\":\"52a76f9f-e799-4d4a-b9e4-eae7014038e4\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"6c3bf5e0-0feb-4113-a417-ac5e69cd6e00\",\"name\":\"indexpattern-datasource-layer-ef2f26c8-3d23-4b27-b103-3f0ad7394111\"}],\"state\":{\"visualization\":{\"columns\":[{\"columnId\":\"eb149617-f610-4378-ba74-d639147b5601\",\"isTransposed\":false,\"hidden\":true},{\"columnId\":\"29924658-9aa3-42ea-bd98-79e173958e42\",\"isTransposed\":false,\"alignment\":\"center\"},{\"columnId\":\"33c42b63-ee69-433c-95af-9d7d01e4f845\",\"isTransposed\":false,\"alignment\":\"center\"},{\"columnId\":\"a052e49e-e5ef-4c10-97df-d5c3f372f8ac\",\"isTransposed\":false,\"alignment\":\"center\"},{\"columnId\":\"221eaf8f-2283-4ee5-b4b7-8b3236f6d621\",\"isTransposed\":false,\"alignment\":\"center\"},{\"columnId\":\"d88f0d3a-2942-49fc-bd63-a971fa819412\",\"isTransposed\":false,\"alignment\":\"center\"},{\"columnId\":\"06750c7f-0d30-41c5-a4b7-cb1d59756b91\",\"isTransposed\":false,\"alignment\":\"center\"}],\"layerId\":\"ef2f26c8-3d23-4b27-b103-3f0ad7394111\",\"layerType\":\"data\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"ef2f26c8-3d23-4b27-b103-3f0ad7394111\":{\"columns\":{\"eb149617-f610-4378-ba74-d639147b5601\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true}},\"29924658-9aa3-42ea-bd98-79e173958e42\":{\"label\":\"Windows Defender Anti-Malware\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"windows_defender.service.antimalware.status\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"eb149617-f610-4378-ba74-d639147b5601\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"33c42b63-ee69-433c-95af-9d7d01e4f845\":{\"label\":\"Windows Defender Anti-Spyware\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"windows_defender.service.antispyware.status\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"eb149617-f610-4378-ba74-d639147b5601\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"a052e49e-e5ef-4c10-97df-d5c3f372f8ac\":{\"label\":\"Windows Defender Anti-Virus \",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"windows_defender.service.antivirus.status\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"eb149617-f610-4378-ba74-d639147b5601\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"221eaf8f-2283-4ee5-b4b7-8b3236f6d621\":{\"label\":\"Windows Defender Real-Time Protection\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"windows_defender.service.real_time_protection.status\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"eb149617-f610-4378-ba74-d639147b5601\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"d88f0d3a-2942-49fc-bd63-a971fa819412\":{\"label\":\"Windows Defender NIS\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"windows_defender.service.nis.status\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"eb149617-f610-4378-ba74-d639147b5601\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"06750c7f-0d30-41c5-a4b7-cb1d59756b91\":{\"label\":\"Windows Defender On-Access Protection\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"windows_defender.service.on_access_protection.status\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"eb149617-f610-4378-ba74-d639147b5601\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true}},\"columnOrder\":[\"29924658-9aa3-42ea-bd98-79e173958e42\",\"33c42b63-ee69-433c-95af-9d7d01e4f845\",\"a052e49e-e5ef-4c10-97df-d5c3f372f8ac\",\"221eaf8f-2283-4ee5-b4b7-8b3236f6d621\",\"d88f0d3a-2942-49fc-bd63-a971fa819412\",\"06750c7f-0d30-41c5-a4b7-cb1d59756b91\",\"eb149617-f610-4378-ba74-d639147b5601\"],\"sampling\":1,\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Windows Defender Feature Status\"},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":28,\"w\":48,\"h\":5,\"i\":\"8ad0f3f2-f823-482a-94f5-438a5f4e63ad\"},\"panelIndex\":\"8ad0f3f2-f823-482a-94f5-438a5f4e63ad\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"6c3bf5e0-0feb-4113-a417-ac5e69cd6e00\",\"name\":\"indexpattern-datasource-layer-6cde8617-3e7c-4778-a329-d928e36d7275\"}],\"state\":{\"visualization\":{\"columns\":[{\"columnId\":\"beb6fb15-943b-4309-90f7-f4dce874a09b\",\"isTransposed\":false,\"alignment\":\"center\"},{\"columnId\":\"2ecb665e-6607-46bb-b133-227e2a1f86e5\",\"isTransposed\":false,\"hidden\":true},{\"columnId\":\"f99c5f5c-ed39-4708-a69a-8cb9dafd18c0\",\"isTransposed\":false,\"alignment\":\"center\"},{\"columnId\":\"7c6804a4-01e8-4d63-abeb-403c9080dfa2\",\"isTransposed\":false,\"alignment\":\"center\"},{\"columnId\":\"f6f3cda8-645f-4d93-9b56-259ea57e96ba\",\"isTransposed\":false,\"alignment\":\"center\"},{\"columnId\":\"c4d70098-785e-4a47-814e-9e380659c08a\",\"isTransposed\":false,\"alignment\":\"center\"}],\"layerId\":\"6cde8617-3e7c-4778-a329-d928e36d7275\",\"layerType\":\"data\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"6cde8617-3e7c-4778-a329-d928e36d7275\":{\"columns\":{\"beb6fb15-943b-4309-90f7-f4dce874a09b\":{\"label\":\"Windows Defender Anti-Malware\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"windows_defender.service.antimalware.signature_version\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"2ecb665e-6607-46bb-b133-227e2a1f86e5\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false,\"secondaryFields\":[]},\"customLabel\":true},\"2ecb665e-6607-46bb-b133-227e2a1f86e5\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true}},\"f99c5f5c-ed39-4708-a69a-8cb9dafd18c0\":{\"label\":\"Windows Defender Anit-Spyware\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"windows_defender.service.antispyware.signature_version\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"2ecb665e-6607-46bb-b133-227e2a1f86e5\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"7c6804a4-01e8-4d63-abeb-403c9080dfa2\":{\"label\":\"Windows Defender AV\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"windows_defender.service.antivirus.full_scan.signature_version\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"2ecb665e-6607-46bb-b133-227e2a1f86e5\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"f6f3cda8-645f-4d93-9b56-259ea57e96ba\":{\"label\":\"Windows Defender NIS\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"windows_defender.service.nis.signature_version\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"2ecb665e-6607-46bb-b133-227e2a1f86e5\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"c4d70098-785e-4a47-814e-9e380659c08a\":{\"label\":\"Trellix ENS\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"trellix.service.ens.signature_version\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"2ecb665e-6607-46bb-b133-227e2a1f86e5\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true}},\"columnOrder\":[\"c4d70098-785e-4a47-814e-9e380659c08a\",\"beb6fb15-943b-4309-90f7-f4dce874a09b\",\"f99c5f5c-ed39-4708-a69a-8cb9dafd18c0\",\"7c6804a4-01e8-4d63-abeb-403c9080dfa2\",\"f6f3cda8-645f-4d93-9b56-259ea57e96ba\",\"2ecb665e-6607-46bb-b133-227e2a1f86e5\"],\"sampling\":1,\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Endpoint Protection Signature Versions\"},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":33,\"w\":48,\"h\":5,\"i\":\"165a86cb-4d74-46e5-b01a-c8aa699bb62d\"},\"panelIndex\":\"165a86cb-4d74-46e5-b01a-c8aa699bb62d\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"9267bb1b-cf22-4417-8cfb-6606848140a7\",\"name\":\"indexpattern-datasource-layer-2c3e9bfb-f184-4fcc-8cf0-289375d17465\"}],\"state\":{\"visualization\":{\"columns\":[{\"columnId\":\"407f21d2-19c4-4989-af6d-6d1874ed4adb\",\"isTransposed\":false,\"alignment\":\"center\"},{\"columnId\":\"b16cb63b-c175-474d-92c1-8a4259f824a6\",\"isTransposed\":false,\"hidden\":true},{\"columnId\":\"dfcfe55f-7ed2-414e-a58c-5ce22504f040\",\"isTransposed\":false,\"alignment\":\"center\"},{\"columnId\":\"485d3df1-2842-46fa-8709-b9e1c226c7fa\",\"isTransposed\":false,\"alignment\":\"center\"},{\"columnId\":\"e4001a32-8acc-4546-ad61-096ef4ada2da\",\"isTransposed\":false,\"alignment\":\"center\"},{\"columnId\":\"20655296-06de-4a2f-8c5c-d3f11575f76b\",\"isTransposed\":false,\"alignment\":\"center\"},{\"columnId\":\"93d9fdc5-1776-4120-b653-35f6ade218ff\",\"isTransposed\":false,\"alignment\":\"center\"},{\"columnId\":\"6d17a739-c24f-47da-8215-5f85d7fab0eb\",\"isTransposed\":false,\"alignment\":\"center\"},{\"columnId\":\"5aaf01cb-a91c-4863-b03b-7df01d5b0139\",\"isTransposed\":false,\"alignment\":\"center\"}],\"layerId\":\"2c3e9bfb-f184-4fcc-8cf0-289375d17465\",\"layerType\":\"data\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"2c3e9bfb-f184-4fcc-8cf0-289375d17465\":{\"columns\":{\"407f21d2-19c4-4989-af6d-6d1874ed4adb\":{\"label\":\"Credential Guard Enabled\",\"dataType\":\"boolean\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"event.deviceguard.credentialguard.enabled\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"b16cb63b-c175-474d-92c1-8a4259f824a6\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"b16cb63b-c175-474d-92c1-8a4259f824a6\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true}},\"dfcfe55f-7ed2-414e-a58c-5ce22504f040\":{\"label\":\"Credential Guard Running\",\"dataType\":\"boolean\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"event.deviceguard.credentialguard.running\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"b16cb63b-c175-474d-92c1-8a4259f824a6\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"485d3df1-2842-46fa-8709-b9e1c226c7fa\":{\"label\":\"Device Guard Version\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"event.deviceguard.version\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"b16cb63b-c175-474d-92c1-8a4259f824a6\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"e4001a32-8acc-4546-ad61-096ef4ada2da\":{\"label\":\"Secure Boot Available\",\"dataType\":\"boolean\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"event.deviceguard.secureboot.available\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"b16cb63b-c175-474d-92c1-8a4259f824a6\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"20655296-06de-4a2f-8c5c-d3f11575f76b\":{\"label\":\"Usermode Integrity Policy Enforcement\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"event.deviceguard.usermodecodeintegrity.policyenforcement\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"b16cb63b-c175-474d-92c1-8a4259f824a6\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"93d9fdc5-1776-4120-b653-35f6ade218ff\":{\"label\":\"Virtualization Based Security\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"event.deviceguard.virtualizationbasedsecurity.status\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"b16cb63b-c175-474d-92c1-8a4259f824a6\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"6d17a739-c24f-47da-8215-5f85d7fab0eb\":{\"label\":\"Secure Launch Enabled\",\"dataType\":\"boolean\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"event.deviceguard.systemguardsecurelaunch.enabled\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"b16cb63b-c175-474d-92c1-8a4259f824a6\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"5aaf01cb-a91c-4863-b03b-7df01d5b0139\":{\"label\":\"UFI Enabled\",\"dataType\":\"boolean\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"event.ufi.enabled\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"b16cb63b-c175-474d-92c1-8a4259f824a6\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true}},\"columnOrder\":[\"407f21d2-19c4-4989-af6d-6d1874ed4adb\",\"dfcfe55f-7ed2-414e-a58c-5ce22504f040\",\"485d3df1-2842-46fa-8709-b9e1c226c7fa\",\"e4001a32-8acc-4546-ad61-096ef4ada2da\",\"20655296-06de-4a2f-8c5c-d3f11575f76b\",\"93d9fdc5-1776-4120-b653-35f6ade218ff\",\"6d17a739-c24f-47da-8215-5f85d7fab0eb\",\"5aaf01cb-a91c-4863-b03b-7df01d5b0139\",\"b16cb63b-c175-474d-92c1-8a4259f824a6\"],\"sampling\":1,\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Windows Security Settings\"}]", + "refreshInterval": { + "pause": true, + "value": 0 + }, + "timeFrom": "now-7d/d", + "timeRestore": true, + "timeTo": "now", + "title": "[TYCHON] Endpoint Browser - Endpoint Protection", + "version": 1 + }, + "coreMigrationVersion": "8.6.2", + "created_at": "2023-08-23T20:53:06.434Z", + "id": "tychon-b85e87c0-41ab-11ee-83e4-c92ed141b9e5-epp", + "migrationVersion": { + "dashboard": "8.6.0" + }, + "references": [ + { + "id": "tychon-ee4b44b0-40e6-11ee-8111-21f5f34f6dfc", + "name": "02c59767-547c-4cda-bba5-77ad8a00a068:panel_02c59767-547c-4cda-bba5-77ad8a00a068", + "type": "visualization" + }, + { + "id": "6c3bf5e0-0feb-4113-a417-ac5e69cd6e00", + "name": "12e45058-431b-4504-a6ea-b37cdb08043d:indexpattern-datasource-layer-9aeae475-3f70-4b1f-8e37-3d09bb018588", + "type": "index-pattern" + }, + { + "id": "9267bb1b-cf22-4417-8cfb-6606848140a7", + "name": "ea31c98b-3c46-4f95-a986-c4693b92b89e:indexpattern-datasource-layer-5387a34a-b7b2-4177-9083-335cf4e9a3bf", + "type": "index-pattern" + }, + { + "id": "6c3bf5e0-0feb-4113-a417-ac5e69cd6e00", + "name": "21705463-1697-44dc-9a09-62df26148332:indexpattern-datasource-layer-75c713fc-0fdd-431c-8bc6-ecfb247c176e", + "type": "index-pattern" + }, + { + "id": "6c3bf5e0-0feb-4113-a417-ac5e69cd6e00", + "name": "a8c6851c-3730-4c20-b9e0-43af84a176d0:indexpattern-datasource-layer-04332c65-6c71-4235-8823-49823d7deda5", + "type": "index-pattern" + }, + { + "id": "6c3bf5e0-0feb-4113-a417-ac5e69cd6e00", + "name": "52a76f9f-e799-4d4a-b9e4-eae7014038e4:indexpattern-datasource-layer-ef2f26c8-3d23-4b27-b103-3f0ad7394111", + "type": "index-pattern" + }, + { + "id": "6c3bf5e0-0feb-4113-a417-ac5e69cd6e00", + "name": "8ad0f3f2-f823-482a-94f5-438a5f4e63ad:indexpattern-datasource-layer-6cde8617-3e7c-4778-a329-d928e36d7275", + "type": "index-pattern" + }, + { + "id": "9267bb1b-cf22-4417-8cfb-6606848140a7", + "name": "165a86cb-4d74-46e5-b01a-c8aa699bb62d:indexpattern-datasource-layer-2c3e9bfb-f184-4fcc-8cf0-289375d17465", + "type": "index-pattern" + }, + { + "id": "bb5226cd-c099-46d2-bb71-0257232c7d82", + "name": "controlGroup_a9a1905e-d884-49b1-9f30-bae69dd0f668:optionsListDataView", + "type": "index-pattern" + }, + { + "id": "a3922360-3de6-11ee-9610-15dee918f31a", + "name": "tag-ref-a3922360-3de6-11ee-9610-15dee918f31a", + "type": "tag" + }, + { + "id": "e18d6100-3c85-11ee-9610-15dee918f31a", + "name": "tag-ref-e18d6100-3c85-11ee-9610-15dee918f31a", + "type": "tag" + }, + { + "id": "10af3800-10f3-11ee-af86-538da1394f27", + "name": "tag-ref-10af3800-10f3-11ee-af86-538da1394f27", + "type": "tag" + }, + { + "id": "39b55820-10f2-11ee-af86-538da1394f27", + "name": "tag-ref-39b55820-10f2-11ee-af86-538da1394f27", + "type": "tag" + }, + { + "id": "bae88930-1133-11ee-af86-538da1394f27", + "name": "tag-ref-bae88930-1133-11ee-af86-538da1394f27", + "type": "tag" + } + ], + "type": "dashboard", + "updated_at": "2023-08-23T20:53:06.434Z", + "version": "WzgyMTYxNywyMl0=" +} \ No newline at end of file diff --git a/packages/tychon/kibana/dashboard/tychon-cb312af0-3d4c-11ee-9610-15dee918f31a-arp.json b/packages/tychon/kibana/dashboard/tychon-cb312af0-3d4c-11ee-9610-15dee918f31a-arp.json new file mode 100644 index 00000000000..6c4798875b6 --- /dev/null +++ b/packages/tychon/kibana/dashboard/tychon-cb312af0-3d4c-11ee-9610-15dee918f31a-arp.json @@ -0,0 +1,80 @@ +{ + "attributes": { + "description": "TYCHON captures ARP tables from endpoints. It tracks new ARP table entries and updates previously captured ones. Historical tracking is for previously found ARP lookups that are no longer seen.", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "optionsJSON": "{\"useMargins\":true,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}", + "panelsJSON": "[{\"version\":\"8.6.2\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":5,\"h\":17,\"i\":\"590b900e-fdb0-4f3f-8b3f-27fcaa636c0c\"},\"panelIndex\":\"590b900e-fdb0-4f3f-8b3f-27fcaa636c0c\",\"embeddableConfig\":{\"savedVis\":{\"id\":\"\",\"title\":\"\",\"description\":\"\",\"type\":\"markdown\",\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"## ARP Tables\\n\\n**Overview** \\\\\\nTYCHON collects ARP tables every 30 minutes from endpoints and returns results to Elasticsearch. TYCHON assigns each ARP connection a unique identifier and updates previously captured ARP data. When TYCHON recognizes the same data, it updates the information. However, if TYCHON stops reporting an ARP entry, it is not removed. Therefore, this data is both the current ARP table and a historical view of ARP entries.\"},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"hidePanelTitles\":true,\"enhancements\":{}}},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":5,\"y\":0,\"w\":13,\"h\":52,\"i\":\"ce775759-5615-4c75-9ef3-2a0330abbf25\"},\"panelIndex\":\"ce775759-5615-4c75-9ef3-2a0330abbf25\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"8532a0b4-2a02-4dfa-b6aa-aabe01125b61\",\"name\":\"indexpattern-datasource-layer-afc52d89-e35c-44fa-9d4f-3edd6b5dd245\"}],\"state\":{\"visualization\":{\"layerId\":\"afc52d89-e35c-44fa-9d4f-3edd6b5dd245\",\"layerType\":\"data\",\"columns\":[{\"columnId\":\"648d98c9-1dfe-4a03-92dd-95529f0c34d4\",\"oneClickFilter\":true},{\"columnId\":\"07fe3a38-3801-46d4-a87b-f6c09df2cb56\",\"alignment\":\"right\",\"isTransposed\":false},{\"columnId\":\"8d87ad64-7076-47a7-ad7a-0b4ccf48b95e\",\"isTransposed\":false,\"alignment\":\"center\"},{\"columnId\":\"7ca8b3cd-e25c-47f2-a92e-51bc61e138b5\",\"isTransposed\":false,\"alignment\":\"center\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"afc52d89-e35c-44fa-9d4f-3edd6b5dd245\":{\"columns\":{\"648d98c9-1dfe-4a03-92dd-95529f0c34d4\":{\"label\":\"Hostname\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.hostname\",\"isBucketed\":true,\"params\":{\"size\":100,\"orderBy\":{\"type\":\"column\",\"columnId\":\"07fe3a38-3801-46d4-a87b-f6c09df2cb56\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"07fe3a38-3801-46d4-a87b-f6c09df2cb56\":{\"label\":\"Number of ARP Records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"destination.mac\",\"params\":{\"emptyAsNull\":true},\"customLabel\":true},\"8d87ad64-7076-47a7-ad7a-0b4ccf48b95e\":{\"label\":\"Unique IPs\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"destination.ip\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":true},\"customLabel\":true},\"7ca8b3cd-e25c-47f2-a92e-51bc61e138b5\":{\"label\":\"Unique MACs\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"destination.mac\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":true},\"customLabel\":true}},\"columnOrder\":[\"648d98c9-1dfe-4a03-92dd-95529f0c34d4\",\"8d87ad64-7076-47a7-ad7a-0b4ccf48b95e\",\"7ca8b3cd-e25c-47f2-a92e-51bc61e138b5\",\"07fe3a38-3801-46d4-a87b-f6c09df2cb56\"],\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{\"dynamicActions\":{\"events\":[{\"eventId\":\"e9dae9b3-8ad2-444c-97e2-fdaa1f8a3a34\",\"triggers\":[\"FILTER_TRIGGER\"],\"action\":{\"factoryId\":\"DASHBOARD_TO_DASHBOARD_DRILLDOWN\",\"name\":\"View TYCHON Host Connection Details\",\"config\":{\"useCurrentFilters\":true,\"useCurrentDateRange\":true,\"openInNewTab\":false}}}]}}},\"title\":\"Endpoint List\"},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":18,\"y\":0,\"w\":6,\"h\":52,\"i\":\"a718b065-8aa4-4122-8209-9e8166809166\"},\"panelIndex\":\"a718b065-8aa4-4122-8209-9e8166809166\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"8532a0b4-2a02-4dfa-b6aa-aabe01125b61\",\"name\":\"indexpattern-datasource-layer-75e99f33-af21-4c5b-bf43-27e613d19f1e\"}],\"state\":{\"visualization\":{\"layerId\":\"75e99f33-af21-4c5b-bf43-27e613d19f1e\",\"layerType\":\"data\",\"columns\":[{\"columnId\":\"76ad0139-f4ce-47f6-8d1a-e3c6c545de46\"},{\"columnId\":\"3d56cfc4-b5ca-4f33-99e7-26bea3bb0781\",\"isTransposed\":false,\"hidden\":true}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"75e99f33-af21-4c5b-bf43-27e613d19f1e\":{\"columns\":{\"76ad0139-f4ce-47f6-8d1a-e3c6c545de46\":{\"label\":\"Network Interface\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"network.interface\",\"isBucketed\":true,\"params\":{\"size\":100,\"orderBy\":{\"type\":\"column\",\"columnId\":\"3d56cfc4-b5ca-4f33-99e7-26bea3bb0781\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"3d56cfc4-b5ca-4f33-99e7-26bea3bb0781\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true}}},\"columnOrder\":[\"76ad0139-f4ce-47f6-8d1a-e3c6c545de46\",\"3d56cfc4-b5ca-4f33-99e7-26bea3bb0781\"],\"sampling\":1,\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Interfaces\"},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":0,\"w\":24,\"h\":52,\"i\":\"cdc2012f-9e23-4d08-b87d-df42e57ba04f\"},\"panelIndex\":\"cdc2012f-9e23-4d08-b87d-df42e57ba04f\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"8532a0b4-2a02-4dfa-b6aa-aabe01125b61\",\"name\":\"indexpattern-datasource-layer-939ae107-5b48-47e3-a385-121998a30d18\"}],\"state\":{\"visualization\":{\"layerId\":\"939ae107-5b48-47e3-a385-121998a30d18\",\"layerType\":\"data\",\"columns\":[{\"columnId\":\"629fcd61-a24e-4c3f-9756-8e1ab90bca37\",\"oneClickFilter\":true},{\"columnId\":\"e5341642-c7db-4c93-b27d-47844eeb8ee6\",\"isTransposed\":false},{\"columnId\":\"1e935b13-21c4-4c7c-bbdd-6cd440f9c198\",\"isTransposed\":false,\"oneClickFilter\":true},{\"columnId\":\"ab8a2ee6-37ba-424c-8e09-f59a80cdc5c2\",\"isTransposed\":false},{\"columnId\":\"432028bb-1cb7-44a8-8446-0f3f023112c4\",\"isTransposed\":false,\"alignment\":\"right\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"939ae107-5b48-47e3-a385-121998a30d18\":{\"columns\":{\"629fcd61-a24e-4c3f-9756-8e1ab90bca37\":{\"label\":\"IP Address\",\"dataType\":\"ip\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"destination.ip\",\"isBucketed\":true,\"params\":{\"size\":100,\"orderBy\":{\"type\":\"column\",\"columnId\":\"e5341642-c7db-4c93-b27d-47844eeb8ee6\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"e5341642-c7db-4c93-b27d-47844eeb8ee6\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true}},\"1e935b13-21c4-4c7c-bbdd-6cd440f9c198\":{\"label\":\"MAC Address\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"destination.mac\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"e5341642-c7db-4c93-b27d-47844eeb8ee6\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"ab8a2ee6-37ba-424c-8e09-f59a80cdc5c2\":{\"label\":\"Hostname\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"destination.name\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"e5341642-c7db-4c93-b27d-47844eeb8ee6\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"432028bb-1cb7-44a8-8446-0f3f023112c4\":{\"label\":\"Last Seen\",\"dataType\":\"date\",\"operationType\":\"last_value\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"@timestamp\",\"filter\":{\"query\":\"@timestamp: *\",\"language\":\"kuery\"},\"params\":{\"sortField\":\"@timestamp\"},\"customLabel\":true}},\"columnOrder\":[\"629fcd61-a24e-4c3f-9756-8e1ab90bca37\",\"1e935b13-21c4-4c7c-bbdd-6cd440f9c198\",\"ab8a2ee6-37ba-424c-8e09-f59a80cdc5c2\",\"432028bb-1cb7-44a8-8446-0f3f023112c4\",\"e5341642-c7db-4c93-b27d-47844eeb8ee6\"],\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{\"dynamicActions\":{\"events\":[{\"eventId\":\"452d1f2a-645c-4b66-85da-ad52242236bf\",\"triggers\":[\"VALUE_CLICK_TRIGGER\"],\"action\":{\"factoryId\":\"URL_DRILLDOWN\",\"name\":\"Search Google\",\"config\":{\"url\":{\"template\":\"https://google.com/search?q={{event.value}}\"},\"openInNewTab\":true,\"encodeUrl\":true}}},{\"eventId\":\"70b722a9-59f3-4b68-8341-0cda9ef41b28\",\"triggers\":[\"VALUE_CLICK_TRIGGER\"],\"action\":{\"factoryId\":\"URL_DRILLDOWN\",\"name\":\"Lookup MAC Address\",\"config\":{\"url\":{\"template\":\"https://maclookup.app/search/result?mac={{event.value}}\"},\"openInNewTab\":true,\"encodeUrl\":true}}}]}}},\"title\":\"ARP Table\"},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":17,\"w\":5,\"h\":12,\"i\":\"4a40f01c-b8af-4bb3-832b-de481355be2f\"},\"panelIndex\":\"4a40f01c-b8af-4bb3-832b-de481355be2f\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsLegacyMetric\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"8532a0b4-2a02-4dfa-b6aa-aabe01125b61\",\"name\":\"indexpattern-datasource-layer-8199203d-fd63-4a05-9df6-38bfa2c6eb74\"},{\"type\":\"index-pattern\",\"name\":\"eec5b6be-b56e-44ea-b6df-dc957dd00778\",\"id\":\"8532a0b4-2a02-4dfa-b6aa-aabe01125b61\"}],\"state\":{\"visualization\":{\"layerId\":\"8199203d-fd63-4a05-9df6-38bfa2c6eb74\",\"accessor\":\"e016cc96-3489-4383-a9c1-865a5ba8f0dd\",\"layerType\":\"data\",\"titlePosition\":\"bottom\",\"textAlign\":\"center\",\"size\":\"xl\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[{\"meta\":{\"index\":\"eec5b6be-b56e-44ea-b6df-dc957dd00778\",\"type\":\"exists\",\"key\":\"destination.mac\",\"value\":\"exists\",\"disabled\":false,\"negate\":false,\"alias\":null},\"query\":{\"exists\":{\"field\":\"destination.mac\"}},\"$state\":{\"store\":\"appState\"}}],\"datasourceStates\":{\"formBased\":{\"layers\":{\"8199203d-fd63-4a05-9df6-38bfa2c6eb74\":{\"columns\":{\"e016cc96-3489-4383-a9c1-865a5ba8f0dd\":{\"label\":\"Unique MAC Addresses\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"destination.mac\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":true},\"customLabel\":true}},\"columnOrder\":[\"e016cc96-3489-4383-a9c1-865a5ba8f0dd\"],\"sampling\":1,\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":true,\"enhancements\":{}}},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":29,\"w\":5,\"h\":12,\"i\":\"4139858c-c579-479b-aad7-90883296a136\"},\"panelIndex\":\"4139858c-c579-479b-aad7-90883296a136\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsLegacyMetric\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"8532a0b4-2a02-4dfa-b6aa-aabe01125b61\",\"name\":\"indexpattern-datasource-layer-25e8d64c-1846-4743-950d-89d0fb6f1113\"}],\"state\":{\"visualization\":{\"layerId\":\"25e8d64c-1846-4743-950d-89d0fb6f1113\",\"accessor\":\"976f2848-673c-414f-bc8d-fb5f861fc48e\",\"layerType\":\"data\",\"textAlign\":\"center\",\"size\":\"xl\",\"titlePosition\":\"bottom\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"25e8d64c-1846-4743-950d-89d0fb6f1113\":{\"columns\":{\"976f2848-673c-414f-bc8d-fb5f861fc48e\":{\"label\":\"Unique IP Addresses\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"destination.ip\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":true},\"customLabel\":true}},\"columnOrder\":[\"976f2848-673c-414f-bc8d-fb5f861fc48e\"],\"sampling\":1,\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":true,\"enhancements\":{}}}]", + "refreshInterval": { + "pause": true, + "value": 0 + }, + "timeFrom": "now-30d/d", + "timeRestore": true, + "timeTo": "now", + "title": "[TYCHON] ARP Tables", + "version": 1 + }, + "coreMigrationVersion": "8.6.2", + "created_at": "2023-08-23T20:35:07.156Z", + "id": "tychon-cb312af0-3d4c-11ee-9610-15dee918f31a-arp", + "migrationVersion": { + "dashboard": "8.6.0" + }, + "references": [ + { + "id": "8532a0b4-2a02-4dfa-b6aa-aabe01125b61", + "name": "ce775759-5615-4c75-9ef3-2a0330abbf25:indexpattern-datasource-layer-afc52d89-e35c-44fa-9d4f-3edd6b5dd245", + "type": "index-pattern" + }, + { + "id": "tychon-0c036be0-3de5-11ee-9610-15dee918f31a-exposedservice", + "name": "ce775759-5615-4c75-9ef3-2a0330abbf25:drilldown:DASHBOARD_TO_DASHBOARD_DRILLDOWN:e9dae9b3-8ad2-444c-97e2-fdaa1f8a3a34:dashboardId", + "type": "dashboard" + }, + { + "id": "8532a0b4-2a02-4dfa-b6aa-aabe01125b61", + "name": "a718b065-8aa4-4122-8209-9e8166809166:indexpattern-datasource-layer-75e99f33-af21-4c5b-bf43-27e613d19f1e", + "type": "index-pattern" + }, + { + "id": "8532a0b4-2a02-4dfa-b6aa-aabe01125b61", + "name": "cdc2012f-9e23-4d08-b87d-df42e57ba04f:indexpattern-datasource-layer-939ae107-5b48-47e3-a385-121998a30d18", + "type": "index-pattern" + }, + { + "id": "8532a0b4-2a02-4dfa-b6aa-aabe01125b61", + "name": "4a40f01c-b8af-4bb3-832b-de481355be2f:indexpattern-datasource-layer-8199203d-fd63-4a05-9df6-38bfa2c6eb74", + "type": "index-pattern" + }, + { + "id": "8532a0b4-2a02-4dfa-b6aa-aabe01125b61", + "name": "4a40f01c-b8af-4bb3-832b-de481355be2f:eec5b6be-b56e-44ea-b6df-dc957dd00778", + "type": "index-pattern" + }, + { + "id": "8532a0b4-2a02-4dfa-b6aa-aabe01125b61", + "name": "4139858c-c579-479b-aad7-90883296a136:indexpattern-datasource-layer-25e8d64c-1846-4743-950d-89d0fb6f1113", + "type": "index-pattern" + }, + { + "id": "c957d710-3d4c-11ee-9610-15dee918f31a", + "name": "tag-ref-c957d710-3d4c-11ee-9610-15dee918f31a", + "type": "tag" + }, + { + "id": "10af3800-10f3-11ee-af86-538da1394f27", + "name": "tag-ref-10af3800-10f3-11ee-af86-538da1394f27", + "type": "tag" + }, + { + "id": "5a3ae0c0-3dbf-11ee-9610-15dee918f31a", + "name": "tag-ref-5a3ae0c0-3dbf-11ee-9610-15dee918f31a", + "type": "tag" + } + ], + "type": "dashboard", + "updated_at": "2023-08-23T20:35:07.156Z", + "version": "WzgxOTc4MiwyMl0=" +} \ No newline at end of file diff --git a/packages/tychon/kibana/dashboard/tychon-e1c9c490-41a5-11ee-83e4-c92ed141b9e5-stig.json b/packages/tychon/kibana/dashboard/tychon-e1c9c490-41a5-11ee-83e4-c92ed141b9e5-stig.json new file mode 100644 index 00000000000..1b13360f411 --- /dev/null +++ b/packages/tychon/kibana/dashboard/tychon-e1c9c490-41a5-11ee-83e4-c92ed141b9e5-stig.json @@ -0,0 +1,101 @@ +{ + "attributes": { + "controlGroupInput": { + "chainingSystem": "HIERARCHICAL", + "controlStyle": "oneLine", + "ignoreParentSettingsJSON": "{\"ignoreFilters\":false,\"ignoreQuery\":false,\"ignoreTimerange\":false,\"ignoreValidations\":false}", + "panelsJSON": "{\"accc2a18-0c16-4d33-b8df-09233a36a580\":{\"order\":0,\"width\":\"large\",\"grow\":true,\"type\":\"optionsListControl\",\"explicitInput\":{\"fieldName\":\"host.hostname\",\"title\":\"Hostname\",\"hideExists\":true,\"hideExclude\":true,\"singleSelect\":true,\"id\":\"accc2a18-0c16-4d33-b8df-09233a36a580\",\"enhancements\":{}}}}" + }, + "description": "The \"TYCHON Endpoint Browser\" dashboard provides host visualization data for a single endpoint at a time. The dashboard is a set of several individual views broken down by tabs near the top of the screen. The TYCHON Endpoint Browser - Benchmark Results view displays all Benchmark SCAP scan results for the OS and Software installed.", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "optionsJSON": "{\"useMargins\":true,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}", + "panelsJSON": "[{\"version\":\"8.6.2\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":48,\"h\":3,\"i\":\"8f6fafd2-91a2-424b-a877-284568fd3f98\"},\"panelIndex\":\"8f6fafd2-91a2-424b-a877-284568fd3f98\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_8f6fafd2-91a2-424b-a877-284568fd3f98\"},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":12,\"w\":9,\"h\":6,\"i\":\"363067aa-6ee2-41c7-b95d-0e61e6c28537\"},\"panelIndex\":\"363067aa-6ee2-41c7-b95d-0e61e6c28537\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsMetric\",\"type\":\"lens\",\"references\":[{\"name\":\"indexpattern-datasource-layer-6fff9691-3ddd-4388-8285-de60ad5d992f\",\"id\":\"ed7c1bb4-5aac-45d4-9aff-06f4d4ad4a9a\",\"type\":\"index-pattern\"}],\"state\":{\"visualization\":{\"layerId\":\"6fff9691-3ddd-4388-8285-de60ad5d992f\",\"layerType\":\"data\",\"palette\":{\"type\":\"palette\",\"name\":\"status\",\"params\":{\"name\":\"status\",\"reverse\":false,\"rangeType\":\"percent\",\"rangeMin\":0,\"rangeMax\":100,\"progression\":\"fixed\",\"stops\":[{\"color\":\"#209280\",\"stop\":33.33},{\"color\":\"#d6bf57\",\"stop\":66.66},{\"color\":\"#cc5642\",\"stop\":100}],\"steps\":3,\"colorStops\":[],\"continuity\":\"all\",\"maxSteps\":5}},\"metricAccessor\":\"71671d69-d31c-4a61-9ee3-68bacec8d16f\",\"maxAccessor\":\"a2a4b1f7-a375-41c3-8b87-261df67e20c0\",\"showBar\":true,\"progressDirection\":\"horizontal\",\"subtitle\":\"Failed tests to all tests.\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"6fff9691-3ddd-4388-8285-de60ad5d992f\":{\"columns\":{\"71671d69-d31c-4a61-9ee3-68bacec8d16f\":{\"label\":\"Total Failures\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"filter\":{\"query\":\"rule.result: \\\"fail\\\"\",\"language\":\"kuery\"},\"params\":{\"emptyAsNull\":false},\"customLabel\":true},\"a2a4b1f7-a375-41c3-8b87-261df67e20c0\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true},\"filter\":{\"query\":\"rule.result: \\\"fail\\\" or rule.result: \\\"pass\\\"\",\"language\":\"kuery\"}}},\"columnOrder\":[\"71671d69-d31c-4a61-9ee3-68bacec8d16f\",\"a2a4b1f7-a375-41c3-8b87-261df67e20c0\"],\"sampling\":1,\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":true,\"enhancements\":{}}},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":9,\"y\":3,\"w\":39,\"h\":16,\"i\":\"6eda45c7-cb35-4f4a-8d66-4206ded45c8c\"},\"panelIndex\":\"6eda45c7-cb35-4f4a-8d66-4206ded45c8c\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"ed7c1bb4-5aac-45d4-9aff-06f4d4ad4a9a\",\"name\":\"indexpattern-datasource-layer-3a5ee27d-64e5-4145-91f5-5805379b4f2f\"}],\"state\":{\"visualization\":{\"columns\":[{\"isTransposed\":false,\"columnId\":\"37f5da22-553d-4f51-8e0a-25ba01358872\"},{\"isTransposed\":false,\"columnId\":\"a648975d-7369-4b4b-bf40-70dabb3571c0\",\"alignment\":\"center\"},{\"isTransposed\":false,\"columnId\":\"8991452e-70b0-4dee-a3bb-f840b70af1fe\",\"alignment\":\"center\"},{\"columnId\":\"38dd2eaa-ba46-473b-9ecf-d55a40ef9ed3\",\"isTransposed\":false,\"alignment\":\"center\",\"colorMode\":\"cell\",\"palette\":{\"type\":\"palette\",\"name\":\"temperature\",\"params\":{\"stops\":[{\"color\":\"#6092c0\",\"stop\":0},{\"color\":\"#a8bfda\",\"stop\":20},{\"color\":\"#ebeff5\",\"stop\":40},{\"color\":\"#ecb385\",\"stop\":60},{\"color\":\"#e7664c\",\"stop\":80}],\"name\":\"temperature\",\"continuity\":\"above\",\"reverse\":false,\"rangeMin\":0,\"rangeMax\":null}}},{\"columnId\":\"43067dd3-665f-4543-b21e-3b5f4cc96c97\",\"isTransposed\":false,\"alignment\":\"center\",\"colorMode\":\"cell\",\"palette\":{\"type\":\"palette\",\"name\":\"temperature\",\"params\":{\"stops\":[{\"color\":\"#6092c0\",\"stop\":0},{\"color\":\"#a8bfda\",\"stop\":20},{\"color\":\"#ebeff5\",\"stop\":40},{\"color\":\"#ecb385\",\"stop\":60},{\"color\":\"#e7664c\",\"stop\":80}],\"name\":\"temperature\",\"continuity\":\"above\",\"reverse\":false,\"rangeMin\":0,\"rangeMax\":null}}}],\"layerId\":\"3a5ee27d-64e5-4145-91f5-5805379b4f2f\",\"layerType\":\"data\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"3a5ee27d-64e5-4145-91f5-5805379b4f2f\":{\"columns\":{\"37f5da22-553d-4f51-8e0a-25ba01358872\":{\"label\":\"Benchmark Name\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"benchmark.name\",\"isBucketed\":true,\"params\":{\"size\":15,\"orderBy\":{\"type\":\"column\",\"columnId\":\"8991452e-70b0-4dee-a3bb-f840b70af1fe\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"a648975d-7369-4b4b-bf40-70dabb3571c0\":{\"label\":\"Version\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"benchmark.version\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"8991452e-70b0-4dee-a3bb-f840b70af1fe\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"8991452e-70b0-4dee-a3bb-f840b70af1fe\":{\"label\":\"Total Checks\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true},\"customLabel\":true},\"38dd2eaa-ba46-473b-9ecf-d55a40ef9ed3\":{\"label\":\"Total Failures\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"rule.id\",\"isBucketed\":false,\"filter\":{\"query\":\"rule.result : \\\"fail\\\" \",\"language\":\"kuery\"},\"params\":{\"emptyAsNull\":false},\"customLabel\":true},\"43067dd3-665f-4543-b21e-3b5f4cc96c97X0\":{\"label\":\"Part of count(kql='rule.result : \\\"fail\\\" ') * 10\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"filter\":{\"query\":\"rule.result : \\\"fail\\\" \",\"language\":\"kuery\"},\"params\":{\"emptyAsNull\":false},\"customLabel\":true},\"43067dd3-665f-4543-b21e-3b5f4cc96c97X1\":{\"label\":\"Part of count(kql='rule.result : \\\"fail\\\" ') * 10\",\"dataType\":\"number\",\"operationType\":\"math\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"tinymathAst\":{\"type\":\"function\",\"name\":\"multiply\",\"args\":[\"43067dd3-665f-4543-b21e-3b5f4cc96c97X0\",10],\"location\":{\"min\":0,\"max\":39},\"text\":\"count(kql='rule.result : \\\"fail\\\" ') * 10\"}},\"references\":[\"43067dd3-665f-4543-b21e-3b5f4cc96c97X0\"],\"customLabel\":true},\"43067dd3-665f-4543-b21e-3b5f4cc96c97\":{\"label\":\"Total Score\",\"dataType\":\"number\",\"operationType\":\"formula\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"formula\":\"count(kql='rule.result : \\\"fail\\\" ') * 10\",\"isFormulaBroken\":false},\"references\":[\"43067dd3-665f-4543-b21e-3b5f4cc96c97X1\"],\"customLabel\":true}},\"columnOrder\":[\"37f5da22-553d-4f51-8e0a-25ba01358872\",\"a648975d-7369-4b4b-bf40-70dabb3571c0\",\"8991452e-70b0-4dee-a3bb-f840b70af1fe\",\"38dd2eaa-ba46-473b-9ecf-d55a40ef9ed3\",\"43067dd3-665f-4543-b21e-3b5f4cc96c97\",\"43067dd3-665f-4543-b21e-3b5f4cc96c97X0\",\"43067dd3-665f-4543-b21e-3b5f4cc96c97X1\"],\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Benchmark Results\"},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":18,\"w\":9,\"h\":6,\"i\":\"2a770935-c253-4473-9b7c-47353bb53b47\"},\"panelIndex\":\"2a770935-c253-4473-9b7c-47353bb53b47\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsMetric\",\"type\":\"lens\",\"references\":[{\"name\":\"indexpattern-datasource-layer-6fff9691-3ddd-4388-8285-de60ad5d992f\",\"id\":\"ed7c1bb4-5aac-45d4-9aff-06f4d4ad4a9a\",\"type\":\"index-pattern\"}],\"state\":{\"visualization\":{\"layerId\":\"6fff9691-3ddd-4388-8285-de60ad5d992f\",\"layerType\":\"data\",\"palette\":{\"name\":\"custom\",\"type\":\"palette\",\"params\":{\"steps\":3,\"name\":\"custom\",\"reverse\":false,\"rangeType\":\"percent\",\"rangeMin\":null,\"rangeMax\":null,\"progression\":\"fixed\",\"stops\":[{\"color\":\"#E7664C\",\"stop\":33.33},{\"color\":\"#DA8B45\",\"stop\":66.66},{\"color\":\"#6092C0\",\"stop\":100}],\"colorStops\":[{\"color\":\"#E7664C\",\"stop\":null},{\"color\":\"#DA8B45\",\"stop\":33.33},{\"color\":\"#6092C0\",\"stop\":66.66}],\"continuity\":\"all\",\"maxSteps\":5}},\"metricAccessor\":\"71671d69-d31c-4a61-9ee3-68bacec8d16f\",\"maxAccessor\":\"a2a4b1f7-a375-41c3-8b87-261df67e20c0\",\"showBar\":true,\"progressDirection\":\"horizontal\",\"subtitle\":\"Passed tests to all tests.\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"6fff9691-3ddd-4388-8285-de60ad5d992f\":{\"columns\":{\"71671d69-d31c-4a61-9ee3-68bacec8d16f\":{\"label\":\"Total Passes\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"filter\":{\"query\":\"rule.result: \\\"pass\\\"\",\"language\":\"kuery\"},\"params\":{\"emptyAsNull\":false},\"customLabel\":true},\"a2a4b1f7-a375-41c3-8b87-261df67e20c0\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true},\"filter\":{\"query\":\"rule.result: \\\"fail\\\" or rule.result: \\\"pass\\\"\",\"language\":\"kuery\"}}},\"columnOrder\":[\"71671d69-d31c-4a61-9ee3-68bacec8d16f\",\"a2a4b1f7-a375-41c3-8b87-261df67e20c0\"],\"sampling\":1,\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":true,\"enhancements\":{}},\"title\":\"\"},{\"version\":\"8.6.2\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":24,\"w\":9,\"h\":12,\"i\":\"f96a0653-055c-46d2-9dfd-f44631a1428b\"},\"panelIndex\":\"f96a0653-055c-46d2-9dfd-f44631a1428b\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Checks by Results and Severity\",\"panelRefName\":\"panel_f96a0653-055c-46d2-9dfd-f44631a1428b\"},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":9,\"y\":19,\"w\":39,\"h\":30,\"i\":\"e9ebb74e-da8e-40f8-b8a5-b47558d28d04\"},\"panelIndex\":\"e9ebb74e-da8e-40f8-b8a5-b47558d28d04\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"ed7c1bb4-5aac-45d4-9aff-06f4d4ad4a9a\",\"name\":\"indexpattern-datasource-layer-684ae460-2769-47f6-b1e3-442ea5978011\"}],\"state\":{\"visualization\":{\"columns\":[{\"isTransposed\":false,\"columnId\":\"a19d4424-845d-4c07-bd6f-c90128a0ff8f\"},{\"isTransposed\":false,\"columnId\":\"f06f16d7-6954-48fd-9c3d-cbf7a7c8ccc6\",\"hidden\":true},{\"columnId\":\"fbd00864-4cc9-41ac-9f8d-20265f9601f8\",\"isTransposed\":false,\"alignment\":\"center\"},{\"columnId\":\"9190595b-2b89-47ab-bb49-62819cd2e3a5\",\"isTransposed\":false,\"alignment\":\"center\"},{\"columnId\":\"2bfceb96-1e89-4a1f-83f9-cbb4bc2d0ae4\",\"isTransposed\":false,\"alignment\":\"center\"},{\"columnId\":\"eaef3af5-13f3-4936-baf5-5f1dd42bb36c\",\"isTransposed\":false},{\"columnId\":\"ed8182ed-6249-449f-844f-138d115fc1d6\",\"isTransposed\":false},{\"columnId\":\"f25bbb8d-e09e-4a7a-9979-f6ca304fbcd2\",\"isTransposed\":false,\"alignment\":\"center\"}],\"layerId\":\"684ae460-2769-47f6-b1e3-442ea5978011\",\"layerType\":\"data\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"684ae460-2769-47f6-b1e3-442ea5978011\":{\"columns\":{\"a19d4424-845d-4c07-bd6f-c90128a0ff8f\":{\"label\":\"Title\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"rule.title\",\"isBucketed\":true,\"params\":{\"size\":100,\"orderBy\":{\"type\":\"column\",\"columnId\":\"f06f16d7-6954-48fd-9c3d-cbf7a7c8ccc6\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"f06f16d7-6954-48fd-9c3d-cbf7a7c8ccc6\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true}},\"fbd00864-4cc9-41ac-9f8d-20265f9601f8\":{\"label\":\"Finding ID\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"rule.finding_id\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"f06f16d7-6954-48fd-9c3d-cbf7a7c8ccc6\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"9190595b-2b89-47ab-bb49-62819cd2e3a5\":{\"label\":\"Severity\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"rule.severity\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"f06f16d7-6954-48fd-9c3d-cbf7a7c8ccc6\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"2bfceb96-1e89-4a1f-83f9-cbb4bc2d0ae4\":{\"label\":\"Test Result\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"rule.result\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"f06f16d7-6954-48fd-9c3d-cbf7a7c8ccc6\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"eaef3af5-13f3-4936-baf5-5f1dd42bb36c\":{\"label\":\"Rule ID\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"rule.id\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"f06f16d7-6954-48fd-9c3d-cbf7a7c8ccc6\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"ed8182ed-6249-449f-844f-138d115fc1d6\":{\"label\":\"STIG ID\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"rule.stig_id\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"f06f16d7-6954-48fd-9c3d-cbf7a7c8ccc6\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"f25bbb8d-e09e-4a7a-9979-f6ca304fbcd2\":{\"label\":\"Last Reported\",\"dataType\":\"date\",\"operationType\":\"last_value\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"@timestamp\",\"filter\":{\"query\":\"@timestamp: *\",\"language\":\"kuery\"},\"params\":{\"sortField\":\"@timestamp\"},\"customLabel\":true}},\"columnOrder\":[\"a19d4424-845d-4c07-bd6f-c90128a0ff8f\",\"2bfceb96-1e89-4a1f-83f9-cbb4bc2d0ae4\",\"fbd00864-4cc9-41ac-9f8d-20265f9601f8\",\"ed8182ed-6249-449f-844f-138d115fc1d6\",\"9190595b-2b89-47ab-bb49-62819cd2e3a5\",\"eaef3af5-13f3-4936-baf5-5f1dd42bb36c\",\"f06f16d7-6954-48fd-9c3d-cbf7a7c8ccc6\",\"f25bbb8d-e09e-4a7a-9979-f6ca304fbcd2\"],\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Rule Results\"},{\"version\":\"8.6.2\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":3,\"w\":9,\"h\":9,\"i\":\"8a98dfe4-7bf6-43b7-a050-ad6bc362a79e\"},\"panelIndex\":\"8a98dfe4-7bf6-43b7-a050-ad6bc362a79e\",\"embeddableConfig\":{\"savedVis\":{\"id\":\"\",\"title\":\"\",\"description\":\"\",\"type\":\"markdown\",\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"### Benchmark Results \\nTYCHON scans endpoints for weaknesses in the Operating System and Software to help you meet regulatory compliance and secure your attack surface. TYCHON uses SCAP (Security Content Automation Protocol) to perform checks and read results.\"},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"hidePanelTitles\":true,\"enhancements\":{}}}]", + "refreshInterval": { + "pause": true, + "value": 0 + }, + "timeFrom": "now-30d/d", + "timeRestore": true, + "timeTo": "now", + "title": "[TYCHON] Endpoint Browser - Benchmark Results", + "version": 1 + }, + "coreMigrationVersion": "8.6.2", + "created_at": "2023-08-23T20:38:45.823Z", + "id": "tychon-e1c9c490-41a5-11ee-83e4-c92ed141b9e5-stig", + "migrationVersion": { + "dashboard": "8.6.0" + }, + "references": [ + { + "id": "ed7c1bb4-5aac-45d4-9aff-06f4d4ad4a9a", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "tychon-ee4b44b0-40e6-11ee-8111-21f5f34f6dfc", + "name": "8f6fafd2-91a2-424b-a877-284568fd3f98:panel_8f6fafd2-91a2-424b-a877-284568fd3f98", + "type": "visualization" + }, + { + "id": "ed7c1bb4-5aac-45d4-9aff-06f4d4ad4a9a", + "name": "363067aa-6ee2-41c7-b95d-0e61e6c28537:indexpattern-datasource-layer-6fff9691-3ddd-4388-8285-de60ad5d992f", + "type": "index-pattern" + }, + { + "id": "ed7c1bb4-5aac-45d4-9aff-06f4d4ad4a9a", + "name": "6eda45c7-cb35-4f4a-8d66-4206ded45c8c:indexpattern-datasource-layer-3a5ee27d-64e5-4145-91f5-5805379b4f2f", + "type": "index-pattern" + }, + { + "id": "ed7c1bb4-5aac-45d4-9aff-06f4d4ad4a9a", + "name": "2a770935-c253-4473-9b7c-47353bb53b47:indexpattern-datasource-layer-6fff9691-3ddd-4388-8285-de60ad5d992f", + "type": "index-pattern" + }, + { + "id": "tychon-837878a0-c3cb-11eb-8956-0b1a70e695fd", + "name": "f96a0653-055c-46d2-9dfd-f44631a1428b:panel_f96a0653-055c-46d2-9dfd-f44631a1428b", + "type": "visualization" + }, + { + "id": "ed7c1bb4-5aac-45d4-9aff-06f4d4ad4a9a", + "name": "e9ebb74e-da8e-40f8-b8a5-b47558d28d04:indexpattern-datasource-layer-684ae460-2769-47f6-b1e3-442ea5978011", + "type": "index-pattern" + }, + { + "id": "bb5226cd-c099-46d2-bb71-0257232c7d82", + "name": "controlGroup_accc2a18-0c16-4d33-b8df-09233a36a580:optionsListDataView", + "type": "index-pattern" + }, + { + "id": "tychon-a3922360-3de6-11ee-9610-15dee918f31a", + "name": "tag-ref-a3922360-3de6-11ee-9610-15dee918f31a", + "type": "tag" + }, + { + "id": "tychon-10af3800-10f3-11ee-af86-538da1394f27", + "name": "tag-ref-10af3800-10f3-11ee-af86-538da1394f27", + "type": "tag" + }, + { + "id": "tychon-579051b0-10f2-11ee-af86-538da1394f27", + "name": "tag-ref-579051b0-10f2-11ee-af86-538da1394f27", + "type": "tag" + }, + { + "id": "tychon-39b55820-10f2-11ee-af86-538da1394f27", + "name": "tag-ref-39b55820-10f2-11ee-af86-538da1394f27", + "type": "tag" + }, + { + "id": "tychon-e18d6100-3c85-11ee-9610-15dee918f31a", + "name": "tag-ref-e18d6100-3c85-11ee-9610-15dee918f31a", + "type": "tag" + } + ], + "type": "dashboard", + "updated_at": "2023-08-23T20:38:45.823Z", + "version": "WzgyMDAyMiwyMl0=" +} \ No newline at end of file diff --git a/packages/tychon/kibana/dashboard/tychon-e24ce070-3c85-11ee-9610-15dee918f31a-exposedservice.json b/packages/tychon/kibana/dashboard/tychon-e24ce070-3c85-11ee-9610-15dee918f31a-exposedservice.json new file mode 100644 index 00000000000..521ad2d5dd6 --- /dev/null +++ b/packages/tychon/kibana/dashboard/tychon-e24ce070-3c85-11ee-9610-15dee918f31a-exposedservice.json @@ -0,0 +1,85 @@ +{ + "attributes": { + "description": "TYCHON monitors endpoints for listening ports and reports them to the server. Details are captured at the time of the check and can be a historical view. However, similar listening ports are updated with each check.", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "optionsJSON": "{\"useMargins\":true,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}", + "panelsJSON": "[{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":0,\"w\":18,\"h\":39,\"i\":\"258910e8-1f41-4100-a8c6-1bd212f9d27e\"},\"panelIndex\":\"258910e8-1f41-4100-a8c6-1bd212f9d27e\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"c6b645d3-dd29-43f2-b831-49e29ffd5b6c\",\"name\":\"indexpattern-datasource-layer-24de3dec-56cf-4cf2-98a6-3c78ed05d960\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"preferredSeriesType\":\"bar_horizontal\",\"layers\":[{\"layerId\":\"24de3dec-56cf-4cf2-98a6-3c78ed05d960\",\"seriesType\":\"bar_horizontal\",\"xAccessor\":\"2afe8e01-1ca4-407f-a375-5c177d34fd47\",\"accessors\":[\"a3a0c1b6-7adc-46b9-ac80-d01429354e82\"],\"yConfig\":[{\"forAccessor\":\"a3a0c1b6-7adc-46b9-ac80-d01429354e82\",\"axisMode\":\"auto\",\"color\":\"#6092c0\"}],\"layerType\":\"data\"}],\"xTitle\":\"\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"24de3dec-56cf-4cf2-98a6-3c78ed05d960\":{\"columns\":{\"2afe8e01-1ca4-407f-a375-5c177d34fd47\":{\"label\":\"Process Names\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"process.name\",\"isBucketed\":true,\"params\":{\"size\":10000,\"orderBy\":{\"type\":\"column\",\"columnId\":\"a3a0c1b6-7adc-46b9-ac80-d01429354e82\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"a3a0c1b6-7adc-46b9-ac80-d01429354e82\":{\"label\":\"Processes Captured\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true},\"customLabel\":true}},\"columnOrder\":[\"2afe8e01-1ca4-407f-a375-5c177d34fd47\",\"a3a0c1b6-7adc-46b9-ac80-d01429354e82\"],\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Most Active Processes\"},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":18,\"y\":0,\"w\":29,\"h\":9,\"i\":\"5720248d-77b4-4c3a-a755-856207618998\"},\"panelIndex\":\"5720248d-77b4-4c3a-a755-856207618998\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"c6b645d3-dd29-43f2-b831-49e29ffd5b6c\",\"name\":\"indexpattern-datasource-layer-8f31e3a1-68a6-4044-8fab-397567f134ee\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"preferredSeriesType\":\"line\",\"layers\":[{\"layerId\":\"8f31e3a1-68a6-4044-8fab-397567f134ee\",\"seriesType\":\"line\",\"accessors\":[\"c0c36be5-29d6-448d-8729-267feb104868\"],\"layerType\":\"data\",\"xAccessor\":\"79ff6781-0fe5-404b-9e55-d6d334aed1d5\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"8f31e3a1-68a6-4044-8fab-397567f134ee\":{\"columns\":{\"c0c36be5-29d6-448d-8729-267feb104868\":{\"label\":\"Network Transport\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"network.transport\",\"params\":{\"emptyAsNull\":true},\"customLabel\":true},\"79ff6781-0fe5-404b-9e55-d6d334aed1d5\":{\"label\":\"Events Observed\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"@timestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"1w\",\"includeEmptyRows\":true,\"dropPartials\":false},\"customLabel\":true}},\"columnOrder\":[\"79ff6781-0fe5-404b-9e55-d6d334aed1d5\",\"c0c36be5-29d6-448d-8729-267feb104868\"],\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{}}},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":18,\"y\":9,\"w\":30,\"h\":20,\"i\":\"3b75685e-24d0-4a07-bb8d-65011b6109e1\"},\"panelIndex\":\"3b75685e-24d0-4a07-bb8d-65011b6109e1\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"c6b645d3-dd29-43f2-b831-49e29ffd5b6c\",\"name\":\"indexpattern-datasource-layer-a860a0ca-9856-48a6-9f80-c2f21b8bf996\"}],\"state\":{\"visualization\":{\"columns\":[{\"isTransposed\":false,\"columnId\":\"a1d81ada-dd46-4a1c-ba1e-e7fb49550f37\",\"width\":118.72222222222229},{\"isTransposed\":false,\"columnId\":\"9b91b4f2-60e0-40cd-84ef-e465c214834f\",\"width\":534.3333333333333},{\"isTransposed\":false,\"columnId\":\"2b439f50-e5cc-47de-9273-d990402ffbcd\",\"width\":100.22222222222223,\"alignment\":\"center\"},{\"columnId\":\"58e2c5f1-f3fd-4a97-ad00-146eaf5f9f26\",\"isTransposed\":false}],\"layerId\":\"a860a0ca-9856-48a6-9f80-c2f21b8bf996\",\"layerType\":\"data\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"a860a0ca-9856-48a6-9f80-c2f21b8bf996\":{\"columns\":{\"a1d81ada-dd46-4a1c-ba1e-e7fb49550f37\":{\"label\":\"Process Name\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"process.name\",\"isBucketed\":true,\"params\":{\"size\":10000,\"orderBy\":{\"type\":\"column\",\"columnId\":\"58e2c5f1-f3fd-4a97-ad00-146eaf5f9f26\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"9b91b4f2-60e0-40cd-84ef-e465c214834f\":{\"label\":\"Command Line\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"process.command_line\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"58e2c5f1-f3fd-4a97-ad00-146eaf5f9f26\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"2b439f50-e5cc-47de-9273-d990402ffbcd\":{\"label\":\"Transport\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"network.transport\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"58e2c5f1-f3fd-4a97-ad00-146eaf5f9f26\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"58e2c5f1-f3fd-4a97-ad00-146eaf5f9f26\":{\"label\":\"Count\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"process.pid\",\"params\":{\"emptyAsNull\":true},\"customLabel\":true}},\"columnOrder\":[\"a1d81ada-dd46-4a1c-ba1e-e7fb49550f37\",\"9b91b4f2-60e0-40cd-84ef-e465c214834f\",\"2b439f50-e5cc-47de-9273-d990402ffbcd\",\"58e2c5f1-f3fd-4a97-ad00-146eaf5f9f26\"],\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{}}},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":18,\"y\":29,\"w\":30,\"h\":10,\"i\":\"87617db0-cd7c-4f32-99bd-1f2615d8d1a7\"},\"panelIndex\":\"87617db0-cd7c-4f32-99bd-1f2615d8d1a7\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsHeatmap\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"c6b645d3-dd29-43f2-b831-49e29ffd5b6c\",\"name\":\"indexpattern-datasource-layer-2ce2e63d-d815-4db1-bc4b-609f7f80dc72\"}],\"state\":{\"visualization\":{\"shape\":\"heatmap\",\"layerId\":\"2ce2e63d-d815-4db1-bc4b-609f7f80dc72\",\"layerType\":\"data\",\"legend\":{\"isVisible\":false,\"position\":\"right\",\"type\":\"heatmap_legend\",\"legendSize\":\"small\"},\"gridConfig\":{\"type\":\"heatmap_grid\",\"isCellLabelVisible\":false,\"isYAxisLabelVisible\":true,\"isXAxisLabelVisible\":true,\"isYAxisTitleVisible\":false,\"isXAxisTitleVisible\":false},\"valueAccessor\":\"b4070a76-140e-47e4-a8e6-6aac0093c5e5\",\"xAccessor\":\"8f79caa9-e76d-405b-a271-ca4f58938886\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"2ce2e63d-d815-4db1-bc4b-609f7f80dc72\":{\"columns\":{\"8f79caa9-e76d-405b-a271-ca4f58938886\":{\"label\":\"Port Number\",\"dataType\":\"number\",\"operationType\":\"range\",\"sourceField\":\"source.port\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"includeEmptyRows\":true,\"type\":\"histogram\",\"ranges\":[{\"from\":0,\"to\":1000,\"label\":\"\"}],\"maxBars\":\"auto\",\"format\":{\"id\":\"number\",\"params\":{\"decimals\":0}}},\"customLabel\":true},\"b4070a76-140e-47e4-a8e6-6aac0093c5e5\":{\"label\":\"Usage Instances\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true},\"customLabel\":true}},\"columnOrder\":[\"8f79caa9-e76d-405b-a271-ca4f58938886\",\"b4070a76-140e-47e4-a8e6-6aac0093c5e5\"],\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{},\"hidePanelTitles\":false},\"title\":\"Most Prevalent Ports\"},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":39,\"w\":48,\"h\":16,\"i\":\"4ab60584-3359-4217-892c-3dddbf754aff\"},\"panelIndex\":\"4ab60584-3359-4217-892c-3dddbf754aff\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"c6b645d3-dd29-43f2-b831-49e29ffd5b6c\",\"name\":\"indexpattern-datasource-layer-0e20ed19-aae0-4939-a956-68aceebc3f7e\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":false,\"position\":\"right\",\"showSingleSeries\":false},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"preferredSeriesType\":\"bar_stacked\",\"layers\":[{\"layerId\":\"0e20ed19-aae0-4939-a956-68aceebc3f7e\",\"accessors\":[\"626edc6d-37d3-46f2-8e1b-91e57c836d22\"],\"position\":\"top\",\"seriesType\":\"bar_stacked\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"9556d14b-aa4e-465b-b781-ab354b1ac7c7\",\"splitAccessor\":\"73f9e58f-3b19-49b9-bfcf-9ac756934c66\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"0e20ed19-aae0-4939-a956-68aceebc3f7e\":{\"columns\":{\"9556d14b-aa4e-465b-b781-ab354b1ac7c7\":{\"label\":\"Hostname\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.hostname\",\"isBucketed\":true,\"params\":{\"size\":25,\"orderBy\":{\"type\":\"custom\"},\"orderAgg\":{\"label\":\"Unique count of process.name\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"process.name\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":true}},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false,\"secondaryFields\":[]},\"customLabel\":true},\"626edc6d-37d3-46f2-8e1b-91e57c836d22\":{\"label\":\"# of Unique Processes\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true},\"customLabel\":true},\"73f9e58f-3b19-49b9-bfcf-9ac756934c66\":{\"label\":\"Top 100 values of process.name\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"process.name\",\"isBucketed\":true,\"params\":{\"size\":100,\"orderBy\":{\"type\":\"column\",\"columnId\":\"626edc6d-37d3-46f2-8e1b-91e57c836d22\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false}}},\"columnOrder\":[\"73f9e58f-3b19-49b9-bfcf-9ac756934c66\",\"9556d14b-aa4e-465b-b781-ab354b1ac7c7\",\"626edc6d-37d3-46f2-8e1b-91e57c836d22\"],\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{}}},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":55,\"w\":33,\"h\":22,\"i\":\"cee8b6b3-2032-4e8e-a12a-4f8b0023a506\"},\"panelIndex\":\"cee8b6b3-2032-4e8e-a12a-4f8b0023a506\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsPie\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"c6b645d3-dd29-43f2-b831-49e29ffd5b6c\",\"name\":\"indexpattern-datasource-layer-e0cae3a1-c6ec-43da-b419-1e93f1b79cc9\"}],\"state\":{\"visualization\":{\"shape\":\"treemap\",\"palette\":{\"type\":\"palette\",\"name\":\"temperature\"},\"layers\":[{\"layerId\":\"e0cae3a1-c6ec-43da-b419-1e93f1b79cc9\",\"primaryGroups\":[\"98f90733-b8b7-4748-a4da-ea0023622259\"],\"metrics\":[\"e7b1d7e7-fbcb-4ac1-b820-085a98e899c2\"],\"numberDisplay\":\"percent\",\"categoryDisplay\":\"default\",\"legendDisplay\":\"default\",\"nestedLegend\":false,\"layerType\":\"data\",\"emptySizeRatio\":0.3}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"e0cae3a1-c6ec-43da-b419-1e93f1b79cc9\":{\"columns\":{\"98f90733-b8b7-4748-a4da-ea0023622259\":{\"label\":\"Process Username\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"process.user.name\",\"isBucketed\":true,\"params\":{\"size\":20,\"orderBy\":{\"type\":\"column\",\"columnId\":\"e7b1d7e7-fbcb-4ac1-b820-085a98e899c2\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"e7b1d7e7-fbcb-4ac1-b820-085a98e899c2\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true}}},\"columnOrder\":[\"98f90733-b8b7-4748-a4da-ea0023622259\",\"e7b1d7e7-fbcb-4ac1-b820-085a98e899c2\"],\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{}}},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":33,\"y\":55,\"w\":15,\"h\":22,\"i\":\"8e36813d-4556-4641-8d29-4f2f295cb7c1\"},\"panelIndex\":\"8e36813d-4556-4641-8d29-4f2f295cb7c1\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"c6b645d3-dd29-43f2-b831-49e29ffd5b6c\",\"name\":\"indexpattern-datasource-layer-892c0e1e-878a-4e74-8cfc-00ebf1171aed\"}],\"state\":{\"visualization\":{\"layerId\":\"892c0e1e-878a-4e74-8cfc-00ebf1171aed\",\"layerType\":\"data\",\"columns\":[{\"columnId\":\"3a6015f2-d1cd-49fa-821a-e1205400f24a\"},{\"columnId\":\"2ab88515-4a2c-4bc3-8382-18e713e44bb8\"}],\"paging\":{\"size\":10,\"enabled\":true}},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"892c0e1e-878a-4e74-8cfc-00ebf1171aed\":{\"columns\":{\"3a6015f2-d1cd-49fa-821a-e1205400f24a\":{\"label\":\"Username\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"process.user.name\",\"isBucketed\":true,\"params\":{\"size\":10000,\"orderBy\":{\"type\":\"column\",\"columnId\":\"2ab88515-4a2c-4bc3-8382-18e713e44bb8\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"2ab88515-4a2c-4bc3-8382-18e713e44bb8\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true}}},\"columnOrder\":[\"3a6015f2-d1cd-49fa-821a-e1205400f24a\",\"2ab88515-4a2c-4bc3-8382-18e713e44bb8\"],\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{}}}]", + "refreshInterval": { + "pause": true, + "value": 0 + }, + "timeFrom": "now-30d/d", + "timeRestore": true, + "timeTo": "now", + "title": "[TYCHON] Exposed Services", + "version": 1 + }, + "coreMigrationVersion": "8.6.2", + "created_at": "2023-08-23T20:36:42.243Z", + "id": "tychon-e24ce070-3c85-11ee-9610-15dee918f31a-exposedservice", + "migrationVersion": { + "dashboard": "8.6.0" + }, + "references": [ + { + "id": "c6b645d3-dd29-43f2-b831-49e29ffd5b6c", + "name": "258910e8-1f41-4100-a8c6-1bd212f9d27e:indexpattern-datasource-layer-24de3dec-56cf-4cf2-98a6-3c78ed05d960", + "type": "index-pattern" + }, + { + "id": "c6b645d3-dd29-43f2-b831-49e29ffd5b6c", + "name": "5720248d-77b4-4c3a-a755-856207618998:indexpattern-datasource-layer-8f31e3a1-68a6-4044-8fab-397567f134ee", + "type": "index-pattern" + }, + { + "id": "c6b645d3-dd29-43f2-b831-49e29ffd5b6c", + "name": "3b75685e-24d0-4a07-bb8d-65011b6109e1:indexpattern-datasource-layer-a860a0ca-9856-48a6-9f80-c2f21b8bf996", + "type": "index-pattern" + }, + { + "id": "c6b645d3-dd29-43f2-b831-49e29ffd5b6c", + "name": "87617db0-cd7c-4f32-99bd-1f2615d8d1a7:indexpattern-datasource-layer-2ce2e63d-d815-4db1-bc4b-609f7f80dc72", + "type": "index-pattern" + }, + { + "id": "c6b645d3-dd29-43f2-b831-49e29ffd5b6c", + "name": "4ab60584-3359-4217-892c-3dddbf754aff:indexpattern-datasource-layer-0e20ed19-aae0-4939-a956-68aceebc3f7e", + "type": "index-pattern" + }, + { + "id": "c6b645d3-dd29-43f2-b831-49e29ffd5b6c", + "name": "cee8b6b3-2032-4e8e-a12a-4f8b0023a506:indexpattern-datasource-layer-e0cae3a1-c6ec-43da-b419-1e93f1b79cc9", + "type": "index-pattern" + }, + { + "id": "c6b645d3-dd29-43f2-b831-49e29ffd5b6c", + "name": "8e36813d-4556-4641-8d29-4f2f295cb7c1:indexpattern-datasource-layer-892c0e1e-878a-4e74-8cfc-00ebf1171aed", + "type": "index-pattern" + }, + { + "id": "e2bb7d40-3de4-11ee-9610-15dee918f31a", + "name": "tag-ref-e2bb7d40-3de4-11ee-9610-15dee918f31a", + "type": "tag" + }, + { + "id": "e18d6100-3c85-11ee-9610-15dee918f31a", + "name": "tag-ref-e18d6100-3c85-11ee-9610-15dee918f31a", + "type": "tag" + }, + { + "id": "10af3800-10f3-11ee-af86-538da1394f27", + "name": "tag-ref-10af3800-10f3-11ee-af86-538da1394f27", + "type": "tag" + }, + { + "id": "5a3ae0c0-3dbf-11ee-9610-15dee918f31a", + "name": "tag-ref-5a3ae0c0-3dbf-11ee-9610-15dee918f31a", + "type": "tag" + } + ], + "type": "dashboard", + "updated_at": "2023-08-23T20:36:42.243Z", + "version": "WzgxOTg2NCwyMl0=" +} \ No newline at end of file diff --git a/packages/tychon/kibana/dashboard/tychon-e3cbb1a0-112a-11ee-af86-538da1394f27-log.json b/packages/tychon/kibana/dashboard/tychon-e3cbb1a0-112a-11ee-af86-538da1394f27-log.json new file mode 100644 index 00000000000..18112bc2184 --- /dev/null +++ b/packages/tychon/kibana/dashboard/tychon-e3cbb1a0-112a-11ee-af86-538da1394f27-log.json @@ -0,0 +1,85 @@ +{ + "attributes": { + "description": "Track TYCHON Agentless Event runs, ensure there are no errors and find hosts that are not sending report data.", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"meta\":{\"alias\":null,\"negate\":false,\"disabled\":false,\"type\":\"phrase\",\"key\":\"event.provider\",\"params\":{\"query\":\"TYCHON\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match_phrase\":{\"event.provider\":\"TYCHON\"}},\"$state\":{\"store\":\"appState\"}}]}" + }, + "optionsJSON": "{\"useMargins\":true,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}", + "panelsJSON": "[{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":0,\"w\":48,\"h\":9,\"i\":\"0d3c8367-8409-4931-accd-0b1dddd5895c\"},\"panelIndex\":\"0d3c8367-8409-4931-accd-0b1dddd5895c\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"df491fbb-3f09-4ab0-995a-c2c549a9bc21\",\"name\":\"indexpattern-datasource-layer-e7402bc7-e904-495e-9339-368e8238ddde\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"preferredSeriesType\":\"area_stacked\",\"layers\":[{\"layerId\":\"e7402bc7-e904-495e-9339-368e8238ddde\",\"accessors\":[\"16655ccf-fa72-4b4a-820a-1abc0f970605\"],\"position\":\"top\",\"seriesType\":\"area_stacked\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"56d44da7-b14d-4203-923a-ed4054adb0cf\",\"splitAccessor\":\"a4e593d8-b5ac-4ede-8a44-50d0d0a64af0\"}]},\"query\":{\"query\":\"event.provider : \\\"TYCHON\\\" \",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"e7402bc7-e904-495e-9339-368e8238ddde\":{\"columns\":{\"56d44da7-b14d-4203-923a-ed4054adb0cf\":{\"label\":\"@timestamp\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"@timestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\",\"includeEmptyRows\":true,\"dropPartials\":false}},\"16655ccf-fa72-4b4a-820a-1abc0f970605\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true}},\"a4e593d8-b5ac-4ede-8a44-50d0d0a64af0\":{\"label\":\"Event Codes\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"event.code\",\"isBucketed\":true,\"params\":{\"size\":10,\"orderBy\":{\"type\":\"column\",\"columnId\":\"16655ccf-fa72-4b4a-820a-1abc0f970605\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true}},\"columnOrder\":[\"a4e593d8-b5ac-4ede-8a44-50d0d0a64af0\",\"56d44da7-b14d-4203-923a-ed4054adb0cf\",\"16655ccf-fa72-4b4a-820a-1abc0f970605\"],\"sampling\":1,\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"TYCHON Events\"},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":9,\"w\":8,\"h\":29,\"i\":\"003ea62c-e6c6-4352-bbf3-56de3c4b27d5\"},\"panelIndex\":\"003ea62c-e6c6-4352-bbf3-56de3c4b27d5\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"df491fbb-3f09-4ab0-995a-c2c549a9bc21\",\"name\":\"indexpattern-datasource-layer-6c37a2a4-f317-4829-ae4c-ac399bb98cf8\"}],\"state\":{\"visualization\":{\"layerId\":\"6c37a2a4-f317-4829-ae4c-ac399bb98cf8\",\"layerType\":\"data\",\"columns\":[{\"columnId\":\"d0467eec-3e15-4567-8bec-0d645aa43766\",\"oneClickFilter\":true},{\"columnId\":\"68c6974a-897b-4580-9260-649e2e8097d0\",\"alignment\":\"center\"}],\"rowHeight\":\"single\",\"rowHeightLines\":1,\"headerRowHeight\":\"single\",\"headerRowHeightLines\":1,\"paging\":{\"size\":10,\"enabled\":false}},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"6c37a2a4-f317-4829-ae4c-ac399bb98cf8\":{\"columns\":{\"d0467eec-3e15-4567-8bec-0d645aa43766\":{\"label\":\"Hostname\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.hostname\",\"isBucketed\":true,\"params\":{\"size\":200,\"orderBy\":{\"type\":\"column\",\"columnId\":\"68c6974a-897b-4580-9260-649e2e8097d0\"},\"orderDirection\":\"asc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"68c6974a-897b-4580-9260-649e2e8097d0\":{\"label\":\"Last Event Received\",\"dataType\":\"date\",\"operationType\":\"last_value\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"event.ingested\",\"filter\":{\"query\":\"event.ingested: *\",\"language\":\"kuery\"},\"params\":{\"sortField\":\"event.ingested\"},\"customLabel\":true}},\"columnOrder\":[\"d0467eec-3e15-4567-8bec-0d645aa43766\",\"68c6974a-897b-4580-9260-649e2e8097d0\"],\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Top 200 Hosts Reporting Times\"},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":8,\"y\":9,\"w\":8,\"h\":29,\"i\":\"08c2bd9a-4e44-47e7-80b2-12ee8f6c848a\"},\"panelIndex\":\"08c2bd9a-4e44-47e7-80b2-12ee8f6c848a\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"df491fbb-3f09-4ab0-995a-c2c549a9bc21\",\"name\":\"indexpattern-datasource-layer-6c37a2a4-f317-4829-ae4c-ac399bb98cf8\"}],\"state\":{\"visualization\":{\"layerId\":\"6c37a2a4-f317-4829-ae4c-ac399bb98cf8\",\"layerType\":\"data\",\"columns\":[{\"columnId\":\"d0467eec-3e15-4567-8bec-0d645aa43766\",\"oneClickFilter\":true},{\"columnId\":\"68c6974a-897b-4580-9260-649e2e8097d0\",\"alignment\":\"center\"}],\"rowHeight\":\"single\",\"rowHeightLines\":1,\"headerRowHeight\":\"single\",\"headerRowHeightLines\":1,\"paging\":{\"size\":10,\"enabled\":false}},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"6c37a2a4-f317-4829-ae4c-ac399bb98cf8\":{\"columns\":{\"d0467eec-3e15-4567-8bec-0d645aa43766\":{\"label\":\"Hostname\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.hostname\",\"isBucketed\":true,\"params\":{\"size\":200,\"orderBy\":{\"type\":\"column\",\"columnId\":\"68c6974a-897b-4580-9260-649e2e8097d0\"},\"orderDirection\":\"asc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"68c6974a-897b-4580-9260-649e2e8097d0\":{\"label\":\"Last Vulnerability Scan \",\"dataType\":\"date\",\"operationType\":\"last_value\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"event.ingested\",\"filter\":{\"query\":\"event.code: 8000\",\"language\":\"kuery\"},\"params\":{\"sortField\":\"event.ingested\"},\"customLabel\":true}},\"columnOrder\":[\"d0467eec-3e15-4567-8bec-0d645aa43766\",\"68c6974a-897b-4580-9260-649e2e8097d0\"],\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Top 200 Hosts Vulnerability Scan\"},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":16,\"y\":9,\"w\":8,\"h\":29,\"i\":\"d06340ad-f85b-41d2-b355-a63935813f2a\"},\"panelIndex\":\"d06340ad-f85b-41d2-b355-a63935813f2a\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"df491fbb-3f09-4ab0-995a-c2c549a9bc21\",\"name\":\"indexpattern-datasource-layer-6c37a2a4-f317-4829-ae4c-ac399bb98cf8\"}],\"state\":{\"visualization\":{\"layerId\":\"6c37a2a4-f317-4829-ae4c-ac399bb98cf8\",\"layerType\":\"data\",\"columns\":[{\"columnId\":\"d0467eec-3e15-4567-8bec-0d645aa43766\",\"oneClickFilter\":true},{\"columnId\":\"68c6974a-897b-4580-9260-649e2e8097d0\",\"alignment\":\"center\"}],\"rowHeight\":\"single\",\"rowHeightLines\":1,\"headerRowHeight\":\"single\",\"headerRowHeightLines\":1,\"paging\":{\"size\":10,\"enabled\":false}},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"6c37a2a4-f317-4829-ae4c-ac399bb98cf8\":{\"columns\":{\"d0467eec-3e15-4567-8bec-0d645aa43766\":{\"label\":\"Hostname\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.hostname\",\"isBucketed\":true,\"params\":{\"size\":200,\"orderBy\":{\"type\":\"column\",\"columnId\":\"68c6974a-897b-4580-9260-649e2e8097d0\"},\"orderDirection\":\"asc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"68c6974a-897b-4580-9260-649e2e8097d0\":{\"label\":\"Last Vulnerability Scan \",\"dataType\":\"date\",\"operationType\":\"last_value\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"event.ingested\",\"filter\":{\"query\":\"event.code: \\\"8100\\\" \",\"language\":\"kuery\"},\"params\":{\"sortField\":\"event.ingested\"},\"customLabel\":true}},\"columnOrder\":[\"d0467eec-3e15-4567-8bec-0d645aa43766\",\"68c6974a-897b-4580-9260-649e2e8097d0\"],\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Top 200 Hosts STIG/SCAP Scan\"},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":9,\"w\":9,\"h\":10,\"i\":\"375c0c11-1577-4003-80f7-49eb9bc59ed6\"},\"panelIndex\":\"375c0c11-1577-4003-80f7-49eb9bc59ed6\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"df491fbb-3f09-4ab0-995a-c2c549a9bc21\",\"name\":\"indexpattern-datasource-layer-9718473a-bff7-48ea-86aa-04ffed5eed06\"}],\"state\":{\"visualization\":{\"layerId\":\"9718473a-bff7-48ea-86aa-04ffed5eed06\",\"layerType\":\"data\",\"columns\":[{\"columnId\":\"ee089046-8dd0-47f9-b094-31dc5a43d8ad\"},{\"columnId\":\"1690c6b9-3994-45fe-b5df-f969d2db8685\",\"alignment\":\"center\",\"summaryRow\":\"sum\",\"summaryLabel\":\"Total\"}],\"sorting\":{\"columnId\":\"1690c6b9-3994-45fe-b5df-f969d2db8685\",\"direction\":\"desc\"}},\"query\":{\"query\":\"event.provider : \\\"TYCHON\\\" \",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"9718473a-bff7-48ea-86aa-04ffed5eed06\":{\"columns\":{\"ee089046-8dd0-47f9-b094-31dc5a43d8ad\":{\"label\":\"Event Category\",\"dataType\":\"string\",\"operationType\":\"filters\",\"scale\":\"ordinal\",\"isBucketed\":true,\"params\":{\"filters\":[{\"label\":\"CVE Events\",\"input\":{\"query\":\"event.code \u003e= 8000 and event.code \u003c 8007\",\"language\":\"kuery\"}},{\"input\":{\"query\":\"event.code \u003e= 8100 and event.code \u003c=8108\",\"language\":\"kuery\"},\"label\":\"SCAP/STIG Events\"},{\"input\":{\"query\":\"event.code \u003e= 8200 and event.code \u003c= 8203\",\"language\":\"kuery\"},\"label\":\"EPP Events\"},{\"input\":{\"query\":\"event.code \u003e= 8900 and event.code \u003c= 8968\",\"language\":\"kuery\"},\"label\":\"TYCHON General Events\"}]},\"customLabel\":true},\"1690c6b9-3994-45fe-b5df-f969d2db8685\":{\"label\":\"Total Records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true},\"customLabel\":true}},\"columnOrder\":[\"ee089046-8dd0-47f9-b094-31dc5a43d8ad\",\"1690c6b9-3994-45fe-b5df-f969d2db8685\"],\"sampling\":1,\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Event Counts By Category\"},{\"version\":\"8.6.2\",\"type\":\"LOG_STREAM_EMBEDDABLE\",\"gridData\":{\"x\":33,\"y\":9,\"w\":15,\"h\":29,\"i\":\"bfd61155-5434-4118-9ab8-d9c7622aa296\"},\"panelIndex\":\"bfd61155-5434-4118-9ab8-d9c7622aa296\",\"embeddableConfig\":{\"enhancements\":{}},\"title\":\"Log stream\"},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":19,\"w\":9,\"h\":8,\"i\":\"51fd833e-0ffd-488e-9e08-d9342ccd6884\"},\"panelIndex\":\"51fd833e-0ffd-488e-9e08-d9342ccd6884\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"df491fbb-3f09-4ab0-995a-c2c549a9bc21\",\"name\":\"indexpattern-datasource-layer-9718473a-bff7-48ea-86aa-04ffed5eed06\"}],\"state\":{\"visualization\":{\"layerId\":\"9718473a-bff7-48ea-86aa-04ffed5eed06\",\"layerType\":\"data\",\"columns\":[{\"columnId\":\"ee089046-8dd0-47f9-b094-31dc5a43d8ad\"},{\"columnId\":\"1690c6b9-3994-45fe-b5df-f969d2db8685\",\"alignment\":\"center\",\"summaryRow\":\"sum\",\"summaryLabel\":\"Total\"}],\"sorting\":{\"columnId\":\"1690c6b9-3994-45fe-b5df-f969d2db8685\",\"direction\":\"desc\"}},\"query\":{\"query\":\"event.provider : \\\"TYCHON\\\" \",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"9718473a-bff7-48ea-86aa-04ffed5eed06\":{\"columns\":{\"ee089046-8dd0-47f9-b094-31dc5a43d8ad\":{\"label\":\"Event Category\",\"dataType\":\"string\",\"operationType\":\"filters\",\"scale\":\"ordinal\",\"isBucketed\":true,\"params\":{\"filters\":[{\"label\":\"Error Events\",\"input\":{\"query\":\"log.level : \\\"error\\\" \",\"language\":\"kuery\"}},{\"input\":{\"query\":\"log.level : \\\"warning\\\" \",\"language\":\"kuery\"},\"label\":\"Warning Events\"},{\"input\":{\"query\":\"log.level : \\\"information\\\" \",\"language\":\"kuery\"},\"label\":\"Information Events\"}]},\"customLabel\":true},\"1690c6b9-3994-45fe-b5df-f969d2db8685\":{\"label\":\"Total Records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":false},\"customLabel\":true}},\"columnOrder\":[\"ee089046-8dd0-47f9-b094-31dc5a43d8ad\",\"1690c6b9-3994-45fe-b5df-f969d2db8685\"],\"sampling\":1,\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Event Counts By Severity\"},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":27,\"w\":9,\"h\":11,\"i\":\"f560734b-0618-40e0-828a-a6e141cf62a2\"},\"panelIndex\":\"f560734b-0618-40e0-828a-a6e141cf62a2\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"df491fbb-3f09-4ab0-995a-c2c549a9bc21\",\"name\":\"indexpattern-datasource-layer-51fcf8c0-74c4-469b-a2c3-5581b411a908\"}],\"state\":{\"visualization\":{\"layerId\":\"51fcf8c0-74c4-469b-a2c3-5581b411a908\",\"layerType\":\"data\",\"columns\":[{\"columnId\":\"d8139485-6b46-45aa-8376-c2b28f89e022\"},{\"columnId\":\"568e03d3-c0c2-42db-8c81-e4cac6e39fa5\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"51fcf8c0-74c4-469b-a2c3-5581b411a908\":{\"columns\":{\"d8139485-6b46-45aa-8376-c2b28f89e022\":{\"label\":\"Errors:\",\"dataType\":\"string\",\"operationType\":\"filters\",\"scale\":\"ordinal\",\"isBucketed\":true,\"params\":{\"filters\":[{\"label\":\"Module Not Supported Error\",\"input\":{\"query\":\"event.provider:\\\"TYCHON\\\" and message:\\\"*is not supported\\\"\",\"language\":\"kuery\"}},{\"input\":{\"query\":\"event.provider : \\\"TYCHON\\\" and message:\\\"*not found in item*\\\"\",\"language\":\"kuery\"},\"label\":\"Item Not Found\"}]},\"customLabel\":true},\"568e03d3-c0c2-42db-8c81-e4cac6e39fa5\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true}}},\"columnOrder\":[\"d8139485-6b46-45aa-8376-c2b28f89e022\",\"568e03d3-c0c2-42db-8c81-e4cac6e39fa5\"],\"sampling\":1,\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{},\"hidePanelTitles\":false},\"title\":\"TYCHON Errors\"},{\"version\":\"8.6.2\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":38,\"w\":27,\"h\":38,\"i\":\"2a8fb3f0-8a3a-4f26-94d6-ef0454458190\"},\"panelIndex\":\"2a8fb3f0-8a3a-4f26-94d6-ef0454458190\",\"embeddableConfig\":{\"savedVis\":{\"id\":\"\",\"title\":\"\",\"description\":\"\",\"type\":\"markdown\",\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"### TYCHON Event ID Mapping:\\n\\n|Category|Event ID|Event Type|Message Format|Source|Level|\\n| --- | --- | --- | --- | --- | --- |\\n|CVE| 8000\\t| TYCHON Vulnerability Check Started | Vulnerability Check Started\\t| TYCHON\\t|INFO |\\n|CVE| 8001\\t| TYCHON Vulnerability Check Failed\\t| Vulnerability Check Failed\\t| TYCHON\\t| ERROR\\n|CVE| 8002\\t| TYCHON Vulnerability Check Complete\\t| Vulnerability Check Complete\\t| TYCHON\\t| INFO\\n|CVE| 8003\\t| TYCHON CVE Check Passed\\t| Formatted scan output for passing test.\\t| TYCHON\\t| INFO\\n|CVE| 8004\\t| TYCHON CVE Check Failed\\t| Formatted scan output for failed test.\\t| TYCHON\\t| ERROR\\n|CVE| 8005\\t| TYCHON CVE Check Error\\t| Formatted scan output for test that reports an error.\\t| TYCHON\\t| WARN\\n|CVE|8006\\t| TYCHON CVE Delta Check Passed\\t| Formatted module output.\\t| TYCHON\\t| WARN\\n|STIG |8100 |TYCHON STIG Check Started\\t|TYCHON STIG Check Started\\t|TYCHON\\t|INFO\\n|STIG | 8101\\t|TYCHON STIG Check Failed\\t|TYCHON STIG Check Failed\\t|TYCHON\\t|ERROR\\n|STIG | 8102\\t|TYCHON STIG Check Complete\\t|TYCHON STIG Check Complete\\t|TYCHON\\t|INFO\\n|STIG | 8103\\t|TYCHON Benchmark Check Failed\\t|Formatted benchmark output\\t|TYCHON\\t|ERROR\\n|STIG | 8304\\t|TYCHON Benchmark Check Passed\\t|Formatted benchmark output\\t|TYCHON\\t|INFO\\n|STIG | 8105\\t|TYCHON Benchmark Check Error\\t|Formatted benchmark output\\t|TYCHON\\t|WARN\\n|STIG | 8106\\t|TYCHON Benchmark Delta Check Passed\\t|Formatted module output\\t|TYCHON\\t|WARN\\n|STIG | 8107\\t|TYCHON Benchmark Scan Start\\t|TYCHON Benchmark \u003cBENCHMARK NAME\u003e \u003cBENCHMARK ID\u003e\u003cPROFILE ID\u003e Scan Start\\t|TYCHON\\t|INFO\\n|STIG | 8108|TYCHON Benchmark Scan Complete\\t|TYCHON Benchmark \u003cBENCHMARK NAME\u003e \u003cBENCHMARK ID\u003e\u003cPROFILE ID\u003e Scan Complete.\\t|TYCHON\\t|INFO\\n|EPP|8200|TYCHON EPP Check Started\\t|TYCHON EPP Check Started\\t|TYCHON\\t|INFO\\n|EPP|8201|TYCHON EPP Check Completed\\t|TYCHON EPP Check Complete\\t|TYCHON\\t|ERROR\\n|EPP|8202|TYCHON EPP Setting Check Passed\\t|Formatted module output\\t|TYCHON\\t|INFO\\n|EPP|8203|TYCHON EPP Setting Check Failed\\t|Formatted module output\\t|TYCHON\\t|ERROR\\n|General|8900|TYCHON General Issue\\t|Free form\\t|TYCHON\\t|ERROR\\n|General|8901|TYCHON General Issue\\t|Free form\\t|TYCHON\\t|WARN\\n|General|8902|TYCHON General Issue\\t|Free form\\t|TYCHON\\t|INFO\\n|General|8968|TYCHON Script Start\\t|TYCHON Script Start \u003cScript Name\u003e, \u003cStart Time\u003e Expectation to include the start time as a field.\\t|TYCHON\\t|INFO\\n|General|8968|TYCHON Script Complete\\t|TYCHON Script Complete \u003cScript Name\u003e, \u003cCompletion Time\u003e Expectation to include the completion time as a field.\\t|TYCHON\\t|INFO\"},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"hidePanelTitles\":true,\"enhancements\":{}}},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":27,\"y\":38,\"w\":12,\"h\":19,\"i\":\"ffd3a473-3cb4-4ef1-95a2-19899211b020\"},\"panelIndex\":\"ffd3a473-3cb4-4ef1-95a2-19899211b020\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"df491fbb-3f09-4ab0-995a-c2c549a9bc21\",\"name\":\"indexpattern-datasource-layer-7291df4e-9082-4935-8fed-0f3d42910589\"}],\"state\":{\"visualization\":{\"layerId\":\"7291df4e-9082-4935-8fed-0f3d42910589\",\"layerType\":\"data\",\"columns\":[{\"columnId\":\"e4855ab7-72e1-4b6a-a668-c8a39ab3dba2\",\"alignment\":\"left\",\"oneClickFilter\":true},{\"columnId\":\"59d9fc9f-a21c-4b5b-a87b-b66b016505fa\",\"alignment\":\"center\"},{\"columnId\":\"56e6a432-6881-4338-b91c-a907653fbd8c\",\"isTransposed\":false,\"alignment\":\"center\"},{\"columnId\":\"1503adce-02f2-4ee6-a15d-9b76b98c40d8\",\"isTransposed\":false,\"alignment\":\"center\"},{\"columnId\":\"ca252885-1816-4144-a8b4-444d3e186b20\",\"isTransposed\":false,\"alignment\":\"center\"}],\"sorting\":{\"columnId\":\"e4855ab7-72e1-4b6a-a668-c8a39ab3dba2\",\"direction\":\"desc\"}},\"query\":{\"query\":\"event.code: 8101 or event.code: 8001 or event.code:8203\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"7291df4e-9082-4935-8fed-0f3d42910589\":{\"columns\":{\"e4855ab7-72e1-4b6a-a668-c8a39ab3dba2\":{\"label\":\"Date\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"event.ingested\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"d\",\"includeEmptyRows\":true,\"dropPartials\":false},\"customLabel\":true},\"59d9fc9f-a21c-4b5b-a87b-b66b016505fa\":{\"label\":\"Total Failures\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true},\"customLabel\":true},\"56e6a432-6881-4338-b91c-a907653fbd8c\":{\"label\":\"STIG Failures\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"filter\":{\"query\":\"event.code: 8101\",\"language\":\"kuery\"},\"params\":{\"emptyAsNull\":true},\"customLabel\":true},\"1503adce-02f2-4ee6-a15d-9b76b98c40d8\":{\"label\":\"Vulnerability Failures\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"filter\":{\"query\":\"event.code: 8001\",\"language\":\"kuery\"},\"params\":{\"emptyAsNull\":true},\"customLabel\":true},\"ca252885-1816-4144-a8b4-444d3e186b20\":{\"label\":\"EPP Failures\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"filter\":{\"query\":\"event.code: \\\"8203\\\" \",\"language\":\"kuery\"},\"params\":{\"emptyAsNull\":true},\"customLabel\":true}},\"columnOrder\":[\"e4855ab7-72e1-4b6a-a668-c8a39ab3dba2\",\"59d9fc9f-a21c-4b5b-a87b-b66b016505fa\",\"56e6a432-6881-4338-b91c-a907653fbd8c\",\"1503adce-02f2-4ee6-a15d-9b76b98c40d8\",\"ca252885-1816-4144-a8b4-444d3e186b20\"],\"sampling\":1,\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Scan Failures Per Day\"},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":39,\"y\":38,\"w\":9,\"h\":19,\"i\":\"6a813b1d-6a0b-414a-88e0-0c25bd7a5a2d\"},\"panelIndex\":\"6a813b1d-6a0b-414a-88e0-0c25bd7a5a2d\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsPie\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"df491fbb-3f09-4ab0-995a-c2c549a9bc21\",\"name\":\"indexpattern-datasource-layer-7c6422f1-c23f-49b2-8736-1971f6116592\"}],\"state\":{\"visualization\":{\"shape\":\"pie\",\"layers\":[{\"layerId\":\"7c6422f1-c23f-49b2-8736-1971f6116592\",\"primaryGroups\":[\"2416f259-6b27-465e-91da-4adafc040ead\"],\"metrics\":[\"387b0e2c-27c5-46f6-89da-8e2b10dc46c7\"],\"numberDisplay\":\"percent\",\"categoryDisplay\":\"default\",\"legendDisplay\":\"default\",\"nestedLegend\":false,\"layerType\":\"data\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"7c6422f1-c23f-49b2-8736-1971f6116592\":{\"columns\":{\"2416f259-6b27-465e-91da-4adafc040ead\":{\"label\":\"Top 5 values of host.os.name\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.os.name\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"387b0e2c-27c5-46f6-89da-8e2b10dc46c7\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false}},\"387b0e2c-27c5-46f6-89da-8e2b10dc46c7\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true}}},\"columnOrder\":[\"2416f259-6b27-465e-91da-4adafc040ead\",\"387b0e2c-27c5-46f6-89da-8e2b10dc46c7\"],\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Operating System Breakdown\"}]", + "refreshInterval": { + "pause": true, + "value": 0 + }, + "timeFrom": "now-7d/d", + "timeRestore": true, + "timeTo": "now", + "title": "[TYCHON] - Agentless Event Logs", + "version": 1 + }, + "coreMigrationVersion": "8.6.2", + "created_at": "2023-06-22T19:24:40.643Z", + "id": "tychon-e3cbb1a0-112a-11ee-af86-538da1394f27-log", + "migrationVersion": { + "dashboard": "8.6.0" + }, + "references": [ + { + "id": "df491fbb-3f09-4ab0-995a-c2c549a9bc21", + "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index", + "type": "index-pattern" + }, + { + "id": "df491fbb-3f09-4ab0-995a-c2c549a9bc21", + "name": "0d3c8367-8409-4931-accd-0b1dddd5895c:indexpattern-datasource-layer-e7402bc7-e904-495e-9339-368e8238ddde", + "type": "index-pattern" + }, + { + "id": "df491fbb-3f09-4ab0-995a-c2c549a9bc21", + "name": "003ea62c-e6c6-4352-bbf3-56de3c4b27d5:indexpattern-datasource-layer-6c37a2a4-f317-4829-ae4c-ac399bb98cf8", + "type": "index-pattern" + }, + { + "id": "df491fbb-3f09-4ab0-995a-c2c549a9bc21", + "name": "08c2bd9a-4e44-47e7-80b2-12ee8f6c848a:indexpattern-datasource-layer-6c37a2a4-f317-4829-ae4c-ac399bb98cf8", + "type": "index-pattern" + }, + { + "id": "df491fbb-3f09-4ab0-995a-c2c549a9bc21", + "name": "d06340ad-f85b-41d2-b355-a63935813f2a:indexpattern-datasource-layer-6c37a2a4-f317-4829-ae4c-ac399bb98cf8", + "type": "index-pattern" + }, + { + "id": "df491fbb-3f09-4ab0-995a-c2c549a9bc21", + "name": "375c0c11-1577-4003-80f7-49eb9bc59ed6:indexpattern-datasource-layer-9718473a-bff7-48ea-86aa-04ffed5eed06", + "type": "index-pattern" + }, + { + "id": "df491fbb-3f09-4ab0-995a-c2c549a9bc21", + "name": "51fd833e-0ffd-488e-9e08-d9342ccd6884:indexpattern-datasource-layer-9718473a-bff7-48ea-86aa-04ffed5eed06", + "type": "index-pattern" + }, + { + "id": "df491fbb-3f09-4ab0-995a-c2c549a9bc21", + "name": "f560734b-0618-40e0-828a-a6e141cf62a2:indexpattern-datasource-layer-51fcf8c0-74c4-469b-a2c3-5581b411a908", + "type": "index-pattern" + }, + { + "id": "df491fbb-3f09-4ab0-995a-c2c549a9bc21", + "name": "ffd3a473-3cb4-4ef1-95a2-19899211b020:indexpattern-datasource-layer-7291df4e-9082-4935-8fed-0f3d42910589", + "type": "index-pattern" + }, + { + "id": "df491fbb-3f09-4ab0-995a-c2c549a9bc21", + "name": "6a813b1d-6a0b-414a-88e0-0c25bd7a5a2d:indexpattern-datasource-layer-7c6422f1-c23f-49b2-8736-1971f6116592", + "type": "index-pattern" + }, + { + "id": "10af3800-10f3-11ee-af86-538da1394f27", + "name": "tag-ref-10af3800-10f3-11ee-af86-538da1394f27", + "type": "tag" + } + ], + "type": "dashboard", + "updated_at": "2023-06-22T19:24:40.643Z", + "version": "WzI4NDUzNSwxM10=" +} \ No newline at end of file diff --git a/packages/tychon/kibana/dashboard/tychon-f3f86a20-3d47-11ee-9610-15dee918f31a-host.json b/packages/tychon/kibana/dashboard/tychon-f3f86a20-3d47-11ee-9610-15dee918f31a-host.json new file mode 100644 index 00000000000..a3c7c29dc30 --- /dev/null +++ b/packages/tychon/kibana/dashboard/tychon-f3f86a20-3d47-11ee-9610-15dee918f31a-host.json @@ -0,0 +1,150 @@ +{ + "attributes": { + "description": "TYCHON reports on current TPM, Device Guard, Secure Boot, DMA, System Guard, and HVE Code Integrity being available and Enabled.", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "optionsJSON": "{\"useMargins\":true,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}", + "panelsJSON": "[{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":0,\"w\":6,\"h\":8,\"i\":\"98423c47-09a4-460b-a2b2-f3c111bae4b5\"},\"panelIndex\":\"98423c47-09a4-460b-a2b2-f3c111bae4b5\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsLegacyMetric\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"9267bb1b-cf22-4417-8cfb-6606848140a7\",\"name\":\"indexpattern-datasource-layer-cebe4c55-66db-4691-b44a-a6282a29a7bd\"}],\"state\":{\"visualization\":{\"layerId\":\"cebe4c55-66db-4691-b44a-a6282a29a7bd\",\"accessor\":\"30e5a2fc-ce4a-42a6-9422-debeb64ebe98\",\"layerType\":\"data\",\"titlePosition\":\"bottom\",\"textAlign\":\"center\",\"size\":\"m\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"cebe4c55-66db-4691-b44a-a6282a29a7bd\":{\"columns\":{\"30e5a2fc-ce4a-42a6-9422-debeb64ebe98\":{\"label\":\"Total Number of Hosts\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"host.id\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":true},\"customLabel\":true}},\"columnOrder\":[\"30e5a2fc-ce4a-42a6-9422-debeb64ebe98\"],\"sampling\":1,\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{}}},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":6,\"y\":0,\"w\":7,\"h\":4,\"i\":\"0510df0c-1a13-43a1-a9da-e3837ff6b001\"},\"panelIndex\":\"0510df0c-1a13-43a1-a9da-e3837ff6b001\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsMetric\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"9267bb1b-cf22-4417-8cfb-6606848140a7\",\"name\":\"indexpattern-datasource-layer-426889ea-4a64-47bc-b75b-2db8ebe4da1a\"}],\"state\":{\"visualization\":{\"layerId\":\"426889ea-4a64-47bc-b75b-2db8ebe4da1a\",\"layerType\":\"data\",\"metricAccessor\":\"65782600-85b4-4811-96fe-d5e0b55cec61\",\"maxAccessor\":\"450687e0-0597-4ee7-af97-1ee49bea450d\",\"showBar\":true,\"progressDirection\":\"horizontal\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"426889ea-4a64-47bc-b75b-2db8ebe4da1a\":{\"columns\":{\"65782600-85b4-4811-96fe-d5e0b55cec61\":{\"label\":\"Base Virtualization Support Enabled\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"host.id\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":false,\"format\":{\"id\":\"number\",\"params\":{\"decimals\":0}}},\"customLabel\":true,\"filter\":{\"query\":\"event.deviceguard.basevirtualizationsupport.available : true \",\"language\":\"kuery\"}},\"450687e0-0597-4ee7-af97-1ee49bea450d\":{\"label\":\"Unique count of host.id\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"host.id\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":true}}},\"columnOrder\":[\"65782600-85b4-4811-96fe-d5e0b55cec61\",\"450687e0-0597-4ee7-af97-1ee49bea450d\"],\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{}},\"title\":\"\"},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":13,\"y\":0,\"w\":7,\"h\":4,\"i\":\"2296650a-59b3-49c3-8766-9b3e5dc2a60b\"},\"panelIndex\":\"2296650a-59b3-49c3-8766-9b3e5dc2a60b\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsMetric\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"9267bb1b-cf22-4417-8cfb-6606848140a7\",\"name\":\"indexpattern-datasource-layer-426889ea-4a64-47bc-b75b-2db8ebe4da1a\"}],\"state\":{\"visualization\":{\"layerId\":\"426889ea-4a64-47bc-b75b-2db8ebe4da1a\",\"layerType\":\"data\",\"metricAccessor\":\"65782600-85b4-4811-96fe-d5e0b55cec61\",\"maxAccessor\":\"450687e0-0597-4ee7-af97-1ee49bea450d\",\"showBar\":true,\"progressDirection\":\"horizontal\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"426889ea-4a64-47bc-b75b-2db8ebe4da1a\":{\"columns\":{\"65782600-85b4-4811-96fe-d5e0b55cec61\":{\"label\":\"Hypervisor Enforced Code Integrity Enabled\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"host.id\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":false,\"format\":{\"id\":\"number\",\"params\":{\"decimals\":0}}},\"customLabel\":true,\"filter\":{\"query\":\"event.deviceguard.hypervisorenforcedcodeint.enabled : true \",\"language\":\"kuery\"}},\"450687e0-0597-4ee7-af97-1ee49bea450d\":{\"label\":\"Unique count of host.id\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"host.id\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":true}}},\"columnOrder\":[\"65782600-85b4-4811-96fe-d5e0b55cec61\",\"450687e0-0597-4ee7-af97-1ee49bea450d\"],\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{}},\"title\":\"\"},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":20,\"y\":0,\"w\":7,\"h\":4,\"i\":\"b3b4f8d0-f425-4f30-bf9b-08f9bac344be\"},\"panelIndex\":\"b3b4f8d0-f425-4f30-bf9b-08f9bac344be\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsMetric\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"9267bb1b-cf22-4417-8cfb-6606848140a7\",\"name\":\"indexpattern-datasource-layer-426889ea-4a64-47bc-b75b-2db8ebe4da1a\"}],\"state\":{\"visualization\":{\"layerId\":\"426889ea-4a64-47bc-b75b-2db8ebe4da1a\",\"layerType\":\"data\",\"metricAccessor\":\"65782600-85b4-4811-96fe-d5e0b55cec61\",\"maxAccessor\":\"450687e0-0597-4ee7-af97-1ee49bea450d\",\"showBar\":true,\"progressDirection\":\"horizontal\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"426889ea-4a64-47bc-b75b-2db8ebe4da1a\":{\"columns\":{\"65782600-85b4-4811-96fe-d5e0b55cec61\":{\"label\":\"Credential Guard Enabled\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"host.id\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":false,\"format\":{\"id\":\"number\",\"params\":{\"decimals\":0}}},\"customLabel\":true,\"filter\":{\"query\":\"event.deviceguard.credentialguard.enabled : true\",\"language\":\"kuery\"}},\"450687e0-0597-4ee7-af97-1ee49bea450d\":{\"label\":\"Unique count of host.id\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"host.id\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":true}}},\"columnOrder\":[\"65782600-85b4-4811-96fe-d5e0b55cec61\",\"450687e0-0597-4ee7-af97-1ee49bea450d\"],\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{}},\"title\":\"\"},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":27,\"y\":0,\"w\":7,\"h\":4,\"i\":\"8288c8d3-8052-4fcb-b8b1-03a03c088699\"},\"panelIndex\":\"8288c8d3-8052-4fcb-b8b1-03a03c088699\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsMetric\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"9267bb1b-cf22-4417-8cfb-6606848140a7\",\"name\":\"indexpattern-datasource-layer-426889ea-4a64-47bc-b75b-2db8ebe4da1a\"}],\"state\":{\"visualization\":{\"layerId\":\"426889ea-4a64-47bc-b75b-2db8ebe4da1a\",\"layerType\":\"data\",\"metricAccessor\":\"65782600-85b4-4811-96fe-d5e0b55cec61\",\"maxAccessor\":\"8b1f00fe-d1df-49df-83c7-812185d80225\",\"showBar\":true,\"progressDirection\":\"horizontal\",\"color\":\"#2567ca\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"426889ea-4a64-47bc-b75b-2db8ebe4da1a\":{\"columns\":{\"65782600-85b4-4811-96fe-d5e0b55cec61\":{\"label\":\"Secure Memory Overwrite Not Available\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"host.id\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":false,\"format\":{\"id\":\"number\",\"params\":{\"decimals\":0}}},\"customLabel\":true,\"filter\":{\"query\":\"event.deviceguard.securememoverwrite.available : false \",\"language\":\"kuery\"}},\"8b1f00fe-d1df-49df-83c7-812185d80225\":{\"label\":\"Total Systems\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"host.hostname\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":false},\"customLabel\":true}},\"columnOrder\":[\"65782600-85b4-4811-96fe-d5e0b55cec61\",\"8b1f00fe-d1df-49df-83c7-812185d80225\"],\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{},\"hidePanelTitles\":true},\"title\":\"\"},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":34,\"y\":0,\"w\":7,\"h\":4,\"i\":\"c86a6a37-5078-43c1-aed8-8a49373bafe2\"},\"panelIndex\":\"c86a6a37-5078-43c1-aed8-8a49373bafe2\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsMetric\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"9267bb1b-cf22-4417-8cfb-6606848140a7\",\"name\":\"indexpattern-datasource-layer-426889ea-4a64-47bc-b75b-2db8ebe4da1a\"}],\"state\":{\"visualization\":{\"layerId\":\"426889ea-4a64-47bc-b75b-2db8ebe4da1a\",\"layerType\":\"data\",\"metricAccessor\":\"65782600-85b4-4811-96fe-d5e0b55cec61\",\"maxAccessor\":\"8b1f00fe-d1df-49df-83c7-812185d80225\",\"showBar\":true,\"progressDirection\":\"horizontal\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"426889ea-4a64-47bc-b75b-2db8ebe4da1a\":{\"columns\":{\"65782600-85b4-4811-96fe-d5e0b55cec61\":{\"label\":\"DMA Protections Not Available\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"host.id\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":false,\"format\":{\"id\":\"number\",\"params\":{\"decimals\":0}}},\"customLabel\":true,\"filter\":{\"query\":\"event.deviceguard.dmaprotection.available :false \",\"language\":\"kuery\"}},\"8b1f00fe-d1df-49df-83c7-812185d80225\":{\"label\":\"Total Systems\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"host.hostname\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":true},\"customLabel\":true}},\"columnOrder\":[\"65782600-85b4-4811-96fe-d5e0b55cec61\",\"8b1f00fe-d1df-49df-83c7-812185d80225\"],\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{},\"hidePanelTitles\":true},\"title\":\"\"},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":41,\"y\":0,\"w\":7,\"h\":4,\"i\":\"cbe84ec6-8b4f-4be4-9862-b72c8ed16f0c\"},\"panelIndex\":\"cbe84ec6-8b4f-4be4-9862-b72c8ed16f0c\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsMetric\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"9267bb1b-cf22-4417-8cfb-6606848140a7\",\"name\":\"indexpattern-datasource-layer-426889ea-4a64-47bc-b75b-2db8ebe4da1a\"}],\"state\":{\"visualization\":{\"layerId\":\"426889ea-4a64-47bc-b75b-2db8ebe4da1a\",\"layerType\":\"data\",\"metricAccessor\":\"65782600-85b4-4811-96fe-d5e0b55cec61\",\"maxAccessor\":\"8b1f00fe-d1df-49df-83c7-812185d80225\",\"showBar\":true,\"progressDirection\":\"horizontal\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"426889ea-4a64-47bc-b75b-2db8ebe4da1a\":{\"columns\":{\"65782600-85b4-4811-96fe-d5e0b55cec61\":{\"label\":\"System Guard Secure Launch Enabled\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"host.id\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":false,\"format\":{\"id\":\"number\",\"params\":{\"decimals\":0}}},\"customLabel\":true,\"filter\":{\"query\":\"event.deviceguard.systemguardsecurelaunch.enabled : true \",\"language\":\"kuery\"}},\"8b1f00fe-d1df-49df-83c7-812185d80225\":{\"label\":\"Total Systems\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"host.hostname\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":true},\"customLabel\":true}},\"columnOrder\":[\"65782600-85b4-4811-96fe-d5e0b55cec61\",\"8b1f00fe-d1df-49df-83c7-812185d80225\"],\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{},\"hidePanelTitles\":true},\"title\":\"\"},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":6,\"y\":4,\"w\":7,\"h\":4,\"i\":\"d7ddb672-7f1d-4833-a1a5-becc42cf9dec\"},\"panelIndex\":\"d7ddb672-7f1d-4833-a1a5-becc42cf9dec\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsMetric\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"9267bb1b-cf22-4417-8cfb-6606848140a7\",\"name\":\"indexpattern-datasource-layer-426889ea-4a64-47bc-b75b-2db8ebe4da1a\"}],\"state\":{\"visualization\":{\"layerId\":\"426889ea-4a64-47bc-b75b-2db8ebe4da1a\",\"layerType\":\"data\",\"metricAccessor\":\"65782600-85b4-4811-96fe-d5e0b55cec61\",\"maxAccessor\":\"450687e0-0597-4ee7-af97-1ee49bea450d\",\"showBar\":true,\"progressDirection\":\"horizontal\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"426889ea-4a64-47bc-b75b-2db8ebe4da1a\":{\"columns\":{\"65782600-85b4-4811-96fe-d5e0b55cec61\":{\"label\":\"Windows SMM Security Mitigation Available\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"host.id\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":false,\"format\":{\"id\":\"number\",\"params\":{\"decimals\":0}}},\"customLabel\":true,\"filter\":{\"query\":\"event.deviceguard.smmsecuritymigrations.available : true \",\"language\":\"kuery\"}},\"450687e0-0597-4ee7-af97-1ee49bea450d\":{\"label\":\"Unique count of host.id\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"host.id\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":true}}},\"columnOrder\":[\"65782600-85b4-4811-96fe-d5e0b55cec61\",\"450687e0-0597-4ee7-af97-1ee49bea450d\"],\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{}},\"title\":\"\"},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":13,\"y\":4,\"w\":7,\"h\":4,\"i\":\"75a9ea69-9a70-490e-b260-664cdc9aa03f\"},\"panelIndex\":\"75a9ea69-9a70-490e-b260-664cdc9aa03f\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsMetric\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"9267bb1b-cf22-4417-8cfb-6606848140a7\",\"name\":\"indexpattern-datasource-layer-426889ea-4a64-47bc-b75b-2db8ebe4da1a\"}],\"state\":{\"visualization\":{\"layerId\":\"426889ea-4a64-47bc-b75b-2db8ebe4da1a\",\"layerType\":\"data\",\"metricAccessor\":\"65782600-85b4-4811-96fe-d5e0b55cec61\",\"maxAccessor\":\"450687e0-0597-4ee7-af97-1ee49bea450d\",\"showBar\":true,\"progressDirection\":\"horizontal\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"426889ea-4a64-47bc-b75b-2db8ebe4da1a\":{\"columns\":{\"65782600-85b4-4811-96fe-d5e0b55cec61\":{\"label\":\"HVE Code Integrity Running\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"host.id\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":false,\"format\":{\"id\":\"number\",\"params\":{\"decimals\":0}}},\"customLabel\":true,\"filter\":{\"query\":\"event.deviceguard.hypervisorenforcedcodeint.running : true \",\"language\":\"kuery\"}},\"450687e0-0597-4ee7-af97-1ee49bea450d\":{\"label\":\"Total Systems\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"host.id\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":false},\"filter\":{\"query\":\"event.deviceguard.hypervisorenforcedcodeint.enabled : true \",\"language\":\"kuery\"},\"customLabel\":true}},\"columnOrder\":[\"65782600-85b4-4811-96fe-d5e0b55cec61\",\"450687e0-0597-4ee7-af97-1ee49bea450d\"],\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{}},\"title\":\"\"},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":20,\"y\":4,\"w\":7,\"h\":4,\"i\":\"6e8d444b-1a29-4b93-90bd-f6aebfa0818c\"},\"panelIndex\":\"6e8d444b-1a29-4b93-90bd-f6aebfa0818c\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsMetric\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"9267bb1b-cf22-4417-8cfb-6606848140a7\",\"name\":\"indexpattern-datasource-layer-426889ea-4a64-47bc-b75b-2db8ebe4da1a\"}],\"state\":{\"visualization\":{\"layerId\":\"426889ea-4a64-47bc-b75b-2db8ebe4da1a\",\"layerType\":\"data\",\"metricAccessor\":\"65782600-85b4-4811-96fe-d5e0b55cec61\",\"maxAccessor\":\"8b1f00fe-d1df-49df-83c7-812185d80225\",\"showBar\":true,\"progressDirection\":\"horizontal\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"426889ea-4a64-47bc-b75b-2db8ebe4da1a\":{\"columns\":{\"65782600-85b4-4811-96fe-d5e0b55cec61\":{\"label\":\"Credential Guard Running\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"host.id\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":false,\"format\":{\"id\":\"number\",\"params\":{\"decimals\":0}}},\"customLabel\":true,\"filter\":{\"query\":\"event.deviceguard.credentialguard.running : true \",\"language\":\"kuery\"}},\"8b1f00fe-d1df-49df-83c7-812185d80225\":{\"label\":\"Total Systems\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"host.hostname\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":false},\"customLabel\":true,\"filter\":{\"query\":\"event.deviceguard.credentialguard.enabled : true \",\"language\":\"kuery\"}}},\"columnOrder\":[\"65782600-85b4-4811-96fe-d5e0b55cec61\",\"8b1f00fe-d1df-49df-83c7-812185d80225\"],\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{},\"hidePanelTitles\":true}},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":27,\"y\":4,\"w\":7,\"h\":4,\"i\":\"915bad91-ce3c-461d-94ef-5da768d08aa1\"},\"panelIndex\":\"915bad91-ce3c-461d-94ef-5da768d08aa1\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsMetric\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"9267bb1b-cf22-4417-8cfb-6606848140a7\",\"name\":\"indexpattern-datasource-layer-426889ea-4a64-47bc-b75b-2db8ebe4da1a\"}],\"state\":{\"visualization\":{\"layerId\":\"426889ea-4a64-47bc-b75b-2db8ebe4da1a\",\"layerType\":\"data\",\"metricAccessor\":\"65782600-85b4-4811-96fe-d5e0b55cec61\",\"maxAccessor\":\"8b1f00fe-d1df-49df-83c7-812185d80225\",\"showBar\":true,\"progressDirection\":\"horizontal\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"426889ea-4a64-47bc-b75b-2db8ebe4da1a\":{\"columns\":{\"65782600-85b4-4811-96fe-d5e0b55cec61\":{\"label\":\"Secure Boot Not Available\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"host.id\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":false,\"format\":{\"id\":\"number\",\"params\":{\"decimals\":0}}},\"customLabel\":true,\"filter\":{\"query\":\"event.deviceguard.secureboot.available : false\",\"language\":\"kuery\"}},\"8b1f00fe-d1df-49df-83c7-812185d80225\":{\"label\":\"Total Systems\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"host.hostname\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":true},\"customLabel\":true}},\"columnOrder\":[\"65782600-85b4-4811-96fe-d5e0b55cec61\",\"8b1f00fe-d1df-49df-83c7-812185d80225\"],\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{},\"hidePanelTitles\":true},\"title\":\"\"},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":34,\"y\":4,\"w\":7,\"h\":4,\"i\":\"46f76a3a-3bdf-42cf-9ed6-735fd2f0f27f\"},\"panelIndex\":\"46f76a3a-3bdf-42cf-9ed6-735fd2f0f27f\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsMetric\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"9267bb1b-cf22-4417-8cfb-6606848140a7\",\"name\":\"indexpattern-datasource-layer-426889ea-4a64-47bc-b75b-2db8ebe4da1a\"}],\"state\":{\"visualization\":{\"layerId\":\"426889ea-4a64-47bc-b75b-2db8ebe4da1a\",\"layerType\":\"data\",\"metricAccessor\":\"65782600-85b4-4811-96fe-d5e0b55cec61\",\"maxAccessor\":\"8b1f00fe-d1df-49df-83c7-812185d80225\",\"showBar\":true,\"progressDirection\":\"horizontal\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"426889ea-4a64-47bc-b75b-2db8ebe4da1a\":{\"columns\":{\"65782600-85b4-4811-96fe-d5e0b55cec61\":{\"label\":\"UEFI Enabled\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"host.id\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":false,\"format\":{\"id\":\"number\",\"params\":{\"decimals\":0}}},\"customLabel\":true,\"filter\":{\"query\":\"event.ufi.enabled : true\",\"language\":\"kuery\"}},\"8b1f00fe-d1df-49df-83c7-812185d80225\":{\"label\":\"Total Systems\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"host.hostname\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":true},\"customLabel\":true}},\"columnOrder\":[\"65782600-85b4-4811-96fe-d5e0b55cec61\",\"8b1f00fe-d1df-49df-83c7-812185d80225\"],\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{},\"hidePanelTitles\":true},\"title\":\"\"},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":41,\"y\":4,\"w\":7,\"h\":4,\"i\":\"a1836875-cbd5-44ec-9543-1eea05689733\"},\"panelIndex\":\"a1836875-cbd5-44ec-9543-1eea05689733\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsMetric\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"9267bb1b-cf22-4417-8cfb-6606848140a7\",\"name\":\"indexpattern-datasource-layer-426889ea-4a64-47bc-b75b-2db8ebe4da1a\"}],\"state\":{\"visualization\":{\"layerId\":\"426889ea-4a64-47bc-b75b-2db8ebe4da1a\",\"layerType\":\"data\",\"metricAccessor\":\"65782600-85b4-4811-96fe-d5e0b55cec61\",\"maxAccessor\":\"8b1f00fe-d1df-49df-83c7-812185d80225\",\"showBar\":true,\"progressDirection\":\"horizontal\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"426889ea-4a64-47bc-b75b-2db8ebe4da1a\":{\"columns\":{\"65782600-85b4-4811-96fe-d5e0b55cec61\":{\"label\":\"System Guard Secure Launch Running\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"host.id\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":false,\"format\":{\"id\":\"number\",\"params\":{\"decimals\":0}}},\"customLabel\":true,\"filter\":{\"query\":\"event.deviceguard.systemguardsecurelaunch.running : true \",\"language\":\"kuery\"}},\"8b1f00fe-d1df-49df-83c7-812185d80225\":{\"label\":\"Total Systems\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"host.hostname\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":true},\"customLabel\":true,\"filter\":{\"query\":\"event.deviceguard.systemguardsecurelaunch.enabled : true \",\"language\":\"kuery\"}}},\"columnOrder\":[\"65782600-85b4-4811-96fe-d5e0b55cec61\",\"8b1f00fe-d1df-49df-83c7-812185d80225\"],\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{},\"hidePanelTitles\":true},\"title\":\"\"},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":8,\"w\":3,\"h\":17,\"i\":\"91fa4dd4-c51a-4d25-bd36-7960198d687c\"},\"panelIndex\":\"91fa4dd4-c51a-4d25-bd36-7960198d687c\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsGauge\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"9267bb1b-cf22-4417-8cfb-6606848140a7\",\"name\":\"indexpattern-datasource-layer-e940b5ed-a6d9-488f-871b-d3e89450a469\"}],\"state\":{\"visualization\":{\"layerId\":\"e940b5ed-a6d9-488f-871b-d3e89450a469\",\"layerType\":\"data\",\"shape\":\"verticalBullet\",\"ticksPosition\":\"auto\",\"labelMajorMode\":\"auto\",\"metricAccessor\":\"278aed0b-127a-4727-9b30-36d8cbc242f3\",\"maxAccessor\":\"5b80e387-9916-4bef-9384-2a873e0e498f\",\"minAccessor\":\"3da8457f-342e-4115-ab2e-60b4c410a9bf\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"e940b5ed-a6d9-488f-871b-d3e89450a469\":{\"columns\":{\"278aed0b-127a-4727-9b30-36d8cbc242f3\":{\"label\":\"TPM Compliant\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"host.id\",\"isBucketed\":false,\"filter\":{\"query\":\"host.tpm.compliant : true\",\"language\":\"kuery\"},\"params\":{\"emptyAsNull\":false},\"customLabel\":true},\"5b80e387-9916-4bef-9384-2a873e0e498f\":{\"label\":\"Total Systems\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"host.id\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":false},\"customLabel\":true},\"3da8457f-342e-4115-ab2e-60b4c410a9bf\":{\"label\":\"Static value: 0\",\"dataType\":\"number\",\"operationType\":\"static_value\",\"isStaticValue\":true,\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"value\":\"0\"},\"references\":[]}},\"columnOrder\":[\"278aed0b-127a-4727-9b30-36d8cbc242f3\",\"5b80e387-9916-4bef-9384-2a873e0e498f\",\"3da8457f-342e-4115-ab2e-60b4c410a9bf\"],\"sampling\":1,\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":true,\"enhancements\":{}}},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":3,\"y\":8,\"w\":6,\"h\":11,\"i\":\"14ea02d4-b08f-4545-8415-c06fc189d8d2\"},\"panelIndex\":\"14ea02d4-b08f-4545-8415-c06fc189d8d2\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsLegacyMetric\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"9267bb1b-cf22-4417-8cfb-6606848140a7\",\"name\":\"indexpattern-datasource-layer-08732232-1c74-4bc6-9dc9-4fcd5bff66d2\"}],\"state\":{\"visualization\":{\"layerId\":\"08732232-1c74-4bc6-9dc9-4fcd5bff66d2\",\"accessor\":\"7e0f7dc7-3e17-41e7-9037-426df3fb1e02\",\"layerType\":\"data\",\"titlePosition\":\"bottom\",\"textAlign\":\"center\",\"size\":\"l\",\"colorMode\":\"Labels\",\"palette\":{\"name\":\"custom\",\"type\":\"palette\",\"params\":{\"steps\":3,\"name\":\"custom\",\"reverse\":false,\"rangeType\":\"number\",\"rangeMin\":null,\"rangeMax\":100,\"progression\":\"fixed\",\"stops\":[{\"color\":\"#E7664C\",\"stop\":0},{\"color\":\"#E7664C\",\"stop\":60},{\"color\":\"#D6BF57\",\"stop\":90},{\"color\":\"#54B399\",\"stop\":100}],\"colorStops\":[{\"color\":\"#E7664C\",\"stop\":null},{\"color\":\"#E7664C\",\"stop\":0},{\"color\":\"#D6BF57\",\"stop\":60},{\"color\":\"#54B399\",\"stop\":90}],\"continuity\":\"below\",\"maxSteps\":5}}},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"08732232-1c74-4bc6-9dc9-4fcd5bff66d2\":{\"columns\":{\"7e0f7dc7-3e17-41e7-9037-426df3fb1e02X0\":{\"label\":\"Part of Percent TPM Compliant\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"filter\":{\"query\":\"host.tpm.compliant : true\",\"language\":\"kuery\"},\"params\":{\"emptyAsNull\":false},\"customLabel\":true},\"7e0f7dc7-3e17-41e7-9037-426df3fb1e02X1\":{\"label\":\"Part of Percent TPM Compliant\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"filter\":{\"query\":\"host.tpm.compliant : *\",\"language\":\"kuery\"},\"params\":{\"emptyAsNull\":false},\"customLabel\":true},\"7e0f7dc7-3e17-41e7-9037-426df3fb1e02X2\":{\"label\":\"Part of Percent TPM Compliant\",\"dataType\":\"number\",\"operationType\":\"math\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"tinymathAst\":{\"type\":\"function\",\"name\":\"divide\",\"args\":[{\"type\":\"function\",\"name\":\"multiply\",\"args\":[\"7e0f7dc7-3e17-41e7-9037-426df3fb1e02X0\",\"7e0f7dc7-3e17-41e7-9037-426df3fb1e02X1\"],\"location\":{\"min\":1,\"max\":77},\"text\":\"count(kql='host.tpm.compliant : true') * count(kql='host.tpm.compliant : *')\"},100],\"location\":{\"min\":0,\"max\":84},\"text\":\"(count(kql='host.tpm.compliant : true') * count(kql='host.tpm.compliant : *')) / 100\"}},\"references\":[\"7e0f7dc7-3e17-41e7-9037-426df3fb1e02X0\",\"7e0f7dc7-3e17-41e7-9037-426df3fb1e02X1\"],\"customLabel\":true},\"7e0f7dc7-3e17-41e7-9037-426df3fb1e02\":{\"label\":\"Percent TPM Compliant\",\"dataType\":\"number\",\"operationType\":\"formula\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"formula\":\"(count(kql='host.tpm.compliant : true') * count(kql='host.tpm.compliant : *')) / 100\",\"isFormulaBroken\":false,\"format\":{\"id\":\"percent\",\"params\":{\"decimals\":2}}},\"references\":[\"7e0f7dc7-3e17-41e7-9037-426df3fb1e02X2\"],\"customLabel\":true}},\"columnOrder\":[\"7e0f7dc7-3e17-41e7-9037-426df3fb1e02\",\"7e0f7dc7-3e17-41e7-9037-426df3fb1e02X0\",\"7e0f7dc7-3e17-41e7-9037-426df3fb1e02X1\",\"7e0f7dc7-3e17-41e7-9037-426df3fb1e02X2\"],\"sampling\":1,\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":true,\"enhancements\":{}}},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":9,\"y\":8,\"w\":39,\"h\":32,\"i\":\"4720fc52-f5a8-4db8-a38c-aacecd78ffd4\"},\"panelIndex\":\"4720fc52-f5a8-4db8-a38c-aacecd78ffd4\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"9267bb1b-cf22-4417-8cfb-6606848140a7\",\"name\":\"indexpattern-datasource-layer-1590c162-36ad-41eb-9bb2-14e1ec9ae08b\"}],\"state\":{\"visualization\":{\"columns\":[{\"isTransposed\":false,\"columnId\":\"a3aab062-cb0e-4d7f-8593-ecc6ba8bab6f\",\"oneClickFilter\":true},{\"isTransposed\":false,\"columnId\":\"daf16339-8bfb-4e36-99ce-5e66793f4264\"},{\"isTransposed\":false,\"columnId\":\"39ce7546-1fb9-4625-b47c-b7658520ab4e\"},{\"columnId\":\"ce080286-8ed3-43e4-8df3-f0547b3d2760\",\"isTransposed\":false}],\"layerId\":\"1590c162-36ad-41eb-9bb2-14e1ec9ae08b\",\"layerType\":\"data\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"1590c162-36ad-41eb-9bb2-14e1ec9ae08b\":{\"columns\":{\"a3aab062-cb0e-4d7f-8593-ecc6ba8bab6f\":{\"label\":\"Hostname\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.hostname\",\"isBucketed\":true,\"params\":{\"size\":150,\"orderBy\":{\"type\":\"column\",\"columnId\":\"39ce7546-1fb9-4625-b47c-b7658520ab4e\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"daf16339-8bfb-4e36-99ce-5e66793f4264\":{\"label\":\"OS\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.os.name\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"39ce7546-1fb9-4625-b47c-b7658520ab4e\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"39ce7546-1fb9-4625-b47c-b7658520ab4e\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true}},\"ce080286-8ed3-43e4-8df3-f0547b3d2760\":{\"label\":\"Kernel\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.os.kernel\",\"isBucketed\":true,\"params\":{\"size\":3,\"orderBy\":{\"type\":\"column\",\"columnId\":\"39ce7546-1fb9-4625-b47c-b7658520ab4e\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false,\"secondaryFields\":[]},\"customLabel\":true}},\"columnOrder\":[\"a3aab062-cb0e-4d7f-8593-ecc6ba8bab6f\",\"daf16339-8bfb-4e36-99ce-5e66793f4264\",\"ce080286-8ed3-43e4-8df3-f0547b3d2760\",\"39ce7546-1fb9-4625-b47c-b7658520ab4e\"],\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Host List\"},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":3,\"y\":19,\"w\":6,\"h\":6,\"i\":\"bde24496-933d-417a-bece-b1d1f5b0ec93\"},\"panelIndex\":\"bde24496-933d-417a-bece-b1d1f5b0ec93\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsMetric\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"9267bb1b-cf22-4417-8cfb-6606848140a7\",\"name\":\"indexpattern-datasource-layer-426889ea-4a64-47bc-b75b-2db8ebe4da1a\"}],\"state\":{\"visualization\":{\"layerId\":\"426889ea-4a64-47bc-b75b-2db8ebe4da1a\",\"layerType\":\"data\",\"metricAccessor\":\"65782600-85b4-4811-96fe-d5e0b55cec61\",\"maxAccessor\":\"450687e0-0597-4ee7-af97-1ee49bea450d\",\"showBar\":true,\"progressDirection\":\"horizontal\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"426889ea-4a64-47bc-b75b-2db8ebe4da1a\":{\"columns\":{\"65782600-85b4-4811-96fe-d5e0b55cec61\":{\"label\":\"TPM Not Available\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"host.id\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":false,\"format\":{\"id\":\"number\",\"params\":{\"decimals\":0}}},\"customLabel\":true,\"filter\":{\"query\":\"host.tpm.present : \\\"false\\\" \",\"language\":\"kuery\"}},\"450687e0-0597-4ee7-af97-1ee49bea450d\":{\"label\":\"Unique count of host.id\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"host.id\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":true}}},\"columnOrder\":[\"65782600-85b4-4811-96fe-d5e0b55cec61\",\"450687e0-0597-4ee7-af97-1ee49bea450d\"],\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{}},\"title\":\"\"},{\"version\":\"8.6.2\",\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":25,\"w\":9,\"h\":15,\"i\":\"336ed7ca-cfb0-4f6f-8537-614b062c122e\"},\"panelIndex\":\"336ed7ca-cfb0-4f6f-8537-614b062c122e\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsPie\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"9267bb1b-cf22-4417-8cfb-6606848140a7\",\"name\":\"indexpattern-datasource-layer-43643552-3cbb-4748-a6ab-d2a73bb57c1a\"}],\"state\":{\"visualization\":{\"shape\":\"donut\",\"palette\":{\"type\":\"palette\",\"name\":\"cool\"},\"layers\":[{\"layerId\":\"43643552-3cbb-4748-a6ab-d2a73bb57c1a\",\"primaryGroups\":[\"49f19bf6-e3d2-41b0-bc18-1a22f0915d8c\"],\"metrics\":[\"0537ada3-7bcd-48a3-a141-da31c0877743\"],\"numberDisplay\":\"value\",\"categoryDisplay\":\"default\",\"legendDisplay\":\"show\",\"nestedLegend\":false,\"layerType\":\"data\",\"percentDecimals\":0,\"emptySizeRatio\":0.7,\"legendPosition\":\"right\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"43643552-3cbb-4748-a6ab-d2a73bb57c1a\":{\"columns\":{\"49f19bf6-e3d2-41b0-bc18-1a22f0915d8c\":{\"label\":\"Device Guard Versions\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"event.deviceguard.version\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"0537ada3-7bcd-48a3-a141-da31c0877743\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false},\"customLabel\":true},\"0537ada3-7bcd-48a3-a141-da31c0877743\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true}}},\"columnOrder\":[\"49f19bf6-e3d2-41b0-bc18-1a22f0915d8c\",\"0537ada3-7bcd-48a3-a141-da31c0877743\"],\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"TPM Versions\"}]", + "refreshInterval": { + "pause": true, + "value": 0 + }, + "timeFrom": "now-30d/d", + "timeRestore": true, + "timeTo": "now", + "title": "[TYCHON] Virtualization Based Security Settings", + "version": 1 + }, + "coreMigrationVersion": "8.6.2", + "created_at": "2023-08-28T12:12:27.089Z", + "id": "tychon-f3f86a20-3d47-11ee-9610-15dee918f31a-host", + "migrationVersion": { + "dashboard": "8.6.0" + }, + "references": [ + { + "id": "9267bb1b-cf22-4417-8cfb-6606848140a7", + "name": "98423c47-09a4-460b-a2b2-f3c111bae4b5:indexpattern-datasource-layer-cebe4c55-66db-4691-b44a-a6282a29a7bd", + "type": "index-pattern" + }, + { + "id": "9267bb1b-cf22-4417-8cfb-6606848140a7", + "name": "0510df0c-1a13-43a1-a9da-e3837ff6b001:indexpattern-datasource-layer-426889ea-4a64-47bc-b75b-2db8ebe4da1a", + "type": "index-pattern" + }, + { + "id": "9267bb1b-cf22-4417-8cfb-6606848140a7", + "name": "2296650a-59b3-49c3-8766-9b3e5dc2a60b:indexpattern-datasource-layer-426889ea-4a64-47bc-b75b-2db8ebe4da1a", + "type": "index-pattern" + }, + { + "id": "9267bb1b-cf22-4417-8cfb-6606848140a7", + "name": "b3b4f8d0-f425-4f30-bf9b-08f9bac344be:indexpattern-datasource-layer-426889ea-4a64-47bc-b75b-2db8ebe4da1a", + "type": "index-pattern" + }, + { + "id": "9267bb1b-cf22-4417-8cfb-6606848140a7", + "name": "8288c8d3-8052-4fcb-b8b1-03a03c088699:indexpattern-datasource-layer-426889ea-4a64-47bc-b75b-2db8ebe4da1a", + "type": "index-pattern" + }, + { + "id": "9267bb1b-cf22-4417-8cfb-6606848140a7", + "name": "c86a6a37-5078-43c1-aed8-8a49373bafe2:indexpattern-datasource-layer-426889ea-4a64-47bc-b75b-2db8ebe4da1a", + "type": "index-pattern" + }, + { + "id": "9267bb1b-cf22-4417-8cfb-6606848140a7", + "name": "cbe84ec6-8b4f-4be4-9862-b72c8ed16f0c:indexpattern-datasource-layer-426889ea-4a64-47bc-b75b-2db8ebe4da1a", + "type": "index-pattern" + }, + { + "id": "9267bb1b-cf22-4417-8cfb-6606848140a7", + "name": "d7ddb672-7f1d-4833-a1a5-becc42cf9dec:indexpattern-datasource-layer-426889ea-4a64-47bc-b75b-2db8ebe4da1a", + "type": "index-pattern" + }, + { + "id": "9267bb1b-cf22-4417-8cfb-6606848140a7", + "name": "75a9ea69-9a70-490e-b260-664cdc9aa03f:indexpattern-datasource-layer-426889ea-4a64-47bc-b75b-2db8ebe4da1a", + "type": "index-pattern" + }, + { + "id": "9267bb1b-cf22-4417-8cfb-6606848140a7", + "name": "6e8d444b-1a29-4b93-90bd-f6aebfa0818c:indexpattern-datasource-layer-426889ea-4a64-47bc-b75b-2db8ebe4da1a", + "type": "index-pattern" + }, + { + "id": "9267bb1b-cf22-4417-8cfb-6606848140a7", + "name": "915bad91-ce3c-461d-94ef-5da768d08aa1:indexpattern-datasource-layer-426889ea-4a64-47bc-b75b-2db8ebe4da1a", + "type": "index-pattern" + }, + { + "id": "9267bb1b-cf22-4417-8cfb-6606848140a7", + "name": "46f76a3a-3bdf-42cf-9ed6-735fd2f0f27f:indexpattern-datasource-layer-426889ea-4a64-47bc-b75b-2db8ebe4da1a", + "type": "index-pattern" + }, + { + "id": "9267bb1b-cf22-4417-8cfb-6606848140a7", + "name": "a1836875-cbd5-44ec-9543-1eea05689733:indexpattern-datasource-layer-426889ea-4a64-47bc-b75b-2db8ebe4da1a", + "type": "index-pattern" + }, + { + "id": "9267bb1b-cf22-4417-8cfb-6606848140a7", + "name": "91fa4dd4-c51a-4d25-bd36-7960198d687c:indexpattern-datasource-layer-e940b5ed-a6d9-488f-871b-d3e89450a469", + "type": "index-pattern" + }, + { + "id": "9267bb1b-cf22-4417-8cfb-6606848140a7", + "name": "14ea02d4-b08f-4545-8415-c06fc189d8d2:indexpattern-datasource-layer-08732232-1c74-4bc6-9dc9-4fcd5bff66d2", + "type": "index-pattern" + }, + { + "id": "9267bb1b-cf22-4417-8cfb-6606848140a7", + "name": "4720fc52-f5a8-4db8-a38c-aacecd78ffd4:indexpattern-datasource-layer-1590c162-36ad-41eb-9bb2-14e1ec9ae08b", + "type": "index-pattern" + }, + { + "id": "9267bb1b-cf22-4417-8cfb-6606848140a7", + "name": "bde24496-933d-417a-bece-b1d1f5b0ec93:indexpattern-datasource-layer-426889ea-4a64-47bc-b75b-2db8ebe4da1a", + "type": "index-pattern" + }, + { + "id": "9267bb1b-cf22-4417-8cfb-6606848140a7", + "name": "336ed7ca-cfb0-4f6f-8537-614b062c122e:indexpattern-datasource-layer-43643552-3cbb-4748-a6ab-d2a73bb57c1a", + "type": "index-pattern" + }, + { + "id": "f26ce820-3d47-11ee-9610-15dee918f31a", + "name": "tag-ref-f26ce820-3d47-11ee-9610-15dee918f31a", + "type": "tag" + }, + { + "id": "e18d6100-3c85-11ee-9610-15dee918f31a", + "name": "tag-ref-e18d6100-3c85-11ee-9610-15dee918f31a", + "type": "tag" + }, + { + "id": "10af3800-10f3-11ee-af86-538da1394f27", + "name": "tag-ref-10af3800-10f3-11ee-af86-538da1394f27", + "type": "tag" + }, + { + "id": "39b55820-10f2-11ee-af86-538da1394f27", + "name": "tag-ref-39b55820-10f2-11ee-af86-538da1394f27", + "type": "tag" + }, + { + "id": "fleet-managed-default", + "name": "tag-ref-fleet-managed-default", + "type": "tag" + }, + { + "id": "fleet-pkg-tychon-default", + "name": "tag-ref-fleet-pkg-tychon-default", + "type": "tag" + } + ], + "type": "dashboard", + "updated_at": "2023-08-28T12:12:27.089Z", + "version": "Wzg5NzMwMywyMl0=" +} \ No newline at end of file diff --git a/packages/tychon/kibana/index_pattern/02acfb43-5302-4331-bb10-4174171f6091.json b/packages/tychon/kibana/index_pattern/02acfb43-5302-4331-bb10-4174171f6091.json new file mode 100644 index 00000000000..0dfd5e3db51 --- /dev/null +++ b/packages/tychon/kibana/index_pattern/02acfb43-5302-4331-bb10-4174171f6091.json @@ -0,0 +1,22 @@ +{ + "attributes": { + "fieldAttrs": "{}", + "fieldFormatMap": "{}", + "fields": "[]", + "name": "HISTORICAL - Disk Volumes (TYCHON)", + "runtimeFieldMap": "{}", + "sourceFilters": "[]", + "timeFieldName": "event.ingested", + "title": "logs-tychon.tychon_volume*", + "typeMeta": "{}" + }, + "coreMigrationVersion": "8.8.0", + "created_at": "2023-08-30T10:59:56.550Z", + "id": "02acfb43-5302-4331-bb10-4174171f6091", + "managed": true, + "references": [], + "type": "index-pattern", + "typeMigrationVersion": "8.0.0", + "updated_at": "2023-08-30T10:59:56.550Z", + "version": "Wzc5MSwyXQ==" +} \ No newline at end of file diff --git a/packages/tychon/kibana/index_pattern/2dc584bc-c446-4150-b561-1415a45ebe87.json b/packages/tychon/kibana/index_pattern/2dc584bc-c446-4150-b561-1415a45ebe87.json new file mode 100644 index 00000000000..ccc02594952 --- /dev/null +++ b/packages/tychon/kibana/index_pattern/2dc584bc-c446-4150-b561-1415a45ebe87.json @@ -0,0 +1,24 @@ +{ + "attributes": { + "fieldAttrs": "{}", + "fieldFormatMap": "{}", + "fields": "[]", + "name": "Hard Drives (TYCHON)", + "runtimeFieldMap": "{}", + "sourceFilters": "[]", + "timeFieldName": "@timestamp", + "title": "tychon_harddrive*", + "typeMeta": "{}" + }, + "coreMigrationVersion": "8.8.0", + "created_at": "2023-08-17T21:06:28.654Z", + "id": "2dc584bc-c446-4150-b561-1415a45ebe87", + "managed": true, + "migrationVersion": { + "index-pattern": "8.0.0" + }, + "references": [], + "type": "index-pattern", + "updated_at": "2023-08-17T21:07:10.085Z", + "version": "WzY2MTQwMywxNl0=" +} \ No newline at end of file diff --git a/packages/tychon/kibana/index_pattern/37150b25-1c34-494e-8214-b58a5a716c95.json b/packages/tychon/kibana/index_pattern/37150b25-1c34-494e-8214-b58a5a716c95.json new file mode 100644 index 00000000000..a7e06190996 --- /dev/null +++ b/packages/tychon/kibana/index_pattern/37150b25-1c34-494e-8214-b58a5a716c95.json @@ -0,0 +1,22 @@ +{ + "attributes": { + "fieldAttrs": "{}", + "fieldFormatMap": "{}", + "fields": "[]", + "name": "HISTORICAL - Host CPUs (TYCHON)", + "runtimeFieldMap": "{}", + "sourceFilters": "[]", + "timeFieldName": "event.ingested", + "title": "logs-tychon.tychon_cpu*", + "typeMeta": "{}" + }, + "coreMigrationVersion": "8.8.0", + "created_at": "2023-08-30T11:08:35.623Z", + "id": "37150b25-1c34-494e-8214-b58a5a716c95", + "managed": true, + "references": [], + "type": "index-pattern", + "typeMigrationVersion": "8.0.0", + "updated_at": "2023-08-30T11:08:35.623Z", + "version": "Wzc5NiwyXQ==" +} \ No newline at end of file diff --git a/packages/tychon/kibana/index_pattern/39822d3a-870f-4a82-8928-e9264b4d1a31.json b/packages/tychon/kibana/index_pattern/39822d3a-870f-4a82-8928-e9264b4d1a31.json new file mode 100644 index 00000000000..3b2a85f6ad4 --- /dev/null +++ b/packages/tychon/kibana/index_pattern/39822d3a-870f-4a82-8928-e9264b4d1a31.json @@ -0,0 +1,22 @@ +{ + "attributes": { + "fieldAttrs": "{}", + "fieldFormatMap": "{}", + "fields": "[]", + "name": "HISTORICAL - Network Adapters (TYCHON)", + "runtimeFieldMap": "{}", + "sourceFilters": "[]", + "timeFieldName": "event.ingested", + "title": "logs-tychon.tychon_networkadapter*", + "typeMeta": "{}" + }, + "coreMigrationVersion": "8.8.0", + "created_at": "2023-08-30T11:12:13.334Z", + "id": "39822d3a-870f-4a82-8928-e9264b4d1a31", + "managed": true, + "references": [], + "type": "index-pattern", + "typeMigrationVersion": "8.0.0", + "updated_at": "2023-08-30T11:12:13.334Z", + "version": "Wzc5OCwyXQ==" +} \ No newline at end of file diff --git a/packages/tychon/kibana/index_pattern/41d172ee-a0b8-4b20-9c93-6482f0abbdec.json b/packages/tychon/kibana/index_pattern/41d172ee-a0b8-4b20-9c93-6482f0abbdec.json new file mode 100644 index 00000000000..566e97545f4 --- /dev/null +++ b/packages/tychon/kibana/index_pattern/41d172ee-a0b8-4b20-9c93-6482f0abbdec.json @@ -0,0 +1,22 @@ +{ + "attributes": { + "fieldAttrs": "{}", + "fieldFormatMap": "{}", + "fields": "[]", + "name": "HISTORICAL - Hardware (TYCHON)", + "runtimeFieldMap": "{}", + "sourceFilters": "[]", + "timeFieldName": "event.ingested", + "title": "logs-tychon.tychon_hardware*", + "typeMeta": "{}" + }, + "coreMigrationVersion": "8.8.0", + "created_at": "2023-08-30T11:07:03.361Z", + "id": "41d172ee-a0b8-4b20-9c93-6482f0abbdec", + "managed": true, + "references": [], + "type": "index-pattern", + "typeMigrationVersion": "8.0.0", + "updated_at": "2023-08-30T11:07:03.361Z", + "version": "Wzc5NSwyXQ==" +} \ No newline at end of file diff --git a/packages/tychon/kibana/index_pattern/4b420fb2-cf3e-40a2-a8fe-92db1bd570b2.json b/packages/tychon/kibana/index_pattern/4b420fb2-cf3e-40a2-a8fe-92db1bd570b2.json new file mode 100644 index 00000000000..1eec4f2bb4f --- /dev/null +++ b/packages/tychon/kibana/index_pattern/4b420fb2-cf3e-40a2-a8fe-92db1bd570b2.json @@ -0,0 +1,22 @@ +{ + "attributes": { + "fieldAttrs": "{}", + "fieldFormatMap": "{}", + "fields": "[]", + "name": "HISTORICAL - ARP (TYCHON)", + "runtimeFieldMap": "{}", + "sourceFilters": "[]", + "timeFieldName": "event.ingested", + "title": "logs-tychon.tychon_arp*", + "typeMeta": "{}" + }, + "coreMigrationVersion": "8.8.0", + "created_at": "2023-08-30T10:52:54.243Z", + "id": "4b420fb2-cf3e-40a2-a8fe-92db1bd570b2", + "managed": true, + "references": [], + "type": "index-pattern", + "typeMigrationVersion": "8.0.0", + "updated_at": "2023-08-30T10:52:54.243Z", + "version": "Wzc5MCwyXQ==" +} \ No newline at end of file diff --git a/packages/tychon/kibana/index_pattern/5be62502-2bab-4d66-97ff-d9373963c50d.json b/packages/tychon/kibana/index_pattern/5be62502-2bab-4d66-97ff-d9373963c50d.json new file mode 100644 index 00000000000..c525296301e --- /dev/null +++ b/packages/tychon/kibana/index_pattern/5be62502-2bab-4d66-97ff-d9373963c50d.json @@ -0,0 +1,22 @@ +{ + "attributes": { + "fieldAttrs": "{}", + "fieldFormatMap": "{}", + "fields": "[]", + "name": "HISTORICAL - Vulnerability Information (TYCHON)", + "runtimeFieldMap": "{}", + "sourceFilters": "[]", + "timeFieldName": "event.ingested", + "title": "logs-tychon.tychon_cve*", + "typeMeta": "{}" + }, + "coreMigrationVersion": "8.8.0", + "created_at": "2023-08-30T11:17:22.732Z", + "id": "5be62502-2bab-4d66-97ff-d9373963c50d", + "managed": true, + "references": [], + "type": "index-pattern", + "typeMigrationVersion": "8.0.0", + "updated_at": "2023-08-30T11:17:22.732Z", + "version": "WzgwMCwyXQ==" +} \ No newline at end of file diff --git a/packages/tychon/kibana/index_pattern/62456a9a-bd4c-4b57-b6b5-5556b6869ce5.json b/packages/tychon/kibana/index_pattern/62456a9a-bd4c-4b57-b6b5-5556b6869ce5.json new file mode 100644 index 00000000000..5380cfbaa18 --- /dev/null +++ b/packages/tychon/kibana/index_pattern/62456a9a-bd4c-4b57-b6b5-5556b6869ce5.json @@ -0,0 +1,24 @@ +{ + "attributes": { + "fieldAttrs": "{}", + "fieldFormatMap": "{}", + "fields": "[]", + "name": "Disk Volumes (TYCHON)", + "runtimeFieldMap": "{}", + "sourceFilters": "[]", + "timeFieldName": "@timestamp", + "title": "tychon_volume*", + "typeMeta": "{}" + }, + "coreMigrationVersion": "8.8.0", + "created_at": "2023-08-18T17:39:23.422Z", + "id": "62456a9a-bd4c-4b57-b6b5-5556b6869ce5", + "managed": true, + "migrationVersion": { + "index-pattern": "8.0.0" + }, + "references": [], + "type": "index-pattern", + "updated_at": "2023-08-18T17:39:23.422Z", + "version": "WzY4MTg4OCwxNl0=" +} \ No newline at end of file diff --git a/packages/tychon/kibana/index_pattern/6c3bf5e0-0feb-4113-a417-ac5e69cd6e00.json b/packages/tychon/kibana/index_pattern/6c3bf5e0-0feb-4113-a417-ac5e69cd6e00.json new file mode 100644 index 00000000000..d1d488c2e4b --- /dev/null +++ b/packages/tychon/kibana/index_pattern/6c3bf5e0-0feb-4113-a417-ac5e69cd6e00.json @@ -0,0 +1,24 @@ +{ + "attributes": { + "fieldAttrs": "{}", + "fieldFormatMap": "{}", + "fields": "[]", + "name": "Endpoint Protection Status (TYCHON)", + "runtimeFieldMap": "{}", + "sourceFilters": "[]", + "timeFieldName": "@timestamp", + "title": "tychon_epp*", + "typeMeta": "{}" + }, + "coreMigrationVersion": "8.8.0", + "created_at": "2023-06-22T19:32:15.953Z", + "id": "6c3bf5e0-0feb-4113-a417-ac5e69cd6e00", + "managed": true, + "migrationVersion": { + "index-pattern": "8.0.0" + }, + "references": [], + "type": "index-pattern", + "updated_at": "2023-06-22T19:32:45.709Z", + "version": "WzI4NTA1MSwxM10=" +} \ No newline at end of file diff --git a/packages/tychon/kibana/index_pattern/6ce8198c-8c52-4f20-8e68-b566ebf84b18.json b/packages/tychon/kibana/index_pattern/6ce8198c-8c52-4f20-8e68-b566ebf84b18.json new file mode 100644 index 00000000000..36f04a22bd9 --- /dev/null +++ b/packages/tychon/kibana/index_pattern/6ce8198c-8c52-4f20-8e68-b566ebf84b18.json @@ -0,0 +1,22 @@ +{ + "attributes": { + "fieldAttrs": "{}", + "fieldFormatMap": "{}", + "fields": "[]", + "name": "HISTORICAL - Endpoint Protection Services (TYCHON)", + "runtimeFieldMap": "{}", + "sourceFilters": "[]", + "timeFieldName": "event.ingested", + "title": "logs-tychon.tychon_epp*", + "typeMeta": "{}" + }, + "coreMigrationVersion": "8.8.0", + "created_at": "2023-08-30T11:01:55.546Z", + "id": "6ce8198c-8c52-4f20-8e68-b566ebf84b18", + "managed": true, + "references": [], + "type": "index-pattern", + "typeMigrationVersion": "8.0.0", + "updated_at": "2023-08-30T11:01:55.546Z", + "version": "Wzc5MiwyXQ==" +} \ No newline at end of file diff --git a/packages/tychon/kibana/index_pattern/78931842-dc88-45d7-a6ee-d79fb9f615bd.json b/packages/tychon/kibana/index_pattern/78931842-dc88-45d7-a6ee-d79fb9f615bd.json new file mode 100644 index 00000000000..701be17a005 --- /dev/null +++ b/packages/tychon/kibana/index_pattern/78931842-dc88-45d7-a6ee-d79fb9f615bd.json @@ -0,0 +1,24 @@ +{ + "attributes": { + "fieldAttrs": "{\"host.hostname\":{\"count\":2},\"vulnerability.iava\":{\"count\":1},\"vulnerability.id\":{\"count\":2},\"vulnerability.result\":{\"count\":2}}", + "fieldFormatMap": "{\"vulnerability.reference\":{\"id\":\"url\",\"params\":{}}}", + "fields": "[]", + "name": "Vulnerability Data (TYCHON)", + "runtimeFieldMap": "{}", + "sourceFilters": "[]", + "timeFieldName": "@timestamp", + "title": "tychon_cve*", + "typeMeta": "{}" + }, + "coreMigrationVersion": "8.8.0", + "created_at": "2023-06-20T13:44:21.061Z", + "id": "78931842-dc88-45d7-a6ee-d79fb9f615bd", + "managed": true, + "migrationVersion": { + "index-pattern": "8.0.0" + }, + "references": [], + "type": "index-pattern", + "updated_at": "2023-06-22T13:18:00.210Z", + "version": "WzI4MDk5OSwxM10=" +} \ No newline at end of file diff --git a/packages/tychon/kibana/index_pattern/7d972a32-d117-4963-a7bf-58fc65fb1ee8.json b/packages/tychon/kibana/index_pattern/7d972a32-d117-4963-a7bf-58fc65fb1ee8.json new file mode 100644 index 00000000000..4c23b41d562 --- /dev/null +++ b/packages/tychon/kibana/index_pattern/7d972a32-d117-4963-a7bf-58fc65fb1ee8.json @@ -0,0 +1,22 @@ +{ + "attributes": { + "fieldAttrs": "{}", + "fieldFormatMap": "{}", + "fields": "[]", + "name": "HISTORICAL - STIG SCAP Results (TYCHON)", + "runtimeFieldMap": "{}", + "sourceFilters": "[]", + "timeFieldName": "event.ingested", + "title": "logs-tychon.tychon_stig*", + "typeMeta": "{}" + }, + "coreMigrationVersion": "8.8.0", + "created_at": "2023-08-30T11:15:38.058Z", + "id": "7d972a32-d117-4963-a7bf-58fc65fb1ee8", + "managed": true, + "references": [], + "type": "index-pattern", + "typeMigrationVersion": "8.0.0", + "updated_at": "2023-08-30T11:15:38.058Z", + "version": "Wzc5OSwyXQ==" +} \ No newline at end of file diff --git a/packages/tychon/kibana/index_pattern/8532a0b4-2a02-4dfa-b6aa-aabe01125b61.json b/packages/tychon/kibana/index_pattern/8532a0b4-2a02-4dfa-b6aa-aabe01125b61.json new file mode 100644 index 00000000000..a50be3c86da --- /dev/null +++ b/packages/tychon/kibana/index_pattern/8532a0b4-2a02-4dfa-b6aa-aabe01125b61.json @@ -0,0 +1,24 @@ +{ + "attributes": { + "fieldAttrs": "{\"agent.name\":{\"count\":1},\"tychon.id\":{\"count\":2}}", + "fieldFormatMap": "{}", + "fields": "[]", + "name": "ARP (TYCHON)", + "runtimeFieldMap": "{}", + "sourceFilters": "[]", + "timeFieldName": "event.ingested", + "title": "tychon_arp*", + "typeMeta": "{}" + }, + "coreMigrationVersion": "8.8.0", + "created_at": "2023-04-03T15:59:09.464Z", + "id": "8532a0b4-2a02-4dfa-b6aa-aabe01125b61", + "managed": true, + "migrationVersion": { + "index-pattern": "8.0.0" + }, + "references": [], + "type": "index-pattern", + "updated_at": "2023-08-18T13:15:57.463Z", + "version": "WzY3NTUxMCwxNl0=" +} \ No newline at end of file diff --git a/packages/tychon/kibana/index_pattern/9267bb1b-cf22-4417-8cfb-6606848140a7.json b/packages/tychon/kibana/index_pattern/9267bb1b-cf22-4417-8cfb-6606848140a7.json new file mode 100644 index 00000000000..b7a203dafdf --- /dev/null +++ b/packages/tychon/kibana/index_pattern/9267bb1b-cf22-4417-8cfb-6606848140a7.json @@ -0,0 +1,24 @@ +{ + "attributes": { + "fieldAttrs": "{}", + "fieldFormatMap": "{}", + "fields": "[]", + "name": "Host Info [TYCHON]", + "runtimeFieldMap": "{}", + "sourceFilters": "[]", + "timeFieldName": "@timestamp", + "title": "tychon_host*", + "typeMeta": "{}" + }, + "coreMigrationVersion": "8.8.0", + "created_at": "2023-08-23T00:22:24.456Z", + "id": "9267bb1b-cf22-4417-8cfb-6606848140a7", + "managed": true, + "migrationVersion": { + "index-pattern": "8.0.0" + }, + "references": [], + "type": "index-pattern", + "updated_at": "2023-08-23T00:22:40.345Z", + "version": "Wzc5NjEzMywyMl0=" +} \ No newline at end of file diff --git a/packages/tychon/kibana/index_pattern/a264bf8d-abc3-4789-9f4c-bf76397e06ba.json b/packages/tychon/kibana/index_pattern/a264bf8d-abc3-4789-9f4c-bf76397e06ba.json new file mode 100644 index 00000000000..6fa2f911060 --- /dev/null +++ b/packages/tychon/kibana/index_pattern/a264bf8d-abc3-4789-9f4c-bf76397e06ba.json @@ -0,0 +1,24 @@ +{ + "attributes": { + "fieldAttrs": "{}", + "fieldFormatMap": "{}", + "fields": "[]", + "name": "Host CPUs (TYCHON)", + "runtimeFieldMap": "{}", + "sourceFilters": "[]", + "timeFieldName": "@timestamp", + "title": "tychon_cpu*", + "typeMeta": "{}" + }, + "coreMigrationVersion": "8.8.0", + "created_at": "2023-08-17T22:16:32.434Z", + "id": "a264bf8d-abc3-4789-9f4c-bf76397e06ba", + "managed": true, + "migrationVersion": { + "index-pattern": "8.0.0" + }, + "references": [], + "type": "index-pattern", + "updated_at": "2023-08-17T22:16:32.434Z", + "version": "WzY2MzMzNiwxNl0=" +} \ No newline at end of file diff --git a/packages/tychon/kibana/index_pattern/a57870ef-07d8-4d12-a067-8c66eefd10ca.json b/packages/tychon/kibana/index_pattern/a57870ef-07d8-4d12-a067-8c66eefd10ca.json new file mode 100644 index 00000000000..94b023c72b4 --- /dev/null +++ b/packages/tychon/kibana/index_pattern/a57870ef-07d8-4d12-a067-8c66eefd10ca.json @@ -0,0 +1,24 @@ +{ + "attributes": { + "fieldAttrs": "{}", + "fieldFormatMap": "{}", + "fields": "[]", + "name": "Hardware (TYCHON)", + "runtimeFieldMap": "{}", + "sourceFilters": "[]", + "timeFieldName": "@timestamp", + "title": "tychon_hardware*", + "typeMeta": "{}" + }, + "coreMigrationVersion": "8.8.0", + "created_at": "2023-08-18T19:57:22.691Z", + "id": "a57870ef-07d8-4d12-a067-8c66eefd10ca", + "managed": true, + "migrationVersion": { + "index-pattern": "8.0.0" + }, + "references": [], + "type": "index-pattern", + "updated_at": "2023-08-18T19:57:22.691Z", + "version": "WzY4MzgwMCwxNl0=" +} \ No newline at end of file diff --git a/packages/tychon/kibana/index_pattern/a61d021d-d78f-485d-93b2-8075149794af.json b/packages/tychon/kibana/index_pattern/a61d021d-d78f-485d-93b2-8075149794af.json new file mode 100644 index 00000000000..0c3f5bb5bed --- /dev/null +++ b/packages/tychon/kibana/index_pattern/a61d021d-d78f-485d-93b2-8075149794af.json @@ -0,0 +1,22 @@ +{ + "attributes": { + "fieldAttrs": "{}", + "fieldFormatMap": "{}", + "fields": "[]", + "name": "HISTORICAL - Host Info (TYCHON)", + "runtimeFieldMap": "{}", + "sourceFilters": "[]", + "timeFieldName": "event.ingested", + "title": "logs-tychon.tychon_host*", + "typeMeta": "{}" + }, + "coreMigrationVersion": "8.8.0", + "created_at": "2023-08-30T11:10:11.104Z", + "id": "a61d021d-d78f-485d-93b2-8075149794af", + "managed": true, + "references": [], + "type": "index-pattern", + "typeMigrationVersion": "8.0.0", + "updated_at": "2023-08-30T11:10:11.104Z", + "version": "Wzc5NywyXQ==" +} \ No newline at end of file diff --git a/packages/tychon/kibana/index_pattern/b006641c-69de-48bd-9a5a-1125f0da1c0b.json b/packages/tychon/kibana/index_pattern/b006641c-69de-48bd-9a5a-1125f0da1c0b.json new file mode 100644 index 00000000000..5d8c5b3aaa2 --- /dev/null +++ b/packages/tychon/kibana/index_pattern/b006641c-69de-48bd-9a5a-1125f0da1c0b.json @@ -0,0 +1,22 @@ +{ + "attributes": { + "fieldAttrs": "{}", + "fieldFormatMap": "{}", + "fields": "[]", + "name": "HISTORICAL - Exposed Services (TYCHON)", + "runtimeFieldMap": "{}", + "sourceFilters": "[]", + "timeFieldName": "event.ingested", + "title": "logs-tychon.tychon_exposedservice*", + "typeMeta": "{}" + }, + "coreMigrationVersion": "8.8.0", + "created_at": "2023-08-30T11:03:43.470Z", + "id": "b006641c-69de-48bd-9a5a-1125f0da1c0b", + "managed": true, + "references": [], + "type": "index-pattern", + "typeMigrationVersion": "8.0.0", + "updated_at": "2023-08-30T11:03:43.470Z", + "version": "Wzc5MywyXQ==" +} \ No newline at end of file diff --git a/packages/tychon/kibana/index_pattern/bb5226cd-c099-46d2-bb71-0257232c7d82.json b/packages/tychon/kibana/index_pattern/bb5226cd-c099-46d2-bb71-0257232c7d82.json new file mode 100644 index 00000000000..945bd38e235 --- /dev/null +++ b/packages/tychon/kibana/index_pattern/bb5226cd-c099-46d2-bb71-0257232c7d82.json @@ -0,0 +1,24 @@ +{ + "attributes": { + "fieldAttrs": "{\"event.dataset\":{\"count\":1}}", + "fieldFormatMap": "{}", + "fields": "[]", + "name": "All TYCHON Logs (TYCHON)", + "runtimeFieldMap": "{}", + "sourceFilters": "[]", + "timeFieldName": "@timestamp", + "title": "tychon_*", + "typeMeta": "{}" + }, + "coreMigrationVersion": "8.8.0", + "created_at": "2023-04-05T12:18:33.104Z", + "id": "bb5226cd-c099-46d2-bb71-0257232c7d82", + "managed": true, + "migrationVersion": { + "index-pattern": "8.0.0" + }, + "references": [], + "type": "index-pattern", + "updated_at": "2023-04-05T12:59:43.059Z", + "version": "WzI1OTI3LDNd" +} \ No newline at end of file diff --git a/packages/tychon/kibana/index_pattern/c6b645d3-dd29-43f2-b831-49e29ffd5b6c.json b/packages/tychon/kibana/index_pattern/c6b645d3-dd29-43f2-b831-49e29ffd5b6c.json new file mode 100644 index 00000000000..a0e117c3ead --- /dev/null +++ b/packages/tychon/kibana/index_pattern/c6b645d3-dd29-43f2-b831-49e29ffd5b6c.json @@ -0,0 +1,24 @@ +{ + "attributes": { + "fieldAttrs": "{}", + "fieldFormatMap": "{}", + "fields": "[]", + "name": "Exposed Services (TYCHON)", + "runtimeFieldMap": "{}", + "sourceFilters": "[]", + "timeFieldName": "@timestamp", + "title": "tychon_exposedservice*", + "typeMeta": "{}" + }, + "coreMigrationVersion": "8.8.0", + "created_at": "2023-08-17T13:10:42.315Z", + "id": "c6b645d3-dd29-43f2-b831-49e29ffd5b6c", + "managed": true, + "migrationVersion": { + "index-pattern": "8.0.0" + }, + "references": [], + "type": "index-pattern", + "updated_at": "2023-08-17T13:10:42.315Z", + "version": "WzY0Mjg1OCwxNl0=" +} \ No newline at end of file diff --git a/packages/tychon/kibana/index_pattern/df491fbb-3f09-4ab0-995a-c2c549a9bc21.json b/packages/tychon/kibana/index_pattern/df491fbb-3f09-4ab0-995a-c2c549a9bc21.json new file mode 100644 index 00000000000..1a1178df71e --- /dev/null +++ b/packages/tychon/kibana/index_pattern/df491fbb-3f09-4ab0-995a-c2c549a9bc21.json @@ -0,0 +1,24 @@ +{ + "attributes": { + "fieldAttrs": "{\"event.provider\":{\"count\":1}}", + "fieldFormatMap": "{}", + "fields": "[]", + "name": "Windows Application Logs (TYCHON)", + "runtimeFieldMap": "{}", + "sourceFilters": "[]", + "timeFieldName": "@timestamp", + "title": "logs-system.application*", + "typeMeta": "{}" + }, + "coreMigrationVersion": "8.8.0", + "created_at": "2023-06-21T13:44:35.159Z", + "id": "df491fbb-3f09-4ab0-995a-c2c549a9bc21", + "managed": true, + "migrationVersion": { + "index-pattern": "8.0.0" + }, + "references": [], + "type": "index-pattern", + "updated_at": "2023-06-21T13:45:32.456Z", + "version": "WzI2NzU5NSwxM10=" +} \ No newline at end of file diff --git a/packages/tychon/kibana/index_pattern/e0015160-781d-4885-9ae6-04230d059bfb.json b/packages/tychon/kibana/index_pattern/e0015160-781d-4885-9ae6-04230d059bfb.json new file mode 100644 index 00000000000..8efc6791749 --- /dev/null +++ b/packages/tychon/kibana/index_pattern/e0015160-781d-4885-9ae6-04230d059bfb.json @@ -0,0 +1,24 @@ +{ + "attributes": { + "fieldAttrs": "{}", + "fieldFormatMap": "{}", + "fields": "[]", + "name": "Software Inventory (TYCHON)", + "runtimeFieldMap": "{}", + "sourceFilters": "[]", + "timeFieldName": "@timestamp", + "title": "tychon_softwareinventory*", + "typeMeta": "{}" + }, + "coreMigrationVersion": "8.8.0", + "created_at": "2023-08-18T19:23:20.043Z", + "id": "e0015160-781d-4885-9ae6-04230d059bfb", + "managed": true, + "migrationVersion": { + "index-pattern": "8.0.0" + }, + "references": [], + "type": "index-pattern", + "updated_at": "2023-08-18T19:23:20.043Z", + "version": "WzY4MzE0MiwxNl0=" +} \ No newline at end of file diff --git a/packages/tychon/kibana/index_pattern/e886429e-9532-4f44-bb36-6465fe760866.json b/packages/tychon/kibana/index_pattern/e886429e-9532-4f44-bb36-6465fe760866.json new file mode 100644 index 00000000000..35dc1490219 --- /dev/null +++ b/packages/tychon/kibana/index_pattern/e886429e-9532-4f44-bb36-6465fe760866.json @@ -0,0 +1,24 @@ +{ + "attributes": { + "fieldAttrs": "{\"tychon.id\":{\"count\":1}}", + "fieldFormatMap": "{}", + "fields": "[]", + "name": "Network Adapters (TYCHON)", + "runtimeFieldMap": "{}", + "sourceFilters": "[]", + "timeFieldName": "@timestamp", + "title": "tychon_networkadapter*", + "typeMeta": "{}" + }, + "coreMigrationVersion": "8.8.0", + "created_at": "2023-08-18T19:11:21.754Z", + "id": "e886429e-9532-4f44-bb36-6465fe760866", + "managed": true, + "migrationVersion": { + "index-pattern": "8.0.0" + }, + "references": [], + "type": "index-pattern", + "updated_at": "2023-08-18T22:15:54.140Z", + "version": "WzY5MDAzMywxNl0=" +} \ No newline at end of file diff --git a/packages/tychon/kibana/index_pattern/eb4dc1c4-9f76-4b3c-976c-fc1575288e2d.json b/packages/tychon/kibana/index_pattern/eb4dc1c4-9f76-4b3c-976c-fc1575288e2d.json new file mode 100644 index 00000000000..c8ac4c372e6 --- /dev/null +++ b/packages/tychon/kibana/index_pattern/eb4dc1c4-9f76-4b3c-976c-fc1575288e2d.json @@ -0,0 +1,22 @@ +{ + "attributes": { + "fieldAttrs": "{}", + "fieldFormatMap": "{}", + "fields": "[]", + "name": "HISTORICAL - Hard Drives (TYCHON)", + "runtimeFieldMap": "{}", + "sourceFilters": "[]", + "timeFieldName": "event.ingested", + "title": "logs-tychon.tychon_harddrive*", + "typeMeta": "{}" + }, + "coreMigrationVersion": "8.8.0", + "created_at": "2023-08-30T11:05:32.346Z", + "id": "eb4dc1c4-9f76-4b3c-976c-fc1575288e2d", + "managed": true, + "references": [], + "type": "index-pattern", + "typeMigrationVersion": "8.0.0", + "updated_at": "2023-08-30T11:05:32.346Z", + "version": "Wzc5NCwyXQ==" +} \ No newline at end of file diff --git a/packages/tychon/kibana/index_pattern/ed7c1bb4-5aac-45d4-9aff-06f4d4ad4a9a.json b/packages/tychon/kibana/index_pattern/ed7c1bb4-5aac-45d4-9aff-06f4d4ad4a9a.json new file mode 100644 index 00000000000..04fa130eb20 --- /dev/null +++ b/packages/tychon/kibana/index_pattern/ed7c1bb4-5aac-45d4-9aff-06f4d4ad4a9a.json @@ -0,0 +1,24 @@ +{ + "attributes": { + "fieldAttrs": "{\"STIG_ID\":{\"count\":3},\"rule.id\":{\"count\":2},\"VULN_ID\":{\"count\":2},\"rule.result.score\":{\"count\":2},\"benchmark.name\":{\"count\":1},\"rule.finding_id\":{\"count\":1},\"rule.result\":{\"count\":1}}", + "fieldFormatMap": "{}", + "fields": "[]", + "name": "STIG SCAP Results (TYCHON)", + "runtimeFieldMap": "{\"STIG_ID\":{\"type\":\"keyword\",\"script\":{\"source\":\"if (doc[\\\"rule.id\\\"].length \u003e 0){\\r\\n def rule_id = doc[\\\"rule.id\\\"].value;\\r\\nif (rule_id == ''){\\r\\n def rule_name = doc[\\\"rule.name\\\"].value.replace('xccdf_mil.disa.stig_rule_','');\\r\\n def iof = rule_name.indexOf('r');\\r\\n emit(rule_name.substring(0, iof))\\r\\n}else{\\r\\n emit(rule_id)\\r\\n}\\r\\n\\r\\n}\\r\\nelse{\\r\\n emit(\\\"\\\")\\r\\n}\"}},\"VULN_ID\":{\"type\":\"keyword\",\"script\":{\"source\":\"if (doc[\\\"rule.id\\\"].length \u003e 0){\\r\\n def rule_id = doc[\\\"rule.id\\\"].value;\\r\\nif (rule_id == ''){\\r\\n def rule_name = doc[\\\"rule.name\\\"].value.replace('xccdf_mil.disa.stig_rule_','');\\r\\n def iof = rule_name.indexOf('r');\\r\\n emit(rule_name.substring(0, iof))\\r\\n}else{\\r\\n emit(rule_id)\\r\\n}\\r\\n\\r\\n}\\r\\nelse{\\r\\n emit(\\\"\\\")\\r\\n}\"}},\"rule.result.score\":{\"type\":\"long\",\"script\":{\"source\":\"if (doc[\\\"rule.result\\\"].length \u003e 0){\\r\\n if (doc[\\\"rule.result\\\"].value == \\\"fail\\\"){\\r\\n emit(10)\\r\\n }else{\\r\\n emit(0)\\r\\n }\\r\\n \\r\\n}\"}},\"benchmarkname\":{\"type\":\"keyword\",\"script\":{\"source\":\"if (doc[\\\"benchmark.name\\\"].length \u003e 0){\\r\\n def namesplit = doc[\\\"benchmark.name\\\"].value.replace(\\\"scap_mil.disa.stig_cref_U_\\\",\\\"\\\").replace(\\\"_STIG_SCAP_1-2_Benchmark-xccdf.xml\\\", \\\"\\\");\\r\\n emit(namesplit);\\r\\n}\\r\\n\\r\\n\\r\\n\"}}}", + "sourceFilters": "[]", + "timeFieldName": "@timestamp", + "title": "tychon_stig*", + "typeMeta": "{}" + }, + "coreMigrationVersion": "8.8.0", + "created_at": "2023-06-20T13:50:39.404Z", + "id": "ed7c1bb4-5aac-45d4-9aff-06f4d4ad4a9a", + "managed": true, + "migrationVersion": { + "index-pattern": "8.0.0" + }, + "references": [], + "type": "index-pattern", + "updated_at": "2023-06-21T19:05:32.364Z", + "version": "WzI3NDQxOCwxM10=" +} \ No newline at end of file diff --git a/packages/tychon/kibana/index_pattern/f215a0b2-b613-4a33-9959-cd7e34b1a1e2.json b/packages/tychon/kibana/index_pattern/f215a0b2-b613-4a33-9959-cd7e34b1a1e2.json new file mode 100644 index 00000000000..0813966614a --- /dev/null +++ b/packages/tychon/kibana/index_pattern/f215a0b2-b613-4a33-9959-cd7e34b1a1e2.json @@ -0,0 +1,22 @@ +{ + "attributes": { + "fieldAttrs": "{}", + "fieldFormatMap": "{}", + "fields": "[]", + "name": "HISTORICAL - Software Inventory (TYCHON)", + "runtimeFieldMap": "{}", + "sourceFilters": "[]", + "timeFieldName": "event.ingested", + "title": "logs-tychon.tychon_softwareinventory*", + "typeMeta": "{}" + }, + "coreMigrationVersion": "8.8.0", + "created_at": "2023-08-30T11:15:38.058Z", + "id": "f215a0b2-b613-4a33-9959-cd7e34b1a1e2", + "managed": true, + "references": [], + "type": "index-pattern", + "typeMigrationVersion": "8.0.0", + "updated_at": "2023-08-30T11:15:38.058Z", + "version": "Wzc5OSwyXQ==" +} \ No newline at end of file diff --git a/packages/tychon/kibana/lens/tychon-1d1b99c0-c3e4-11eb-8956-0b1a70e695fd.json b/packages/tychon/kibana/lens/tychon-1d1b99c0-c3e4-11eb-8956-0b1a70e695fd.json new file mode 100644 index 00000000000..fe3fde918ed --- /dev/null +++ b/packages/tychon/kibana/lens/tychon-1d1b99c0-c3e4-11eb-8956-0b1a70e695fd.json @@ -0,0 +1,203 @@ +{ + "attributes": { + "description": null, + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "d985e735-8ce6-4cee-acea-2df5ee48fc05": { + "columnOrder": [ + "4692dda1-54b4-4b3f-8e76-20708e22e1ab", + "adde9065-5817-4ddc-b340-d71519a94995", + "edb01db2-fa13-4ba2-9971-d96b5d42e47e" + ], + "columns": { + "4692dda1-54b4-4b3f-8e76-20708e22e1ab": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Results and Severity", + "operationType": "terms", + "params": { + "orderBy": { + "type": "alphabetical" + }, + "orderDirection": "asc", + "parentFormat": { + "id": "terms" + }, + "size": 3 + }, + "scale": "ordinal", + "sourceField": "rule.severity" + }, + "adde9065-5817-4ddc-b340-d71519a94995": { + "dataType": "string", + "isBucketed": true, + "label": "Top 3 values of rule.result", + "operationType": "terms", + "params": { + "orderBy": { + "columnId": "edb01db2-fa13-4ba2-9971-d96b5d42e47e", + "type": "column" + }, + "orderDirection": "desc", + "parentFormat": { + "id": "terms" + }, + "size": 3 + }, + "scale": "ordinal", + "sourceField": "rule.result" + }, + "edb01db2-fa13-4ba2-9971-d96b5d42e47e": { + "customLabel": true, + "dataType": "number", + "isBucketed": false, + "label": "Results", + "operationType": "count", + "scale": "ratio", + "sourceField": "___records___" + } + }, + "incompleteColumns": {} + }, + "dc42e337-08a9-4623-b480-57aaf4e69a0e": { + "columnOrder": [ + "bef1ef67-b5fb-4177-9077-17be73a0c360", + "32dece06-5eb5-45bd-9a70-e7d623409d89", + "628defec-6d4e-4df0-be5a-d58b051d5bb1" + ], + "columns": { + "32dece06-5eb5-45bd-9a70-e7d623409d89": { + "dataType": "string", + "isBucketed": true, + "label": "Top 3 values of rule.result", + "operationType": "terms", + "params": { + "orderBy": { + "columnId": "628defec-6d4e-4df0-be5a-d58b051d5bb1", + "type": "column" + }, + "orderDirection": "desc", + "parentFormat": { + "id": "terms" + }, + "size": 3 + }, + "scale": "ordinal", + "sourceField": "rule.result" + }, + "628defec-6d4e-4df0-be5a-d58b051d5bb1": { + "dataType": "number", + "isBucketed": false, + "label": "Count of records", + "operationType": "count", + "scale": "ratio", + "sourceField": "___records___" + }, + "bef1ef67-b5fb-4177-9077-17be73a0c360": { + "dataType": "string", + "isBucketed": true, + "label": "Top 3 values of rule.severity", + "operationType": "terms", + "params": { + "orderBy": { + "columnId": "628defec-6d4e-4df0-be5a-d58b051d5bb1", + "type": "column" + }, + "orderDirection": "desc", + "parentFormat": { + "id": "terms" + }, + "size": 3 + }, + "scale": "ordinal", + "sourceField": "rule.severity" + } + }, + "incompleteColumns": {} + } + } + } + }, + "filters": [], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "axisTitlesVisibilitySettings": { + "x": false, + "yLeft": false, + "yRight": true + }, + "layers": [ + { + "accessors": [ + "edb01db2-fa13-4ba2-9971-d96b5d42e47e" + ], + "layerId": "d985e735-8ce6-4cee-acea-2df5ee48fc05", + "layerType": "data", + "palette": { + "name": "complimentary", + "type": "palette" + }, + "position": "top", + "seriesType": "bar_horizontal_percentage_stacked", + "showGridlines": false, + "splitAccessor": "adde9065-5817-4ddc-b340-d71519a94995", + "xAccessor": "4692dda1-54b4-4b3f-8e76-20708e22e1ab" + }, + { + "accessors": [ + "628defec-6d4e-4df0-be5a-d58b051d5bb1" + ], + "layerId": "dc42e337-08a9-4623-b480-57aaf4e69a0e", + "layerType": "data", + "palette": { + "name": "complimentary", + "type": "palette" + }, + "seriesType": "bar_horizontal_percentage_stacked", + "splitAccessor": "bef1ef67-b5fb-4177-9077-17be73a0c360", + "xAccessor": "32dece06-5eb5-45bd-9a70-e7d623409d89" + } + ], + "legend": { + "isVisible": false, + "legendSize": "auto", + "position": "left", + "showSingleSeries": false + }, + "preferredSeriesType": "bar_horizontal_percentage_stacked", + "title": "Empty XY chart" + } + }, + "title": "CCRI: Rule Results by Severity Percentage - Lens", + "visualizationType": "lnsXY" + }, + "coreMigrationVersion": "8.6.2", + "created_at": "2023-06-28T13:11:33.495Z", + "id": "tychon-1d1b99c0-c3e4-11eb-8956-0b1a70e695fd", + "migrationVersion": { + "lens": "8.6.0" + }, + "references": [ + { + "id": "ed7c1bb4-5aac-45d4-9aff-06f4d4ad4a9a", + "name": "indexpattern-datasource-layer-d985e735-8ce6-4cee-acea-2df5ee48fc05", + "type": "index-pattern" + }, + { + "id": "ed7c1bb4-5aac-45d4-9aff-06f4d4ad4a9a", + "name": "indexpattern-datasource-layer-dc42e337-08a9-4623-b480-57aaf4e69a0e", + "type": "index-pattern" + } + ], + "type": "lens", + "updated_at": "2023-06-28T13:11:33.495Z", + "version": "WzMyOTA4NSwxM10=" +} \ No newline at end of file diff --git a/packages/tychon/kibana/lens/tychon-837878a0-c3cb-11eb-8956-0b1a70e695fd.json b/packages/tychon/kibana/lens/tychon-837878a0-c3cb-11eb-8956-0b1a70e695fd.json new file mode 100644 index 00000000000..7fc49e47d01 --- /dev/null +++ b/packages/tychon/kibana/lens/tychon-837878a0-c3cb-11eb-8956-0b1a70e695fd.json @@ -0,0 +1,138 @@ +{ + "attributes": { + "description": "", + "state": { + "adHocDataViews": {}, + "datasourceStates": { + "formBased": { + "layers": { + "93bb9ce5-6dc1-41ec-bff3-f8c606cab5c9": { + "columnOrder": [ + "ecc959a5-6cb4-43ed-bd8e-c8a11c51d3d2", + "31cd5bd5-bf05-4039-a241-c75a16ad9165", + "87f792ec-41cb-4052-ae3c-8e39032305c0" + ], + "columns": { + "31cd5bd5-bf05-4039-a241-c75a16ad9165": { + "customLabel": true, + "dataType": "number", + "filter": { + "language": "kuery", + "query": "rule.result : \"fail\" " + }, + "isBucketed": false, + "label": "Total Fails", + "operationType": "count", + "params": { + "emptyAsNull": false + }, + "scale": "ratio", + "sourceField": "___records___" + }, + "87f792ec-41cb-4052-ae3c-8e39032305c0": { + "customLabel": true, + "dataType": "number", + "filter": { + "language": "kuery", + "query": "rule.result : \"pass\" " + }, + "isBucketed": false, + "label": "Total Pass", + "operationType": "count", + "params": { + "emptyAsNull": true + }, + "scale": "ratio", + "sourceField": "___records___" + }, + "ecc959a5-6cb4-43ed-bd8e-c8a11c51d3d2": { + "customLabel": true, + "dataType": "string", + "isBucketed": true, + "label": "Severity", + "operationType": "filters", + "params": { + "filters": [ + { + "input": { + "language": "kuery", + "query": "rule.severity :\"high\" " + }, + "label": "CAT I" + }, + { + "input": { + "language": "kuery", + "query": "rule.severity : \"medium\" " + }, + "label": "CAT II" + }, + { + "input": { + "language": "kuery", + "query": "rule.severity : \"low\" " + }, + "label": "CAT III" + } + ] + }, + "scale": "ordinal" + } + }, + "incompleteColumns": {}, + "sampling": 1 + } + } + }, + "textBased": { + "layers": {} + } + }, + "filters": [], + "internalReferences": [], + "query": { + "language": "kuery", + "query": "" + }, + "visualization": { + "columns": [ + { + "columnId": "ecc959a5-6cb4-43ed-bd8e-c8a11c51d3d2", + "isTransposed": false + }, + { + "columnId": "31cd5bd5-bf05-4039-a241-c75a16ad9165", + "isTransposed": false, + "summaryLabel": "Total", + "summaryRow": "sum" + }, + { + "columnId": "87f792ec-41cb-4052-ae3c-8e39032305c0", + "isTransposed": false, + "summaryLabel": "Total", + "summaryRow": "sum" + } + ], + "layerId": "93bb9ce5-6dc1-41ec-bff3-f8c606cab5c9", + "layerType": "data" + } + }, + "title": "CCRI Category Table", + "visualizationType": "lnsDatatable" + }, + "coreMigrationVersion": "8.8.0", + "created_at": "2023-08-31T21:39:00.136Z", + "id": "tychon-837878a0-c3cb-11eb-8956-0b1a70e695fd", + "managed": false, + "references": [ + { + "id": "ed7c1bb4-5aac-45d4-9aff-06f4d4ad4a9a", + "name": "indexpattern-datasource-layer-93bb9ce5-6dc1-41ec-bff3-f8c606cab5c9", + "type": "index-pattern" + } + ], + "type": "lens", + "typeMigrationVersion": "8.6.0", + "updated_at": "2023-08-31T21:39:00.136Z", + "version": "WzYyODksNV0=" +} \ No newline at end of file diff --git a/packages/tychon/kibana/security_rule/10359860-1139-11ee-af86-538da1394f27.json b/packages/tychon/kibana/security_rule/10359860-1139-11ee-af86-538da1394f27.json new file mode 100644 index 00000000000..aecfd32fecc --- /dev/null +++ b/packages/tychon/kibana/security_rule/10359860-1139-11ee-af86-538da1394f27.json @@ -0,0 +1,54 @@ +{ + "id": "10359860-1139-11ee-af86-538da1394f27", + "type": "security-rule", + "attributes": { + "name": "CAT 1 IAVA Vulnerability Detected", + "tags": [ + "TYCHON", + "CVE", + "CCRI" + ], + "interval": "5m", + "enabled": true, + "description": "A category one IAVA has been detected as being vulnerable", + "risk_score": 90, + "severity": "high", + "note": "Investigator should work to patch this system for this IAVA as quickly as possible.", + "license": "", + "output_index": "", + "author": [ + "TYCHON" + ], + "false_positives": [], + "from": "now-360s", + "rule_id": "10359860-1139-11ee-af86-538da1394f27", + "max_signals": 100, + "risk_score_mapping": [], + "severity_mapping": [], + "threat": [ + { + "framework": "MITRE ATT\u0026CK", + "tactic": { + "id": "TA0001", + "reference": "https://attack.mitre.org/tactics/TA0001", + "name": "Initial Access" + }, + "technique": [] + } + ], + "to": "now", + "references": [], + "version": 1, + "exceptions_list": [], + "related_integrations": [], + "required_fields": [], + "setup": "", + "type": "query", + "language": "kuery", + "data_view_id": "5be62502-2bab-4d66-97ff-d9373963c50d", + "query": "vulnerability.iava_severity : \"CAT I\" and vulnerability.result : \"fail\" ", + "filters": [], + "throttle": "no_actions", + "actions": [] + } +} \ No newline at end of file diff --git a/packages/tychon/kibana/security_rule/2140f083-6e39-4df4-ba41-aa1f41cb81b8.json b/packages/tychon/kibana/security_rule/2140f083-6e39-4df4-ba41-aa1f41cb81b8.json new file mode 100644 index 00000000000..cfd43cee0d1 --- /dev/null +++ b/packages/tychon/kibana/security_rule/2140f083-6e39-4df4-ba41-aa1f41cb81b8.json @@ -0,0 +1,60 @@ +{ + "id": "2140f083-6e39-4df4-ba41-aa1f41cb81b8", + "type": "security-rule", + "attributes": { + "name": "High number of SCAP Failures", + "tags": [ + "TYCHON", + "CCRI" + ], + "interval": "1h", + "enabled": true, + "description": "TYCHON has reported a high number of SCAP failures for an endpoint. This can indicate a very weak security posture for an endpoint.", + "risk_score": 47, + "severity": "medium", + "note": "The system may need to be isolated. Investigate the SCAP results for this system and perform fixes for all High and Medium checks. ", + "license": "", + "output_index": "", + "author": [ + "TYCHON" + ], + "false_positives": [], + "from": "now-3660s", + "rule_id": "2140f083-6e39-4df4-ba41-aa1f41cb81b8", + "max_signals": 100, + "risk_score_mapping": [], + "severity_mapping": [], + "threat": [ + { + "framework": "MITRE ATT\u0026CK", + "tactic": { + "id": "TA0007", + "reference": "https://attack.mitre.org/tactics/TA0007", + "name": "Discovery" + }, + "technique": [] + } + ], + "to": "now", + "references": [], + "version": 1, + "exceptions_list": [], + "related_integrations": [], + "required_fields": [], + "setup": "", + "type": "threshold", + "language": "kuery", + "data_view_id": "7d972a32-d117-4963-a7bf-58fc65fb1ee8", + "query": "rule.result : \"fail\" and not rule.severity : \"low\" ", + "filters": [], + "threshold": { + "field": [ + "tychon.id" + ], + "value": 20, + "cardinality": [] + }, + "throttle": "no_actions", + "actions": [] + } +} \ No newline at end of file diff --git a/packages/tychon/kibana/security_rule/2e5a7e20-1137-11ee-af86-538da1394f27.json b/packages/tychon/kibana/security_rule/2e5a7e20-1137-11ee-af86-538da1394f27.json new file mode 100644 index 00000000000..f2367efc402 --- /dev/null +++ b/packages/tychon/kibana/security_rule/2e5a7e20-1137-11ee-af86-538da1394f27.json @@ -0,0 +1,61 @@ +{ + "id": "2e5a7e20-1137-11ee-af86-538da1394f27", + "type": "security-rule", + "attributes": { + "name": "Windows Defender Feature Reported as Disabled", + "tags": [ + "TYCHON", + "EPP", + "CCRI" + ], + "interval": "5m", + "enabled": true, + "description": "A Feature in Windows Defender has been set to disabled in the latest report from the TYCHON Agentless Module", + "risk_score": 60, + "severity": "medium", + "note": "Analysts should look into the history of this endpoint to figure out when the feature was disabled and work to re-enable the feature.", + "license": "", + "output_index": "", + "author": [ + "TYCHON" + ], + "false_positives": [], + "from": "now-360s", + "rule_id": "2e5a7e20-1137-11ee-af86-538da1394f27", + "max_signals": 100, + "risk_score_mapping": [], + "severity_mapping": [], + "threat": [ + { + "framework": "MITRE ATT\u0026CK", + "tactic": { + "id": "TA0005", + "reference": "https://attack.mitre.org/tactics/TA0005", + "name": "Defense Evasion" + }, + "technique": [ + { + "id": "T1089", + "reference": "https://attack.mitre.org/techniques/T1089", + "name": "Disabling Security Tools", + "subtechnique": [] + } + ] + } + ], + "to": "now", + "references": [], + "version": 1, + "exceptions_list": [], + "related_integrations": [], + "required_fields": [], + "setup": "", + "type": "query", + "language": "kuery", + "data_view_id": "6ce8198c-8c52-4f20-8e68-b566ebf84b18", + "query": "windows_defender.service.antimalware.status : \"Disabled\" or windows_defender.service.antispyware.status :\"Disabled\" or windows_defender.service.antivirus.status : \"Disabled\" or windows_defender.service.behavior_monitor.status : \"Disabled\" or windows_defender.service.ioav_protection.status : \"Disabled\" or windows_defender.service.nis.status : \"Disabled\" or windows_defender.service.on_access_protection.status : \"Disabled\" or windows_defender.service.real_time_protection.status : \"Disabled\" ", + "filters": [], + "throttle": "no_actions", + "actions": [] + } +} \ No newline at end of file diff --git a/packages/tychon/kibana/security_rule/2e9c9ac0-1138-11ee-af86-538da1394f27.json b/packages/tychon/kibana/security_rule/2e9c9ac0-1138-11ee-af86-538da1394f27.json new file mode 100644 index 00000000000..33a866d7a7c --- /dev/null +++ b/packages/tychon/kibana/security_rule/2e9c9ac0-1138-11ee-af86-538da1394f27.json @@ -0,0 +1,54 @@ +{ + "id": "2e9c9ac0-1138-11ee-af86-538da1394f27", + "type": "security-rule", + "attributes": { + "name": "Critical Vulnerability Failed", + "tags": [ + "TYCHON", + "CCRI", + "CVE" + ], + "interval": "5m", + "enabled": true, + "description": "A vulnerability that has been categorized as Critical by NVD has been reported as failed.", + "risk_score": 90, + "severity": "high", + "note": "Investigators should get systems with critical vulnerabilities patched and ensure mitigations are in place while the system is vulenrable.", + "license": "", + "output_index": "", + "author": [ + "TYCHON" + ], + "false_positives": [], + "from": "now-360s", + "rule_id": "2e9c9ac0-1138-11ee-af86-538da1394f27", + "max_signals": 100, + "risk_score_mapping": [], + "severity_mapping": [], + "threat": [ + { + "framework": "MITRE ATT\u0026CK", + "tactic": { + "id": "TA0001", + "reference": "https://attack.mitre.org/tactics/TA0001", + "name": "Initial Access" + }, + "technique": [] + } + ], + "to": "now", + "references": [], + "version": 1, + "exceptions_list": [], + "related_integrations": [], + "required_fields": [], + "setup": "", + "type": "query", + "language": "kuery", + "data_view_id": "5be62502-2bab-4d66-97ff-d9373963c50d", + "query": "vulnerability.severity :\"CRITICAL\" and vulnerability.result : \"fail\" ", + "filters": [], + "throttle": "no_actions", + "actions": [] + } +} \ No newline at end of file diff --git a/packages/tychon/kibana/security_rule/55faa99b-ce17-4a41-9f63-4a7439e3543a.json b/packages/tychon/kibana/security_rule/55faa99b-ce17-4a41-9f63-4a7439e3543a.json new file mode 100644 index 00000000000..b019ca5a060 --- /dev/null +++ b/packages/tychon/kibana/security_rule/55faa99b-ce17-4a41-9f63-4a7439e3543a.json @@ -0,0 +1,57 @@ +{ + "id": "55faa99b-ce17-4a41-9f63-4a7439e3543a", + "type": "security-rule", + "attributes": { + "name": "New Device Discovered", + "tags": [ + "TYCHON", + "ARP" + ], + "interval": "8h", + "enabled": false, + "description": "TYCHON pulls the ARP tables from endpoints, when new devices are found they should be investigated and validated.", + "risk_score": 21, + "severity": "low", + "note": "New devices come online and offline constantly, the MAC address should be investigated and resolved.", + "license": "", + "output_index": "", + "author": [ + "TYCHON" + ], + "false_positives": [], + "from": "now-32400s", + "rule_id": "55faa99b-ce17-4a41-9f63-4a7439e3543a", + "max_signals": 100, + "risk_score_mapping": [], + "severity_mapping": [], + "threat": [ + { + "framework": "MITRE ATT\u0026CK", + "tactic": { + "id": "TA0007", + "reference": "https://attack.mitre.org/tactics/TA0007", + "name": "Discovery" + }, + "technique": [] + } + ], + "to": "now", + "references": [], + "version": 1, + "exceptions_list": [], + "related_integrations": [], + "required_fields": [], + "setup": "", + "type": "new_terms", + "query": "not destination.mac : \"ff-ff-ff-ff-ff-ff\" ", + "new_terms_fields": [ + "destination.mac" + ], + "history_window_start": "now-7d", + "filters": [], + "language": "kuery", + "data_view_id": "4b420fb2-cf3e-40a2-a8fe-92db1bd570b2", + "throttle": "no_actions", + "actions": [] + } +} \ No newline at end of file diff --git a/packages/tychon/kibana/security_rule/5be38411-3902-4686-8209-1ab75a6d3847.json b/packages/tychon/kibana/security_rule/5be38411-3902-4686-8209-1ab75a6d3847.json new file mode 100644 index 00000000000..56b2a029381 --- /dev/null +++ b/packages/tychon/kibana/security_rule/5be38411-3902-4686-8209-1ab75a6d3847.json @@ -0,0 +1,60 @@ +{ + "id": "5be38411-3902-4686-8209-1ab75a6d3847", + "type": "security-rule", + "attributes": { + "name": "Large number of failed Vulnerabilities ", + "tags": [ + "CVE", + "TYCHON" + ], + "interval": "1h", + "enabled": true, + "description": "This endpoint has been determined to have a high number of total vulnerabilities failed, this can indicate an extremely exposed endpoint.", + "risk_score": 73, + "severity": "high", + "note": "Due to the high number of failed CVE checks, it is recommended that the security administrator quarantine this system immediately and bring the machine up to date with all patches. ", + "license": "", + "output_index": "", + "author": [ + "TYCHON" + ], + "false_positives": [], + "from": "now-3900s", + "rule_id": "5be38411-3902-4686-8209-1ab75a6d3847", + "max_signals": 100, + "risk_score_mapping": [], + "severity_mapping": [], + "threat": [ + { + "framework": "MITRE ATT\u0026CK", + "tactic": { + "id": "TA0001", + "reference": "https://attack.mitre.org/tactics/TA0001", + "name": "Initial Access" + }, + "technique": [] + } + ], + "to": "now", + "references": [], + "version": 1, + "exceptions_list": [], + "related_integrations": [], + "required_fields": [], + "setup": "", + "type": "threshold", + "language": "kuery", + "data_view_id": "5be62502-2bab-4d66-97ff-d9373963c50d", + "query": "vulnerability.result : \"fail\" ", + "filters": [], + "threshold": { + "field": [ + "tychon.id" + ], + "value": 30, + "cardinality": [] + }, + "throttle": "no_actions", + "actions": [] + } +} \ No newline at end of file diff --git a/packages/tychon/kibana/security_rule/6040cb5c-5e01-4f4d-af7f-9ca9c11dbdc7.json b/packages/tychon/kibana/security_rule/6040cb5c-5e01-4f4d-af7f-9ca9c11dbdc7.json new file mode 100644 index 00000000000..79d17783d16 --- /dev/null +++ b/packages/tychon/kibana/security_rule/6040cb5c-5e01-4f4d-af7f-9ca9c11dbdc7.json @@ -0,0 +1,45 @@ +{ + "id": "6040cb5c-5e01-4f4d-af7f-9ca9c11dbdc7", + "type": "security-rule", + "attributes": { + "name": "TYCHON Benchmark SCAP Definition File Out of Date", + "tags": [ + "TYCHON", + "SCAP" + ], + "interval": "24h", + "enabled": true, + "description": "TYCHON updates its SCAP definitions daily and should be no more than 120 days old to ensure you are working from the most up-to-date requirements and settings. ", + "risk_score": 47, + "severity": "medium", + "note": "TYCHON Definitions are updated daily, check the local host logs and see if there are issues with TYCHON definitions updating. You can obtain the latest version from the TYCHON support site.\n\nhttps://support.tychon.io", + "license": "", + "output_index": "", + "author": [ + "TYCHON" + ], + "false_positives": [], + "from": "now-86460s", + "rule_id": "6040cb5c-5e01-4f4d-af7f-9ca9c11dbdc7", + "max_signals": 100, + "risk_score_mapping": [], + "severity_mapping": [], + "threat": [], + "to": "now", + "references": [ + "https://support.tychon.io" + ], + "version": 1, + "exceptions_list": [], + "related_integrations": [], + "required_fields": [], + "setup": "", + "type": "query", + "language": "kuery", + "data_view_id": "a61d021d-d78f-485d-93b2-8075149794af", + "query": "tychon.definition.stig \u003c \"now-120d\"", + "filters": [], + "throttle": "no_actions", + "actions": [] + } +} \ No newline at end of file diff --git a/packages/tychon/kibana/security_rule/6839b82b-22bf-418f-a86b-7e7a4cd074d7.json b/packages/tychon/kibana/security_rule/6839b82b-22bf-418f-a86b-7e7a4cd074d7.json new file mode 100644 index 00000000000..bf685e52528 --- /dev/null +++ b/packages/tychon/kibana/security_rule/6839b82b-22bf-418f-a86b-7e7a4cd074d7.json @@ -0,0 +1,53 @@ +{ + "id": "6839b82b-22bf-418f-a86b-7e7a4cd074d7", + "type": "security-rule", + "attributes": { + "name": "Endpoint Security Definitions are Out of Date", + "tags": [ + "EPP", + "TYCHON" + ], + "interval": "5m", + "enabled": true, + "description": "TYCHON has reported that the registered endpoint protection platform is out of date and needs to be updated.", + "risk_score": 73, + "severity": "high", + "note": "Depending on the Endpoint Protection Vendor, you will need to push new updated to this endpoint. See the vendor's user guides to determine how to install the most recent AV updates.", + "license": "", + "output_index": "", + "author": [ + "TYCHON" + ], + "false_positives": [], + "from": "now-360s", + "rule_id": "6839b82b-22bf-418f-a86b-7e7a4cd074d7", + "max_signals": 100, + "risk_score_mapping": [], + "severity_mapping": [], + "threat": [ + { + "framework": "MITRE ATT\u0026CK", + "tactic": { + "id": "TA0005", + "reference": "https://attack.mitre.org/tactics/TA0005", + "name": "Defense Evasion" + }, + "technique": [] + } + ], + "to": "now", + "references": [], + "version": 1, + "exceptions_list": [], + "related_integrations": [], + "required_fields": [], + "setup": "", + "type": "query", + "language": "kuery", + "data_view_id": "a61d021d-d78f-485d-93b2-8075149794af", + "query": "host.security.antivirus.status : *OutOfDate*", + "filters": [], + "throttle": "no_actions", + "actions": [] + } +} \ No newline at end of file diff --git a/packages/tychon/kibana/security_rule/6d34f6dc-4a36-46cd-a4bb-ea2f1a01ab8a.json b/packages/tychon/kibana/security_rule/6d34f6dc-4a36-46cd-a4bb-ea2f1a01ab8a.json new file mode 100644 index 00000000000..d96a3466872 --- /dev/null +++ b/packages/tychon/kibana/security_rule/6d34f6dc-4a36-46cd-a4bb-ea2f1a01ab8a.json @@ -0,0 +1,55 @@ +{ + "id": "6d34f6dc-4a36-46cd-a4bb-ea2f1a01ab8a", + "type": "security-rule", + "attributes": { + "name": "TPM Compliance Failed", + "tags": [ + "TYCHON", + "STIG" + ], + "interval": "5m", + "enabled": true, + "description": "This host has been determined by TYCHON to be non-compliant with the Trusted Platform Module (TPM), this is due to it being not present or at the wrong version.", + "risk_score": 47, + "severity": "medium", + "note": "Enable TPM 2.0 on this machine, if it is unable to be enabled because the host does not support it, determine the risk and take appropriate measures.", + "license": "", + "output_index": "", + "author": [ + "TYCHON" + ], + "false_positives": [], + "from": "now-360s", + "rule_id": "6d34f6dc-4a36-46cd-a4bb-ea2f1a01ab8a", + "max_signals": 100, + "risk_score_mapping": [], + "severity_mapping": [], + "threat": [ + { + "framework": "MITRE ATT\u0026CK", + "tactic": { + "id": "TA0006", + "reference": "https://attack.mitre.org/tactics/TA0006", + "name": "Credential Access" + }, + "technique": [] + } + ], + "to": "now", + "references": [ + "https://support.microsoft.com/en-us/windows/enable-tpm-2-0-on-your-pc-1fd5a332-360d-4f46-a1e7-ae6b0c90645c" + ], + "version": 1, + "exceptions_list": [], + "related_integrations": [], + "required_fields": [], + "setup": "", + "type": "query", + "language": "kuery", + "data_view_id": "a61d021d-d78f-485d-93b2-8075149794af", + "query": "host.tpm.compliant : false ", + "filters": [], + "throttle": "no_actions", + "actions": [] + } +} \ No newline at end of file diff --git a/packages/tychon/kibana/security_rule/867e3450-1139-11ee-af86-538da1394f27.json b/packages/tychon/kibana/security_rule/867e3450-1139-11ee-af86-538da1394f27.json new file mode 100644 index 00000000000..3e015aa8fe1 --- /dev/null +++ b/packages/tychon/kibana/security_rule/867e3450-1139-11ee-af86-538da1394f27.json @@ -0,0 +1,53 @@ +{ + "id": "867e3450-1139-11ee-af86-538da1394f27", + "type": "security-rule", + "attributes": { + "name": "High STIG/SCAP Check Failed", + "tags": [ + "TYCHON", + "CCRI", + "SCAP" + ], + "interval": "5m", + "enabled": true, + "description": "A High Severity STIG/SCAP Check failed on an endpoint.", + "risk_score": 60, + "severity": "medium", + "license": "", + "output_index": "", + "author": [ + "TYCHON" + ], + "false_positives": [], + "from": "now-360s", + "rule_id": "867e3450-1139-11ee-af86-538da1394f27", + "max_signals": 100, + "risk_score_mapping": [], + "severity_mapping": [], + "threat": [ + { + "framework": "MITRE ATT\u0026CK", + "tactic": { + "id": "TA0001", + "reference": "https://attack.mitre.org/tactics/TA0001", + "name": "Initial Access" + }, + "technique": [] + } + ], + "to": "now", + "references": [], + "version": 1, + "exceptions_list": [], + "related_integrations": [], + "required_fields": [], + "setup": "", + "type": "query", + "language": "kuery", + "data_view_id": "7d972a32-d117-4963-a7bf-58fc65fb1ee8", + "query": "rule.result : \"fail\" and rule.severity : \"high\" ", + "filters": [], + "throttle": "no_actions", + "actions": [] + } +} \ No newline at end of file diff --git a/packages/tychon/kibana/security_rule/934a39a0-1138-11ee-af86-538da1394f27.json b/packages/tychon/kibana/security_rule/934a39a0-1138-11ee-af86-538da1394f27.json new file mode 100644 index 00000000000..af84db91b34 --- /dev/null +++ b/packages/tychon/kibana/security_rule/934a39a0-1138-11ee-af86-538da1394f27.json @@ -0,0 +1,54 @@ +{ + "id": "934a39a0-1138-11ee-af86-538da1394f27", + "type": "security-rule", + "attributes": { + "name": "High Vulnerability Failed", + "tags": [ + "TYCHON", + "CVE", + "CCRI" + ], + "interval": "5m", + "enabled": true, + "description": "A host with a high-severity CVE was flagged as being vulnerable.", + "risk_score": 60, + "severity": "medium", + "note": "Investigator should work to resolve this patch and keep a close monitor on this endpoint.", + "license": "", + "output_index": "", + "author": [ + "TYCHON" + ], + "false_positives": [], + "from": "now-360s", + "rule_id": "934a39a0-1138-11ee-af86-538da1394f27", + "max_signals": 100, + "risk_score_mapping": [], + "severity_mapping": [], + "threat": [ + { + "framework": "MITRE ATT\u0026CK", + "tactic": { + "id": "TA0001", + "reference": "https://attack.mitre.org/tactics/TA0001", + "name": "Initial Access" + }, + "technique": [] + } + ], + "to": "now", + "references": [], + "version": 1, + "exceptions_list": [], + "related_integrations": [], + "required_fields": [], + "setup": "", + "type": "query", + "language": "kuery", + "data_view_id": "5be62502-2bab-4d66-97ff-d9373963c50d", + "query": "vulnerability.severity :\"HIGH\" and vulnerability.result : \"fail\" ", + "filters": [], + "throttle": "no_actions", + "actions": [] + } +} \ No newline at end of file diff --git a/packages/tychon/kibana/security_rule/bdf083c5-63cb-41ae-bb7a-563cc4e8719f.json b/packages/tychon/kibana/security_rule/bdf083c5-63cb-41ae-bb7a-563cc4e8719f.json new file mode 100644 index 00000000000..f16dc5c4279 --- /dev/null +++ b/packages/tychon/kibana/security_rule/bdf083c5-63cb-41ae-bb7a-563cc4e8719f.json @@ -0,0 +1,54 @@ +{ + "id": "bdf083c5-63cb-41ae-bb7a-563cc4e8719f", + "type": "security-rule", + "attributes": { + "name": "Weak WIFI Authentication in use", + "tags": [ + "TYCHON", + "WIFI" + ], + "interval": "5m", + "enabled": true, + "description": "An endpoint has reported it is connected to a WIFI SSID using a weak Authentication method.", + "risk_score": 21, + "severity": "low", + "license": "", + "output_index": "", + "author": [ + "TYCHON" + ], + "false_positives": [], + "from": "now-360s", + "rule_id": "bdf083c5-63cb-41ae-bb7a-563cc4e8719f", + "max_signals": 100, + "risk_score_mapping": [], + "severity_mapping": [], + "threat": [ + { + "framework": "MITRE ATT\u0026CK", + "tactic": { + "id": "TA0005", + "reference": "https://attack.mitre.org/tactics/TA0005", + "name": "Defense Evasion" + }, + "technique": [] + } + ], + "to": "now", + "references": [ + "https://www.techtarget.com/searchnetworking/feature/Wireless-encryption-basics-Understanding-WEP-WPA-and-WPA2" + ], + "version": 1, + "exceptions_list": [], + "related_integrations": [], + "required_fields": [], + "setup": "", + "type": "query", + "language": "kuery", + "data_view_id": "39822d3a-870f-4a82-8928-e9264b4d1a31", + "query": "host.adapter.wifi.authentication : \"WEP\" or host.adapter.wifi.authentication : \"WPA\" or host.adapter.wifi.authentication : \"WPA-Personal\" or host.adapter.wifi.authentication : \"WPA-Enterprise\"", + "filters": [], + "throttle": "no_actions", + "actions": [] + } +} \ No newline at end of file diff --git a/packages/tychon/kibana/security_rule/beeea32f-31ba-4be8-9e2c-14de47280aac.json b/packages/tychon/kibana/security_rule/beeea32f-31ba-4be8-9e2c-14de47280aac.json new file mode 100644 index 00000000000..d8b3fd0205f --- /dev/null +++ b/packages/tychon/kibana/security_rule/beeea32f-31ba-4be8-9e2c-14de47280aac.json @@ -0,0 +1,56 @@ +{ + "id": "beeea32f-31ba-4be8-9e2c-14de47280aac", + "type": "security-rule", + "attributes": { + "name": "Past Due Vulnerability Failed", + "tags": [ + "TYCHON", + "CVE", + "CCRI" + ], + "interval": "5m", + "enabled": true, + "description": "TYCHON tracks when vulnerabilities are past expiration to ensure systems are patched before exploits are released or to reduce the attack surface of the endpoint. Due dates are generated from 3 rules:\n1. CISA - Exact CISA Due Date\n2. IAVA - 18 Days from when TYCHON records an IAVA is released\n3. NVD - If a Vulnerability is marked as critical, the due date is generated as 30 days after its release.", + "risk_score": 99, + "severity": "critical", + "note": "Analysts should quarantine hosts that have out-of-date vulnerabilities, these are normally weaknesses that have active exploits in the wild. ", + "license": "", + "output_index": "", + "author": [ + "TYCHON" + ], + "false_positives": [], + "from": "now-360s", + "rule_id": "beeea32f-31ba-4be8-9e2c-14de47280aac", + "max_signals": 100, + "risk_score_mapping": [], + "severity_mapping": [], + "threat": [ + { + "framework": "MITRE ATT\u0026CK", + "tactic": { + "id": "TA0001", + "reference": "https://attack.mitre.org/tactics/TA0001", + "name": "Initial Access" + }, + "technique": [] + } + ], + "to": "now", + "references": [ + "https://www.cisa.gov/known-exploited-vulnerabilities-catalog" + ], + "version": 1, + "exceptions_list": [], + "related_integrations": [], + "required_fields": [], + "setup": "", + "type": "query", + "language": "kuery", + "data_view_id": "5be62502-2bab-4d66-97ff-d9373963c50d", + "query": "vulnerability.result : \"fail\" and vulnerability.due_date \u003c now", + "filters": [], + "throttle": "no_actions", + "actions": [] + } +} \ No newline at end of file diff --git a/packages/tychon/kibana/security_rule/c40eaba1-7507-4fe7-aae5-78e59cd7b8f2.json b/packages/tychon/kibana/security_rule/c40eaba1-7507-4fe7-aae5-78e59cd7b8f2.json new file mode 100644 index 00000000000..d2f91e13c06 --- /dev/null +++ b/packages/tychon/kibana/security_rule/c40eaba1-7507-4fe7-aae5-78e59cd7b8f2.json @@ -0,0 +1,45 @@ +{ + "id": "c40eaba1-7507-4fe7-aae5-78e59cd7b8f2", + "type": "security-rule", + "attributes": { + "name": "TYCHON Vulnerability Definitions Out of Date", + "tags": [ + "TYCHON", + "CVE" + ], + "interval": "5m", + "enabled": true, + "description": "TYCHON updates its definitions daily for vulnerability checks, if systems are too far out of date you are not getting the results for the most recent vulnerabilities further affecting your attack surface.", + "risk_score": 73, + "severity": "high", + "note": "Review the endpoint event logs and determine why TYCHON definitions are not being updated and pushed. Ensure you have downloaded the latest definition installers from the TYCHON support site.\n\nhttps://support.tychon.io", + "license": "", + "output_index": "", + "author": [ + "TYCHON" + ], + "false_positives": [], + "from": "now-360s", + "rule_id": "c40eaba1-7507-4fe7-aae5-78e59cd7b8f2", + "max_signals": 100, + "risk_score_mapping": [], + "severity_mapping": [], + "threat": [], + "to": "now", + "references": [ + "https://support.tychon.io" + ], + "version": 1, + "exceptions_list": [], + "related_integrations": [], + "required_fields": [], + "setup": "", + "type": "query", + "language": "kuery", + "data_view_id": "a61d021d-d78f-485d-93b2-8075149794af", + "query": "tychon.definition.oval \u003c \"now-30d\"", + "filters": [], + "throttle": "no_actions", + "actions": [] + } +} \ No newline at end of file diff --git a/packages/tychon/kibana/security_rule/ccffb8f0-601f-46f6-8ae9-ab8af5e6bbf4.json b/packages/tychon/kibana/security_rule/ccffb8f0-601f-46f6-8ae9-ab8af5e6bbf4.json new file mode 100644 index 00000000000..58ca78d4f1e --- /dev/null +++ b/packages/tychon/kibana/security_rule/ccffb8f0-601f-46f6-8ae9-ab8af5e6bbf4.json @@ -0,0 +1,65 @@ +{ + "id": "ccffb8f0-601f-46f6-8ae9-ab8af5e6bbf4", + "type": "security-rule", + "attributes": { + "name": "New Command Generated a Listening port", + "tags": [ + "TYCHON", + "Exposed Services" + ], + "interval": "1h", + "enabled": false, + "description": "TYCHON is monitoring endpoints for ports that have been opened at the endpoint, if a new command line was used to start a process that hasn't been seen before this can be cause for concern.", + "risk_score": 47, + "severity": "medium", + "note": "Investigate the endpoint process that was used to open this port", + "license": "", + "output_index": "", + "author": [ + "TYCHON" + ], + "false_positives": [], + "from": "now-3660s", + "rule_id": "ccffb8f0-601f-46f6-8ae9-ab8af5e6bbf4", + "max_signals": 100, + "risk_score_mapping": [], + "severity_mapping": [], + "threat": [ + { + "framework": "MITRE ATT\u0026CK", + "tactic": { + "id": "TA0011", + "reference": "https://attack.mitre.org/tactics/TA0011", + "name": "Command and Control" + }, + "technique": [ + { + "id": "T1065", + "reference": "https://attack.mitre.org/techniques/T1065", + "name": "Uncommonly Used Port", + "subtechnique": [] + } + ] + } + ], + "to": "now", + "references": [], + "version": 1, + "exceptions_list": [], + "related_integrations": [], + "required_fields": [], + "setup": "", + "type": "new_terms", + "query": "process.command_line : *", + "new_terms_fields": [ + "source.port", + "process.command_line" + ], + "history_window_start": "now-7d", + "filters": [], + "language": "kuery", + "data_view_id": "b006641c-69de-48bd-9a5a-1125f0da1c0b", + "throttle": "no_actions", + "actions": [] + } +} \ No newline at end of file diff --git a/packages/tychon/kibana/security_rule/d0d735ed-08fe-4393-9aa6-120236995152.json b/packages/tychon/kibana/security_rule/d0d735ed-08fe-4393-9aa6-120236995152.json new file mode 100644 index 00000000000..bc6dca8c638 --- /dev/null +++ b/packages/tychon/kibana/security_rule/d0d735ed-08fe-4393-9aa6-120236995152.json @@ -0,0 +1,53 @@ +{ + "id": "d0d735ed-08fe-4393-9aa6-120236995152", + "type": "security-rule", + "attributes": { + "name": "System Volume Mounted to Drive", + "tags": [ + "TYCHON", + "Volume" + ], + "interval": "5m", + "enabled": true, + "description": "TYCHON has reported that the system volume has been mounted to a drive letter.", + "risk_score": 47, + "severity": "medium", + "note": "Investigate and determine how the drive was mounted and remove the mount if it was done maliciously.", + "license": "", + "output_index": "", + "author": [ + "TYCHON" + ], + "false_positives": [], + "from": "now-360s", + "rule_id": "d0d735ed-08fe-4393-9aa6-120236995152", + "max_signals": 100, + "risk_score_mapping": [], + "severity_mapping": [], + "threat": [ + { + "framework": "MITRE ATT\u0026CK", + "tactic": { + "id": "TA0004", + "reference": "https://attack.mitre.org/tactics/TA0004", + "name": "Privilege Escalation" + }, + "technique": [] + } + ], + "to": "now", + "references": [], + "version": 1, + "exceptions_list": [], + "related_integrations": [], + "required_fields": [], + "setup": "", + "type": "query", + "language": "kuery", + "data_view_id": "02acfb43-5302-4331-bb10-4174171f6091", + "query": "volume.system_volume : true and not volume.drive.letter : \"\"", + "filters": [], + "throttle": "no_actions", + "actions": [] + } +} \ No newline at end of file diff --git a/packages/tychon/kibana/tag/tychon-026431f0-3de5-11ee-9610-15dee918f31a.json b/packages/tychon/kibana/tag/tychon-026431f0-3de5-11ee-9610-15dee918f31a.json new file mode 100644 index 00000000000..70c29e83076 --- /dev/null +++ b/packages/tychon/kibana/tag/tychon-026431f0-3de5-11ee-9610-15dee918f31a.json @@ -0,0 +1,17 @@ +{ + "attributes": { + "color": "#13814a", + "description": "TYCHON reported TCP and UDP ports that are or were open and listening on endpoints.", + "name": "Open Ports" + }, + "coreMigrationVersion": "8.6.2", + "created_at": "2023-08-18T16:33:49.204Z", + "id": "tychon-026431f0-3de5-11ee-9610-15dee918f31a", + "migrationVersion": { + "tag": "8.0.0" + }, + "references": [], + "type": "tag", + "updated_at": "2023-08-18T16:33:49.204Z", + "version": "WzY4MDI0OCwxNl0=" +} \ No newline at end of file diff --git a/packages/tychon/kibana/tag/tychon-11990b80-41b6-11ee-83e4-c92ed141b9e5.json b/packages/tychon/kibana/tag/tychon-11990b80-41b6-11ee-83e4-c92ed141b9e5.json new file mode 100644 index 00000000000..7a9cf643a5e --- /dev/null +++ b/packages/tychon/kibana/tag/tychon-11990b80-41b6-11ee-83e4-c92ed141b9e5.json @@ -0,0 +1,17 @@ +{ + "attributes": { + "color": "#9b2767", + "description": "TYCHON capture of Network adapters attached to endpoints.", + "name": "Network Adapter" + }, + "coreMigrationVersion": "8.6.2", + "created_at": "2023-08-23T13:07:53.023Z", + "id": "tychon-11990b80-41b6-11ee-83e4-c92ed141b9e5", + "migrationVersion": { + "tag": "8.0.0" + }, + "references": [], + "type": "tag", + "updated_at": "2023-08-23T13:07:53.023Z", + "version": "WzgwNjc5OSwyMl0=" +} \ No newline at end of file diff --git a/packages/tychon/kibana/tag/tychon-27edf330-3dfd-11ee-9610-15dee918f31a.json b/packages/tychon/kibana/tag/tychon-27edf330-3dfd-11ee-9610-15dee918f31a.json new file mode 100644 index 00000000000..97f75700480 --- /dev/null +++ b/packages/tychon/kibana/tag/tychon-27edf330-3dfd-11ee-9610-15dee918f31a.json @@ -0,0 +1,17 @@ +{ + "attributes": { + "color": "#c30936", + "description": "TYCHON installed software and apps found on an endpoint.", + "name": "Applications" + }, + "coreMigrationVersion": "8.6.2", + "created_at": "2023-08-18T19:26:40.105Z", + "id": "tychon-27edf330-3dfd-11ee-9610-15dee918f31a", + "migrationVersion": { + "tag": "8.0.0" + }, + "references": [], + "type": "tag", + "updated_at": "2023-08-18T19:26:40.105Z", + "version": "WzY4MzIzMiwxNl0=" +} \ No newline at end of file diff --git a/packages/tychon/kibana/tag/tychon-39b55820-10f2-11ee-af86-538da1394f27.json b/packages/tychon/kibana/tag/tychon-39b55820-10f2-11ee-af86-538da1394f27.json new file mode 100644 index 00000000000..5e7abb98d8a --- /dev/null +++ b/packages/tychon/kibana/tag/tychon-39b55820-10f2-11ee-af86-538da1394f27.json @@ -0,0 +1,17 @@ +{ + "attributes": { + "color": "#2075cf", + "description": "A Command Cyber Readiness Inspection Report", + "name": "CCRI" + }, + "coreMigrationVersion": "8.6.2", + "created_at": "2023-06-22T11:45:03.146Z", + "id": "tychon-39b55820-10f2-11ee-af86-538da1394f27", + "migrationVersion": { + "tag": "8.0.0" + }, + "references": [], + "type": "tag", + "updated_at": "2023-06-22T11:45:03.146Z", + "version": "WzI3Njg3MSwxM10=" +} \ No newline at end of file diff --git a/packages/tychon/kibana/tag/tychon-5a3ae0c0-3dbf-11ee-9610-15dee918f31a.json b/packages/tychon/kibana/tag/tychon-5a3ae0c0-3dbf-11ee-9610-15dee918f31a.json new file mode 100644 index 00000000000..4686ef9991e --- /dev/null +++ b/packages/tychon/kibana/tag/tychon-5a3ae0c0-3dbf-11ee-9610-15dee918f31a.json @@ -0,0 +1,17 @@ +{ + "attributes": { + "color": "#75899c", + "description": "This tag indicates a \"Starting Point\" for dashboards that utulize drill downs.", + "name": "TYCHON Primary View" + }, + "coreMigrationVersion": "8.6.2", + "created_at": "2023-08-18T12:04:15.710Z", + "id": "tychon-5a3ae0c0-3dbf-11ee-9610-15dee918f31a", + "migrationVersion": { + "tag": "8.0.0" + }, + "references": [], + "type": "tag", + "updated_at": "2023-08-18T12:04:15.710Z", + "version": "WzY3MzY3MCwxNl0=" +} \ No newline at end of file diff --git a/packages/tychon/kibana/tag/tychon-7b7ab4c0-3e02-11ee-9610-15dee918f31a.json b/packages/tychon/kibana/tag/tychon-7b7ab4c0-3e02-11ee-9610-15dee918f31a.json new file mode 100644 index 00000000000..ea07996e48a --- /dev/null +++ b/packages/tychon/kibana/tag/tychon-7b7ab4c0-3e02-11ee-9610-15dee918f31a.json @@ -0,0 +1,17 @@ +{ + "attributes": { + "color": "#154a15", + "description": "The hardware detected by TYCHON as attached to an endpoint", + "name": "Hardware" + }, + "coreMigrationVersion": "8.6.2", + "created_at": "2023-08-18T20:04:47.768Z", + "id": "tychon-7b7ab4c0-3e02-11ee-9610-15dee918f31a", + "migrationVersion": { + "tag": "8.0.0" + }, + "references": [], + "type": "tag", + "updated_at": "2023-08-18T20:04:47.768Z", + "version": "WzY4NDA2NCwxNl0=" +} \ No newline at end of file diff --git a/packages/tychon/kibana/tag/tychon-7f851220-3d41-11ee-9610-15dee918f31a.json b/packages/tychon/kibana/tag/tychon-7f851220-3d41-11ee-9610-15dee918f31a.json new file mode 100644 index 00000000000..4bb083d8b89 --- /dev/null +++ b/packages/tychon/kibana/tag/tychon-7f851220-3d41-11ee-9610-15dee918f31a.json @@ -0,0 +1,17 @@ +{ + "attributes": { + "color": "#85ed08", + "description": "Hard Drives on Computers", + "name": "Drives" + }, + "coreMigrationVersion": "8.6.2", + "created_at": "2023-08-17T21:03:21.673Z", + "id": "tychon-7f851220-3d41-11ee-9610-15dee918f31a", + "migrationVersion": { + "tag": "8.0.0" + }, + "references": [], + "type": "tag", + "updated_at": "2023-08-17T21:03:21.673Z", + "version": "WzY2MTI0MSwxNl0=" +} \ No newline at end of file diff --git a/packages/tychon/kibana/tag/tychon-9c222660-1100-11ee-af86-538da1394f27.json b/packages/tychon/kibana/tag/tychon-9c222660-1100-11ee-af86-538da1394f27.json new file mode 100644 index 00000000000..41c4144285c --- /dev/null +++ b/packages/tychon/kibana/tag/tychon-9c222660-1100-11ee-af86-538da1394f27.json @@ -0,0 +1,17 @@ +{ + "attributes": { + "color": "#58b7ff", + "description": "Vulnerability Information", + "name": "CVE" + }, + "coreMigrationVersion": "8.6.2", + "created_at": "2023-06-22T13:28:01.234Z", + "id": "tychon-9c222660-1100-11ee-af86-538da1394f27", + "migrationVersion": { + "tag": "8.0.0" + }, + "references": [], + "type": "tag", + "updated_at": "2023-06-22T13:28:01.234Z", + "version": "WzI4MTM1OSwxM10=" +} \ No newline at end of file diff --git a/packages/tychon/kibana/tag/tychon-a3922360-3de6-11ee-9610-15dee918f31a.json b/packages/tychon/kibana/tag/tychon-a3922360-3de6-11ee-9610-15dee918f31a.json new file mode 100644 index 00000000000..d327204d266 --- /dev/null +++ b/packages/tychon/kibana/tag/tychon-a3922360-3de6-11ee-9610-15dee918f31a.json @@ -0,0 +1,17 @@ +{ + "attributes": { + "color": "#efe009", + "description": "The TYCHON Endpoint Browser allows a user to see detailed Endpoint Reported data for a single host.", + "name": "Endpoint Browser" + }, + "coreMigrationVersion": "8.6.2", + "created_at": "2023-08-18T16:45:29.125Z", + "id": "tychon-a3922360-3de6-11ee-9610-15dee918f31a", + "migrationVersion": { + "tag": "8.0.0" + }, + "references": [], + "type": "tag", + "updated_at": "2023-08-18T16:45:29.125Z", + "version": "WzY4MDQ3NSwxNl0=" +} \ No newline at end of file diff --git a/packages/tychon/kibana/tag/tychon-bae88930-1133-11ee-af86-538da1394f27.json b/packages/tychon/kibana/tag/tychon-bae88930-1133-11ee-af86-538da1394f27.json new file mode 100644 index 00000000000..16caf7e9913 --- /dev/null +++ b/packages/tychon/kibana/tag/tychon-bae88930-1133-11ee-af86-538da1394f27.json @@ -0,0 +1,17 @@ +{ + "attributes": { + "color": "#14d15e", + "description": "Endpoint Protection Statuses", + "name": "EPP" + }, + "coreMigrationVersion": "8.6.2", + "created_at": "2023-06-22T19:33:57.192Z", + "id": "tychon-bae88930-1133-11ee-af86-538da1394f27", + "migrationVersion": { + "tag": "8.0.0" + }, + "references": [], + "type": "tag", + "updated_at": "2023-06-22T19:33:57.192Z", + "version": "WzI4NTA4OSwxM10=" +} \ No newline at end of file diff --git a/packages/tychon/kibana/tag/tychon-c957d710-3d4c-11ee-9610-15dee918f31a.json b/packages/tychon/kibana/tag/tychon-c957d710-3d4c-11ee-9610-15dee918f31a.json new file mode 100644 index 00000000000..61c4fd9b410 --- /dev/null +++ b/packages/tychon/kibana/tag/tychon-c957d710-3d4c-11ee-9610-15dee918f31a.json @@ -0,0 +1,17 @@ +{ + "attributes": { + "color": "#AA6556", + "description": "Routing Tables from Systems", + "name": "ARP" + }, + "coreMigrationVersion": "8.6.2", + "created_at": "2023-08-17T22:24:09.990Z", + "id": "tychon-c957d710-3d4c-11ee-9610-15dee918f31a", + "migrationVersion": { + "tag": "8.0.0" + }, + "references": [], + "type": "tag", + "updated_at": "2023-08-17T22:24:09.990Z", + "version": "WzY2MzYyNiwxNl0=" +} \ No newline at end of file diff --git a/packages/tychon/kibana/tag/tychon-e18d6100-3c85-11ee-9610-15dee918f31a.json b/packages/tychon/kibana/tag/tychon-e18d6100-3c85-11ee-9610-15dee918f31a.json new file mode 100644 index 00000000000..89ae180af87 --- /dev/null +++ b/packages/tychon/kibana/tag/tychon-e18d6100-3c85-11ee-9610-15dee918f31a.json @@ -0,0 +1,17 @@ +{ + "attributes": { + "color": "#afaddf", + "description": "Master Endpoint Record", + "name": "MER" + }, + "coreMigrationVersion": "8.6.2", + "created_at": "2023-08-16T22:40:20.761Z", + "id": "tychon-e18d6100-3c85-11ee-9610-15dee918f31a", + "migrationVersion": { + "tag": "8.0.0" + }, + "references": [], + "type": "tag", + "updated_at": "2023-08-16T22:40:20.761Z", + "version": "WzYzNTA3MSwxNl0=" +} \ No newline at end of file diff --git a/packages/tychon/kibana/tag/tychon-f26ce820-3d47-11ee-9610-15dee918f31a.json b/packages/tychon/kibana/tag/tychon-f26ce820-3d47-11ee-9610-15dee918f31a.json new file mode 100644 index 00000000000..7e59dbc91ad --- /dev/null +++ b/packages/tychon/kibana/tag/tychon-f26ce820-3d47-11ee-9610-15dee918f31a.json @@ -0,0 +1,17 @@ +{ + "attributes": { + "color": "#bcbc9c", + "description": "Virtualization Based Security", + "name": "VBS" + }, + "coreMigrationVersion": "8.6.2", + "created_at": "2023-08-17T21:49:31.431Z", + "id": "tychon-f26ce820-3d47-11ee-9610-15dee918f31a", + "migrationVersion": { + "tag": "8.0.0" + }, + "references": [], + "type": "tag", + "updated_at": "2023-08-17T21:49:31.431Z", + "version": "WzY2MjY4NywxNl0=" +} \ No newline at end of file diff --git a/packages/tychon/kibana/visualization/tychon-d954bdb0-3298-11ec-b058-cf4fefc29658.json b/packages/tychon/kibana/visualization/tychon-d954bdb0-3298-11ec-b058-cf4fefc29658.json new file mode 100644 index 00000000000..4477bc53e36 --- /dev/null +++ b/packages/tychon/kibana/visualization/tychon-d954bdb0-3298-11ec-b058-cf4fefc29658.json @@ -0,0 +1,20 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "title": "CCRI: Benchmark Scores CCRI Weighted - Markdown", + "uiStateJSON": "{}", + "version": 1, + "visState": "{\"title\":\"CCRI: Benchmark Scores CCRI Weighted - Markdown\",\"type\":\"markdown\",\"aggs\":[],\"params\":{\"fontSize\":10,\"openLinksInNewTab\":false,\"markdown\":\"| CCRI Score | Description |\\n| :------------ | :------------ |\\n| 20-100% | Critical Concern |\\n| 10-20% | Moderate Concern |\\n| 0-10% | Minor Concern |\\n| 0% | No Concern |\\n\"}}" + }, + "coreMigrationVersion": "8.8.0", + "created_at": "2023-08-30T22:09:42.471Z", + "id": "tychon-d954bdb0-3298-11ec-b058-cf4fefc29658", + "managed": true, + "type": "visualization", + "typeMigrationVersion": "8.5.0", + "updated_at": "2023-08-30T22:09:42.540Z", + "version": "WzIyMDksNF0=" +} \ No newline at end of file diff --git a/packages/tychon/kibana/visualization/tychon-e6c0e460-c3da-11eb-8956-0b1a70e695fd.json b/packages/tychon/kibana/visualization/tychon-e6c0e460-c3da-11eb-8956-0b1a70e695fd.json new file mode 100644 index 00000000000..0301700c4a8 --- /dev/null +++ b/packages/tychon/kibana/visualization/tychon-e6c0e460-c3da-11eb-8956-0b1a70e695fd.json @@ -0,0 +1,20 @@ +{ + "attributes": { + "description": "", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}" + }, + "title": "CCRI: Total Systems - Metric", + "uiStateJSON": "{}", + "version": 1, + "visState": "{\"title\":\"CCRI: Total Systems - Metric\",\"type\":\"metric\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"host.id\",\"customLabel\":\"Systems\",\"emptyAsNull\":false},\"schema\":\"metric\"}],\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":false},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":30}}}}" + }, + "coreMigrationVersion": "8.8.0", + "created_at": "2023-08-30T22:09:42.471Z", + "id": "tychon-e6c0e460-c3da-11eb-8956-0b1a70e695fd", + "managed": true, + "type": "visualization", + "typeMigrationVersion": "8.5.0", + "updated_at": "2023-08-30T22:09:42.540Z", + "version": "WzIyMTAsNF0=" +} \ No newline at end of file diff --git a/packages/tychon/kibana/visualization/tychon-ee4b44b0-40e6-11ee-8111-21f5f34f6dfc.json b/packages/tychon/kibana/visualization/tychon-ee4b44b0-40e6-11ee-8111-21f5f34f6dfc.json new file mode 100644 index 00000000000..14ada053e07 --- /dev/null +++ b/packages/tychon/kibana/visualization/tychon-ee4b44b0-40e6-11ee-8111-21f5f34f6dfc.json @@ -0,0 +1,33 @@ +{ + "attributes": { + "description": "TYCHON Browser is a series of dashbaords dirlling into indvidual datasets for a single computer.", + "kibanaSavedObjectMeta": { + "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}" + }, + "title": "[TYCHON] Endpoint Browser -Main Navigation", + "uiStateJSON": "{}", + "version": 1, + "visState": "{\"title\":\"[TYCHON] Endpoint Browser -Main Navigation\",\"type\":\"markdown\",\"aggs\":[],\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"[Host Info](/app/dashboards#/view/tychon-6165bf50-3dbf-11ee-9610-15dee918f31a-host) | [Network Cards](/app/dashboards#/view/tychon-1af57010-41b6-11ee-83e4-c92ed141b9e5-networkadapter) | [Drives and Disks](/app/dashboards#/view/tychon-380b6c10-3dbd-11ee-9610-15dee918f31a-harddrive) | [Apps and Software](/app/dashboards#/view/tychon-2bd4ca50-3dfd-11ee-9610-15dee918f31a-softwareinventory) | [Hardware](/app/dashboards#/view/tychon-993e07a0-3e02-11ee-9610-15dee918f31a-hardware) | [Vulnerabilities](/app/dashboards#/view/tychon-2de7a3c0-3e08-11ee-9610-15dee918f31a-cve) | [Benchmark Results](/app/dashboards#/view/tychon-e1c9c490-41a5-11ee-83e4-c92ed141b9e5-stig) | [Services and Ports](/app/dashboards#/view/tychon-0c036be0-3de5-11ee-9610-15dee918f31a-exposedservice) | [Protections](/app/dashboards#/view/tychon-b85e87c0-41ab-11ee-83e4-c92ed141b9e5-epp)\"}}" + }, + "coreMigrationVersion": "8.6.2", + "created_at": "2023-08-23T21:04:08.909Z", + "id": "tychon-ee4b44b0-40e6-11ee-8111-21f5f34f6dfc", + "migrationVersion": { + "visualization": "8.5.0" + }, + "references": [ + { + "id": "10af3800-10f3-11ee-af86-538da1394f27", + "name": "tag-ref-10af3800-10f3-11ee-af86-538da1394f27", + "type": "tag" + }, + { + "id": "e18d6100-3c85-11ee-9610-15dee918f31a", + "name": "tag-ref-e18d6100-3c85-11ee-9610-15dee918f31a", + "type": "tag" + } + ], + "type": "visualization", + "updated_at": "2023-08-23T21:04:08.909Z", + "version": "WzgyMjAyOSwyMl0=" +} \ No newline at end of file diff --git a/packages/tychon/manifest.yml b/packages/tychon/manifest.yml new file mode 100644 index 00000000000..2ac46aa6b28 --- /dev/null +++ b/packages/tychon/manifest.yml @@ -0,0 +1,43 @@ +format_version: 2.0.0 +name: tychon +release: beta +title: "TYCHON Agentless" +version: 0.0.60 +source: + license: "Elastic-2.0" +description: TYCHON Agentless delivers STIG, CVE/IAVA, and Endpoint Protection status without adding new server infrastructure or services to your endpoints. TYCHON datasets fully comply with vulnerability and STIG reporting standards and integrate into Comply-to-Connect for instant zero trust value. +type: integration +categories: + - config_management + - vulnerability_management +conditions: + kibana.version: "^8.8.0" + elastic.subscription: "basic" +screenshots: + - src: /img/TychonScreenshot.png + title: Tychon Vulnerabilities + size: 600x600 + type: image/png + - src: /img/TYCHONScreenShot_1.png + title: Tychon Host Information + size: 600x600 + type: image/png + - src: /img/TYCHONScreenShot_2.png + title: Endpoint Protection + size: 600x600 + type: image/png +icons: + - src: /img/TychonLogo.svg + title: Sample logo + size: 32x32 + type: image/svg+xml +policy_templates: + - name: tychon + title: Tychon + description: Tychon + inputs: + - type: filestream + title: Tychon + description: Tychon +owner: + github: elastic/security-external-integrations