-
Notifications
You must be signed in to change notification settings - Fork 40
/
panw cortex ELK 8132.ndjson
9 lines (9 loc) · 171 KB
/
panw cortex ELK 8132.ndjson
1
2
3
4
5
6
7
8
9
{"attributes":{"allowHidden":false,"fieldAttrs":"{\"cloud.region\":{\"count\":1},\"event.category\":{\"count\":1},\"event.dataset\":{\"count\":7},\"event.kind\":{\"count\":2},\"event.reason\":{\"count\":2},\"event.type\":{\"count\":1},\"file.name\":{\"count\":1},\"host.ip\":{\"count\":2},\"host.name\":{\"count\":2},\"message\":{\"count\":1},\"panw_cortex.xdr.action_pretty\":{\"count\":1},\"panw_cortex.xdr.agent_version\":{\"count\":1},\"panw_cortex.xdr.events.os_actor_process_command_line\":{\"count\":1},\"panw_cortex.xdr.incident_id\":{\"count\":6},\"panw_cortex.xdr.incident_name\":{\"count\":1},\"related.hosts\":{\"count\":1},\"user.name\":{\"count\":1}}","fieldFormatMap":"{}","fields":"[]","name":"logs-panw_cortex_xdr*","runtimeFieldMap":"{}","sourceFilters":"[]","timeFieldName":"@timestamp","title":"logs-panw_cortex_xdr*","typeMeta":"{}"},"coreMigrationVersion":"8.8.0","created_at":"2024-02-05T23:44:45.053Z","id":"5c8de6ac-08e7-4234-a80a-4ddc00e105b2","managed":false,"references":[],"type":"index-pattern","typeMigrationVersion":"8.0.0","updated_at":"2024-04-27T17:31:23.244Z","version":"WzM1MDEsMTFd"}
{"attributes":{"color":"#D6BF57","description":"","name":"Cortex"},"coreMigrationVersion":"8.8.0","created_at":"2024-02-05T23:16:28.780Z","id":"aa825331-3d72-48fb-a651-3ddf51d0abe5","managed":false,"references":[],"type":"tag","typeMigrationVersion":"8.0.0","updated_at":"2024-02-05T23:16:28.780Z","version":"WzI0MzM2OSwzXQ=="}
{"attributes":{"color":"#e7e647","description":"","name":"Palo Alto"},"coreMigrationVersion":"8.8.0","created_at":"2024-02-05T23:16:13.530Z","id":"e890acff-5ac5-41f1-af1f-ffc965cf5027","managed":false,"references":[],"type":"tag","typeMigrationVersion":"8.0.0","updated_at":"2024-02-05T23:16:13.530Z","version":"WzI0MzM2NiwzXQ=="}
{"attributes":{"columns":["panw_cortex.xdr.mitre_tactics_ids_and_names","panw_cortex.xdr.mitre_techniques_ids_and_names","panw_cortex.xdr.alert_categories","event.severity","panw_cortex.xdr.aggregated_score","panw_cortex.xdr.alert_count","panw_cortex.xdr.critical_severity_alert_count","panw_cortex.xdr.high_severity_alert_count","panw_cortex.xdr.med_severity_alert_count","panw_cortex.xdr.low_severity_alert_count","panw_cortex.xdr.wildfire_hits","panw_cortex.xdr.host_count","panw_cortex.xdr.hosts","panw_cortex.xdr.user_count","panw_cortex.xdr.users","event.id","event.reason"],"description":"","grid":{},"hideChart":false,"isTextBasedQuery":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"meta\":{\"alias\":null,\"negate\":false,\"disabled\":false,\"type\":\"phrase\",\"key\":\"data_stream.dataset\",\"params\":{\"query\":\"panw_cortex_xdr.incidents\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"panw_cortex_xdr.incidents\"}},\"$state\":{\"store\":\"appState\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"timeRestore":false,"title":"Incidents [Cortex]"},"coreMigrationVersion":"8.8.0","created_at":"2024-04-27T17:08:54.211Z","created_by":"u_XJfmBtqykJGMqwpmiw4v6E_ussfw_AgpP03-r29N6ro_0","id":"3112100c-e7a1-4114-ba3d-f39838d6751b","managed":false,"references":[{"id":"5c8de6ac-08e7-4234-a80a-4ddc00e105b2","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"5c8de6ac-08e7-4234-a80a-4ddc00e105b2","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"aa825331-3d72-48fb-a651-3ddf51d0abe5","name":"tag-ref-aa825331-3d72-48fb-a651-3ddf51d0abe5","type":"tag"},{"id":"e890acff-5ac5-41f1-af1f-ffc965cf5027","name":"tag-ref-e890acff-5ac5-41f1-af1f-ffc965cf5027","type":"tag"}],"type":"search","typeMigrationVersion":"10.3.0","updated_at":"2024-04-27T23:30:41.057Z","version":"WzM1OTksMTFd"}
{"attributes":{"controlGroupInput":{"chainingSystem":"HIERARCHICAL","controlStyle":"twoLine","ignoreParentSettingsJSON":"{\"ignoreFilters\":false,\"ignoreQuery\":false,\"ignoreTimerange\":false,\"ignoreValidations\":false}","panelsJSON":"{\"4d6b8f99-bac5-4c54-ac49-5f39eee51a32\":{\"type\":\"optionsListControl\",\"order\":0,\"grow\":true,\"width\":\"medium\",\"explicitInput\":{\"id\":\"4d6b8f99-bac5-4c54-ac49-5f39eee51a32\",\"fieldName\":\"data_stream.dataset\",\"title\":\"data_stream.dataset\",\"grow\":true,\"width\":\"medium\",\"singleSelect\":true,\"selectedOptions\":[\"panw_cortex_xdr.alerts\"],\"enhancements\":{}}},\"6ac35fa1-301e-49ba-9f6f-219976460df4\":{\"type\":\"optionsListControl\",\"order\":2,\"grow\":true,\"width\":\"medium\",\"explicitInput\":{\"id\":\"6ac35fa1-301e-49ba-9f6f-219976460df4\",\"fieldName\":\"panw_cortex.xdr.category\",\"title\":\"panw_cortex.xdr.category\",\"grow\":true,\"width\":\"medium\",\"searchTechnique\":\"prefix\",\"enhancements\":{}}},\"c48b71f3-c474-4eb1-bac0-e75159fdd506\":{\"type\":\"optionsListControl\",\"order\":1,\"grow\":true,\"width\":\"medium\",\"explicitInput\":{\"id\":\"c48b71f3-c474-4eb1-bac0-e75159fdd506\",\"fieldName\":\"panw_cortex.xdr.events.event_type\",\"title\":\"panw_cortex.xdr.events.event_type\",\"grow\":true,\"width\":\"medium\",\"searchTechnique\":\"prefix\",\"enhancements\":{}}},\"839e8412-37ef-4574-aa8d-28e6dc2ecb98\":{\"type\":\"optionsListControl\",\"order\":3,\"grow\":true,\"width\":\"medium\",\"explicitInput\":{\"id\":\"839e8412-37ef-4574-aa8d-28e6dc2ecb98\",\"fieldName\":\"panw_cortex.xdr.action_pretty\",\"title\":\"panw_cortex.xdr.action_pretty\",\"grow\":true,\"width\":\"medium\",\"searchTechnique\":\"prefix\",\"enhancements\":{}}}}","showApplySelections":false},"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":false,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"type\":\"links\",\"gridData\":{\"x\":0,\"y\":0,\"w\":40,\"h\":5,\"i\":\"13de2b17-3d9e-402b-957e-dc715d09de21\"},\"panelIndex\":\"13de2b17-3d9e-402b-957e-dc715d09de21\",\"embeddableConfig\":{\"disabledActions\":[\"OPEN_FLYOUT_ADD_DRILLDOWN\"],\"enhancements\":{}},\"panelRefName\":\"panel_13de2b17-3d9e-402b-957e-dc715d09de21\"},{\"type\":\"lens\",\"gridData\":{\"x\":40,\"y\":0,\"w\":8,\"h\":5,\"i\":\"8b10ddec-8e74-4119-a006-12d94a537cd6\"},\"panelIndex\":\"8b10ddec-8e74-4119-a006-12d94a537cd6\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsMetric\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"5c8de6ac-08e7-4234-a80a-4ddc00e105b2\",\"name\":\"indexpattern-datasource-layer-6d7bc3ca-1f77-43a3-b4a9-a3a6acdf3a62\"},{\"type\":\"index-pattern\",\"id\":\"5c8de6ac-08e7-4234-a80a-4ddc00e105b2\",\"name\":\"indexpattern-datasource-layer-cf9d7ff4-9bf6-4217-aa29-cdb3976537c2\"}],\"state\":{\"visualization\":{\"layerId\":\"6d7bc3ca-1f77-43a3-b4a9-a3a6acdf3a62\",\"layerType\":\"data\",\"metricAccessor\":\"836948ff-0dd9-402b-a0db-364290105fbd\",\"showBar\":false,\"trendlineLayerId\":\"cf9d7ff4-9bf6-4217-aa29-cdb3976537c2\",\"trendlineLayerType\":\"metricTrendline\",\"trendlineTimeAccessor\":\"c09a3b6f-4a05-4166-92d8-977b280a8497\",\"trendlineMetricAccessor\":\"f97b5fa4-e0dc-445b-9c36-4d7731747b85\",\"trendlineSecondaryMetricAccessor\":\"3d523f96-619d-4c24-9715-8b6d25b68777\",\"secondaryMetricAccessor\":\"839397d5-1cc6-4d71-a79b-9db31986a5c5\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"6d7bc3ca-1f77-43a3-b4a9-a3a6acdf3a62\":{\"columns\":{\"836948ff-0dd9-402b-a0db-364290105fbd\":{\"label\":\"Unique count of alert_id\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"panw_cortex.xdr.alert_id\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":true},\"customLabel\":true},\"839397d5-1cc6-4d71-a79b-9db31986a5c5\":{\"label\":\"Total Hits\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true},\"customLabel\":true}},\"columnOrder\":[\"836948ff-0dd9-402b-a0db-364290105fbd\",\"839397d5-1cc6-4d71-a79b-9db31986a5c5\"],\"sampling\":1,\"incompleteColumns\":{}},\"cf9d7ff4-9bf6-4217-aa29-cdb3976537c2\":{\"linkToLayers\":[\"6d7bc3ca-1f77-43a3-b4a9-a3a6acdf3a62\"],\"columns\":{\"c09a3b6f-4a05-4166-92d8-977b280a8497\":{\"label\":\"@timestamp\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"@timestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\",\"includeEmptyRows\":true,\"dropPartials\":false}},\"f97b5fa4-e0dc-445b-9c36-4d7731747b85\":{\"label\":\"Unique count of alert_id\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"panw_cortex.xdr.alert_id\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":true},\"customLabel\":true},\"3d523f96-619d-4c24-9715-8b6d25b68777\":{\"label\":\"Total Hits\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true},\"customLabel\":true}},\"columnOrder\":[\"c09a3b6f-4a05-4166-92d8-977b280a8497\",\"3d523f96-619d-4c24-9715-8b6d25b68777\",\"f97b5fa4-e0dc-445b-9c36-4d7731747b85\"],\"sampling\":1,\"ignoreGlobalFilters\":false,\"incompleteColumns\":{}}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{}}},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":5,\"w\":8,\"h\":13,\"i\":\"3e2fcdcf-36a8-4e8b-a5fa-413534503350\"},\"panelIndex\":\"3e2fcdcf-36a8-4e8b-a5fa-413534503350\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsMetric\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"5c8de6ac-08e7-4234-a80a-4ddc00e105b2\",\"name\":\"indexpattern-datasource-layer-cc4bbd7b-9b35-480a-a9ae-d134220aab84\"}],\"state\":{\"visualization\":{\"layerId\":\"cc4bbd7b-9b35-480a-a9ae-d134220aab84\",\"layerType\":\"data\",\"metricAccessor\":\"e8526eb0-6abd-4b16-8f66-17aa3c1e93f5\",\"showBar\":false},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"cc4bbd7b-9b35-480a-a9ae-d134220aab84\":{\"columns\":{\"e8526eb0-6abd-4b16-8f66-17aa3c1e93f5\":{\"label\":\"Unique count of host.name\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"host.name\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":true}}},\"columnOrder\":[\"e8526eb0-6abd-4b16-8f66-17aa3c1e93f5\"],\"incompleteColumns\":{},\"indexPatternId\":\"5c8de6ac-08e7-4234-a80a-4ddc00e105b2\"}},\"currentIndexPatternId\":\"5c8de6ac-08e7-4234-a80a-4ddc00e105b2\"}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{}}},{\"type\":\"lens\",\"gridData\":{\"x\":8,\"y\":5,\"w\":32,\"h\":13,\"i\":\"c4aa6743-8741-4763-a5cb-250a560e7ebb\"},\"panelIndex\":\"c4aa6743-8741-4763-a5cb-250a560e7ebb\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"5c8de6ac-08e7-4234-a80a-4ddc00e105b2\",\"name\":\"indexpattern-datasource-layer-5d7b36f5-051f-42e2-b592-c9471c1c47af\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\",\"shouldTruncate\":false},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":false,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"preferredSeriesType\":\"bar_stacked\",\"layers\":[{\"layerId\":\"5d7b36f5-051f-42e2-b592-c9471c1c47af\",\"accessors\":[\"2276f9c1-1bc6-4bb3-8aa0-c1bb3fdd82eb\"],\"position\":\"top\",\"seriesType\":\"bar_stacked\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"49e19a94-43a6-4271-9a62-5a0c4adbbb8f\",\"splitAccessor\":\"d20689c2-5884-4b6a-8d5c-1076ac8e8266\"}],\"yTitle\":\"\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"5d7b36f5-051f-42e2-b592-c9471c1c47af\":{\"columns\":{\"49e19a94-43a6-4271-9a62-5a0c4adbbb8f\":{\"label\":\"@timestamp\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"@timestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\",\"includeEmptyRows\":true,\"dropPartials\":false}},\"2276f9c1-1bc6-4bb3-8aa0-c1bb3fdd82eb\":{\"label\":\"Count of records\",\"customLabel\":false,\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true}},\"d20689c2-5884-4b6a-8d5c-1076ac8e8266\":{\"label\":\"Top 5 values of panw_cortex.xdr.action_pretty\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"panw_cortex.xdr.action_pretty\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"2276f9c1-1bc6-4bb3-8aa0-c1bb3fdd82eb\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false,\"secondaryFields\":[]}}},\"columnOrder\":[\"d20689c2-5884-4b6a-8d5c-1076ac8e8266\",\"49e19a94-43a6-4271-9a62-5a0c4adbbb8f\",\"2276f9c1-1bc6-4bb3-8aa0-c1bb3fdd82eb\"],\"incompleteColumns\":{},\"indexPatternId\":\"5c8de6ac-08e7-4234-a80a-4ddc00e105b2\"}},\"currentIndexPatternId\":\"5c8de6ac-08e7-4234-a80a-4ddc00e105b2\"}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{},\"hidePanelTitles\":false},\"title\":\"action\"},{\"type\":\"lens\",\"gridData\":{\"x\":40,\"y\":5,\"w\":8,\"h\":13,\"i\":\"463eba5f-de8c-4819-b2de-f178465539f9\"},\"panelIndex\":\"463eba5f-de8c-4819-b2de-f178465539f9\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsMetric\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"5c8de6ac-08e7-4234-a80a-4ddc00e105b2\",\"name\":\"indexpattern-datasource-layer-cc4bbd7b-9b35-480a-a9ae-d134220aab84\"}],\"state\":{\"visualization\":{\"layerId\":\"cc4bbd7b-9b35-480a-a9ae-d134220aab84\",\"layerType\":\"data\",\"metricAccessor\":\"e8526eb0-6abd-4b16-8f66-17aa3c1e93f5\",\"showBar\":false,\"trendlineSecondaryMetricAccessor\":\"ef5a7c3d-c9cd-4add-a057-074641e59cb9\",\"secondaryMetricAccessor\":\"6f91d0f4-6525-47a6-95a0-748fb8731445\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"cc4bbd7b-9b35-480a-a9ae-d134220aab84\":{\"columns\":{\"e8526eb0-6abd-4b16-8f66-17aa3c1e93f5\":{\"label\":\"Unique count of process.name\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"process.name\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":true}},\"6f91d0f4-6525-47a6-95a0-748fb8731445\":{\"label\":\"Unique count of file.name\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"file.name\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":true}}},\"columnOrder\":[\"e8526eb0-6abd-4b16-8f66-17aa3c1e93f5\",\"6f91d0f4-6525-47a6-95a0-748fb8731445\"],\"incompleteColumns\":{},\"indexPatternId\":\"5c8de6ac-08e7-4234-a80a-4ddc00e105b2\"}},\"currentIndexPatternId\":\"5c8de6ac-08e7-4234-a80a-4ddc00e105b2\"}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{}},\"title\":\"\"},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":18,\"w\":17,\"h\":17,\"i\":\"db1889f9-39e8-4275-b078-62669f7b4ed4\"},\"panelIndex\":\"db1889f9-39e8-4275-b078-62669f7b4ed4\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsHeatmap\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"5c8de6ac-08e7-4234-a80a-4ddc00e105b2\",\"name\":\"indexpattern-datasource-layer-a2ba0a2c-9cf7-48e5-b83d-2e280a0e46de\"}],\"state\":{\"visualization\":{\"shape\":\"heatmap\",\"layerId\":\"a2ba0a2c-9cf7-48e5-b83d-2e280a0e46de\",\"layerType\":\"data\",\"legend\":{\"isVisible\":true,\"position\":\"right\",\"type\":\"heatmap_legend\"},\"gridConfig\":{\"type\":\"heatmap_grid\",\"isCellLabelVisible\":false,\"isYAxisLabelVisible\":true,\"isXAxisLabelVisible\":true,\"isYAxisTitleVisible\":false,\"isXAxisTitleVisible\":false},\"valueAccessor\":\"6abed9d7-3787-4e96-b816-3d626a2d7807\",\"yAccessor\":\"c6827860-425b-4744-8125-6d6abe91aae5\",\"xAccessor\":\"6b86109c-ed5f-41e5-ad83-abbb69fd41ac\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"a2ba0a2c-9cf7-48e5-b83d-2e280a0e46de\":{\"columns\":{\"6abed9d7-3787-4e96-b816-3d626a2d7807\":{\"label\":\"Count of records\",\"customLabel\":false,\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true}},\"c6827860-425b-4744-8125-6d6abe91aae5\":{\"label\":\"Top 10 values of panw_cortex.xdr.events.event_type\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"panw_cortex.xdr.events.event_type\",\"isBucketed\":true,\"params\":{\"size\":10,\"orderBy\":{\"type\":\"column\",\"columnId\":\"6abed9d7-3787-4e96-b816-3d626a2d7807\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false,\"secondaryFields\":[]}},\"6b86109c-ed5f-41e5-ad83-abbb69fd41ac\":{\"label\":\"@timestamp\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"@timestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\",\"includeEmptyRows\":true,\"dropPartials\":false}}},\"columnOrder\":[\"c6827860-425b-4744-8125-6d6abe91aae5\",\"6b86109c-ed5f-41e5-ad83-abbb69fd41ac\",\"6abed9d7-3787-4e96-b816-3d626a2d7807\"],\"incompleteColumns\":{}}}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"event_type\"},{\"type\":\"lens\",\"gridData\":{\"x\":17,\"y\":18,\"w\":13,\"h\":17,\"i\":\"e41de356-113c-49e8-aff0-db91828bbe14\"},\"panelIndex\":\"e41de356-113c-49e8-aff0-db91828bbe14\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"5c8de6ac-08e7-4234-a80a-4ddc00e105b2\",\"name\":\"indexpattern-datasource-layer-a2ba0a2c-9cf7-48e5-b83d-2e280a0e46de\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\",\"shouldTruncate\":false},\"valueLabels\":\"show\",\"fittingFunction\":\"None\",\"xTitle\":\"\",\"yTitle\":\"\",\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"preferredSeriesType\":\"bar_horizontal_stacked\",\"layers\":[{\"layerId\":\"a2ba0a2c-9cf7-48e5-b83d-2e280a0e46de\",\"accessors\":[\"6abed9d7-3787-4e96-b816-3d626a2d7807\"],\"position\":\"top\",\"seriesType\":\"bar_horizontal_stacked\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"f2feae8b-b4fa-4e05-898b-180af74a6775\",\"splitAccessor\":\"5e13cc0d-85e9-428f-a7f9-1b3c58b16b4e\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"a2ba0a2c-9cf7-48e5-b83d-2e280a0e46de\":{\"columns\":{\"6abed9d7-3787-4e96-b816-3d626a2d7807\":{\"label\":\"Count of records\",\"customLabel\":false,\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true}},\"f2feae8b-b4fa-4e05-898b-180af74a6775\":{\"label\":\"Top 10 values of panw_cortex.xdr.category\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"panw_cortex.xdr.category\",\"isBucketed\":true,\"params\":{\"size\":10,\"orderBy\":{\"type\":\"column\",\"columnId\":\"6abed9d7-3787-4e96-b816-3d626a2d7807\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false,\"secondaryFields\":[]}},\"5e13cc0d-85e9-428f-a7f9-1b3c58b16b4e\":{\"label\":\"Top 5 values of panw_cortex.xdr.action_pretty\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"panw_cortex.xdr.action_pretty\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"6abed9d7-3787-4e96-b816-3d626a2d7807\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false}}},\"columnOrder\":[\"f2feae8b-b4fa-4e05-898b-180af74a6775\",\"5e13cc0d-85e9-428f-a7f9-1b3c58b16b4e\",\"6abed9d7-3787-4e96-b816-3d626a2d7807\"],\"incompleteColumns\":{},\"indexPatternId\":\"5c8de6ac-08e7-4234-a80a-4ddc00e105b2\"}},\"currentIndexPatternId\":\"5c8de6ac-08e7-4234-a80a-4ddc00e105b2\"}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"category by action\"},{\"type\":\"lens\",\"gridData\":{\"x\":30,\"y\":18,\"w\":10,\"h\":17,\"i\":\"7ba860a3-a27d-4ece-a173-94ec94b8b2b6\"},\"panelIndex\":\"7ba860a3-a27d-4ece-a173-94ec94b8b2b6\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"5c8de6ac-08e7-4234-a80a-4ddc00e105b2\",\"name\":\"indexpattern-datasource-layer-a2ba0a2c-9cf7-48e5-b83d-2e280a0e46de\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"bottom\"},\"valueLabels\":\"show\",\"fittingFunction\":\"None\",\"xTitle\":\"\",\"yTitle\":\"\",\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"preferredSeriesType\":\"bar_horizontal\",\"layers\":[{\"layerId\":\"a2ba0a2c-9cf7-48e5-b83d-2e280a0e46de\",\"accessors\":[\"6abed9d7-3787-4e96-b816-3d626a2d7807\"],\"position\":\"top\",\"seriesType\":\"bar_horizontal\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"db57435c-c5cb-49c6-a040-df53e6c12919\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"a2ba0a2c-9cf7-48e5-b83d-2e280a0e46de\":{\"columns\":{\"db57435c-c5cb-49c6-a040-df53e6c12919\":{\"label\":\"Top 10 values of panw_cortex.xdr.action_pretty\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"panw_cortex.xdr.action_pretty\",\"isBucketed\":true,\"params\":{\"size\":10,\"orderBy\":{\"type\":\"column\",\"columnId\":\"6abed9d7-3787-4e96-b816-3d626a2d7807\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false}},\"6abed9d7-3787-4e96-b816-3d626a2d7807\":{\"label\":\"Count of records\",\"customLabel\":false,\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true}}},\"columnOrder\":[\"db57435c-c5cb-49c6-a040-df53e6c12919\",\"6abed9d7-3787-4e96-b816-3d626a2d7807\"],\"incompleteColumns\":{},\"indexPatternId\":\"5c8de6ac-08e7-4234-a80a-4ddc00e105b2\"}},\"currentIndexPatternId\":\"5c8de6ac-08e7-4234-a80a-4ddc00e105b2\"}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"action\"},{\"type\":\"lens\",\"gridData\":{\"x\":40,\"y\":18,\"w\":8,\"h\":17,\"i\":\"673660ae-7e0f-41b9-8fd4-728a8a3e39c6\"},\"panelIndex\":\"673660ae-7e0f-41b9-8fd4-728a8a3e39c6\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"5c8de6ac-08e7-4234-a80a-4ddc00e105b2\",\"name\":\"indexpattern-datasource-layer-3baa2dc3-a164-4cf5-94ec-347b9f94a730\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"bottom\"},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"preferredSeriesType\":\"bar_horizontal_stacked\",\"layers\":[{\"layerId\":\"3baa2dc3-a164-4cf5-94ec-347b9f94a730\",\"seriesType\":\"bar_horizontal_stacked\",\"xAccessor\":\"2dfdbc6c-ee43-4f95-848f-122cb35f9959\",\"accessors\":[\"1486afd6-dadc-4828-99f2-b13e71e206de\"],\"layerType\":\"data\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"3baa2dc3-a164-4cf5-94ec-347b9f94a730\":{\"columns\":{\"2dfdbc6c-ee43-4f95-848f-122cb35f9959\":{\"label\":\"Filters\",\"dataType\":\"string\",\"operationType\":\"filters\",\"scale\":\"ordinal\",\"isBucketed\":true,\"params\":{\"filters\":[{\"input\":{\"query\":\"\\\"event.severity\\\" : 5\",\"language\":\"kuery\"},\"label\":\"critical\"},{\"input\":{\"query\":\"\\\"event.severity\\\" : 4\",\"language\":\"kuery\"},\"label\":\"high\"},{\"input\":{\"query\":\"\\\"event.severity\\\" : 3\",\"language\":\"kuery\"},\"label\":\"medium\"},{\"input\":{\"query\":\"\\\"event.severity\\\" : 2\",\"language\":\"kuery\"},\"label\":\"low\"},{\"label\":\"Info\",\"input\":{\"query\":\"\\\"event.severity\\\" : 1\",\"language\":\"kuery\"}},{\"input\":{\"query\":\"\\\"event.severity\\\" : 0\",\"language\":\"kuery\"},\"label\":\"unknown\"}]}},\"1486afd6-dadc-4828-99f2-b13e71e206de\":{\"label\":\"Count of records\",\"customLabel\":false,\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true}}},\"columnOrder\":[\"2dfdbc6c-ee43-4f95-848f-122cb35f9959\",\"1486afd6-dadc-4828-99f2-b13e71e206de\"],\"incompleteColumns\":{},\"indexPatternId\":\"5c8de6ac-08e7-4234-a80a-4ddc00e105b2\"}},\"currentIndexPatternId\":\"5c8de6ac-08e7-4234-a80a-4ddc00e105b2\"}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"severity\"},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":35,\"w\":14,\"h\":19,\"i\":\"c7c7a8fb-2361-4d53-9b49-7b80c1e93267\"},\"panelIndex\":\"c7c7a8fb-2361-4d53-9b49-7b80c1e93267\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsChoropleth\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"5c8de6ac-08e7-4234-a80a-4ddc00e105b2\",\"name\":\"indexpattern-datasource-layer-51ba4de0-fba4-4cde-82c6-f78db04d3cbc\"}],\"state\":{\"visualization\":{\"layerId\":\"51ba4de0-fba4-4cde-82c6-f78db04d3cbc\",\"layerType\":\"data\",\"regionAccessor\":\"c44ba813-22fb-43d5-acd8-d01110b4f0d0\",\"valueAccessor\":\"1c588189-bd4b-431c-bc1d-0f1550378ea8\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"51ba4de0-fba4-4cde-82c6-f78db04d3cbc\":{\"columns\":{\"c44ba813-22fb-43d5-acd8-d01110b4f0d0\":{\"label\":\"Top 50 values of destination.geo.country_iso_code\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"destination.geo.country_iso_code\",\"isBucketed\":true,\"params\":{\"size\":50,\"orderBy\":{\"type\":\"column\",\"columnId\":\"1c588189-bd4b-431c-bc1d-0f1550378ea8\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"}}},\"1c588189-bd4b-431c-bc1d-0f1550378ea8\":{\"label\":\"Count of records\",\"customLabel\":false,\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true}}},\"columnOrder\":[\"c44ba813-22fb-43d5-acd8-d01110b4f0d0\",\"1c588189-bd4b-431c-bc1d-0f1550378ea8\"],\"incompleteColumns\":{},\"indexPatternId\":\"5c8de6ac-08e7-4234-a80a-4ddc00e105b2\"}},\"currentIndexPatternId\":\"5c8de6ac-08e7-4234-a80a-4ddc00e105b2\"}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"destination country\"},{\"type\":\"lens\",\"gridData\":{\"x\":14,\"y\":35,\"w\":10,\"h\":19,\"i\":\"94d6c757-28a3-47a8-b5b5-187ede2ea2ce\"},\"panelIndex\":\"94d6c757-28a3-47a8-b5b5-187ede2ea2ce\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"5c8de6ac-08e7-4234-a80a-4ddc00e105b2\",\"name\":\"indexpattern-datasource-layer-3baa2dc3-a164-4cf5-94ec-347b9f94a730\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"bottom\",\"isInside\":true,\"verticalAlignment\":\"bottom\",\"horizontalAlignment\":\"right\"},\"valueLabels\":\"show\",\"fittingFunction\":\"None\",\"xTitle\":\"\",\"yTitle\":\"\",\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"preferredSeriesType\":\"bar_horizontal\",\"layers\":[{\"layerId\":\"3baa2dc3-a164-4cf5-94ec-347b9f94a730\",\"seriesType\":\"bar_horizontal_stacked\",\"xAccessor\":\"0ad011c0-19db-4b58-b976-8e0311fe3058\",\"accessors\":[\"1486afd6-dadc-4828-99f2-b13e71e206de\"],\"layerType\":\"data\",\"splitAccessor\":\"f56e04b8-8dc6-49bd-b6de-544fa3c46f5d\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"3baa2dc3-a164-4cf5-94ec-347b9f94a730\":{\"columns\":{\"0ad011c0-19db-4b58-b976-8e0311fe3058\":{\"label\":\"Top 10 values of panw_cortex.xdr.agent_version\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"panw_cortex.xdr.agent_version\",\"isBucketed\":true,\"params\":{\"size\":10,\"orderBy\":{\"type\":\"column\",\"columnId\":\"1486afd6-dadc-4828-99f2-b13e71e206de\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"secondaryFields\":[]}},\"1486afd6-dadc-4828-99f2-b13e71e206de\":{\"label\":\"Count of records\",\"customLabel\":false,\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true}},\"f56e04b8-8dc6-49bd-b6de-544fa3c46f5d\":{\"label\":\"Top 5 values of host.os.name\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.os.name\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"1486afd6-dadc-4828-99f2-b13e71e206de\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false,\"secondaryFields\":[]}}},\"columnOrder\":[\"0ad011c0-19db-4b58-b976-8e0311fe3058\",\"f56e04b8-8dc6-49bd-b6de-544fa3c46f5d\",\"1486afd6-dadc-4828-99f2-b13e71e206de\"],\"incompleteColumns\":{},\"indexPatternId\":\"5c8de6ac-08e7-4234-a80a-4ddc00e105b2\"}},\"currentIndexPatternId\":\"5c8de6ac-08e7-4234-a80a-4ddc00e105b2\"}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"agent_version by os.name\"},{\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":35,\"w\":24,\"h\":19,\"i\":\"7938494e-770f-4434-b28d-a655ca3cfa07\"},\"panelIndex\":\"7938494e-770f-4434-b28d-a655ca3cfa07\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsPie\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"5c8de6ac-08e7-4234-a80a-4ddc00e105b2\",\"name\":\"indexpattern-datasource-layer-038c4560-7cb8-4ac6-98f6-596b9f7d7a90\"}],\"state\":{\"visualization\":{\"shape\":\"treemap\",\"layers\":[{\"layerId\":\"038c4560-7cb8-4ac6-98f6-596b9f7d7a90\",\"primaryGroups\":[\"0215932c-4577-46d9-96c9-7c6161b3bb90\"],\"metrics\":[\"c3f66702-b130-4891-a0ec-ab8411d7d13c\"],\"numberDisplay\":\"percent\",\"categoryDisplay\":\"default\",\"legendDisplay\":\"default\",\"nestedLegend\":false,\"layerType\":\"data\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"038c4560-7cb8-4ac6-98f6-596b9f7d7a90\":{\"columns\":{\"0215932c-4577-46d9-96c9-7c6161b3bb90\":{\"label\":\"Top 50 values of event.reason\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"event.reason\",\"isBucketed\":true,\"params\":{\"size\":50,\"orderBy\":{\"type\":\"column\",\"columnId\":\"c3f66702-b130-4891-a0ec-ab8411d7d13c\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false}},\"c3f66702-b130-4891-a0ec-ab8411d7d13c\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true}}},\"columnOrder\":[\"0215932c-4577-46d9-96c9-7c6161b3bb90\",\"c3f66702-b130-4891-a0ec-ab8411d7d13c\"],\"incompleteColumns\":{},\"sampling\":1}}},\"indexpattern\":{\"layers\":{}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{}},\"title\":\"reason\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":54,\"w\":16,\"h\":5,\"i\":\"cd2717cd-d63a-460e-ba87-645285a5baa4\"},\"panelIndex\":\"cd2717cd-d63a-460e-ba87-645285a5baa4\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"\",\"description\":\"\",\"type\":\"markdown\",\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"Host Name\\n***\"},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"enhancements\":{}},\"title\":\"\"},{\"type\":\"visualization\",\"gridData\":{\"x\":16,\"y\":54,\"w\":16,\"h\":5,\"i\":\"6ae8a8a4-eaf7-40be-800d-c81d01fd6566\"},\"panelIndex\":\"6ae8a8a4-eaf7-40be-800d-c81d01fd6566\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"\",\"description\":\"\",\"type\":\"markdown\",\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"Process Name\\n***\"},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"enhancements\":{}},\"title\":\"\"},{\"type\":\"visualization\",\"gridData\":{\"x\":32,\"y\":54,\"w\":16,\"h\":5,\"i\":\"355d7b1d-8100-497f-a1b3-98d8f5da3780\"},\"panelIndex\":\"355d7b1d-8100-497f-a1b3-98d8f5da3780\",\"embeddableConfig\":{\"savedVis\":{\"description\":\"\",\"type\":\"markdown\",\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"File Name\\n***\"},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"enhancements\":{}}},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":59,\"w\":16,\"h\":15,\"i\":\"ba90df4e-16b1-4173-b059-e730d259913b\"},\"panelIndex\":\"ba90df4e-16b1-4173-b059-e730d259913b\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"5c8de6ac-08e7-4234-a80a-4ddc00e105b2\",\"name\":\"indexpattern-datasource-layer-5d7b36f5-051f-42e2-b592-c9471c1c47af\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\",\"shouldTruncate\":false},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"yTitle\":\"\",\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":false,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"preferredSeriesType\":\"area\",\"layers\":[{\"layerId\":\"5d7b36f5-051f-42e2-b592-c9471c1c47af\",\"accessors\":[\"2276f9c1-1bc6-4bb3-8aa0-c1bb3fdd82eb\"],\"position\":\"top\",\"seriesType\":\"area\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"49e19a94-43a6-4271-9a62-5a0c4adbbb8f\",\"splitAccessor\":\"9acc49ce-4262-421f-9a4d-ea5105064592\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"5d7b36f5-051f-42e2-b592-c9471c1c47af\":{\"columns\":{\"9acc49ce-4262-421f-9a4d-ea5105064592\":{\"label\":\"Top 5 values of host.name\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.name\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"2276f9c1-1bc6-4bb3-8aa0-c1bb3fdd82eb\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"}}},\"49e19a94-43a6-4271-9a62-5a0c4adbbb8f\":{\"label\":\"@timestamp\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"@timestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\",\"includeEmptyRows\":true,\"dropPartials\":false}},\"2276f9c1-1bc6-4bb3-8aa0-c1bb3fdd82eb\":{\"label\":\"Count of records\",\"customLabel\":false,\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true}}},\"columnOrder\":[\"9acc49ce-4262-421f-9a4d-ea5105064592\",\"49e19a94-43a6-4271-9a62-5a0c4adbbb8f\",\"2276f9c1-1bc6-4bb3-8aa0-c1bb3fdd82eb\"],\"incompleteColumns\":{},\"indexPatternId\":\"5c8de6ac-08e7-4234-a80a-4ddc00e105b2\"}},\"currentIndexPatternId\":\"5c8de6ac-08e7-4234-a80a-4ddc00e105b2\"}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{},\"hidePanelTitles\":false},\"title\":\"hostname\"},{\"type\":\"lens\",\"gridData\":{\"x\":16,\"y\":59,\"w\":16,\"h\":15,\"i\":\"f13c9704-9d6c-4955-b657-129f1d84aa26\"},\"panelIndex\":\"f13c9704-9d6c-4955-b657-129f1d84aa26\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"5c8de6ac-08e7-4234-a80a-4ddc00e105b2\",\"name\":\"indexpattern-datasource-layer-5d7b36f5-051f-42e2-b592-c9471c1c47af\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\",\"shouldTruncate\":false},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"yTitle\":\"\",\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":false,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"preferredSeriesType\":\"area\",\"layers\":[{\"layerId\":\"5d7b36f5-051f-42e2-b592-c9471c1c47af\",\"accessors\":[\"2276f9c1-1bc6-4bb3-8aa0-c1bb3fdd82eb\"],\"position\":\"top\",\"seriesType\":\"area\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"49e19a94-43a6-4271-9a62-5a0c4adbbb8f\",\"splitAccessor\":\"9acc49ce-4262-421f-9a4d-ea5105064592\"}],\"hideEndzones\":false},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"5d7b36f5-051f-42e2-b592-c9471c1c47af\":{\"columns\":{\"9acc49ce-4262-421f-9a4d-ea5105064592\":{\"label\":\"Top 5 values of process.name\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"process.name\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"2276f9c1-1bc6-4bb3-8aa0-c1bb3fdd82eb\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"}}},\"49e19a94-43a6-4271-9a62-5a0c4adbbb8f\":{\"label\":\"@timestamp\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"@timestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\",\"includeEmptyRows\":true,\"dropPartials\":false}},\"2276f9c1-1bc6-4bb3-8aa0-c1bb3fdd82eb\":{\"label\":\"Count of records\",\"customLabel\":false,\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true}}},\"columnOrder\":[\"9acc49ce-4262-421f-9a4d-ea5105064592\",\"49e19a94-43a6-4271-9a62-5a0c4adbbb8f\",\"2276f9c1-1bc6-4bb3-8aa0-c1bb3fdd82eb\"],\"incompleteColumns\":{},\"indexPatternId\":\"5c8de6ac-08e7-4234-a80a-4ddc00e105b2\"}},\"currentIndexPatternId\":\"5c8de6ac-08e7-4234-a80a-4ddc00e105b2\"}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{},\"hidePanelTitles\":false},\"title\":\"process.name\"},{\"type\":\"lens\",\"gridData\":{\"x\":32,\"y\":59,\"w\":16,\"h\":15,\"i\":\"e9f72b75-99b2-4e8f-9716-22528a76c36a\"},\"panelIndex\":\"e9f72b75-99b2-4e8f-9716-22528a76c36a\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"5c8de6ac-08e7-4234-a80a-4ddc00e105b2\",\"name\":\"indexpattern-datasource-layer-6a8db27a-2d14-46d6-abec-9858ebbaf304\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\",\"shouldTruncate\":false},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"yTitle\":\"\",\"hideEndzones\":false,\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":false,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"preferredSeriesType\":\"area\",\"layers\":[{\"layerId\":\"6a8db27a-2d14-46d6-abec-9858ebbaf304\",\"seriesType\":\"area\",\"splitAccessor\":\"8fade322-dc51-49f4-82c1-c3348342b73b\",\"accessors\":[\"be46aee0-8e8b-4e42-b521-11503aeb340c\"],\"layerType\":\"data\",\"xAccessor\":\"aa368d34-f454-43c8-87e1-fe528fe08f72\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"6a8db27a-2d14-46d6-abec-9858ebbaf304\":{\"columns\":{\"8fade322-dc51-49f4-82c1-c3348342b73b\":{\"label\":\"Top 5 values of file.name\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"file.name\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"be46aee0-8e8b-4e42-b521-11503aeb340c\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false,\"secondaryFields\":[]}},\"aa368d34-f454-43c8-87e1-fe528fe08f72\":{\"label\":\"@timestamp\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"@timestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\",\"includeEmptyRows\":true,\"dropPartials\":false}},\"be46aee0-8e8b-4e42-b521-11503aeb340c\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true}}},\"columnOrder\":[\"8fade322-dc51-49f4-82c1-c3348342b73b\",\"aa368d34-f454-43c8-87e1-fe528fe08f72\",\"be46aee0-8e8b-4e42-b521-11503aeb340c\"],\"incompleteColumns\":{},\"sampling\":1,\"indexPatternId\":\"5c8de6ac-08e7-4234-a80a-4ddc00e105b2\"}},\"currentIndexPatternId\":\"5c8de6ac-08e7-4234-a80a-4ddc00e105b2\"}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{},\"hidePanelTitles\":false},\"title\":\"file.name\"},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":74,\"w\":8,\"h\":15,\"i\":\"03994b40-db9a-430f-81b7-330b55dad174\"},\"panelIndex\":\"03994b40-db9a-430f-81b7-330b55dad174\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"5c8de6ac-08e7-4234-a80a-4ddc00e105b2\",\"name\":\"indexpattern-datasource-layer-e142b6d0-628a-4552-a224-64f57e136ad8\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"bottom\",\"isInside\":true,\"verticalAlignment\":\"bottom\",\"horizontalAlignment\":\"right\"},\"valueLabels\":\"show\",\"fittingFunction\":\"None\",\"xTitle\":\"\",\"yTitle\":\"\",\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"preferredSeriesType\":\"bar_horizontal\",\"layers\":[{\"layerId\":\"e142b6d0-628a-4552-a224-64f57e136ad8\",\"accessors\":[\"10658f2c-f2ec-4af4-92df-afdd8de2e146\",\"632c6e95-8d0f-46df-801b-48980dae9817\"],\"position\":\"top\",\"seriesType\":\"bar_horizontal\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"69e4c0a4-5275-4e3f-81c0-ab8a2afb2e85\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"e142b6d0-628a-4552-a224-64f57e136ad8\":{\"columns\":{\"69e4c0a4-5275-4e3f-81c0-ab8a2afb2e85\":{\"label\":\"Top 10 values of host.name\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.name\",\"isBucketed\":true,\"params\":{\"size\":10,\"orderBy\":{\"type\":\"column\",\"columnId\":\"10658f2c-f2ec-4af4-92df-afdd8de2e146\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false}},\"10658f2c-f2ec-4af4-92df-afdd8de2e146\":{\"label\":\"hits\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true},\"customLabel\":true},\"632c6e95-8d0f-46df-801b-48980dae9817\":{\"label\":\"alert_id\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"panw_cortex.xdr.alert_id\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":true},\"customLabel\":true}},\"columnOrder\":[\"69e4c0a4-5275-4e3f-81c0-ab8a2afb2e85\",\"10658f2c-f2ec-4af4-92df-afdd8de2e146\",\"632c6e95-8d0f-46df-801b-48980dae9817\"],\"incompleteColumns\":{},\"sampling\":1,\"indexPatternId\":\"5c8de6ac-08e7-4234-a80a-4ddc00e105b2\"}},\"currentIndexPatternId\":\"5c8de6ac-08e7-4234-a80a-4ddc00e105b2\"},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"host.name\"},{\"type\":\"lens\",\"gridData\":{\"x\":8,\"y\":74,\"w\":8,\"h\":15,\"i\":\"07af239f-b8b8-46fa-9bd0-d363b0c088f0\"},\"panelIndex\":\"07af239f-b8b8-46fa-9bd0-d363b0c088f0\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"description\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"5c8de6ac-08e7-4234-a80a-4ddc00e105b2\",\"name\":\"indexpattern-datasource-layer-e142b6d0-628a-4552-a224-64f57e136ad8\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"valueLabels\":\"show\",\"fittingFunction\":\"None\",\"xTitle\":\"\",\"yTitle\":\"\",\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"preferredSeriesType\":\"bar_horizontal\",\"layers\":[{\"layerId\":\"e142b6d0-628a-4552-a224-64f57e136ad8\",\"accessors\":[\"9244844f-3328-46bf-b398-5255ff9575ed\"],\"position\":\"top\",\"seriesType\":\"bar_horizontal\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"69e4c0a4-5275-4e3f-81c0-ab8a2afb2e85\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"e142b6d0-628a-4552-a224-64f57e136ad8\":{\"columns\":{\"69e4c0a4-5275-4e3f-81c0-ab8a2afb2e85\":{\"label\":\"Top 10 values of host.name\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.name\",\"isBucketed\":true,\"params\":{\"size\":10,\"orderBy\":{\"type\":\"column\",\"columnId\":\"9244844f-3328-46bf-b398-5255ff9575ed\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false}},\"9244844f-3328-46bf-b398-5255ff9575ed\":{\"label\":\"Unique count of process.name\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"process.name\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":true}}},\"columnOrder\":[\"69e4c0a4-5275-4e3f-81c0-ab8a2afb2e85\",\"9244844f-3328-46bf-b398-5255ff9575ed\"],\"incompleteColumns\":{},\"sampling\":1,\"indexPatternId\":\"5c8de6ac-08e7-4234-a80a-4ddc00e105b2\"}},\"currentIndexPatternId\":\"5c8de6ac-08e7-4234-a80a-4ddc00e105b2\"},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"unique process by host.name\"},{\"type\":\"lens\",\"gridData\":{\"x\":16,\"y\":74,\"w\":8,\"h\":15,\"i\":\"c502c4e7-596a-46c5-afea-99feb4102256\"},\"panelIndex\":\"c502c4e7-596a-46c5-afea-99feb4102256\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"5c8de6ac-08e7-4234-a80a-4ddc00e105b2\",\"name\":\"indexpattern-datasource-layer-e142b6d0-628a-4552-a224-64f57e136ad8\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"bottom\",\"isInside\":true,\"verticalAlignment\":\"bottom\",\"horizontalAlignment\":\"right\"},\"valueLabels\":\"show\",\"fittingFunction\":\"None\",\"xTitle\":\"\",\"yTitle\":\"\",\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"preferredSeriesType\":\"bar_horizontal\",\"layers\":[{\"layerId\":\"e142b6d0-628a-4552-a224-64f57e136ad8\",\"accessors\":[\"10658f2c-f2ec-4af4-92df-afdd8de2e146\",\"632c6e95-8d0f-46df-801b-48980dae9817\"],\"position\":\"top\",\"seriesType\":\"bar_horizontal\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"69e4c0a4-5275-4e3f-81c0-ab8a2afb2e85\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"e142b6d0-628a-4552-a224-64f57e136ad8\":{\"columns\":{\"69e4c0a4-5275-4e3f-81c0-ab8a2afb2e85\":{\"label\":\"Top 10 values of process.name\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"process.name\",\"isBucketed\":true,\"params\":{\"size\":10,\"orderBy\":{\"type\":\"column\",\"columnId\":\"10658f2c-f2ec-4af4-92df-afdd8de2e146\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false,\"secondaryFields\":[]}},\"10658f2c-f2ec-4af4-92df-afdd8de2e146\":{\"label\":\"hits\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true},\"customLabel\":true},\"632c6e95-8d0f-46df-801b-48980dae9817\":{\"label\":\"alert_id\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"panw_cortex.xdr.alert_id\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":true},\"customLabel\":true}},\"columnOrder\":[\"69e4c0a4-5275-4e3f-81c0-ab8a2afb2e85\",\"10658f2c-f2ec-4af4-92df-afdd8de2e146\",\"632c6e95-8d0f-46df-801b-48980dae9817\"],\"incompleteColumns\":{},\"sampling\":1,\"indexPatternId\":\"5c8de6ac-08e7-4234-a80a-4ddc00e105b2\"}},\"currentIndexPatternId\":\"5c8de6ac-08e7-4234-a80a-4ddc00e105b2\"},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"process\"},{\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":74,\"w\":8,\"h\":15,\"i\":\"41ef1b08-6928-453c-ad29-5fe8fabac1b7\"},\"panelIndex\":\"41ef1b08-6928-453c-ad29-5fe8fabac1b7\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"5c8de6ac-08e7-4234-a80a-4ddc00e105b2\",\"name\":\"indexpattern-datasource-layer-e142b6d0-628a-4552-a224-64f57e136ad8\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"valueLabels\":\"show\",\"fittingFunction\":\"None\",\"xTitle\":\"\",\"yTitle\":\"\",\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"preferredSeriesType\":\"bar_horizontal\",\"layers\":[{\"layerId\":\"e142b6d0-628a-4552-a224-64f57e136ad8\",\"accessors\":[\"10658f2c-f2ec-4af4-92df-afdd8de2e146\"],\"position\":\"top\",\"seriesType\":\"bar_horizontal\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"69e4c0a4-5275-4e3f-81c0-ab8a2afb2e85\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"e142b6d0-628a-4552-a224-64f57e136ad8\":{\"columns\":{\"69e4c0a4-5275-4e3f-81c0-ab8a2afb2e85\":{\"label\":\"Top 10 values of process.name\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"process.name\",\"isBucketed\":true,\"params\":{\"size\":10,\"orderBy\":{\"type\":\"column\",\"columnId\":\"10658f2c-f2ec-4af4-92df-afdd8de2e146\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false}},\"10658f2c-f2ec-4af4-92df-afdd8de2e146\":{\"label\":\"Unique count of host.name\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"host.name\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":true}}},\"columnOrder\":[\"69e4c0a4-5275-4e3f-81c0-ab8a2afb2e85\",\"10658f2c-f2ec-4af4-92df-afdd8de2e146\"],\"incompleteColumns\":{},\"sampling\":1,\"indexPatternId\":\"5c8de6ac-08e7-4234-a80a-4ddc00e105b2\"}},\"currentIndexPatternId\":\"5c8de6ac-08e7-4234-a80a-4ddc00e105b2\"},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"unique host.name by process.name\"},{\"type\":\"lens\",\"gridData\":{\"x\":32,\"y\":74,\"w\":8,\"h\":15,\"i\":\"623b673e-1a04-41de-871a-23581e04eb1b\"},\"panelIndex\":\"623b673e-1a04-41de-871a-23581e04eb1b\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"5c8de6ac-08e7-4234-a80a-4ddc00e105b2\",\"name\":\"indexpattern-datasource-layer-e142b6d0-628a-4552-a224-64f57e136ad8\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"bottom\",\"isInside\":true,\"verticalAlignment\":\"bottom\",\"horizontalAlignment\":\"right\"},\"valueLabels\":\"show\",\"fittingFunction\":\"None\",\"xTitle\":\"\",\"yTitle\":\"\",\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"preferredSeriesType\":\"bar_horizontal\",\"layers\":[{\"layerId\":\"e142b6d0-628a-4552-a224-64f57e136ad8\",\"accessors\":[\"10658f2c-f2ec-4af4-92df-afdd8de2e146\",\"632c6e95-8d0f-46df-801b-48980dae9817\"],\"position\":\"top\",\"seriesType\":\"bar_horizontal\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"69e4c0a4-5275-4e3f-81c0-ab8a2afb2e85\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"e142b6d0-628a-4552-a224-64f57e136ad8\":{\"columns\":{\"69e4c0a4-5275-4e3f-81c0-ab8a2afb2e85\":{\"label\":\"Top 10 values of file.name\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"file.name\",\"isBucketed\":true,\"params\":{\"size\":10,\"orderBy\":{\"type\":\"column\",\"columnId\":\"10658f2c-f2ec-4af4-92df-afdd8de2e146\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false,\"secondaryFields\":[]}},\"10658f2c-f2ec-4af4-92df-afdd8de2e146\":{\"label\":\"hits\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true},\"customLabel\":true},\"632c6e95-8d0f-46df-801b-48980dae9817\":{\"label\":\"alert_id\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"panw_cortex.xdr.alert_id\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":true},\"customLabel\":true}},\"columnOrder\":[\"69e4c0a4-5275-4e3f-81c0-ab8a2afb2e85\",\"10658f2c-f2ec-4af4-92df-afdd8de2e146\",\"632c6e95-8d0f-46df-801b-48980dae9817\"],\"incompleteColumns\":{},\"sampling\":1,\"indexPatternId\":\"5c8de6ac-08e7-4234-a80a-4ddc00e105b2\"}},\"currentIndexPatternId\":\"5c8de6ac-08e7-4234-a80a-4ddc00e105b2\"},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"file.name\"},{\"type\":\"lens\",\"gridData\":{\"x\":40,\"y\":74,\"w\":8,\"h\":15,\"i\":\"93990691-4ab6-4c5d-ab5a-a327c8a84a13\"},\"panelIndex\":\"93990691-4ab6-4c5d-ab5a-a327c8a84a13\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"5c8de6ac-08e7-4234-a80a-4ddc00e105b2\",\"name\":\"indexpattern-datasource-layer-e142b6d0-628a-4552-a224-64f57e136ad8\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"valueLabels\":\"show\",\"fittingFunction\":\"None\",\"xTitle\":\"\",\"yTitle\":\"\",\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"preferredSeriesType\":\"bar_horizontal\",\"layers\":[{\"layerId\":\"e142b6d0-628a-4552-a224-64f57e136ad8\",\"accessors\":[\"10658f2c-f2ec-4af4-92df-afdd8de2e146\"],\"position\":\"top\",\"seriesType\":\"bar_horizontal\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"69e4c0a4-5275-4e3f-81c0-ab8a2afb2e85\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"e142b6d0-628a-4552-a224-64f57e136ad8\":{\"columns\":{\"69e4c0a4-5275-4e3f-81c0-ab8a2afb2e85\":{\"label\":\"Top 10 values of file.name\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"file.name\",\"isBucketed\":true,\"params\":{\"size\":10,\"orderBy\":{\"type\":\"column\",\"columnId\":\"10658f2c-f2ec-4af4-92df-afdd8de2e146\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false,\"secondaryFields\":[]}},\"10658f2c-f2ec-4af4-92df-afdd8de2e146\":{\"label\":\"Unique count of host.name\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"host.name\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":true}}},\"columnOrder\":[\"69e4c0a4-5275-4e3f-81c0-ab8a2afb2e85\",\"10658f2c-f2ec-4af4-92df-afdd8de2e146\"],\"incompleteColumns\":{},\"sampling\":1,\"indexPatternId\":\"5c8de6ac-08e7-4234-a80a-4ddc00e105b2\"}},\"currentIndexPatternId\":\"5c8de6ac-08e7-4234-a80a-4ddc00e105b2\"},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"unique host.name by file.name\"},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":89,\"w\":8,\"h\":15,\"i\":\"b7a47ade-d660-4a43-ad1f-59c9d95cf58a\"},\"panelIndex\":\"b7a47ade-d660-4a43-ad1f-59c9d95cf58a\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"description\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"5c8de6ac-08e7-4234-a80a-4ddc00e105b2\",\"name\":\"indexpattern-datasource-layer-e142b6d0-628a-4552-a224-64f57e136ad8\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"valueLabels\":\"show\",\"fittingFunction\":\"None\",\"xTitle\":\"\",\"yTitle\":\"\",\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"preferredSeriesType\":\"bar_horizontal\",\"layers\":[{\"layerId\":\"e142b6d0-628a-4552-a224-64f57e136ad8\",\"accessors\":[\"9244844f-3328-46bf-b398-5255ff9575ed\"],\"position\":\"top\",\"seriesType\":\"bar_horizontal\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"69e4c0a4-5275-4e3f-81c0-ab8a2afb2e85\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"e142b6d0-628a-4552-a224-64f57e136ad8\":{\"columns\":{\"69e4c0a4-5275-4e3f-81c0-ab8a2afb2e85\":{\"label\":\"Top 10 values of host.name\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.name\",\"isBucketed\":true,\"params\":{\"size\":10,\"orderBy\":{\"type\":\"column\",\"columnId\":\"9244844f-3328-46bf-b398-5255ff9575ed\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false}},\"9244844f-3328-46bf-b398-5255ff9575ed\":{\"label\":\"Unique count of file.name\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"file.name\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":true}}},\"columnOrder\":[\"69e4c0a4-5275-4e3f-81c0-ab8a2afb2e85\",\"9244844f-3328-46bf-b398-5255ff9575ed\"],\"incompleteColumns\":{},\"sampling\":1,\"indexPatternId\":\"5c8de6ac-08e7-4234-a80a-4ddc00e105b2\"}},\"currentIndexPatternId\":\"5c8de6ac-08e7-4234-a80a-4ddc00e105b2\"},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"unique file.name by host.name\"},{\"type\":\"lens\",\"gridData\":{\"x\":8,\"y\":89,\"w\":8,\"h\":15,\"i\":\"b2d26f84-82f4-4a78-b7d3-b8e3b014b62f\"},\"panelIndex\":\"b2d26f84-82f4-4a78-b7d3-b8e3b014b62f\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"description\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"5c8de6ac-08e7-4234-a80a-4ddc00e105b2\",\"name\":\"indexpattern-datasource-layer-e142b6d0-628a-4552-a224-64f57e136ad8\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"valueLabels\":\"show\",\"fittingFunction\":\"None\",\"xTitle\":\"\",\"yTitle\":\"\",\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"preferredSeriesType\":\"bar_horizontal\",\"layers\":[{\"layerId\":\"e142b6d0-628a-4552-a224-64f57e136ad8\",\"accessors\":[\"9244844f-3328-46bf-b398-5255ff9575ed\"],\"position\":\"top\",\"seriesType\":\"bar_horizontal\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"69e4c0a4-5275-4e3f-81c0-ab8a2afb2e85\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"e142b6d0-628a-4552-a224-64f57e136ad8\":{\"columns\":{\"69e4c0a4-5275-4e3f-81c0-ab8a2afb2e85\":{\"label\":\"Top 10 values of host.name\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.name\",\"isBucketed\":true,\"params\":{\"size\":10,\"orderBy\":{\"type\":\"column\",\"columnId\":\"9244844f-3328-46bf-b398-5255ff9575ed\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false}},\"9244844f-3328-46bf-b398-5255ff9575ed\":{\"label\":\"Unique count of user.name\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"user.name\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":true}}},\"columnOrder\":[\"69e4c0a4-5275-4e3f-81c0-ab8a2afb2e85\",\"9244844f-3328-46bf-b398-5255ff9575ed\"],\"incompleteColumns\":{},\"sampling\":1,\"indexPatternId\":\"5c8de6ac-08e7-4234-a80a-4ddc00e105b2\"}},\"currentIndexPatternId\":\"5c8de6ac-08e7-4234-a80a-4ddc00e105b2\"},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"unique user.name by host.name\"},{\"type\":\"lens\",\"gridData\":{\"x\":16,\"y\":89,\"w\":8,\"h\":15,\"i\":\"1f9bb602-a83b-41a9-97c3-7e885af69d9a\"},\"panelIndex\":\"1f9bb602-a83b-41a9-97c3-7e885af69d9a\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"5c8de6ac-08e7-4234-a80a-4ddc00e105b2\",\"name\":\"indexpattern-datasource-layer-e142b6d0-628a-4552-a224-64f57e136ad8\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"valueLabels\":\"show\",\"fittingFunction\":\"None\",\"xTitle\":\"\",\"yTitle\":\"\",\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"preferredSeriesType\":\"bar_horizontal\",\"layers\":[{\"layerId\":\"e142b6d0-628a-4552-a224-64f57e136ad8\",\"accessors\":[\"10658f2c-f2ec-4af4-92df-afdd8de2e146\"],\"position\":\"top\",\"seriesType\":\"bar_horizontal\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"69e4c0a4-5275-4e3f-81c0-ab8a2afb2e85\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"e142b6d0-628a-4552-a224-64f57e136ad8\":{\"columns\":{\"69e4c0a4-5275-4e3f-81c0-ab8a2afb2e85\":{\"label\":\"Top 10 values of process.name\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"process.name\",\"isBucketed\":true,\"params\":{\"size\":10,\"orderBy\":{\"type\":\"column\",\"columnId\":\"10658f2c-f2ec-4af4-92df-afdd8de2e146\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false}},\"10658f2c-f2ec-4af4-92df-afdd8de2e146\":{\"label\":\"Unique count of file.name\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"file.name\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":true}}},\"columnOrder\":[\"69e4c0a4-5275-4e3f-81c0-ab8a2afb2e85\",\"10658f2c-f2ec-4af4-92df-afdd8de2e146\"],\"incompleteColumns\":{},\"sampling\":1,\"indexPatternId\":\"5c8de6ac-08e7-4234-a80a-4ddc00e105b2\"}},\"currentIndexPatternId\":\"5c8de6ac-08e7-4234-a80a-4ddc00e105b2\"},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"unique file.name by process.name\"},{\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":89,\"w\":8,\"h\":15,\"i\":\"a04e1d69-2627-40aa-8e10-81306bf2f869\"},\"panelIndex\":\"a04e1d69-2627-40aa-8e10-81306bf2f869\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"5c8de6ac-08e7-4234-a80a-4ddc00e105b2\",\"name\":\"indexpattern-datasource-layer-e142b6d0-628a-4552-a224-64f57e136ad8\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"valueLabels\":\"show\",\"fittingFunction\":\"None\",\"xTitle\":\"\",\"yTitle\":\"\",\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"preferredSeriesType\":\"bar_horizontal\",\"layers\":[{\"layerId\":\"e142b6d0-628a-4552-a224-64f57e136ad8\",\"accessors\":[\"10658f2c-f2ec-4af4-92df-afdd8de2e146\"],\"position\":\"top\",\"seriesType\":\"bar_horizontal\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"69e4c0a4-5275-4e3f-81c0-ab8a2afb2e85\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"e142b6d0-628a-4552-a224-64f57e136ad8\":{\"columns\":{\"69e4c0a4-5275-4e3f-81c0-ab8a2afb2e85\":{\"label\":\"Top 10 values of process.name\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"process.name\",\"isBucketed\":true,\"params\":{\"size\":10,\"orderBy\":{\"type\":\"column\",\"columnId\":\"10658f2c-f2ec-4af4-92df-afdd8de2e146\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false}},\"10658f2c-f2ec-4af4-92df-afdd8de2e146\":{\"label\":\"Unique count of user.name\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"user.name\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":true}}},\"columnOrder\":[\"69e4c0a4-5275-4e3f-81c0-ab8a2afb2e85\",\"10658f2c-f2ec-4af4-92df-afdd8de2e146\"],\"incompleteColumns\":{},\"sampling\":1,\"indexPatternId\":\"5c8de6ac-08e7-4234-a80a-4ddc00e105b2\"}},\"currentIndexPatternId\":\"5c8de6ac-08e7-4234-a80a-4ddc00e105b2\"},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"unique user.name by process.name\"},{\"type\":\"lens\",\"gridData\":{\"x\":32,\"y\":89,\"w\":8,\"h\":15,\"i\":\"7739d47d-90bd-45a5-9151-4339c58f2e58\"},\"panelIndex\":\"7739d47d-90bd-45a5-9151-4339c58f2e58\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"5c8de6ac-08e7-4234-a80a-4ddc00e105b2\",\"name\":\"indexpattern-datasource-layer-e142b6d0-628a-4552-a224-64f57e136ad8\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"valueLabels\":\"show\",\"fittingFunction\":\"None\",\"xTitle\":\"\",\"yTitle\":\"\",\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"preferredSeriesType\":\"bar_horizontal\",\"layers\":[{\"layerId\":\"e142b6d0-628a-4552-a224-64f57e136ad8\",\"accessors\":[\"10658f2c-f2ec-4af4-92df-afdd8de2e146\"],\"position\":\"top\",\"seriesType\":\"bar_horizontal\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"69e4c0a4-5275-4e3f-81c0-ab8a2afb2e85\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"e142b6d0-628a-4552-a224-64f57e136ad8\":{\"columns\":{\"69e4c0a4-5275-4e3f-81c0-ab8a2afb2e85\":{\"label\":\"Top 10 values of file.name\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"file.name\",\"isBucketed\":true,\"params\":{\"size\":10,\"orderBy\":{\"type\":\"column\",\"columnId\":\"10658f2c-f2ec-4af4-92df-afdd8de2e146\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false,\"secondaryFields\":[]}},\"10658f2c-f2ec-4af4-92df-afdd8de2e146\":{\"label\":\"Unique count of process.name\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"process.name\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":true}}},\"columnOrder\":[\"69e4c0a4-5275-4e3f-81c0-ab8a2afb2e85\",\"10658f2c-f2ec-4af4-92df-afdd8de2e146\"],\"incompleteColumns\":{},\"sampling\":1,\"indexPatternId\":\"5c8de6ac-08e7-4234-a80a-4ddc00e105b2\"}},\"currentIndexPatternId\":\"5c8de6ac-08e7-4234-a80a-4ddc00e105b2\"},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"unique process.name by file.name\"},{\"type\":\"lens\",\"gridData\":{\"x\":40,\"y\":89,\"w\":8,\"h\":15,\"i\":\"55e3ab35-bfbb-4152-aad4-b8e5c0bc7b90\"},\"panelIndex\":\"55e3ab35-bfbb-4152-aad4-b8e5c0bc7b90\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"5c8de6ac-08e7-4234-a80a-4ddc00e105b2\",\"name\":\"indexpattern-datasource-layer-e142b6d0-628a-4552-a224-64f57e136ad8\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"valueLabels\":\"show\",\"fittingFunction\":\"None\",\"xTitle\":\"\",\"yTitle\":\"\",\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"preferredSeriesType\":\"bar_horizontal\",\"layers\":[{\"layerId\":\"e142b6d0-628a-4552-a224-64f57e136ad8\",\"accessors\":[\"10658f2c-f2ec-4af4-92df-afdd8de2e146\"],\"position\":\"top\",\"seriesType\":\"bar_horizontal\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"69e4c0a4-5275-4e3f-81c0-ab8a2afb2e85\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"e142b6d0-628a-4552-a224-64f57e136ad8\":{\"columns\":{\"69e4c0a4-5275-4e3f-81c0-ab8a2afb2e85\":{\"label\":\"Top 10 values of file.name\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"file.name\",\"isBucketed\":true,\"params\":{\"size\":10,\"orderBy\":{\"type\":\"column\",\"columnId\":\"10658f2c-f2ec-4af4-92df-afdd8de2e146\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false,\"secondaryFields\":[]}},\"10658f2c-f2ec-4af4-92df-afdd8de2e146\":{\"label\":\"Unique count of user.name\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"user.name\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":true}}},\"columnOrder\":[\"69e4c0a4-5275-4e3f-81c0-ab8a2afb2e85\",\"10658f2c-f2ec-4af4-92df-afdd8de2e146\"],\"incompleteColumns\":{},\"sampling\":1,\"indexPatternId\":\"5c8de6ac-08e7-4234-a80a-4ddc00e105b2\"}},\"currentIndexPatternId\":\"5c8de6ac-08e7-4234-a80a-4ddc00e105b2\"},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"unique user.name by file.name\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":104,\"w\":16,\"h\":5,\"i\":\"bc220d33-d197-43c2-8851-73bd2f4aabee\"},\"panelIndex\":\"bc220d33-d197-43c2-8851-73bd2f4aabee\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"\",\"description\":\"\",\"type\":\"markdown\",\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"User Name\\n***\"},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"enhancements\":{}},\"title\":\"\"},{\"type\":\"visualization\",\"gridData\":{\"x\":16,\"y\":104,\"w\":16,\"h\":5,\"i\":\"79ee9718-2d5e-4fa4-b7fe-2f2788730006\"},\"panelIndex\":\"79ee9718-2d5e-4fa4-b7fe-2f2788730006\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"\",\"description\":\"\",\"type\":\"markdown\",\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"Host IP\\n***\"},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"enhancements\":{}},\"title\":\"\"},{\"type\":\"visualization\",\"gridData\":{\"x\":32,\"y\":104,\"w\":16,\"h\":5,\"i\":\"6e812344-879b-49c5-bb75-2f3d23bb6710\"},\"panelIndex\":\"6e812344-879b-49c5-bb75-2f3d23bb6710\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"\",\"description\":\"\",\"type\":\"markdown\",\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"External hostname\\n***\"},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"enhancements\":{}}},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":109,\"w\":16,\"h\":15,\"i\":\"48b11670-9adf-40a6-8e68-9a439d6db7e5\"},\"panelIndex\":\"48b11670-9adf-40a6-8e68-9a439d6db7e5\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"5c8de6ac-08e7-4234-a80a-4ddc00e105b2\",\"name\":\"indexpattern-datasource-layer-5d7b36f5-051f-42e2-b592-c9471c1c47af\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\",\"shouldTruncate\":false},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"yTitle\":\"\",\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":false,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"preferredSeriesType\":\"area\",\"layers\":[{\"layerId\":\"5d7b36f5-051f-42e2-b592-c9471c1c47af\",\"accessors\":[\"2276f9c1-1bc6-4bb3-8aa0-c1bb3fdd82eb\"],\"position\":\"top\",\"seriesType\":\"area\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"49e19a94-43a6-4271-9a62-5a0c4adbbb8f\",\"splitAccessor\":\"1340c22a-6e22-43a8-b195-79ddc0b3e422\"}],\"hideEndzones\":false},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"5d7b36f5-051f-42e2-b592-c9471c1c47af\":{\"columns\":{\"49e19a94-43a6-4271-9a62-5a0c4adbbb8f\":{\"label\":\"@timestamp\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"@timestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\",\"includeEmptyRows\":true,\"dropPartials\":false}},\"2276f9c1-1bc6-4bb3-8aa0-c1bb3fdd82eb\":{\"label\":\"Count of records\",\"customLabel\":false,\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true}},\"1340c22a-6e22-43a8-b195-79ddc0b3e422\":{\"label\":\"Top 5 values of user.name\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"user.name\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"2276f9c1-1bc6-4bb3-8aa0-c1bb3fdd82eb\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false}}},\"columnOrder\":[\"1340c22a-6e22-43a8-b195-79ddc0b3e422\",\"49e19a94-43a6-4271-9a62-5a0c4adbbb8f\",\"2276f9c1-1bc6-4bb3-8aa0-c1bb3fdd82eb\"],\"incompleteColumns\":{}}}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{},\"hidePanelTitles\":false},\"title\":\"user name\"},{\"type\":\"lens\",\"gridData\":{\"x\":16,\"y\":109,\"w\":16,\"h\":15,\"i\":\"a6949304-4d9c-4f3b-8408-366cb7f81119\"},\"panelIndex\":\"a6949304-4d9c-4f3b-8408-366cb7f81119\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"5c8de6ac-08e7-4234-a80a-4ddc00e105b2\",\"name\":\"indexpattern-datasource-layer-5d7b36f5-051f-42e2-b592-c9471c1c47af\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\",\"shouldTruncate\":false},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"yTitle\":\"\",\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":false,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"preferredSeriesType\":\"area\",\"layers\":[{\"layerId\":\"5d7b36f5-051f-42e2-b592-c9471c1c47af\",\"accessors\":[\"2276f9c1-1bc6-4bb3-8aa0-c1bb3fdd82eb\"],\"position\":\"top\",\"seriesType\":\"area\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"49e19a94-43a6-4271-9a62-5a0c4adbbb8f\",\"splitAccessor\":\"9acc49ce-4262-421f-9a4d-ea5105064592\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"5d7b36f5-051f-42e2-b592-c9471c1c47af\":{\"columns\":{\"9acc49ce-4262-421f-9a4d-ea5105064592\":{\"label\":\"Top 5 values of host.ip\",\"dataType\":\"ip\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.ip\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"2276f9c1-1bc6-4bb3-8aa0-c1bb3fdd82eb\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"secondaryFields\":[]}},\"49e19a94-43a6-4271-9a62-5a0c4adbbb8f\":{\"label\":\"@timestamp\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"@timestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\",\"includeEmptyRows\":true,\"dropPartials\":false}},\"2276f9c1-1bc6-4bb3-8aa0-c1bb3fdd82eb\":{\"label\":\"Count of records\",\"customLabel\":false,\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true}}},\"columnOrder\":[\"9acc49ce-4262-421f-9a4d-ea5105064592\",\"49e19a94-43a6-4271-9a62-5a0c4adbbb8f\",\"2276f9c1-1bc6-4bb3-8aa0-c1bb3fdd82eb\"],\"incompleteColumns\":{},\"indexPatternId\":\"5c8de6ac-08e7-4234-a80a-4ddc00e105b2\"}},\"currentIndexPatternId\":\"5c8de6ac-08e7-4234-a80a-4ddc00e105b2\"}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{},\"hidePanelTitles\":false},\"title\":\"host.ip\"},{\"type\":\"lens\",\"gridData\":{\"x\":32,\"y\":109,\"w\":16,\"h\":15,\"i\":\"c86fee6a-6637-4742-80f0-dafcef17dbce\"},\"panelIndex\":\"c86fee6a-6637-4742-80f0-dafcef17dbce\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"5c8de6ac-08e7-4234-a80a-4ddc00e105b2\",\"name\":\"indexpattern-datasource-layer-5d7b36f5-051f-42e2-b592-c9471c1c47af\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\",\"shouldTruncate\":false},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"yTitle\":\"\",\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":false,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"preferredSeriesType\":\"area\",\"layers\":[{\"layerId\":\"5d7b36f5-051f-42e2-b592-c9471c1c47af\",\"accessors\":[\"2276f9c1-1bc6-4bb3-8aa0-c1bb3fdd82eb\"],\"position\":\"top\",\"seriesType\":\"area\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"49e19a94-43a6-4271-9a62-5a0c4adbbb8f\",\"splitAccessor\":\"9acc49ce-4262-421f-9a4d-ea5105064592\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"5d7b36f5-051f-42e2-b592-c9471c1c47af\":{\"columns\":{\"9acc49ce-4262-421f-9a4d-ea5105064592\":{\"label\":\"Top 5 values of panw_cortex.xdr.events.action_external_hostname\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"panw_cortex.xdr.events.action_external_hostname\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"2276f9c1-1bc6-4bb3-8aa0-c1bb3fdd82eb\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"secondaryFields\":[]}},\"49e19a94-43a6-4271-9a62-5a0c4adbbb8f\":{\"label\":\"@timestamp\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"@timestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\",\"includeEmptyRows\":true,\"dropPartials\":false}},\"2276f9c1-1bc6-4bb3-8aa0-c1bb3fdd82eb\":{\"label\":\"Count of records\",\"customLabel\":false,\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true}}},\"columnOrder\":[\"9acc49ce-4262-421f-9a4d-ea5105064592\",\"49e19a94-43a6-4271-9a62-5a0c4adbbb8f\",\"2276f9c1-1bc6-4bb3-8aa0-c1bb3fdd82eb\"],\"incompleteColumns\":{},\"indexPatternId\":\"5c8de6ac-08e7-4234-a80a-4ddc00e105b2\"}},\"currentIndexPatternId\":\"5c8de6ac-08e7-4234-a80a-4ddc00e105b2\"}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{},\"hidePanelTitles\":false},\"title\":\"external hostname\"},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":124,\"w\":8,\"h\":15,\"i\":\"c5b8af56-7135-4056-8666-36f278193a47\"},\"panelIndex\":\"c5b8af56-7135-4056-8666-36f278193a47\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"5c8de6ac-08e7-4234-a80a-4ddc00e105b2\",\"name\":\"indexpattern-datasource-layer-e142b6d0-628a-4552-a224-64f57e136ad8\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"bottom\",\"isInside\":true,\"verticalAlignment\":\"bottom\",\"horizontalAlignment\":\"right\"},\"valueLabels\":\"show\",\"fittingFunction\":\"None\",\"xTitle\":\"\",\"yTitle\":\"\",\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"preferredSeriesType\":\"bar_horizontal\",\"layers\":[{\"layerId\":\"e142b6d0-628a-4552-a224-64f57e136ad8\",\"accessors\":[\"10658f2c-f2ec-4af4-92df-afdd8de2e146\",\"632c6e95-8d0f-46df-801b-48980dae9817\"],\"position\":\"top\",\"seriesType\":\"bar_horizontal\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"69e4c0a4-5275-4e3f-81c0-ab8a2afb2e85\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"e142b6d0-628a-4552-a224-64f57e136ad8\":{\"columns\":{\"69e4c0a4-5275-4e3f-81c0-ab8a2afb2e85\":{\"label\":\"Top 10 values of user.name\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"user.name\",\"isBucketed\":true,\"params\":{\"size\":10,\"orderBy\":{\"type\":\"column\",\"columnId\":\"10658f2c-f2ec-4af4-92df-afdd8de2e146\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false,\"secondaryFields\":[]}},\"10658f2c-f2ec-4af4-92df-afdd8de2e146\":{\"label\":\"hits\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true},\"customLabel\":true},\"632c6e95-8d0f-46df-801b-48980dae9817\":{\"label\":\"alert_id\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"panw_cortex.xdr.alert_id\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":true},\"customLabel\":true}},\"columnOrder\":[\"69e4c0a4-5275-4e3f-81c0-ab8a2afb2e85\",\"10658f2c-f2ec-4af4-92df-afdd8de2e146\",\"632c6e95-8d0f-46df-801b-48980dae9817\"],\"incompleteColumns\":{},\"sampling\":1,\"indexPatternId\":\"5c8de6ac-08e7-4234-a80a-4ddc00e105b2\"}},\"currentIndexPatternId\":\"5c8de6ac-08e7-4234-a80a-4ddc00e105b2\"},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"user name\"},{\"type\":\"lens\",\"gridData\":{\"x\":8,\"y\":124,\"w\":8,\"h\":15,\"i\":\"76779a45-5697-4d65-84ae-60408e91394e\"},\"panelIndex\":\"76779a45-5697-4d65-84ae-60408e91394e\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"5c8de6ac-08e7-4234-a80a-4ddc00e105b2\",\"name\":\"indexpattern-datasource-layer-e142b6d0-628a-4552-a224-64f57e136ad8\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"valueLabels\":\"show\",\"fittingFunction\":\"None\",\"xTitle\":\"\",\"yTitle\":\"\",\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"preferredSeriesType\":\"bar_horizontal\",\"layers\":[{\"layerId\":\"e142b6d0-628a-4552-a224-64f57e136ad8\",\"accessors\":[\"50643e5d-9921-42f5-9839-8dc6e77c0a36\"],\"position\":\"top\",\"seriesType\":\"bar_horizontal\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"630ada39-65af-416f-b95f-bc76d2f277bf\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"e142b6d0-628a-4552-a224-64f57e136ad8\":{\"columns\":{\"630ada39-65af-416f-b95f-bc76d2f277bf\":{\"label\":\"Top 10 values of user.name\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"user.name\",\"isBucketed\":true,\"params\":{\"size\":10,\"orderBy\":{\"type\":\"column\",\"columnId\":\"50643e5d-9921-42f5-9839-8dc6e77c0a36\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false}},\"50643e5d-9921-42f5-9839-8dc6e77c0a36\":{\"label\":\"Unique count of process.name\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"process.name\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":true}}},\"columnOrder\":[\"630ada39-65af-416f-b95f-bc76d2f277bf\",\"50643e5d-9921-42f5-9839-8dc6e77c0a36\"],\"incompleteColumns\":{},\"sampling\":1}}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"unique process by user.name\"},{\"type\":\"lens\",\"gridData\":{\"x\":16,\"y\":124,\"w\":8,\"h\":15,\"i\":\"78a377f7-4ae3-4e2c-9663-32a331968985\"},\"panelIndex\":\"78a377f7-4ae3-4e2c-9663-32a331968985\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"5c8de6ac-08e7-4234-a80a-4ddc00e105b2\",\"name\":\"indexpattern-datasource-layer-e142b6d0-628a-4552-a224-64f57e136ad8\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"bottom\",\"isInside\":true,\"verticalAlignment\":\"bottom\",\"horizontalAlignment\":\"right\"},\"valueLabels\":\"show\",\"fittingFunction\":\"None\",\"xTitle\":\"\",\"yTitle\":\"\",\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"preferredSeriesType\":\"bar_horizontal\",\"layers\":[{\"layerId\":\"e142b6d0-628a-4552-a224-64f57e136ad8\",\"accessors\":[\"10658f2c-f2ec-4af4-92df-afdd8de2e146\",\"632c6e95-8d0f-46df-801b-48980dae9817\"],\"position\":\"top\",\"seriesType\":\"bar_horizontal\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"69e4c0a4-5275-4e3f-81c0-ab8a2afb2e85\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"e142b6d0-628a-4552-a224-64f57e136ad8\":{\"columns\":{\"69e4c0a4-5275-4e3f-81c0-ab8a2afb2e85\":{\"label\":\"Top 10 values of host.ip\",\"dataType\":\"ip\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.ip\",\"isBucketed\":true,\"params\":{\"size\":10,\"orderBy\":{\"type\":\"column\",\"columnId\":\"10658f2c-f2ec-4af4-92df-afdd8de2e146\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false,\"secondaryFields\":[]}},\"10658f2c-f2ec-4af4-92df-afdd8de2e146\":{\"label\":\"hits\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true},\"customLabel\":true},\"632c6e95-8d0f-46df-801b-48980dae9817\":{\"label\":\"alert_id\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"panw_cortex.xdr.alert_id\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":true},\"customLabel\":true}},\"columnOrder\":[\"69e4c0a4-5275-4e3f-81c0-ab8a2afb2e85\",\"10658f2c-f2ec-4af4-92df-afdd8de2e146\",\"632c6e95-8d0f-46df-801b-48980dae9817\"],\"incompleteColumns\":{},\"sampling\":1,\"indexPatternId\":\"5c8de6ac-08e7-4234-a80a-4ddc00e105b2\"}},\"currentIndexPatternId\":\"5c8de6ac-08e7-4234-a80a-4ddc00e105b2\"},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"host.ip\"},{\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":124,\"w\":8,\"h\":15,\"i\":\"459818ab-3f2b-40dc-9c7b-76663c8bdeaf\"},\"panelIndex\":\"459818ab-3f2b-40dc-9c7b-76663c8bdeaf\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"description\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"5c8de6ac-08e7-4234-a80a-4ddc00e105b2\",\"name\":\"indexpattern-datasource-layer-e142b6d0-628a-4552-a224-64f57e136ad8\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"valueLabels\":\"show\",\"fittingFunction\":\"None\",\"xTitle\":\"\",\"yTitle\":\"\",\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"preferredSeriesType\":\"bar_horizontal\",\"layers\":[{\"layerId\":\"e142b6d0-628a-4552-a224-64f57e136ad8\",\"accessors\":[\"9244844f-3328-46bf-b398-5255ff9575ed\"],\"position\":\"top\",\"seriesType\":\"bar_horizontal\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"69e4c0a4-5275-4e3f-81c0-ab8a2afb2e85\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"e142b6d0-628a-4552-a224-64f57e136ad8\":{\"columns\":{\"69e4c0a4-5275-4e3f-81c0-ab8a2afb2e85\":{\"label\":\"Top 10 values of host.ip\",\"dataType\":\"ip\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"host.ip\",\"isBucketed\":true,\"params\":{\"size\":10,\"orderBy\":{\"type\":\"custom\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false,\"orderAgg\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true}},\"secondaryFields\":[]}},\"9244844f-3328-46bf-b398-5255ff9575ed\":{\"label\":\"Unique count of process.name\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"process.name\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":true}}},\"columnOrder\":[\"69e4c0a4-5275-4e3f-81c0-ab8a2afb2e85\",\"9244844f-3328-46bf-b398-5255ff9575ed\"],\"incompleteColumns\":{},\"sampling\":1,\"indexPatternId\":\"5c8de6ac-08e7-4234-a80a-4ddc00e105b2\"}},\"currentIndexPatternId\":\"5c8de6ac-08e7-4234-a80a-4ddc00e105b2\"},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"unique process by host.ip\"},{\"type\":\"lens\",\"gridData\":{\"x\":32,\"y\":124,\"w\":8,\"h\":15,\"i\":\"6bf20097-c5ed-4014-9592-8e8c0bcee289\"},\"panelIndex\":\"6bf20097-c5ed-4014-9592-8e8c0bcee289\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"5c8de6ac-08e7-4234-a80a-4ddc00e105b2\",\"name\":\"indexpattern-datasource-layer-e142b6d0-628a-4552-a224-64f57e136ad8\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"bottom\",\"isInside\":true,\"verticalAlignment\":\"bottom\",\"horizontalAlignment\":\"right\"},\"valueLabels\":\"show\",\"fittingFunction\":\"None\",\"xTitle\":\"\",\"yTitle\":\"\",\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"preferredSeriesType\":\"bar_horizontal\",\"layers\":[{\"layerId\":\"e142b6d0-628a-4552-a224-64f57e136ad8\",\"accessors\":[\"10658f2c-f2ec-4af4-92df-afdd8de2e146\",\"632c6e95-8d0f-46df-801b-48980dae9817\"],\"position\":\"top\",\"seriesType\":\"bar_horizontal\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"69e4c0a4-5275-4e3f-81c0-ab8a2afb2e85\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"e142b6d0-628a-4552-a224-64f57e136ad8\":{\"columns\":{\"69e4c0a4-5275-4e3f-81c0-ab8a2afb2e85\":{\"label\":\"Top 10 values of panw_cortex.xdr.events.action_external_hostname\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"panw_cortex.xdr.events.action_external_hostname\",\"isBucketed\":true,\"params\":{\"size\":10,\"orderBy\":{\"type\":\"column\",\"columnId\":\"10658f2c-f2ec-4af4-92df-afdd8de2e146\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false,\"secondaryFields\":[]}},\"10658f2c-f2ec-4af4-92df-afdd8de2e146\":{\"label\":\"hits\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true},\"customLabel\":true},\"632c6e95-8d0f-46df-801b-48980dae9817\":{\"label\":\"alert_id\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"panw_cortex.xdr.alert_id\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":true},\"customLabel\":true}},\"columnOrder\":[\"69e4c0a4-5275-4e3f-81c0-ab8a2afb2e85\",\"10658f2c-f2ec-4af4-92df-afdd8de2e146\",\"632c6e95-8d0f-46df-801b-48980dae9817\"],\"incompleteColumns\":{},\"sampling\":1,\"indexPatternId\":\"5c8de6ac-08e7-4234-a80a-4ddc00e105b2\"}},\"currentIndexPatternId\":\"5c8de6ac-08e7-4234-a80a-4ddc00e105b2\"},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"external hostname\"},{\"type\":\"lens\",\"gridData\":{\"x\":40,\"y\":124,\"w\":8,\"h\":15,\"i\":\"05f239bc-8d4c-4f8c-8e21-88f3cf4e9f2b\"},\"panelIndex\":\"05f239bc-8d4c-4f8c-8e21-88f3cf4e9f2b\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"description\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"5c8de6ac-08e7-4234-a80a-4ddc00e105b2\",\"name\":\"indexpattern-datasource-layer-e142b6d0-628a-4552-a224-64f57e136ad8\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"valueLabels\":\"show\",\"fittingFunction\":\"None\",\"xTitle\":\"\",\"yTitle\":\"\",\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"preferredSeriesType\":\"bar_horizontal\",\"layers\":[{\"layerId\":\"e142b6d0-628a-4552-a224-64f57e136ad8\",\"accessors\":[\"9244844f-3328-46bf-b398-5255ff9575ed\"],\"position\":\"top\",\"seriesType\":\"bar_horizontal\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"69e4c0a4-5275-4e3f-81c0-ab8a2afb2e85\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"e142b6d0-628a-4552-a224-64f57e136ad8\":{\"columns\":{\"69e4c0a4-5275-4e3f-81c0-ab8a2afb2e85\":{\"label\":\"Top 10 values of panw_cortex.xdr.events.action_external_hostname\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"panw_cortex.xdr.events.action_external_hostname\",\"isBucketed\":true,\"params\":{\"size\":10,\"orderBy\":{\"type\":\"custom\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false,\"orderAgg\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true}},\"secondaryFields\":[]}},\"9244844f-3328-46bf-b398-5255ff9575ed\":{\"label\":\"Unique count of host.name\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"host.name\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":true}}},\"columnOrder\":[\"69e4c0a4-5275-4e3f-81c0-ab8a2afb2e85\",\"9244844f-3328-46bf-b398-5255ff9575ed\"],\"incompleteColumns\":{},\"sampling\":1,\"indexPatternId\":\"5c8de6ac-08e7-4234-a80a-4ddc00e105b2\"}},\"currentIndexPatternId\":\"5c8de6ac-08e7-4234-a80a-4ddc00e105b2\"},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"unique host.name by external hostname\"},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":139,\"w\":24,\"h\":31,\"i\":\"122311d9-4244-4698-a0b8-920d29cee824\"},\"panelIndex\":\"122311d9-4244-4698-a0b8-920d29cee824\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"5c8de6ac-08e7-4234-a80a-4ddc00e105b2\",\"name\":\"indexpattern-datasource-layer-e142b6d0-628a-4552-a224-64f57e136ad8\"}],\"state\":{\"visualization\":{\"layerId\":\"e142b6d0-628a-4552-a224-64f57e136ad8\",\"layerType\":\"data\",\"columns\":[{\"columnId\":\"69e4c0a4-5275-4e3f-81c0-ab8a2afb2e85\",\"width\":888.833333333333},{\"columnId\":\"10658f2c-f2ec-4af4-92df-afdd8de2e146\",\"width\":189.33333333333348},{\"columnId\":\"632c6e95-8d0f-46df-801b-48980dae9817\",\"width\":112.83333333333326}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"e142b6d0-628a-4552-a224-64f57e136ad8\":{\"columns\":{\"69e4c0a4-5275-4e3f-81c0-ab8a2afb2e85\":{\"label\":\"Top 20 values of process.command_line\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"process.command_line\",\"isBucketed\":true,\"params\":{\"size\":20,\"orderBy\":{\"type\":\"column\",\"columnId\":\"10658f2c-f2ec-4af4-92df-afdd8de2e146\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false,\"secondaryFields\":[]}},\"10658f2c-f2ec-4af4-92df-afdd8de2e146\":{\"label\":\"hits\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true},\"customLabel\":true},\"632c6e95-8d0f-46df-801b-48980dae9817\":{\"label\":\"alert_id\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"panw_cortex.xdr.alert_id\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":true},\"customLabel\":true}},\"columnOrder\":[\"69e4c0a4-5275-4e3f-81c0-ab8a2afb2e85\",\"10658f2c-f2ec-4af4-92df-afdd8de2e146\",\"632c6e95-8d0f-46df-801b-48980dae9817\"],\"incompleteColumns\":{},\"sampling\":1,\"indexPatternId\":\"5c8de6ac-08e7-4234-a80a-4ddc00e105b2\"}},\"currentIndexPatternId\":\"5c8de6ac-08e7-4234-a80a-4ddc00e105b2\"},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"commnad\"},{\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":139,\"w\":24,\"h\":31,\"i\":\"269c3029-9c18-4ea0-bd3f-d54dbae9b63a\"},\"panelIndex\":\"269c3029-9c18-4ea0-bd3f-d54dbae9b63a\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsDatatable\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"5c8de6ac-08e7-4234-a80a-4ddc00e105b2\",\"name\":\"indexpattern-datasource-layer-e142b6d0-628a-4552-a224-64f57e136ad8\"}],\"state\":{\"visualization\":{\"layerId\":\"e142b6d0-628a-4552-a224-64f57e136ad8\",\"layerType\":\"data\",\"columns\":[{\"columnId\":\"69e4c0a4-5275-4e3f-81c0-ab8a2afb2e85\",\"width\":917.8333333333333},{\"columnId\":\"10658f2c-f2ec-4af4-92df-afdd8de2e146\",\"width\":139.33333333333348},{\"columnId\":\"632c6e95-8d0f-46df-801b-48980dae9817\",\"width\":127.83333333333326}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"e142b6d0-628a-4552-a224-64f57e136ad8\":{\"columns\":{\"69e4c0a4-5275-4e3f-81c0-ab8a2afb2e85\":{\"label\":\"Top 20 values of file.path\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"file.path\",\"isBucketed\":true,\"params\":{\"size\":20,\"orderBy\":{\"type\":\"column\",\"columnId\":\"10658f2c-f2ec-4af4-92df-afdd8de2e146\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false,\"secondaryFields\":[]}},\"10658f2c-f2ec-4af4-92df-afdd8de2e146\":{\"label\":\"hits\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true},\"customLabel\":true},\"632c6e95-8d0f-46df-801b-48980dae9817\":{\"label\":\"alert_id\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"panw_cortex.xdr.alert_id\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":true},\"customLabel\":true}},\"columnOrder\":[\"69e4c0a4-5275-4e3f-81c0-ab8a2afb2e85\",\"10658f2c-f2ec-4af4-92df-afdd8de2e146\",\"632c6e95-8d0f-46df-801b-48980dae9817\"],\"incompleteColumns\":{},\"sampling\":1,\"indexPatternId\":\"5c8de6ac-08e7-4234-a80a-4ddc00e105b2\"}},\"currentIndexPatternId\":\"5c8de6ac-08e7-4234-a80a-4ddc00e105b2\"},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"file.path\"}]","timeRestore":false,"title":"Alerts [Cortex]","version":2},"coreMigrationVersion":"8.8.0","created_at":"2024-04-09T17:39:07.784Z","id":"ff615202-21a2-4634-bd3a-54cb26a3d2ef","managed":false,"references":[{"id":"7a2a3ff7-c63b-4deb-91e6-bce626152c1d","name":"13de2b17-3d9e-402b-957e-dc715d09de21:panel_13de2b17-3d9e-402b-957e-dc715d09de21","type":"links"},{"id":"5c8de6ac-08e7-4234-a80a-4ddc00e105b2","name":"8b10ddec-8e74-4119-a006-12d94a537cd6:indexpattern-datasource-layer-6d7bc3ca-1f77-43a3-b4a9-a3a6acdf3a62","type":"index-pattern"},{"id":"5c8de6ac-08e7-4234-a80a-4ddc00e105b2","name":"8b10ddec-8e74-4119-a006-12d94a537cd6:indexpattern-datasource-layer-cf9d7ff4-9bf6-4217-aa29-cdb3976537c2","type":"index-pattern"},{"id":"5c8de6ac-08e7-4234-a80a-4ddc00e105b2","name":"3e2fcdcf-36a8-4e8b-a5fa-413534503350:indexpattern-datasource-layer-cc4bbd7b-9b35-480a-a9ae-d134220aab84","type":"index-pattern"},{"id":"5c8de6ac-08e7-4234-a80a-4ddc00e105b2","name":"c4aa6743-8741-4763-a5cb-250a560e7ebb:indexpattern-datasource-layer-5d7b36f5-051f-42e2-b592-c9471c1c47af","type":"index-pattern"},{"id":"5c8de6ac-08e7-4234-a80a-4ddc00e105b2","name":"463eba5f-de8c-4819-b2de-f178465539f9:indexpattern-datasource-layer-cc4bbd7b-9b35-480a-a9ae-d134220aab84","type":"index-pattern"},{"id":"5c8de6ac-08e7-4234-a80a-4ddc00e105b2","name":"db1889f9-39e8-4275-b078-62669f7b4ed4:indexpattern-datasource-layer-a2ba0a2c-9cf7-48e5-b83d-2e280a0e46de","type":"index-pattern"},{"id":"5c8de6ac-08e7-4234-a80a-4ddc00e105b2","name":"e41de356-113c-49e8-aff0-db91828bbe14:indexpattern-datasource-layer-a2ba0a2c-9cf7-48e5-b83d-2e280a0e46de","type":"index-pattern"},{"id":"5c8de6ac-08e7-4234-a80a-4ddc00e105b2","name":"7ba860a3-a27d-4ece-a173-94ec94b8b2b6:indexpattern-datasource-layer-a2ba0a2c-9cf7-48e5-b83d-2e280a0e46de","type":"index-pattern"},{"id":"5c8de6ac-08e7-4234-a80a-4ddc00e105b2","name":"673660ae-7e0f-41b9-8fd4-728a8a3e39c6:indexpattern-datasource-layer-3baa2dc3-a164-4cf5-94ec-347b9f94a730","type":"index-pattern"},{"id":"5c8de6ac-08e7-4234-a80a-4ddc00e105b2","name":"c7c7a8fb-2361-4d53-9b49-7b80c1e93267:indexpattern-datasource-layer-51ba4de0-fba4-4cde-82c6-f78db04d3cbc","type":"index-pattern"},{"id":"5c8de6ac-08e7-4234-a80a-4ddc00e105b2","name":"94d6c757-28a3-47a8-b5b5-187ede2ea2ce:indexpattern-datasource-layer-3baa2dc3-a164-4cf5-94ec-347b9f94a730","type":"index-pattern"},{"id":"5c8de6ac-08e7-4234-a80a-4ddc00e105b2","name":"7938494e-770f-4434-b28d-a655ca3cfa07:indexpattern-datasource-layer-038c4560-7cb8-4ac6-98f6-596b9f7d7a90","type":"index-pattern"},{"id":"5c8de6ac-08e7-4234-a80a-4ddc00e105b2","name":"ba90df4e-16b1-4173-b059-e730d259913b:indexpattern-datasource-layer-5d7b36f5-051f-42e2-b592-c9471c1c47af","type":"index-pattern"},{"id":"5c8de6ac-08e7-4234-a80a-4ddc00e105b2","name":"f13c9704-9d6c-4955-b657-129f1d84aa26:indexpattern-datasource-layer-5d7b36f5-051f-42e2-b592-c9471c1c47af","type":"index-pattern"},{"id":"5c8de6ac-08e7-4234-a80a-4ddc00e105b2","name":"e9f72b75-99b2-4e8f-9716-22528a76c36a:indexpattern-datasource-layer-6a8db27a-2d14-46d6-abec-9858ebbaf304","type":"index-pattern"},{"id":"5c8de6ac-08e7-4234-a80a-4ddc00e105b2","name":"03994b40-db9a-430f-81b7-330b55dad174:indexpattern-datasource-layer-e142b6d0-628a-4552-a224-64f57e136ad8","type":"index-pattern"},{"id":"5c8de6ac-08e7-4234-a80a-4ddc00e105b2","name":"07af239f-b8b8-46fa-9bd0-d363b0c088f0:indexpattern-datasource-layer-e142b6d0-628a-4552-a224-64f57e136ad8","type":"index-pattern"},{"id":"5c8de6ac-08e7-4234-a80a-4ddc00e105b2","name":"c502c4e7-596a-46c5-afea-99feb4102256:indexpattern-datasource-layer-e142b6d0-628a-4552-a224-64f57e136ad8","type":"index-pattern"},{"id":"5c8de6ac-08e7-4234-a80a-4ddc00e105b2","name":"41ef1b08-6928-453c-ad29-5fe8fabac1b7:indexpattern-datasource-layer-e142b6d0-628a-4552-a224-64f57e136ad8","type":"index-pattern"},{"id":"5c8de6ac-08e7-4234-a80a-4ddc00e105b2","name":"623b673e-1a04-41de-871a-23581e04eb1b:indexpattern-datasource-layer-e142b6d0-628a-4552-a224-64f57e136ad8","type":"index-pattern"},{"id":"5c8de6ac-08e7-4234-a80a-4ddc00e105b2","name":"93990691-4ab6-4c5d-ab5a-a327c8a84a13:indexpattern-datasource-layer-e142b6d0-628a-4552-a224-64f57e136ad8","type":"index-pattern"},{"id":"5c8de6ac-08e7-4234-a80a-4ddc00e105b2","name":"b7a47ade-d660-4a43-ad1f-59c9d95cf58a:indexpattern-datasource-layer-e142b6d0-628a-4552-a224-64f57e136ad8","type":"index-pattern"},{"id":"5c8de6ac-08e7-4234-a80a-4ddc00e105b2","name":"b2d26f84-82f4-4a78-b7d3-b8e3b014b62f:indexpattern-datasource-layer-e142b6d0-628a-4552-a224-64f57e136ad8","type":"index-pattern"},{"id":"5c8de6ac-08e7-4234-a80a-4ddc00e105b2","name":"1f9bb602-a83b-41a9-97c3-7e885af69d9a:indexpattern-datasource-layer-e142b6d0-628a-4552-a224-64f57e136ad8","type":"index-pattern"},{"id":"5c8de6ac-08e7-4234-a80a-4ddc00e105b2","name":"a04e1d69-2627-40aa-8e10-81306bf2f869:indexpattern-datasource-layer-e142b6d0-628a-4552-a224-64f57e136ad8","type":"index-pattern"},{"id":"5c8de6ac-08e7-4234-a80a-4ddc00e105b2","name":"7739d47d-90bd-45a5-9151-4339c58f2e58:indexpattern-datasource-layer-e142b6d0-628a-4552-a224-64f57e136ad8","type":"index-pattern"},{"id":"5c8de6ac-08e7-4234-a80a-4ddc00e105b2","name":"55e3ab35-bfbb-4152-aad4-b8e5c0bc7b90:indexpattern-datasource-layer-e142b6d0-628a-4552-a224-64f57e136ad8","type":"index-pattern"},{"id":"5c8de6ac-08e7-4234-a80a-4ddc00e105b2","name":"48b11670-9adf-40a6-8e68-9a439d6db7e5:indexpattern-datasource-layer-5d7b36f5-051f-42e2-b592-c9471c1c47af","type":"index-pattern"},{"id":"5c8de6ac-08e7-4234-a80a-4ddc00e105b2","name":"a6949304-4d9c-4f3b-8408-366cb7f81119:indexpattern-datasource-layer-5d7b36f5-051f-42e2-b592-c9471c1c47af","type":"index-pattern"},{"id":"5c8de6ac-08e7-4234-a80a-4ddc00e105b2","name":"c86fee6a-6637-4742-80f0-dafcef17dbce:indexpattern-datasource-layer-5d7b36f5-051f-42e2-b592-c9471c1c47af","type":"index-pattern"},{"id":"5c8de6ac-08e7-4234-a80a-4ddc00e105b2","name":"c5b8af56-7135-4056-8666-36f278193a47:indexpattern-datasource-layer-e142b6d0-628a-4552-a224-64f57e136ad8","type":"index-pattern"},{"id":"5c8de6ac-08e7-4234-a80a-4ddc00e105b2","name":"76779a45-5697-4d65-84ae-60408e91394e:indexpattern-datasource-layer-e142b6d0-628a-4552-a224-64f57e136ad8","type":"index-pattern"},{"id":"5c8de6ac-08e7-4234-a80a-4ddc00e105b2","name":"78a377f7-4ae3-4e2c-9663-32a331968985:indexpattern-datasource-layer-e142b6d0-628a-4552-a224-64f57e136ad8","type":"index-pattern"},{"id":"5c8de6ac-08e7-4234-a80a-4ddc00e105b2","name":"459818ab-3f2b-40dc-9c7b-76663c8bdeaf:indexpattern-datasource-layer-e142b6d0-628a-4552-a224-64f57e136ad8","type":"index-pattern"},{"id":"5c8de6ac-08e7-4234-a80a-4ddc00e105b2","name":"6bf20097-c5ed-4014-9592-8e8c0bcee289:indexpattern-datasource-layer-e142b6d0-628a-4552-a224-64f57e136ad8","type":"index-pattern"},{"id":"5c8de6ac-08e7-4234-a80a-4ddc00e105b2","name":"05f239bc-8d4c-4f8c-8e21-88f3cf4e9f2b:indexpattern-datasource-layer-e142b6d0-628a-4552-a224-64f57e136ad8","type":"index-pattern"},{"id":"5c8de6ac-08e7-4234-a80a-4ddc00e105b2","name":"122311d9-4244-4698-a0b8-920d29cee824:indexpattern-datasource-layer-e142b6d0-628a-4552-a224-64f57e136ad8","type":"index-pattern"},{"id":"5c8de6ac-08e7-4234-a80a-4ddc00e105b2","name":"269c3029-9c18-4ea0-bd3f-d54dbae9b63a:indexpattern-datasource-layer-e142b6d0-628a-4552-a224-64f57e136ad8","type":"index-pattern"},{"id":"5c8de6ac-08e7-4234-a80a-4ddc00e105b2","name":"controlGroup_4d6b8f99-bac5-4c54-ac49-5f39eee51a32:optionsListDataView","type":"index-pattern"},{"id":"5c8de6ac-08e7-4234-a80a-4ddc00e105b2","name":"controlGroup_6ac35fa1-301e-49ba-9f6f-219976460df4:optionsListDataView","type":"index-pattern"},{"id":"5c8de6ac-08e7-4234-a80a-4ddc00e105b2","name":"controlGroup_c48b71f3-c474-4eb1-bac0-e75159fdd506:optionsListDataView","type":"index-pattern"},{"id":"5c8de6ac-08e7-4234-a80a-4ddc00e105b2","name":"controlGroup_839e8412-37ef-4574-aa8d-28e6dc2ecb98:optionsListDataView","type":"index-pattern"},{"id":"aa825331-3d72-48fb-a651-3ddf51d0abe5","name":"tag-ref-aa825331-3d72-48fb-a651-3ddf51d0abe5","type":"tag"},{"id":"e890acff-5ac5-41f1-af1f-ffc965cf5027","name":"tag-ref-e890acff-5ac5-41f1-af1f-ffc965cf5027","type":"tag"}],"type":"dashboard","typeMigrationVersion":"10.2.0","updated_at":"2024-04-09T17:39:07.784Z","version":"WzMyNDYsM10="}
{"attributes":{"description":"","layout":"horizontal","links":[{"destinationRefName":"link_690e61ed-9f10-406d-bb08-ed85948f330a_dashboard","id":"690e61ed-9f10-406d-bb08-ed85948f330a","options":{"openInNewTab":false,"useCurrentDateRange":true,"useCurrentFilters":false},"order":0,"type":"dashboardLink"},{"destinationRefName":"link_1a81c95f-d10a-4aa3-ab38-89149e1bd17b_dashboard","id":"1a81c95f-d10a-4aa3-ab38-89149e1bd17b","options":{"openInNewTab":false,"useCurrentDateRange":true,"useCurrentFilters":false},"order":1,"type":"dashboardLink"}],"title":"Alerts [Cortex]"},"coreMigrationVersion":"8.8.0","created_at":"2024-02-06T18:01:12.298Z","id":"7a2a3ff7-c63b-4deb-91e6-bce626152c1d","managed":false,"references":[{"id":"ff615202-21a2-4634-bd3a-54cb26a3d2ef","name":"link_690e61ed-9f10-406d-bb08-ed85948f330a_dashboard","type":"dashboard"},{"id":"9d0433ff-5d2b-412d-8176-681d689ad2ae","name":"link_1a81c95f-d10a-4aa3-ab38-89149e1bd17b_dashboard","type":"dashboard"}],"type":"links","updated_at":"2024-02-07T21:17:45.567Z","version":"WzE4ODksM10="}
{"attributes":{"controlGroupInput":{"chainingSystem":"HIERARCHICAL","controlStyle":"twoLine","ignoreParentSettingsJSON":"{\"ignoreFilters\":false,\"ignoreQuery\":false,\"ignoreTimerange\":false,\"ignoreValidations\":false}","panelsJSON":"{\"07647ad3-beee-487a-831e-90c3b3f6c9c3\":{\"type\":\"optionsListControl\",\"order\":0,\"grow\":true,\"width\":\"medium\",\"explicitInput\":{\"id\":\"07647ad3-beee-487a-831e-90c3b3f6c9c3\",\"fieldName\":\"data_stream.dataset\",\"title\":\"data_stream.dataset\",\"grow\":true,\"width\":\"medium\",\"singleSelect\":true,\"selectedOptions\":[\"panw_cortex_xdr.incidents\"],\"enhancements\":{}}},\"401fd38d-24f9-4e57-bdc4-eb1cc6a71d24\":{\"type\":\"optionsListControl\",\"order\":1,\"grow\":true,\"width\":\"medium\",\"explicitInput\":{\"id\":\"401fd38d-24f9-4e57-bdc4-eb1cc6a71d24\",\"fieldName\":\"panw_cortex.xdr.alert_categories\",\"title\":\"panw_cortex.xdr.alert_categories\",\"grow\":true,\"width\":\"medium\",\"searchTechnique\":\"prefix\",\"enhancements\":{}}}}","showApplySelections":false},"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":false,\"syncColors\":false,\"syncCursor\":true,\"syncTooltips\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"type\":\"links\",\"gridData\":{\"x\":0,\"y\":0,\"w\":40,\"h\":5,\"i\":\"daf97944-c2f2-4b73-9e31-b6f7014e058d\"},\"panelIndex\":\"daf97944-c2f2-4b73-9e31-b6f7014e058d\",\"embeddableConfig\":{\"disabledActions\":[\"OPEN_FLYOUT_ADD_DRILLDOWN\"],\"enhancements\":{}},\"panelRefName\":\"panel_daf97944-c2f2-4b73-9e31-b6f7014e058d\"},{\"type\":\"lens\",\"gridData\":{\"x\":40,\"y\":0,\"w\":8,\"h\":5,\"i\":\"3bd7bb07-8167-4804-8308-0b3b588f02a3\"},\"panelIndex\":\"3bd7bb07-8167-4804-8308-0b3b588f02a3\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsMetric\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"5c8de6ac-08e7-4234-a80a-4ddc00e105b2\",\"name\":\"indexpattern-datasource-layer-6d7bc3ca-1f77-43a3-b4a9-a3a6acdf3a62\"},{\"type\":\"index-pattern\",\"id\":\"5c8de6ac-08e7-4234-a80a-4ddc00e105b2\",\"name\":\"indexpattern-datasource-layer-cf9d7ff4-9bf6-4217-aa29-cdb3976537c2\"}],\"state\":{\"visualization\":{\"layerId\":\"6d7bc3ca-1f77-43a3-b4a9-a3a6acdf3a62\",\"layerType\":\"data\",\"metricAccessor\":\"836948ff-0dd9-402b-a0db-364290105fbd\",\"showBar\":false,\"trendlineLayerId\":\"cf9d7ff4-9bf6-4217-aa29-cdb3976537c2\",\"trendlineLayerType\":\"metricTrendline\",\"trendlineTimeAccessor\":\"c09a3b6f-4a05-4166-92d8-977b280a8497\",\"trendlineMetricAccessor\":\"f97b5fa4-e0dc-445b-9c36-4d7731747b85\",\"trendlineSecondaryMetricAccessor\":\"3d523f96-619d-4c24-9715-8b6d25b68777\",\"secondaryMetricAccessor\":\"839397d5-1cc6-4d71-a79b-9db31986a5c5\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"6d7bc3ca-1f77-43a3-b4a9-a3a6acdf3a62\":{\"columns\":{\"836948ff-0dd9-402b-a0db-364290105fbd\":{\"label\":\"Unique count of incident_id\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"event.id\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":true},\"customLabel\":true},\"839397d5-1cc6-4d71-a79b-9db31986a5c5\":{\"label\":\"Total Hits\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true},\"customLabel\":true}},\"columnOrder\":[\"836948ff-0dd9-402b-a0db-364290105fbd\",\"839397d5-1cc6-4d71-a79b-9db31986a5c5\"],\"sampling\":1,\"incompleteColumns\":{},\"indexPatternId\":\"5c8de6ac-08e7-4234-a80a-4ddc00e105b2\"},\"cf9d7ff4-9bf6-4217-aa29-cdb3976537c2\":{\"linkToLayers\":[\"6d7bc3ca-1f77-43a3-b4a9-a3a6acdf3a62\"],\"columns\":{\"c09a3b6f-4a05-4166-92d8-977b280a8497\":{\"label\":\"@timestamp\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"@timestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\",\"includeEmptyRows\":true,\"dropPartials\":false}},\"f97b5fa4-e0dc-445b-9c36-4d7731747b85\":{\"label\":\"Unique count of incident_id\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"event.id\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":true},\"customLabel\":true},\"3d523f96-619d-4c24-9715-8b6d25b68777\":{\"label\":\"Total Hits\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true},\"customLabel\":true}},\"columnOrder\":[\"c09a3b6f-4a05-4166-92d8-977b280a8497\",\"3d523f96-619d-4c24-9715-8b6d25b68777\",\"f97b5fa4-e0dc-445b-9c36-4d7731747b85\"],\"sampling\":1,\"ignoreGlobalFilters\":false,\"incompleteColumns\":{},\"indexPatternId\":\"5c8de6ac-08e7-4234-a80a-4ddc00e105b2\"}},\"currentIndexPatternId\":\"5c8de6ac-08e7-4234-a80a-4ddc00e105b2\"},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{}}},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":5,\"w\":8,\"h\":13,\"i\":\"c72221cd-efca-42e3-8954-df20755b0a03\"},\"panelIndex\":\"c72221cd-efca-42e3-8954-df20755b0a03\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsMetric\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"5c8de6ac-08e7-4234-a80a-4ddc00e105b2\",\"name\":\"indexpattern-datasource-layer-cc4bbd7b-9b35-480a-a9ae-d134220aab84\"}],\"state\":{\"visualization\":{\"layerId\":\"cc4bbd7b-9b35-480a-a9ae-d134220aab84\",\"layerType\":\"data\",\"metricAccessor\":\"e8526eb0-6abd-4b16-8f66-17aa3c1e93f5\",\"showBar\":false},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"cc4bbd7b-9b35-480a-a9ae-d134220aab84\":{\"columns\":{\"e8526eb0-6abd-4b16-8f66-17aa3c1e93f5\":{\"label\":\"Unique count of panw_cortex.xdr.hosts\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"panw_cortex.xdr.hosts\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":true}}},\"columnOrder\":[\"e8526eb0-6abd-4b16-8f66-17aa3c1e93f5\"],\"incompleteColumns\":{},\"indexPatternId\":\"5c8de6ac-08e7-4234-a80a-4ddc00e105b2\"}},\"currentIndexPatternId\":\"5c8de6ac-08e7-4234-a80a-4ddc00e105b2\"}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{}}},{\"type\":\"lens\",\"gridData\":{\"x\":8,\"y\":5,\"w\":32,\"h\":13,\"i\":\"d577b05d-4cd9-4893-addd-e46e5c21fcd8\"},\"panelIndex\":\"d577b05d-4cd9-4893-addd-e46e5c21fcd8\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"5c8de6ac-08e7-4234-a80a-4ddc00e105b2\",\"name\":\"indexpattern-datasource-layer-5d7b36f5-051f-42e2-b592-c9471c1c47af\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\",\"shouldTruncate\":false},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":false,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"preferredSeriesType\":\"bar_stacked\",\"layers\":[{\"layerId\":\"5d7b36f5-051f-42e2-b592-c9471c1c47af\",\"accessors\":[\"2276f9c1-1bc6-4bb3-8aa0-c1bb3fdd82eb\"],\"position\":\"top\",\"seriesType\":\"bar_stacked\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"49e19a94-43a6-4271-9a62-5a0c4adbbb8f\",\"splitAccessor\":\"d20689c2-5884-4b6a-8d5c-1076ac8e8266\"}],\"yTitle\":\"\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"5d7b36f5-051f-42e2-b592-c9471c1c47af\":{\"columns\":{\"49e19a94-43a6-4271-9a62-5a0c4adbbb8f\":{\"label\":\"@timestamp\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"@timestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\",\"includeEmptyRows\":true,\"dropPartials\":false}},\"2276f9c1-1bc6-4bb3-8aa0-c1bb3fdd82eb\":{\"label\":\"Unique count of event.id\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"event.id\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":true}},\"d20689c2-5884-4b6a-8d5c-1076ac8e8266\":{\"label\":\"Top 5 values of panw_cortex.xdr.alert_categories\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"panw_cortex.xdr.alert_categories\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"2276f9c1-1bc6-4bb3-8aa0-c1bb3fdd82eb\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":true,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false,\"secondaryFields\":[]}}},\"columnOrder\":[\"d20689c2-5884-4b6a-8d5c-1076ac8e8266\",\"49e19a94-43a6-4271-9a62-5a0c4adbbb8f\",\"2276f9c1-1bc6-4bb3-8aa0-c1bb3fdd82eb\"],\"incompleteColumns\":{},\"indexPatternId\":\"5c8de6ac-08e7-4234-a80a-4ddc00e105b2\"}},\"currentIndexPatternId\":\"5c8de6ac-08e7-4234-a80a-4ddc00e105b2\"}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{},\"hidePanelTitles\":false},\"title\":\"event.severity\"},{\"type\":\"lens\",\"gridData\":{\"x\":40,\"y\":5,\"w\":8,\"h\":13,\"i\":\"8d8336e9-636d-449e-8fb4-50a5979eaae0\"},\"panelIndex\":\"8d8336e9-636d-449e-8fb4-50a5979eaae0\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsMetric\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"5c8de6ac-08e7-4234-a80a-4ddc00e105b2\",\"name\":\"indexpattern-datasource-layer-cc4bbd7b-9b35-480a-a9ae-d134220aab84\"}],\"state\":{\"visualization\":{\"layerId\":\"cc4bbd7b-9b35-480a-a9ae-d134220aab84\",\"layerType\":\"data\",\"metricAccessor\":\"e8526eb0-6abd-4b16-8f66-17aa3c1e93f5\",\"showBar\":false,\"trendlineSecondaryMetricAccessor\":\"ef5a7c3d-c9cd-4add-a057-074641e59cb9\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"cc4bbd7b-9b35-480a-a9ae-d134220aab84\":{\"columns\":{\"e8526eb0-6abd-4b16-8f66-17aa3c1e93f5\":{\"label\":\"Unique count of panw_cortex.xdr.users\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"panw_cortex.xdr.users\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":true}}},\"columnOrder\":[\"e8526eb0-6abd-4b16-8f66-17aa3c1e93f5\"],\"incompleteColumns\":{},\"indexPatternId\":\"5c8de6ac-08e7-4234-a80a-4ddc00e105b2\"}},\"currentIndexPatternId\":\"5c8de6ac-08e7-4234-a80a-4ddc00e105b2\"}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{}},\"title\":\"\"},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":18,\"w\":16,\"h\":17,\"i\":\"783b52ea-8d15-4944-93f2-88e5616670ff\"},\"panelIndex\":\"783b52ea-8d15-4944-93f2-88e5616670ff\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsHeatmap\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"5c8de6ac-08e7-4234-a80a-4ddc00e105b2\",\"name\":\"indexpattern-datasource-layer-a2ba0a2c-9cf7-48e5-b83d-2e280a0e46de\"}],\"state\":{\"visualization\":{\"shape\":\"heatmap\",\"layerId\":\"a2ba0a2c-9cf7-48e5-b83d-2e280a0e46de\",\"layerType\":\"data\",\"legend\":{\"isVisible\":true,\"position\":\"right\",\"type\":\"heatmap_legend\"},\"gridConfig\":{\"type\":\"heatmap_grid\",\"isCellLabelVisible\":false,\"isYAxisLabelVisible\":true,\"isXAxisLabelVisible\":true,\"isYAxisTitleVisible\":false,\"isXAxisTitleVisible\":false},\"valueAccessor\":\"6abed9d7-3787-4e96-b816-3d626a2d7807\",\"yAccessor\":\"c6827860-425b-4744-8125-6d6abe91aae5\",\"xAccessor\":\"6b86109c-ed5f-41e5-ad83-abbb69fd41ac\"},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"a2ba0a2c-9cf7-48e5-b83d-2e280a0e46de\":{\"columns\":{\"6abed9d7-3787-4e96-b816-3d626a2d7807\":{\"label\":\"Unique count of event.id\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"event.id\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":true}},\"c6827860-425b-4744-8125-6d6abe91aae5\":{\"label\":\"Top 10 values of panw_cortex.xdr.mitre_tactics_ids_and_names\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"panw_cortex.xdr.mitre_tactics_ids_and_names\",\"isBucketed\":true,\"params\":{\"size\":10,\"orderBy\":{\"type\":\"column\",\"columnId\":\"6abed9d7-3787-4e96-b816-3d626a2d7807\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false,\"secondaryFields\":[]}},\"6b86109c-ed5f-41e5-ad83-abbb69fd41ac\":{\"label\":\"@timestamp\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"@timestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\",\"includeEmptyRows\":true,\"dropPartials\":false}}},\"columnOrder\":[\"c6827860-425b-4744-8125-6d6abe91aae5\",\"6b86109c-ed5f-41e5-ad83-abbb69fd41ac\",\"6abed9d7-3787-4e96-b816-3d626a2d7807\"],\"incompleteColumns\":{},\"indexPatternId\":\"5c8de6ac-08e7-4234-a80a-4ddc00e105b2\"}},\"currentIndexPatternId\":\"5c8de6ac-08e7-4234-a80a-4ddc00e105b2\"}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"mitre_tactics_ids_and_names\"},{\"type\":\"lens\",\"gridData\":{\"x\":16,\"y\":18,\"w\":16,\"h\":17,\"i\":\"6988da65-e93d-4e9b-ae41-d1661aa13f89\"},\"panelIndex\":\"6988da65-e93d-4e9b-ae41-d1661aa13f89\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"5c8de6ac-08e7-4234-a80a-4ddc00e105b2\",\"name\":\"indexpattern-datasource-layer-a2ba0a2c-9cf7-48e5-b83d-2e280a0e46de\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\",\"shouldTruncate\":false},\"valueLabels\":\"show\",\"fittingFunction\":\"None\",\"xTitle\":\"\",\"yTitle\":\"\",\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"preferredSeriesType\":\"bar_horizontal_stacked\",\"layers\":[{\"layerId\":\"a2ba0a2c-9cf7-48e5-b83d-2e280a0e46de\",\"accessors\":[\"6abed9d7-3787-4e96-b816-3d626a2d7807\"],\"position\":\"top\",\"seriesType\":\"bar_horizontal_stacked\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"f2feae8b-b4fa-4e05-898b-180af74a6775\",\"splitAccessor\":\"5e13cc0d-85e9-428f-a7f9-1b3c58b16b4e\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"a2ba0a2c-9cf7-48e5-b83d-2e280a0e46de\":{\"columns\":{\"6abed9d7-3787-4e96-b816-3d626a2d7807\":{\"label\":\"Unique count of event.id\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"event.id\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":true}},\"f2feae8b-b4fa-4e05-898b-180af74a6775\":{\"label\":\"Top 10 values of panw_cortex.xdr.alert_categories\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"panw_cortex.xdr.alert_categories\",\"isBucketed\":true,\"params\":{\"size\":10,\"orderBy\":{\"type\":\"column\",\"columnId\":\"6abed9d7-3787-4e96-b816-3d626a2d7807\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false,\"secondaryFields\":[]}},\"5e13cc0d-85e9-428f-a7f9-1b3c58b16b4e\":{\"label\":\"Filters\",\"dataType\":\"string\",\"operationType\":\"filters\",\"scale\":\"ordinal\",\"isBucketed\":true,\"params\":{\"filters\":[{\"label\":\"unknown\",\"input\":{\"query\":\"\\\"event.severity\\\" : 0\",\"language\":\"kuery\"}},{\"input\":{\"query\":\"\\\"event.severity\\\" : 1\",\"language\":\"kuery\"},\"label\":\"info\"},{\"input\":{\"query\":\"\\\"event.severity\\\" : 2\",\"language\":\"kuery\"},\"label\":\"low\"},{\"input\":{\"query\":\"\\\"event.severity\\\" : 3\",\"language\":\"kuery\"},\"label\":\"medium\"},{\"input\":{\"query\":\"\\\"event.severity\\\" : 4\",\"language\":\"kuery\"},\"label\":\"high\"},{\"input\":{\"query\":\"\\\"event.severity\\\" : 5\",\"language\":\"kuery\"},\"label\":\"critical\"}]}}},\"columnOrder\":[\"f2feae8b-b4fa-4e05-898b-180af74a6775\",\"5e13cc0d-85e9-428f-a7f9-1b3c58b16b4e\",\"6abed9d7-3787-4e96-b816-3d626a2d7807\"],\"incompleteColumns\":{},\"indexPatternId\":\"5c8de6ac-08e7-4234-a80a-4ddc00e105b2\"}},\"currentIndexPatternId\":\"5c8de6ac-08e7-4234-a80a-4ddc00e105b2\"}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"alert_categories by severity\"},{\"type\":\"lens\",\"gridData\":{\"x\":32,\"y\":18,\"w\":16,\"h\":17,\"i\":\"526e3ebe-8b09-414e-af31-b09097ff59a4\"},\"panelIndex\":\"526e3ebe-8b09-414e-af31-b09097ff59a4\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"5c8de6ac-08e7-4234-a80a-4ddc00e105b2\",\"name\":\"indexpattern-datasource-layer-09345b75-b0a5-42ab-92c0-d7fb5109f2ee\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\"},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":false,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"preferredSeriesType\":\"bar_stacked\",\"layers\":[{\"layerId\":\"09345b75-b0a5-42ab-92c0-d7fb5109f2ee\",\"accessors\":[\"46807265-5b88-446a-8c4c-0e9b26487c9c\"],\"position\":\"top\",\"seriesType\":\"bar_stacked\",\"showGridlines\":false,\"layerType\":\"data\",\"colorMapping\":{\"assignments\":[],\"specialAssignments\":[{\"rule\":{\"type\":\"other\"},\"color\":{\"type\":\"loop\"},\"touched\":false}],\"paletteId\":\"eui_amsterdam_color_blind\",\"colorMode\":{\"type\":\"categorical\"}},\"xAccessor\":\"d16e7e0c-7519-4e9d-b065-8773b8841b60\",\"splitAccessor\":\"65106f3f-bd19-4d34-b078-27873af5d371\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"09345b75-b0a5-42ab-92c0-d7fb5109f2ee\":{\"columns\":{\"d16e7e0c-7519-4e9d-b065-8773b8841b60\":{\"label\":\"panw_cortex.xdr.aggregated_score\",\"dataType\":\"number\",\"operationType\":\"range\",\"sourceField\":\"panw_cortex.xdr.aggregated_score\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"includeEmptyRows\":true,\"type\":\"histogram\",\"ranges\":[{\"from\":0,\"to\":1000,\"label\":\"\"}],\"maxBars\":\"auto\"}},\"46807265-5b88-446a-8c4c-0e9b26487c9c\":{\"label\":\"Unique count of event.id\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"event.id\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":true}},\"65106f3f-bd19-4d34-b078-27873af5d371\":{\"label\":\"Filters\",\"dataType\":\"string\",\"operationType\":\"filters\",\"scale\":\"ordinal\",\"isBucketed\":true,\"params\":{\"filters\":[{\"input\":{\"query\":\"\\\"event.severity\\\" : 0\",\"language\":\"kuery\"},\"label\":\"unknown\"},{\"input\":{\"query\":\"\\\"event.severity\\\" : 1\",\"language\":\"kuery\"},\"label\":\"info\"},{\"input\":{\"query\":\"\\\"event.severity\\\" : 2\",\"language\":\"kuery\"},\"label\":\"low\"},{\"input\":{\"query\":\"\\\"event.severity\\\" : 3\",\"language\":\"kuery\"},\"label\":\"medium\"},{\"input\":{\"query\":\"\\\"event.severity\\\" : 4\",\"language\":\"kuery\"},\"label\":\"high\"},{\"input\":{\"query\":\"\\\"event.severity\\\" : 5\",\"language\":\"kuery\"},\"label\":\"critical\"}]}}},\"columnOrder\":[\"d16e7e0c-7519-4e9d-b065-8773b8841b60\",\"65106f3f-bd19-4d34-b078-27873af5d371\",\"46807265-5b88-446a-8c4c-0e9b26487c9c\"],\"sampling\":1,\"ignoreGlobalFilters\":false,\"incompleteColumns\":{},\"indexPatternId\":\"5c8de6ac-08e7-4234-a80a-4ddc00e105b2\"}},\"currentIndexPatternId\":\"5c8de6ac-08e7-4234-a80a-4ddc00e105b2\"},\"indexpattern\":{\"layers\":{}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{}},\"title\":\"aggregated score by severity\"},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":35,\"w\":16,\"h\":19,\"i\":\"648952c8-572a-4097-819a-6e17d217cbcb\"},\"panelIndex\":\"648952c8-572a-4097-819a-6e17d217cbcb\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"5c8de6ac-08e7-4234-a80a-4ddc00e105b2\",\"name\":\"indexpattern-datasource-layer-a2ba0a2c-9cf7-48e5-b83d-2e280a0e46de\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\",\"shouldTruncate\":false,\"legendSize\":\"xlarge\"},\"valueLabels\":\"show\",\"fittingFunction\":\"None\",\"xTitle\":\"\",\"yTitle\":\"\",\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"preferredSeriesType\":\"bar_horizontal_stacked\",\"layers\":[{\"layerId\":\"a2ba0a2c-9cf7-48e5-b83d-2e280a0e46de\",\"accessors\":[\"6abed9d7-3787-4e96-b816-3d626a2d7807\"],\"position\":\"top\",\"seriesType\":\"bar_horizontal_stacked\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"db57435c-c5cb-49c6-a040-df53e6c12919\",\"splitAccessor\":\"08000907-1cbc-4ddf-885b-a43f5cf1f1b1\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"a2ba0a2c-9cf7-48e5-b83d-2e280a0e46de\":{\"columns\":{\"db57435c-c5cb-49c6-a040-df53e6c12919\":{\"label\":\"Top 10 values of panw_cortex.xdr.mitre_tactics_ids_and_names\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"panw_cortex.xdr.mitre_tactics_ids_and_names\",\"isBucketed\":true,\"params\":{\"size\":10,\"orderBy\":{\"type\":\"column\",\"columnId\":\"6abed9d7-3787-4e96-b816-3d626a2d7807\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false,\"secondaryFields\":[]}},\"6abed9d7-3787-4e96-b816-3d626a2d7807\":{\"label\":\"Unique count of event.id\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"event.id\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":true}},\"08000907-1cbc-4ddf-885b-a43f5cf1f1b1\":{\"label\":\"Top 5 values of panw_cortex.xdr.mitre_techniques_ids_and_names\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"panw_cortex.xdr.mitre_techniques_ids_and_names\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"6abed9d7-3787-4e96-b816-3d626a2d7807\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false}}},\"columnOrder\":[\"db57435c-c5cb-49c6-a040-df53e6c12919\",\"08000907-1cbc-4ddf-885b-a43f5cf1f1b1\",\"6abed9d7-3787-4e96-b816-3d626a2d7807\"],\"incompleteColumns\":{},\"indexPatternId\":\"5c8de6ac-08e7-4234-a80a-4ddc00e105b2\"}},\"currentIndexPatternId\":\"5c8de6ac-08e7-4234-a80a-4ddc00e105b2\"}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"mitre_tactics_ids_and_names by mitre_techniques_ids_and_names\"},{\"type\":\"lens\",\"gridData\":{\"x\":16,\"y\":35,\"w\":31,\"h\":19,\"i\":\"99af878c-6d4c-460e-8310-909957664e6f\"},\"panelIndex\":\"99af878c-6d4c-460e-8310-909957664e6f\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsPie\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"5c8de6ac-08e7-4234-a80a-4ddc00e105b2\",\"name\":\"indexpattern-datasource-layer-038c4560-7cb8-4ac6-98f6-596b9f7d7a90\"}],\"state\":{\"visualization\":{\"shape\":\"treemap\",\"layers\":[{\"layerId\":\"038c4560-7cb8-4ac6-98f6-596b9f7d7a90\",\"primaryGroups\":[\"0215932c-4577-46d9-96c9-7c6161b3bb90\"],\"metrics\":[\"c3f66702-b130-4891-a0ec-ab8411d7d13c\"],\"numberDisplay\":\"percent\",\"categoryDisplay\":\"default\",\"legendDisplay\":\"default\",\"nestedLegend\":false,\"layerType\":\"data\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"038c4560-7cb8-4ac6-98f6-596b9f7d7a90\":{\"columns\":{\"0215932c-4577-46d9-96c9-7c6161b3bb90\":{\"label\":\"Top 50 values of event.reason\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"event.reason\",\"isBucketed\":true,\"params\":{\"size\":50,\"orderBy\":{\"type\":\"column\",\"columnId\":\"c3f66702-b130-4891-a0ec-ab8411d7d13c\"},\"orderDirection\":\"desc\",\"otherBucket\":true,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false}},\"c3f66702-b130-4891-a0ec-ab8411d7d13c\":{\"label\":\"Count of records\",\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true}}},\"columnOrder\":[\"0215932c-4577-46d9-96c9-7c6161b3bb90\",\"c3f66702-b130-4891-a0ec-ab8411d7d13c\"],\"incompleteColumns\":{},\"sampling\":1}}},\"indexpattern\":{\"layers\":{}},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{}},\"title\":\"description\"},{\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":54,\"w\":24,\"h\":5,\"i\":\"52e60e15-8cbb-4f75-bb11-bd2813f3eb7d\"},\"panelIndex\":\"52e60e15-8cbb-4f75-bb11-bd2813f3eb7d\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"\",\"description\":\"\",\"type\":\"markdown\",\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"Host Name\\n***\"},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"enhancements\":{}},\"title\":\"\"},{\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":54,\"w\":24,\"h\":5,\"i\":\"2e5a6d60-8685-4c25-aeef-c23fd9d9f58b\"},\"panelIndex\":\"2e5a6d60-8685-4c25-aeef-c23fd9d9f58b\",\"embeddableConfig\":{\"savedVis\":{\"title\":\"\",\"description\":\"\",\"type\":\"markdown\",\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"User Name\\n***\"},\"uiState\":{},\"data\":{\"aggs\":[],\"searchSource\":{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}}},\"enhancements\":{}},\"title\":\"\"},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":59,\"w\":24,\"h\":15,\"i\":\"271359e1-4a32-43c3-81ae-5fa31d7c0a1c\"},\"panelIndex\":\"271359e1-4a32-43c3-81ae-5fa31d7c0a1c\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"5c8de6ac-08e7-4234-a80a-4ddc00e105b2\",\"name\":\"indexpattern-datasource-layer-5d7b36f5-051f-42e2-b592-c9471c1c47af\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\",\"shouldTruncate\":true,\"legendSize\":\"large\"},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"yTitle\":\"\",\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":false,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"preferredSeriesType\":\"area\",\"layers\":[{\"layerId\":\"5d7b36f5-051f-42e2-b592-c9471c1c47af\",\"accessors\":[\"2276f9c1-1bc6-4bb3-8aa0-c1bb3fdd82eb\"],\"position\":\"top\",\"seriesType\":\"area\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"49e19a94-43a6-4271-9a62-5a0c4adbbb8f\",\"splitAccessor\":\"9acc49ce-4262-421f-9a4d-ea5105064592\"}],\"valuesInLegend\":false},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"5d7b36f5-051f-42e2-b592-c9471c1c47af\":{\"columns\":{\"9acc49ce-4262-421f-9a4d-ea5105064592\":{\"label\":\"Top 5 values of panw_cortex.xdr.hosts\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"panw_cortex.xdr.hosts\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"2276f9c1-1bc6-4bb3-8aa0-c1bb3fdd82eb\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"secondaryFields\":[]}},\"49e19a94-43a6-4271-9a62-5a0c4adbbb8f\":{\"label\":\"@timestamp\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"@timestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\",\"includeEmptyRows\":true,\"dropPartials\":false}},\"2276f9c1-1bc6-4bb3-8aa0-c1bb3fdd82eb\":{\"label\":\"Count of records\",\"customLabel\":false,\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true}}},\"columnOrder\":[\"9acc49ce-4262-421f-9a4d-ea5105064592\",\"49e19a94-43a6-4271-9a62-5a0c4adbbb8f\",\"2276f9c1-1bc6-4bb3-8aa0-c1bb3fdd82eb\"],\"incompleteColumns\":{},\"indexPatternId\":\"5c8de6ac-08e7-4234-a80a-4ddc00e105b2\"}},\"currentIndexPatternId\":\"5c8de6ac-08e7-4234-a80a-4ddc00e105b2\"}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{},\"hidePanelTitles\":false},\"title\":\"hostname\"},{\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":59,\"w\":24,\"h\":15,\"i\":\"c208dbfa-ef78-462e-8f39-22e318cb2c96\"},\"panelIndex\":\"c208dbfa-ef78-462e-8f39-22e318cb2c96\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"5c8de6ac-08e7-4234-a80a-4ddc00e105b2\",\"name\":\"indexpattern-datasource-layer-5d7b36f5-051f-42e2-b592-c9471c1c47af\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"right\",\"shouldTruncate\":false,\"legendSize\":\"xlarge\"},\"valueLabels\":\"hide\",\"fittingFunction\":\"None\",\"yTitle\":\"\",\"axisTitlesVisibilitySettings\":{\"x\":true,\"yLeft\":false,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"preferredSeriesType\":\"area\",\"layers\":[{\"layerId\":\"5d7b36f5-051f-42e2-b592-c9471c1c47af\",\"accessors\":[\"2276f9c1-1bc6-4bb3-8aa0-c1bb3fdd82eb\"],\"position\":\"top\",\"seriesType\":\"area\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"49e19a94-43a6-4271-9a62-5a0c4adbbb8f\",\"splitAccessor\":\"1340c22a-6e22-43a8-b195-79ddc0b3e422\"}],\"hideEndzones\":false},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"5d7b36f5-051f-42e2-b592-c9471c1c47af\":{\"columns\":{\"49e19a94-43a6-4271-9a62-5a0c4adbbb8f\":{\"label\":\"@timestamp\",\"dataType\":\"date\",\"operationType\":\"date_histogram\",\"sourceField\":\"@timestamp\",\"isBucketed\":true,\"scale\":\"interval\",\"params\":{\"interval\":\"auto\",\"includeEmptyRows\":true,\"dropPartials\":false}},\"2276f9c1-1bc6-4bb3-8aa0-c1bb3fdd82eb\":{\"label\":\"Count of records\",\"customLabel\":false,\"dataType\":\"number\",\"operationType\":\"count\",\"isBucketed\":false,\"scale\":\"ratio\",\"sourceField\":\"___records___\",\"params\":{\"emptyAsNull\":true}},\"1340c22a-6e22-43a8-b195-79ddc0b3e422\":{\"label\":\"Top 5 values of panw_cortex.xdr.users\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"panw_cortex.xdr.users\",\"isBucketed\":true,\"params\":{\"size\":5,\"orderBy\":{\"type\":\"column\",\"columnId\":\"2276f9c1-1bc6-4bb3-8aa0-c1bb3fdd82eb\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false,\"secondaryFields\":[]}}},\"columnOrder\":[\"1340c22a-6e22-43a8-b195-79ddc0b3e422\",\"49e19a94-43a6-4271-9a62-5a0c4adbbb8f\",\"2276f9c1-1bc6-4bb3-8aa0-c1bb3fdd82eb\"],\"incompleteColumns\":{},\"indexPatternId\":\"5c8de6ac-08e7-4234-a80a-4ddc00e105b2\"}},\"currentIndexPatternId\":\"5c8de6ac-08e7-4234-a80a-4ddc00e105b2\"}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"enhancements\":{},\"hidePanelTitles\":false},\"title\":\"user name\"},{\"type\":\"lens\",\"gridData\":{\"x\":0,\"y\":74,\"w\":8,\"h\":15,\"i\":\"9715a8c2-4748-4dc2-8d22-ac1a4de9b01f\"},\"panelIndex\":\"9715a8c2-4748-4dc2-8d22-ac1a4de9b01f\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"5c8de6ac-08e7-4234-a80a-4ddc00e105b2\",\"name\":\"indexpattern-datasource-layer-e142b6d0-628a-4552-a224-64f57e136ad8\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"bottom\",\"isInside\":false,\"verticalAlignment\":\"bottom\",\"horizontalAlignment\":\"left\",\"showSingleSeries\":true},\"valueLabels\":\"show\",\"fittingFunction\":\"None\",\"xTitle\":\"\",\"yTitle\":\"\",\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"preferredSeriesType\":\"bar_horizontal\",\"layers\":[{\"layerId\":\"e142b6d0-628a-4552-a224-64f57e136ad8\",\"accessors\":[\"632c6e95-8d0f-46df-801b-48980dae9817\"],\"position\":\"top\",\"seriesType\":\"bar_horizontal\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"69e4c0a4-5275-4e3f-81c0-ab8a2afb2e85\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"e142b6d0-628a-4552-a224-64f57e136ad8\":{\"columns\":{\"69e4c0a4-5275-4e3f-81c0-ab8a2afb2e85\":{\"label\":\"Top 10 values of panw_cortex.xdr.hosts\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"panw_cortex.xdr.hosts\",\"isBucketed\":true,\"params\":{\"size\":10,\"orderBy\":{\"type\":\"column\",\"columnId\":\"632c6e95-8d0f-46df-801b-48980dae9817\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false,\"secondaryFields\":[]}},\"632c6e95-8d0f-46df-801b-48980dae9817\":{\"label\":\"incident_id\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"event.id\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":true},\"customLabel\":true}},\"columnOrder\":[\"69e4c0a4-5275-4e3f-81c0-ab8a2afb2e85\",\"632c6e95-8d0f-46df-801b-48980dae9817\"],\"incompleteColumns\":{},\"sampling\":1,\"indexPatternId\":\"5c8de6ac-08e7-4234-a80a-4ddc00e105b2\"}},\"currentIndexPatternId\":\"5c8de6ac-08e7-4234-a80a-4ddc00e105b2\"},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"host.name\"},{\"type\":\"lens\",\"gridData\":{\"x\":8,\"y\":74,\"w\":8,\"h\":15,\"i\":\"9534fa7c-2e41-4334-8145-a51022798de0\"},\"panelIndex\":\"9534fa7c-2e41-4334-8145-a51022798de0\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"5c8de6ac-08e7-4234-a80a-4ddc00e105b2\",\"name\":\"indexpattern-datasource-layer-e142b6d0-628a-4552-a224-64f57e136ad8\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"bottom\",\"isInside\":false,\"verticalAlignment\":\"bottom\",\"horizontalAlignment\":\"right\",\"showSingleSeries\":true},\"valueLabels\":\"show\",\"fittingFunction\":\"None\",\"xTitle\":\"\",\"yTitle\":\"\",\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"preferredSeriesType\":\"bar_horizontal\",\"layers\":[{\"layerId\":\"e142b6d0-628a-4552-a224-64f57e136ad8\",\"accessors\":[\"632c6e95-8d0f-46df-801b-48980dae9817\"],\"position\":\"top\",\"seriesType\":\"bar_horizontal\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"69e4c0a4-5275-4e3f-81c0-ab8a2afb2e85\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"e142b6d0-628a-4552-a224-64f57e136ad8\":{\"columns\":{\"69e4c0a4-5275-4e3f-81c0-ab8a2afb2e85\":{\"label\":\"Top 10 values of panw_cortex.xdr.hosts\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"panw_cortex.xdr.hosts\",\"isBucketed\":true,\"params\":{\"size\":10,\"orderBy\":{\"type\":\"column\",\"columnId\":\"632c6e95-8d0f-46df-801b-48980dae9817\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false,\"secondaryFields\":[]}},\"632c6e95-8d0f-46df-801b-48980dae9817\":{\"label\":\"aggregated_score\",\"dataType\":\"number\",\"operationType\":\"sum\",\"sourceField\":\"panw_cortex.xdr.aggregated_score\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"emptyAsNull\":true},\"customLabel\":true}},\"columnOrder\":[\"69e4c0a4-5275-4e3f-81c0-ab8a2afb2e85\",\"632c6e95-8d0f-46df-801b-48980dae9817\"],\"incompleteColumns\":{},\"sampling\":1,\"indexPatternId\":\"5c8de6ac-08e7-4234-a80a-4ddc00e105b2\"}},\"currentIndexPatternId\":\"5c8de6ac-08e7-4234-a80a-4ddc00e105b2\"},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"host.name\"},{\"type\":\"lens\",\"gridData\":{\"x\":24,\"y\":74,\"w\":8,\"h\":15,\"i\":\"507a0d5a-ee0a-489f-8fe0-0c05fc290083\"},\"panelIndex\":\"507a0d5a-ee0a-489f-8fe0-0c05fc290083\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"5c8de6ac-08e7-4234-a80a-4ddc00e105b2\",\"name\":\"indexpattern-datasource-layer-e142b6d0-628a-4552-a224-64f57e136ad8\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"bottom\",\"isInside\":false,\"verticalAlignment\":\"bottom\",\"horizontalAlignment\":\"right\",\"showSingleSeries\":true},\"valueLabels\":\"show\",\"fittingFunction\":\"None\",\"xTitle\":\"\",\"yTitle\":\"\",\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"preferredSeriesType\":\"bar_horizontal\",\"layers\":[{\"layerId\":\"e142b6d0-628a-4552-a224-64f57e136ad8\",\"accessors\":[\"10658f2c-f2ec-4af4-92df-afdd8de2e146\"],\"position\":\"top\",\"seriesType\":\"bar_horizontal\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"69e4c0a4-5275-4e3f-81c0-ab8a2afb2e85\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"e142b6d0-628a-4552-a224-64f57e136ad8\":{\"columns\":{\"69e4c0a4-5275-4e3f-81c0-ab8a2afb2e85\":{\"label\":\"Top 10 values of panw_cortex.xdr.users\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"panw_cortex.xdr.users\",\"isBucketed\":true,\"params\":{\"size\":10,\"orderBy\":{\"type\":\"column\",\"columnId\":\"10658f2c-f2ec-4af4-92df-afdd8de2e146\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false,\"secondaryFields\":[]}},\"10658f2c-f2ec-4af4-92df-afdd8de2e146\":{\"label\":\"incident_id\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"event.id\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":true},\"customLabel\":true}},\"columnOrder\":[\"69e4c0a4-5275-4e3f-81c0-ab8a2afb2e85\",\"10658f2c-f2ec-4af4-92df-afdd8de2e146\"],\"incompleteColumns\":{},\"sampling\":1,\"indexPatternId\":\"5c8de6ac-08e7-4234-a80a-4ddc00e105b2\"}},\"currentIndexPatternId\":\"5c8de6ac-08e7-4234-a80a-4ddc00e105b2\"},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"user name\"},{\"type\":\"lens\",\"gridData\":{\"x\":32,\"y\":74,\"w\":8,\"h\":15,\"i\":\"e115dad5-7c2b-40f6-81e1-df7938a80491\"},\"panelIndex\":\"e115dad5-7c2b-40f6-81e1-df7938a80491\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"5c8de6ac-08e7-4234-a80a-4ddc00e105b2\",\"name\":\"indexpattern-datasource-layer-e142b6d0-628a-4552-a224-64f57e136ad8\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"bottom\",\"isInside\":false,\"verticalAlignment\":\"bottom\",\"horizontalAlignment\":\"right\",\"showSingleSeries\":true},\"valueLabels\":\"show\",\"fittingFunction\":\"None\",\"xTitle\":\"\",\"yTitle\":\"\",\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"preferredSeriesType\":\"bar_horizontal\",\"layers\":[{\"layerId\":\"e142b6d0-628a-4552-a224-64f57e136ad8\",\"accessors\":[\"0eaa1cd3-55aa-4e68-9647-9f36d0662795\"],\"position\":\"top\",\"seriesType\":\"bar_horizontal\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"69e4c0a4-5275-4e3f-81c0-ab8a2afb2e85\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"e142b6d0-628a-4552-a224-64f57e136ad8\":{\"columns\":{\"69e4c0a4-5275-4e3f-81c0-ab8a2afb2e85\":{\"label\":\"Top 10 values of panw_cortex.xdr.users\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"panw_cortex.xdr.users\",\"isBucketed\":true,\"params\":{\"size\":10,\"orderBy\":{\"type\":\"column\",\"columnId\":\"0eaa1cd3-55aa-4e68-9647-9f36d0662795\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false,\"secondaryFields\":[]}},\"0eaa1cd3-55aa-4e68-9647-9f36d0662795\":{\"label\":\"aggregated_score\",\"dataType\":\"number\",\"operationType\":\"sum\",\"sourceField\":\"panw_cortex.xdr.aggregated_score\",\"isBucketed\":false,\"scale\":\"ratio\",\"params\":{\"emptyAsNull\":true},\"customLabel\":true}},\"columnOrder\":[\"69e4c0a4-5275-4e3f-81c0-ab8a2afb2e85\",\"0eaa1cd3-55aa-4e68-9647-9f36d0662795\"],\"incompleteColumns\":{},\"sampling\":1,\"indexPatternId\":\"5c8de6ac-08e7-4234-a80a-4ddc00e105b2\"}},\"currentIndexPatternId\":\"5c8de6ac-08e7-4234-a80a-4ddc00e105b2\"},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"user name\"},{\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":89,\"w\":48,\"h\":24,\"i\":\"8236fdde-fd19-4792-8144-9ede76ee4419\"},\"panelIndex\":\"8236fdde-fd19-4792-8144-9ede76ee4419\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_8236fdde-fd19-4792-8144-9ede76ee4419\"},{\"type\":\"lens\",\"gridData\":{\"x\":16,\"y\":74,\"w\":8,\"h\":15,\"i\":\"89330ae1-5448-44da-90a0-c101676cca50\"},\"panelIndex\":\"89330ae1-5448-44da-90a0-c101676cca50\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"5c8de6ac-08e7-4234-a80a-4ddc00e105b2\",\"name\":\"indexpattern-datasource-layer-e142b6d0-628a-4552-a224-64f57e136ad8\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"bottom\",\"isInside\":false,\"verticalAlignment\":\"bottom\",\"horizontalAlignment\":\"right\",\"showSingleSeries\":true},\"valueLabels\":\"show\",\"fittingFunction\":\"None\",\"xTitle\":\"\",\"yTitle\":\"\",\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"preferredSeriesType\":\"bar_horizontal\",\"layers\":[{\"layerId\":\"e142b6d0-628a-4552-a224-64f57e136ad8\",\"accessors\":[\"632c6e95-8d0f-46df-801b-48980dae9817\"],\"position\":\"top\",\"seriesType\":\"bar_horizontal\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"69e4c0a4-5275-4e3f-81c0-ab8a2afb2e85\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"e142b6d0-628a-4552-a224-64f57e136ad8\":{\"columns\":{\"69e4c0a4-5275-4e3f-81c0-ab8a2afb2e85\":{\"label\":\"Top 10 values of panw_cortex.xdr.hosts\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"panw_cortex.xdr.hosts\",\"isBucketed\":true,\"params\":{\"size\":10,\"orderBy\":{\"type\":\"column\",\"columnId\":\"632c6e95-8d0f-46df-801b-48980dae9817\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false,\"secondaryFields\":[]}},\"632c6e95-8d0f-46df-801b-48980dae9817\":{\"label\":\"alert_categories\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"panw_cortex.xdr.alert_categories\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":true},\"customLabel\":true}},\"columnOrder\":[\"69e4c0a4-5275-4e3f-81c0-ab8a2afb2e85\",\"632c6e95-8d0f-46df-801b-48980dae9817\"],\"incompleteColumns\":{},\"sampling\":1,\"indexPatternId\":\"5c8de6ac-08e7-4234-a80a-4ddc00e105b2\"}},\"currentIndexPatternId\":\"5c8de6ac-08e7-4234-a80a-4ddc00e105b2\"},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"host.name\"},{\"type\":\"lens\",\"gridData\":{\"x\":40,\"y\":74,\"w\":8,\"h\":15,\"i\":\"423a0aa4-8c87-4e27-a2da-3e542f436b33\"},\"panelIndex\":\"423a0aa4-8c87-4e27-a2da-3e542f436b33\",\"embeddableConfig\":{\"attributes\":{\"title\":\"\",\"visualizationType\":\"lnsXY\",\"type\":\"lens\",\"references\":[{\"type\":\"index-pattern\",\"id\":\"5c8de6ac-08e7-4234-a80a-4ddc00e105b2\",\"name\":\"indexpattern-datasource-layer-e142b6d0-628a-4552-a224-64f57e136ad8\"}],\"state\":{\"visualization\":{\"legend\":{\"isVisible\":true,\"position\":\"bottom\",\"isInside\":false,\"verticalAlignment\":\"bottom\",\"horizontalAlignment\":\"right\",\"showSingleSeries\":true},\"valueLabels\":\"show\",\"fittingFunction\":\"None\",\"xTitle\":\"\",\"yTitle\":\"\",\"axisTitlesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"tickLabelsVisibilitySettings\":{\"x\":true,\"yLeft\":true,\"yRight\":true},\"labelsOrientation\":{\"x\":0,\"yLeft\":0,\"yRight\":0},\"gridlinesVisibilitySettings\":{\"x\":false,\"yLeft\":false,\"yRight\":true},\"preferredSeriesType\":\"bar_horizontal\",\"layers\":[{\"layerId\":\"e142b6d0-628a-4552-a224-64f57e136ad8\",\"accessors\":[\"0eaa1cd3-55aa-4e68-9647-9f36d0662795\"],\"position\":\"top\",\"seriesType\":\"bar_horizontal\",\"showGridlines\":false,\"layerType\":\"data\",\"xAccessor\":\"69e4c0a4-5275-4e3f-81c0-ab8a2afb2e85\"}]},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"datasourceStates\":{\"formBased\":{\"layers\":{\"e142b6d0-628a-4552-a224-64f57e136ad8\":{\"columns\":{\"69e4c0a4-5275-4e3f-81c0-ab8a2afb2e85\":{\"label\":\"Top 10 values of panw_cortex.xdr.users\",\"dataType\":\"string\",\"operationType\":\"terms\",\"scale\":\"ordinal\",\"sourceField\":\"panw_cortex.xdr.users\",\"isBucketed\":true,\"params\":{\"size\":10,\"orderBy\":{\"type\":\"column\",\"columnId\":\"0eaa1cd3-55aa-4e68-9647-9f36d0662795\"},\"orderDirection\":\"desc\",\"otherBucket\":false,\"missingBucket\":false,\"parentFormat\":{\"id\":\"terms\"},\"include\":[],\"exclude\":[],\"includeIsRegex\":false,\"excludeIsRegex\":false,\"secondaryFields\":[]}},\"0eaa1cd3-55aa-4e68-9647-9f36d0662795\":{\"label\":\"alert_categories\",\"dataType\":\"number\",\"operationType\":\"unique_count\",\"scale\":\"ratio\",\"sourceField\":\"panw_cortex.xdr.alert_categories\",\"isBucketed\":false,\"params\":{\"emptyAsNull\":true},\"customLabel\":true}},\"columnOrder\":[\"69e4c0a4-5275-4e3f-81c0-ab8a2afb2e85\",\"0eaa1cd3-55aa-4e68-9647-9f36d0662795\"],\"incompleteColumns\":{},\"sampling\":1,\"indexPatternId\":\"5c8de6ac-08e7-4234-a80a-4ddc00e105b2\"}},\"currentIndexPatternId\":\"5c8de6ac-08e7-4234-a80a-4ddc00e105b2\"},\"textBased\":{\"layers\":{}}},\"internalReferences\":[],\"adHocDataViews\":{}}},\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"user name\"}]","timeRestore":false,"title":"Incidents [Cortex]","version":2},"coreMigrationVersion":"8.8.0","created_at":"2024-04-27T18:08:39.411Z","created_by":"u_XJfmBtqykJGMqwpmiw4v6E_ussfw_AgpP03-r29N6ro_0","id":"9d0433ff-5d2b-412d-8176-681d689ad2ae","managed":false,"references":[{"id":"7a2a3ff7-c63b-4deb-91e6-bce626152c1d","name":"daf97944-c2f2-4b73-9e31-b6f7014e058d:panel_daf97944-c2f2-4b73-9e31-b6f7014e058d","type":"links"},{"id":"5c8de6ac-08e7-4234-a80a-4ddc00e105b2","name":"3bd7bb07-8167-4804-8308-0b3b588f02a3:indexpattern-datasource-layer-6d7bc3ca-1f77-43a3-b4a9-a3a6acdf3a62","type":"index-pattern"},{"id":"5c8de6ac-08e7-4234-a80a-4ddc00e105b2","name":"3bd7bb07-8167-4804-8308-0b3b588f02a3:indexpattern-datasource-layer-cf9d7ff4-9bf6-4217-aa29-cdb3976537c2","type":"index-pattern"},{"id":"5c8de6ac-08e7-4234-a80a-4ddc00e105b2","name":"c72221cd-efca-42e3-8954-df20755b0a03:indexpattern-datasource-layer-cc4bbd7b-9b35-480a-a9ae-d134220aab84","type":"index-pattern"},{"id":"5c8de6ac-08e7-4234-a80a-4ddc00e105b2","name":"d577b05d-4cd9-4893-addd-e46e5c21fcd8:indexpattern-datasource-layer-5d7b36f5-051f-42e2-b592-c9471c1c47af","type":"index-pattern"},{"id":"5c8de6ac-08e7-4234-a80a-4ddc00e105b2","name":"8d8336e9-636d-449e-8fb4-50a5979eaae0:indexpattern-datasource-layer-cc4bbd7b-9b35-480a-a9ae-d134220aab84","type":"index-pattern"},{"id":"5c8de6ac-08e7-4234-a80a-4ddc00e105b2","name":"783b52ea-8d15-4944-93f2-88e5616670ff:indexpattern-datasource-layer-a2ba0a2c-9cf7-48e5-b83d-2e280a0e46de","type":"index-pattern"},{"id":"5c8de6ac-08e7-4234-a80a-4ddc00e105b2","name":"6988da65-e93d-4e9b-ae41-d1661aa13f89:indexpattern-datasource-layer-a2ba0a2c-9cf7-48e5-b83d-2e280a0e46de","type":"index-pattern"},{"id":"5c8de6ac-08e7-4234-a80a-4ddc00e105b2","name":"526e3ebe-8b09-414e-af31-b09097ff59a4:indexpattern-datasource-layer-09345b75-b0a5-42ab-92c0-d7fb5109f2ee","type":"index-pattern"},{"id":"5c8de6ac-08e7-4234-a80a-4ddc00e105b2","name":"648952c8-572a-4097-819a-6e17d217cbcb:indexpattern-datasource-layer-a2ba0a2c-9cf7-48e5-b83d-2e280a0e46de","type":"index-pattern"},{"id":"5c8de6ac-08e7-4234-a80a-4ddc00e105b2","name":"99af878c-6d4c-460e-8310-909957664e6f:indexpattern-datasource-layer-038c4560-7cb8-4ac6-98f6-596b9f7d7a90","type":"index-pattern"},{"id":"5c8de6ac-08e7-4234-a80a-4ddc00e105b2","name":"271359e1-4a32-43c3-81ae-5fa31d7c0a1c:indexpattern-datasource-layer-5d7b36f5-051f-42e2-b592-c9471c1c47af","type":"index-pattern"},{"id":"5c8de6ac-08e7-4234-a80a-4ddc00e105b2","name":"c208dbfa-ef78-462e-8f39-22e318cb2c96:indexpattern-datasource-layer-5d7b36f5-051f-42e2-b592-c9471c1c47af","type":"index-pattern"},{"id":"5c8de6ac-08e7-4234-a80a-4ddc00e105b2","name":"9715a8c2-4748-4dc2-8d22-ac1a4de9b01f:indexpattern-datasource-layer-e142b6d0-628a-4552-a224-64f57e136ad8","type":"index-pattern"},{"id":"5c8de6ac-08e7-4234-a80a-4ddc00e105b2","name":"9534fa7c-2e41-4334-8145-a51022798de0:indexpattern-datasource-layer-e142b6d0-628a-4552-a224-64f57e136ad8","type":"index-pattern"},{"id":"5c8de6ac-08e7-4234-a80a-4ddc00e105b2","name":"507a0d5a-ee0a-489f-8fe0-0c05fc290083:indexpattern-datasource-layer-e142b6d0-628a-4552-a224-64f57e136ad8","type":"index-pattern"},{"id":"5c8de6ac-08e7-4234-a80a-4ddc00e105b2","name":"e115dad5-7c2b-40f6-81e1-df7938a80491:indexpattern-datasource-layer-e142b6d0-628a-4552-a224-64f57e136ad8","type":"index-pattern"},{"id":"3112100c-e7a1-4114-ba3d-f39838d6751b","name":"8236fdde-fd19-4792-8144-9ede76ee4419:panel_8236fdde-fd19-4792-8144-9ede76ee4419","type":"search"},{"id":"5c8de6ac-08e7-4234-a80a-4ddc00e105b2","name":"89330ae1-5448-44da-90a0-c101676cca50:indexpattern-datasource-layer-e142b6d0-628a-4552-a224-64f57e136ad8","type":"index-pattern"},{"id":"5c8de6ac-08e7-4234-a80a-4ddc00e105b2","name":"423a0aa4-8c87-4e27-a2da-3e542f436b33:indexpattern-datasource-layer-e142b6d0-628a-4552-a224-64f57e136ad8","type":"index-pattern"},{"id":"5c8de6ac-08e7-4234-a80a-4ddc00e105b2","name":"controlGroup_07647ad3-beee-487a-831e-90c3b3f6c9c3:optionsListDataView","type":"index-pattern"},{"id":"5c8de6ac-08e7-4234-a80a-4ddc00e105b2","name":"controlGroup_401fd38d-24f9-4e57-bdc4-eb1cc6a71d24:optionsListDataView","type":"index-pattern"},{"id":"aa825331-3d72-48fb-a651-3ddf51d0abe5","name":"tag-ref-aa825331-3d72-48fb-a651-3ddf51d0abe5","type":"tag"},{"id":"e890acff-5ac5-41f1-af1f-ffc965cf5027","name":"tag-ref-e890acff-5ac5-41f1-af1f-ffc965cf5027","type":"tag"}],"type":"dashboard","typeMigrationVersion":"10.2.0","updated_at":"2024-04-27T18:08:39.411Z","version":"WzM1OTUsMTFd"}
{"attributes":{"columns":["panw_cortex.xdr.events.event_type","panw_cortex.xdr.category","message","panw_cortex.xdr.action_pretty","event.reason","event.severity","host.name","user.name","host.ip","process.name","process.command_line","file.name","file.path","panw_cortex.xdr.events.action_external_hostname","destination.ip"],"description":"","grid":{},"hideChart":false,"isTextBasedQuery":false,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"meta\":{\"alias\":null,\"negate\":false,\"disabled\":false,\"type\":\"phrase\",\"key\":\"data_stream.dataset\",\"params\":{\"query\":\"panw_cortex_xdr.alerts\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match_phrase\":{\"data_stream.dataset\":\"panw_cortex_xdr.alerts\"}},\"$state\":{\"store\":\"appState\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[["@timestamp","desc"]],"timeRestore":false,"title":"Alerts [Cortex]"},"coreMigrationVersion":"8.8.0","created_at":"2024-04-08T22:45:24.492Z","id":"26001305-d16f-4ade-b226-d21278bd80ae","managed":false,"references":[{"id":"5c8de6ac-08e7-4234-a80a-4ddc00e105b2","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"5c8de6ac-08e7-4234-a80a-4ddc00e105b2","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"aa825331-3d72-48fb-a651-3ddf51d0abe5","name":"tag-ref-aa825331-3d72-48fb-a651-3ddf51d0abe5","type":"tag"},{"id":"e890acff-5ac5-41f1-af1f-ffc965cf5027","name":"tag-ref-e890acff-5ac5-41f1-af1f-ffc965cf5027","type":"tag"}],"type":"search","typeMigrationVersion":"10.3.0","updated_at":"2024-04-09T17:30:23.884Z","version":"WzMzNDksM10="}
{"excludedObjects":[],"excludedObjectsCount":0,"exportedCount":8,"missingRefCount":0,"missingReferences":[]}