{ "annotations": { "list": [ { "builtIn": 1, "datasource": { "type": "datasource", "uid": "grafana" }, "enable": true, "hide": true, "iconColor": "rgba(0, 211, 255, 1)", "name": "Annotations & Alerts", "target": { "limit": 100, "matchAny": false, "tags": [], "type": "dashboard" }, "type": "dashboard" } ] }, "editable": true, "fiscalYearStartMonth": 0, "graphTooltip": 0, "id": null, "links": [ { "asDropdown": true, "icon": "external link", "includeVars": true, "keepTime": true, "tags": [ "EDR" ], "targetBlank": true, "title": "", "type": "dashboards" } ], "panels": [ { "collapsed": false, "gridPos": { "h": 1, "w": 24, "x": 0, "y": 0 }, "id": 49, "panels": [], "title": "Alerts", "type": "row" }, { "datasource": { "type": "elasticsearch", "uid": "DS_WAZUH_INDEXER" }, "fieldConfig": { "defaults": { "mappings": [ { "options": { "match": "null", "result": { "text": "N/A" } }, "type": "special" } ], "thresholds": { "mode": "absolute", "steps": [ { "color": "red" } ] }, "unit": "locale" }, "overrides": [] }, "gridPos": { "h": 9, "w": 3, "x": 0, "y": 1 }, "id": 43, "options": { "colorMode": "value", "graphMode": "area", "justifyMode": "auto", "orientation": "horizontal", "percentChangeColorMode": "standard", "reduceOptions": { "calcs": [ "sum" ], "fields": "", "values": false }, "showPercentChange": false, "text": {}, "textMode": "auto", "wideLayout": true }, "pluginVersion": "11.6.0", "targets": [ { "bucketAggs": [ { "field": "timestamp", "id": "2", "settings": { "interval": "auto", "min_doc_count": 0, "trimEdges": 0 }, "type": "date_histogram" } ], "datasource": { "type": "elasticsearch", "uid": "DS_WAZUH_INDEXER" }, "metrics": [ { "field": "select field", "id": "1", "type": "count" } ], "query": "rule.level:>=12 AND agent.name:$agent_name", "refId": "A", "timeField": "timestamp" } ], "title": "ALERTS", "type": "stat" }, { "datasource": { "type": "elasticsearch", "uid": "DS_WAZUH_INDEXER" }, "fieldConfig": { "defaults": {}, "overrides": [] }, "gridPos": { "h": 9, "w": 15, "x": 3, "y": 1 }, "id": 46, "options": { "dedupStrategy": "signature", "enableInfiniteScrolling": false, "enableLogDetails": true, "prettifyLogMessage": false, "showCommonLabels": false, "showLabels": false, "showTime": true, "sortOrder": "Descending", "wrapLogMessage": false }, "pluginVersion": "11.6.0", "targets": [ { "alias": "", "bucketAggs": [], "datasource": { "type": "elasticsearch", "uid": "DS_WAZUH_INDEXER" }, "metrics": [ { "id": "1", "settings": { "limit": "250" }, "type": "logs" } ], "query": "agent.name:$agent_name", "refId": "A", "timeField": "timestamp" } ], "title": "ALERTS - DETAILS", "transparent": true, "type": "logs" }, { "datasource": { "type": "elasticsearch", "uid": "DS_WAZUH_INDEXER" }, "fieldConfig": { "defaults": { "color": { "mode": "thresholds" }, "custom": { "align": "auto", "cellOptions": { "type": "auto" }, "inspect": false }, "mappings": [], "thresholds": { "mode": "absolute", "steps": [ { "color": "red" } ] } }, "overrides": [ { "matcher": { "id": "byName", "options": "Time" }, "properties": [ { "id": "displayName", "value": "Time" }, { "id": "unit", "value": "time: YYYY-MM-DD HH:mm:ss" }, { "id": "custom.align" } ] }, { "matcher": { "id": "byName", "options": "Count" }, "properties": [ { "id": "displayName", "value": "EVENTS" }, { "id": "unit", "value": "short" }, { "id": "decimals", "value": -1 }, { "id": "custom.cellOptions", "value": { "mode": "gradient", "type": "color-background" } }, { "id": "custom.align" }, { "id": "thresholds", "value": { "mode": "absolute", "steps": [ { "color": "red" } ] } } ] }, { "matcher": { "id": "byName", "options": "agent.name" }, "properties": [ { "id": "displayName", "value": "AGENT" }, { "id": "custom.cellOptions", "value": { "mode": "gradient", "type": "color-background" } }, { "id": "custom.align" }, { "id": "links", "value": [] } ] }, { "matcher": { "id": "byName", "options": "Count" }, "properties": [ { "id": "displayName", "value": "ALERTS" }, { "id": "unit", "value": "short" }, { "id": "decimals", "value": 0 }, { "id": "custom.align" } ] } ] }, "gridPos": { "h": 17, "w": 6, "x": 18, "y": 1 }, "id": 31, "options": { "cellHeight": "sm", "footer": { "countRows": false, "fields": "", "reducer": [ "sum" ], "show": false }, "showHeader": true }, "pluginVersion": "11.6.0", "targets": [ { "bucketAggs": [ { "fake": true, "field": "agent.name", "id": "4", "settings": { "min_doc_count": 1, "order": "desc", "orderBy": "_term", "size": "0" }, "type": "terms" } ], "datasource": { "type": "elasticsearch", "uid": "DS_WAZUH_INDEXER" }, "metrics": [ { "field": "select field", "id": "1", "type": "count" } ], "query": "rule.level:>=12 AND agent.name:$agent_name", "refId": "A", "timeField": "timestamp" } ], "title": "ALERTS BY AGENT", "transformations": [ { "id": "merge", "options": { "reducers": [] } } ], "type": "table" }, { "datasource": { "type": "elasticsearch", "uid": "DS_WAZUH_INDEXER" }, "fieldConfig": { "defaults": { "custom": { "align": "auto", "cellOptions": { "type": "auto" }, "inspect": false }, "mappings": [], "thresholds": { "mode": "absolute", "steps": [ { "color": "green" }, { "color": "red", "value": 80 } ] } }, "overrides": [ { "matcher": { "id": "byName", "options": "Time" }, "properties": [ { "id": "displayName", "value": "Time" }, { "id": "unit", "value": "time: YYYY-MM-DD HH:mm:ss" }, { "id": "custom.align" } ] }, { "matcher": { "id": "byName", "options": "Count" }, "properties": [ { "id": "displayName", "value": "EVENTS" }, { "id": "unit", "value": "short" }, { "id": "decimals", "value": -1 }, { "id": "custom.cellOptions", "value": { "type": "color-background" } }, { "id": "custom.align" }, { "id": "thresholds", "value": { "mode": "absolute", "steps": [ { "color": "rgba(50, 172, 45, 0.97)" }, { "color": "rgba(237, 129, 40, 0.89)", "value": 0 }, { "color": "#F2495C", "value": 1 } ] } } ] }, { "matcher": { "id": "byName", "options": "rule_groups" }, "properties": [ { "id": "displayName", "value": "ALERTS BY TYPE" }, { "id": "unit", "value": "short" }, { "id": "decimals", "value": -1 }, { "id": "custom.cellOptions", "value": { "type": "color-background" } }, { "id": "custom.align" } ] } ] }, "gridPos": { "h": 9, "w": 9, "x": 0, "y": 10 }, "id": 44, "options": { "cellHeight": "sm", "footer": { "countRows": false, "fields": "", "reducer": [ "sum" ], "show": false }, "showHeader": true }, "pluginVersion": "11.6.0", "targets": [ { "bucketAggs": [ { "fake": true, "field": "rule.groups", "id": "4", "settings": { "min_doc_count": 1, "order": "desc", "orderBy": "_term", "size": "0" }, "type": "terms" } ], "datasource": { "type": "elasticsearch", "uid": "DS_WAZUH_INDEXER" }, "metrics": [ { "field": "select field", "id": "1", "type": "count" } ], "query": "rule.level:>=12 AND agent.name:$agent_name", "refId": "A", "timeField": "timestamp" } ], "title": "ALERTS BY CATEGORY", "type": "table" }, { "collapsed": false, "gridPos": { "h": 1, "w": 24, "x": 0, "y": 19 }, "id": 29, "panels": [], "title": "Events", "type": "row" }, { "datasource": { "type": "elasticsearch", "uid": "DS_WAZUH_INDEXER" }, "fieldConfig": { "defaults": { "mappings": [ { "options": { "match": "null", "result": { "text": "N/A" } }, "type": "special" } ], "thresholds": { "mode": "absolute", "steps": [ { "color": "blue" } ] }, "unit": "locale" }, "overrides": [] }, "gridPos": { "h": 8, "w": 3, "x": 0, "y": 20 }, "id": 18, "options": { "colorMode": "value", "graphMode": "area", "justifyMode": "auto", "orientation": "horizontal", "percentChangeColorMode": "standard", "reduceOptions": { "calcs": [ "sum" ], "fields": "", "values": false }, "showPercentChange": false, "text": {}, "textMode": "auto", "wideLayout": true }, "pluginVersion": "11.6.0", "targets": [ { "bucketAggs": [ { "$$hashKey": "object:331", "field": "timestamp", "id": "2", "settings": { "interval": "auto", "min_doc_count": 0, "trimEdges": 0 }, "type": "date_histogram" } ], "datasource": { "type": "elasticsearch", "uid": "DS_WAZUH_INDEXER" }, "metrics": [ { "$$hashKey": "object:329", "field": "select field", "id": "1", "type": "count" } ], "query": "agent.name:$agent_name AND rule.level:$rule_level", "refId": "A", "timeField": "timestamp" } ], "title": "EVENTS (TOTAL)", "type": "stat" }, { "datasource": { "type": "elasticsearch", "uid": "DS_WAZUH_INDEXER" }, "fieldConfig": { "defaults": { "color": { "mode": "thresholds" }, "custom": { "align": "auto", "cellOptions": { "type": "auto" }, "inspect": false }, "decimals": 2, "displayName": "", "mappings": [], "thresholds": { "mode": "absolute", "steps": [ { "color": "green" }, { "color": "red", "value": 80 } ] }, "unit": "short" }, "overrides": [ { "matcher": { "id": "byName", "options": "Time" }, "properties": [ { "id": "displayName", "value": "Time" }, { "id": "unit", "value": "time: YYYY-MM-DD HH:mm:ss" }, { "id": "custom.align" } ] }, { "matcher": { "id": "byName", "options": "Count" }, "properties": [ { "id": "displayName", "value": "Events" }, { "id": "unit", "value": "short" }, { "id": "decimals", "value": -1 }, { "id": "custom.align" } ] }, { "matcher": { "id": "byName", "options": "rule_groups" }, "properties": [ { "id": "displayName", "value": "Rule Groups" }, { "id": "unit", "value": "short" }, { "id": "decimals", "value": 2 }, { "id": "custom.align" }, { "id": "mappings", "value": [ { "options": { "apache, web, modsecurity": { "index": 7, "text": "Apache ModSec" }, "dnsstat, dnsstat_alert": { "index": 47, "text": "Domain Stats - Alert" }, "dnsstat, dnsstat_error": { "index": 41, "text": "Domain Stats - Entry Not found in RDAP" }, "docker, docker-error": { "index": 43, "text": "Docker Error" }, "linux, docker, falco": { "index": 56, "text": "Linux Docker: Container Event" }, "linux, packetbeat, dns": { "index": 58, "text": "Linux - DNS Request" }, "linux, packetbeat, http": { "index": 73, "text": "Linux Packetbeat - HTTP Connection" }, "linux, packetbeat, tls": { "index": 72, "text": "Linux Packetbeat - HTTPS Connection" }, "linux, sysmon, sysmon_event1": { "index": 3, "text": "Linux Sysmon - Process Started" }, "linux, sysmon, sysmon_event3": { "index": 2, "text": "Linux Sysmon - Network Connection" }, "linux, sysmon, sysmon_event5": { "index": 1, "text": "Linux Sysmon - Process Terminated" }, "linux, sysmon, sysmon_event9": { "index": 46, "text": "Linux Sysmon - RawAccessRead" }, "linux, sysmon, sysmon_event_11": { "index": 4, "text": "Linux Sysmon - FileCreate" }, "linux, sysmon, sysmon_event_16": { "index": 6, "text": "Linux Sysmon - Sysmon Config Changed" }, "linux, sysmon, sysmon_event_23": { "index": 5, "text": "Linux Sysmon - File Removed" }, "local, systemd": { "index": 74, "text": "Linux Systemd" }, "openvpn, authentication_success": { "index": 68, "text": "OpenVPN Client - Auth Success" }, "ossec": { "index": 15, "text": "OSSEC Event" }, "ossec, rootcheck": { "index": 19, "text": "OSSEC - Rootcheck" }, "ossec, syscheck, syscheck_entry_added, syscheck_file": { "index": 9, "text": "Syscheck - File Added" }, "ossec, syscheck, syscheck_entry_added, syscheck_registry": { "index": 39, "text": "Syscheck - Windows Registry (Entry Added)" }, "ossec, syscheck, syscheck_entry_deleted, syscheck_file": { "index": 52, "text": "Syscheck - File Deleted" }, "ossec, syscheck, syscheck_entry_deleted, syscheck_registry": { "index": 45, "text": "Syscheck - Windows Registry (Entry Deleted)" }, "ossec, syscheck, syscheck_entry_modified, syscheck_file": { "index": 14, "text": "Syscheck - File Modified" }, "ossec, syscheck, syscheck_entry_modified, syscheck_registry": { "index": 30, "text": "Syscheck - Windows Registry (Entry Modified)" }, "pam, syslog": { "index": 18, "text": "Linux PAM" }, "pam, syslog, authentication_failed": { "index": 67, "text": "Linux PAM - Auth Failed" }, "pam, syslog, authentication_success": { "index": 12, "text": "Linux PAM - Auth Success" }, "sca": { "index": 17, "text": "Security Config Assessment" }, "syslog, adduser": { "index": 54, "text": "Linux - User Added" }, "syslog, dpkg": { "index": 11, "text": "Lunux dpkg" }, "syslog, dpkg, config_changed": { "index": 10, "text": "Linux dpkg - Config Changed" }, "syslog, errors, service_availability": { "index": 75, "text": "Linux Syslog - System Error" }, "syslog, linuxkernel": { "index": 57, "text": "Linux - Kernel Event" }, "syslog, linuxkernel, promisc": { "index": 29, "text": "Linux Kernel - Promisc. Interface" }, "syslog, sshd, authentication_success": { "index": 13, "text": "SSH - Auth Success" }, "syslog, sshd, recon": { "index": 51, "text": "Linux - SSH Daemon Alert" }, "syslog, sudo": { "index": 16, "text": "Lunux - Sudo" }, "threat_intel, alienvault, otx_alert": { "index": 63, "text": "Threat Intel - AlienVault OTX IoC Alert" }, "threat_intel, misp, misp_alert": { "index": 40, "text": "Threat Intel - MISP IoC Alert" }, "threat_intel, opencti, opencti_alert": { "index": 62, "text": "Threat Intel - OpenCTI IoC Alert" }, "threat_intel, opencti, opencti_error": { "index": 64, "text": "Threat Intel - OpenCTI API Error" }, "usb": { "index": 69, "text": "USB Port Event" }, "vulnerability-detector": { "index": 0, "text": "Vulnerability Detector" }, "vulnerability-detector, snyk": { "index": 55, "text": "Vulnerability Detector - Docker Images" }, "wazuh, agent_flooding": { "index": 33, "text": "Wazuh Agent - Event Queue Flooding" }, "windows, fsecure": { "index": 79, "text": "Windows - F-Secure EPP" }, "windows, inventory": { "index": 27, "text": "Windows Agent Inventory" }, "windows, sysmon, sysmon_event1, windows_sysmon_event1": { "index": 48, "text": "Windows Sysmon - Process Started" }, "windows, sysmon, sysmon_event1, windows_sysmon_event1, sysmon_anomaly": { "index": 77, "text": "Windows Sysmon - Process Started Anomaly" }, "windows, sysmon, sysmon_event2": { "index": 78, "text": "Windows Sysmon - A Process changed File Creation Time" }, "windows, sysmon, sysmon_event3": { "index": 36, "text": "Windows Sysmon - Network Connection" }, "windows, sysmon, sysmon_event3, sysmon_anomaly": { "index": 76, "text": "Windows Sysmon - Network Connection Anomaly" }, "windows, sysmon, sysmon_event7": { "index": 25, "text": "Windows Sysmon - DLL SideLoading" }, "windows, sysmon, sysmon_event_10": { "index": 32, "text": "Windows Sysmon - Process Injection" }, "windows, sysmon, sysmon_event_11": { "index": 20, "text": "Windows Sysmon - FileCreate" }, "windows, sysmon, sysmon_event_12": { "index": 23, "text": "Windows Sysmon - RegistryEvent (Object create and delete)" }, "windows, sysmon, sysmon_event_13": { "index": 24, "text": "Windows Sysmon - RegistryEvent (ValueSet)" }, "windows, sysmon, sysmon_event_15": { "index": 61, "text": "Windows Sysmon - FileCreateStreamHash" }, "windows, sysmon, sysmon_event_17": { "index": 70, "text": "Windows Sysmon - Pipe Created" }, "windows, sysmon, sysmon_event_22": { "index": 38, "text": "Windows Sysmon - DNS Request" }, "windows, sysmon, sysmon_event_23": { "index": 28, "text": "Windows Sysmon - File Removed" }, "windows, sysmon, sysmon_event_25": { "index": 71, "text": "Windows Sysmon - Process Tampering" }, "windows, sysmon, sysmon_process-anomalies": { "index": 53, "text": "Windows Sysmon - Process Anomalies" }, "windows, system_error": { "index": 49, "text": "Windows - System Error" }, "windows, windows_application": { "index": 31, "text": "WinEvtLogs - Application" }, "windows, windows_application, system_error": { "index": 59, "text": "WinEvtLogs - Application Error" }, "windows, windows_autoruns": { "index": 37, "text": "Windows Persistent Footholds" }, "windows, windows_defender": { "index": 35, "text": "Windows Defender" }, "windows, windows_firewall, firewall": { "index": 60, "text": "Windows - Windows Firewall" }, "windows, windows_logonsessions": { "index": 26, "text": "Windows Logon Sessions (Snapshot)" }, "windows, windows_powershell": { "index": 50, "text": "Windows - PowerShell" }, "windows, windows_security": { "index": 22, "text": "WinEvtLogs - Security" }, "windows, windows_security, authentication_failed": { "index": 65, "text": "Windows - Failed Authentication" }, "windows, windows_security, authentication_success": { "index": 21, "text": "Windows - Successful Auths" }, "windows, windows_sigcheck": { "index": 42, "text": "Windows Exec Analysis" }, "windows, windows_system": { "index": 44, "text": "WinEvtLogs - System" }, "windows, windows_system, policy_changed": { "index": 34, "text": "Windows Group Policy" }, "windows, windows_system, system_error": { "index": 66, "text": "Windows - System Error" }, "yara": { "index": 8, "text": "Yara Malware Scanner" } }, "type": "value" } ] }, { "id": "links", "value": [] } ] }, { "matcher": { "id": "byName", "options": "Rule Groups" }, "properties": [ { "id": "custom.width", "value": 302 } ] } ] }, "gridPos": { "h": 18, "w": 6, "x": 3, "y": 20 }, "id": 24, "options": { "cellHeight": "sm", "footer": { "countRows": false, "fields": "", "reducer": [ "sum" ], "show": false }, "showHeader": true, "sortBy": [] }, "pluginVersion": "11.6.0", "targets": [ { "bucketAggs": [ { "$$hashKey": "object:332", "field": "rule.groups", "id": "2", "settings": { "min_doc_count": 1, "order": "desc", "orderBy": "_count", "size": "0" }, "type": "terms" } ], "datasource": { "type": "elasticsearch", "uid": "DS_WAZUH_INDEXER" }, "metrics": [ { "$$hashKey": "object:330", "field": "select field", "id": "1", "meta": {}, "settings": {}, "type": "count" } ], "query": "agent.name:$agent_name AND rule.level:$rule_level", "refId": "A", "timeField": "timestamp" } ], "title": "EVENTS BY CATEGORY GROUP", "transformations": [ { "id": "merge", "options": { "reducers": [] } } ], "type": "table" }, { "datasource": { "type": "elasticsearch", "uid": "DS_WAZUH_INDEXER" }, "fieldConfig": { "defaults": { "color": { "mode": "palette-classic" }, "custom": { "hideFrom": { "legend": false, "tooltip": false, "viz": false } }, "decimals": 0, "mappings": [], "unit": "short" }, "overrides": [ { "matcher": { "id": "byName", "options": "1" }, "properties": [ { "id": "color", "value": { "fixedColor": "#C8F2C2", "mode": "fixed" } } ] }, { "matcher": { "id": "byName", "options": "2" }, "properties": [ { "id": "color", "value": { "fixedColor": "#96D98D", "mode": "fixed" } } ] }, { "matcher": { "id": "byName", "options": "3" }, "properties": [ { "id": "color", "value": { "fixedColor": "#56A64B", "mode": "fixed" } } ] }, { "matcher": { "id": "byName", "options": "4" }, "properties": [ { "id": "color", "value": { "fixedColor": "#37872D", "mode": "fixed" } } ] }, { "matcher": { "id": "byName", "options": "5" }, "properties": [ { "id": "color", "value": { "fixedColor": "#FFF899", "mode": "fixed" } } ] }, { "matcher": { "id": "byName", "options": "7" }, "properties": [ { "id": "color", "value": { "fixedColor": "#F2CC0C", "mode": "fixed" } } ] }, { "matcher": { "id": "byName", "options": "9" }, "properties": [ { "id": "color", "value": { "fixedColor": "#FF9830", "mode": "fixed" } } ] }, { "matcher": { "id": "byName", "options": "10" }, "properties": [ { "id": "color", "value": { "fixedColor": "#FF9830", "mode": "fixed" } } ] }, { "matcher": { "id": "byName", "options": "12" }, "properties": [ { "id": "color", "value": { "fixedColor": "#F2495C", "mode": "fixed" } } ] }, { "matcher": { "id": "byName", "options": "13" }, "properties": [ { "id": "color", "value": { "fixedColor": "#FF7383", "mode": "fixed" } } ] } ] }, "gridPos": { "h": 10, "w": 7, "x": 9, "y": 20 }, "id": 23, "maxDataPoints": 3, "options": { "displayLabels": [], "legend": { "calcs": [], "displayMode": "table", "placement": "right", "showLegend": true, "values": [ "value", "percent" ] }, "pieType": "donut", "reduceOptions": { "calcs": [ "sum" ], "fields": "", "values": false }, "text": {}, "tooltip": { "hideZeros": false, "mode": "single", "sort": "none" } }, "pluginVersion": "11.6.0", "targets": [ { "bucketAggs": [ { "$$hashKey": "object:235", "fake": true, "field": "rule.level", "id": "3", "settings": { "min_doc_count": 1, "order": "desc", "orderBy": "_count", "size": "10" }, "type": "terms" }, { "$$hashKey": "object:236", "field": "timestamp", "id": "2", "settings": { "interval": "auto", "min_doc_count": 0, "trimEdges": 0 }, "type": "date_histogram" } ], "datasource": { "type": "elasticsearch", "uid": "DS_WAZUH_INDEXER" }, "metrics": [ { "$$hashKey": "object:233", "field": "select field", "id": "1", "meta": {}, "settings": {}, "type": "count" } ], "query": "agent.name:$agent_name AND rule.level:$rule_level", "refId": "A", "timeField": "timestamp" } ], "title": "SECURITY EVENTS BY ALERT LEVEL", "type": "piechart" }, { "datasource": { "type": "elasticsearch", "uid": "DS_WAZUH_INDEXER" }, "fieldConfig": { "defaults": { "color": { "mode": "palette-classic" }, "custom": { "hideFrom": { "legend": false, "tooltip": false, "viz": false } }, "decimals": 0, "mappings": [], "unit": "short" }, "overrides": [ { "matcher": { "id": "byName", "options": "1" }, "properties": [ { "id": "color", "value": { "fixedColor": "#C8F2C2", "mode": "fixed" } } ] }, { "matcher": { "id": "byName", "options": "2" }, "properties": [ { "id": "color", "value": { "fixedColor": "#96D98D", "mode": "fixed" } } ] }, { "matcher": { "id": "byName", "options": "3" }, "properties": [ { "id": "color", "value": { "fixedColor": "#56A64B", "mode": "fixed" } } ] }, { "matcher": { "id": "byName", "options": "4" }, "properties": [ { "id": "color", "value": { "fixedColor": "#37872D", "mode": "fixed" } } ] }, { "matcher": { "id": "byName", "options": "5" }, "properties": [ { "id": "color", "value": { "fixedColor": "#FFF899", "mode": "fixed" } } ] }, { "matcher": { "id": "byName", "options": "7" }, "properties": [ { "id": "color", "value": { "fixedColor": "#F2CC0C", "mode": "fixed" } } ] }, { "matcher": { "id": "byName", "options": "9" }, "properties": [ { "id": "color", "value": { "fixedColor": "#FF9830", "mode": "fixed" } } ] }, { "matcher": { "id": "byName", "options": "10" }, "properties": [ { "id": "color", "value": { "fixedColor": "#FF9830", "mode": "fixed" } } ] }, { "matcher": { "id": "byName", "options": "12" }, "properties": [ { "id": "color", "value": { "fixedColor": "#F2495C", "mode": "fixed" } } ] }, { "matcher": { "id": "byName", "options": "13" }, "properties": [ { "id": "color", "value": { "fixedColor": "#FF7383", "mode": "fixed" } } ] } ] }, "gridPos": { "h": 10, "w": 8, "x": 16, "y": 20 }, "id": 48, "maxDataPoints": 3, "options": { "displayLabels": [], "legend": { "calcs": [], "displayMode": "table", "placement": "right", "showLegend": true, "values": [ "value", "percent" ] }, "pieType": "donut", "reduceOptions": { "calcs": [ "sum" ], "fields": "", "values": false }, "text": {}, "tooltip": { "hideZeros": false, "mode": "single", "sort": "none" } }, "pluginVersion": "11.6.0", "targets": [ { "bucketAggs": [ { "$$hashKey": "object:235", "fake": true, "field": "agent.name", "id": "3", "settings": { "min_doc_count": 1, "order": "desc", "orderBy": "_count", "size": "10" }, "type": "terms" }, { "$$hashKey": "object:236", "field": "timestamp", "id": "2", "settings": { "interval": "auto", "min_doc_count": 0, "trimEdges": 0 }, "type": "date_histogram" } ], "datasource": { "type": "elasticsearch", "uid": "DS_WAZUH_INDEXER" }, "metrics": [ { "$$hashKey": "object:233", "field": "select field", "id": "1", "meta": {}, "settings": {}, "type": "count" } ], "query": "agent.name:$agent_name AND rule.level:$rule_level", "refId": "A", "timeField": "timestamp" } ], "title": "EVENTS BY AGENT (TOP 10)", "type": "piechart" }, { "datasource": { "type": "elasticsearch", "uid": "DS_WAZUH_INDEXER" }, "fieldConfig": { "defaults": { "mappings": [ { "options": { "match": "null", "result": { "text": "N/A" } }, "type": "special" } ], "thresholds": { "mode": "absolute", "steps": [ { "color": "green" }, { "color": "red", "value": 80 } ] }, "unit": "none" }, "overrides": [] }, "gridPos": { "h": 4, "w": 3, "x": 0, "y": 28 }, "id": 45, "maxDataPoints": 100, "options": { "colorMode": "value", "graphMode": "none", "justifyMode": "auto", "orientation": "horizontal", "percentChangeColorMode": "standard", "reduceOptions": { "calcs": [ "max" ], "fields": "", "values": false }, "showPercentChange": false, "text": {}, "textMode": "auto", "wideLayout": true }, "pluginVersion": "11.6.0", "targets": [ { "bucketAggs": [ { "$$hashKey": "object:235", "field": "timestamp", "id": "2", "settings": { "interval": "365d", "min_doc_count": 0, "trimEdges": 0 }, "type": "date_histogram" } ], "datasource": { "type": "elasticsearch", "uid": "DS_WAZUH_INDEXER" }, "metrics": [ { "$$hashKey": "object:233", "field": "agent.name", "id": "1", "meta": {}, "settings": {}, "type": "cardinality" } ], "query": "agent.name:$agent_name AND rule.level:$rule_level", "refId": "A", "timeField": "timestamp" } ], "title": "AGENTS", "type": "stat" }, { "datasource": { "type": "elasticsearch", "uid": "DS_WAZUH_INDEXER" }, "fieldConfig": { "defaults": { "color": { "mode": "palette-classic" }, "custom": { "axisBorderShow": false, "axisCenteredZero": false, "axisColorMode": "text", "axisLabel": "", "axisPlacement": "auto", "barAlignment": 0, "barWidthFactor": 0.6, "drawStyle": "bars", "fillOpacity": 0, "gradientMode": "none", "hideFrom": { "legend": false, "tooltip": false, "viz": false }, "insertNulls": false, "lineInterpolation": "linear", "lineWidth": 1, "pointSize": 5, "scaleDistribution": { "type": "linear" }, "showPoints": "auto", "spanNulls": false, "stacking": { "group": "A", "mode": "normal" }, "thresholdsStyle": { "mode": "off" } }, "mappings": [], "thresholds": { "mode": "absolute", "steps": [ { "color": "green" }, { "color": "red", "value": 80 } ] } }, "overrides": [] }, "gridPos": { "h": 8, "w": 15, "x": 9, "y": 30 }, "id": 47, "options": { "legend": { "calcs": [], "displayMode": "table", "placement": "right", "showLegend": true }, "tooltip": { "hideZeros": false, "mode": "single", "sort": "none" } }, "pluginVersion": "11.6.0", "targets": [ { "alias": "", "bucketAggs": [ { "field": "rule.level", "id": "2", "settings": { "min_doc_count": "1", "order": "desc", "orderBy": "_count", "size": "10" }, "type": "terms" }, { "field": "timestamp", "id": "3", "settings": { "interval": "auto", "min_doc_count": "0", "timeZone": "utc", "trimEdges": "0" }, "type": "date_histogram" } ], "datasource": { "type": "elasticsearch", "uid": "DS_WAZUH_INDEXER" }, "metrics": [ { "id": "1", "type": "count" } ], "query": "agent.name:$agent_name", "refId": "A", "timeField": "timestamp" } ], "title": "EVENTS SEVERITY - HISTOGRAM", "type": "timeseries" }, { "datasource": { "type": "elasticsearch", "uid": "DS_WAZUH_INDEXER" }, "fieldConfig": { "defaults": { "color": { "mode": "thresholds" }, "mappings": [ { "options": { "match": "null", "result": { "text": "N/A" } }, "type": "special" } ], "max": 15, "min": 0, "thresholds": { "mode": "absolute", "steps": [ { "color": "#299c46" }, { "color": "rgba(237, 129, 40, 0.89)", "value": 8 }, { "color": "#d44a3a", "value": 12 } ] }, "unit": "none" }, "overrides": [] }, "gridPos": { "h": 6, "w": 3, "x": 0, "y": 32 }, "id": 16, "options": { "minVizHeight": 75, "minVizWidth": 75, "orientation": "horizontal", "reduceOptions": { "calcs": [ "max" ], "fields": "", "values": false }, "showThresholdLabels": false, "showThresholdMarkers": true, "sizing": "auto", "text": {} }, "pluginVersion": "11.6.0", "targets": [ { "bucketAggs": [ { "field": "timestamp", "id": "2", "settings": { "interval": "auto", "min_doc_count": 0, "trimEdges": 0 }, "type": "date_histogram" } ], "datasource": { "type": "elasticsearch", "uid": "DS_WAZUH_INDEXER" }, "metrics": [ { "field": "rule.level", "id": "1", "meta": {}, "settings": {}, "type": "max" } ], "query": "agent.name:$agent_name", "refId": "A", "timeField": "timestamp" } ], "title": "MAX SEVERITY (0 - 15)", "type": "gauge" }, { "datasource": { "type": "elasticsearch", "uid": "DS_WAZUH_INDEXER" }, "fieldConfig": { "defaults": { "color": { "mode": "thresholds" }, "custom": { "align": "auto", "cellOptions": { "type": "auto" }, "filterable": true, "inspect": false }, "mappings": [], "thresholds": { "mode": "absolute", "steps": [ { "color": "green" }, { "color": "red", "value": 80 } ] } }, "overrides": [ { "matcher": { "id": "byName", "options": "timestamp" }, "properties": [ { "id": "displayName", "value": "Date/Time" }, { "id": "unit", "value": "time: YYYY-MM-DD HH:mm:ss" }, { "id": "custom.align" } ] }, { "matcher": { "id": "byName", "options": "agent.name" }, "properties": [ { "id": "displayName", "value": "Agent name" }, { "id": "unit", "value": "short" }, { "id": "decimals", "value": 2 }, { "id": "custom.align" } ] }, { "matcher": { "id": "byName", "options": "agent.ip" }, "properties": [ { "id": "displayName", "value": "IP ADDRESS" }, { "id": "unit", "value": "short" }, { "id": "decimals", "value": 2 }, { "id": "custom.align" } ] }, { "matcher": { "id": "byName", "options": "rule.level" }, "properties": [ { "id": "displayName", "value": "Severity" }, { "id": "unit", "value": "short" }, { "id": "decimals", "value": -1 }, { "id": "custom.cellOptions", "value": { "mode": "gradient", "type": "color-background" } }, { "id": "custom.align" }, { "id": "thresholds", "value": { "mode": "absolute", "steps": [ { "color": "#37872D" }, { "color": "rgba(237, 129, 40, 0.89)", "value": 7 }, { "color": "rgba(245, 54, 54, 0.9)", "value": 12 } ] } } ] }, { "matcher": { "id": "byName", "options": "rule.description" }, "properties": [ { "id": "displayName", "value": "Description" }, { "id": "unit", "value": "short" }, { "id": "decimals", "value": 2 }, { "id": "custom.align" } ] }, { "matcher": { "id": "byName", "options": "Date/Time" }, "properties": [ { "id": "custom.width", "value": 242 } ] }, { "matcher": { "id": "byName", "options": "AGENT" }, "properties": [ { "id": "custom.width", "value": 160 } ] }, { "matcher": { "id": "byName", "options": "MITRE TACTIC" }, "properties": [ { "id": "custom.width", "value": 332 } ] }, { "matcher": { "id": "byName", "options": "RULE LEVEL" }, "properties": [ { "id": "custom.width", "value": 122 } ] }, { "matcher": { "id": "byName", "options": "IP ADDRESS" }, "properties": [ { "id": "custom.width", "value": 163 } ] }, { "matcher": { "id": "byName", "options": "MITRE TECHNIQUE" }, "properties": [ { "id": "custom.width", "value": 312 } ] }, { "matcher": { "id": "byName", "options": "rule_id" }, "properties": [ { "id": "custom.width", "value": 96 } ] }, { "matcher": { "id": "byName", "options": "EVENT ID" }, "properties": [ { "id": "links", "value": [] } ] }, { "matcher": { "id": "byName", "options": "Description" }, "properties": [ { "id": "custom.width", "value": 1007 } ] }, { "matcher": { "id": "byName", "options": "Timestamp" }, "properties": [ { "id": "custom.width", "value": 200 } ] }, { "matcher": { "id": "byName", "options": "Agent name" }, "properties": [ { "id": "custom.width", "value": 130 } ] } ] }, "gridPos": { "h": 16, "w": 24, "x": 0, "y": 38 }, "id": 27, "options": { "cellHeight": "sm", "footer": { "countRows": false, "fields": "", "reducer": [ "sum" ], "show": false }, "showHeader": true, "sortBy": [] }, "pluginVersion": "11.6.0", "targets": [ { "bucketAggs": [], "datasource": { "type": "elasticsearch", "uid": "DS_WAZUH_INDEXER" }, "metrics": [ { "id": "1", "settings": { "size": "250" }, "type": "raw_data" } ], "query": "agent.name:$agent_name AND rule.level:$rule_level", "refId": "A", "timeField": "timestamp" } ], "title": "EVENTS", "transformations": [ { "id": "merge", "options": { "reducers": [] } }, { "id": "filterFieldsByName", "options": { "include": { "names": [ "agent.name", "rule.description", "rule.level", "@timestamp" ] } } }, { "id": "organize", "options": { "excludeByName": { ".id": false, ".index": true, ".type": true, "@metadata.beat": true, "@metadata.type": true, "@metadata.version": true, "IMPHASH": true, "MD5": true, "SHA1": true, "SHA256": true, "agent.ephemeral.id": true, "agent.hostname": true, "agent.id": true, "agent.ip.city.name": true, "agent.ip.country.code": true, "agent.ip.geolocation": true, "agent.name": false, "agent.type": true, "agent.version": true, "beats.type": true, "collector.node.id": true, "data.alert.action": true, "data.alert.category": true, "data.alert.gid": true, "data.alert.rev": true, "data.alert.severity": true, "data.alert.signature": true, "data.alert.signature.id": true, "data.app.proto": true, "data.audit.auid": true, "data.audit.command": true, "data.audit.euid": true, "data.audit.exe": true, "data.audit.gid": true, "data.audit.id": true, "data.audit.pid": true, "data.audit.res": true, "data.audit.session": true, "data.audit.type": true, "data.audit.uid": true, "data.dest.ip": true, "data.dest.port": true, "data.dstuser": true, "data.event.type": true, "data.extra.data": true, "data.file": true, "data.flow.bytes.toclient": true, "data.flow.bytes.toserver": true, "data.flow.id": true, "data.flow.pkts.toclient": true, "data.flow.pkts.toserver": true, "data.flow.start": true, "data.http.http.content.type": true, "data.http.http.port": true, "data.http.length": true, "data.http.status": true, "data.http.url": true, "data.id": true, "data.in.iface": true, "data.metadata.flowbits": true, "data.metadata.flowints.http.anomaly.count": true, "data.metadata.flowints.tcp.retransmission.count": true, "data.osquery.action": true, "data.osquery.calendarTime": true, "data.osquery.columns.address": true, "data.osquery.columns.address.city.name": true, "data.osquery.columns.address.country.code": true, "data.osquery.columns.address.geolocation": true, "data.osquery.columns.cmdline": true, "data.osquery.columns.cwd": true, "data.osquery.columns.description": true, "data.osquery.columns.directory": true, "data.osquery.columns.disk.bytes.read": true, "data.osquery.columns.disk.bytes.written": true, "data.osquery.columns.egid": true, "data.osquery.columns.euid": true, "data.osquery.columns.family": true, "data.osquery.columns.fd": true, "data.osquery.columns.gid": true, "data.osquery.columns.gid.signed": true, "data.osquery.columns.host": true, "data.osquery.columns.interface": true, "data.osquery.columns.local.address": true, "data.osquery.columns.local.address.city.name": true, "data.osquery.columns.local.address.country.code": true, "data.osquery.columns.local.address.geolocation": true, "data.osquery.columns.local.port": true, "data.osquery.columns.mac": true, "data.osquery.columns.name": true, "data.osquery.columns.net.namespace": true, "data.osquery.columns.nice": true, "data.osquery.columns.on.disk": true, "data.osquery.columns.parent": true, "data.osquery.columns.path": true, "data.osquery.columns.pgroup": true, "data.osquery.columns.pid": true, "data.osquery.columns.port": true, "data.osquery.columns.protocol": true, "data.osquery.columns.remote.address": true, "data.osquery.columns.remote.address.city.name": true, "data.osquery.columns.remote.address.country.code": true, "data.osquery.columns.remote.address.geolocation": true, "data.osquery.columns.remote.port": true, "data.osquery.columns.resident.size": true, "data.osquery.columns.root": true, "data.osquery.columns.sgid": true, "data.osquery.columns.shell": true, "data.osquery.columns.socket": true, "data.osquery.columns.start.time": true, "data.osquery.columns.state": true, "data.osquery.columns.suid": true, "data.osquery.columns.system.time": true, "data.osquery.columns.threads": true, "data.osquery.columns.time.utc": true, "data.osquery.columns.total.size": true, "data.osquery.columns.tty": true, "data.osquery.columns.type": true, "data.osquery.columns.uid": true, "data.osquery.columns.uid.signed": true, "data.osquery.columns.user": true, "data.osquery.columns.user.time": true, "data.osquery.columns.username": true, "data.osquery.columns.wired.size": true, "data.osquery.counter": true, "data.osquery.decorations.host.uuid": true, "data.osquery.decorations.hostname": true, "data.osquery.epoch": true, "data.osquery.hostIdentifier": true, "data.osquery.name": true, "data.osquery.numerics": true, "data.osquery.unixTime": true, "data.proto": true, "data.sca.check.command": true, "data.sca.check.compliance.cis": true, "data.sca.check.compliance.cis.csc": true, "data.sca.check.compliance.gdpr.IV": true, "data.sca.check.compliance.gpg.13": true, "data.sca.check.compliance.hipaa": true, "data.sca.check.compliance.nist.800.53": true, "data.sca.check.compliance.pci.dss": true, "data.sca.check.compliance.tsc": true, "data.sca.check.description": true, "data.sca.check.id": true, "data.sca.check.previous.result": true, "data.sca.check.rationale": true, "data.sca.check.remediation": true, "data.sca.check.result": true, "data.sca.check.title": true, "data.sca.description": true, "data.sca.failed": true, "data.sca.file": true, "data.sca.invalid": true, "data.sca.passed": true, "data.sca.policy": true, "data.sca.policy.id": true, "data.sca.scan.id": true, "data.sca.score": true, "data.sca.total.checks": true, "data.sca.type": true, "data.script": true, "data.src.ip": true, "data.src.ip.city.name": true, "data.src.ip.country.code": true, "data.src.ip.geolocation": true, "data.src.port": true, "data.srcip": true, "data.srcip.city.name": true, "data.srcip.country.code": true, "data.srcip.geolocation": true, "data.srcuser": true, "data.timestamp": true, "data.title": true, "data.tls.session.resumed": true, "data.tls.version": true, "data.tx.id": true, "data.type": true, "data.win.eventXML.binaryData": true, "data.win.eventXML.binaryDataSize": true, "data.win.eventXML.param1": true, "data.win.eventdata.authenticationPackageName": true, "data.win.eventdata.callTrace": true, "data.win.eventdata.commandLine": true, "data.win.eventdata.company": true, "data.win.eventdata.creationUtcTime": true, "data.win.eventdata.currentDirectory": true, "data.win.eventdata.description": true, "data.win.eventdata.destinationHostname": true, "data.win.eventdata.destinationIp": true, "data.win.eventdata.destinationIp.city.name": true, "data.win.eventdata.destinationIp.country.code": true, "data.win.eventdata.destinationIp.geolocation": true, "data.win.eventdata.destinationIsIpv6": true, "data.win.eventdata.destinationPort": true, "data.win.eventdata.destinationPortName": true, "data.win.eventdata.details": true, "data.win.eventdata.elevatedToken": true, "data.win.eventdata.eventType": true, "data.win.eventdata.fileVersion": true, "data.win.eventdata.fileVersion.city.name": true, "data.win.eventdata.fileVersion.country.code": true, "data.win.eventdata.fileVersion.geolocation": true, "data.win.eventdata.grantedAccess": true, "data.win.eventdata.hashes": true, "data.win.eventdata.image": true, "data.win.eventdata.imageLoaded": true, "data.win.eventdata.impersonationLevel": true, "data.win.eventdata.initiated": true, "data.win.eventdata.integrityLevel": true, "data.win.eventdata.ipAddress": true, "data.win.eventdata.ipPort": true, "data.win.eventdata.keyLength": true, "data.win.eventdata.logonGuid": true, "data.win.eventdata.logonId": true, "data.win.eventdata.logonProcessName": true, "data.win.eventdata.logonType": true, "data.win.eventdata.originalFileName": true, "data.win.eventdata.param1": true, "data.win.eventdata.param2": true, "data.win.eventdata.param3": true, "data.win.eventdata.param4": true, "data.win.eventdata.parentCommandLine": true, "data.win.eventdata.parentImage": true, "data.win.eventdata.parentProcessGuid": true, "data.win.eventdata.parentProcessId": true, "data.win.eventdata.processGuid": true, "data.win.eventdata.processId": true, "data.win.eventdata.processName": true, "data.win.eventdata.product": true, "data.win.eventdata.protocol": true, "data.win.eventdata.queryName": true, "data.win.eventdata.queryResults": true, "data.win.eventdata.queryStatus": true, "data.win.eventdata.ruleName": true, "data.win.eventdata.serviceName": true, "data.win.eventdata.serviceSid": true, "data.win.eventdata.signature": true, "data.win.eventdata.signatureStatus": true, "data.win.eventdata.signed": true, "data.win.eventdata.sourceHostname": true, "data.win.eventdata.sourceImage": true, "data.win.eventdata.sourceIp": true, "data.win.eventdata.sourceIp.city.name": true, "data.win.eventdata.sourceIp.country.code": true, "data.win.eventdata.sourceIp.geolocation": true, "data.win.eventdata.sourceIsIpv6": true, "data.win.eventdata.sourcePort": true, "data.win.eventdata.sourceProcessGUID": true, "data.win.eventdata.sourceProcessId": true, "data.win.eventdata.sourceThreadId": true, "data.win.eventdata.status": true, "data.win.eventdata.subjectDomainName": true, "data.win.eventdata.subjectLogonId": true, "data.win.eventdata.subjectUserName": true, "data.win.eventdata.subjectUserSid": true, "data.win.eventdata.targetDomainName": true, "data.win.eventdata.targetFilename": true, "data.win.eventdata.targetImage": true, "data.win.eventdata.targetLinkedLogonId": true, "data.win.eventdata.targetLogonId": true, "data.win.eventdata.targetObject": true, "data.win.eventdata.targetProcessGUID": true, "data.win.eventdata.targetProcessId": true, "data.win.eventdata.targetUserName": true, "data.win.eventdata.targetUserSid": true, "data.win.eventdata.terminalSessionId": true, "data.win.eventdata.ticketEncryptionType": true, "data.win.eventdata.ticketOptions": true, "data.win.eventdata.user": true, "data.win.eventdata.utcTime": true, "data.win.eventdata.virtualAccount": true, "data.win.system.channel": true, "data.win.system.computer": true, "data.win.system.eventID": true, "data.win.system.eventRecordID": true, "data.win.system.eventSourceName": true, "data.win.system.keywords": true, "data.win.system.level": true, "data.win.system.message": true, "data.win.system.opcode": true, "data.win.system.processID": true, "data.win.system.providerGuid": true, "data.win.system.providerName": true, "data.win.system.severityValue": true, "data.win.system.systemTime": true, "data.win.system.task": true, "data.win.system.threadID": true, "data.win.system.version": true, "decoder.name": true, "decoder.parent": true, "dns.query": true, "dns.query.threat.indicated": true, "dst.ip": true, "dst.ip.city.name": true, "dst.ip.country.code": true, "dst.ip.geolocation": true, "dst.ip.threat.indicated": true, "dst.port": true, "ecs.version": true, "error": true, "event.hash": true, "file.path": true, "firewall.rule.name": true, "full.log": false, "gl2.accounted.message.size": true, "gl2.message.id": true, "gl2.remote.ip": true, "gl2.remote.port": true, "gl2.source.collector": true, "gl2.source.input": true, "gl2.source.node": true, "hash.md5": true, "hash.sha1": true, "hash.sha256": true, "highlight": true, "host.architecture": true, "host.containerized": true, "host.hostname": true, "host.id": true, "host.ip": true, "host.mac": true, "host.name": true, "host.os.codename": true, "host.os.kernel": true, "host.os.name": true, "host.os.platform": true, "host.os.version": true, "hostname": true, "id": true, "input.type": true, "level": true, "location": true, "log.file.path": true, "log.offset": true, "manager.name": true, "message": true, "module": true, "parent.process.cmd.line": true, "parent.process.id": true, "parent.process.image": true, "pid": true, "predecoder.hostname": true, "predecoder.program.name": true, "predecoder.timestamp": true, "previous.log": true, "previous.output": true, "process.cmd.line": true, "process.id": true, "process.image": true, "process.name": true, "protocol": true, "rule.cis": true, "rule.cis.csc": true, "rule.firedtimes": true, "rule.gdpr": true, "rule.gdpr.IV": true, "rule.gpg.13": true, "rule.gpg13": true, "rule.groups": true, "rule.hipaa": true, "rule.id": false, "rule.info": true, "rule.mail": true, "rule.mitre.id": true, "rule.mitre.tactic": false, "rule.nist_800_53": true, "rule.pci_dss": true, "rule.tsc": true, "scanid": true, "service": true, "software.package": true, "software.vendor": true, "sort": true, "source": true, "src.ip": true, "src.ip.city.name": true, "src.ip.country.code": true, "src.ip.geolocation": true, "src.port": true, "streams": true, "syscheck.attrs.after": true, "syscheck.audit.effective.user.id": true, "syscheck.audit.effective.user.name": true, "syscheck.audit.group.id": true, "syscheck.audit.group.name": true, "syscheck.audit.login.user.id": true, "syscheck.audit.login.user.name": true, "syscheck.audit.process.cwd": true, "syscheck.audit.process.id": true, "syscheck.audit.process.name": true, "syscheck.audit.process.parent.cwd": true, "syscheck.audit.process.parent.name": true, "syscheck.audit.process.ppid": true, "syscheck.audit.user.id": true, "syscheck.audit.user.name": true, "syscheck.changed.attributes": true, "syscheck.event": true, "syscheck.gid.after": true, "syscheck.gname.after": true, "syscheck.hard.links": true, "syscheck.inode.after": true, "syscheck.inode.before": true, "syscheck.md5.after": true, "syscheck.md5.before": true, "syscheck.mode": true, "syscheck.mtime.after": true, "syscheck.mtime.before": true, "syscheck.path": true, "syscheck.perm.after": true, "syscheck.perm.before": true, "syscheck.sha1.after": true, "syscheck.sha1.before": true, "syscheck.sha256.after": true, "syscheck.sha256.before": true, "syscheck.size.after": true, "syscheck.size.before": true, "syscheck.uid.after": true, "syscheck.uname.after": true, "syscheck.win.perm.after": true, "syscheck.win.perm.after.0.allowed": true, "syscheck.win.perm.after.0.name": true, "syscheck.win.perm.after.1.allowed": true, "syscheck.win.perm.after.1.name": true, "syscheck.win.perm.after.2.allowed": true, "syscheck.win.perm.after.2.name": true, "syscheck.win.perm.after.3.allowed": true, "syscheck.win.perm.after.3.name": true, "syslog.customer": true, "syslog.tag": true, "syslog.type": true, "sysmon.event.description": true, "threat.ids": true, "threat.indicated": true, "threat.names": true, "time": true, "timestamp": false, "user.name": true, "win.registry.key": true, "win.system.eventID": true, "windows.auth.package": true, "windows.domain": true, "windows.event.id": true, "windows.event.severity": true, "windows.logon.type": true }, "includeByName": {}, "indexByName": { "@timestamp": 0, "_id": 1, "agent.name": 2, "rule.description": 3, "rule.level": 4 }, "renameByName": { "@timestamp": "Timestamp", "_id": "EVENT ID", "agent.name": "Agent name", "rule.description": "Descripcion", "rule.level": "Severity", "rule_id": "RULE ID", "rule_mitre_tactic": "MITRE TACTIC", "rule_mitre_technique": "MITRE TECHNIQUE", "timestamp": "" } } } ], "transparent": true, "type": "table" } ], "preload": false, "refresh": "", "schemaVersion": 41, "tags": [], "templating": { "list": [ { "current": { "text": "All", "value": "$__all" }, "datasource": { "type": "elasticsearch", "uid": "DS_WAZUH_INDEXER" }, "definition": "{ \"find\": \"terms\", \"field\": \"agent.name\", \"query\": \"\"}", "includeAll": true, "label": "Agent", "name": "agent_name", "options": [], "query": "{ \"find\": \"terms\", \"field\": \"agent.name\", \"query\": \"\"}", "refresh": 2, "regex": "", "sort": 2, "type": "query" }, { "current": { "text": "All", "value": "$__all" }, "datasource": { "type": "elasticsearch", "uid": "DS_WAZUH_INDEXER" }, "definition": "{ \"find\": \"terms\", \"field\": \"rule.level\", \"query\": \"\"}", "includeAll": true, "label": "Rule Level", "name": "rule_level", "options": [], "query": "{ \"find\": \"terms\", \"field\": \"rule.level\", \"query\": \"\"}", "refresh": 2, "regex": "", "type": "query" } ] }, "time": { "from": "now-12h", "to": "now" }, "timepicker": {}, "timezone": "browser", "title": "Eventos y alertas de seguridad", "version": 2 }