Created
October 23, 2015 13:35
-
-
Save anthonygtellez/7ffc8e1394ea5b08ab18 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <form script="custom_vizs:autodiscover.js" stylesheet="dark.css"> | |
| <label>USC SourceFire Geographical Intelligence</label> | |
| <fieldset submitButton="true"> | |
| <input type="time" token="v_time" searchWhenChanged="true"> | |
| <label>Time</label> | |
| <default> | |
| <earliest>-24h@h</earliest> | |
| <latest>now</latest> | |
| </default> | |
| </input> | |
| </fieldset> | |
| <row> | |
| <panel> | |
| <map> | |
| <title>SourceFire Alerts by Orgin and Severity</title> | |
| <search> | |
| <query>index=estreamer priority="*" | iplocation dest_ip prefix=dest_ | iplocation src_ip | geostats latfield=lat longfield=lon count by priority</query> | |
| <earliest>$v_time.earliest$</earliest> | |
| <latest>$v_time.latest$</latest> | |
| </search> | |
| <option name="height">400px</option> | |
| <!-- use custom colors --> | |
| <option name="mapping.legend.labels">[high,medium,low]</option> | |
| <option name="mapping.seriesColors">[0xe74c3c,0x3498db,0xe67e22]</option> | |
| <!-- adjust marker opacity and size range --> | |
| <option name="mapping.markerLayer.markerOpacity">0.8</option> | |
| <option name="mapping.markerLayer.markerMinSize">10</option> | |
| <option name="mapping.markerLayer.markerMaxSize">60</option> | |
| <!-- set initial map center and zoom level --> | |
| <option name="mapping.map.center">(30.810646,-10.556976)</option> | |
| <option name="mapping.map.zoom">2</option> | |
| <option name="mapping.data.maxClusters">100</option> | |
| <option name="mapping.tileLayer.maxZoom">7</option> | |
| <option name="mapping.tileLayer.minZoom">0</option> | |
| <option name="drilldown">all</option> | |
| <drilldown> | |
| <!-- Use set to specify the new token to be created. | |
| Use any token from the page or from the click event to produce the value needed. --> | |
| <set token="south">$click.bounds.south$</set> | |
| <set token="north">$click.bounds.north$</set> | |
| <set token="west">$click.bounds.west$</set> | |
| <set token="east">$click.bounds.east$</set> | |
| </drilldown> | |
| </map> | |
| </panel> | |
| </row> | |
| <row> | |
| <panel> | |
| <table id="sparkline" depends="$south$,$north$,$west$,$east$"> | |
| <search> | |
| <query>index=estreamer priority="*" | iplocation dest_ip prefix=dest_ | iplocation src_ip | where lat > $south$ AND lat < $north$ AND lon > $west$ AND lon < $east$ | chart count sparkline as activity by City | sort -count | fillnull value="Unknown" City | replace "" with "Unknown" in City</query> | |
| <earliest>$v_time.earliest$</earliest> | |
| <latest>$v_time.latest$</latest> | |
| </search> | |
| <earliest>$v_time.earliest$</earliest> | |
| <latest>$v_time.latest$</latest> | |
| <!-- Set sparkline options here; make sure that field matches field name of the search results --> | |
| <format type="sparkline" field="activity"> | |
| <option name="lineColor">#3498db</option> | |
| <option name="fillColor">#ecf0f1</option> | |
| <option name="lineWidth">1</option> | |
| <option name="maxSpotColor">#e74c3c</option> | |
| <option name="spotRadius">3</option> | |
| <option name="height">25px</option> | |
| </format> | |
| <option name="charting.chart">line</option> | |
| <option name="wrap">true</option> | |
| <option name="rowNumbers">false</option> | |
| <option name="dataOverlayMode">none</option> | |
| <option name="drilldown">row</option> | |
| <drilldown> | |
| <!-- Use set to specify the new token to be created. | |
| Use any token from the page or from the click event to produce the value needed. --> | |
| <set token="city">$row.City$</set> | |
| </drilldown> | |
| <option name="count">20</option> | |
| </table> | |
| </panel> | |
| <panel> | |
| <table id="detail" depends="$south$,$north$,$west$,$east$,$city$"> | |
| <title>Events Originating From $city$</title> | |
| <search> | |
| <query>index=estreamer priority="*" | iplocation dest_ip prefix=dest_| iplocation src_ip | fillnull value="Unknown" City | replace "" with "Unknown" in City |search lat > $south$ AND lat < $north$ AND lon > $west$ AND lon < $east$ AND City="$city$"| eval action = if(blocked==1, "Blocked", "Allowed") | fillnull value="Internal Address" dest_Country | replace "" with "Internal Address" in dest_Country | stats sparkline(count) as activity count by src_ip dest_ip dest_Country class_desc msg action | sort - count </query> | |
| <earliest>$v_time.earliest$</earliest> | |
| <latest>$v_time.latest$</latest> | |
| </search> | |
| <!-- Set sparkline options here; make sure that field matches field name of the search results --> | |
| <format type="sparkline" field="activity"> | |
| <option name="lineColor">#3498db</option> | |
| <option name="fillColor">#ecf0f1</option> | |
| <option name="lineWidth">1</option> | |
| <option name="maxSpotColor">#e74c3c</option> | |
| <option name="spotRadius">3</option> | |
| <option name="height">50px</option> | |
| </format> | |
| <option name="maxLines">5</option> | |
| <option name="count">5</option> | |
| <option name="raw.drilldown">full</option> | |
| <option name="rowNumbers">false</option> | |
| <option name="table.drilldown">all</option> | |
| <option name="table.wrap">1</option> | |
| <option name="type">list</option> | |
| <option name="wrap">true</option> | |
| <option name="dataOverlayMode">none</option> | |
| <option name="drilldown">cell</option> | |
| </table> | |
| </panel> | |
| </row> | |
| <row> | |
| <panel> | |
| <chart> | |
| <title>SourceFire Events by Severity over time</title> | |
| <search> | |
| <query>index=estreamer priority="*" | iplocation dest_ip prefix=dest_ | iplocation src_ip |timechart span=1h count by priority</query> | |
| <earliest>$v_time.earliest$</earliest> | |
| <latest>$v_time.latest$</latest> | |
| </search> | |
| <option name="charting.fieldColors">{"high": 0xe74c3c, "medium": 0xe67e22, "low":0x3498db, "NULL":0x7f8c8d}</option> | |
| <option name="charting.axisLabelsX.majorLabelStyle.overflowMode">ellipsisNone</option> | |
| <option name="charting.axisLabelsX.majorLabelStyle.rotation">0</option> | |
| <option name="charting.axisTitleX.visibility">visible</option> | |
| <option name="charting.axisTitleY.visibility">visible</option> | |
| <option name="charting.axisTitleY2.visibility">visible</option> | |
| <option name="charting.axisX.scale">linear</option> | |
| <option name="charting.axisY.scale">linear</option> | |
| <option name="charting.axisY2.enabled">false</option> | |
| <option name="charting.axisY2.scale">inherit</option> | |
| <option name="charting.chart">column</option> | |
| <option name="charting.chart.bubbleMaximumSize">50</option> | |
| <option name="charting.chart.bubbleMinimumSize">10</option> | |
| <option name="charting.chart.bubbleSizeBy">area</option> | |
| <option name="charting.chart.nullValueMode">gaps</option> | |
| <option name="charting.chart.sliceCollapsingThreshold">0.01</option> | |
| <option name="charting.chart.stackMode">stacked</option> | |
| <option name="charting.chart.style">shiny</option> | |
| <option name="charting.drilldown">all</option> | |
| <option name="charting.layout.splitSeries">0</option> | |
| <option name="charting.legend.labelStyle.overflowMode">ellipsisMiddle</option> | |
| <option name="charting.legend.placement">right</option> | |
| </chart> | |
| </panel> | |
| </row> | |
| </form> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment