Created
October 31, 2019 16:37
-
-
Save dlee35/b46cdfbb18a4bbf9f0226f19c806efb2 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [ | |
| { | |
| "_id": "4b4e1580-80e7-11e9-8875-bf8cb5a12e3d", | |
| "_type": "visualization", | |
| "_source": { | |
| "title": "ATT&CK - Technique ID (Heat Map By Host)", | |
| "visState": "{\"title\":\"ATT&CK - Technique ID (Heat Map By Host)\",\"type\":\"heatmap\",\"params\":{\"type\":\"heatmap\",\"addTooltip\":true,\"addLegend\":true,\"enableHover\":false,\"legendPosition\":\"bottom\",\"times\":[],\"colorsNumber\":10,\"colorSchema\":\"Reds\",\"setColorRange\":false,\"colorsRange\":[],\"invertColors\":false,\"percentageMode\":false,\"valueAxes\":[{\"show\":false,\"id\":\"ValueAxis-1\",\"type\":\"value\",\"scale\":{\"type\":\"linear\",\"defaultYExtents\":false},\"labels\":{\"show\":false,\"rotate\":0,\"overwriteColor\":false,\"color\":\"#555\"}}]},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"event_data.Technique_id\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"ATT&CK Technique ID\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"computer_name.keyword\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Host\"}}]}", | |
| "uiStateJSON": "{\"vis\":{\"defaultColors\":{\"0 - 7\":\"rgb(255,245,240)\",\"7 - 14\":\"rgb(254,228,216)\",\"14 - 21\":\"rgb(253,202,181)\",\"21 - 28\":\"rgb(252,171,142)\",\"28 - 35\":\"rgb(252,138,106)\",\"35 - 42\":\"rgb(251,106,74)\",\"42 - 49\":\"rgb(241,68,50)\",\"49 - 56\":\"rgb(217,38,35)\",\"56 - 63\":\"rgb(188,20,26)\",\"63 - 70\":\"rgb(152,12,19)\"}}}", | |
| "description": "", | |
| "savedSearchId": "7fd74ac0-80e6-11e9-8875-bf8cb5a12e3d", | |
| "version": 1, | |
| "kibanaSavedObjectMeta": { | |
| "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}" | |
| } | |
| }, | |
| "_migrationVersion": { | |
| "visualization": "6.7.2" | |
| } | |
| }, | |
| { | |
| "_id": "ca005190-80e7-11e9-8875-bf8cb5a12e3d", | |
| "_type": "visualization", | |
| "_source": { | |
| "title": "ATT&CK - Log Count", | |
| "visState": "{\"title\":\"ATT&CK - Log Count\",\"type\":\"metric\",\"params\":{\"addTooltip\":true,\"addLegend\":false,\"type\":\"metric\",\"metric\":{\"percentageMode\":false,\"useRanges\":false,\"colorSchema\":\"Green to Red\",\"metricColorMode\":\"None\",\"colorsRange\":[{\"from\":0,\"to\":10000}],\"labels\":{\"show\":false},\"invertColors\":false,\"style\":{\"bgFill\":\"#000\",\"bgColor\":false,\"labelColor\":false,\"subText\":\"\",\"fontSize\":32}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}}]}", | |
| "uiStateJSON": "{}", | |
| "description": "", | |
| "savedSearchId": "8fd74ac0-80e6-11e9-8875-bf8cb5a12e3d", | |
| "version": 1, | |
| "kibanaSavedObjectMeta": { | |
| "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}" | |
| } | |
| }, | |
| "_migrationVersion": { | |
| "visualization": "6.7.2" | |
| } | |
| }, | |
| { | |
| "_id": "afbf1600-80e6-11e9-8875-bf8cb5a12e3d", | |
| "_type": "visualization", | |
| "_source": { | |
| "title": "ATT&CK - Technique Name (Pie Chart)", | |
| "visState": "{\"title\":\"ATT&CK - Technique Name (Pie Chart)\",\"type\":\"pie\",\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"bottom\",\"isDonut\":true,\"labels\":{\"show\":true,\"values\":true,\"last_level\":true,\"truncate\":100}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"event_data.Technique_name\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"ATT&CK Technique Names\"}}]}", | |
| "uiStateJSON": "{}", | |
| "description": "", | |
| "savedSearchId": "7fd74ac0-80e6-11e9-8875-bf8cb5a12e3d", | |
| "version": 1, | |
| "kibanaSavedObjectMeta": { | |
| "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}" | |
| } | |
| }, | |
| "_migrationVersion": { | |
| "visualization": "6.7.2" | |
| } | |
| }, | |
| { | |
| "_id": "22cd2390-80eb-11e9-8875-bf8cb5a12e3d", | |
| "_type": "visualization", | |
| "_source": { | |
| "title": "ATT&CK - Command Line", | |
| "visState": "{\"title\":\"ATT&CK - Command Line\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"event_data.CommandLine\",\"size\":100,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Command Line Execution\"}}]}", | |
| "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}", | |
| "description": "", | |
| "savedSearchId": "7fd74ac0-80e6-11e9-8875-bf8cb5a12e3d", | |
| "version": 1, | |
| "kibanaSavedObjectMeta": { | |
| "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}" | |
| } | |
| }, | |
| "_migrationVersion": { | |
| "visualization": "6.7.2" | |
| } | |
| }, | |
| { | |
| "_id": "0912dd30-80e8-11e9-8875-bf8cb5a12e3d", | |
| "_type": "visualization", | |
| "_source": { | |
| "title": "ATT&CK - Log Count Over Time", | |
| "visState": "{\"title\":\"ATT&CK - Log Count Over Time\",\"type\":\"line\",\"params\":{\"type\":\"line\",\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"LeftAxis-1\",\"type\":\"value\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":0,\"filter\":false,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"line\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"date_histogram\",\"schema\":\"segment\",\"params\":{\"field\":\"@timestamp\",\"useNormalizedEsInterval\":true,\"interval\":\"auto\",\"drop_partials\":false,\"customInterval\":\"2h\",\"min_doc_count\":1,\"extended_bounds\":{}}}]}", | |
| "uiStateJSON": "{}", | |
| "description": "", | |
| "savedSearchId": "7fd74ac0-80e6-11e9-8875-bf8cb5a12e3d", | |
| "version": 1, | |
| "kibanaSavedObjectMeta": { | |
| "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}" | |
| } | |
| }, | |
| "_migrationVersion": { | |
| "visualization": "6.7.2" | |
| } | |
| }, | |
| { | |
| "_id": "803b8370-80e9-11e9-8875-bf8cb5a12e3d", | |
| "_type": "visualization", | |
| "_source": { | |
| "title": "ATT&CK - Technique ID (Horizontal Bar Chart)", | |
| "visState": "{\"title\":\"ATT&CK - Technique ID (Horizontal Bar Chart)\",\"type\":\"histogram\",\"params\":{\"type\":\"histogram\",\"grid\":{\"categoryLines\":false,\"style\":{\"color\":\"#eee\"}},\"categoryAxes\":[{\"id\":\"CategoryAxis-1\",\"type\":\"category\",\"position\":\"left\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\"},\"labels\":{\"show\":true,\"truncate\":100},\"title\":{}}],\"valueAxes\":[{\"id\":\"ValueAxis-1\",\"name\":\"BottomAxis-1\",\"type\":\"value\",\"position\":\"bottom\",\"show\":true,\"style\":{},\"scale\":{\"type\":\"linear\",\"mode\":\"normal\"},\"labels\":{\"show\":true,\"rotate\":75,\"filter\":true,\"truncate\":100},\"title\":{\"text\":\"Count\"}}],\"seriesParams\":[{\"show\":\"true\",\"type\":\"histogram\",\"mode\":\"normal\",\"data\":{\"label\":\"Count\",\"id\":\"1\"},\"valueAxis\":\"ValueAxis-1\",\"drawLinesBetweenPoints\":true,\"showCircles\":true}],\"addTooltip\":true,\"addLegend\":true,\"legendPosition\":\"right\",\"times\":[],\"addTimeMarker\":false},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"group\",\"params\":{\"field\":\"event_data.Technique_id\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"}}]}", | |
| "uiStateJSON": "{}", | |
| "description": "", | |
| "savedSearchId": "7fd74ac0-80e6-11e9-8875-bf8cb5a12e3d", | |
| "version": 1, | |
| "kibanaSavedObjectMeta": { | |
| "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}" | |
| } | |
| }, | |
| "_migrationVersion": { | |
| "visualization": "6.7.2" | |
| } | |
| }, | |
| { | |
| "_id": "7fd74ac0-80e6-11e9-8875-bf8cb5a12e3d", | |
| "_type": "search", | |
| "_source": { | |
| "title": "Sysmon ATT&CK Logs", | |
| "description": "", | |
| "hits": 0, | |
| "columns": [ | |
| "_source" | |
| ], | |
| "sort": [ | |
| "@timestamp", | |
| "desc" | |
| ], | |
| "version": 1, | |
| "kibanaSavedObjectMeta": { | |
| "searchSourceJSON": "{\"index\":\"*:logstash-*\",\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"_exists_:event_data.Technique_id\",\"language\":\"lucene\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"index\":\"*:logstash-*\",\"key\":\"log_name\",\"negate\":false,\"params\":{\"query\":\"Microsoft-Windows-Sysmon/Operational\",\"type\":\"phrase\"},\"type\":\"phrase\",\"value\":\"Microsoft-Windows-Sysmon/Operational\"},\"query\":{\"match\":{\"log_name\":{\"query\":\"Microsoft-Windows-Sysmon/Operational\",\"type\":\"phrase\"}}}}]}" | |
| } | |
| } | |
| }, | |
| { | |
| "_id": "5a61f280-80e7-11e9-8875-bf8cb5a12e3d", | |
| "_type": "dashboard", | |
| "_source": { | |
| "title": "ATT&CK - Logs", | |
| "hits": 0, | |
| "description": "", | |
| "panelsJSON": "[{\"gridData\":{\"h\":48,\"i\":\"1\",\"w\":8,\"x\":0,\"y\":0},\"id\":\"b3b449d0-3429-11e7-9d52-4f090484f59e\",\"panelIndex\":\"1\",\"type\":\"visualization\",\"version\":\"6.7.2\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":6,\"direction\":\"desc\"}}}},\"gridData\":{\"h\":24,\"i\":\"6\",\"w\":48,\"x\":0,\"y\":93},\"id\":\"0eb1fd80-6d70-11e7-b09b-f57b22df6524\",\"panelIndex\":\"6\",\"type\":\"visualization\",\"version\":\"6.7.2\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"h\":21,\"i\":\"9\",\"w\":16,\"x\":0,\"y\":72},\"id\":\"13ed0810-6d72-11e7-b09b-f57b22df6524\",\"panelIndex\":\"9\",\"type\":\"visualization\",\"version\":\"6.7.2\"},{\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"gridData\":{\"h\":24,\"i\":\"10\",\"w\":48,\"x\":0,\"y\":48},\"id\":\"3b6c92c0-6d72-11e7-b09b-f57b22df6524\",\"panelIndex\":\"10\",\"type\":\"visualization\",\"version\":\"6.7.2\"},{\"embeddableConfig\":{\"columns\":[\"event_type\",\"source_ip\",\"source_port\",\"destination_ip\",\"destination_port\",\"_id\"],\"sort\":[\"@timestamp\",\"desc\"]},\"gridData\":{\"h\":24,\"i\":\"14\",\"w\":48,\"x\":0,\"y\":117},\"id\":\"248c1d20-6d6b-11e7-ad64-15aa071374a6\",\"panelIndex\":\"14\",\"type\":\"search\",\"version\":\"6.7.2\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":8,\"i\":\"16\",\"w\":8,\"x\":8,\"y\":0},\"id\":\"ca005190-80e7-11e9-8875-bf8cb5a12e3d\",\"panelIndex\":\"16\",\"type\":\"visualization\",\"version\":\"6.7.2\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":8,\"i\":\"17\",\"w\":32,\"x\":16,\"y\":0},\"id\":\"0912dd30-80e8-11e9-8875-bf8cb5a12e3d\",\"panelIndex\":\"17\",\"type\":\"visualization\",\"version\":\"6.7.2\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":15,\"i\":\"18\",\"w\":20,\"x\":8,\"y\":8},\"id\":\"803b8370-80e9-11e9-8875-bf8cb5a12e3d\",\"panelIndex\":\"18\",\"type\":\"visualization\",\"version\":\"6.7.2\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":25,\"i\":\"19\",\"w\":40,\"x\":8,\"y\":23},\"id\":\"afbf1600-80e6-11e9-8875-bf8cb5a12e3d\",\"panelIndex\":\"19\",\"type\":\"visualization\",\"version\":\"6.7.2\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":15,\"i\":\"20\",\"w\":20,\"x\":28,\"y\":8},\"id\":\"4b4e1580-80e7-11e9-8875-bf8cb5a12e3d\",\"panelIndex\":\"20\",\"type\":\"visualization\",\"version\":\"6.7.2\"},{\"embeddableConfig\":{},\"gridData\":{\"h\":21,\"i\":\"21\",\"w\":32,\"x\":16,\"y\":72},\"id\":\"22cd2390-80eb-11e9-8875-bf8cb5a12e3d\",\"panelIndex\":\"21\",\"type\":\"visualization\",\"version\":\"6.7.2\"}]", | |
| "optionsJSON": "{\"darkTheme\":true,\"useMargins\":true}", | |
| "version": 1, | |
| "timeRestore": false, | |
| "kibanaSavedObjectMeta": { | |
| "searchSourceJSON": "{\"filter\":[],\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"*\"}}" | |
| } | |
| } | |
| } | |
| ] |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment