From ff1889093204cc14f86b7cc4237b6a12024492b0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Chantal=20Bel=C3=A9n=20kelm?= <99441266+chantal-kelm@users.noreply.github.com> Date: Wed, 22 Nov 2023 12:14:03 -0300 Subject: [PATCH] Visualizations with different colors (#6099) * Create the security event dashboard (#5892) * Create the security event dashboard * update changelog * Create the malware detection dashboard (#5899) * Create the security event dashboard * Changelog * Create log data analysis dashboard (#5910) * create log data analysis * Update changelog * Update changelog * Update integrity monitoring dashboard (#5929) * update integrity monitoring dashboard * update changelog * Create incident response dashboard (#5934) * create incident response dashboard * Update changelog * Update changelog * Update changelog * Update cloud security dashboard (#5943) * Update cloud security dashboard * Update cloud security dashboard * Update regulatory compliance dashboard (#5942) * update regulatory-compliance * Update changelog * Update containers security dashboard (#5944) * Update containers security dashboard * Update containers security dashboard * Update dashboard security events * Implement the security event dashboard * Implement the fim, pci dashboards * Implement the aws dashboards * Implement the docker dashboard * policy monitoring update * Update security configuration assessment dashboard (#5999) * add a new tab called dashboard in the sca module * New tab called dashboard, logic and error message when you have not selected an agent and when an agent was never logged in. * New inventory view in sca * Case of redirection to sca from agents welcome page * new sca tab with all the casuisticas, mobile styles, redirection from agents, adaptation in wz-visualize for section of sca * delete comment * clean code * fix error this.state.lookingPolicy.name * fix bug in sca dashboard * fix unpinned agent * fix sca dashboard * fix sca dashboard * update changelog and code clean * Refactoring of the security configuration assessment (#6061) * add a new tab called dashboard in the sca module * New tab called dashboard, logic and error message when you have not selected an agent and when an agent was never logged in. * New inventory view in sca * Case of redirection to sca from agents welcome page * new sca tab with all the casuisticas, mobile styles, redirection from agents, adaptation in wz-visualize for section of sca * delete comment * clean code * fix error this.state.lookingPolicy.name * fix bug in sca dashboard * fix unpinned agent * fix sca dashboard * fix sca dashboard * refactor sca section * changelog * clean code * update href * update changelog * Change the display order of tabs in all modules (#6067) * Change the display order of tabs in all modules * Change the display order of tabs in all modules * update changelog * change security events * Remove new dashboards of integrity monitoring security events and amazon aws (#6073) * Remove new dashboards of integrity monitoring, security events and Amazon AWS * clean code * Add graph to docker dashboard (#6075) * Add graph to docker dashboard * clean code * Update top 5 policy monitoring * Update top 5 pci dss * Remove new dashboard of PCI DSS (#6080) * fix colors in pci dashboard * fix colors in security events dashboards * update * Fix colors in docker fim github hipaa nist aws gdpr mitre pm tsc virus total * change in fix colors security events * add change pci dashboard * add changes in mitre dashboard * Redefine mappedColors.mapKeys method * Fix comment --------- Co-authored-by: Federico Rodriguez --- .../visualize/agent-visualizations.js | 2 +- .../components/visualize/visualizations.js | 8 +- .../components/visualize/wz-visualize.js | 8 +- plugins/main/public/plugin.ts | 51 ++ .../visualizations/agents/agents-docker.ts | 120 ++- .../visualizations/agents/agents-fim.ts | 114 ++- .../visualizations/agents/agents-general.ts | 366 ++++++--- .../visualizations/agents/agents-github.ts | 717 +++++++++--------- .../visualizations/agents/agents-hipaa.ts | 195 +++-- .../visualizations/agents/agents-mitre.ts | 192 ++++- .../visualizations/agents/agents-nist.ts | 138 +++- .../visualizations/overview/overview-aws.ts | 64 +- .../overview/overview-docker.ts | 32 +- .../visualizations/overview/overview-fim.ts | 32 +- .../visualizations/overview/overview-gdpr.ts | 169 +++-- .../overview/overview-general.ts | 133 ++-- .../overview/overview-github.ts | 32 +- .../visualizations/overview/overview-mitre.ts | 182 ++++- .../visualizations/overview/overview-nist.ts | 189 ++++- .../visualizations/overview/overview-pci.ts | 175 +++-- .../visualizations/overview/overview-pm.ts | 105 --- .../visualizations/overview/overview-tsc.ts | 163 +++- .../overview/overview-virustotal.ts | 107 ++- 23 files changed, 2178 insertions(+), 1116 deletions(-) diff --git a/plugins/main/public/components/visualize/agent-visualizations.js b/plugins/main/public/components/visualize/agent-visualizations.js index ce0e677efb..0955cf27ec 100644 --- a/plugins/main/public/components/visualize/agent-visualizations.js +++ b/plugins/main/public/components/visualize/agent-visualizations.js @@ -17,7 +17,7 @@ export const agentVisualizations = { height: 400, vis: [ { - title: 'Alert groups evolution', + title: 'Top 10 Alert groups evolution', id: 'Wazuh-App-Agents-General-Alert-groups-evolution', width: 50, }, diff --git a/plugins/main/public/components/visualize/visualizations.js b/plugins/main/public/components/visualize/visualizations.js index 63879c1a64..e5b4291f79 100644 --- a/plugins/main/public/components/visualize/visualizations.js +++ b/plugins/main/public/components/visualize/visualizations.js @@ -17,12 +17,12 @@ export const visualizations = { height: 360, vis: [ { - title: 'Alert level evolution', + title: 'Top 10 Alert level evolution', id: 'Wazuh-App-Overview-General-Alert-level-evolution', width: 60, }, { - title: 'Top MITRE ATT&CKS', + title: 'Top 10 MITRE ATT&CKS', id: 'Wazuh-App-Overview-General-Alerts-Top-Mitre', width: 40, }, @@ -249,7 +249,7 @@ export const visualizations = { height: 400, vis: [ { - title: 'PCI DSS requirements', + title: 'Top 10 PCI DSS requirements', id: 'Wazuh-App-Overview-PCI-DSS-requirements', width: 50, }, @@ -346,7 +346,7 @@ export const visualizations = { width: 20, }, { - title: 'Top requirements over time', + title: 'Top 10 requirements over time', id: 'Wazuh-App-Overview-NIST-Requirements-over-time', width: 50, }, diff --git a/plugins/main/public/components/visualize/wz-visualize.js b/plugins/main/public/components/visualize/wz-visualize.js index 80e1e427c9..f15baad0eb 100644 --- a/plugins/main/public/components/visualize/wz-visualize.js +++ b/plugins/main/public/components/visualize/wz-visualize.js @@ -30,7 +30,7 @@ import { VisHandlers } from '../../factories/vis-handlers'; import { RawVisualizations } from '../../factories/raw-visualizations'; import { Metrics } from '../overview/metrics/metrics'; import { PatternHandler } from '../../react-services/pattern-handler'; -import { getToasts } from '../../kibana-services'; +import { getToasts, getPlugins } from '../../kibana-services'; import { SampleDataWarning, SecurityAlerts } from './components'; import { toMountPoint } from '../../../../../src/plugins/opensearch_dashboards_react/public'; import { withReduxProvider, withErrorBoundary } from '../common/hocs'; @@ -57,6 +57,12 @@ export const WzVisualize = compose( refreshingKnownFields: [], refreshingIndex: true, }; + // Reset the visualizations mapped colors when the type of Dashboard is changed. + // This is a workaround until the issue reported in Opensearch Dashboards is fixed. + // https://github.com/opensearch-project/OpenSearch-Dashboards/issues/5422 + // This should be reomved when the issue is fixed. Probably in OSD 2.12.0 + getPlugins().charts.colors.mappedColors.purge(); + this.hasRefreshedKnownFields = false; this.isRefreshing = false; this.metricValues = false; diff --git a/plugins/main/public/plugin.ts b/plugins/main/public/plugin.ts index 7cf6cfceb6..ab5ea70129 100644 --- a/plugins/main/public/plugin.ts +++ b/plugins/main/public/plugin.ts @@ -44,6 +44,7 @@ import { } from './services/request-handler'; import { Applications, Categories } from './utils/applications'; import { syncHistoryLocations } from './kibana-integrations/discover/kibana_services'; +import { euiPaletteColorBlind } from '@elastic/eui'; const innerAngularName = 'app/wazuh'; @@ -64,6 +65,56 @@ export class WazuhPlugin console.error('plugin.ts: Error getting logos configuration', error); } + // Redefine the mapKeys method to change the properties sent to euiPaletteColorBlind. + // This is a workaround until the issue reported in Opensearch Dashboards is fixed. + // https://github.com/opensearch-project/OpenSearch-Dashboards/issues/5422 + // This should be reomved when the issue is fixed. Probably in OSD 2.12.0 + plugins.charts.colors.mappedColors.mapKeys = function ( + keys: Array, + ) { + const configMapping = this.getConfigColorMapping(); + const configColors = _.values(configMapping); + const oldColors = _.values(this._oldMap); + + let alreadyUsedColors: string[] = []; + const keysToMap: Array = []; + _.each(keys, key => { + // If this key is mapped in the config, it's unnecessary to have it mapped here + if (configMapping[key as any]) { + delete this._mapping[key]; + alreadyUsedColors.push(configMapping[key]); + } + + // If this key is mapped to a color used by the config color mapping, we need to remap it + if (_.includes(configColors, this._mapping[key])) keysToMap.push(key); + + // if key exist in oldMap, move it to mapping + if (this._oldMap[key]) { + this._mapping[key] = this._oldMap[key]; + alreadyUsedColors.push(this._mapping[key]); + } + + // If this key isn't mapped, we need to map it + if (this.get(key) == null) keysToMap.push(key); + }); + + alreadyUsedColors.push(...Object.values(this._mapping)); + alreadyUsedColors = alreadyUsedColors.map(color => + color.toLocaleLowerCase(), + ); + // Choose colors from euiPaletteColorBlind and filter out any already assigned to keys + const colorPalette = euiPaletteColorBlind({ + rotations: Math.ceil( + (keysToMap.length + alreadyUsedColors.length) / 10, + ), + direction: core.uiSettings.get('theme:darkMode') ? 'darker' : 'lighter', + }) + .filter(color => !alreadyUsedColors.includes(color.toLowerCase())) + .slice(0, keysToMap.length); + + _.merge(this._mapping, _.zipObject(keysToMap, colorPalette)); + }; + // Register the applications Applications.forEach(app => { const { category, id, title, redirectTo, order } = app; diff --git a/plugins/main/server/integration-files/visualizations/agents/agents-docker.ts b/plugins/main/server/integration-files/visualizations/agents/agents-docker.ts index 9e009c5fbd..78169a574b 100644 --- a/plugins/main/server/integration-files/visualizations/agents/agents-docker.ts +++ b/plugins/main/server/integration-files/visualizations/agents/agents-docker.ts @@ -24,10 +24,21 @@ export default [ addLegend: true, legendPosition: 'right', isDonut: true, - labels: { show: false, values: true, last_level: true, truncate: 100 }, + labels: { + show: false, + values: true, + last_level: true, + truncate: 100, + }, }, aggs: [ - { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, + { + id: '1', + enabled: true, + type: 'count', + schema: 'metric', + params: {}, + }, { id: '2', enabled: true, @@ -72,10 +83,21 @@ export default [ addLegend: true, legendPosition: 'right', isDonut: true, - labels: { show: false, values: true, last_level: true, truncate: 100 }, + labels: { + show: false, + values: true, + last_level: true, + truncate: 100, + }, }, aggs: [ - { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, + { + id: '1', + enabled: true, + type: 'count', + schema: 'metric', + params: {}, + }, { id: '2', enabled: true, @@ -124,7 +146,13 @@ export default [ totalFunc: 'sum', }, aggs: [ - { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, + { + id: '1', + enabled: true, + type: 'count', + schema: 'metric', + params: {}, + }, { id: '2', enabled: true, @@ -202,7 +230,11 @@ export default [ type: 'histogram', params: { type: 'histogram', - grid: { categoryLines: true, style: { color: '#eee' }, valueAxis: 'ValueAxis-1' }, + grid: { + categoryLines: true, + style: { color: '#eee' }, + valueAxis: 'ValueAxis-1', + }, categoryAxes: [ { id: 'CategoryAxis-1', @@ -246,23 +278,12 @@ export default [ addTimeMarker: false, }, aggs: [ - { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, { - id: '2', + id: '1', enabled: true, - type: 'date_histogram', - schema: 'segment', - params: { - field: 'timestamp', - timeRange: { from: 'now-1h', to: 'now', mode: 'quick' }, - useNormalizedEsInterval: true, - interval: 'auto', - time_zone: 'Europe/Berlin', - drop_partials: false, - customInterval: '2h', - min_doc_count: 1, - extended_bounds: {}, - }, + type: 'count', + schema: 'metric', + params: {}, }, { id: '3', @@ -280,6 +301,23 @@ export default [ missingBucketLabel: 'Missing', }, }, + { + id: '2', + enabled: true, + type: 'date_histogram', + schema: 'segment', + params: { + field: 'timestamp', + timeRange: { from: 'now-1h', to: 'now', mode: 'quick' }, + useNormalizedEsInterval: true, + interval: 'auto', + time_zone: 'Europe/Berlin', + drop_partials: false, + customInterval: '2h', + min_doc_count: 1, + extended_bounds: {}, + }, + }, ], }), uiStateJSON: '{}', @@ -304,7 +342,11 @@ export default [ type: 'area', params: { type: 'area', - grid: { categoryLines: true, style: { color: '#eee' }, valueAxis: 'ValueAxis-1' }, + grid: { + categoryLines: true, + style: { color: '#eee' }, + valueAxis: 'ValueAxis-1', + }, categoryAxes: [ { id: 'CategoryAxis-1', @@ -356,6 +398,23 @@ export default [ schema: 'metric', params: { customLabel: 'Events' }, }, + { + id: '3', + enabled: true, + type: 'terms', + schema: 'group', + params: { + field: 'data.docker.Action', + size: 10, + order: 'desc', + orderBy: '1', + otherBucket: false, + otherBucketLabel: 'Other', + missingBucket: false, + missingBucketLabel: 'Missing', + customLabel: 'Action', + }, + }, { id: '2', enabled: true, @@ -374,23 +433,6 @@ export default [ customLabel: '', }, }, - { - id: '3', - enabled: true, - type: 'terms', - schema: 'group', - params: { - field: 'data.docker.Action', - size: 10, - order: 'desc', - orderBy: '1', - otherBucket: false, - otherBucketLabel: 'Other', - missingBucket: false, - missingBucketLabel: 'Missing', - customLabel: 'Action', - }, - }, ], }), uiStateJSON: '{}', diff --git a/plugins/main/server/integration-files/visualizations/agents/agents-fim.ts b/plugins/main/server/integration-files/visualizations/agents/agents-fim.ts index fe808d8a6e..d903ed7bd8 100644 --- a/plugins/main/server/integration-files/visualizations/agents/agents-fim.ts +++ b/plugins/main/server/integration-files/visualizations/agents/agents-fim.ts @@ -26,7 +26,13 @@ export default [ labels: { show: true, values: true, last_level: true, truncate: 100 }, }, aggs: [ - { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, + { + id: '1', + enabled: true, + type: 'count', + schema: 'metric', + params: {}, + }, { id: '2', enabled: true, @@ -74,7 +80,13 @@ export default [ labels: { show: true, values: true, last_level: true, truncate: 100 }, }, aggs: [ - { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, + { + id: '1', + enabled: true, + type: 'count', + schema: 'metric', + params: {}, + }, { id: '2', enabled: true, @@ -162,12 +174,23 @@ export default [ accessor: 0, format: { id: 'terms', - params: { id: 'string', otherBucketLabel: 'Other', missingBucketLabel: 'Missing' }, + params: { + id: 'string', + otherBucketLabel: 'Other', + missingBucketLabel: 'Missing', + }, }, params: {}, aggType: 'terms', }, - y: [{ accessor: 2, format: { id: 'number' }, params: {}, aggType: 'count' }], + y: [ + { + accessor: 2, + format: { id: 'number' }, + params: {}, + aggType: 'count', + }, + ], series: [ { accessor: 1, @@ -186,20 +209,12 @@ export default [ }, }, aggs: [ - { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, { - id: '2', + id: '1', enabled: true, - type: 'date_histogram', - schema: 'segment', - params: { - field: 'timestamp', - useNormalizedEsInterval: true, - interval: 'auto', - drop_partials: false, - min_doc_count: 1, - extended_bounds: {}, - }, + type: 'count', + schema: 'metric', + params: {}, }, { id: '3', @@ -217,6 +232,20 @@ export default [ missingBucketLabel: 'Missing', }, }, + { + id: '2', + enabled: true, + type: 'date_histogram', + schema: 'segment', + params: { + field: 'timestamp', + useNormalizedEsInterval: true, + interval: 'auto', + drop_partials: false, + min_doc_count: 1, + extended_bounds: {}, + }, + }, ], }), uiStateJSON: '{}', @@ -247,13 +276,24 @@ export default [ isDonut: true, }, aggs: [ - { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, + { + id: '1', + enabled: true, + type: 'count', + schema: 'metric', + params: {}, + }, { id: '2', enabled: true, type: 'terms', schema: 'segment', - params: { field: 'syscheck.path', size: 5, order: 'desc', orderBy: '1' }, + params: { + field: 'syscheck.path', + size: 5, + order: 'desc', + orderBy: '1', + }, }, ], }), @@ -318,13 +358,24 @@ export default [ isDonut: true, }, aggs: [ - { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, + { + id: '1', + enabled: true, + type: 'count', + schema: 'metric', + params: {}, + }, { id: '2', enabled: true, type: 'terms', schema: 'segment', - params: { field: 'syscheck.path', size: 5, order: 'desc', orderBy: '1' }, + params: { + field: 'syscheck.path', + size: 5, + order: 'desc', + orderBy: '1', + }, }, ], }), @@ -383,13 +434,24 @@ export default [ isDonut: true, }, aggs: [ - { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, + { + id: '1', + enabled: true, + type: 'count', + schema: 'metric', + params: {}, + }, { id: '2', enabled: true, type: 'terms', schema: 'segment', - params: { field: 'syscheck.path', size: 5, order: 'desc', orderBy: '1' }, + params: { + field: 'syscheck.path', + size: 5, + order: 'desc', + orderBy: '1', + }, }, ], }), @@ -451,7 +513,13 @@ export default [ totalFunc: 'sum', }, aggs: [ - { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, + { + id: '1', + enabled: true, + type: 'count', + schema: 'metric', + params: {}, + }, { id: '3', enabled: true, diff --git a/plugins/main/server/integration-files/visualizations/agents/agents-general.ts b/plugins/main/server/integration-files/visualizations/agents/agents-general.ts index af43ace6de..291c9f1bb5 100644 --- a/plugins/main/server/integration-files/visualizations/agents/agents-general.ts +++ b/plugins/main/server/integration-files/visualizations/agents/agents-general.ts @@ -23,10 +23,21 @@ export default [ addLegend: true, legendPosition: 'right', isDonut: true, - labels: { show: false, values: true, last_level: true, truncate: 100 }, + labels: { + show: false, + values: true, + last_level: true, + truncate: 100, + }, }, aggs: [ - { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, + { + id: '1', + enabled: true, + type: 'count', + schema: 'metric', + params: {}, + }, { id: '2', enabled: true, @@ -85,7 +96,12 @@ export default [ labels: { show: true, color: 'black' }, scale: { show: false, labels: false, color: '#333', width: 2 }, type: 'simple', - style: { fontSize: 20, bgColor: false, labelColor: false, subText: '' }, + style: { + fontSize: 20, + bgColor: false, + labelColor: false, + subText: '', + }, }, }, aggs: [ @@ -98,7 +114,9 @@ export default [ }, ], }), - uiStateJSON: JSON.stringify({ vis: { defaultColors: { '0 - 100': 'rgb(0,104,55)' } } }), + uiStateJSON: JSON.stringify({ + vis: { defaultColors: { '0 - 100': 'rgb(0,104,55)' } }, + }), description: '', version: 1, kibanaSavedObjectMeta: { @@ -138,7 +156,12 @@ export default [ labels: { show: true, color: 'black' }, scale: { show: false, labels: false, color: '#333', width: 2 }, type: 'simple', - style: { fontSize: 20, bgColor: false, labelColor: false, subText: '' }, + style: { + fontSize: 20, + bgColor: false, + labelColor: false, + subText: '', + }, }, }, aggs: [ @@ -151,7 +174,9 @@ export default [ }, ], }), - uiStateJSON: JSON.stringify({ vis: { defaultColors: { '0 - 100': 'rgb(0,104,55)' } } }), + uiStateJSON: JSON.stringify({ + vis: { defaultColors: { '0 - 100': 'rgb(0,104,55)' } }, + }), description: '', version: 1, kibanaSavedObjectMeta: { @@ -216,7 +241,12 @@ export default [ labels: { show: true, color: 'black' }, scale: { show: false, labels: false, color: '#333', width: 2 }, type: 'simple', - style: { fontSize: 20, bgColor: false, labelColor: false, subText: '' }, + style: { + fontSize: 20, + bgColor: false, + labelColor: false, + subText: '', + }, }, }, aggs: [ @@ -229,7 +259,9 @@ export default [ }, ], }), - uiStateJSON: JSON.stringify({ vis: { defaultColors: { '0 - 100': 'rgb(0,104,55)' } } }), + uiStateJSON: JSON.stringify({ + vis: { defaultColors: { '0 - 100': 'rgb(0,104,55)' } }, + }), description: '', version: 1, kibanaSavedObjectMeta: { @@ -241,7 +273,8 @@ export default [ index: 'wazuh-alerts', type: 'phrases', key: 'rule.groups', - value: 'win_authentication_failed, authentication_failed, authentication_failures', + value: + 'win_authentication_failed, authentication_failed, authentication_failures', params: [ 'win_authentication_failed', 'authentication_failed', @@ -311,7 +344,12 @@ export default [ labels: { show: true, color: 'black' }, scale: { show: false, labels: false, color: '#333', width: 2 }, type: 'simple', - style: { fontSize: 20, bgColor: false, labelColor: false, subText: '' }, + style: { + fontSize: 20, + bgColor: false, + labelColor: false, + subText: '', + }, }, }, aggs: [ @@ -324,7 +362,9 @@ export default [ }, ], }), - uiStateJSON: JSON.stringify({ vis: { defaultColors: { '0 - 100': 'rgb(0,104,55)' } } }), + uiStateJSON: JSON.stringify({ + vis: { defaultColors: { '0 - 100': 'rgb(0,104,55)' } }, + }), description: '', version: 1, kibanaSavedObjectMeta: { @@ -377,10 +417,21 @@ export default [ addLegend: true, legendPosition: 'right', isDonut: false, - labels: { show: false, values: true, last_level: true, truncate: 100 }, + labels: { + show: false, + values: true, + last_level: true, + truncate: 100, + }, }, aggs: [ - { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, + { + id: '1', + enabled: true, + type: 'count', + schema: 'metric', + params: {}, + }, { id: '2', enabled: true, @@ -425,10 +476,21 @@ export default [ addLegend: true, legendPosition: 'right', isDonut: true, - labels: { show: false, values: true, last_level: true, truncate: 100 }, + labels: { + show: false, + values: true, + last_level: true, + truncate: 100, + }, }, aggs: [ - { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, + { + id: '1', + enabled: true, + type: 'count', + schema: 'metric', + params: {}, + }, { id: '2', enabled: true, @@ -465,11 +527,61 @@ export default [ _source: { title: 'Alert groups evolution', visState: JSON.stringify({ - title: 'Alerts by group over time', + title: 'Alert groups evolution', type: 'area', + aggs: [ + { + id: '1', + enabled: true, + type: 'count', + params: {}, + schema: 'metric', + }, + { + id: '3', + enabled: true, + type: 'terms', + params: { + field: 'rule.groups', + orderBy: '1', + order: 'desc', + size: 10, + otherBucket: false, + otherBucketLabel: 'Other', + missingBucket: false, + missingBucketLabel: 'Missing', + }, + schema: 'group', + }, + { + id: '2', + enabled: true, + type: 'date_histogram', + params: { + field: 'timestamp', + timeRange: { + from: 'now-1M', + to: 'now', + }, + useNormalizedOpenSearchInterval: true, + scaleMetricValues: false, + interval: 'auto', + drop_partials: false, + min_doc_count: 1, + extended_bounds: {}, + }, + schema: 'segment', + }, + ], params: { type: 'area', - grid: { categoryLines: true, style: { color: '#eee' }, valueAxis: 'ValueAxis-1' }, + grid: { + categoryLines: true, + style: { + color: '#eee', + }, + valueAxis: 'ValueAxis-1', + }, categoryAxes: [ { id: 'CategoryAxis-1', @@ -477,8 +589,14 @@ export default [ position: 'bottom', show: true, style: {}, - scale: { type: 'linear' }, - labels: { show: true, filter: true, truncate: 100 }, + scale: { + type: 'linear', + }, + labels: { + show: true, + filter: true, + truncate: 100, + }, title: {}, }, ], @@ -490,9 +608,19 @@ export default [ position: 'left', show: true, style: {}, - scale: { type: 'linear', mode: 'normal' }, - labels: { show: true, rotate: 0, filter: false, truncate: 100 }, - title: { text: 'Count' }, + scale: { + type: 'linear', + mode: 'normal', + }, + labels: { + show: true, + rotate: 0, + filter: false, + truncate: 100, + }, + title: { + text: 'Count', + }, }, ], seriesParams: [ @@ -500,7 +628,10 @@ export default [ show: 'true', type: 'area', mode: 'stacked', - data: { label: 'Count', id: '1' }, + data: { + label: 'Count', + id: '1', + }, drawLinesBetweenPoints: true, showCircles: true, interpolate: 'cardinal', @@ -512,43 +643,15 @@ export default [ legendPosition: 'right', times: [], addTimeMarker: false, - }, - aggs: [ - { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, - { - id: '2', - enabled: true, - type: 'date_histogram', - schema: 'segment', - params: { - field: 'timestamp', - timeRange: { from: 'now-24h', to: 'now', mode: 'quick' }, - useNormalizedEsInterval: true, - interval: 'auto', - time_zone: 'Europe/Berlin', - drop_partials: false, - customInterval: '2h', - min_doc_count: 1, - extended_bounds: {}, - }, + thresholdLine: { + show: false, + value: 10, + width: 1, + style: 'full', + color: '#E7664C', }, - { - id: '3', - enabled: true, - type: 'terms', - schema: 'group', - params: { - field: 'rule.groups', - size: 5, - order: 'desc', - orderBy: '1', - otherBucket: false, - otherBucketLabel: 'Other', - missingBucket: false, - missingBucketLabel: 'Missing', - }, - }, - ], + labels: {}, + }, }), uiStateJSON: '{}', description: '', @@ -568,11 +671,61 @@ export default [ _source: { title: 'Alerts', visState: JSON.stringify({ - title: 'Alerts by action over time', + title: 'Top 10 Alerts', type: 'area', + aggs: [ + { + id: '1', + enabled: true, + type: 'count', + params: {}, + schema: 'metric', + }, + { + id: '3', + enabled: true, + type: 'terms', + params: { + field: 'rule.level', + orderBy: '1', + order: 'desc', + size: 10, + otherBucket: false, + otherBucketLabel: 'Other', + missingBucket: false, + missingBucketLabel: 'Missing', + }, + schema: 'group', + }, + { + id: '2', + enabled: true, + type: 'date_histogram', + params: { + field: 'timestamp', + timeRange: { + from: 'now-1M', + to: 'now', + }, + useNormalizedOpenSearchInterval: true, + scaleMetricValues: false, + interval: 'auto', + drop_partials: false, + min_doc_count: 1, + extended_bounds: {}, + }, + schema: 'segment', + }, + ], params: { type: 'area', - grid: { categoryLines: true, style: { color: '#eee' }, valueAxis: 'ValueAxis-1' }, + grid: { + categoryLines: true, + style: { + color: '#eee', + }, + valueAxis: 'ValueAxis-1', + }, categoryAxes: [ { id: 'CategoryAxis-1', @@ -580,8 +733,14 @@ export default [ position: 'bottom', show: true, style: {}, - scale: { type: 'linear' }, - labels: { show: true, filter: true, truncate: 100 }, + scale: { + type: 'linear', + }, + labels: { + show: true, + filter: true, + truncate: 100, + }, title: {}, }, ], @@ -593,9 +752,19 @@ export default [ position: 'left', show: true, style: {}, - scale: { type: 'linear', mode: 'normal' }, - labels: { show: true, rotate: 0, filter: false, truncate: 100 }, - title: { text: 'Count' }, + scale: { + type: 'linear', + mode: 'normal', + }, + labels: { + show: true, + rotate: 0, + filter: false, + truncate: 100, + }, + title: { + text: 'Count', + }, }, ], seriesParams: [ @@ -603,7 +772,10 @@ export default [ show: 'true', type: 'area', mode: 'stacked', - data: { label: 'Count', id: '1' }, + data: { + label: 'Count', + id: '1', + }, drawLinesBetweenPoints: true, showCircles: true, interpolate: 'cardinal', @@ -615,43 +787,15 @@ export default [ legendPosition: 'right', times: [], addTimeMarker: false, - }, - aggs: [ - { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, - { - id: '2', - enabled: true, - type: 'date_histogram', - schema: 'segment', - params: { - field: 'timestamp', - timeRange: { from: 'now-24h', to: 'now', mode: 'quick' }, - useNormalizedEsInterval: true, - interval: 'auto', - time_zone: 'Europe/Berlin', - drop_partials: false, - customInterval: '2h', - min_doc_count: 1, - extended_bounds: {}, - }, + thresholdLine: { + show: false, + value: 10, + width: 1, + style: 'full', + color: '#E7664C', }, - { - id: '3', - enabled: true, - type: 'terms', - schema: 'group', - params: { - field: 'rule.level', - size: 5, - order: 'desc', - orderBy: '1', - otherBucket: false, - otherBucketLabel: 'Other', - missingBucket: false, - missingBucketLabel: 'Missing', - }, - }, - ], + labels: {}, + }, }), uiStateJSON: '{}', description: '', @@ -684,7 +828,13 @@ export default [ totalFunc: 'sum', }, aggs: [ - { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, + { + id: '1', + enabled: true, + type: 'count', + schema: 'metric', + params: {}, + }, { id: '2', enabled: true, @@ -770,7 +920,13 @@ export default [ totalFunc: 'sum', }, aggs: [ - { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, + { + id: '1', + enabled: true, + type: 'count', + schema: 'metric', + params: {}, + }, { id: '2', enabled: true, diff --git a/plugins/main/server/integration-files/visualizations/agents/agents-github.ts b/plugins/main/server/integration-files/visualizations/agents/agents-github.ts index 17ac6e85c9..75ba3eefa1 100644 --- a/plugins/main/server/integration-files/visualizations/agents/agents-github.ts +++ b/plugins/main/server/integration-files/visualizations/agents/agents-github.ts @@ -16,138 +16,139 @@ export default [ _source: { title: 'Alerts evolution by organization', visState: JSON.stringify({ - "title": "Alerts evolution by organization", - "type": "area", - "aggs": [ + title: 'Alerts evolution by organization', + type: 'area', + aggs: [ { - "id": "1", - "enabled": true, - "type": "count", - "params": {}, - "schema": "metric" + id: '1', + enabled: true, + type: 'count', + params: {}, + schema: 'metric', }, { - "id": "2", - "enabled": true, - "type": "date_histogram", - "params": { - "field": "timestamp", - "timeRange": { - "from": "now-7d", - "to": "now" - }, - "useNormalizedEsInterval": true, - "scaleMetricValues": false, - "interval": "auto", - "drop_partials": false, - "min_doc_count": 1, - "extended_bounds": {}, - "customLabel": "" + id: '3', + enabled: true, + type: 'terms', + params: { + field: 'data.github.org', + orderBy: '1', + order: 'desc', + size: 5, + otherBucket: false, + otherBucketLabel: 'Other', + missingBucket: false, + missingBucketLabel: 'Missing', }, - "schema": "segment" + schema: 'group', }, { - "id": "3", - "enabled": true, - "type": "terms", - "params": { - "field": "data.github.org", - "orderBy": "1", - "order": "desc", - "size": 5, - "otherBucket": false, - "otherBucketLabel": "Other", - "missingBucket": false, - "missingBucketLabel": "Missing" + id: '2', + enabled: true, + type: 'date_histogram', + params: { + field: 'timestamp', + timeRange: { + from: 'now-7d', + to: 'now', + }, + useNormalizedEsInterval: true, + scaleMetricValues: false, + interval: 'auto', + drop_partials: false, + min_doc_count: 1, + extended_bounds: {}, + customLabel: '', }, - "schema": "group" - } + schema: 'segment', + }, ], - "params": { - "type": "area", - "grid": { - "categoryLines": false + params: { + type: 'area', + grid: { + categoryLines: false, }, - "categoryAxes": [ + categoryAxes: [ { - "id": "CategoryAxis-1", - "type": "category", - "position": "bottom", - "show": true, - "style": {}, - "scale": { - "type": "linear" + id: 'CategoryAxis-1', + type: 'category', + position: 'bottom', + show: true, + style: {}, + scale: { + type: 'linear', }, - "labels": { - "show": true, - "filter": true, - "truncate": 100, - "rotate": 0 + labels: { + show: true, + filter: true, + truncate: 100, + rotate: 0, }, - "title": {} - } + title: {}, + }, ], - "valueAxes": [ + valueAxes: [ { - "id": "ValueAxis-1", - "name": "LeftAxis-1", - "type": "value", - "position": "left", - "show": true, - "style": {}, - "scale": { - "type": "linear", - "mode": "normal" + id: 'ValueAxis-1', + name: 'LeftAxis-1', + type: 'value', + position: 'left', + show: true, + style: {}, + scale: { + type: 'linear', + mode: 'normal', + }, + labels: { + show: true, + rotate: 0, + filter: false, + truncate: 100, }, - "labels": { - "show": true, - "rotate": 0, - "filter": false, - "truncate": 100 + title: { + text: 'Count', }, - "title": { - "text": "Count" - } - } + }, ], - "seriesParams": [ + seriesParams: [ { - "show": true, - "type": "line", - "mode": "normal", - "data": { - "label": "Count", - "id": "1" + show: true, + type: 'line', + mode: 'normal', + data: { + label: 'Count', + id: '1', }, - "drawLinesBetweenPoints": true, - "lineWidth": 2, - "showCircles": true, - "interpolate": "linear", - "valueAxis": "ValueAxis-1" - } + drawLinesBetweenPoints: true, + lineWidth: 2, + showCircles: true, + interpolate: 'linear', + valueAxis: 'ValueAxis-1', + }, ], - "addTooltip": true, - "addLegend": true, - "legendPosition": "right", - "times": [], - "addTimeMarker": false, - "thresholdLine": { - "show": false, - "value": 10, - "width": 1, - "style": "full", - "color": "#E7664C" + addTooltip: true, + addLegend: true, + legendPosition: 'right', + times: [], + addTimeMarker: false, + thresholdLine: { + show: false, + value: 10, + width: 1, + style: 'full', + color: '#E7664C', }, - "labels": {}, - "orderBucketsBySum": false - } + labels: {}, + orderBucketsBySum: false, + }, }), uiStateJSON: '', description: '', version: 1, kibanaSavedObjectMeta: { - searchSourceJSON: '{"index":"wazuh-alerts","filter":[],"query":{"query":"","language":"lucene"}}', - } + searchSourceJSON: + '{"index":"wazuh-alerts","filter":[],"query":{"query":"","language":"lucene"}}', + }, }, _type: 'visualization', }, @@ -156,53 +157,54 @@ export default [ _source: { title: 'Top 5 organizations by alerts', visState: JSON.stringify({ - "title": "Top 5 organizations by alerts", - "type": "pie", - "aggs": [ + title: 'Top 5 organizations by alerts', + type: 'pie', + aggs: [ { - "id": "1", - "enabled": true, - "type": "count", - "params": {}, - "schema": "metric" + id: '1', + enabled: true, + type: 'count', + params: {}, + schema: 'metric', }, { - "id": "2", - "enabled": true, - "type": "terms", - "params": { - "field": "data.github.org", - "orderBy": "1", - "order": "desc", - "size": 5, - "otherBucket": false, - "otherBucketLabel": "Other", - "missingBucket": false, - "missingBucketLabel": "Missing" + id: '2', + enabled: true, + type: 'terms', + params: { + field: 'data.github.org', + orderBy: '1', + order: 'desc', + size: 5, + otherBucket: false, + otherBucketLabel: 'Other', + missingBucket: false, + missingBucketLabel: 'Missing', }, - "schema": "segment" - } + schema: 'segment', + }, ], - "params": { - "type": "pie", - "addTooltip": true, - "addLegend": true, - "legendPosition": "right", - "isDonut": false, - "labels": { - "show": false, - "values": true, - "last_level": true, - "truncate": 100 - } - } + params: { + type: 'pie', + addTooltip: true, + addLegend: true, + legendPosition: 'right', + isDonut: false, + labels: { + show: false, + values: true, + last_level: true, + truncate: 100, + }, + }, }), uiStateJSON: '', description: '', version: 1, kibanaSavedObjectMeta: { - searchSourceJSON: '{"index":"wazuh-alerts","filter":[],"query":{"query":"","language":"lucene"}}', - } + searchSourceJSON: + '{"index":"wazuh-alerts","filter":[],"query":{"query":"","language":"lucene"}}', + }, }, _type: 'visualization', }, @@ -211,132 +213,133 @@ export default [ _source: { title: 'Users with more alerts', visState: JSON.stringify({ - "title": "Users with more alerts", - "type": "line", - "aggs": [ + title: 'Users with more alerts', + type: 'line', + aggs: [ { - "id": "1", - "enabled": true, - "type": "count", - "params": {}, - "schema": "metric" + id: '1', + enabled: true, + type: 'count', + params: {}, + schema: 'metric', }, { - "id": "4", - "enabled": true, - "type": "terms", - "params": { - "field": "data.github.org", - "orderBy": "1", - "order": "desc", - "size": 5, - "otherBucket": false, - "otherBucketLabel": "Other", - "missingBucket": false, - "missingBucketLabel": "Missing" + id: '4', + enabled: true, + type: 'terms', + params: { + field: 'data.github.org', + orderBy: '1', + order: 'desc', + size: 5, + otherBucket: false, + otherBucketLabel: 'Other', + missingBucket: false, + missingBucketLabel: 'Missing', }, - "schema": "segment" + schema: 'segment', }, { - "id": "3", - "enabled": true, - "type": "terms", - "params": { - "field": "data.github.actor", - "orderBy": "1", - "order": "desc", - "size": 5, - "otherBucket": false, - "otherBucketLabel": "Other", - "missingBucket": false, - "missingBucketLabel": "Missing" + id: '3', + enabled: true, + type: 'terms', + params: { + field: 'data.github.actor', + orderBy: '1', + order: 'desc', + size: 5, + otherBucket: false, + otherBucketLabel: 'Other', + missingBucket: false, + missingBucketLabel: 'Missing', }, - "schema": "group" - } + schema: 'group', + }, ], - "params": { - "type": "line", - "grid": { - "categoryLines": false + params: { + type: 'line', + grid: { + categoryLines: false, }, - "categoryAxes": [ + categoryAxes: [ { - "id": "CategoryAxis-1", - "type": "category", - "position": "bottom", - "show": true, - "style": {}, - "scale": { - "type": "linear" + id: 'CategoryAxis-1', + type: 'category', + position: 'bottom', + show: true, + style: {}, + scale: { + type: 'linear', }, - "labels": { - "show": true, - "filter": true, - "truncate": 100 + labels: { + show: true, + filter: true, + truncate: 100, }, - "title": {} - } + title: {}, + }, ], - "valueAxes": [ + valueAxes: [ { - "id": "ValueAxis-1", - "name": "LeftAxis-1", - "type": "value", - "position": "left", - "show": true, - "style": {}, - "scale": { - "type": "linear", - "mode": "normal" + id: 'ValueAxis-1', + name: 'LeftAxis-1', + type: 'value', + position: 'left', + show: true, + style: {}, + scale: { + type: 'linear', + mode: 'normal', + }, + labels: { + show: true, + rotate: 0, + filter: false, + truncate: 100, }, - "labels": { - "show": true, - "rotate": 0, - "filter": false, - "truncate": 100 + title: { + text: 'Count', }, - "title": { - "text": "Count" - } - } + }, ], - "seriesParams": [ + seriesParams: [ { - "show": true, - "type": "histogram", - "mode": "stacked", - "data": { - "label": "Count", - "id": "1" + show: true, + type: 'histogram', + mode: 'stacked', + data: { + label: 'Count', + id: '1', }, - "valueAxis": "ValueAxis-1", - "drawLinesBetweenPoints": true, - "lineWidth": 2, - "interpolate": "linear", - "showCircles": true - } + valueAxis: 'ValueAxis-1', + drawLinesBetweenPoints: true, + lineWidth: 2, + interpolate: 'linear', + showCircles: true, + }, ], - "addTooltip": true, - "addLegend": true, - "legendPosition": "right", - "times": [], - "addTimeMarker": false, - "labels": {}, - "thresholdLine": { - "show": false, - "value": 10, - "width": 1, - "style": "full", - "color": "#E7664C" - } - } + addTooltip: true, + addLegend: true, + legendPosition: 'right', + times: [], + addTimeMarker: false, + labels: {}, + thresholdLine: { + show: false, + value: 10, + width: 1, + style: 'full', + color: '#E7664C', + }, + }, }), uiStateJSON: '', description: '', version: 1, kibanaSavedObjectMeta: { - searchSourceJSON: '{"index":"wazuh-alerts","filter":[],"query":{"query":"","language":"lucene"}}', - } + searchSourceJSON: + '{"index":"wazuh-alerts","filter":[],"query":{"query":"","language":"lucene"}}', + }, }, _type: 'visualization', }, @@ -345,69 +348,70 @@ export default [ _source: { title: 'Top alerts by alert action type and organization', visState: JSON.stringify({ - "title": "Top alerts by alert action type and organization", - "type": "pie", - "aggs": [ + title: 'Top alerts by alert action type and organization', + type: 'pie', + aggs: [ { - "id": "1", - "enabled": true, - "type": "count", - "params": {}, - "schema": "metric" + id: '1', + enabled: true, + type: 'count', + params: {}, + schema: 'metric', }, { - "id": "3", - "enabled": true, - "type": "terms", - "params": { - "field": "data.github.org", - "orderBy": "1", - "order": "desc", - "size": 5, - "otherBucket": false, - "otherBucketLabel": "Other", - "missingBucket": false, - "missingBucketLabel": "Missing" + id: '3', + enabled: true, + type: 'terms', + params: { + field: 'data.github.org', + orderBy: '1', + order: 'desc', + size: 5, + otherBucket: false, + otherBucketLabel: 'Other', + missingBucket: false, + missingBucketLabel: 'Missing', }, - "schema": "segment" + schema: 'segment', }, { - "id": "2", - "enabled": true, - "type": "terms", - "params": { - "field": "data.github.action", - "orderBy": "1", - "order": "desc", - "size": 3, - "otherBucket": false, - "otherBucketLabel": "Other", - "missingBucket": false, - "missingBucketLabel": "Missing" + id: '2', + enabled: true, + type: 'terms', + params: { + field: 'data.github.action', + orderBy: '1', + order: 'desc', + size: 3, + otherBucket: false, + otherBucketLabel: 'Other', + missingBucket: false, + missingBucketLabel: 'Missing', }, - "schema": "segment" - } + schema: 'segment', + }, ], - "params": { - "type": "pie", - "addTooltip": true, - "addLegend": true, - "legendPosition": "right", - "isDonut": true, - "labels": { - "show": false, - "values": true, - "last_level": true, - "truncate": 100 - } - } + params: { + type: 'pie', + addTooltip: true, + addLegend: true, + legendPosition: 'right', + isDonut: true, + labels: { + show: false, + values: true, + last_level: true, + truncate: 100, + }, + }, }), uiStateJSON: '', description: '', version: 1, kibanaSavedObjectMeta: { - searchSourceJSON: '{"index":"wazuh-alerts","filter":[],"query":{"query":"","language":"lucene"}}', - } + searchSourceJSON: + '{"index":"wazuh-alerts","filter":[],"query":{"query":"","language":"lucene"}}', + }, }, _type: 'visualization', }, @@ -416,77 +420,77 @@ export default [ _source: { title: 'Alerts summary', visState: JSON.stringify({ - "title": "Alerts summary", - "type": "table", - "aggs": [ + title: 'Alerts summary', + type: 'table', + aggs: [ { - "id": "1", - "enabled": true, - "type": "count", - "params": {}, - "schema": "metric" + id: '1', + enabled: true, + type: 'count', + params: {}, + schema: 'metric', }, { - "id": "2", - "enabled": true, - "type": "terms", - "params": { - "field": "agent.name", - "orderBy": "1", - "order": "desc", - "size": 50, - "otherBucket": false, - "otherBucketLabel": "Other", - "missingBucket": false, - "missingBucketLabel": "Missing" + id: '2', + enabled: true, + type: 'terms', + params: { + field: 'agent.name', + orderBy: '1', + order: 'desc', + size: 50, + otherBucket: false, + otherBucketLabel: 'Other', + missingBucket: false, + missingBucketLabel: 'Missing', }, - "schema": "bucket" + schema: 'bucket', }, { - "id": "3", - "enabled": true, - "type": "terms", - "params": { - "field": "data.github.org", - "orderBy": "1", - "order": "desc", - "size": 10, - "otherBucket": false, - "otherBucketLabel": "Other", - "missingBucket": false, - "missingBucketLabel": "Missing" + id: '3', + enabled: true, + type: 'terms', + params: { + field: 'data.github.org', + orderBy: '1', + order: 'desc', + size: 10, + otherBucket: false, + otherBucketLabel: 'Other', + missingBucket: false, + missingBucketLabel: 'Missing', }, - "schema": "bucket" + schema: 'bucket', }, { - "id": "4", - "enabled": true, - "type": "terms", - "params": { - "field": "rule.description", - "orderBy": "1", - "order": "desc", - "size": 10, - "otherBucket": false, - "otherBucketLabel": "Other", - "missingBucket": false, - "missingBucketLabel": "Missing" + id: '4', + enabled: true, + type: 'terms', + params: { + field: 'rule.description', + orderBy: '1', + order: 'desc', + size: 10, + otherBucket: false, + otherBucketLabel: 'Other', + missingBucket: false, + missingBucketLabel: 'Missing', }, - "schema": "bucket" - } + schema: 'bucket', + }, ], - "params": { - "perPage": 10, - "showPartialRows": false, - "showMetricsAtAllLevels": false, - "sort": { - "columnIndex": null, - "direction": null + params: { + perPage: 10, + showPartialRows: false, + showMetricsAtAllLevels: false, + sort: { + columnIndex: null, + direction: null, }, - "showTotal": false, - "totalFunc": "sum", - "percentageCol": "" - } + showTotal: false, + totalFunc: 'sum', + percentageCol: '', + }, }), uiStateJSON: JSON.stringify({ vis: { params: { sort: { columnIndex: 3, direction: 'desc' } } }, @@ -494,9 +498,10 @@ export default [ description: '', version: 1, kibanaSavedObjectMeta: { - searchSourceJSON: '{"index":"wazuh-alerts","filter":[],"query":{"query":"","language":"lucene"}}', - } + searchSourceJSON: + '{"index":"wazuh-alerts","filter":[],"query":{"query":"","language":"lucene"}}', + }, }, _type: 'visualization', - } + }, ]; diff --git a/plugins/main/server/integration-files/visualizations/agents/agents-hipaa.ts b/plugins/main/server/integration-files/visualizations/agents/agents-hipaa.ts index 6c9d3f6ded..1370e04e1d 100644 --- a/plugins/main/server/integration-files/visualizations/agents/agents-hipaa.ts +++ b/plugins/main/server/integration-files/visualizations/agents/agents-hipaa.ts @@ -69,12 +69,29 @@ export default [ date: true, interval: 'PT12H', format: 'YYYY-MM-DD HH:mm', - bounds: { min: '2019-07-24T10:27:37.970Z', max: '2019-08-23T10:27:37.970Z' }, + bounds: { + min: '2019-07-24T10:27:37.970Z', + max: '2019-08-23T10:27:37.970Z', + }, }, aggType: 'date_histogram', }, - y: [{ accessor: 2, format: { id: 'number' }, params: {}, aggType: 'count' }], - z: [{ accessor: 3, format: { id: 'number' }, params: {}, aggType: 'count' }], + y: [ + { + accessor: 2, + format: { id: 'number' }, + params: {}, + aggType: 'count', + }, + ], + z: [ + { + accessor: 3, + format: { id: 'number' }, + params: {}, + aggType: 'count', + }, + ], series: [ { accessor: 1, @@ -94,22 +111,12 @@ export default [ radiusRatio: 20, }, aggs: [ - { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, { - id: '2', + id: '1', enabled: true, - type: 'date_histogram', - schema: 'segment', - params: { - field: 'timestamp', - timeRange: { from: 'now-30d', to: 'now' }, - useNormalizedEsInterval: true, - interval: 'auto', - drop_partials: false, - min_doc_count: 1, - extended_bounds: {}, - customLabel: 'Timestampt', - }, + type: 'count', + schema: 'metric', + params: {}, }, { id: '3', @@ -128,7 +135,29 @@ export default [ customLabel: 'Requirement', }, }, - { id: '4', enabled: true, type: 'count', schema: 'radius', params: {} }, + { + id: '2', + enabled: true, + type: 'date_histogram', + schema: 'segment', + params: { + field: 'timestamp', + timeRange: { from: 'now-30d', to: 'now' }, + useNormalizedEsInterval: true, + interval: 'auto', + drop_partials: false, + min_doc_count: 1, + extended_bounds: {}, + customLabel: 'Timestampt', + }, + }, + { + id: '4', + enabled: true, + type: 'count', + schema: 'radius', + params: {}, + }, ], }), uiStateJSON: '{}', @@ -201,12 +230,23 @@ export default [ accessor: 0, format: { id: 'terms', - params: { id: 'string', otherBucketLabel: 'Other', missingBucketLabel: 'Missing' }, + params: { + id: 'string', + otherBucketLabel: 'Other', + missingBucketLabel: 'Missing', + }, }, params: {}, aggType: 'terms', }, - y: [{ accessor: 2, format: { id: 'number' }, params: {}, aggType: 'count' }], + y: [ + { + accessor: 2, + format: { id: 'number' }, + params: {}, + aggType: 'count', + }, + ], series: [ { accessor: 1, @@ -226,7 +266,13 @@ export default [ orderBucketsBySum: true, }, aggs: [ - { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, + { + id: '1', + enabled: true, + type: 'count', + schema: 'metric', + params: {}, + }, { id: '2', enabled: true, @@ -289,18 +335,32 @@ export default [ minFontSize: 15, maxFontSize: 25, showLabel: true, - metric: { type: 'vis_dimension', accessor: 1, format: { id: 'string', params: {} } }, + metric: { + type: 'vis_dimension', + accessor: 1, + format: { id: 'string', params: {} }, + }, bucket: { type: 'vis_dimension', accessor: 0, format: { id: 'terms', - params: { id: 'string', otherBucketLabel: 'Other', missingBucketLabel: 'Missing' }, + params: { + id: 'string', + otherBucketLabel: 'Other', + missingBucketLabel: 'Missing', + }, }, }, }, aggs: [ - { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, + { + id: '1', + enabled: true, + type: 'count', + schema: 'metric', + params: {}, + }, { id: '2', enabled: true, @@ -346,9 +406,19 @@ export default [ addLegend: true, legendPosition: 'right', isDonut: true, - labels: { show: false, values: true, last_level: true, truncate: 100 }, + labels: { + show: false, + values: true, + last_level: true, + truncate: 100, + }, dimensions: { - metric: { accessor: 1, format: { id: 'number' }, params: {}, aggType: 'count' }, + metric: { + accessor: 1, + format: { id: 'number' }, + params: {}, + aggType: 'count', + }, buckets: [ { accessor: 0, @@ -367,7 +437,13 @@ export default [ }, }, aggs: [ - { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, + { + id: '1', + enabled: true, + type: 'count', + schema: 'metric', + params: {}, + }, { id: '2', enabled: true, @@ -460,30 +536,30 @@ export default [ date: true, interval: 'PT1H', format: 'YYYY-MM-DD HH:mm', - bounds: { min: '2019-08-19T09:19:10.911Z', max: '2019-08-23T09:19:10.911Z' }, + bounds: { + min: '2019-08-19T09:19:10.911Z', + max: '2019-08-23T09:19:10.911Z', + }, }, aggType: 'date_histogram', }, - y: [{ accessor: 1, format: { id: 'number' }, params: {}, aggType: 'count' }], + y: [ + { + accessor: 1, + format: { id: 'number' }, + params: {}, + aggType: 'count', + }, + ], }, }, aggs: [ - { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, { - id: '2', + id: '1', enabled: true, - type: 'date_histogram', - schema: 'segment', - params: { - field: 'timestamp', - timeRange: { from: 'now-4d', to: 'now' }, - useNormalizedEsInterval: true, - interval: 'auto', - drop_partials: false, - min_doc_count: 1, - extended_bounds: {}, - customLabel: 'Timestampt', - }, + type: 'count', + schema: 'metric', + params: {}, }, { id: '3', @@ -502,6 +578,22 @@ export default [ customLabel: 'Requirement', }, }, + { + id: '2', + enabled: true, + type: 'date_histogram', + schema: 'segment', + params: { + field: 'timestamp', + timeRange: { from: 'now-4d', to: 'now' }, + useNormalizedEsInterval: true, + interval: 'auto', + drop_partials: false, + min_doc_count: 1, + extended_bounds: {}, + customLabel: 'Timestampt', + }, + }, ], }), uiStateJSON: '{}', @@ -534,7 +626,14 @@ export default [ showToolbar: true, totalFunc: 'sum', dimensions: { - metrics: [{ accessor: 3, format: { id: 'number' }, params: {}, aggType: 'count' }], + metrics: [ + { + accessor: 3, + format: { id: 'number' }, + params: {}, + aggType: 'count', + }, + ], buckets: [ { accessor: 0, @@ -579,7 +678,13 @@ export default [ }, }, aggs: [ - { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, + { + id: '1', + enabled: true, + type: 'count', + schema: 'metric', + params: {}, + }, { id: '3', enabled: true, diff --git a/plugins/main/server/integration-files/visualizations/agents/agents-mitre.ts b/plugins/main/server/integration-files/visualizations/agents/agents-mitre.ts index 7ba64daa01..19dbf42591 100644 --- a/plugins/main/server/integration-files/visualizations/agents/agents-mitre.ts +++ b/plugins/main/server/integration-files/visualizations/agents/agents-mitre.ts @@ -16,7 +16,13 @@ export default [ title: 'Mitre attack count', visState: JSON.stringify({ aggs: [ - { enabled: true, id: '1', params: {}, schema: 'metric', type: 'count' }, + { + enabled: true, + id: '1', + params: {}, + schema: 'metric', + type: 'count', + }, { enabled: true, id: '2', @@ -38,7 +44,14 @@ export default [ params: { dimensions: { buckets: [], - metrics: [{ accessor: 0, aggType: 'count', format: { id: 'number' }, params: {} }], + metrics: [ + { + accessor: 0, + aggType: 'count', + format: { id: 'number' }, + params: {}, + }, + ], }, perPage: 10, percentageCol: '', @@ -118,7 +131,13 @@ export default [ times: [], addTimeMarker: false, labels: {}, - thresholdLine: { show: false, value: 10, width: 1, style: 'full', color: '#34130C' }, + thresholdLine: { + show: false, + value: 10, + width: 1, + style: 'full', + color: '#34130C', + }, dimensions: { x: { accessor: 0, @@ -127,11 +146,21 @@ export default [ date: true, interval: 'PT3H', format: 'YYYY-MM-DD HH:mm', - bounds: { min: '2019-11-07T15:45:45.770Z', max: '2019-11-14T15:45:45.770Z' }, + bounds: { + min: '2019-11-07T15:45:45.770Z', + max: '2019-11-14T15:45:45.770Z', + }, }, aggType: 'date_histogram', }, - y: [{ accessor: 2, format: { id: 'number' }, params: {}, aggType: 'count' }], + y: [ + { + accessor: 2, + format: { id: 'number' }, + params: {}, + aggType: 'count', + }, + ], series: [ { accessor: 1, @@ -150,21 +179,12 @@ export default [ }, }, aggs: [ - { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, { - id: '2', + id: '1', enabled: true, - type: 'date_histogram', - schema: 'segment', - params: { - field: 'timestamp', - timeRange: { from: 'now-7d', to: 'now' }, - useNormalizedEsInterval: true, - interval: 'auto', - drop_partials: false, - min_doc_count: 1, - extended_bounds: {}, - }, + type: 'count', + schema: 'metric', + params: {}, }, { id: '3', @@ -183,6 +203,21 @@ export default [ missingBucketLabel: 'Missing', }, }, + { + id: '2', + enabled: true, + type: 'date_histogram', + schema: 'segment', + params: { + field: 'timestamp', + timeRange: { from: 'now-7d', to: 'now' }, + useNormalizedEsInterval: true, + interval: 'auto', + drop_partials: false, + min_doc_count: 1, + extended_bounds: {}, + }, + }, ], }), uiStateJSON: '{}', @@ -209,7 +244,12 @@ export default [ addLegend: true, addTooltip: true, dimensions: { - metric: { accessor: 1, format: { id: 'number' }, params: {}, aggType: 'count' }, + metric: { + accessor: 1, + format: { id: 'number' }, + params: {}, + aggType: 'count', + }, buckets: [ { accessor: 0, @@ -240,12 +280,23 @@ export default [ ], }, isDonut: true, - labels: { last_level: true, show: false, truncate: 100, values: true }, + labels: { + last_level: true, + show: false, + truncate: 100, + values: true, + }, legendPosition: 'right', type: 'pie', }, aggs: [ - { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, + { + id: '1', + enabled: true, + type: 'count', + schema: 'metric', + params: {}, + }, { id: '2', enabled: true, @@ -308,9 +359,19 @@ export default [ addLegend: true, legendPosition: 'right', isDonut: true, - labels: { show: false, values: true, last_level: true, truncate: 100 }, + labels: { + show: false, + values: true, + last_level: true, + truncate: 100, + }, dimensions: { - metric: { accessor: 1, format: { id: 'number' }, params: {}, aggType: 'count' }, + metric: { + accessor: 1, + format: { id: 'number' }, + params: {}, + aggType: 'count', + }, buckets: [ { accessor: 0, @@ -342,7 +403,13 @@ export default [ }, }, aggs: [ - { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, + { + id: '1', + enabled: true, + type: 'count', + schema: 'metric', + params: {}, + }, { id: '3', enabled: true, @@ -405,9 +472,19 @@ export default [ addLegend: true, legendPosition: 'right', isDonut: true, - labels: { show: false, values: true, last_level: true, truncate: 100 }, + labels: { + show: false, + values: true, + last_level: true, + truncate: 100, + }, dimensions: { - metric: { accessor: 1, format: { id: 'number' }, params: {}, aggType: 'count' }, + metric: { + accessor: 1, + format: { id: 'number' }, + params: {}, + aggType: 'count', + }, buckets: [ { accessor: 0, @@ -452,7 +529,13 @@ export default [ }, }, aggs: [ - { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, + { + id: '1', + enabled: true, + type: 'count', + schema: 'metric', + params: {}, + }, { id: '3', enabled: true, @@ -554,10 +637,23 @@ export default [ times: [], addTimeMarker: false, labels: { show: false }, - thresholdLine: { show: false, value: 10, width: 1, style: 'full', color: '#34130C' }, + thresholdLine: { + show: false, + value: 10, + width: 1, + style: 'full', + color: '#34130C', + }, dimensions: { x: null, - y: [{ accessor: 1, format: { id: 'number' }, params: {}, aggType: 'count' }], + y: [ + { + accessor: 1, + format: { id: 'number' }, + params: {}, + aggType: 'count', + }, + ], series: [ { accessor: 0, @@ -576,7 +672,13 @@ export default [ }, }, aggs: [ - { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, + { + id: '1', + enabled: true, + type: 'count', + schema: 'metric', + params: {}, + }, { id: '2', enabled: true, @@ -637,9 +739,19 @@ export default [ addLegend: true, legendPosition: 'right', isDonut: false, - labels: { show: false, values: true, last_level: true, truncate: 100 }, + labels: { + show: false, + values: true, + last_level: true, + truncate: 100, + }, dimensions: { - metric: { accessor: 1, format: { id: 'number' }, params: {}, aggType: 'count' }, + metric: { + accessor: 1, + format: { id: 'number' }, + params: {}, + aggType: 'count', + }, buckets: [ { accessor: 0, @@ -658,7 +770,13 @@ export default [ }, }, aggs: [ - { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, + { + id: '1', + enabled: true, + type: 'count', + schema: 'metric', + params: {}, + }, { id: '2', enabled: true, @@ -708,7 +826,13 @@ export default [ totalFunc: 'sum', }, aggs: [ - { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, + { + id: '1', + enabled: true, + type: 'count', + schema: 'metric', + params: {}, + }, { id: '2', enabled: true, diff --git a/plugins/main/server/integration-files/visualizations/agents/agents-nist.ts b/plugins/main/server/integration-files/visualizations/agents/agents-nist.ts index 35556a42e5..4f0247f6e1 100644 --- a/plugins/main/server/integration-files/visualizations/agents/agents-nist.ts +++ b/plugins/main/server/integration-files/visualizations/agents/agents-nist.ts @@ -26,12 +26,26 @@ export default [ colorsRange: [{ type: 'range', from: 0, to: 10000 }], labels: { show: true }, invertColors: false, - style: { bgFill: '#000', bgColor: false, labelColor: false, subText: '', fontSize: 20 }, + style: { + bgFill: '#000', + bgColor: false, + labelColor: false, + subText: '', + fontSize: 20, + }, }, dimensions: { metrics: [ - { type: 'vis_dimension', accessor: 0, format: { id: 'number', params: {} } }, - { type: 'vis_dimension', accessor: 1, format: { id: 'number', params: {} } }, + { + type: 'vis_dimension', + accessor: 0, + format: { id: 'number', params: {} }, + }, + { + type: 'vis_dimension', + accessor: 1, + format: { id: 'number', params: {} }, + }, ], }, addTooltip: true, @@ -81,13 +95,29 @@ export default [ addLegend: true, legendPosition: 'right', isDonut: true, - labels: { show: false, values: true, last_level: true, truncate: 100 }, + labels: { + show: false, + values: true, + last_level: true, + truncate: 100, + }, dimensions: { - metric: { accessor: 0, format: { id: 'number' }, params: {}, aggType: 'count' }, + metric: { + accessor: 0, + format: { id: 'number' }, + params: {}, + aggType: 'count', + }, }, }, aggs: [ - { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, + { + id: '1', + enabled: true, + type: 'count', + schema: 'metric', + params: {}, + }, { id: '2', enabled: true, @@ -176,12 +206,23 @@ export default [ accessor: 0, format: { id: 'terms', - params: { id: 'string', otherBucketLabel: 'Other', missingBucketLabel: 'Missing' }, + params: { + id: 'string', + otherBucketLabel: 'Other', + missingBucketLabel: 'Missing', + }, }, params: {}, aggType: 'terms', }, - y: [{ accessor: 2, format: { id: 'number' }, params: {}, aggType: 'count' }], + y: [ + { + accessor: 2, + format: { id: 'number' }, + params: {}, + aggType: 'count', + }, + ], series: [ { accessor: 1, @@ -201,7 +242,13 @@ export default [ labels: { show: false }, }, aggs: [ - { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, + { + id: '1', + enabled: true, + type: 'count', + schema: 'metric', + params: {}, + }, { id: '2', enabled: true, @@ -267,7 +314,13 @@ export default [ labels: { show: true, values: true, last_level: true, truncate: 100 }, }, aggs: [ - { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, + { + id: '1', + enabled: true, + type: 'count', + schema: 'metric', + params: {}, + }, { id: '2', enabled: true, @@ -359,11 +412,21 @@ export default [ date: true, interval: 'PT1H', format: 'YYYY-MM-DD HH:mm', - bounds: { min: '2019-08-19T09:46:35.795Z', max: '2019-08-23T09:46:35.795Z' }, + bounds: { + min: '2019-08-19T09:46:35.795Z', + max: '2019-08-23T09:46:35.795Z', + }, }, aggType: 'date_histogram', }, - y: [{ accessor: 2, format: { id: 'number' }, params: {}, aggType: 'count' }], + y: [ + { + accessor: 2, + format: { id: 'number' }, + params: {}, + aggType: 'count', + }, + ], series: [ { accessor: 1, @@ -382,22 +445,12 @@ export default [ }, }, aggs: [ - { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, { - id: '2', + id: '1', enabled: true, - type: 'date_histogram', - schema: 'segment', - params: { - field: 'timestamp', - timeRange: { from: 'now-4d', to: 'now' }, - useNormalizedEsInterval: true, - interval: 'auto', - drop_partials: false, - min_doc_count: 1, - extended_bounds: {}, - customLabel: 'Timestamp', - }, + type: 'count', + schema: 'metric', + params: {}, }, { id: '3', @@ -416,6 +469,22 @@ export default [ customLabel: 'Requirement', }, }, + { + id: '2', + enabled: true, + type: 'date_histogram', + schema: 'segment', + params: { + field: 'timestamp', + timeRange: { from: 'now-4d', to: 'now' }, + useNormalizedEsInterval: true, + interval: 'auto', + drop_partials: false, + min_doc_count: 1, + extended_bounds: {}, + customLabel: 'Timestamp', + }, + }, ], }), uiStateJSON: '{}', @@ -448,7 +517,14 @@ export default [ showToolbar: true, totalFunc: 'sum', dimensions: { - metrics: [{ accessor: 3, format: { id: 'number' }, params: {}, aggType: 'count' }], + metrics: [ + { + accessor: 3, + format: { id: 'number' }, + params: {}, + aggType: 'count', + }, + ], buckets: [ { accessor: 0, @@ -493,7 +569,13 @@ export default [ }, }, aggs: [ - { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, + { + id: '1', + enabled: true, + type: 'count', + schema: 'metric', + params: {}, + }, { id: '3', enabled: true, diff --git a/plugins/main/server/integration-files/visualizations/overview/overview-aws.ts b/plugins/main/server/integration-files/visualizations/overview/overview-aws.ts index 7a84b7e084..34c6d3f958 100644 --- a/plugins/main/server/integration-files/visualizations/overview/overview-aws.ts +++ b/plugins/main/server/integration-files/visualizations/overview/overview-aws.ts @@ -233,6 +233,22 @@ export default [ schema: 'metric', params: {}, }, + { + id: '3', + enabled: true, + type: 'terms', + schema: 'group', + params: { + field: 'data.aws.source', + size: 5, + order: 'desc', + orderBy: '1', + otherBucket: false, + otherBucketLabel: 'Other', + missingBucket: false, + missingBucketLabel: 'Missing', + }, + }, { id: '2', enabled: true, @@ -250,22 +266,6 @@ export default [ extended_bounds: {}, }, }, - { - id: '3', - enabled: true, - type: 'terms', - schema: 'group', - params: { - field: 'data.aws.source', - size: 5, - order: 'desc', - orderBy: '1', - otherBucket: false, - otherBucketLabel: 'Other', - missingBucket: false, - missingBucketLabel: 'Missing', - }, - }, ], }), uiStateJSON: '{}', @@ -582,6 +582,22 @@ export default [ schema: 'metric', params: {}, }, + { + id: '3', + enabled: true, + type: 'terms', + schema: 'group', + params: { + field: 'data.aws.log_info.s3bucket', + size: 5, + order: 'desc', + orderBy: '1', + otherBucket: false, + otherBucketLabel: 'Other', + missingBucket: false, + missingBucketLabel: 'Missing', + }, + }, { id: '2', enabled: true, @@ -599,22 +615,6 @@ export default [ extended_bounds: {}, }, }, - { - id: '3', - enabled: true, - type: 'terms', - schema: 'group', - params: { - field: 'data.aws.log_info.s3bucket', - size: 5, - order: 'desc', - orderBy: '1', - otherBucket: false, - otherBucketLabel: 'Other', - missingBucket: false, - missingBucketLabel: 'Missing', - }, - }, ], }), uiStateJSON: '{}', diff --git a/plugins/main/server/integration-files/visualizations/overview/overview-docker.ts b/plugins/main/server/integration-files/visualizations/overview/overview-docker.ts index ff0743f5fd..f2adee074f 100644 --- a/plugins/main/server/integration-files/visualizations/overview/overview-docker.ts +++ b/plugins/main/server/integration-files/visualizations/overview/overview-docker.ts @@ -26,6 +26,22 @@ export default [ params: {}, schema: 'metric', }, + { + id: '3', + enabled: true, + type: 'terms', + params: { + field: 'data.docker.Type', + orderBy: '1', + order: 'desc', + size: 5, + otherBucket: false, + otherBucketLabel: 'Other', + missingBucket: false, + missingBucketLabel: 'Missing', + }, + schema: 'group', + }, { id: '2', enabled: true, @@ -45,22 +61,6 @@ export default [ }, schema: 'segment', }, - { - id: '3', - enabled: true, - type: 'terms', - params: { - field: 'data.docker.Type', - orderBy: '1', - order: 'desc', - size: 5, - otherBucket: false, - otherBucketLabel: 'Other', - missingBucket: false, - missingBucketLabel: 'Missing', - }, - schema: 'group', - }, ], params: { type: 'histogram', diff --git a/plugins/main/server/integration-files/visualizations/overview/overview-fim.ts b/plugins/main/server/integration-files/visualizations/overview/overview-fim.ts index 5d9fab5385..6286f9fa8d 100644 --- a/plugins/main/server/integration-files/visualizations/overview/overview-fim.ts +++ b/plugins/main/server/integration-files/visualizations/overview/overview-fim.ts @@ -334,6 +334,22 @@ export default [ schema: 'metric', params: {}, }, + { + id: '3', + enabled: true, + type: 'terms', + schema: 'group', + params: { + field: 'syscheck.event', + size: 5, + order: 'desc', + orderBy: '1', + otherBucket: false, + otherBucketLabel: 'Other', + missingBucket: false, + missingBucketLabel: 'Missing', + }, + }, { id: '2', enabled: true, @@ -351,22 +367,6 @@ export default [ extended_bounds: {}, }, }, - { - id: '3', - enabled: true, - type: 'terms', - schema: 'group', - params: { - field: 'syscheck.event', - size: 5, - order: 'desc', - orderBy: '1', - otherBucket: false, - otherBucketLabel: 'Other', - missingBucket: false, - missingBucketLabel: 'Missing', - }, - }, ], }), uiStateJSON: '{}', diff --git a/plugins/main/server/integration-files/visualizations/overview/overview-gdpr.ts b/plugins/main/server/integration-files/visualizations/overview/overview-gdpr.ts index 676d7ee5f7..d1be4a41bb 100644 --- a/plugins/main/server/integration-files/visualizations/overview/overview-gdpr.ts +++ b/plugins/main/server/integration-files/visualizations/overview/overview-gdpr.ts @@ -19,7 +19,11 @@ export default [ type: 'area', params: { type: 'area', - grid: { categoryLines: true, style: { color: '#eee' }, valueAxis: 'ValueAxis-1' }, + grid: { + categoryLines: true, + style: { color: '#eee' }, + valueAxis: 'ValueAxis-1', + }, categoryAxes: [ { id: 'CategoryAxis-1', @@ -64,23 +68,12 @@ export default [ addTimeMarker: false, }, aggs: [ - { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, { - id: '2', + id: '1', enabled: true, - type: 'date_histogram', - schema: 'segment', - params: { - field: 'timestamp', - timeRange: { from: 'now-24h', to: 'now', mode: 'quick' }, - useNormalizedEsInterval: true, - interval: 'auto', - time_zone: 'Europe/Berlin', - drop_partials: false, - customInterval: '2h', - min_doc_count: 1, - extended_bounds: {}, - }, + type: 'count', + schema: 'metric', + params: {}, }, { id: '3', @@ -98,6 +91,23 @@ export default [ missingBucketLabel: 'Missing', }, }, + { + id: '2', + enabled: true, + type: 'date_histogram', + schema: 'segment', + params: { + field: 'timestamp', + timeRange: { from: 'now-24h', to: 'now', mode: 'quick' }, + useNormalizedEsInterval: true, + interval: 'auto', + time_zone: 'Europe/Berlin', + drop_partials: false, + customInterval: '2h', + min_doc_count: 1, + extended_bounds: {}, + }, + }, ], }), uiStateJSON: '{}', @@ -140,12 +150,23 @@ export default [ id: 'ValueAxis-1', type: 'value', scale: { type: 'linear', defaultYExtents: false }, - labels: { show: false, rotate: 0, overwriteColor: false, color: '#555' }, + labels: { + show: false, + rotate: 0, + overwriteColor: false, + color: '#555', + }, }, ], }, aggs: [ - { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, + { + id: '1', + enabled: true, + type: 'count', + schema: 'metric', + params: {}, + }, { id: '2', enabled: true, @@ -267,8 +288,22 @@ export default [ params: { date: true, interval: 'P1D', format: 'YYYY-MM-DD' }, aggType: 'date_histogram', }, - y: [{ accessor: 2, format: { id: 'number' }, params: {}, aggType: 'count' }], - z: [{ accessor: 3, format: { id: 'number' }, params: {}, aggType: 'count' }], + y: [ + { + accessor: 2, + format: { id: 'number' }, + params: {}, + aggType: 'count', + }, + ], + z: [ + { + accessor: 3, + format: { id: 'number' }, + params: {}, + aggType: 'count', + }, + ], series: [ { accessor: 1, @@ -288,21 +323,12 @@ export default [ radiusRatio: 50, }, aggs: [ - { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, { - id: '2', + id: '1', enabled: true, - type: 'date_histogram', - schema: 'segment', - params: { - field: 'timestamp', - timeRange: { from: 'now-1h', to: 'now' }, - useNormalizedEsInterval: true, - interval: 'auto', - drop_partials: false, - min_doc_count: 1, - extended_bounds: {}, - }, + type: 'count', + schema: 'metric', + params: {}, }, { id: '3', @@ -313,14 +339,35 @@ export default [ field: 'rule.gdpr', orderBy: '1', order: 'desc', - size: 50, + size: 10, otherBucket: false, otherBucketLabel: 'Other', missingBucket: false, missingBucketLabel: 'Missing', }, }, - { id: '4', enabled: true, type: 'count', schema: 'radius', params: {} }, + { + id: '2', + enabled: true, + type: 'date_histogram', + schema: 'segment', + params: { + field: 'timestamp', + timeRange: { from: 'now-1h', to: 'now' }, + useNormalizedEsInterval: true, + interval: 'auto', + drop_partials: false, + min_doc_count: 1, + extended_bounds: {}, + }, + }, + { + id: '4', + enabled: true, + type: 'count', + schema: 'radius', + params: {}, + }, ], }), uiStateJSON: '{"vis":{"legendOpen":false}}', @@ -351,13 +398,24 @@ export default [ isDonut: false, }, aggs: [ - { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, + { + id: '1', + enabled: true, + type: 'count', + schema: 'metric', + params: {}, + }, { id: '2', enabled: true, type: 'terms', schema: 'segment', - params: { field: 'agent.name', size: 10, order: 'desc', orderBy: '1' }, + params: { + field: 'agent.name', + size: 10, + order: 'desc', + orderBy: '1', + }, }, ], }), @@ -428,7 +486,13 @@ export default [ radiusRatio: 51, }, aggs: [ - { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, + { + id: '1', + enabled: true, + type: 'count', + schema: 'metric', + params: {}, + }, { id: '2', enabled: true, @@ -447,7 +511,12 @@ export default [ enabled: true, type: 'terms', schema: 'group', - params: { field: 'agent.name', size: 5, order: 'desc', orderBy: '1' }, + params: { + field: 'agent.name', + size: 5, + order: 'desc', + orderBy: '1', + }, }, ], }), @@ -482,7 +551,13 @@ export default [ totalFunc: 'sum', }, aggs: [ - { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, + { + id: '1', + enabled: true, + type: 'count', + schema: 'metric', + params: {}, + }, { id: '2', enabled: true, @@ -536,7 +611,8 @@ export default [ }, ], }), - uiStateJSON: '{"vis":{"params":{"sort":{"columnIndex":3,"direction":"desc"}}}}', + uiStateJSON: + '{"vis":{"params":{"sort":{"columnIndex":3,"direction":"desc"}}}}', description: '', version: 1, kibanaSavedObjectMeta: { @@ -566,7 +642,13 @@ export default [ totalFunc: 'sum', }, aggs: [ - { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, + { + id: '1', + enabled: true, + type: 'count', + schema: 'metric', + params: {}, + }, { id: '2', enabled: true, @@ -620,7 +702,8 @@ export default [ }, ], }), - uiStateJSON: '{"vis":{"params":{"sort":{"columnIndex":3,"direction":"desc"}}}}', + uiStateJSON: + '{"vis":{"params":{"sort":{"columnIndex":3,"direction":"desc"}}}}', description: '', version: 1, kibanaSavedObjectMeta: { diff --git a/plugins/main/server/integration-files/visualizations/overview/overview-general.ts b/plugins/main/server/integration-files/visualizations/overview/overview-general.ts index 16723e1082..926ae80d48 100644 --- a/plugins/main/server/integration-files/visualizations/overview/overview-general.ts +++ b/plugins/main/server/integration-files/visualizations/overview/overview-general.ts @@ -461,13 +461,59 @@ export default [ _source: { title: 'Alert level evolution', visState: JSON.stringify({ - title: 'Alert level evolution', + title: 'Alerts level evolution', type: 'area', + aggs: [ + { + id: '1', + enabled: true, + type: 'count', + params: {}, + schema: 'metric', + }, + { + id: '3', + enabled: true, + type: 'terms', + params: { + field: 'rule.level', + orderBy: '1', + order: 'desc', + size: 10, + otherBucket: false, + otherBucketLabel: 'Other', + missingBucket: false, + missingBucketLabel: 'Missing', + }, + schema: 'group', + }, + { + id: '2', + enabled: true, + type: 'date_histogram', + params: { + field: 'timestamp', + timeRange: { + from: 'now-24h', + to: 'now', + }, + useNormalizedOpenSearchInterval: true, + scaleMetricValues: false, + interval: 'auto', + drop_partials: false, + min_doc_count: 1, + extended_bounds: {}, + }, + schema: 'segment', + }, + ], params: { type: 'area', grid: { categoryLines: true, - style: { color: '#eee' }, + style: { + color: '#eee', + }, valueAxis: 'ValueAxis-1', }, categoryAxes: [ @@ -477,8 +523,14 @@ export default [ position: 'bottom', show: true, style: {}, - scale: { type: 'linear' }, - labels: { show: true, filter: true, truncate: 100 }, + scale: { + type: 'linear', + }, + labels: { + show: true, + filter: true, + truncate: 100, + }, title: {}, }, ], @@ -490,9 +542,19 @@ export default [ position: 'left', show: true, style: {}, - scale: { type: 'linear', mode: 'normal' }, - labels: { show: true, rotate: 0, filter: false, truncate: 100 }, - title: { text: 'Count' }, + scale: { + type: 'linear', + mode: 'normal', + }, + labels: { + show: true, + rotate: 0, + filter: false, + truncate: 100, + }, + title: { + text: 'Count', + }, }, ], seriesParams: [ @@ -500,7 +562,10 @@ export default [ show: 'true', type: 'area', mode: 'stacked', - data: { label: 'Count', id: '1' }, + data: { + label: 'Count', + id: '1', + }, drawLinesBetweenPoints: true, showCircles: true, interpolate: 'cardinal', @@ -512,49 +577,15 @@ export default [ legendPosition: 'right', times: [], addTimeMarker: false, - }, - aggs: [ - { - id: '1', - enabled: true, - type: 'count', - schema: 'metric', - params: {}, - }, - { - id: '2', - enabled: true, - type: 'date_histogram', - schema: 'segment', - params: { - field: 'timestamp', - timeRange: { from: 'now-24h', to: 'now', mode: 'quick' }, - useNormalizedEsInterval: true, - interval: 'auto', - time_zone: 'Europe/Berlin', - drop_partials: false, - customInterval: '2h', - min_doc_count: 1, - extended_bounds: {}, - }, - }, - { - id: '3', - enabled: true, - type: 'terms', - schema: 'group', - params: { - field: 'rule.level', - size: '15', - order: 'desc', - orderBy: '1', - otherBucket: false, - otherBucketLabel: 'Other', - missingBucket: false, - missingBucketLabel: 'Missing', - }, + thresholdLine: { + show: false, + value: 10, + width: 1, + style: 'full', + color: '#E7664C', }, - ], + labels: {}, + }, }), uiStateJSON: '{}', description: '', @@ -592,7 +623,7 @@ export default [ field: 'rule.mitre.technique', orderBy: '1', order: 'desc', - size: 20, + size: 10, otherBucket: false, otherBucketLabel: 'Other', missingBucket: false, diff --git a/plugins/main/server/integration-files/visualizations/overview/overview-github.ts b/plugins/main/server/integration-files/visualizations/overview/overview-github.ts index d46e4c7aff..0a6bfc30c7 100644 --- a/plugins/main/server/integration-files/visualizations/overview/overview-github.ts +++ b/plugins/main/server/integration-files/visualizations/overview/overview-github.ts @@ -25,6 +25,22 @@ export default [ params: {}, schema: 'metric', }, + { + id: '3', + enabled: true, + type: 'terms', + params: { + field: 'data.github.org', + orderBy: '1', + order: 'desc', + size: 5, + otherBucket: false, + otherBucketLabel: 'Other', + missingBucket: false, + missingBucketLabel: 'Missing', + }, + schema: 'group', + }, { id: '2', enabled: true, @@ -45,22 +61,6 @@ export default [ }, schema: 'segment', }, - { - id: '3', - enabled: true, - type: 'terms', - params: { - field: 'data.github.org', - orderBy: '1', - order: 'desc', - size: 5, - otherBucket: false, - otherBucketLabel: 'Other', - missingBucket: false, - missingBucketLabel: 'Missing', - }, - schema: 'group', - }, ], params: { type: 'area', diff --git a/plugins/main/server/integration-files/visualizations/overview/overview-mitre.ts b/plugins/main/server/integration-files/visualizations/overview/overview-mitre.ts index 8bfcc5efc1..70183f86a1 100644 --- a/plugins/main/server/integration-files/visualizations/overview/overview-mitre.ts +++ b/plugins/main/server/integration-files/visualizations/overview/overview-mitre.ts @@ -16,7 +16,13 @@ export default [ title: 'Mitre attack count', visState: JSON.stringify({ aggs: [ - { enabled: true, id: '1', params: {}, schema: 'metric', type: 'count' }, + { + enabled: true, + id: '1', + params: {}, + schema: 'metric', + type: 'count', + }, { enabled: true, id: '2', @@ -38,7 +44,14 @@ export default [ params: { dimensions: { buckets: [], - metrics: [{ accessor: 0, aggType: 'count', format: { id: 'number' }, params: {} }], + metrics: [ + { + accessor: 0, + aggType: 'count', + format: { id: 'number' }, + params: {}, + }, + ], }, perPage: 10, percentageCol: '', @@ -118,7 +131,13 @@ export default [ times: [], addTimeMarker: false, labels: {}, - thresholdLine: { show: false, value: 10, width: 1, style: 'full', color: '#34130C' }, + thresholdLine: { + show: false, + value: 10, + width: 1, + style: 'full', + color: '#34130C', + }, dimensions: { x: { accessor: 0, @@ -127,11 +146,21 @@ export default [ date: true, interval: 'PT3H', format: 'YYYY-MM-DD HH:mm', - bounds: { min: '2019-11-07T15:45:45.770Z', max: '2019-11-14T15:45:45.770Z' }, + bounds: { + min: '2019-11-07T15:45:45.770Z', + max: '2019-11-14T15:45:45.770Z', + }, }, aggType: 'date_histogram', }, - y: [{ accessor: 2, format: { id: 'number' }, params: {}, aggType: 'count' }], + y: [ + { + accessor: 2, + format: { id: 'number' }, + params: {}, + aggType: 'count', + }, + ], series: [ { accessor: 1, @@ -150,21 +179,12 @@ export default [ }, }, aggs: [ - { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, { - id: '2', + id: '1', enabled: true, - type: 'date_histogram', - schema: 'segment', - params: { - field: 'timestamp', - timeRange: { from: 'now-7d', to: 'now' }, - useNormalizedEsInterval: true, - interval: 'auto', - drop_partials: false, - min_doc_count: 1, - extended_bounds: {}, - }, + type: 'count', + schema: 'metric', + params: {}, }, { id: '3', @@ -183,6 +203,21 @@ export default [ missingBucketLabel: 'Missing', }, }, + { + id: '2', + enabled: true, + type: 'date_histogram', + schema: 'segment', + params: { + field: 'timestamp', + timeRange: { from: 'now-7d', to: 'now' }, + useNormalizedEsInterval: true, + interval: 'auto', + drop_partials: false, + min_doc_count: 1, + extended_bounds: {}, + }, + }, ], }), uiStateJSON: '{}', @@ -211,13 +246,29 @@ export default [ addLegend: true, legendPosition: 'right', isDonut: true, - labels: { show: false, values: true, last_level: true, truncate: 100 }, + labels: { + show: false, + values: true, + last_level: true, + truncate: 100, + }, dimensions: { - metric: { accessor: 0, format: { id: 'number' }, params: {}, aggType: 'count' }, + metric: { + accessor: 0, + format: { id: 'number' }, + params: {}, + aggType: 'count', + }, }, }, aggs: [ - { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, + { + id: '1', + enabled: true, + type: 'count', + schema: 'metric', + params: {}, + }, { id: '2', enabled: true, @@ -317,10 +368,23 @@ export default [ times: [], addTimeMarker: false, labels: { show: false }, - thresholdLine: { show: false, value: 10, width: 1, style: 'full', color: '#34130C' }, + thresholdLine: { + show: false, + value: 10, + width: 1, + style: 'full', + color: '#34130C', + }, dimensions: { x: null, - y: [{ accessor: 1, format: { id: 'number' }, params: {}, aggType: 'count' }], + y: [ + { + accessor: 1, + format: { id: 'number' }, + params: {}, + aggType: 'count', + }, + ], series: [ { accessor: 0, @@ -339,7 +403,13 @@ export default [ }, }, aggs: [ - { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, + { + id: '1', + enabled: true, + type: 'count', + schema: 'metric', + params: {}, + }, { id: '2', enabled: true, @@ -415,12 +485,23 @@ export default [ accessor: 1, format: { id: 'terms', - params: { id: 'string', otherBucketLabel: 'Other', missingBucketLabel: 'Missing' }, + params: { + id: 'string', + otherBucketLabel: 'Other', + missingBucketLabel: 'Missing', + }, }, params: {}, aggType: 'terms', }, - y: [{ accessor: 2, format: { id: 'number' }, params: {}, aggType: 'count' }], + y: [ + { + accessor: 2, + format: { id: 'number' }, + params: {}, + aggType: 'count', + }, + ], series: [ { accessor: 0, @@ -452,7 +533,13 @@ export default [ valueAxis: 'ValueAxis-1', }, ], - thresholdLine: { color: '#34130C', show: false, style: 'full', value: 10, width: 1 }, + thresholdLine: { + color: '#34130C', + show: false, + style: 'full', + value: 10, + width: 1, + }, times: [], type: 'area', valueAxes: [ @@ -470,7 +557,13 @@ export default [ ], }, aggs: [ - { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, + { + id: '1', + enabled: true, + type: 'count', + schema: 'metric', + params: {}, + }, { id: '3', enabled: true, @@ -531,9 +624,19 @@ export default [ addLegend: true, legendPosition: 'right', isDonut: false, - labels: { show: false, values: true, last_level: true, truncate: 100 }, + labels: { + show: false, + values: true, + last_level: true, + truncate: 100, + }, dimensions: { - metric: { accessor: 1, format: { id: 'number' }, params: {}, aggType: 'count' }, + metric: { + accessor: 1, + format: { id: 'number' }, + params: {}, + aggType: 'count', + }, buckets: [ { accessor: 0, @@ -552,7 +655,13 @@ export default [ }, }, aggs: [ - { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, + { + id: '1', + enabled: true, + type: 'count', + schema: 'metric', + params: {}, + }, { id: '2', enabled: true, @@ -602,7 +711,13 @@ export default [ totalFunc: 'sum', }, aggs: [ - { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, + { + id: '1', + enabled: true, + type: 'count', + schema: 'metric', + params: {}, + }, { id: '2', enabled: true, @@ -656,7 +771,8 @@ export default [ }, ], }), - uiStateJSON: '{"vis":{"params":{"sort":{"columnIndex":3,"direction":"desc"}}}}', + uiStateJSON: + '{"vis":{"params":{"sort":{"columnIndex":3,"direction":"desc"}}}}', description: '', version: 1, kibanaSavedObjectMeta: { diff --git a/plugins/main/server/integration-files/visualizations/overview/overview-nist.ts b/plugins/main/server/integration-files/visualizations/overview/overview-nist.ts index 1c8836bdd5..481e4d1c90 100644 --- a/plugins/main/server/integration-files/visualizations/overview/overview-nist.ts +++ b/plugins/main/server/integration-files/visualizations/overview/overview-nist.ts @@ -71,11 +71,21 @@ export default [ date: true, interval: 'PT1H', format: 'YYYY-MM-DD HH:mm', - bounds: { min: '2019-08-20T12:33:23.360Z', max: '2019-08-22T12:33:23.360Z' }, + bounds: { + min: '2019-08-20T12:33:23.360Z', + max: '2019-08-22T12:33:23.360Z', + }, }, aggType: 'date_histogram', }, - y: [{ accessor: 2, format: { id: 'number' }, params: {}, aggType: 'count' }], + y: [ + { + accessor: 2, + format: { id: 'number' }, + params: {}, + aggType: 'count', + }, + ], series: [ { accessor: 1, @@ -94,21 +104,12 @@ export default [ }, }, aggs: [ - { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, { - id: '2', + id: '1', enabled: true, - type: 'date_histogram', - schema: 'segment', - params: { - field: 'timestamp', - timeRange: { from: 'now-2d', to: 'now' }, - useNormalizedEsInterval: true, - interval: 'auto', - drop_partials: false, - min_doc_count: 1, - extended_bounds: {}, - }, + type: 'count', + schema: 'metric', + params: {}, }, { id: '4', @@ -119,7 +120,7 @@ export default [ field: 'rule.nist_800_53', orderBy: '1', order: 'desc', - size: 50, + size: 8, otherBucket: false, otherBucketLabel: 'Other', missingBucket: false, @@ -127,6 +128,21 @@ export default [ customLabel: 'Requirement', }, }, + { + id: '2', + enabled: true, + type: 'date_histogram', + schema: 'segment', + params: { + field: 'timestamp', + timeRange: { from: 'now-2d', to: 'now' }, + useNormalizedEsInterval: true, + interval: 'auto', + drop_partials: false, + min_doc_count: 1, + extended_bounds: {}, + }, + }, ], }), uiStateJSON: '{}', @@ -149,7 +165,13 @@ export default [ title: 'Alerts volume by agent', visState: JSON.stringify({ aggs: [ - { enabled: true, id: '1', params: {}, schema: 'metric', type: 'count' }, + { + enabled: true, + id: '1', + params: {}, + schema: 'metric', + type: 'count', + }, { enabled: true, id: '3', @@ -212,11 +234,22 @@ export default [ aggType: 'terms', format: { id: 'terms', - params: { id: 'string', missingBucketLabel: 'Missing', otherBucketLabel: 'Other' }, + params: { + id: 'string', + missingBucketLabel: 'Missing', + otherBucketLabel: 'Other', + }, }, params: {}, }, - y: [{ accessor: 2, aggType: 'count', format: { id: 'number' }, params: {} }], + y: [ + { + accessor: 2, + aggType: 'count', + format: { id: 'number' }, + params: {}, + }, + ], }, enableHover: false, invertColors: false, @@ -228,7 +261,12 @@ export default [ valueAxes: [ { id: 'ValueAxis-1', - labels: { color: 'black', overwriteColor: false, rotate: 0, show: false }, + labels: { + color: 'black', + overwriteColor: false, + rotate: 0, + show: false, + }, scale: { defaultYExtents: false, type: 'linear' }, show: false, type: 'value', @@ -322,12 +360,23 @@ export default [ accessor: 0, format: { id: 'terms', - params: { id: 'string', otherBucketLabel: 'Other', missingBucketLabel: 'Missing' }, + params: { + id: 'string', + otherBucketLabel: 'Other', + missingBucketLabel: 'Missing', + }, }, params: {}, aggType: 'terms', }, - y: [{ accessor: 2, format: { id: 'number' }, params: {}, aggType: 'count' }], + y: [ + { + accessor: 2, + format: { id: 'number' }, + params: {}, + aggType: 'count', + }, + ], series: [ { accessor: 1, @@ -346,7 +395,13 @@ export default [ }, }, aggs: [ - { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, + { + id: '1', + enabled: true, + type: 'count', + schema: 'metric', + params: {}, + }, { id: '2', enabled: true, @@ -373,7 +428,7 @@ export default [ field: 'rule.nist_800_53', orderBy: '1', order: 'desc', - size: 10, + size: 9, otherBucket: false, otherBucketLabel: 'Other', missingBucket: false, @@ -412,12 +467,26 @@ export default [ colorsRange: [{ type: 'range', from: 0, to: 10000 }], labels: { show: true }, invertColors: false, - style: { bgFill: '#000', bgColor: false, labelColor: false, subText: '', fontSize: 20 }, + style: { + bgFill: '#000', + bgColor: false, + labelColor: false, + subText: '', + fontSize: 20, + }, }, dimensions: { metrics: [ - { type: 'vis_dimension', accessor: 0, format: { id: 'number', params: {} } }, - { type: 'vis_dimension', accessor: 1, format: { id: 'number', params: {} } }, + { + type: 'vis_dimension', + accessor: 0, + format: { id: 'number', params: {} }, + }, + { + type: 'vis_dimension', + accessor: 1, + format: { id: 'number', params: {} }, + }, ], }, addTooltip: true, @@ -437,7 +506,10 @@ export default [ enabled: true, type: 'max', schema: 'metric', - params: { field: 'rule.level', customLabel: 'Max rule level detected' }, + params: { + field: 'rule.level', + customLabel: 'Max rule level detected', + }, }, ], }), @@ -467,9 +539,19 @@ export default [ addLegend: true, legendPosition: 'right', isDonut: true, - labels: { show: false, values: true, last_level: true, truncate: 100 }, + labels: { + show: false, + values: true, + last_level: true, + truncate: 100, + }, dimensions: { - metric: { accessor: 1, format: { id: 'number' }, params: {}, aggType: 'count' }, + metric: { + accessor: 1, + format: { id: 'number' }, + params: {}, + aggType: 'count', + }, buckets: [ { accessor: 0, @@ -488,7 +570,13 @@ export default [ }, }, aggs: [ - { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, + { + id: '1', + enabled: true, + type: 'count', + schema: 'metric', + params: {}, + }, { id: '2', enabled: true, @@ -534,9 +622,19 @@ export default [ addLegend: true, legendPosition: 'right', isDonut: true, - labels: { show: false, values: true, last_level: true, truncate: 100 }, + labels: { + show: false, + values: true, + last_level: true, + truncate: 100, + }, dimensions: { - metric: { accessor: 1, format: { id: 'number' }, params: {}, aggType: 'count' }, + metric: { + accessor: 1, + format: { id: 'number' }, + params: {}, + aggType: 'count', + }, buckets: [ { accessor: 0, @@ -555,7 +653,13 @@ export default [ }, }, aggs: [ - { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, + { + id: '1', + enabled: true, + type: 'count', + schema: 'metric', + params: {}, + }, { id: '2', enabled: true, @@ -605,7 +709,14 @@ export default [ showToolbar: true, totalFunc: 'sum', dimensions: { - metrics: [{ accessor: 3, format: { id: 'number' }, params: {}, aggType: 'count' }], + metrics: [ + { + accessor: 3, + format: { id: 'number' }, + params: {}, + aggType: 'count', + }, + ], buckets: [ { accessor: 0, @@ -650,7 +761,13 @@ export default [ }, }, aggs: [ - { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, + { + id: '1', + enabled: true, + type: 'count', + schema: 'metric', + params: {}, + }, { id: '2', enabled: true, diff --git a/plugins/main/server/integration-files/visualizations/overview/overview-pci.ts b/plugins/main/server/integration-files/visualizations/overview/overview-pci.ts index f133f5326c..620d2c81bf 100644 --- a/plugins/main/server/integration-files/visualizations/overview/overview-pci.ts +++ b/plugins/main/server/integration-files/visualizations/overview/overview-pci.ts @@ -76,21 +76,11 @@ export default [ params: {}, }, { - id: '2', + id: '1', enabled: true, - type: 'date_histogram', - schema: 'segment', - params: { - field: 'timestamp', - timeRange: { from: 'now-24h', to: 'now', mode: 'quick' }, - useNormalizedEsInterval: true, - interval: 'auto', - time_zone: 'Europe/Berlin', - drop_partials: false, - customInterval: '2h', - min_doc_count: 1, - extended_bounds: {}, - }, + type: 'count', + schema: 'metric', + params: {}, }, { id: '3', @@ -108,6 +98,23 @@ export default [ missingBucketLabel: 'Missing', }, }, + { + id: '2', + enabled: true, + type: 'date_histogram', + schema: 'segment', + params: { + field: 'timestamp', + timeRange: { from: 'now-24h', to: 'now', mode: 'quick' }, + useNormalizedEsInterval: true, + interval: 'auto', + time_zone: 'Europe/Berlin', + drop_partials: false, + customInterval: '2h', + min_doc_count: 1, + extended_bounds: {}, + }, + }, ], }), uiStateJSON: '{}', @@ -346,20 +353,11 @@ export default [ }, }, { - id: '3', + id: '4', enabled: true, - type: 'terms', - schema: 'group', - params: { - field: 'rule.pci_dss', - orderBy: '1', - order: 'desc', - size: 50, - otherBucket: false, - otherBucketLabel: 'Other', - missingBucket: false, - missingBucketLabel: 'Missing', - }, + type: 'count', + schema: 'radius', + params: {}, }, { id: '4', @@ -439,9 +437,56 @@ export default [ visState: JSON.stringify({ title: 'Requirements by agent', type: 'histogram', + aggs: [ + { + id: '1', + enabled: true, + type: 'count', + params: {}, + schema: 'metric', + }, + { + id: '3', + enabled: true, + type: 'terms', + params: { + field: 'agent.name', + orderBy: '1', + order: 'desc', + size: 5, + otherBucket: false, + otherBucketLabel: 'Other', + missingBucket: false, + missingBucketLabel: 'Missing', + }, + schema: 'group', + }, + { + id: '2', + enabled: true, + type: 'terms', + params: { + field: 'rule.pci_dss', + orderBy: '1', + order: 'desc', + size: 5, + otherBucket: false, + otherBucketLabel: 'Other', + missingBucket: false, + missingBucketLabel: 'Missing', + customLabel: 'Requirements', + }, + schema: 'segment', + }, + ], params: { type: 'histogram', - grid: { categoryLines: false, style: { color: '#eee' } }, + grid: { + categoryLines: false, + style: { + color: '#eee', + }, + }, categoryAxes: [ { id: 'CategoryAxis-1', @@ -449,8 +494,15 @@ export default [ position: 'bottom', show: true, style: {}, - scale: { type: 'linear' }, - labels: { show: true, filter: true, truncate: 100, rotate: 0 }, + scale: { + type: 'linear', + }, + labels: { + show: true, + filter: true, + truncate: 100, + rotate: 0, + }, title: {}, }, ], @@ -462,9 +514,19 @@ export default [ position: 'left', show: true, style: {}, - scale: { type: 'linear', mode: 'normal' }, - labels: { show: true, rotate: 0, filter: false, truncate: 100 }, - title: { text: 'Count' }, + scale: { + type: 'linear', + mode: 'normal', + }, + labels: { + show: true, + rotate: 0, + filter: false, + truncate: 100, + }, + title: { + text: 'Count', + }, }, ], seriesParams: [ @@ -472,7 +534,10 @@ export default [ show: 'true', type: 'histogram', mode: 'stacked', - data: { label: 'Count', id: '1' }, + data: { + label: 'Count', + id: '1', + }, valueAxis: 'ValueAxis-1', drawLinesBetweenPoints: true, showCircles: true, @@ -484,41 +549,17 @@ export default [ times: [], addTimeMarker: false, radiusRatio: 51, - }, - aggs: [ - { - id: '1', - enabled: true, - type: 'count', - schema: 'metric', - params: {}, - }, - { - id: '2', - enabled: true, - type: 'terms', - schema: 'segment', - params: { - field: 'rule.pci_dss', - size: 5, - order: 'desc', - orderBy: '1', - customLabel: 'Requirements', - }, + labels: { + show: false, }, - { - id: '3', - enabled: true, - type: 'terms', - schema: 'group', - params: { - field: 'agent.name', - size: 5, - order: 'desc', - orderBy: '1', - }, + thresholdLine: { + show: false, + value: 10, + width: 1, + style: 'full', + color: '#E7664C', }, - ], + }, }), uiStateJSON: '{}', description: '', diff --git a/plugins/main/server/integration-files/visualizations/overview/overview-pm.ts b/plugins/main/server/integration-files/visualizations/overview/overview-pm.ts index 613218fd42..38a52b0f9e 100644 --- a/plugins/main/server/integration-files/visualizations/overview/overview-pm.ts +++ b/plugins/main/server/integration-files/visualizations/overview/overview-pm.ts @@ -155,111 +155,6 @@ export default [ }, }, }, - // { - // _id: 'Wazuh-App-Overview-PM-Events-over-time', - // _type: 'visualization', - // _source: { - // title: 'Events over time', - // visState: JSON.stringify({ - // title: 'Events over time', - // type: 'area', - // params: { - // scale: 'linear', - // yAxis: {}, - // smoothLines: true, - // addTimeMarker: false, - // interpolate: 'linear', - // addLegend: true, - // shareYAxis: true, - // mode: 'overlap', - // defaultYExtents: false, - // setYExtents: false, - // addTooltip: true, - // times: [], - // type: 'area', - // grid: { categoryLines: false, style: { color: '#eee' } }, - // categoryAxes: [ - // { - // id: 'CategoryAxis-1', - // type: 'category', - // position: 'bottom', - // show: true, - // style: {}, - // scale: { type: 'linear' }, - // labels: { show: true, filter: true, truncate: 100 }, - // title: {}, - // }, - // ], - // valueAxes: [ - // { - // id: 'ValueAxis-1', - // name: 'LeftAxis-1', - // type: 'value', - // position: 'left', - // show: true, - // style: {}, - // scale: { type: 'linear', mode: 'normal', setYExtents: false, defaultYExtents: false }, - // labels: { show: true, rotate: 0, filter: false, truncate: 100 }, - // title: { text: 'Count' }, - // }, - // ], - // seriesParams: [ - // { - // show: 'true', - // type: 'area', - // mode: 'normal', - // data: { label: 'Count', id: '1' }, - // interpolate: 'cardinal', - // valueAxis: 'ValueAxis-1', - // }, - // ], - // legendPosition: 'right', - // }, - // aggs: [ - // { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, - // { - // id: '2', - // enabled: true, - // type: 'terms', - // schema: 'group', - // params: { - // field: 'rule.description', - // otherBucket: false, - // otherBucketLabel: 'Other', - // missingBucket: false, - // missingBucketLabel: 'Missing', - // size: 5, - // order: 'desc', - // orderBy: '1', - // }, - // }, - // { - // id: '3', - // enabled: true, - // type: 'date_histogram', - // schema: 'segment', - // params: { - // field: 'timestamp', - // interval: 'auto', - // customInterval: '2h', - // min_doc_count: 1, - // extended_bounds: {}, - // }, - // }, - // ], - // }), - // uiStateJSON: '{}', - // description: '', - // version: 1, - // kibanaSavedObjectMeta: { - // searchSourceJSON: JSON.stringify({ - // index: 'wazuh-alerts', - // filter: [], - // query: { query: '', language: 'lucene' }, - // }), - // }, - // }, - // }, { _id: 'Wazuh-App-Overview-PM-Rootkits-Activity-Over-Time', _type: 'visualization', diff --git a/plugins/main/server/integration-files/visualizations/overview/overview-tsc.ts b/plugins/main/server/integration-files/visualizations/overview/overview-tsc.ts index d083a04bcd..25f694effa 100644 --- a/plugins/main/server/integration-files/visualizations/overview/overview-tsc.ts +++ b/plugins/main/server/integration-files/visualizations/overview/overview-tsc.ts @@ -19,7 +19,11 @@ export default [ type: 'area', params: { type: 'area', - grid: { categoryLines: true, style: { color: '#eee' }, valueAxis: 'ValueAxis-1' }, + grid: { + categoryLines: true, + style: { color: '#eee' }, + valueAxis: 'ValueAxis-1', + }, categoryAxes: [ { id: 'CategoryAxis-1', @@ -64,23 +68,12 @@ export default [ addTimeMarker: false, }, aggs: [ - { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, { - id: '2', + id: '1', enabled: true, - type: 'date_histogram', - schema: 'segment', - params: { - field: 'timestamp', - timeRange: { from: 'now-24h', to: 'now', mode: 'quick' }, - useNormalizedEsInterval: true, - interval: 'auto', - time_zone: 'Europe/Berlin', - drop_partials: false, - customInterval: '2h', - min_doc_count: 1, - extended_bounds: {}, - }, + type: 'count', + schema: 'metric', + params: {}, }, { id: '3', @@ -98,6 +91,23 @@ export default [ missingBucketLabel: 'Missing', }, }, + { + id: '2', + enabled: true, + type: 'date_histogram', + schema: 'segment', + params: { + field: 'timestamp', + timeRange: { from: 'now-24h', to: 'now', mode: 'quick' }, + useNormalizedEsInterval: true, + interval: 'auto', + time_zone: 'Europe/Berlin', + drop_partials: false, + customInterval: '2h', + min_doc_count: 1, + extended_bounds: {}, + }, + }, ], }), uiStateJSON: '{}', @@ -140,12 +150,23 @@ export default [ id: 'ValueAxis-1', type: 'value', scale: { type: 'linear', defaultYExtents: false }, - labels: { show: false, rotate: 0, overwriteColor: false, color: '#555' }, + labels: { + show: false, + rotate: 0, + overwriteColor: false, + color: '#555', + }, }, ], }, aggs: [ - { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, + { + id: '1', + enabled: true, + type: 'count', + schema: 'metric', + params: {}, + }, { id: '2', enabled: true, @@ -267,8 +288,22 @@ export default [ params: { date: true, interval: 'P1D', format: 'YYYY-MM-DD' }, aggType: 'date_histogram', }, - y: [{ accessor: 2, format: { id: 'number' }, params: {}, aggType: 'count' }], - z: [{ accessor: 3, format: { id: 'number' }, params: {}, aggType: 'count' }], + y: [ + { + accessor: 2, + format: { id: 'number' }, + params: {}, + aggType: 'count', + }, + ], + z: [ + { + accessor: 3, + format: { id: 'number' }, + params: {}, + aggType: 'count', + }, + ], series: [ { accessor: 1, @@ -288,21 +323,12 @@ export default [ radiusRatio: 50, }, aggs: [ - { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, { - id: '2', + id: '1', enabled: true, - type: 'date_histogram', - schema: 'segment', - params: { - field: 'timestamp', - timeRange: { from: 'now-1h', to: 'now' }, - useNormalizedEsInterval: true, - interval: 'auto', - drop_partials: false, - min_doc_count: 1, - extended_bounds: {}, - }, + type: 'count', + schema: 'metric', + params: {}, }, { id: '3', @@ -313,14 +339,35 @@ export default [ field: 'rule.tsc', orderBy: '1', order: 'desc', - size: 50, + size: 10, otherBucket: false, otherBucketLabel: 'Other', missingBucket: false, missingBucketLabel: 'Missing', }, }, - { id: '4', enabled: true, type: 'count', schema: 'radius', params: {} }, + { + id: '2', + enabled: true, + type: 'date_histogram', + schema: 'segment', + params: { + field: 'timestamp', + timeRange: { from: 'now-1h', to: 'now' }, + useNormalizedEsInterval: true, + interval: 'auto', + drop_partials: false, + min_doc_count: 1, + extended_bounds: {}, + }, + }, + { + id: '4', + enabled: true, + type: 'count', + schema: 'radius', + params: {}, + }, ], }), uiStateJSON: '{}', @@ -351,13 +398,24 @@ export default [ isDonut: false, }, aggs: [ - { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, + { + id: '1', + enabled: true, + type: 'count', + schema: 'metric', + params: {}, + }, { id: '2', enabled: true, type: 'terms', schema: 'segment', - params: { field: 'agent.name', size: 10, order: 'desc', orderBy: '1' }, + params: { + field: 'agent.name', + size: 10, + order: 'desc', + orderBy: '1', + }, }, ], }), @@ -428,7 +486,13 @@ export default [ radiusRatio: 51, }, aggs: [ - { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, + { + id: '1', + enabled: true, + type: 'count', + schema: 'metric', + params: {}, + }, { id: '2', enabled: true, @@ -447,7 +511,12 @@ export default [ enabled: true, type: 'terms', schema: 'group', - params: { field: 'agent.name', size: 5, order: 'desc', orderBy: '1' }, + params: { + field: 'agent.name', + size: 5, + order: 'desc', + orderBy: '1', + }, }, ], }), @@ -482,7 +551,13 @@ export default [ totalFunc: 'sum', }, aggs: [ - { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, + { + id: '1', + enabled: true, + type: 'count', + schema: 'metric', + params: {}, + }, { id: '2', enabled: true, @@ -568,7 +643,13 @@ export default [ totalFunc: 'sum', }, aggs: [ - { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, + { + id: '1', + enabled: true, + type: 'count', + schema: 'metric', + params: {}, + }, { id: '2', enabled: true, diff --git a/plugins/main/server/integration-files/visualizations/overview/overview-virustotal.ts b/plugins/main/server/integration-files/visualizations/overview/overview-virustotal.ts index 6effe6cefa..9a73843577 100644 --- a/plugins/main/server/integration-files/visualizations/overview/overview-virustotal.ts +++ b/plugins/main/server/integration-files/visualizations/overview/overview-virustotal.ts @@ -24,7 +24,12 @@ export default [ addLegend: true, legendPosition: 'right', isDonut: true, - labels: { show: false, values: true, last_level: true, truncate: 100 }, + labels: { + show: false, + values: true, + last_level: true, + truncate: 100, + }, }, aggs: [ { @@ -39,7 +44,12 @@ export default [ enabled: true, type: 'terms', schema: 'segment', - params: { field: 'data.virustotal.source.file', size: 5, order: 'desc', orderBy: '1' }, + params: { + field: 'data.virustotal.source.file', + size: 5, + order: 'desc', + orderBy: '1', + }, }, ], }), @@ -139,7 +149,13 @@ export default [ colorsRange: [{ from: 0, to: 10000 }], labels: { show: true }, invertColors: false, - style: { bgFill: '#000', bgColor: false, labelColor: false, subText: '', fontSize: 20 }, + style: { + bgFill: '#000', + bgColor: false, + labelColor: false, + subText: '', + fontSize: 20, + }, }, }, aggs: [ @@ -211,7 +227,13 @@ export default [ colorsRange: [{ from: 0, to: 10000 }], labels: { show: true }, invertColors: false, - style: { bgFill: '#000', bgColor: false, labelColor: false, subText: '', fontSize: 20 }, + style: { + bgFill: '#000', + bgColor: false, + labelColor: false, + subText: '', + fontSize: 20, + }, }, }, aggs: [ @@ -432,7 +454,13 @@ export default [ colorsRange: [{ from: 0, to: 10000 }], labels: { show: true }, invertColors: false, - style: { bgFill: '#000', bgColor: false, labelColor: false, subText: '', fontSize: 20 }, + style: { + bgFill: '#000', + bgColor: false, + labelColor: false, + subText: '', + fontSize: 20, + }, }, }, aggs: [ @@ -573,7 +601,12 @@ export default [ addLegend: true, legendPosition: 'right', isDonut: true, - labels: { show: false, values: true, last_level: true, truncate: 100 }, + labels: { + show: false, + values: true, + last_level: true, + truncate: 100, + }, }, aggs: [ { @@ -588,7 +621,12 @@ export default [ enabled: true, type: 'terms', schema: 'segment', - params: { field: 'agent.name', size: 5, order: 'desc', orderBy: '1' }, + params: { + field: 'agent.name', + size: 5, + order: 'desc', + orderBy: '1', + }, }, ], }), @@ -685,7 +723,13 @@ export default [ times: [], addTimeMarker: false, labels: { show: false }, - thresholdLine: { show: false, value: 10, width: 1, style: 'full', color: '#E7664C' }, + thresholdLine: { + show: false, + value: 10, + width: 1, + style: 'full', + color: '#E7664C', + }, dimensions: { x: { accessor: 0, @@ -696,7 +740,10 @@ export default [ intervalOpenSearchValue: 3, intervalOpenSearchUnit: 'h', format: 'YYYY-MM-DD HH:mm', - bounds: { min: '2020-04-17T12:11:35.943Z', max: '2020-04-24T12:11:35.944Z' }, + bounds: { + min: '2020-04-17T12:11:35.943Z', + max: '2020-04-24T12:11:35.944Z', + }, }, label: 'timestamp per 3 hours', aggType: 'date_histogram', @@ -732,22 +779,12 @@ export default [ radiusRatio: 50, }, aggs: [ - { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, { - id: '2', + id: '1', enabled: true, - type: 'date_histogram', - schema: 'segment', - params: { - field: 'timestamp', - timeRange: { from: 'now-7d', to: 'now' }, - useNormalizedEsInterval: true, - scaleMetricValues: false, - interval: 'auto', - drop_partials: false, - min_doc_count: 1, - extended_bounds: {}, - }, + type: 'count', + schema: 'metric', + params: {}, }, { id: '3', @@ -765,6 +802,22 @@ export default [ missingBucketLabel: 'Missing', }, }, + { + id: '2', + enabled: true, + type: 'date_histogram', + schema: 'segment', + params: { + field: 'timestamp', + timeRange: { from: 'now-7d', to: 'now' }, + useNormalizedEsInterval: true, + scaleMetricValues: false, + interval: 'auto', + drop_partials: false, + min_doc_count: 1, + extended_bounds: {}, + }, + }, ], }), uiStateJSON: JSON.stringify({ @@ -854,7 +907,13 @@ export default [ totalFunc: 'sum', }, aggs: [ - { id: '1', enabled: true, type: 'count', schema: 'metric', params: {} }, + { + id: '1', + enabled: true, + type: 'count', + schema: 'metric', + params: {}, + }, { id: '2', enabled: true,