{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Throughput/City (bits/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/City (bits/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"243e6f91-2230-4e05-bcdd-3fb4a0941bab\",\"type\":\"timeseries\",\"series\":[{\"id\":\"51ea642f-d1a5-4d80-963e-5990c33fc8e0\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\",\"type\":\"sum\",\"field\":\"network.bytes\"},{\"id\":\"6a8fef1c-81ba-4dc7-9707-418a50286686\",\"type\":\"calculation\",\"variables\":[{\"id\":\"99002288-db72-4bdf-a45f-ab3f6fd9def5\",\"name\":\"bytes\",\"field\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\"},{\"id\":\"421e0fdf-4321-44f1-bb3e-439c1e13ed98\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"be634496-f50c-476b-b941-f643e4e5e302\",\"type\":\"sum\",\"field\":\"network.bytes\"},{\"id\":\"ad71e075-6b32-48d3-9166-56de5602e828\",\"type\":\"calculation\",\"variables\":[{\"id\":\"6444c352-97d0-411f-a9cb-84d693544965\",\"name\":\"bytes\",\"field\":\"be634496-f50c-476b-b941-f643e4e5e302\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Cities\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\",\"terms_field\":\"geo.city.name\",\"terms_size\":\"25\",\"terms_order_by\":\"be634496-f50c-476b-b941-f643e4e5e302\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-ecs-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"filter\":{\"query\":\"geo.city.name: * \",\"language\":\"kuery\"},\"axis_min\":\"0\",\"use_kibana_indexes\":false,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"f24d253a-3f12-43c9-8898-d7b7dc34cb37","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,13943],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY1NTEsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): TCP Half-Open Sessions - metric","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: TCP Half-Open Sessions - metric\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"value\":0,\"id\":\"3374bc0c-cb5c-4fce-943a-f37049156236\",\"background_color\":\"rgba(204,204,204,1)\",\"operator\":\"gte\"},{\"value\":1000,\"id\":\"c17422fd-f5ec-4ec6-b841-adaaa6a32d63\",\"background_color\":\"rgba(68,170,255,1)\",\"operator\":\"gte\"},{\"value\":10000,\"id\":\"f581ce81-0463-4201-b122-a3d34fc5bee2\",\"background_color\":\"rgba(255,136,0,1)\",\"operator\":\"gte\"},{\"value\":100000,\"id\":\"0e11ceff-5cde-4958-a909-1a417e4c0e46\",\"background_color\":\"rgba(221,0,0,1)\",\"operator\":\"gte\"},{\"value\":null,\"id\":\"ddf74433-99d2-4b40-ae92-7b7c0c4db1d2\",\"background_color\":\"rgba(204,204,204,1)\",\"operator\":\"empty\"}],\"filter\":{\"query\":\"network.transport: \\\"tcp\\\" AND tcp.flags.bits: 2 AND NOT source.as.organization.name: \\\"PRIVATE\\\" AND (event.dataset: \\\"ipfix\\\" OR event.dataset: \\\"netflow\\\")\",\"language\":\"kuery\"},\"id\":\"243e6f91-2230-4e05-bcdd-3fb4a0941bab\",\"index_pattern\":\"elastiflow-flow-ecs-*\",\"interval\":\"\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"number\",\"id\":\"51ea642f-d1a5-4d80-963e-5990c33fc8e0\",\"label\":\"Half-Open Sessions\",\"line_width\":1,\"metrics\":[{\"id\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\",\"type\":\"cardinality\",\"field\":\"source.port\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"kibana\",\"split_mode\":\"everything\",\"stacked\":\"none\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"time_range_mode\":\"entire_time_range\",\"tooltip_mode\":\"show_all\",\"type\":\"metric\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"da041926-5de1-40d0-a9b7-6a1fc820163b","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,13944],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY1NTIsMl0="}
{"attributes":{"fieldAttrs":"{\"index\":{\"count\":2},\"client.ip\":{\"count\":1},\"host.name\":{\"count\":3},\"observer.ingress.interface.name\":{\"count\":4},\"observer.egress.interface.name\":{\"count\":4},\"server.ip\":{\"count\":1},\"vlan.c_tag.dei.state\":{\"count\":2},\"vlan.c_tag.id\":{\"count\":1},\"vlan.c_tag.pcp.name\":{\"count\":1},\"network.transport\":{\"count\":1},\"netif.descr\":{\"count\":1},\"netif.packets.discard.in\":{\"count\":1},\"sflow.sample_type.name\":{\"count\":2},\"observer.ingress.interface.id\":{\"count\":1},\"observer.egress.interface.id\":{\"count\":2},\"destination.ip\":{\"count\":18},\"flow.isServer\":{\"count\":1},\"source.ip\":{\"count\":51},\"tcp.flags.bits\":{\"count\":1},\"network.community_id\":{\"count\":2},\"flow.meter.bytes_drop\":{\"count\":1}}","fieldFormatMap":"{\"bgp.next_hop.ip.addr\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"http://127.0.0.1:5601\",\"pathname\":\"/app/management/kibana/objects\",\"basePath\":\"\"},\"urlTemplate\":\"https://community.riskiq.com/research?query={{value}}\",\"labelTemplate\":\"{{value}}\"}},\"cace.local.l4.port.id\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/app/management/kibana/indexPatterns/patterns/elastiflow-flow-ecs-*\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"cace.remote.l4.port.id\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/app/management/kibana/indexPatterns/patterns/elastiflow-flow-ecs-*\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"calix.netif.bytes.down\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"calix.netif.bytes.up\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"calix.olt.ibont.bytes.down\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"calix.olt.ibont.bytes.up\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"calix.olt.internet.bytes.down\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"calix.olt.internet.bytes.up\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"calix.olt.pon.bytes.assured.up\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"calix.olt.pon.bytes.excess.up\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"calix.olt.pon.bytes.fixed.up\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"calix.olt.soho.bytes.down\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"calix.olt.soho.bytes.up\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"calix.ont.ethernet.payload.bytes.down\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"calix.ont.ethernet.payload.bytes.up\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"calix.ont.pon.bytes.down\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"calix.ont.pon.bytes.up\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"calix.ont.pon.bytes_green\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"calix.ont.pon.bytes_yellow\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"calix.ont.pon.fec.bytes.corrected.down\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"calix.ont.pon.fec.bytes.corrected.up\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"calix.ont.uni.bytes_green\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"calix.ont.uni.bytes_red\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"calix.ont.uni.bytes_red_discard\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"calix.ont.uni.bytes_yellow\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"cisco.appqoe.tls.bytes_read\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"cisco.appqoe.tls.bytes_write\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"cisco.appqoe.tls.decrypt.bytes_read\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"cisco.appqoe.tls.decrypt.bytes_write\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"cisco.appqoe.tls.encrypt.bytes_read\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"cisco.appqoe.tls.encrypt.bytes_write\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"cisco.ioam.bytes_total\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"cisco.ioam.cs0.bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"cisco.ioam.cs1.bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"cisco.ioam.cs2.bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"cisco.ioam.cs3.bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"cisco.ioam.cs4.bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"cisco.ioam.cs5.bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"cisco.ioam.cs6.bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"cisco.ioam.cs7.bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"cisco.l4r.server.l4.port.id\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/app/management/kibana/indexPatterns/patterns/elastiflow-flow-ecs-*\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"cisco.pbhk.mapped.l4.port.id\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/app/management/kibana/indexPatterns/patterns/elastiflow-flow-ecs-*\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"cisco.sc.attack.l4.port.id\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/app/management/kibana/indexPatterns/patterns/elastiflow-flow-ecs-*\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"cisco.sc.bytes.down\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"cisco.sc.bytes.up\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"cisco.sc.sess.bytes.down\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"cisco.sc.sess.bytes.up\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"cisco.sdwan.bytes_drop\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"cisco.waas.bytes.optimised\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"cisco.waas.bytes.orig\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"network.bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://127.0.0.1:5601\",\"pathname\":\"/app/management/kibana/indexPatterns/patterns/elastiflow-flow-ecs-*/field/source.bytes\",\"basePath\":\"\"}}},\"network.bytes_total\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"client.bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"client.bytes_total\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"client.ip\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"http://127.0.0.1:5601\",\"pathname\":\"/app/management/kibana/objects\",\"basePath\":\"\"},\"urlTemplate\":\"https://community.riskiq.com/research?query={{value}}\",\"labelTemplate\":\"{{value}}\"}},\"client.port\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/app/management/kibana/indexPatterns/patterns/elastiflow-flow-ecs-*\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"client.nat.port\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/app/management/kibana/indexPatterns/patterns/elastiflow-flow-ecs-*\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"destination.bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"destination.ip\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"http://127.0.0.1:5601\",\"pathname\":\"/app/management/kibana/objects\",\"basePath\":\"\"},\"urlTemplate\":\"https://community.riskiq.com/research?query={{value}}\",\"labelTemplate\":\"{{value}}\"}},\"destination.port\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/app/management/kibana/indexPatterns/patterns/elastiflow-flow-ecs-*\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"destination.nat.ip\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"http://127.0.0.1:5601\",\"pathname\":\"/app/management/kibana/objects\",\"basePath\":\"\"},\"urlTemplate\":\"https://community.riskiq.com/research?query={{value}}\",\"labelTemplate\":\"{{value}}\"}},\"destination.nat.port\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/app/management/kibana/indexPatterns/patterns/elastiflow-flow-ecs-*\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"flow.export.bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"flow.export.l4.port.id\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/app/management/kibana/indexPatterns/patterns/elastiflow-flow-ecs-*\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"source.bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"http://127.0.0.1:5601\",\"pathname\":\"/app/management/kibana/indexPatterns/patterns/elastiflow-flow-ecs-*/field/source.bytes\",\"basePath\":\"\"}}},\"source.bytes_retrans\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"source.bytes_sumsqrs\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"source.bytes_total\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"source.bytes_total_sumsqrs\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"flow.in.l2.bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"flow.in.l2.bytes_sumsqrs\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"flow.in.l2.bytes_total\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"flow.in.l2.bytes_total_sumsqrs\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"flow.in.l4.bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"flow.meter.bytes_drop\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"flow.meter.bytes_ignore\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"flow.meter.flow_select.bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"flow.meter.l2.bytes_drop\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"flow.meter.l2.bytes_ignore\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"flow.out.bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"flow.out.bytes_mcast\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"flow.out.bytes_mcast_total\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"flow.out.bytes_retrans\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"flow.out.bytes_total\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"flow.out.l2.bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"flow.out.l2.bytes_mcast\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"flow.out.l2.bytes_mcast_total\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"flow.out.l2.bytes_total\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"flow.out.l4.bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"network.packets\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"http://127.0.0.1:5601\",\"pathname\":\"/app/monitoring\",\"basePath\":\"\"},\"pattern\":\"0,0.[0]a\"}},\"server.bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"server.bytes_total\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"server.ip\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"http://127.0.0.1:5601\",\"pathname\":\"/app/management/kibana/objects\",\"basePath\":\"\"},\"urlTemplate\":\"https://community.riskiq.com/research?query={{value}}\",\"labelTemplate\":\"{{value}}\"}},\"flow.server.l4.bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"server.port\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/app/management/kibana/indexPatterns/patterns/elastiflow-flow-ecs-*\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"server.nat.port\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/app/management/kibana/indexPatterns/patterns/elastiflow-flow-ecs-*\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"source.bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"source.ip\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"http://127.0.0.1:5601\",\"pathname\":\"/app/management/kibana/objects\",\"basePath\":\"\"},\"urlTemplate\":\"https://community.riskiq.com/research?query={{value}}\",\"labelTemplate\":\"{{value}}\"}},\"source.port\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/app/management/kibana/indexPatterns/patterns/elastiflow-flow-ecs-*\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"source.nat.ip\":{\"id\":\"url\",\"params\":{\"parsedUrl\":{\"origin\":\"http://127.0.0.1:5601\",\"pathname\":\"/app/management/kibana/objects\",\"basePath\":\"\"},\"urlTemplate\":\"https://community.riskiq.com/research?query={{value}}\",\"labelTemplate\":\"{{value}}\"}},\"source.nat.port\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/app/management/kibana/indexPatterns/patterns/elastiflow-flow-ecs-*\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"flow.treatment.bytes_drop\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"flow.treatment.bytes_drop_total\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"l2.bytes_drop\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"l2.bytes_drop_total\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"l4.bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"l4.port.id\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/app/management/kibana/indexPatterns/patterns/elastiflow-flow-ecs-*\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"masaryk.tunnel.dst.l4.port.id\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/app/management/kibana/indexPatterns/patterns/elastiflow-flow-ecs-*\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"masaryk.tunnel.src.l4.port.id\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/app/management/kibana/indexPatterns/patterns/elastiflow-flow-ecs-*\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"mem.avail.bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"mem.buffers.bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"mem.cached.bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"mem.commit.bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"mem.free.bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"mem.total.bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"mem.used.bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"mem.util.bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"mem.util.bytes_max\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"msexch.total_bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"netif.bytes.in\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"netif.bytes.out\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"netif.ethernet.bytes.in\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"netif.ethernet.packets.1024_1518_bytes.in\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"netif.ethernet.packets.128_255_bytes.in\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"netif.ethernet.packets.1519_2047_bytes.in\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"netif.ethernet.packets.2048_4095_bytes.in\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"netif.ethernet.packets.256_511_bytes.in\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"netif.ethernet.packets.4096_9216_bytes.in\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"netif.ethernet.packets.512_1023_bytes.in\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"netif.ethernet.packets.65_127_bytes.in\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"netif.ethernet.packets.9217_16383_bytes.in\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"netif.ethernet.packets.to_64_bytes.in\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"netscaler.ica.clientside.bytes_in\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"ntop.entropy.client.bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"ntop.entropy.server.bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"ntop.sip.rtp.dst.l4.port.id\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/app/management/kibana/indexPatterns/patterns/elastiflow-flow-ecs-*\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ntop.sip.rtp.src.l4.port.id\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/app/management/kibana/indexPatterns/patterns/elastiflow-flow-ecs-*\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ntop.untunnel.dst.l4.port.id\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/app/management/kibana/indexPatterns/patterns/elastiflow-flow-ecs-*\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ntop.untunnel.src.l4.port.id\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/app/management/kibana/indexPatterns/patterns/elastiflow-flow-ecs-*\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"pim.bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"redsocks.dst.orig.l4.port.id\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/app/management/kibana/indexPatterns/patterns/elastiflow-flow-ecs-*\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"redsocks.src.orig.l4.port.id\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/app/management/kibana/indexPatterns/patterns/elastiflow-flow-ecs-*\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"riverbed.cfe.l4.port.id\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/app/management/kibana/indexPatterns/patterns/elastiflow-flow-ecs-*\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"riverbed.outer.l4.port.id\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/app/management/kibana/indexPatterns/patterns/elastiflow-flow-ecs-*\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"riverbed.sfe.l4.port.id\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/app/management/kibana/indexPatterns/patterns/elastiflow-flow-ecs-*\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"sonicwall.db.proc.mem.commit.bytes\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"tcp.bytes_retrans\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"tunnel.client.l4.port.id\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/app/management/kibana/indexPatterns/patterns/elastiflow-flow-ecs-*\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"tunnel.dst.l4.port.id\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/app/management/kibana/indexPatterns/patterns/elastiflow-flow-ecs-*\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"tunnel.l4.port.id\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/app/management/kibana/indexPatterns/patterns/elastiflow-flow-ecs-*\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"tunnel.server.l4.port.id\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/app/management/kibana/indexPatterns/patterns/elastiflow-flow-ecs-*\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"tunnel.src.l4.port.id\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/app/management/kibana/indexPatterns/patterns/elastiflow-flow-ecs-*\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"wifi.afd.bytes_accept\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"wifi.afd.bytes_drop\":{\"id\":\"bytes\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/s/light/app/dashboards\",\"basePath\":\"/s/light\"}}},\"sonicwall.svc.port_begin\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/app/dashboards\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"sonicwall.svc.port_end\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/app/dashboards\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"flow.server.k8s.svc.port.id\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/app/dashboards\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"flow.dst.k8s.svc.port.id\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/app/dashboards\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ericsson.nat.external.port.end\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/app/dashboards\",\"basePath\":\"\"},\"pattern\":\"0\"}},\"ericsson.nat.external.port.start\":{\"id\":\"number\",\"params\":{\"parsedUrl\":{\"origin\":\"\",\"pathname\":\"/app/dashboards\",\"basePath\":\"\"},\"pattern\":\"0\"}}}","fields":"[]","runtimeFieldMap":"{}","timeFieldName":"@timestamp","title":"elastiflow-flow-ecs-*","typeMeta":"{}"},"coreMigrationVersion":"8.2.0","id":"elastiflow-flow-ecs-*","migrationVersion":{"index-pattern":"8.0.0"},"references":[],"sort":[1675811601479,13945],"type":"index-pattern","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY1NTMsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): VLANs Ingress and Egress (bytes) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: VLANs Ingress and Egress (bytes) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Bytes\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.vlan.id\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Ingress VLAN\"},\"schema\":\"segment\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.out.vlan.tag.id\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Egress VLAN\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\"}}"},"coreMigrationVersion":"8.2.0","id":"4af8339d-cc06-4dbd-810a-b95e85b66174","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1675811601479,13947],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY1NTQsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): NAV - Graph (src/dst)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Graph (src/dst)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"time_range_mode\":\"last_value\",\"id\":\"243e6f91-2230-4e05-bcdd-3fb4a0941bab\",\"type\":\"markdown\",\"series\":[{\"time_range_mode\":\"entire_time_range\",\"id\":\"51ea642f-d1a5-4d80-963e-5990c33fc8e0\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*-ecs-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"markdown\":\"[Client/Server](#/dashboard/428e8b89-92d5-4e7b-a83a-8379083a0874) | [**Src/Dst**](#/dashboard/2f0a86fc-9e3d-4916-b4f0-921e77871f31) | [AS](#/dashboard/cfe94c44-f8bd-4770-99ab-7f482ecda3a5)\\n***\",\"markdown_css\":\"p{color:#aaaaaa;margin-top:0;margin-bottom:12px} p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none} p a strong{color:#1ba9f5;font-weight:bold} hr{background-color:#aaaaaa;margin:0;height:1px} a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1,\"truncate_legend\":1,\"max_lines_legend\":1}}"},"coreMigrationVersion":"8.2.0","id":"5de41b05-5273-4637-9d77-29aefabde37c","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,13948],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY1NTUsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): TCP Flags (records) - tag cloud","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: TCP Flags (records) - tag cloud\",\"type\":\"tagcloud\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"tcp.flags.tags\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":16,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"},\"schema\":\"segment\"}],\"params\":{\"scale\":\"linear\",\"orientation\":\"single\",\"minFontSize\":16,\"maxFontSize\":48,\"showLabel\":false,\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"}}}"},"coreMigrationVersion":"8.2.0","id":"93767e25-189b-40ae-84c5-21d9f801acbf","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1675811601479,13950],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY1NTYsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must_not\":[{\"term\":{\"client.as.organization.name\":\"PRIVATE\"}}]},\"meta\":{\"alias\":\"Public\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must_not\\\":[{\\\"term\\\":{\\\"client.as.organization.name\\\":\\\"PRIVATE\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Recon Port Scan (Public) - table","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Recon Port Scan (Public) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"server.port\",\"customLabel\":\"Ports\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"client.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"server.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":14,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"6e9e2e78-a748-4749-a556-256cff748f3a","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1675811601479,13953],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY1NTcsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Flow Exporters (records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Flow Exporters (records) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Records\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Exporter\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\"}}"},"coreMigrationVersion":"8.2.0","id":"8eda5797-9c7f-4786-b9d8-3dcdd97c3004","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1675811601479,13955],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY1NTgsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Layer-4 Protocol Count - TSVB (metric)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Layer-4 Protocol Count - TSVB (metric)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"243e6f91-2230-4e05-bcdd-3fb4a0941bab\",\"type\":\"metric\",\"series\":[{\"id\":\"51ea642f-d1a5-4d80-963e-5990c33fc8e0\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\",\"type\":\"cardinality\",\"field\":\"network.transport\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Layer-4 Protocols\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-ecs-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"background_color_rules\":[{\"id\":\"a075e039-575f-4c8b-b940-2e884eba28aa\"}],\"time_range_mode\":\"entire_time_range\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"b143197a-43cd-444e-902d-a8bed248f9db","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,13956],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY1NTksMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"terms\":{\"tcp.flags.bits\":[63,127,255]}}]},\"meta\":{\"alias\":\"TCP X-Mas Flags\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"terms\\\":{\\\"tcp.flags.bits\\\":[63,127,255]}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): TCP X-Mas Flags - table","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: TCP X-Mas Flags - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Records\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"Packets\"},\"schema\":\"metric\"}],\"params\":{\"perPage\":3,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"2391f877-256d-4b35-97e6-0f21ab35037f","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1675811601479,13959],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY1NjAsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): DHCP Requests (packets) - TSVB (metric)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: DHCP Requests (packets) - TSVB (metric)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"243e6f91-2230-4e05-bcdd-3fb4a0941bab\",\"type\":\"metric\",\"series\":[{\"id\":\"51ea642f-d1a5-4d80-963e-5990c33fc8e0\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\",\"type\":\"sum\",\"field\":\"network.packets\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"3\",\"point_size\":\"0\",\"fill\":\"0\",\"stacked\":\"none\",\"label\":\"requests\",\"type\":\"timeseries\",\"filter\":{\"query\":\"\",\"language\":\"kuery\"}}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-ecs-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"drop_last_bucket\":1,\"background_color_rules\":[{\"id\":\"5ede7772-5bb9-4e6c-886a-346f69dc073b\"}],\"filter\":{\"query\":\"network.transport: \\\"udp\\\" AND source.port: 68 AND destination.port: 67 AND NOT destination.ip: 255.255.255.255 AND (event.dataset: \\\"ipfix\\\" OR event.dataset: \\\"netflow\\\")\",\"language\":\"kuery\"},\"time_range_mode\":\"entire_time_range\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true}}"},"coreMigrationVersion":"8.2.0","id":"fa8e8343-803b-46b0-ac5b-173c917e27bf","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,13960],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY1NjEsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): TCP Options (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow (flow): TCP Options (flow records) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Records\",\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"tcp.options.tags\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"TCP Option\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"nestedLegend\":false,\"truncateLegend\":true,\"maxLegendLines\":1,\"emptySizeRatio\":0.3,\"legendSize\":180}}"},"coreMigrationVersion":"8.2.0","id":"948eae7d-a22a-4577-b6e3-e493307c324a","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1675812723039,16976],"type":"visualization","updated_at":"2023-02-07T23:32:03.039Z","version":"Wzg2MzUsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): NAV - Flow Records","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Flow Records\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"time_range_mode\":\"last_value\",\"id\":\"243e6f91-2230-4e05-bcdd-3fb4a0941bab\",\"type\":\"markdown\",\"series\":[{\"time_range_mode\":\"entire_time_range\",\"id\":\"51ea642f-d1a5-4d80-963e-5990c33fc8e0\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*-ecs-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"markdown\":\"[Overview](#/dashboard/bbed16d8-b093-43a7-906a-c540bd306de6) | [Top-N](#/dashboard/6ffd0f89-824f-480e-bac3-6208b569a7c5) | [Core Services](#/dashboard/7bba2030-1878-4d50-a9c4-21372a9a3c73) | [Threats](#/dashboard/b9f81d8f-5f4a-4396-9372-de586cd9e67c) | [Flows](#/dashboard/d65172bd-25ad-445d-a6d7-c8c088993cdb) | [Graph](#/dashboard/428e8b89-92d5-4e7b-a83a-8379083a0874) | [Geo IP](#/dashboard/4d2f9e68-5019-4811-a3b6-081fd79db1e1) | [AS Traffic](#/dashboard/81f1a40e-98e5-4d15-bb0f-938a495f2af1) | [Exporters](#/dashboard/14d5dd97-4807-4267-9399-b5ced2d9abbe) | [Traffic Details](#/dashboard/fc15dfee-2dc4-4370-8cac-e6f9c73bcdf2) | [**Flow Records**](#/dashboard/31e00644-3a1e-4e11-9256-5f35aadd077c)\\n***\",\"markdown_css\":\"p{color:#aaaaaa;margin-top:0;margin-bottom:12px} p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none} p a strong{color:#1ba9f5;font-weight:bold} hr{background-color:#aaaaaa;margin:0;height:1px} a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1,\"truncate_legend\":1,\"max_lines_legend\":1}}"},"coreMigrationVersion":"8.2.0","id":"17c76001-f9c9-46ae-a3ab-7107b297d677","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,13963],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY1NjMsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Throughput/VLAN (pkts/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/VLAN (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"243e6f91-2230-4e05-bcdd-3fb4a0941bab\",\"type\":\"timeseries\",\"series\":[{\"id\":\"51ea642f-d1a5-4d80-963e-5990c33fc8e0\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\",\"type\":\"sum\",\"field\":\"network.packets\"},{\"id\":\"2db84b92-48c6-422d-b18a-6d66668b4649\",\"type\":\"math\",\"variables\":[{\"id\":\"83d85836-a78e-4771-adad-ca6465f8623d\",\"name\":\"packets\",\"field\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\"},{\"id\":\"421e0fdf-4321-44f1-bb3e-439c1e13ed98\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"be634496-f50c-476b-b941-f643e4e5e302\",\"type\":\"sum\",\"field\":\"network.packets\"},{\"id\":\"f77182a7-a825-47df-98f1-0ecfbd1e23e0\",\"type\":\"math\",\"variables\":[{\"id\":\"9681e7eb-9fe3-47b5-b2a4-1ffcf19d689d\",\"name\":\"packets\",\"field\":\"be634496-f50c-476b-b941-f643e4e5e302\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top VLANs\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\",\"terms_field\":\"vlan.tag.id\",\"terms_size\":\"25\",\"terms_order_by\":\"be634496-f50c-476b-b941-f643e4e5e302\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-ecs-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"filter\":{\"query\":\"vlan.tag.id: * \",\"language\":\"kuery\"},\"axis_min\":\"0\",\"use_kibana_indexes\":false,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"11a16093-341f-43c2-8987-2827533621c6","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,13964],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY1NjQsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): NAV - Threats","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Threats\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"time_range_mode\":\"last_value\",\"id\":\"243e6f91-2230-4e05-bcdd-3fb4a0941bab\",\"type\":\"markdown\",\"series\":[{\"time_range_mode\":\"entire_time_range\",\"id\":\"51ea642f-d1a5-4d80-963e-5990c33fc8e0\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*-ecs-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"markdown\":\"[Overview](#/dashboard/bbed16d8-b093-43a7-906a-c540bd306de6) | [Top-N](#/dashboard/6ffd0f89-824f-480e-bac3-6208b569a7c5) | [Core Services](#/dashboard/7bba2030-1878-4d50-a9c4-21372a9a3c73) | [**Threats**](#/dashboard/b9f81d8f-5f4a-4396-9372-de586cd9e67c) | [Flows](#/dashboard/d65172bd-25ad-445d-a6d7-c8c088993cdb) | [Graph](#/dashboard/428e8b89-92d5-4e7b-a83a-8379083a0874) | [Geo IP](#/dashboard/4d2f9e68-5019-4811-a3b6-081fd79db1e1) | [AS Traffic](#/dashboard/81f1a40e-98e5-4d15-bb0f-938a495f2af1) | [Exporters](#/dashboard/14d5dd97-4807-4267-9399-b5ced2d9abbe) | [Traffic Details](#/dashboard/fc15dfee-2dc4-4370-8cac-e6f9c73bcdf2) | [Flow Records](#/dashboard/31e00644-3a1e-4e11-9256-5f35aadd077c)\\n***\",\"markdown_css\":\"p{color:#aaaaaa;margin-top:0;margin-bottom:12px} p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none} p a strong{color:#1ba9f5;font-weight:bold} hr{background-color:#aaaaaa;margin:0;height:1px} a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1,\"truncate_legend\":1,\"max_lines_legend\":1}}"},"coreMigrationVersion":"8.2.0","id":"a2268641-0cea-4dad-9ba4-0a4becaf2349","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,13965],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY1NjUsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): NAV - Threats (DDoS TCP)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Threats (DDoS TCP)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"243e6f91-2230-4e05-bcdd-3fb4a0941bab\",\"type\":\"markdown\",\"series\":[{\"id\":\"51ea642f-d1a5-4d80-963e-5990c33fc8e0\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*-ecs-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"markdown\":\"[IP Reputation](#/dashboard/b9f81d8f-5f4a-4396-9372-de586cd9e67c) | [**DDoS TCP**](#/dashboard/0a0f816a-ee62-4e61-a458-3a8a85b0581e) | [DDoS Flood](#/dashboard/8e2524a2-77e5-4e50-a03f-5bd7cd508c91) | [RECON](#/dashboard/cd13df0e-7a98-4046-af75-f2b202fee2cb) | [Brute Force](#/dashboard/d4634492-bd35-4e08-bb5b-00c21163817d)\\n***\",\"markdown_css\":\"p{color:#aaaaaa;margin-top:0;margin-bottom:12px} p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none} p a strong{color:#1ba9f5;font-weight:bold} hr{background-color:#aaaaaa;margin:0;height:1px} a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"d610fb4b-40f0-4f44-9c15-5478c52ffc5f","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,13966],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY1NjYsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: Logo","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Logo\",\"type\":\"markdown\",\"aggs\":[],\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"[![ElastiFlow](data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAHAAAAAgCAYAAADKbvy8AAAFXWlUWHRYTUw6Y29tLmFkb2JlLnhtcAAAAAAAPD94cGFja2V0IGJlZ2luPSLvu78iIGlkPSJXNU0wTXBDZWhpSHpyZVN6TlRjemtjOWQiPz4KPHg6eG1wbWV0YSB4bWxuczp4PSJhZG9iZTpuczptZXRhLyIgeDp4bXB0az0iWE1QIENvcmUgNS41LjAiPgogPHJkZjpSREYgeG1sbnM6cmRmPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5LzAyLzIyLXJkZi1zeW50YXgtbnMjIj4KICA8cmRmOkRlc2NyaXB0aW9uIHJkZjphYm91dD0iIgogICAgeG1sbnM6ZGM9Imh0dHA6Ly9wdXJsLm9yZy9kYy9lbGVtZW50cy8xLjEvIgogICAgeG1sbnM6ZXhpZj0iaHR0cDovL25zLmFkb2JlLmNvbS9leGlmLzEuMC8iCiAgICB4bWxuczp0aWZmPSJodHRwOi8vbnMuYWRvYmUuY29tL3RpZmYvMS4wLyIKICAgIHhtbG5zOnBob3Rvc2hvcD0iaHR0cDovL25zLmFkb2JlLmNvbS9waG90b3Nob3AvMS4wLyIKICAgIHhtbG5zOnhtcD0iaHR0cDovL25zLmFkb2JlLmNvbS94YXAvMS4wLyIKICAgIHhtbG5zOnhtcE1NPSJodHRwOi8vbnMuYWRvYmUuY29tL3hhcC8xLjAvbW0vIgogICAgeG1sbnM6c3RFdnQ9Imh0dHA6Ly9ucy5hZG9iZS5jb20veGFwLzEuMC9zVHlwZS9SZXNvdXJjZUV2ZW50IyIKICAgZXhpZjpQaXhlbFhEaW1lbnNpb249IjExMiIKICAgZXhpZjpQaXhlbFlEaW1lbnNpb249IjMyIgogICBleGlmOkNvbG9yU3BhY2U9IjEiCiAgIHRpZmY6SW1hZ2VXaWR0aD0iMTEyIgogICB0aWZmOkltYWdlTGVuZ3RoPSIzMiIKICAgdGlmZjpSZXNvbHV0aW9uVW5pdD0iMiIKICAgdGlmZjpYUmVzb2x1dGlvbj0iNzIuMCIKICAgdGlmZjpZUmVzb2x1dGlvbj0iNzIuMCIKICAgcGhvdG9zaG9wOkNvbG9yTW9kZT0iMyIKICAgcGhvdG9zaG9wOklDQ1Byb2ZpbGU9InNSR0IgSUVDNjE5NjYtMi4xIgogICB4bXA6TW9kaWZ5RGF0ZT0iMjAyMC0xMS0yOVQwOTo1NzoyNiswMTowMCIKICAgeG1wOk1ldGFkYXRhRGF0ZT0iMjAyMC0xMS0yOVQwOTo1NzoyNiswMTowMCI+CiAgIDxkYzp0aXRsZT4KICAgIDxyZGY6QWx0PgogICAgIDxyZGY6bGkgeG1sOmxhbmc9IngtZGVmYXVsdCI+bG9nby1raWJhbmE8L3JkZjpsaT4KICAgIDwvcmRmOkFsdD4KICAgPC9kYzp0aXRsZT4KICAgPHhtcE1NOkhpc3Rvcnk+CiAgICA8cmRmOlNlcT4KICAgICA8cmRmOmxpCiAgICAgIHN0RXZ0OmFjdGlvbj0icHJvZHVjZWQiCiAgICAgIHN0RXZ0OnNvZnR3YXJlQWdlbnQ9IkFmZmluaXR5IERlc2lnbmVyIChOb3YgIDYgMjAyMCkiCiAgICAgIHN0RXZ0OndoZW49IjIwMjAtMTEtMjlUMDk6NTc6MjYrMDE6MDAiLz4KICAgIDwvcmRmOlNlcT4KICAgPC94bXBNTTpIaXN0b3J5PgogIDwvcmRmOkRlc2NyaXB0aW9uPgogPC9yZGY6UkRGPgo8L3g6eG1wbWV0YT4KPD94cGFja2V0IGVuZD0iciI/PnTRx9oAAAGCaUNDUHNSR0IgSUVDNjE5NjYtMi4xAAAokXWRzytEURTHPzPIZEaEhQU1aVgNDWpio8wk1KRpjDLYzLz5pebH672RZKtspyix8WvBX8BWWStFpGRlYU1smJ7zZtRI5tzOPZ/7vfec7j0XrOGMktXrPZDNFbTQpM85H1lwNj5jpxsbXtqiiq6OB4MBatrHHRYz3vSbtWqf+9fs8YSugMUmPKaoWkF4SjiwWlBN3hbuUNLRuPCpsFuTCwrfmnqswi8mpyr8ZbIWDvnB2irsTP3i2C9W0lpWWF6OK5tZUX7uY77EkcjNzUrsEe9CJ8QkPpxMM4FfejLIqMxe+hliQFbUyPeU82fIS64is8oaGsukSFPALeqKVE9ITIqekJFhzez/377qyeGhSnWHDxqeDOOtFxq3oFQ0jM9DwygdQd0jXOSq+fkDGHkXvVjVXPvQsgFnl1UttgPnm9D5oEa1aFmqE7cmk/B6As0RaL+GpsVKz372Ob6H8Lp81RXs7kGfnG9Z+gZ7umfvslRXWQAAAAlwSFlzAAALEwAACxMBAJqcGAAABntJREFUaIHtmmmMFVUWx381isYtRGRajRqIQ8gkJqMx4/7Ujk6gERxMHDWj4IIbYhT9ov+JGo3K5IAicRnHcVdmFJfGdiHu4ZnQ4tYIxI1WkZYoPXSDadAWl+6eD+cWXbx57/XyXrUk1j+p1LvnnnvrVJ17z3ZfVLukp4d08M98LpqR0twZAn6T0rw/ALNSmjtDAmkp8O58LvoqpbkzJJCGAjsBS2HeDEWQhgJvz+ei9SnMm6EIqq3ATcCtVZ4zQxnsWKZvHLBmgPN15nPRxsGLk2GgKKfANflc9OmQSZJhUEgrCs0wRCi3A1OFmY0DDijRvVrS4sB3OoCkJ4dQtvOBVkmLQnsP4PQS7JskPWVmNcDJwHJJTUMk6i+nQOBKoK5E31PA4vB7NhABVVegmU0A1hf54PcDjcCi0K4JtGJYjcs7JvD8HfhVKDDGkXj0mkRhOy0sCtfJBfSLgNYi/C8AVxXQfkxBrn6jnAKH1y7pGdGPOTryuairAhmaJX1TwfiqQ9J9Jbo2Sfp4SIXpA+UU+G4/xjcDB1VJln7DzP4E/BXfvaOBT4HbJD2a4NkVuAyYCPwBeB94BbgtjLkRN82HmtkTwEZJl4SxjcAHki6ukrxnANODHFuAZcAsSW+F/t2DbJ9ImpYYNxy3ECslzUjQ9wr0dyuNQq/P56KfK5xjQDCzHYC78Dz1PeBhYCTwiJn9JcF6B17Si4D5wG7A1cAewDBgn8C3M/BbIGltDqdKC9PM5gMLgByQBz4DJgGNZnYlgKRvgW5gqpntmRh+EnAMcEFQZowJwBHA6kp84AdUJ7BoMrPuRPtpSSrFLKnLzOqAtZK6AMzsATxwmA48HVhrge+B8ZI6A9++ktqBdjObCGwGlkoq9IGlkDOzwne+UFJHMWYzmwZMAZ4FZkj6OtAPAh4H5pjZG5KWAQtxZdWFPoBTgPV4EDUBXwjQ67MXVrIDr8vnou6+2frEx/hiiK8+TzEkrQmKHGFmfwQOxAOfMQm2Z4BdgHnB5CBpXYWyjgSOKriGleG/EA9ypsXKC3J8CFyOu7Cpgbww3CcCmNlOuNL+jVfEJgf6MGA80CSpZbA7sAlfVdXAlIEGMWZ2JjAH2C+QfsA/ZGeC7RZgLB5Rnm1m9wA3lNot/USDpLP6KWMEHIr70mLlxbeAHuAQ8EVpZsuAuuAmTsDNfQNecDkvKO9YYDhB4YPdgdfmc1FaJ/llEXK3/wAf4kHMSNy/bUjySVovaTL+IV4HrgBWhI+QRJSGnJJ6gDbc/BXDyPDs5MlNPbAXvrNPAf6L56P1uNJqcf8Z85ZV4GFhsmLXywN8n0qxc+L3ueF+nqS3JW0AjscDkf+DpMWSJgG3A6OAOND5HvgO+F2KsuaB/c1sUhG+88O9MUGrD/eJuJ97VlI38Cael/459H0kaRWUTyM6huhk4XAz21xA645DbOBr4OgQijfQu9Ommtk8YE/87xtb4sHBfD2Hm6nngbX4igf4ErYGQ43AuDDPE8A74YMNBrGPqzOzRyWtBP6G75jHQqB1N77QLsVLcyuBe+IJJK0ys4+Ac4B9cT+OpG4zawBODfSb4jHbQzH7JXwVJq98oj9Oqhfg+ZvhCjFcmevC9UZizO64T7wZWAFsBM4CnpOUXPHTgc9x87oU9zmDgqQ1wGt4+vFgoK3FA5GvwjOaw/udGeSdLKmwkrMQV1IHbvpj1Ad6zAP8sqW0m+hVTiG2VnYkPWxmr+J51DpJm8xsNHAc7itWAC+G38PDmM34Ttgb94E1wAuSPk8+RNIXwBgzG4u7jDgIOg1XeoxWfPV/2cc7jccDl70Tz1hqZofgZv5g3FI0SXqzxBz/wIsObZJ+StDzQYYuSctjYlTmb4Vjs/PA7R/bgwnNUAHKmdDRtUu2bs4N+NaP866f87noCxp6RgE7BVorLW0RveZjCzNr1lZb4AzbotwOfAV3uqtwxd0a2s3ANTT0/B4PAJqB5XguNj/Bc0F6YmeI0Z8gZgHwLb0K+RGv5N8C7BBod9HSNgrPU8ADgLlVlDNDCfSlwC7geuAGemt+/8q3MwKP1MBrkLPZtrA9h5k1Q3Uo+6tGXwp8KPBMCe1OPGl+gN4S1Fxa2g4GTgztVuDOKsuZoQTKKfAnPFebS6+vvCPfzoGEijnQDsxj29LaLGbWJIvKGVJEOQU+jtc9Tw3tDvwEoD7BM5uWtjihBmgB7q22kBlK43/m1ycy1u1O3AAAAABJRU5ErkJggg==)](https://www.elastiflow.com)\"}}"},"coreMigrationVersion":"8.2.0","id":"b3a59822-c752-45ed-b321-fe35aa1edda7","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,13967],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY1NjcsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Threats (DDoS TCP) - input list","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Threats (DDoS TCP) - input list\",\"type\":\"input_control_vis\",\"aggs\":[],\"params\":{\"controls\":[{\"id\":\"1607868729183\",\"fieldName\":\"host.name\",\"parent\":\"\",\"label\":\"Flow Exporter\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":1000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_0_index_pattern\"}],\"updateFiltersOnChange\":true,\"useTimeFilter\":true,\"pinFilters\":true}}"},"coreMigrationVersion":"8.2.0","id":"c8f021b0-3853-4594-8822-bb18c41cd6e6","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"control_0_index_pattern","type":"index-pattern"}],"sort":[1675811601479,13969],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY1NjgsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): TCP Half-Open Sources - metric","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: TCP Half-Open Sources - metric\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"value\":0,\"id\":\"3374bc0c-cb5c-4fce-943a-f37049156236\",\"background_color\":\"rgba(204,204,204,1)\",\"operator\":\"gte\"},{\"value\":500,\"id\":\"c17422fd-f5ec-4ec6-b841-adaaa6a32d63\",\"background_color\":\"rgba(68,170,255,1)\",\"operator\":\"gte\"},{\"value\":5000,\"id\":\"f581ce81-0463-4201-b122-a3d34fc5bee2\",\"background_color\":\"rgba(255,136,0,1)\",\"operator\":\"gte\"},{\"value\":50000,\"id\":\"0e11ceff-5cde-4958-a909-1a417e4c0e46\",\"background_color\":\"rgba(221,0,0,1)\",\"operator\":\"gte\"},{\"value\":null,\"id\":\"8ed4cd0f-4b90-4d6b-9f54-f014d1611ef2\",\"background_color\":\"rgba(204,204,204,1)\",\"operator\":\"empty\"}],\"filter\":{\"query\":\"network.transport: \\\"tcp\\\" AND tcp.flags.bits: 2 AND NOT source.as.organization.name: \\\"PRIVATE\\\" AND (event.dataset: \\\"ipfix\\\" OR event.dataset: \\\"netflow\\\")\",\"language\":\"kuery\"},\"id\":\"243e6f91-2230-4e05-bcdd-3fb4a0941bab\",\"index_pattern\":\"elastiflow-flow-ecs-*\",\"interval\":\"\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"number\",\"id\":\"51ea642f-d1a5-4d80-963e-5990c33fc8e0\",\"label\":\"Half-Open Sources\",\"line_width\":1,\"metrics\":[{\"id\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\",\"type\":\"cardinality\",\"field\":\"source.ip\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"kibana\",\"split_mode\":\"everything\",\"stacked\":\"none\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"time_range_mode\":\"entire_time_range\",\"tooltip_mode\":\"show_all\",\"type\":\"metric\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"803ec1a8-976d-49f5-ba25-a701a1348e67","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,13970],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY1NjksMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): TCP X-Mas Flags (packets) - metric","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: TCP X-Mas Flags (packets) - metric\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"value\":0,\"id\":\"3374bc0c-cb5c-4fce-943a-f37049156236\",\"background_color\":\"rgba(204,204,204,1)\",\"operator\":\"gte\"},{\"value\":1,\"id\":\"c17422fd-f5ec-4ec6-b841-adaaa6a32d63\",\"background_color\":\"rgba(68,170,255,1)\",\"operator\":\"gte\"},{\"value\":10,\"id\":\"f581ce81-0463-4201-b122-a3d34fc5bee2\",\"background_color\":\"rgba(255,136,0,1)\",\"operator\":\"gte\"},{\"value\":100,\"id\":\"0e11ceff-5cde-4958-a909-1a417e4c0e46\",\"background_color\":\"rgba(221,0,0,1)\",\"operator\":\"gte\"},{\"value\":null,\"id\":\"688d1aff-aef1-419f-be3e-51714bb9e2dc\",\"background_color\":\"rgba(204,204,204,1)\",\"operator\":\"empty\"}],\"filter\":{\"query\":\"tcp.flags.bits: 63 OR tcp.flags.bits: 127 OR tcp.flags.bits: 255\",\"language\":\"kuery\"},\"id\":\"243e6f91-2230-4e05-bcdd-3fb4a0941bab\",\"index_pattern\":\"elastiflow-flow-ecs-*\",\"interval\":\"\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"number\",\"id\":\"51ea642f-d1a5-4d80-963e-5990c33fc8e0\",\"label\":\"X-Mas Flags\",\"line_width\":1,\"metrics\":[{\"id\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\",\"type\":\"sum\",\"field\":\"network.packets\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"kibana\",\"split_mode\":\"everything\",\"stacked\":\"none\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"time_range_mode\":\"entire_time_range\",\"tooltip_mode\":\"show_all\",\"type\":\"metric\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"fa149d66-ef8e-4d4b-8112-9205c31e5381","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,13971],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY1NzAsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): TCP null Flags (packets) - metric","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: TCP null Flags (packets) - metric\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"value\":0,\"id\":\"3374bc0c-cb5c-4fce-943a-f37049156236\",\"background_color\":\"rgba(204,204,204,1)\",\"operator\":\"gte\"},{\"value\":1,\"id\":\"c17422fd-f5ec-4ec6-b841-adaaa6a32d63\",\"background_color\":\"rgba(68,170,255,1)\",\"operator\":\"gte\"},{\"value\":10,\"id\":\"f581ce81-0463-4201-b122-a3d34fc5bee2\",\"background_color\":\"rgba(255,136,0,1)\",\"operator\":\"gte\"},{\"value\":100,\"id\":\"0e11ceff-5cde-4958-a909-1a417e4c0e46\",\"background_color\":\"rgba(221,0,0,1)\",\"operator\":\"gte\"},{\"value\":null,\"id\":\"c2bbb5af-d87e-4444-8464-9184c8807569\",\"background_color\":\"rgba(204,204,204,1)\",\"operator\":\"empty\"}],\"filter\":{\"query\":\"network.transport: \\\"tcp\\\" AND tcp.flags.bits: 0\",\"language\":\"kuery\"},\"id\":\"243e6f91-2230-4e05-bcdd-3fb4a0941bab\",\"index_pattern\":\"elastiflow-flow-ecs-*\",\"interval\":\"\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"number\",\"id\":\"51ea642f-d1a5-4d80-963e-5990c33fc8e0\",\"label\":\"null Flags\",\"line_width\":1,\"metrics\":[{\"id\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\",\"type\":\"sum\",\"field\":\"network.packets\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"kibana\",\"split_mode\":\"everything\",\"stacked\":\"none\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"time_range_mode\":\"entire_time_range\",\"tooltip_mode\":\"show_all\",\"type\":\"metric\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"868db542-c187-4e81-ab78-3b1dcf14bbc6","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,13972],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY1NzEsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): TCP URG Flags (packets) - metric","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: TCP URG Flags (packets) - metric\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"value\":0,\"id\":\"3374bc0c-cb5c-4fce-943a-f37049156236\",\"background_color\":\"rgba(204,204,204,1)\",\"operator\":\"gte\"},{\"value\":1,\"id\":\"c17422fd-f5ec-4ec6-b841-adaaa6a32d63\",\"background_color\":\"rgba(68,170,255,1)\",\"operator\":\"gte\"},{\"value\":10,\"id\":\"f581ce81-0463-4201-b122-a3d34fc5bee2\",\"background_color\":\"rgba(255,136,0,1)\",\"operator\":\"gte\"},{\"value\":100,\"id\":\"0e11ceff-5cde-4958-a909-1a417e4c0e46\",\"background_color\":\"rgba(221,0,0,1)\",\"operator\":\"gte\"},{\"value\":null,\"id\":\"18db0a1f-5ac9-46c9-8edf-eedad37e8f8e\",\"background_color\":\"rgba(204,204,204,1)\",\"operator\":\"empty\"}],\"filter\":{\"query\":\"tcp.flags.tags: \\\"URG\\\" \",\"language\":\"kuery\"},\"id\":\"243e6f91-2230-4e05-bcdd-3fb4a0941bab\",\"index_pattern\":\"elastiflow-flow-ecs-*\",\"interval\":\"\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"number\",\"id\":\"51ea642f-d1a5-4d80-963e-5990c33fc8e0\",\"label\":\"Urgent Flags\",\"line_width\":1,\"metrics\":[{\"id\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\",\"type\":\"sum\",\"field\":\"network.packets\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"kibana\",\"split_mode\":\"everything\",\"stacked\":\"none\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"time_range_mode\":\"entire_time_range\",\"tooltip_mode\":\"show_all\",\"type\":\"metric\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"b087f06d-9a69-4620-b38e-afd07abe3464","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,13973],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY1NzIsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"terms\":{\"event.dataset\":[\"netflow\",\"ipfix\"]}},{\"term\":{\"tcp.flags.bits\":2}}],\"must_not\":[{\"term\":{\"source.as.organization.name\":\"PRIVATE\"}}]},\"meta\":{\"alias\":\"SYN-only Inbound\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"terms\\\":{\\\"event.dataset\\\":[\\\"netflow\\\",\\\"ipfix\\\"]}},{\\\"term\\\":{\\\"tcp.flags.bits\\\":2}}],\\\"must_not\\\":[{\\\"term\\\":{\\\"source.as.organization.name\\\":\\\"PRIVATE\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): TCP SYN-only Sessions (Public) - table","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: TCP SYN-only Sessions (Public) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"source.port\",\"customLabel\":\"Sessions\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.l4.port.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":6,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"bf0201dc-e0ef-4378-8c49-58088f327c70","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1675811601479,13976],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY1NzMsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"terms\":{\"event.dataset\":[\"netflow\",\"ipfix\"]}},{\"term\":{\"tcp.flags.bits\":2}}],\"must_not\":[{\"term\":{\"source.as.organization.name\":\"PRIVATE\"}}]},\"meta\":{\"alias\":\"SYN-only Public\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"terms\\\":{\\\"event.dataset\\\":[\\\"netflow\\\",\\\"ipfix\\\"]}},{\\\"term\\\":{\\\"tcp.flags.bits\\\":2}}],\\\"must_not\\\":[{\\\"term\\\":{\\\"source.as.organization.name\\\":\\\"PRIVATE\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): TCP SYN-only Sources (Public) - table","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: TCP SYN-only Sources (Public) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"source.ip\",\"customLabel\":\"Sources\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.l4.port.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":6,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"21051b59-333f-460b-90ea-da653dbd582b","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1675811601479,13979],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY1NzQsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"term\":{\"tcp.flags.tags\":\"URG\"}}]},\"meta\":{\"alias\":\"TCP URG Flag\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"term\\\":{\\\"tcp.flags.tags\\\":\\\"URG\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): TCP URG Flag - table","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: TCP URG Flag - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Records\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"Packets\"},\"schema\":\"metric\"}],\"params\":{\"perPage\":3,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"fdc551d7-9987-4964-9abf-bda192c50a3d","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1675811601479,13982],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY1NzUsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"term\":{\"network.transport\":\"tcp\"}},{\"term\":{\"tcp.flags.bits\":0}}]},\"meta\":{\"alias\":\"TCP null Flags\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"term\\\":{\\\"network.transport\\\":\\\"tcp\\\"}},{\\\"term\\\":{\\\"tcp.flags.bits\\\":0}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): TCP null Flags - table","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: TCP null Flags - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Records\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"Packets\"},\"schema\":\"metric\"}],\"params\":{\"perPage\":3,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"9b013f80-3f1b-43b8-9039-a19360aad247","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1675811601479,13985],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY1NzYsMl0="}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":false}","panelsJSON":"[{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":28,\"h\":4,\"i\":\"87e72168-6981-442c-a8af-25c39e5db52f\"},\"panelIndex\":\"87e72168-6981-442c-a8af-25c39e5db52f\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_87e72168-6981-442c-a8af-25c39e5db52f\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":28,\"y\":0,\"w\":15,\"h\":4,\"i\":\"344ce333-c1ae-463e-9995-4de5df8c9648\"},\"panelIndex\":\"344ce333-c1ae-463e-9995-4de5df8c9648\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_344ce333-c1ae-463e-9995-4de5df8c9648\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":43,\"y\":0,\"w\":5,\"h\":4,\"i\":\"700597a0-0303-4f5b-bd79-e4aab7265315\"},\"panelIndex\":\"700597a0-0303-4f5b-bd79-e4aab7265315\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_700597a0-0303-4f5b-bd79-e4aab7265315\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":4,\"w\":8,\"h\":5,\"i\":\"1152c253-7db2-47f5-aff5-8a1f7d048504\"},\"panelIndex\":\"1152c253-7db2-47f5-aff5-8a1f7d048504\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_1152c253-7db2-47f5-aff5-8a1f7d048504\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":8,\"y\":4,\"w\":8,\"h\":5,\"i\":\"0c5cbccb-f583-4b72-b893-dd76772013d0\"},\"panelIndex\":\"0c5cbccb-f583-4b72-b893-dd76772013d0\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_0c5cbccb-f583-4b72-b893-dd76772013d0\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":16,\"y\":4,\"w\":8,\"h\":5,\"i\":\"5bd8328f-9404-4a0c-98ff-3bbfb5305399\"},\"panelIndex\":\"5bd8328f-9404-4a0c-98ff-3bbfb5305399\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_5bd8328f-9404-4a0c-98ff-3bbfb5305399\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":4,\"w\":8,\"h\":5,\"i\":\"d6004b7a-1339-4ed7-8e8e-3bfdd0e723b0\"},\"panelIndex\":\"d6004b7a-1339-4ed7-8e8e-3bfdd0e723b0\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_d6004b7a-1339-4ed7-8e8e-3bfdd0e723b0\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":32,\"y\":4,\"w\":8,\"h\":5,\"i\":\"288d3134-b7d5-4c63-959a-d5af6a0c047b\"},\"panelIndex\":\"288d3134-b7d5-4c63-959a-d5af6a0c047b\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_288d3134-b7d5-4c63-959a-d5af6a0c047b\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":40,\"y\":4,\"w\":8,\"h\":5,\"i\":\"1a2867e6-d60f-4da0-982e-3057e36c8867\"},\"panelIndex\":\"1a2867e6-d60f-4da0-982e-3057e36c8867\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_1a2867e6-d60f-4da0-982e-3057e36c8867\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":9,\"w\":26,\"h\":19,\"i\":\"d09aca61-1216-4392-a2d5-d9a40f31cb8b\"},\"panelIndex\":\"d09aca61-1216-4392-a2d5-d9a40f31cb8b\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Half-Open Sessions\",\"panelRefName\":\"panel_d09aca61-1216-4392-a2d5-d9a40f31cb8b\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":26,\"y\":9,\"w\":22,\"h\":19,\"i\":\"da8e3601-5ba1-47be-9e94-2ef2b09f9000\"},\"panelIndex\":\"da8e3601-5ba1-47be-9e94-2ef2b09f9000\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Half-Open Sources\",\"panelRefName\":\"panel_da8e3601-5ba1-47be-9e94-2ef2b09f9000\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":28,\"w\":16,\"h\":14,\"i\":\"53fcc0c1-2309-42c3-903b-d40be4b63943\"},\"panelIndex\":\"53fcc0c1-2309-42c3-903b-d40be4b63943\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"X-Mas Flags\",\"panelRefName\":\"panel_53fcc0c1-2309-42c3-903b-d40be4b63943\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":16,\"y\":28,\"w\":16,\"h\":14,\"i\":\"c53c2014-c549-4894-84fc-ce9b16d3cf07\"},\"panelIndex\":\"c53c2014-c549-4894-84fc-ce9b16d3cf07\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"URG Flag\",\"panelRefName\":\"panel_c53c2014-c549-4894-84fc-ce9b16d3cf07\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":32,\"y\":28,\"w\":16,\"h\":14,\"i\":\"b7909023-a4d2-4ee9-b4e5-79d24d497a96\"},\"panelIndex\":\"b7909023-a4d2-4ee9-b4e5-79d24d497a96\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"null Flags\",\"panelRefName\":\"panel_b7909023-a4d2-4ee9-b4e5-79d24d497a96\"}]","timeRestore":false,"title":"ElastiFlow (flow): Threats (DDoS TCP)","version":1},"coreMigrationVersion":"8.2.0","id":"0a0f816a-ee62-4e61-a458-3a8a85b0581e","migrationVersion":{"dashboard":"8.2.0"},"references":[{"id":"a2268641-0cea-4dad-9ba4-0a4becaf2349","name":"87e72168-6981-442c-a8af-25c39e5db52f:panel_87e72168-6981-442c-a8af-25c39e5db52f","type":"visualization"},{"id":"d610fb4b-40f0-4f44-9c15-5478c52ffc5f","name":"344ce333-c1ae-463e-9995-4de5df8c9648:panel_344ce333-c1ae-463e-9995-4de5df8c9648","type":"visualization"},{"id":"b3a59822-c752-45ed-b321-fe35aa1edda7","name":"700597a0-0303-4f5b-bd79-e4aab7265315:panel_700597a0-0303-4f5b-bd79-e4aab7265315","type":"visualization"},{"id":"c8f021b0-3853-4594-8822-bb18c41cd6e6","name":"1152c253-7db2-47f5-aff5-8a1f7d048504:panel_1152c253-7db2-47f5-aff5-8a1f7d048504","type":"visualization"},{"id":"da041926-5de1-40d0-a9b7-6a1fc820163b","name":"0c5cbccb-f583-4b72-b893-dd76772013d0:panel_0c5cbccb-f583-4b72-b893-dd76772013d0","type":"visualization"},{"id":"803ec1a8-976d-49f5-ba25-a701a1348e67","name":"5bd8328f-9404-4a0c-98ff-3bbfb5305399:panel_5bd8328f-9404-4a0c-98ff-3bbfb5305399","type":"visualization"},{"id":"fa149d66-ef8e-4d4b-8112-9205c31e5381","name":"d6004b7a-1339-4ed7-8e8e-3bfdd0e723b0:panel_d6004b7a-1339-4ed7-8e8e-3bfdd0e723b0","type":"visualization"},{"id":"868db542-c187-4e81-ab78-3b1dcf14bbc6","name":"288d3134-b7d5-4c63-959a-d5af6a0c047b:panel_288d3134-b7d5-4c63-959a-d5af6a0c047b","type":"visualization"},{"id":"b087f06d-9a69-4620-b38e-afd07abe3464","name":"1a2867e6-d60f-4da0-982e-3057e36c8867:panel_1a2867e6-d60f-4da0-982e-3057e36c8867","type":"visualization"},{"id":"bf0201dc-e0ef-4378-8c49-58088f327c70","name":"d09aca61-1216-4392-a2d5-d9a40f31cb8b:panel_d09aca61-1216-4392-a2d5-d9a40f31cb8b","type":"visualization"},{"id":"21051b59-333f-460b-90ea-da653dbd582b","name":"da8e3601-5ba1-47be-9e94-2ef2b09f9000:panel_da8e3601-5ba1-47be-9e94-2ef2b09f9000","type":"visualization"},{"id":"2391f877-256d-4b35-97e6-0f21ab35037f","name":"53fcc0c1-2309-42c3-903b-d40be4b63943:panel_53fcc0c1-2309-42c3-903b-d40be4b63943","type":"visualization"},{"id":"fdc551d7-9987-4964-9abf-bda192c50a3d","name":"c53c2014-c549-4894-84fc-ce9b16d3cf07:panel_c53c2014-c549-4894-84fc-ce9b16d3cf07","type":"visualization"},{"id":"9b013f80-3f1b-43b8-9039-a19360aad247","name":"b7909023-a4d2-4ee9-b4e5-79d24d497a96:panel_b7909023-a4d2-4ee9-b4e5-79d24d497a96","type":"visualization"}],"sort":[1675811601479,14000],"type":"dashboard","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY1NzcsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): NAV - Threats (Brute Force)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Threats (Brute Force)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"243e6f91-2230-4e05-bcdd-3fb4a0941bab\",\"type\":\"markdown\",\"series\":[{\"id\":\"51ea642f-d1a5-4d80-963e-5990c33fc8e0\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*-ecs-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"markdown\":\"[IP Reputation](#/dashboard/b9f81d8f-5f4a-4396-9372-de586cd9e67c) | [DDoS TCP](#/dashboard/0a0f816a-ee62-4e61-a458-3a8a85b0581e) | [DDoS Flood](#/dashboard/8e2524a2-77e5-4e50-a03f-5bd7cd508c91) | [RECON](#/dashboard/cd13df0e-7a98-4046-af75-f2b202fee2cb) | [**Brute Force**](#/dashboard/d4634492-bd35-4e08-bb5b-00c21163817d)\\n***\",\"markdown_css\":\"p{color:#aaaaaa;margin-top:0;margin-bottom:12px} p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none} p a strong{color:#1ba9f5;font-weight:bold} hr{background-color:#aaaaaa;margin:0;height:1px} a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"913b3752-77ab-4925-8c63-1c908bce88a0","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,14001],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY1NzgsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Throughput/Server (pkts/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/Server (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"243e6f91-2230-4e05-bcdd-3fb4a0941bab\",\"type\":\"timeseries\",\"series\":[{\"id\":\"51ea642f-d1a5-4d80-963e-5990c33fc8e0\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\",\"type\":\"sum\",\"field\":\"network.packets\"},{\"id\":\"b38a1710-c902-478a-aa4d-6163ab9914bc\",\"type\":\"math\",\"variables\":[{\"id\":\"7e8ed9a1-6ac0-4ced-abce-01fc63cc629f\",\"name\":\"packets\",\"field\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\"},{\"id\":\"421e0fdf-4321-44f1-bb3e-439c1e13ed98\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"be634496-f50c-476b-b941-f643e4e5e302\",\"type\":\"sum\",\"field\":\"network.packets\"},{\"id\":\"134fb71b-1d8a-4d5a-9ffe-dff37678af17\",\"type\":\"math\",\"variables\":[{\"id\":\"1054b06c-c215-49da-a951-dd23afc642b9\",\"name\":\"packets\",\"field\":\"be634496-f50c-476b-b941-f643e4e5e302\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Servers\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\",\"terms_field\":\"server.domain\",\"terms_size\":\"25\",\"terms_order_by\":\"be634496-f50c-476b-b941-f643e4e5e302\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-ecs-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"filter\":{\"query\":\"server.domain: * \",\"language\":\"kuery\"},\"axis_min\":\"0\",\"use_kibana_indexes\":false,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"5822316f-243c-4dac-8562-9277d553352d","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,14002],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY1NzksMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"event.dataset\",\"negate\":false,\"params\":[\"ipfix\",\"netflow\"],\"type\":\"phrases\",\"value\":\"ipfix, netflow\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"event.dataset\":\"ipfix\"}},{\"match_phrase\":{\"event.dataset\":\"netflow\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"network.transport\",\"negate\":false,\"params\":{\"query\":\"udp\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"match_phrase\":{\"network.transport\":\"udp\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"source.port\",\"negate\":true,\"params\":{\"query\":\"123\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"match_phrase\":{\"source.port\":\"123\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"destination.port\",\"negate\":false,\"params\":{\"query\":\"123\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[3].meta.index\"},\"query\":{\"match_phrase\":{\"destination.port\":\"123\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): NTP Client Requests by Server - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: NTP Client Requests by Server - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"Req\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"server.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":99,\"otherBucket\":true,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"NTP Server\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"6c281561-a62f-4de5-b530-127e7000445f","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[3].meta.index","type":"index-pattern"}],"sort":[1675811601479,14008],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY1ODAsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":\"RADIUS AUTH Response\",\"disabled\":false,\"key\":\"query\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"bool\\\":{\\\"should\\\":[{\\\"match_phrase\\\":{\\\"source.port\\\":\\\"1812\\\"}},{\\\"match_phrase\\\":{\\\"source.port\\\":\\\"1645\\\"}}],\\\"minimum_should_match\\\":1}}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"source.port\":\"1812\"}},{\"match_phrase\":{\"source.port\":\"1645\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"event.dataset\",\"negate\":false,\"params\":[\"ipfix\",\"netflow\"],\"type\":\"phrases\",\"value\":\"ipfix, netflow\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"event.dataset\":\"ipfix\"}},{\"match_phrase\":{\"event.dataset\":\"netflow\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"network.transport\",\"negate\":false,\"params\":{\"query\":\"udp\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"match_phrase\":{\"network.transport\":\"udp\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): RADIUS AUTH Responses by Server - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow (flow): RADIUS AUTH Responses by Server - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"AUTH Responses\",\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":24,\"otherBucket\":true,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"RADIUS Server\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"nestedLegend\":false,\"truncateLegend\":true,\"maxLegendLines\":1,\"emptySizeRatio\":0.3,\"legendSize\":180}}"},"coreMigrationVersion":"8.2.0","id":"df36bdc2-b5ae-46ca-a42d-564ef35b749d","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index","type":"index-pattern"}],"sort":[1675811828057,15572],"type":"visualization","updated_at":"2023-02-07T23:17:08.057Z","version":"WzczMDAsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): NAV - Flows","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Flows\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"time_range_mode\":\"last_value\",\"id\":\"243e6f91-2230-4e05-bcdd-3fb4a0941bab\",\"type\":\"markdown\",\"series\":[{\"time_range_mode\":\"entire_time_range\",\"id\":\"51ea642f-d1a5-4d80-963e-5990c33fc8e0\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*-ecs-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"markdown\":\"[Overview](#/dashboard/bbed16d8-b093-43a7-906a-c540bd306de6) | [Top-N](#/dashboard/6ffd0f89-824f-480e-bac3-6208b569a7c5) | [Core Services](#/dashboard/7bba2030-1878-4d50-a9c4-21372a9a3c73) | [Threats](#/dashboard/b9f81d8f-5f4a-4396-9372-de586cd9e67c) | [**Flows**](#/dashboard/d65172bd-25ad-445d-a6d7-c8c088993cdb) | [Graph](#/dashboard/428e8b89-92d5-4e7b-a83a-8379083a0874) | [Geo IP](#/dashboard/4d2f9e68-5019-4811-a3b6-081fd79db1e1) | [AS Traffic](#/dashboard/81f1a40e-98e5-4d15-bb0f-938a495f2af1) | [Exporters](#/dashboard/14d5dd97-4807-4267-9399-b5ced2d9abbe) | [Traffic Details](#/dashboard/fc15dfee-2dc4-4370-8cac-e6f9c73bcdf2) | [Flow Records](#/dashboard/31e00644-3a1e-4e11-9256-5f35aadd077c)\\n***\",\"markdown_css\":\"p{color:#aaaaaa;margin-top:0;margin-bottom:12px} p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none} p a strong{color:#1ba9f5;font-weight:bold} hr{background-color:#aaaaaa;margin:0;height:1px} a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1,\"truncate_legend\":1,\"max_lines_legend\":1}}"},"coreMigrationVersion":"8.2.0","id":"24ef2c72-f362-48c1-9898-10ad79c2f162","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,14014],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY1ODIsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): NAV - Flows (client/server)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Flows (client/server)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"243e6f91-2230-4e05-bcdd-3fb4a0941bab\",\"type\":\"markdown\",\"series\":[{\"id\":\"51ea642f-d1a5-4d80-963e-5990c33fc8e0\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*-ecs-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"markdown\":\"[**Client/Server**](#/dashboard/d65172bd-25ad-445d-a6d7-c8c088993cdb) | [Src/Dst](#/dashboard/44e9cc46-9a3c-4ace-a3f0-8d3020ebe252) | [AS](#/dashboard/887ff20a-0f6e-4737-addb-efdafdabf5a4)\\n***\",\"markdown_css\":\"p{color:#aaaaaa;margin-top:0;margin-bottom:12px} p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none} p a strong{color:#1ba9f5;font-weight:bold} hr{background-color:#aaaaaa;margin:0;height:1px} a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"e2a03f61-b9a2-4e38-97ce-5dc0358f02a9","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,14015],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY1ODMsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Client/Server - input list","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Client/Server - input list\",\"type\":\"input_control_vis\",\"aggs\":[],\"params\":{\"controls\":[{\"id\":\"1607868729183\",\"fieldName\":\"host.name\",\"parent\":\"\",\"label\":\"Flow Exporter\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":1000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_0_index_pattern\"},{\"id\":\"1607868774014\",\"fieldName\":\"client.domain\",\"parent\":\"\",\"label\":\"Client\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":5000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_1_index_pattern\"},{\"id\":\"1607868810362\",\"fieldName\":\"server.domain\",\"parent\":\"\",\"label\":\"Server\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":5000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_2_index_pattern\"},{\"id\":\"1607868835824\",\"fieldName\":\"flow.server.l4.port.name\",\"parent\":\"\",\"label\":\"Service\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":1000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_3_index_pattern\"},{\"id\":\"1619032196248\",\"fieldName\":\"l4.session.established\",\"parent\":\"\",\"label\":\"Session Established\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":false,\"size\":3,\"order\":\"desc\"},\"indexPatternRefName\":\"control_4_index_pattern\"}],\"updateFiltersOnChange\":true,\"useTimeFilter\":true,\"pinFilters\":true}}"},"coreMigrationVersion":"8.2.0","id":"9b879173-cdea-404a-9b6a-2265262cdf8b","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"control_0_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"control_1_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"control_2_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"control_3_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"control_4_index_pattern","type":"index-pattern"}],"sort":[1675811601479,14021],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY1ODQsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Clients (bytes) - donut/left","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow (flow): Clients (bytes) - donut/left\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Bytes\",\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"client.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"left\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"nestedLegend\":false,\"truncateLegend\":true,\"maxLegendLines\":1,\"emptySizeRatio\":0.3,\"legendSize\":180}}"},"coreMigrationVersion":"8.2.0","id":"c9faee02-1364-44aa-a466-1cddb917c718","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1675811981695,15931],"type":"visualization","updated_at":"2023-02-07T23:19:41.695Z","version":"Wzc2MTksMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Flows (client/server) - Vega (sankey)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Flows (client/server) - Vega (sankey)\",\"type\":\"vega\",\"aggs\":[],\"params\":{\"spec\":\"{\\n  \\\"$schema\\\": \\\"https://vega.github.io/schema/vega/v3.0.json\\\",\\n  \\\"data\\\": [\\n    {\\n      \\\"name\\\": \\\"rawData\\\",\\n      \\\"url\\\": {\\n        \\\"%context%\\\": true,\\n        \\\"%timefield%\\\": \\\"@timestamp\\\",\\n        \\\"index\\\": \\\"elastiflow-*\\\",\\n        \\\"body\\\": {\\n          \\\"size\\\": 0,\\n          \\\"aggs\\\": {\\n            \\\"table\\\": {\\n              \\\"composite\\\": {\\n                \\\"size\\\": 1000,\\n                \\\"sources\\\": [\\n                  {\\\"stk1\\\": {\\\"terms\\\": {\\\"field\\\": \\\"client.domain\\\"}}},\\n                  {\\\"stk2\\\": {\\\"terms\\\": {\\\"field\\\": \\\"server.domain\\\"}}}\\n                ]\\n              },\\n        \\t\\t\\t\\\"aggs\\\": {\\n        \\t\\t\\t\\t\\\"bytes\\\": {\\n        \\t\\t\\t\\t\\t\\\"sum\\\": {\\n        \\t\\t\\t\\t\\t\\t\\\"field\\\": \\\"network.bytes\\\"\\n        \\t\\t\\t\\t\\t}\\n        \\t\\t\\t\\t}\\n        \\t\\t\\t}\\n            }\\n          }\\n        }\\n      },\\n      \\\"format\\\": {\\\"property\\\": \\\"aggregations.table.buckets\\\"},\\n      \\\"transform\\\": [\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.key.stk1\\\", \\\"as\\\": \\\"stk1\\\"},\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.key.stk2\\\", \\\"as\\\": \\\"stk2\\\"},\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.bytes.value\\\", \\\"as\\\": \\\"size\\\"}\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"nodes\\\",\\n      \\\"source\\\": \\\"rawData\\\",\\n      \\\"transform\\\": [\\n        {\\n          \\\"type\\\": \\\"filter\\\",\\n          \\\"expr\\\": \\\"!groupSelector || groupSelector.stk1 == datum.stk1 || groupSelector.stk2 == datum.stk2\\\"\\n        },\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.stk1+datum.stk2\\\", \\\"as\\\": \\\"key\\\"},\\n        {\\\"type\\\": \\\"fold\\\", \\\"fields\\\": [\\\"stk1\\\", \\\"stk2\\\"], \\\"as\\\": [\\\"stack\\\", \\\"grpId\\\"]},\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.stack == 'stk1' ? datum.stk1+datum.stk2 : datum.stk2+datum.stk1\\\",\\n          \\\"as\\\": \\\"sortField\\\"\\n        },\\n        {\\n          \\\"type\\\": \\\"stack\\\",\\n          \\\"groupby\\\": [\\\"stack\\\"],\\n          \\\"sort\\\": {\\\"field\\\": \\\"sortField\\\", \\\"order\\\": \\\"descending\\\"},\\n          \\\"field\\\": \\\"size\\\"\\n        },\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"(datum.y0+datum.y1)/2\\\", \\\"as\\\": \\\"yc\\\"}\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"groups\\\",\\n      \\\"source\\\": \\\"nodes\\\",\\n      \\\"transform\\\": [\\n        {\\n          \\\"type\\\": \\\"aggregate\\\",\\n          \\\"groupby\\\": [\\\"stack\\\", \\\"grpId\\\"],\\n          \\\"fields\\\": [\\\"size\\\"],\\n          \\\"ops\\\": [\\\"sum\\\"],\\n          \\\"as\\\": [\\\"total\\\"]\\n        },\\n        {\\n          \\\"type\\\": \\\"stack\\\",\\n          \\\"groupby\\\": [\\\"stack\\\"],\\n          \\\"sort\\\": {\\\"field\\\": \\\"grpId\\\", \\\"order\\\": \\\"descending\\\"},\\n          \\\"field\\\": \\\"total\\\"\\n        },\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"scale('y', datum.y0)\\\", \\\"as\\\": \\\"scaledY0\\\"},\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"scale('y', datum.y1)\\\", \\\"as\\\": \\\"scaledY1\\\"},\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.stack == 'stk1'\\\", \\\"as\\\": \\\"rightLabel\\\"},\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.total/domain('y')[1]\\\",\\n          \\\"as\\\": \\\"percentage\\\"\\n        }\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"destinationNodes\\\",\\n      \\\"source\\\": \\\"nodes\\\",\\n      \\\"transform\\\": [{\\\"type\\\": \\\"filter\\\", \\\"expr\\\": \\\"datum.stack == 'stk2'\\\"}]\\n    },\\n    {\\n      \\\"name\\\": \\\"edges\\\",\\n      \\\"source\\\": \\\"nodes\\\",\\n      \\\"transform\\\": [\\n        {\\\"type\\\": \\\"filter\\\", \\\"expr\\\": \\\"datum.stack == 'stk1'\\\"},\\n        {\\n          \\\"type\\\": \\\"lookup\\\",\\n          \\\"from\\\": \\\"destinationNodes\\\",\\n          \\\"key\\\": \\\"key\\\",\\n          \\\"fields\\\": [\\\"key\\\"],\\n          \\\"as\\\": [\\\"target\\\"]\\n        },\\n        {\\n          \\\"type\\\": \\\"linkpath\\\",\\n          \\\"orient\\\": \\\"horizontal\\\",\\n          \\\"shape\\\": \\\"diagonal\\\",\\n          \\\"sourceY\\\": {\\\"expr\\\": \\\"scale('y', datum.yc)\\\"},\\n          \\\"sourceX\\\": {\\\"expr\\\": \\\"scale('x', 'stk1') + bandwidth('x')\\\"},\\n          \\\"targetY\\\": {\\\"expr\\\": \\\"scale('y', datum.target.yc)\\\"},\\n          \\\"targetX\\\": {\\\"expr\\\": \\\"scale('x', 'stk2')\\\"}\\n        },\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"range('y')[0]-scale('y', datum.size)\\\",\\n          \\\"as\\\": \\\"strokeWidth\\\"\\n        },\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.size/domain('y')[1]\\\",\\n          \\\"as\\\": \\\"percentage\\\"\\n        }\\n      ]\\n    }\\n  ],\\n  \\\"scales\\\": [\\n    {\\n      \\\"name\\\": \\\"x\\\",\\n      \\\"type\\\": \\\"band\\\",\\n      \\\"range\\\": \\\"width\\\",\\n      \\\"domain\\\": [\\\"stk1\\\", \\\"stk2\\\"],\\n      \\\"paddingOuter\\\": 0.01,\\n      \\\"paddingInner\\\": 0.98\\n    },\\n    {\\n      \\\"name\\\": \\\"y\\\",\\n      \\\"type\\\": \\\"linear\\\",\\n      \\\"range\\\": \\\"height\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"nodes\\\", \\\"field\\\": \\\"y1\\\"}\\n    },\\n    {\\n      \\\"name\\\": \\\"color\\\",\\n      \\\"type\\\": \\\"ordinal\\\",\\n      \\\"range\\\": \\\"category\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"rawData\\\", \\\"fields\\\": [\\\"stk1\\\",\\\"stk2\\\"]}\\n    },\\n    {\\n      \\\"name\\\": \\\"stackNames\\\",\\n      \\\"type\\\": \\\"ordinal\\\",\\n      \\\"range\\\": [\\\"Client\\\", \\\"Server\\\"],\\n      \\\"domain\\\": [\\\"stk1\\\", \\\"stk2\\\"]\\n    }\\n  ],\\n  \\\"axes\\\": [\\n    {\\n      \\\"orient\\\": \\\"bottom\\\",\\n      \\\"scale\\\": \\\"x\\\",\\n      \\\"labelColor\\\": {\\n        \\\"value\\\": \\\"#444444\\\"\\n      },\\n      \\\"encode\\\": {\\n        \\\"labels\\\": {\\n          \\\"update\\\": {\\n            \\\"text\\\": {\\\"scale\\\": \\\"stackNames\\\", \\\"field\\\": \\\"value\\\"},\\n            \\\"fontSize\\\": {\\\"value\\\": 14}\\n          }\\n        }\\n      }\\n    },\\n    {\\n      \\\"orient\\\": \\\"left\\\",\\n      \\\"scale\\\": \\\"y\\\",\\n      \\\"labelColor\\\": {\\n        \\\"value\\\": \\\"#444444\\\"\\n      },\\n      \\\"encode\\\": {\\n        \\\"labels\\\": {\\n          \\\"update\\\": {\\n            \\\"text\\\": {\\\"signal\\\": \\\"format(datum.value, '.2s') + 'B'\\\"},\\n            \\\"fontSize\\\": {\\\"value\\\": 12}\\n          }\\n        }\\n      }\\n    }\\n  ],\\n  \\\"marks\\\": [\\n    {\\n      \\\"type\\\": \\\"path\\\",\\n      \\\"name\\\": \\\"edgeMark\\\",\\n      \\\"from\\\": {\\\"data\\\": \\\"edges\\\"},\\n      \\\"clip\\\": true,\\n      \\\"encode\\\": {\\n        \\\"update\\\": {\\n          \\\"stroke\\\": [\\n            {\\n              \\\"test\\\": \\\"groupSelector && groupSelector.stack=='stk1'\\\",\\n              \\\"scale\\\": \\\"color\\\",\\n              \\\"field\\\": \\\"stk2\\\"\\n            },\\n            {\\\"scale\\\": \\\"color\\\", \\\"field\\\": \\\"stk1\\\"}\\n          ],\\n          \\\"strokeWidth\\\": {\\\"field\\\": \\\"strokeWidth\\\"},\\n          \\\"path\\\": {\\\"field\\\": \\\"path\\\"},\\n          \\\"strokeOpacity\\\": {\\n            \\\"signal\\\": \\\"!groupSelector && (groupHover.stk1 == datum.stk1 || groupHover.stk2 == datum.stk2) ? 0.8 : 0.4\\\"\\n          },\\n          \\\"zindex\\\": {\\n            \\\"signal\\\": \\\"!groupSelector && (groupHover.stk1 == datum.stk1 || groupHover.stk2 == datum.stk2) ? 1 : 0\\\"\\n          },\\n          \\\"tooltip\\\": {\\n            \\\"signal\\\": \\\"datum.stk1 + ' → ' + datum.stk2 + '    ' + format(datum.size, '.2s') + 'B (' + format(datum.percentage, '.1%') + ')'\\\"\\n          }\\n        },\\n        \\\"hover\\\": {\\\"strokeOpacity\\\": {\\\"value\\\": 0.8}}\\n      }\\n    },\\n    {\\n      \\\"type\\\": \\\"rect\\\",\\n      \\\"name\\\": \\\"groupMark\\\",\\n      \\\"from\\\": {\\\"data\\\": \\\"groups\\\"},\\n      \\\"encode\\\": {\\n        \\\"enter\\\": {\\n          \\\"fill\\\": {\\\"scale\\\": \\\"color\\\", \\\"field\\\": \\\"grpId\\\"},\\n          \\\"width\\\": {\\\"scale\\\": \\\"x\\\", \\\"band\\\": 1}\\n        },\\n        \\\"update\\\": {\\n          \\\"x\\\": {\\\"scale\\\": \\\"x\\\", \\\"field\\\": \\\"stack\\\"},\\n          \\\"y\\\": {\\\"field\\\": \\\"scaledY0\\\"},\\n          \\\"y2\\\": {\\\"field\\\": \\\"scaledY1\\\"},\\n          \\\"fillOpacity\\\": {\\\"value\\\": 0.7},\\n          \\\"tooltip\\\": {\\n            \\\"signal\\\": \\\"datum.grpId + '   ' + format(datum.total, '.2s') + 'B (' + format(datum.percentage, '.1%') + ')'\\\"\\n          }\\n        },\\n        \\\"hover\\\": {\\\"fillOpacity\\\": {\\\"value\\\": 1}}\\n      }\\n    },\\n    {\\n      \\\"type\\\": \\\"text\\\",\\n      \\\"from\\\": {\\\"data\\\": \\\"groups\\\"},\\n      \\\"interactive\\\": false,\\n      \\\"encode\\\": {\\n        \\\"update\\\": {\\n          \\\"x\\\": {\\n            \\\"signal\\\": \\\"scale('x', datum.stack) + (datum.rightLabel ? bandwidth('x') + 8 : -8)\\\"\\n          },\\n          \\\"yc\\\": {\\\"signal\\\": \\\"(datum.scaledY0 + datum.scaledY1)/2\\\"},\\n          \\\"align\\\": {\\\"signal\\\": \\\"datum.rightLabel ? 'left' : 'right'\\\"},\\n          \\\"baseline\\\": {\\\"value\\\": \\\"middle\\\"},\\n          \\\"fontWeight\\\": {\\\"value\\\": \\\"bold\\\"},\\n          \\\"fontSize\\\": {\\\"value\\\": 12},\\n          \\\"fill\\\": {\\\"value\\\": \\\"#222222\\\"},\\n          \\\"text\\\": {\\n            \\\"signal\\\": \\\"abs(datum.scaledY0-datum.scaledY1) > 10 ? datum.grpId : ''\\\"\\n          }\\n        }\\n      }\\n    },\\n    {\\n      \\\"type\\\": \\\"group\\\",\\n      \\\"data\\\": [\\n        {\\n          \\\"name\\\": \\\"dataForShowAll\\\",\\n          \\\"values\\\": [{}],\\n          \\\"transform\\\": [{\\\"type\\\": \\\"filter\\\", \\\"expr\\\": \\\"groupSelector\\\"}]\\n        }\\n      ],\\n      \\\"encode\\\": {\\n        \\\"enter\\\": {\\n          \\\"xc\\\": {\\\"signal\\\": \\\"width/2\\\"},\\n          \\\"y\\\": {\\\"value\\\": 30},\\n          \\\"width\\\": {\\\"value\\\": 100},\\n          \\\"height\\\": {\\\"value\\\": 36}\\n        }\\n      },\\n      \\\"marks\\\": [\\n        {\\n          \\\"type\\\": \\\"group\\\",\\n          \\\"name\\\": \\\"groupReset\\\",\\n          \\\"from\\\": {\\\"data\\\": \\\"dataForShowAll\\\"},\\n          \\\"encode\\\": {\\n            \\\"enter\\\": {\\n              \\\"cornerRadius\\\": {\\\"value\\\": 3.5},\\n              \\\"fill\\\": {\\\"value\\\": \\\"#666666\\\"},\\n              \\\"height\\\": {\\\"field\\\": {\\\"group\\\": \\\"height\\\"}},\\n              \\\"width\\\": {\\\"field\\\": {\\\"group\\\": \\\"width\\\"}}\\n            },\\n            \\\"update\\\": {\\\"opacity\\\": {\\\"value\\\": 1}},\\n            \\\"hover\\\": {\\\"fill\\\": {\\\"value\\\": \\\"#444444\\\"}}\\n          },\\n          \\\"marks\\\": [\\n            {\\n              \\\"type\\\": \\\"text\\\",\\n              \\\"interactive\\\": false,\\n              \\\"encode\\\": {\\n                \\\"enter\\\": {\\n                  \\\"xc\\\": {\\\"field\\\": {\\\"group\\\": \\\"width\\\"}, \\\"mult\\\": 0.5},\\n                  \\\"yc\\\": {\\\"field\\\": {\\\"group\\\": \\\"height\\\"}, \\\"mult\\\": 0.5, \\\"offset\\\": 1},\\n                  \\\"align\\\": {\\\"value\\\": \\\"center\\\"},\\n                  \\\"baseline\\\": {\\\"value\\\": \\\"middle\\\"},\\n                  \\\"text\\\": {\\\"value\\\": \\\"Show All\\\"},\\n                  \\\"fontSize\\\": {\\\"value\\\": 14},\\n                  \\\"stroke\\\": {\\\"value\\\": \\\"#ecf0f1\\\"}\\n                }\\n              }\\n            }\\n          ]\\n        }\\n      ]\\n    }\\n  ],\\n  \\\"signals\\\": [\\n    {\\n      \\\"name\\\": \\\"groupHover\\\",\\n      \\\"value\\\": {},\\n      \\\"on\\\": [\\n        {\\n          \\\"events\\\": \\\"@groupMark:mouseover\\\",\\n          \\\"update\\\": \\\"{stk1:datum.stack=='stk1' && datum.grpId, stk2:datum.stack=='stk2' && datum.grpId}\\\"\\n        },\\n        {\\\"events\\\": \\\"mouseout\\\", \\\"update\\\": \\\"{}\\\"}\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"groupSelector\\\",\\n      \\\"value\\\": false,\\n      \\\"on\\\": [\\n        {\\n          \\\"events\\\": \\\"@groupMark:click!\\\",\\n          \\\"update\\\": \\\"{stack:datum.stack, stk1:datum.stack=='stk1' && datum.grpId, stk2:datum.stack=='stk2' && datum.grpId}\\\"\\n        },\\n        {\\n          \\\"events\\\": [\\n            {\\\"type\\\": \\\"click\\\", \\\"markname\\\": \\\"groupReset\\\"},\\n            {\\\"type\\\": \\\"dblclick\\\"}\\n          ],\\n          \\\"update\\\": \\\"false\\\"\\n        }\\n      ]\\n    }\\n  ]\\n}\\n\"}}"},"coreMigrationVersion":"8.2.0","id":"fb05913f-571c-4456-8195-0c84681af9f4","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,14024],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY1ODYsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Servers (bytes) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow (flow): Servers (bytes) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Bytes\",\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"server.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"nestedLegend\":false,\"truncateLegend\":true,\"maxLegendLines\":1,\"emptySizeRatio\":0.3,\"legendSize\":180}}"},"coreMigrationVersion":"8.2.0","id":"2dbe4bf7-0c71-4ecc-81cc-1a9529b8f1f0","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1675812053337,16045],"type":"visualization","updated_at":"2023-02-07T23:20:53.337Z","version":"Wzc3MzYsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Clients (packets) - donut/left","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow (flow): Clients (packets) - donut/left\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"Packets\",\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"client.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"left\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"nestedLegend\":false,\"truncateLegend\":true,\"maxLegendLines\":1,\"emptySizeRatio\":0.3,\"legendSize\":180}}"},"coreMigrationVersion":"8.2.0","id":"deecfac5-c05d-4b1f-9134-3620797ab9e9","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1675811992565,15928],"type":"visualization","updated_at":"2023-02-07T23:19:52.565Z","version":"Wzc2NDAsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Servers (packets) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow (flow): Servers (packets) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"Packets\",\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"server.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"nestedLegend\":false,\"truncateLegend\":true,\"maxLegendLines\":1,\"emptySizeRatio\":0.3,\"legendSize\":180}}"},"coreMigrationVersion":"8.2.0","id":"53b4a60b-cc19-4c26-9191-39173c2baa3a","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1675812025628,16021],"type":"visualization","updated_at":"2023-02-07T23:20:25.628Z","version":"Wzc3MTUsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Clients (flow records) - donut/left","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow (flow): Clients (flow records) - donut/left\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Records\",\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"client.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"left\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"nestedLegend\":false,\"truncateLegend\":true,\"maxLegendLines\":1,\"emptySizeRatio\":0.3,\"legendSize\":180}}"},"coreMigrationVersion":"8.2.0","id":"286ec443-660f-4ed6-be2b-a89b3f903a48","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1675812002410,15965],"type":"visualization","updated_at":"2023-02-07T23:20:02.410Z","version":"Wzc2NjksMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Servers (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow (flow): Servers (flow records) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Records\",\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"server.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"nestedLegend\":false,\"truncateLegend\":true,\"maxLegendLines\":1,\"emptySizeRatio\":0.3,\"legendSize\":180}}"},"coreMigrationVersion":"8.2.0","id":"d14228d1-9ca9-4ee0-8a4b-86546252ca7d","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1675812012878,15995],"type":"visualization","updated_at":"2023-02-07T23:20:12.878Z","version":"Wzc2OTAsMl0="}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":false}","panelsJSON":"[{\"version\":\"7.17.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":28,\"h\":4,\"i\":\"2db3628f-3c0b-473f-b634-09e5e29cbaa8\"},\"panelIndex\":\"2db3628f-3c0b-473f-b634-09e5e29cbaa8\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_2db3628f-3c0b-473f-b634-09e5e29cbaa8\"},{\"version\":\"7.17.0\",\"type\":\"visualization\",\"gridData\":{\"x\":28,\"y\":0,\"w\":15,\"h\":4,\"i\":\"db966366-99b0-4344-8260-109b32fdfb61\"},\"panelIndex\":\"db966366-99b0-4344-8260-109b32fdfb61\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_db966366-99b0-4344-8260-109b32fdfb61\"},{\"version\":\"7.17.0\",\"type\":\"visualization\",\"gridData\":{\"x\":43,\"y\":0,\"w\":5,\"h\":4,\"i\":\"fa831312-1122-4a7f-8899-2ad2ddfa1bee\"},\"panelIndex\":\"fa831312-1122-4a7f-8899-2ad2ddfa1bee\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_fa831312-1122-4a7f-8899-2ad2ddfa1bee\"},{\"version\":\"7.17.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":4,\"w\":48,\"h\":5,\"i\":\"2fc115ae-ca9c-44f1-9e63-3e346a59ebe8\"},\"panelIndex\":\"2fc115ae-ca9c-44f1-9e63-3e346a59ebe8\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_2fc115ae-ca9c-44f1-9e63-3e346a59ebe8\"},{\"version\":\"7.17.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":9,\"w\":11,\"h\":11,\"i\":\"a540ab85-7f1f-41aa-883e-2f2145313e33\"},\"panelIndex\":\"a540ab85-7f1f-41aa-883e-2f2145313e33\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{},\"vis\":{\"legendOpen\":true}},\"title\":\"Clients (bytes)\",\"panelRefName\":\"panel_a540ab85-7f1f-41aa-883e-2f2145313e33\"},{\"version\":\"7.17.0\",\"type\":\"visualization\",\"gridData\":{\"x\":11,\"y\":9,\"w\":26,\"h\":33,\"i\":\"c2f8eb0f-2a7b-4ed5-a577-deb5fc9aad0a\"},\"panelIndex\":\"c2f8eb0f-2a7b-4ed5-a577-deb5fc9aad0a\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_c2f8eb0f-2a7b-4ed5-a577-deb5fc9aad0a\"},{\"version\":\"7.17.0\",\"type\":\"visualization\",\"gridData\":{\"x\":37,\"y\":9,\"w\":11,\"h\":11,\"i\":\"1080ea5e-b2e8-46ca-92a4-61e1be926aef\"},\"panelIndex\":\"1080ea5e-b2e8-46ca-92a4-61e1be926aef\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{},\"vis\":{\"legendOpen\":true}},\"title\":\"Servers (bytes)\",\"panelRefName\":\"panel_1080ea5e-b2e8-46ca-92a4-61e1be926aef\"},{\"version\":\"7.17.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":20,\"w\":11,\"h\":11,\"i\":\"9ec4892f-402e-40d8-83d7-64aa079da88b\"},\"panelIndex\":\"9ec4892f-402e-40d8-83d7-64aa079da88b\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{},\"vis\":{\"legendOpen\":true}},\"title\":\"Clients (packets)\",\"panelRefName\":\"panel_9ec4892f-402e-40d8-83d7-64aa079da88b\"},{\"version\":\"7.17.0\",\"type\":\"visualization\",\"gridData\":{\"x\":37,\"y\":20,\"w\":11,\"h\":11,\"i\":\"7af74c62-b4f1-4082-bd89-fd61abbd2892\"},\"panelIndex\":\"7af74c62-b4f1-4082-bd89-fd61abbd2892\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{},\"vis\":{\"legendOpen\":true}},\"title\":\"Servers (packets)\",\"panelRefName\":\"panel_7af74c62-b4f1-4082-bd89-fd61abbd2892\"},{\"version\":\"7.17.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":31,\"w\":11,\"h\":11,\"i\":\"ff30d6f0-369e-4dc3-a35d-0f13a4ba4407\"},\"panelIndex\":\"ff30d6f0-369e-4dc3-a35d-0f13a4ba4407\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{},\"vis\":{\"legendOpen\":true}},\"title\":\"Clients (flow records)\",\"panelRefName\":\"panel_ff30d6f0-369e-4dc3-a35d-0f13a4ba4407\"},{\"version\":\"7.17.0\",\"type\":\"visualization\",\"gridData\":{\"x\":37,\"y\":31,\"w\":11,\"h\":11,\"i\":\"7871f9eb-8d72-4bb4-8f6b-1c620e4773dd\"},\"panelIndex\":\"7871f9eb-8d72-4bb4-8f6b-1c620e4773dd\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{},\"vis\":{\"legendOpen\":true}},\"title\":\"Servers (flow records)\",\"panelRefName\":\"panel_7871f9eb-8d72-4bb4-8f6b-1c620e4773dd\"}]","timeRestore":false,"title":"ElastiFlow (flow): Flows (client/server)","version":1},"coreMigrationVersion":"8.2.0","id":"d65172bd-25ad-445d-a6d7-c8c088993cdb","migrationVersion":{"dashboard":"8.2.0"},"references":[{"id":"24ef2c72-f362-48c1-9898-10ad79c2f162","name":"2db3628f-3c0b-473f-b634-09e5e29cbaa8:panel_2db3628f-3c0b-473f-b634-09e5e29cbaa8","type":"visualization"},{"id":"e2a03f61-b9a2-4e38-97ce-5dc0358f02a9","name":"db966366-99b0-4344-8260-109b32fdfb61:panel_db966366-99b0-4344-8260-109b32fdfb61","type":"visualization"},{"id":"b3a59822-c752-45ed-b321-fe35aa1edda7","name":"fa831312-1122-4a7f-8899-2ad2ddfa1bee:panel_fa831312-1122-4a7f-8899-2ad2ddfa1bee","type":"visualization"},{"id":"9b879173-cdea-404a-9b6a-2265262cdf8b","name":"2fc115ae-ca9c-44f1-9e63-3e346a59ebe8:panel_2fc115ae-ca9c-44f1-9e63-3e346a59ebe8","type":"visualization"},{"id":"c9faee02-1364-44aa-a466-1cddb917c718","name":"a540ab85-7f1f-41aa-883e-2f2145313e33:panel_a540ab85-7f1f-41aa-883e-2f2145313e33","type":"visualization"},{"id":"fb05913f-571c-4456-8195-0c84681af9f4","name":"c2f8eb0f-2a7b-4ed5-a577-deb5fc9aad0a:panel_c2f8eb0f-2a7b-4ed5-a577-deb5fc9aad0a","type":"visualization"},{"id":"2dbe4bf7-0c71-4ecc-81cc-1a9529b8f1f0","name":"1080ea5e-b2e8-46ca-92a4-61e1be926aef:panel_1080ea5e-b2e8-46ca-92a4-61e1be926aef","type":"visualization"},{"id":"deecfac5-c05d-4b1f-9134-3620797ab9e9","name":"9ec4892f-402e-40d8-83d7-64aa079da88b:panel_9ec4892f-402e-40d8-83d7-64aa079da88b","type":"visualization"},{"id":"53b4a60b-cc19-4c26-9191-39173c2baa3a","name":"7af74c62-b4f1-4082-bd89-fd61abbd2892:panel_7af74c62-b4f1-4082-bd89-fd61abbd2892","type":"visualization"},{"id":"286ec443-660f-4ed6-be2b-a89b3f903a48","name":"ff30d6f0-369e-4dc3-a35d-0f13a4ba4407:panel_ff30d6f0-369e-4dc3-a35d-0f13a4ba4407","type":"visualization"},{"id":"d14228d1-9ca9-4ee0-8a4b-86546252ca7d","name":"7871f9eb-8d72-4bb4-8f6b-1c620e4773dd:panel_7871f9eb-8d72-4bb4-8f6b-1c620e4773dd","type":"visualization"}],"sort":[1675811601479,14046],"type":"dashboard","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY1OTIsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Source Autonomous Systems (bytes) - donut/left","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow (flow): Source Autonomous Systems (bytes) - donut/left\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Bytes\",\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.as.label\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source AS\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"left\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"nestedLegend\":false,\"truncateLegend\":true,\"maxLegendLines\":1,\"emptySizeRatio\":0.3,\"legendSize\":180}}"},"coreMigrationVersion":"8.2.0","id":"4f125ee1-2fc4-4d97-9d35-4afdc52e0953","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1675812189057,16225],"type":"visualization","updated_at":"2023-02-07T23:23:09.057Z","version":"Wzc5MjUsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Client Cities (flow records) - donut/left","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow (flow): Client Cities (flow records) - donut/left\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Records\",\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"client.geo.city_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"City\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"left\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"nestedLegend\":false,\"truncateLegend\":true,\"maxLegendLines\":1,\"emptySizeRatio\":0.3,\"legendSize\":180}}"},"coreMigrationVersion":"8.2.0","id":"389b8364-81d4-4d7f-b2a5-b5dc2cb32c57","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1675812361423,16499],"type":"visualization","updated_at":"2023-02-07T23:26:01.423Z","version":"WzgxNjksMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): NAV - Core Services","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Core Services\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"time_range_mode\":\"last_value\",\"id\":\"243e6f91-2230-4e05-bcdd-3fb4a0941bab\",\"type\":\"markdown\",\"series\":[{\"time_range_mode\":\"entire_time_range\",\"id\":\"51ea642f-d1a5-4d80-963e-5990c33fc8e0\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*-ecs-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"markdown\":\"[Overview](#/dashboard/bbed16d8-b093-43a7-906a-c540bd306de6) | [Top-N](#/dashboard/6ffd0f89-824f-480e-bac3-6208b569a7c5) | [**Core Services**](#/dashboard/7bba2030-1878-4d50-a9c4-21372a9a3c73) | [Threats](#/dashboard/b9f81d8f-5f4a-4396-9372-de586cd9e67c) | [Flows](#/dashboard/d65172bd-25ad-445d-a6d7-c8c088993cdb) | [Graph](#/dashboard/428e8b89-92d5-4e7b-a83a-8379083a0874) | [Geo IP](#/dashboard/4d2f9e68-5019-4811-a3b6-081fd79db1e1) | [AS Traffic](#/dashboard/81f1a40e-98e5-4d15-bb0f-938a495f2af1) | [Exporters](#/dashboard/14d5dd97-4807-4267-9399-b5ced2d9abbe) | [Traffic Details](#/dashboard/fc15dfee-2dc4-4370-8cac-e6f9c73bcdf2) | [Flow Records](#/dashboard/31e00644-3a1e-4e11-9256-5f35aadd077c)\\n***\",\"markdown_css\":\"p{color:#aaaaaa;margin-top:0;margin-bottom:12px} p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none} p a strong{color:#1ba9f5;font-weight:bold} hr{background-color:#aaaaaa;margin:0;height:1px} a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1,\"truncate_legend\":1,\"max_lines_legend\":1}}"},"coreMigrationVersion":"8.2.0","id":"f86c51c3-069d-4973-8789-e15fbe01fa77","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,14051],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY1OTUsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): NAV - Core Services (LDAP)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Core Services (LDAP)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"243e6f91-2230-4e05-bcdd-3fb4a0941bab\",\"type\":\"markdown\",\"series\":[{\"id\":\"51ea642f-d1a5-4d80-963e-5990c33fc8e0\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*-ecs-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"markdown\":\"[DNS](#/dashboard/7bba2030-1878-4d50-a9c4-21372a9a3c73) | [DHCP](#/dashboard/2bed80e1-8261-4848-b58e-55e065089e12) | \\n[RADIUS](#/dashboard/e143d802-f5ae-433c-8dce-07dd5726d7e9) | \\n[**LDAP**](#/dashboard/104fd74b-929f-4d74-a9af-7a07273da4f2) | [NTP](#/dashboard/4489cb79-2538-4d11-b976-516d94999050)\\n***\",\"markdown_css\":\"p{color:#aaaaaa;margin-top:0;margin-bottom:12px} p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none} p a strong{color:#1ba9f5;font-weight:bold} hr{background-color:#aaaaaa;margin:0;height:1px} a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"4237751c-bbed-471c-933e-d6d1a13ebccc","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,14052],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY1OTYsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): LDAP Requests (packets) - TSVB (metric)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: LDAP Requests (packets) - TSVB (metric)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"243e6f91-2230-4e05-bcdd-3fb4a0941bab\",\"type\":\"metric\",\"series\":[{\"id\":\"51ea642f-d1a5-4d80-963e-5990c33fc8e0\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\",\"type\":\"sum\",\"field\":\"network.packets\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"3\",\"point_size\":\"0\",\"fill\":\"0\",\"stacked\":\"none\",\"label\":\"requests\",\"type\":\"timeseries\",\"filter\":{\"query\":\"\",\"language\":\"kuery\"}}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-ecs-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"drop_last_bucket\":1,\"background_color_rules\":[{\"id\":\"5ede7772-5bb9-4e6c-886a-346f69dc073b\"}],\"filter\":{\"query\":\"network.transport: \\\"udp\\\" AND destination.port: 389 AND (event.dataset: \\\"ipfix\\\" OR event.dataset: \\\"netflow\\\")\",\"language\":\"kuery\"},\"time_range_mode\":\"entire_time_range\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true}}"},"coreMigrationVersion":"8.2.0","id":"b1815a5a-2d9d-4357-aa18-7599b8bdd603","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,14053],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY1OTcsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): LDAP Responses (packets) - TSVB (metric)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: LDAP Responses (packets) - TSVB (metric)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"243e6f91-2230-4e05-bcdd-3fb4a0941bab\",\"type\":\"metric\",\"series\":[{\"id\":\"51ea642f-d1a5-4d80-963e-5990c33fc8e0\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\",\"type\":\"sum\",\"field\":\"network.packets\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"3\",\"point_size\":\"0\",\"fill\":\"0\",\"stacked\":\"none\",\"label\":\"responses\",\"type\":\"timeseries\",\"filter\":{\"query\":\"\",\"language\":\"kuery\"}}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-ecs-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"drop_last_bucket\":1,\"background_color_rules\":[{\"id\":\"5ede7772-5bb9-4e6c-886a-346f69dc073b\"}],\"filter\":{\"query\":\"network.transport: \\\"udp\\\" AND source.port: 389 AND (event.dataset: \\\"ipfix\\\" OR event.dataset: \\\"netflow\\\")\",\"language\":\"kuery\"},\"time_range_mode\":\"entire_time_range\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true}}"},"coreMigrationVersion":"8.2.0","id":"0461dea7-90c6-4efd-a5f4-7e0776247f91","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,14054],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY1OTgsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): LDAP Req/Resp (packets) - TSVB (line)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: LDAP Req/Resp (packets) - TSVB (line)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"time_range_mode\":\"entire_time_range\",\"id\":\"243e6f91-2230-4e05-bcdd-3fb4a0941bab\",\"type\":\"timeseries\",\"series\":[{\"id\":\"51ea642f-d1a5-4d80-963e-5990c33fc8e0\",\"color\":\"rgba(255,69,69,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\",\"type\":\"sum\",\"field\":\"network.packets\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"3\",\"point_size\":\"0\",\"fill\":\"0\",\"stacked\":\"none\",\"label\":\"requests\",\"type\":\"timeseries\",\"filter\":{\"query\":\"destination.port: 389\",\"language\":\"kuery\"}},{\"id\":\"eebf03a7-ddfb-4583-bf53-66f1908a614e\",\"color\":\"rgba(88,224,97,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"483e84a5-0810-4223-a287-f2bc89a2c4c9\",\"type\":\"sum\",\"field\":\"network.packets\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"3\",\"point_size\":\"0\",\"fill\":\"0\",\"stacked\":\"none\",\"label\":\"responses\",\"type\":\"timeseries\",\"filter\":{\"query\":\"source.port: 389\",\"language\":\"kuery\"}}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-ecs-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"drop_last_bucket\":1,\"filter\":{\"query\":\"network.transport: \\\"udp\\\" AND (event.dataset: \\\"ipfix\\\" OR event.dataset: \\\"netflow\\\")\",\"language\":\"kuery\"},\"use_kibana_indexes\":false,\"axis_min\":\"0\"}}"},"coreMigrationVersion":"8.2.0","id":"7f29e6fc-f04f-4b2b-818d-b342ab4e65bf","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,14055],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY1OTksMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"destination.port\",\"negate\":false,\"params\":{\"query\":\"389\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match_phrase\":{\"destination.port\":\"389\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"event.dataset\",\"negate\":false,\"params\":[\"ipfix\",\"netflow\"],\"type\":\"phrases\",\"value\":\"ipfix, netflow\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"event.dataset\":\"ipfix\"}},{\"match_phrase\":{\"event.dataset\":\"netflow\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"network.transport\",\"negate\":false,\"params\":{\"query\":\"udp\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"match_phrase\":{\"network.transport\":\"udp\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): LDAP Requests by Server - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow (flow): LDAP Requests by Server - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"Requests\",\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":24,\"otherBucket\":true,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"LDAP Server\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"nestedLegend\":false,\"truncateLegend\":true,\"maxLegendLines\":1,\"emptySizeRatio\":0.3,\"legendSize\":180}}"},"coreMigrationVersion":"8.2.0","id":"5ed6ff52-69a0-4e44-8625-e85ef7af86eb","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index","type":"index-pattern"}],"sort":[1675811873784,15615],"type":"visualization","updated_at":"2023-02-07T23:17:53.784Z","version":"WzczNDEsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"source.port\",\"negate\":false,\"params\":{\"query\":\"389\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match_phrase\":{\"source.port\":\"389\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"event.dataset\",\"negate\":false,\"params\":[\"ipfix\",\"netflow\"],\"type\":\"phrases\",\"value\":\"ipfix, netflow\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"event.dataset\":\"ipfix\"}},{\"match_phrase\":{\"event.dataset\":\"netflow\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"network.transport\",\"negate\":false,\"params\":{\"query\":\"udp\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"match_phrase\":{\"network.transport\":\"udp\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): LDAP Responses by Server - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow (flow): LDAP Responses by Server - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"Requests\",\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":24,\"otherBucket\":true,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"LDAP Server\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"nestedLegend\":false,\"truncateLegend\":true,\"maxLegendLines\":1,\"emptySizeRatio\":0.3,\"legendSize\":180}}"},"coreMigrationVersion":"8.2.0","id":"711d3d09-08d7-4074-b162-68d0a8aa22ed","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index","type":"index-pattern"}],"sort":[1675811886487,15656],"type":"visualization","updated_at":"2023-02-07T23:18:06.487Z","version":"WzczNjQsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"event.dataset\",\"negate\":false,\"params\":[\"ipfix\",\"netflow\"],\"type\":\"phrases\",\"value\":\"ipfix, netflow\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"event.dataset\":\"ipfix\"}},{\"match_phrase\":{\"event.dataset\":\"netflow\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"destination.port\",\"negate\":false,\"params\":{\"query\":\"389\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"match_phrase\":{\"destination.port\":\"389\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"network.transport\",\"negate\":false,\"params\":{\"query\":\"udp\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"match_phrase\":{\"network.transport\":\"udp\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): LDAP Requests by Server - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: LDAP Requests by Server - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"Requests\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":99,\"otherBucket\":true,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"LDAP Server\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"7ebfc223-ef9b-4d80-9694-bb522ef84c2d","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index","type":"index-pattern"}],"sort":[1675811601479,14070],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY2MDIsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"event.dataset\",\"negate\":false,\"params\":[\"ipfix\",\"netflow\"],\"type\":\"phrases\",\"value\":\"ipfix, netflow\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"event.dataset\":\"ipfix\"}},{\"match_phrase\":{\"event.dataset\":\"netflow\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"source.port\",\"negate\":false,\"params\":{\"query\":\"389\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"match_phrase\":{\"source.port\":\"389\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"network.transport\",\"negate\":false,\"params\":{\"query\":\"udp\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"match_phrase\":{\"network.transport\":\"udp\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): LDAP Responses by Server - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: LDAP Responses by Server - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"Responses\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":99,\"otherBucket\":true,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"LDAP Server\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"33c4568a-7764-4dab-88b8-4597eb2f508a","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index","type":"index-pattern"}],"sort":[1675811601479,14075],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY2MDMsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"event.dataset\",\"negate\":false,\"params\":[\"ipfix\",\"netflow\"],\"type\":\"phrases\",\"value\":\"ipfix, netflow\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"event.dataset\":\"ipfix\"}},{\"match_phrase\":{\"event.dataset\":\"netflow\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"destination.port\",\"negate\":false,\"params\":{\"query\":\"389\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"match_phrase\":{\"destination.port\":\"389\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"network.transport\",\"negate\":false,\"params\":{\"query\":\"udp\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"match_phrase\":{\"network.transport\":\"udp\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): LDAP Requests by Client - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: LDAP Requests by Client - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"Requests\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":99,\"otherBucket\":true,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"16ced704-aa20-4319-b1d8-a3c7bc8c6ca1","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index","type":"index-pattern"}],"sort":[1675811601479,14080],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY2MDQsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"event.dataset\",\"negate\":false,\"params\":[\"ipfix\",\"netflow\"],\"type\":\"phrases\",\"value\":\"ipfix, netflow\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"event.dataset\":\"ipfix\"}},{\"match_phrase\":{\"event.dataset\":\"netflow\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"source.port\",\"negate\":false,\"params\":{\"query\":\"389\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"match_phrase\":{\"source.port\":\"389\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"network.transport\",\"negate\":false,\"params\":{\"query\":\"udp\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"match_phrase\":{\"network.transport\":\"udp\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): LDAP Responses by Client - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: LDAP Responses by Client - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"Responses\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":99,\"otherBucket\":true,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"211b5b08-3693-4206-a7b8-64a98e6a6cfb","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index","type":"index-pattern"}],"sort":[1675811601479,14085],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY2MDUsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"event.dataset\",\"negate\":false,\"params\":[\"ipfix\",\"netflow\"],\"type\":\"phrases\",\"value\":\"ipfix, netflow\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"event.dataset\":\"ipfix\"}},{\"match_phrase\":{\"event.dataset\":\"netflow\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":\"LDAP\",\"disabled\":false,\"key\":\"query\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"bool\\\":{\\\"minimum_should_match\\\":1,\\\"should\\\":[{\\\"match_phrase\\\":{\\\"source.port\\\":389}},{\\\"match_phrase\\\":{\\\"destination.port\\\":389}}]}}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"source.port\":389}},{\"match_phrase\":{\"destination.port\":389}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"network.transport\",\"negate\":false,\"params\":{\"query\":\"udp\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"match_phrase\":{\"network.transport\":\"udp\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): LDAP Messages by Exporter - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: LDAP Messages by Exporter - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"Messages\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":99,\"otherBucket\":true,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Flow Exporter\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"704d5bdd-f68b-41bf-9eda-6ed2e5cd5ab6","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index","type":"index-pattern"}],"sort":[1675811601479,14090],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY2MDYsMl0="}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":false}","panelsJSON":"[{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":28,\"h\":4,\"i\":\"adbc3d93-667c-4e3a-b541-2aa499025164\"},\"panelIndex\":\"adbc3d93-667c-4e3a-b541-2aa499025164\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_adbc3d93-667c-4e3a-b541-2aa499025164\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":28,\"y\":0,\"w\":15,\"h\":4,\"i\":\"ec61045d-3ada-4ee0-b2e4-96767cab23a7\"},\"panelIndex\":\"ec61045d-3ada-4ee0-b2e4-96767cab23a7\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_ec61045d-3ada-4ee0-b2e4-96767cab23a7\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":43,\"y\":0,\"w\":5,\"h\":4,\"i\":\"28249447-0b83-47e6-bbdf-0d12e957777d\"},\"panelIndex\":\"28249447-0b83-47e6-bbdf-0d12e957777d\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_28249447-0b83-47e6-bbdf-0d12e957777d\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":4,\"w\":9,\"h\":5,\"i\":\"adb45c24-e1e8-4090-8187-d8d05fb391f2\"},\"panelIndex\":\"adb45c24-e1e8-4090-8187-d8d05fb391f2\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_adb45c24-e1e8-4090-8187-d8d05fb391f2\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":9,\"y\":4,\"w\":9,\"h\":5,\"i\":\"2e4ab207-6761-4ba5-8084-12bf6eba2f35\"},\"panelIndex\":\"2e4ab207-6761-4ba5-8084-12bf6eba2f35\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_2e4ab207-6761-4ba5-8084-12bf6eba2f35\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":18,\"y\":4,\"w\":30,\"h\":14,\"i\":\"54afbc4b-12b6-4e75-b1ab-dc4e902fb1b7\"},\"panelIndex\":\"54afbc4b-12b6-4e75-b1ab-dc4e902fb1b7\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_54afbc4b-12b6-4e75-b1ab-dc4e902fb1b7\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":9,\"w\":9,\"h\":9,\"i\":\"5daecdfa-b6db-4f00-9770-6d5f4724d687\"},\"panelIndex\":\"5daecdfa-b6db-4f00-9770-6d5f4724d687\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_5daecdfa-b6db-4f00-9770-6d5f4724d687\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":9,\"y\":9,\"w\":9,\"h\":9,\"i\":\"7b40de91-7e96-4d93-8bdc-048cb5dda908\"},\"panelIndex\":\"7b40de91-7e96-4d93-8bdc-048cb5dda908\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_7b40de91-7e96-4d93-8bdc-048cb5dda908\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":18,\"w\":9,\"h\":23,\"i\":\"0fab30c3-4574-4c95-83b8-712c0b81e28e\"},\"panelIndex\":\"0fab30c3-4574-4c95-83b8-712c0b81e28e\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_0fab30c3-4574-4c95-83b8-712c0b81e28e\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":9,\"y\":18,\"w\":9,\"h\":23,\"i\":\"17368827-ad35-41af-b038-adbe112a651c\"},\"panelIndex\":\"17368827-ad35-41af-b038-adbe112a651c\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_17368827-ad35-41af-b038-adbe112a651c\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":18,\"y\":18,\"w\":10,\"h\":23,\"i\":\"2508dccf-f27e-4f3a-adb9-606aa3b5db42\"},\"panelIndex\":\"2508dccf-f27e-4f3a-adb9-606aa3b5db42\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_2508dccf-f27e-4f3a-adb9-606aa3b5db42\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":28,\"y\":18,\"w\":10,\"h\":23,\"i\":\"ecd74ac0-0fca-4251-86c9-14563136b086\"},\"panelIndex\":\"ecd74ac0-0fca-4251-86c9-14563136b086\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_ecd74ac0-0fca-4251-86c9-14563136b086\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":38,\"y\":18,\"w\":10,\"h\":23,\"i\":\"a1e0b765-050f-42bc-9282-b87314d74c08\"},\"panelIndex\":\"a1e0b765-050f-42bc-9282-b87314d74c08\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_a1e0b765-050f-42bc-9282-b87314d74c08\"}]","timeRestore":false,"title":"ElastiFlow (flow): Core Services (LDAP)","version":1},"coreMigrationVersion":"8.2.0","id":"104fd74b-929f-4d74-a9af-7a07273da4f2","migrationVersion":{"dashboard":"8.2.0"},"references":[{"id":"f86c51c3-069d-4973-8789-e15fbe01fa77","name":"adbc3d93-667c-4e3a-b541-2aa499025164:panel_adbc3d93-667c-4e3a-b541-2aa499025164","type":"visualization"},{"id":"4237751c-bbed-471c-933e-d6d1a13ebccc","name":"ec61045d-3ada-4ee0-b2e4-96767cab23a7:panel_ec61045d-3ada-4ee0-b2e4-96767cab23a7","type":"visualization"},{"id":"b3a59822-c752-45ed-b321-fe35aa1edda7","name":"28249447-0b83-47e6-bbdf-0d12e957777d:panel_28249447-0b83-47e6-bbdf-0d12e957777d","type":"visualization"},{"id":"b1815a5a-2d9d-4357-aa18-7599b8bdd603","name":"adb45c24-e1e8-4090-8187-d8d05fb391f2:panel_adb45c24-e1e8-4090-8187-d8d05fb391f2","type":"visualization"},{"id":"0461dea7-90c6-4efd-a5f4-7e0776247f91","name":"2e4ab207-6761-4ba5-8084-12bf6eba2f35:panel_2e4ab207-6761-4ba5-8084-12bf6eba2f35","type":"visualization"},{"id":"7f29e6fc-f04f-4b2b-818d-b342ab4e65bf","name":"54afbc4b-12b6-4e75-b1ab-dc4e902fb1b7:panel_54afbc4b-12b6-4e75-b1ab-dc4e902fb1b7","type":"visualization"},{"id":"5ed6ff52-69a0-4e44-8625-e85ef7af86eb","name":"5daecdfa-b6db-4f00-9770-6d5f4724d687:panel_5daecdfa-b6db-4f00-9770-6d5f4724d687","type":"visualization"},{"id":"711d3d09-08d7-4074-b162-68d0a8aa22ed","name":"7b40de91-7e96-4d93-8bdc-048cb5dda908:panel_7b40de91-7e96-4d93-8bdc-048cb5dda908","type":"visualization"},{"id":"7ebfc223-ef9b-4d80-9694-bb522ef84c2d","name":"0fab30c3-4574-4c95-83b8-712c0b81e28e:panel_0fab30c3-4574-4c95-83b8-712c0b81e28e","type":"visualization"},{"id":"33c4568a-7764-4dab-88b8-4597eb2f508a","name":"17368827-ad35-41af-b038-adbe112a651c:panel_17368827-ad35-41af-b038-adbe112a651c","type":"visualization"},{"id":"16ced704-aa20-4319-b1d8-a3c7bc8c6ca1","name":"2508dccf-f27e-4f3a-adb9-606aa3b5db42:panel_2508dccf-f27e-4f3a-adb9-606aa3b5db42","type":"visualization"},{"id":"211b5b08-3693-4206-a7b8-64a98e6a6cfb","name":"ecd74ac0-0fca-4251-86c9-14563136b086:panel_ecd74ac0-0fca-4251-86c9-14563136b086","type":"visualization"},{"id":"704d5bdd-f68b-41bf-9eda-6ed2e5cd5ab6","name":"a1e0b765-050f-42bc-9282-b87314d74c08:panel_a1e0b765-050f-42bc-9282-b87314d74c08","type":"visualization"}],"sort":[1675811601479,14104],"type":"dashboard","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY2MDcsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): NAV - Graph","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Graph\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"time_range_mode\":\"last_value\",\"id\":\"243e6f91-2230-4e05-bcdd-3fb4a0941bab\",\"type\":\"markdown\",\"series\":[{\"time_range_mode\":\"entire_time_range\",\"id\":\"51ea642f-d1a5-4d80-963e-5990c33fc8e0\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*-ecs-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"markdown\":\"[Overview](#/dashboard/bbed16d8-b093-43a7-906a-c540bd306de6) | [Top-N](#/dashboard/6ffd0f89-824f-480e-bac3-6208b569a7c5) | [Core Services](#/dashboard/7bba2030-1878-4d50-a9c4-21372a9a3c73) | [Threats](#/dashboard/b9f81d8f-5f4a-4396-9372-de586cd9e67c) | [Flows](#/dashboard/d65172bd-25ad-445d-a6d7-c8c088993cdb) | [**Graph**](#/dashboard/428e8b89-92d5-4e7b-a83a-8379083a0874) | [Geo IP](#/dashboard/4d2f9e68-5019-4811-a3b6-081fd79db1e1) | [AS Traffic](#/dashboard/81f1a40e-98e5-4d15-bb0f-938a495f2af1) | [Exporters](#/dashboard/14d5dd97-4807-4267-9399-b5ced2d9abbe) | [Traffic Details](#/dashboard/fc15dfee-2dc4-4370-8cac-e6f9c73bcdf2) | [Flow Records](#/dashboard/31e00644-3a1e-4e11-9256-5f35aadd077c)\\n***\",\"markdown_css\":\"p{color:#aaaaaa;margin-top:0;margin-bottom:12px} p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none} p a strong{color:#1ba9f5;font-weight:bold} hr{background-color:#aaaaaa;margin:0;height:1px} a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1,\"truncate_legend\":1,\"max_lines_legend\":1}}"},"coreMigrationVersion":"8.2.0","id":"392d40dc-85b5-41d8-a730-97bba5aec226","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,14105],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY2MDgsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Throughput/Server AS (bits/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/Server AS (bits/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"243e6f91-2230-4e05-bcdd-3fb4a0941bab\",\"type\":\"timeseries\",\"series\":[{\"id\":\"51ea642f-d1a5-4d80-963e-5990c33fc8e0\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\",\"type\":\"sum\",\"field\":\"network.bytes\"},{\"id\":\"6a8fef1c-81ba-4dc7-9707-418a50286686\",\"type\":\"calculation\",\"variables\":[{\"id\":\"99002288-db72-4bdf-a45f-ab3f6fd9def5\",\"name\":\"bytes\",\"field\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\"},{\"id\":\"421e0fdf-4321-44f1-bb3e-439c1e13ed98\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"be634496-f50c-476b-b941-f643e4e5e302\",\"type\":\"sum\",\"field\":\"network.bytes\"},{\"id\":\"ad71e075-6b32-48d3-9166-56de5602e828\",\"type\":\"calculation\",\"variables\":[{\"id\":\"6444c352-97d0-411f-a9cb-84d693544965\",\"name\":\"bytes\",\"field\":\"be634496-f50c-476b-b941-f643e4e5e302\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Autonomous Systems\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\",\"terms_field\":\"flow.server.as.label\",\"terms_size\":\"25\",\"terms_order_by\":\"be634496-f50c-476b-b941-f643e4e5e302\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-ecs-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"filter\":{\"query\":\"flow.server.as.label : * \",\"language\":\"kuery\"},\"axis_min\":\"0\",\"use_kibana_indexes\":false,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"298f1fe8-9eb7-4fd8-885d-1309f4197a8a","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,14106],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY2MDksMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"term\":{\"network.transport\":\"tcp\"}},{\"term\":{\"server.as.organization.name\":\"PRIVATE\"}},{\"term\":{\"client.as.organization.name\":\"PRIVATE\"}}]},\"meta\":{\"alias\":\"TCP Private\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"term\\\":{\\\"network.transport\\\":\\\"tcp\\\"}},{\\\"term\\\":{\\\"server.as.organization.name\\\":\\\"PRIVATE\\\"}},{\\\"term\\\":{\\\"client.as.organization.name\\\":\\\"PRIVATE\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): TCP Clients (Private) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: TCP Clients (Private) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"client.ip\",\"customLabel\":\"Clients\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"server.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.server.l4.port.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Bytes\"},\"schema\":\"metric\"},{\"id\":\"6\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"Packets\"},\"schema\":\"metric\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"90b30f77-8565-4c01-89d9-b8849ddbe6b7","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1675811601479,14109],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY2MTAsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Clients (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow (flow): Clients (flow records) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Records\",\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"client.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"nestedLegend\":false,\"truncateLegend\":true,\"maxLegendLines\":1,\"emptySizeRatio\":0.3,\"legendSize\":180}}"},"coreMigrationVersion":"8.2.0","id":"b39062a4-35b6-426f-b026-927bed96b0a2","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1675812865264,17384],"type":"visualization","updated_at":"2023-02-07T23:34:25.264Z","version":"WzkwNzgsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"term\":{\"network.transport\":\"udp\"}},{\"terms\":{\"source.port\":[17,19,53,69,111,123,137,161,389,520,751,1434,1645,1646,1812,1813,1900,3702,5093,5353,11211,27015,27960]}}],\"must_not\":[{\"term\":{\"destination.as.organization.name\":\"PRIVATE\"}},{\"term\":{\"source.as.organization.name\":\"PRIVATE\"}}]},\"meta\":{\"alias\":\"UDP Edge\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"term\\\":{\\\"network.transport\\\":\\\"udp\\\"}},{\\\"terms\\\":{\\\"source.port\\\":[17,19,53,69,111,123,137,161,389,520,751,1434,1645,1646,1812,1813,1900,3702,5093,5353,11211,27015,27960]}}],\\\"must_not\\\":[{\\\"term\\\":{\\\"destination.as.organization.name\\\":\\\"PRIVATE\\\"}},{\\\"term\\\":{\\\"source.as.organization.name\\\":\\\"PRIVATE\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): UDP Amplification Sources (Edge) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: UDP Amplification Sources (Edge) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"source.ip\",\"customLabel\":\"Sources\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.l4.port.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"1cf61f34-d151-47a5-a2df-0500a3d9f34e","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1675811601479,14114],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY2MTIsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"terms\":{\"event.dataset\":[\"netflow\",\"ipfix\"]}},{\"term\":{\"tcp.flags.bits\":2}},{\"term\":{\"destination.as.organization.name\":\"PRIVATE\"}}],\"must_not\":[{\"term\":{\"source.as.organization.name\":\"PRIVATE\"}}]},\"meta\":{\"alias\":\"SYN-only Inbound\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"terms\\\":{\\\"event.dataset\\\":[\\\"netflow\\\",\\\"ipfix\\\"]}},{\\\"term\\\":{\\\"tcp.flags.bits\\\":2}},{\\\"term\\\":{\\\"destination.as.organization.name\\\":\\\"PRIVATE\\\"}}],\\\"must_not\\\":[{\\\"term\\\":{\\\"source.as.organization.name\\\":\\\"PRIVATE\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): TCP SYN-only Sources (Inbound) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: TCP SYN-only Sources (Inbound) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"source.ip\",\"customLabel\":\"Sources\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.l4.port.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"c6325d25-8726-44ec-a9a4-a962aa7ca9b7","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1675811601479,14117],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY2MTMsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): NAV - Top-N (conversations)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Top-N (conversations)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"243e6f91-2230-4e05-bcdd-3fb4a0941bab\",\"type\":\"markdown\",\"series\":[{\"id\":\"51ea642f-d1a5-4d80-963e-5990c33fc8e0\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*-ecs-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"markdown\":\"[Talkers](#/dashboard/6ffd0f89-824f-480e-bac3-6208b569a7c5) |  [Services](#/dashboard/4b514334-15d6-4a15-a521-10b66d5fdab9) | [Apps](#/dashboard/b6e50103-6736-40f4-9041-5a9409feeae0) | [**Conversations**](#/dashboard/a3998237-07ba-4b06-bd44-2d0004b405ca)\\n***\",\"markdown_css\":\"p{color:#aaaaaa;margin-top:0;margin-bottom:12px} p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none} p a strong{color:#1ba9f5;font-weight:bold} hr{background-color:#aaaaaa;margin:0;height:1px} a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"3817ecad-b614-4b1a-8b55-1f49a307ead5","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,14118],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY2MTQsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): ICMP Destinations from Private IP - metric","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: ICMP Destinations from Private IP - metric\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"value\":0,\"id\":\"3374bc0c-cb5c-4fce-943a-f37049156236\",\"background_color\":\"rgba(204,204,204,1)\",\"operator\":\"gte\"},{\"value\":50,\"id\":\"c17422fd-f5ec-4ec6-b841-adaaa6a32d63\",\"background_color\":\"rgba(68,170,255,1)\",\"operator\":\"gte\"},{\"value\":500,\"id\":\"f581ce81-0463-4201-b122-a3d34fc5bee2\",\"background_color\":\"rgba(255,136,0,1)\",\"operator\":\"gte\"},{\"value\":5000,\"id\":\"0e11ceff-5cde-4958-a909-1a417e4c0e46\",\"background_color\":\"rgba(221,0,0,1)\",\"operator\":\"gte\"},{\"value\":null,\"id\":\"15b1fd7e-aa75-423f-a7e1-e8093e5c49cd\",\"background_color\":\"rgba(204,204,204,1)\",\"operator\":\"empty\"}],\"filter\":{\"query\":\"network.transport: (\\\"icmp\\\" OR \\\"ipv6-icmp\\\") AND (source.as.organization.name: \\\"PRIVATE\\\" AND destination.as.organization.name: \\\"PRIVATE\\\")\",\"language\":\"kuery\"},\"id\":\"243e6f91-2230-4e05-bcdd-3fb4a0941bab\",\"index_pattern\":\"elastiflow-flow-ecs-*\",\"interval\":\"\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"number\",\"id\":\"51ea642f-d1a5-4d80-963e-5990c33fc8e0\",\"label\":\"ICMP Destinations (Private)\",\"line_width\":1,\"metrics\":[{\"id\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\",\"type\":\"cardinality\",\"field\":\"destination.ip\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"kibana\",\"split_mode\":\"everything\",\"stacked\":\"none\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"time_range_mode\":\"entire_time_range\",\"tooltip_mode\":\"show_all\",\"type\":\"metric\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"72368579-3acb-4691-9786-3babcc52d016","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,14119],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY2MTUsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"event.dataset\",\"negate\":false,\"params\":[\"ipfix\",\"netflow\"],\"type\":\"phrases\",\"value\":\"ipfix, netflow\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"event.dataset\":\"ipfix\"}},{\"match_phrase\":{\"event.dataset\":\"netflow\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":\"RADIUS\",\"disabled\":false,\"key\":\"query\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"bool\\\":{\\\"minimum_should_match\\\":1,\\\"should\\\":[{\\\"match_phrase\\\":{\\\"source.port\\\":1812}},{\\\"match_phrase\\\":{\\\"destination.port\\\":1812}},{\\\"match_phrase\\\":{\\\"source.port\\\":1645}},{\\\"match_phrase\\\":{\\\"destination.port\\\":1645}}]}}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"source.port\":1812}},{\"match_phrase\":{\"destination.port\":1812}},{\"match_phrase\":{\"source.port\":1645}},{\"match_phrase\":{\"destination.port\":1645}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"network.transport\",\"negate\":false,\"params\":{\"query\":\"udp\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"match_phrase\":{\"network.transport\":\"udp\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): RADIUS AUTH Messages by Exporter - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: RADIUS AUTH Messages by Exporter - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"AUTH Messages\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":99,\"otherBucket\":true,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Flow Exporter\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"5c601c17-60bb-45a3-be49-081bb3840782","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index","type":"index-pattern"}],"sort":[1675811601479,14124],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY2MTYsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Source Autonomous Systems (packets) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Source Autonomous Systems (packets) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"Packets\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.as.label\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source AS\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\"}}"},"coreMigrationVersion":"8.2.0","id":"a38a434e-cbe6-4c33-9838-1623e45b1e6e","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1675811601479,14126],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY2MTcsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"terms\":{\"destination.port\":[22,23,1494,3389]}},{\"range\":{\"destination.port\":{\"gte\":\"5900\",\"lte\":\"5904\"}}}]}},{\"term\":{\"source.as.organization.name\":\"PRIVATE\"}}],\"must_not\":[{\"term\":{\"destination.as.organization.name\":\"PRIVATE\"}},{\"terms\":{\"source.port\":[53,123,80,443,25,465,110,195,143,993]}}]},\"meta\":{\"alias\":\"Brute Force Outbound\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"bool\\\":{\\\"should\\\":[{\\\"terms\\\":{\\\"destination.port\\\":[22,23,1494,3389]}},{\\\"range\\\":{\\\"destination.port\\\":{\\\"gte\\\":\\\"5900\\\",\\\"lte\\\":\\\"5904\\\"}}}],\\\"minimum_should_match\\\":1}},{\\\"term\\\":{\\\"source.as.organization.name\\\":\\\"PRIVATE\\\"}}],\\\"must_not\\\":[{\\\"term\\\":{\\\"destination.as.organization.name\\\":\\\"PRIVATE\\\"}},{\\\"terms\\\":{\\\"source.port\\\":[53,123,80,443,25,465,110,195,143,993]}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Brute Force Sessions (Outbound) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: Brute Force Sessions (Outbound) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"source.port\",\"customLabel\":\"Sessions\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.l4.port.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"3a105321-ee8e-44c7-8284-82cc41554b14","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1675811601479,14129],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY2MTgsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): NAV - Flows (src/dst)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Flows (src/dst)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"243e6f91-2230-4e05-bcdd-3fb4a0941bab\",\"type\":\"markdown\",\"series\":[{\"id\":\"51ea642f-d1a5-4d80-963e-5990c33fc8e0\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*-ecs-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"markdown\":\"[Client/Server](#/dashboard/d65172bd-25ad-445d-a6d7-c8c088993cdb) | [**Src/Dst**](#/dashboard/44e9cc46-9a3c-4ace-a3f0-8d3020ebe252) | [AS](#/dashboard/887ff20a-0f6e-4737-addb-efdafdabf5a4)\\n***\",\"markdown_css\":\"p{color:#aaaaaa;margin-top:0;margin-bottom:12px} p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none} p a strong{color:#1ba9f5;font-weight:bold} hr{background-color:#aaaaaa;margin:0;height:1px} a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"8136a4d4-c11a-4ae0-b4c1-daad8d2d8c6d","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,14130],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY2MTksMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Flow Exporters - input list","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Flow Exporters - input list\",\"type\":\"input_control_vis\",\"aggs\":[],\"params\":{\"controls\":[{\"id\":\"1607868774014\",\"fieldName\":\"flow.export.version.name\",\"parent\":\"\",\"label\":\"Flow Type\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":false,\"size\":50,\"order\":\"desc\"},\"indexPatternRefName\":\"control_0_index_pattern\"},{\"id\":\"1607868729183\",\"fieldName\":\"host.name\",\"parent\":\"\",\"label\":\"Flow Exporter\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":1000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_1_index_pattern\"}],\"updateFiltersOnChange\":true,\"useTimeFilter\":true,\"pinFilters\":true}}"},"coreMigrationVersion":"8.2.0","id":"70a63cdd-09c3-4901-8d50-81ee290b56a4","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"control_0_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"control_1_index_pattern","type":"index-pattern"}],"sort":[1675811601479,14133],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY2MjAsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"terms\":{\"network.transport\":[\"icmp\",\"ipv6-icmp\"]}},{\"term\":{\"icmp.type.name\":\"Echo\"}}],\"must_not\":[{\"term\":{\"destination.as.organization.name\":\"PRIVATE\"}},{\"term\":{\"source.as.organization.name\":\"PRIVATE\"}}]},\"meta\":{\"alias\":\"ICMP Echo Edge\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"terms\\\":{\\\"network.transport\\\":[\\\"icmp\\\",\\\"ipv6-icmp\\\"]}},{\\\"term\\\":{\\\"icmp.type.name\\\":\\\"Echo\\\"}}],\\\"must_not\\\":[{\\\"term\\\":{\\\"destination.as.organization.name\\\":\\\"PRIVATE\\\"}},{\\\"term\\\":{\\\"source.as.organization.name\\\":\\\"PRIVATE\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): ICMP Echo (Edge) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: ICMP Echo (Edge) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"destination.ip\",\"customLabel\":\"Pinged IPs\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"7cd3ae03-0acf-465f-aa0f-7f382b0aac81","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1675811601479,14136],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY2MjEsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Observed Traffic (flow records/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Observed Traffic (flow records/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"243e6f91-2230-4e05-bcdd-3fb4a0941bab\",\"type\":\"timeseries\",\"series\":[{\"id\":\"51ea642f-d1a5-4d80-963e-5990c33fc8e0\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\",\"type\":\"count\",\"field\":\"network.bytes\"},{\"id\":\"6b73172a-9e37-410c-84d1-b838e9499176\",\"type\":\"calculation\",\"variables\":[{\"id\":\"07a0da05-9ac5-498b-87e3-8afe4ce6cad0\",\"name\":\"count\",\"field\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\"}],\"script\":\"params.count / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Flow Records\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\"},{\"id\":\"421e0fdf-4321-44f1-bb3e-439c1e13ed98\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"be634496-f50c-476b-b941-f643e4e5e302\",\"type\":\"count\",\"field\":\"network.bytes\"},{\"id\":\"206840c1-7f64-4f3e-8186-5b02cb583165\",\"type\":\"calculation\",\"variables\":[{\"id\":\"b869fb6c-f920-407c-86f6-e403fc694aab\",\"name\":\"count\",\"field\":\"be634496-f50c-476b-b941-f643e4e5e302\"}],\"script\":\"params.count / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Exporters\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\",\"terms_field\":\"host.name\",\"terms_size\":\"25\",\"terms_order_by\":\"be634496-f50c-476b-b941-f643e4e5e302\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-ecs-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"filter\":{\"query\":\"host.name: * \",\"language\":\"kuery\"},\"axis_min\":\"0\",\"use_kibana_indexes\":false,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"3ce639bc-8a62-4804-8b6e-741b0b9d125d","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,14137],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY2MjIsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): NAV - Graph (client/server)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Graph (client/server)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"time_range_mode\":\"last_value\",\"id\":\"243e6f91-2230-4e05-bcdd-3fb4a0941bab\",\"type\":\"markdown\",\"series\":[{\"time_range_mode\":\"entire_time_range\",\"id\":\"51ea642f-d1a5-4d80-963e-5990c33fc8e0\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*-ecs-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"markdown\":\"[**Client/Server**](#/dashboard/428e8b89-92d5-4e7b-a83a-8379083a0874) | [Src/Dst](#/dashboard/2f0a86fc-9e3d-4916-b4f0-921e77871f31) | [AS](#/dashboard/cfe94c44-f8bd-4770-99ab-7f482ecda3a5)\\n***\",\"markdown_css\":\"p{color:#aaaaaa;margin-top:0;margin-bottom:12px} p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none} p a strong{color:#1ba9f5;font-weight:bold} hr{background-color:#aaaaaa;margin:0;height:1px} a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1,\"truncate_legend\":1,\"max_lines_legend\":1}}"},"coreMigrationVersion":"8.2.0","id":"99bb02dd-48ff-42e4-a2f2-7ff0d44a9138","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,14138],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY2MjMsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): NAV - Traffic Details (attributes)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Traffic Details (attributes)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"243e6f91-2230-4e05-bcdd-3fb4a0941bab\",\"type\":\"markdown\",\"series\":[{\"id\":\"51ea642f-d1a5-4d80-963e-5990c33fc8e0\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*-ecs-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"markdown\":\"[**Attributes**](#/dashboard/fc15dfee-2dc4-4370-8cac-e6f9c73bcdf2) | [Types](#/dashboard/6e0aaa1b-5b37-44e7-8034-7a5cbd14023b) | [Locality](#/dashboard/52ec57df-2a74-488f-afc2-ccbcf5c70918)\\n***\",\"markdown_css\":\"p{color:#aaaaaa;margin-top:0;margin-bottom:12px} p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none} p a strong{color:#1ba9f5;font-weight:bold} hr{background-color:#aaaaaa;margin:0;height:1px} a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"811b144a-d930-4e18-ab04-2dbb16ae9b8a","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,14139],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY2MjQsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Src/Dst Autonomous Systems - input list","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Src/Dst Autonomous Systems - input list\",\"type\":\"input_control_vis\",\"aggs\":[],\"params\":{\"controls\":[{\"id\":\"1607868729183\",\"fieldName\":\"host.name\",\"parent\":\"\",\"label\":\"Flow Exporter\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":1000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_0_index_pattern\"},{\"id\":\"1607868774014\",\"fieldName\":\"flow.src.as.label\",\"parent\":\"\",\"label\":\"Source AS\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":5000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_1_index_pattern\"},{\"id\":\"1607868810362\",\"fieldName\":\"flow.dst.as.label\",\"parent\":\"\",\"label\":\"Destination AS\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":5000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_2_index_pattern\"},{\"id\":\"1607868835824\",\"fieldName\":\"flow.server.l4.port.name\",\"parent\":\"\",\"label\":\"Service\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":1000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_3_index_pattern\"},{\"id\":\"1619032550621\",\"fieldName\":\"l4.session.established\",\"parent\":\"\",\"label\":\"Session Established\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":false,\"size\":3,\"order\":\"desc\"},\"indexPatternRefName\":\"control_4_index_pattern\"}],\"updateFiltersOnChange\":true,\"useTimeFilter\":true,\"pinFilters\":true}}"},"coreMigrationVersion":"8.2.0","id":"ee149178-3ffe-431b-9775-a0a0c139b04f","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"control_0_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"control_1_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"control_2_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"control_3_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"control_4_index_pattern","type":"index-pattern"}],"sort":[1675811601479,14145],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY2MjUsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Flows (src/dst) - Vega (directed graph)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Flows (src/dst) - Vega (directed graph)\",\"type\":\"vega\",\"aggs\":[],\"params\":{\"spec\":\"{\\n  \\\"$schema\\\": \\\"https://vega.github.io/schema/vega/v5.json\\\",\\n  \\\"description\\\": \\\"Copyright (C)2022 ElastiFlow Inc.\\\",\\n  \\\"autosize\\\": \\\"fit\\\",\\n  \\n  \\\"data\\\": [\\n    {\\n      \\\"name\\\": \\\"flows\\\",\\n      \\\"url\\\": {\\n        \\\"%context%\\\": true,\\n        \\\"%timefield%\\\": \\\"@timestamp\\\",\\n        \\\"index\\\": \\\"elastiflow-flow-ecs-*\\\",\\n        \\\"body\\\": {\\n          \\\"size\\\": 0,\\n          \\\"aggs\\\": {\\n            \\\"table\\\": {\\n              \\\"composite\\\": {\\n                \\\"size\\\": 384,\\n                \\\"sources\\\": [{\\n                    \\\"client\\\": {\\n                      \\\"terms\\\": {\\n                        \\\"field\\\": \\\"source.domain\\\"\\n                      }\\n                    }\\n                  },\\n                  {\\n                    \\\"server\\\": {\\n                      \\\"terms\\\": {\\n                        \\\"field\\\": \\\"destination.domain\\\"\\n                      }\\n                    }\\n                  }\\n                ]\\n              },\\n              \\\"aggs\\\": {\\n                \\\"flow_bytes\\\": {\\n                  \\\"sum\\\": {\\n                    \\\"field\\\": \\\"network.bytes\\\"\\n                  }\\n                },\\n                \\\"flow_packets\\\": {\\n                  \\\"sum\\\": {\\n                    \\\"field\\\": \\\"network.packets\\\"\\n                  }\\n                }\\n              }\\n            }\\n          }\\n        }\\n      },\\n      \\\"format\\\": {\\n        \\\"property\\\": \\\"aggregations.table.buckets\\\"\\n      },\\n      \\\"transform\\\": [\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.key.client\\\",\\n          \\\"as\\\": \\\"source\\\"\\n        },\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.key.server\\\",\\n          \\\"as\\\": \\\"target\\\"\\n        },\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.flow_bytes.value\\\",\\n          \\\"as\\\": \\\"bytes\\\"\\n        },\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.flow_packets.value\\\",\\n          \\\"as\\\": \\\"packets\\\"\\n        }\\n      ]\\n    },\\n\\n    {\\n      \\\"name\\\": \\\"endpoints\\\",\\n      \\\"source\\\": \\\"flows\\\",\\n      \\\"transform\\\": [\\n        {\\n          \\\"type\\\": \\\"fold\\\",\\n          \\\"fields\\\": [\\\"source\\\", \\\"target\\\"],\\n          \\\"as\\\": [\\\"stack\\\", \\\"key\\\"]\\n        },\\n        {\\n          \\\"type\\\": \\\"aggregate\\\",\\n          \\\"groupby\\\": [\\\"key\\\"],\\n          \\\"fields\\\": [\\\"doc_count\\\", \\\"bytes\\\", \\\"packets\\\"],\\n          \\\"ops\\\": [\\\"sum\\\", \\\"sum\\\", \\\"sum\\\"],\\n          \\\"as\\\": [\\\"doc_count\\\", \\\"bytes\\\", \\\"packets\\\"]\\n        }\\n      ]\\n    },\\n\\n    {\\n      \\\"name\\\": \\\"traffic\\\",\\n      \\\"source\\\": \\\"flows\\\",\\n      \\\"transform\\\": [\\n        {\\n          \\\"type\\\": \\\"aggregate\\\",\\n          \\\"groupby\\\": [\\\"source\\\", \\\"target\\\"],\\n          \\\"fields\\\": [\\\"doc_count\\\", \\\"bytes\\\", \\\"packets\\\"],\\n          \\\"ops\\\": [\\\"sum\\\", \\\"sum\\\", \\\"sum\\\"],\\n          \\\"as\\\": [\\\"doc_count\\\", \\\"bytes\\\", \\\"packets\\\"]\\n        }\\n      ]\\n    }\\n  ],\\n\\n  \\\"scales\\\": [\\n    {\\n      \\\"name\\\": \\\"endpointBytesScale\\\",\\n      \\\"type\\\": \\\"quantile\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"endpoints\\\", \\\"field\\\": \\\"bytes\\\"},\\n      \\\"range\\\": [128,192,256,320,384,448,512,576,640,768,896,1024]\\n    },\\n    {\\n      \\\"name\\\": \\\"fontsizeEndpointBytesScale\\\",\\n      \\\"type\\\": \\\"quantile\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"endpoints\\\", \\\"field\\\": \\\"bytes\\\"},\\n      \\\"range\\\": [0,0,0,0,0,0,0,12]\\n    },\\n    {\\n      \\\"name\\\": \\\"colorEndpointsBytesBlues\\\",\\n      \\\"type\\\": \\\"quantile\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"endpoints\\\", \\\"field\\\": \\\"bytes\\\"},\\n      \\\"range\\\": [\\\"#99ddff\\\", \\\"#80d4ff\\\", \\\"#66ccff\\\", \\\"#33bbff\\\", \\\"#00aaff\\\", \\\"#0099e6\\\"]\\n    },\\n    {\\n      \\\"name\\\": \\\"colorEndpointsBytesLightBlues\\\",\\n      \\\"type\\\": \\\"quantile\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"endpoints\\\", \\\"field\\\": \\\"bytes\\\"},\\n      \\\"range\\\": [\\\"#e6f7ff\\\", \\\"#cceeff\\\", \\\"#b3e6ff\\\", \\\"#99ddff\\\"]\\n    },\\n    {\\n      \\\"name\\\": \\\"trafficBytesScale\\\",\\n      \\\"type\\\": \\\"quantile\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"traffic\\\", \\\"field\\\": \\\"bytes\\\"},\\n      \\\"range\\\": [1,2,3,4,6,8]\\n    },\\n    {\\n      \\\"name\\\": \\\"colorTrafficBytesGreys\\\",\\n      \\\"type\\\": \\\"quantile\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"traffic\\\", \\\"field\\\": \\\"bytes\\\"},\\n      \\\"range\\\": [\\\"#ddd\\\", \\\"#ccc\\\", \\\"#bbb\\\", \\\"#aaa\\\", \\\"#999\\\", \\\"#888\\\"]\\n    }\\n  ],\\n  \\n  \\\"signals\\\": [\\n    {\\n      \\\"name\\\": \\\"cx\\\",\\n      \\\"update\\\": \\\"width / 2\\\"\\n    },\\n    {\\n      \\\"name\\\": \\\"cy\\\",\\n      \\\"update\\\": \\\"height / 2\\\"\\n    },\\n    {\\n      \\\"name\\\": \\\"nodeCharge\\\",\\n      \\\"value\\\": -128,\\n      \\\"bind\\\": {\\\"input\\\": \\\"range\\\", \\\"min\\\": -200, \\\"max\\\": 10, \\\"step\\\": 1}\\n    },\\n    {\\n      \\\"name\\\": \\\"linkDistance\\\",\\n      \\\"value\\\": 18,\\n      \\\"bind\\\": {\\\"input\\\": \\\"range\\\", \\\"min\\\": 8, \\\"max\\\": 64, \\\"step\\\": 1}\\n    },\\n    {\\n      \\\"name\\\": \\\"decay\\\",\\n      \\\"value\\\": 0.5,\\n      \\\"bind\\\": {\\\"input\\\": \\\"range\\\", \\\"min\\\": 0, \\\"max\\\": 1, \\\"step\\\": 0.01}\\n    },\\n    {\\n      \\\"name\\\": \\\"gravityX\\\",\\n      \\\"value\\\": 0.1,\\n      \\\"bind\\\": {\\\"input\\\": \\\"range\\\", \\\"min\\\": 0, \\\"max\\\": 1}\\n    },\\n    {\\n      \\\"name\\\": \\\"gravityY\\\",\\n      \\\"value\\\": 0.2,\\n      \\\"bind\\\": {\\\"input\\\": \\\"range\\\", \\\"min\\\": 0, \\\"max\\\": 1}\\n    },\\n    {\\n      \\\"name\\\": \\\"static\\\",\\n      \\\"value\\\": false,\\n      \\\"bind\\\": {\\\"input\\\": \\\"checkbox\\\"}\\n    },\\n    {\\n      \\\"name\\\": \\\"fix\\\",\\n      \\\"value\\\": false,\\n      \\\"on\\\": [\\n        {\\n          \\\"events\\\": \\\"symbol:mouseout[!event.buttons], window:mouseup\\\",\\n          \\\"update\\\": \\\"false\\\"\\n        },\\n        {\\n          \\\"events\\\": \\\"symbol:mouseover\\\",\\n          \\\"update\\\": \\\"fix || true\\\"\\n        },\\n        {\\n          \\\"events\\\": \\\"[symbol:mousedown, window:mouseup] > window:mousemove!\\\",\\n          \\\"update\\\": \\\"xy()\\\",\\n          \\\"force\\\": true\\n        }\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"node\\\",\\n      \\\"value\\\": null,\\n      \\\"on\\\": [\\n        {\\n          \\\"events\\\": \\\"symbol:mouseover\\\",\\n          \\\"update\\\": \\\"fix === true ? item() : node\\\"\\n        }\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"restart\\\",\\n      \\\"value\\\": false,\\n      \\\"on\\\": [\\n        {\\n          \\\"events\\\": {\\\"signal\\\": \\\"fix\\\"}, \\\"update\\\": \\\"fix && fix.length\\\"\\n        }\\n      ]\\n    }\\n  ],\\n  \\n  \\\"marks\\\": [\\n    {\\n      \\\"name\\\": \\\"nodes\\\",\\n      \\\"type\\\": \\\"symbol\\\",\\n      \\\"zindex\\\": 1,\\n      \\\"from\\\": {\\\"data\\\": \\\"endpoints\\\"},\\n      \\\"on\\\": [\\n        {\\n          \\\"trigger\\\": \\\"fix\\\",\\n          \\\"modify\\\": \\\"node\\\",\\n          \\\"values\\\": \\\"fix === true ? {fx: node.x, fy: node.y} : {fx: fix[0], fy: fix[1]}\\\"\\n        },\\n        {\\\"trigger\\\": \\\"!fix\\\", \\\"modify\\\": \\\"node\\\", \\\"values\\\": \\\"{fx: null, fy: null}\\\"}\\n      ],\\n      \\\"encode\\\": {\\n        \\\"enter\\\": {\\n          \\\"fill\\\": {\\\"scale\\\": \\\"colorEndpointsBytesBlues\\\", \\\"field\\\": \\\"bytes\\\"},\\n          \\\"stroke\\\": {\\\"scale\\\": \\\"colorEndpointsBytesLightBlues\\\", \\\"field\\\": \\\"bytes\\\"},\\n          \\\"xfocus\\\": {\\\"signal\\\": \\\"cx\\\"},\\n          \\\"yfocus\\\": {\\\"signal\\\": \\\"cy\\\"}\\n        },\\n        \\\"update\\\": {\\n          \\\"size\\\": {\\\"scale\\\": \\\"endpointBytesScale\\\", \\\"field\\\": \\\"bytes\\\"},\\n          \\\"cursor\\\": {\\\"value\\\": \\\"pointer\\\"}\\n        },\\n        \\\"hover\\\": {\\n          \\\"tooltip\\\": {\\n            \\\"signal\\\": \\\"datum.key + ' (Bytes: ' + format(datum.bytes, '.2s') + ', Packets: ' + datum.packets + ', Records: ' + datum.doc_count + ')'\\\"\\n          }\\n        }\\n      },\\n      \\\"transform\\\": [\\n        {\\n          \\\"type\\\": \\\"force\\\",\\n          \\\"iterations\\\": 160,\\n          \\\"velocityDecay\\\": {\\n            \\\"signal\\\": \\\"decay\\\"\\n          },\\n          \\\"restart\\\": {\\\"signal\\\": \\\"restart\\\"},\\n          \\\"static\\\": {\\\"signal\\\": \\\"static\\\"},\\n          \\\"signal\\\": \\\"force\\\",\\n          \\\"forces\\\": [\\n            {\\\"force\\\": \\\"center\\\", \\\"x\\\": {\\\"signal\\\": \\\"cx\\\"}, \\\"y\\\": {\\\"signal\\\": \\\"cy\\\"}},\\n            {\\\"force\\\": \\\"x\\\", \\\"x\\\": \\\"xfocus\\\", \\\"strength\\\": {\\\"signal\\\": \\\"gravityX\\\"}},\\n            {\\\"force\\\": \\\"y\\\", \\\"y\\\": \\\"yfocus\\\", \\\"strength\\\": {\\\"signal\\\": \\\"gravityY\\\"}},\\n            {\\\"force\\\": \\\"collide\\\", \\\"radius\\\": {\\\"signal\\\": \\\"linkDistance\\\"}},\\n            {\\\"force\\\": \\\"nbody\\\", \\\"strength\\\": {\\\"signal\\\": \\\"nodeCharge\\\"}},\\n            {\\\"force\\\": \\\"link\\\", \\\"links\\\": \\\"traffic\\\", \\\"id\\\": \\\"datum.key\\\", \\\"distance\\\": {\\\"signal\\\": \\\"linkDistance\\\"}}\\n          ]\\n        }\\n      ]\\n    },\\n    {\\n      \\\"type\\\": \\\"text\\\",\\n      \\\"zindex\\\": 2,\\n      \\\"from\\\": {\\\"data\\\": \\\"nodes\\\"},\\n      \\\"interactive\\\": false,\\n      \\\"encode\\\": {\\n        \\\"enter\\\": {\\n          \\\"fill\\\": {\\\"value\\\": \\\"black\\\"},\\n          \\\"fontSize\\\": {\\\"scale\\\": \\\"fontsizeEndpointBytesScale\\\", \\\"field\\\": \\\"datum.bytes\\\"}\\n        },\\n        \\\"update\\\": {\\n          \\\"y\\\": {\\\"field\\\": \\\"y\\\", \\\"offset\\\": {\\\"signal\\\": \\\"sqrt(datum.size/2) * 1.3\\\"}},\\n          \\\"x\\\": {\\\"field\\\": \\\"x\\\"},\\n          \\\"text\\\": {\\\"field\\\": \\\"datum.key\\\"},\\n          \\\"align\\\": {\\\"value\\\": \\\"center\\\"}\\n        }\\n      }\\n    },\\n    {\\n      \\\"name\\\": \\\"paths\\\",\\n      \\\"type\\\": \\\"path\\\",\\n      \\\"from\\\": {\\\"data\\\": \\\"traffic\\\"},\\n      \\\"interactive\\\": true,\\n      \\\"encode\\\": {\\n        \\\"update\\\": {\\n          \\\"stroke\\\": {\\\"scale\\\": \\\"colorTrafficBytesGreys\\\", \\\"field\\\": \\\"bytes\\\"},\\n          \\\"strokeWidth\\\": {\\\"scale\\\": \\\"trafficBytesScale\\\", \\\"field\\\": \\\"bytes\\\"}\\n        },\\n        \\\"hover\\\": {\\n          \\\"tooltip\\\": {\\n            \\\"signal\\\": \\\"'Bytes: ' + format(datum.bytes, '.2s') + ', Packets: ' + datum.packets + ', Records: ' + datum.doc_count\\\"\\n          }\\n        }\\n      },\\n      \\\"transform\\\": [\\n        {\\n          \\\"type\\\": \\\"linkpath\\\",\\n          \\\"require\\\": {\\\"signal\\\": \\\"force\\\"},\\n          \\\"shape\\\": \\\"curve\\\",\\n          \\\"sourceX\\\": \\\"datum.source.x\\\",\\n          \\\"sourceY\\\": \\\"datum.source.y\\\",\\n          \\\"targetX\\\": \\\"datum.target.x\\\",\\n          \\\"targetY\\\": \\\"datum.target.y\\\"\\n        }\\n      ]\\n    }\\n  ]\\n}\\n\"}}"},"coreMigrationVersion":"8.2.0","id":"cd63910d-400f-471d-9d68-107e8b6612b3","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,14146],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY2MjYsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Autonomous Systems (bytes) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow (flow): Autonomous Systems (bytes) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Bytes\",\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"as.label\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"AS\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"nestedLegend\":false,\"truncateLegend\":true,\"maxLegendLines\":1,\"emptySizeRatio\":0.3,\"legendSize\":230}}"},"coreMigrationVersion":"8.2.0","id":"78100c84-0bdc-4ccf-b7d1-ab154c008c35","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1675811635343,15235],"type":"visualization","updated_at":"2023-02-07T23:13:55.343Z","version":"WzY5ODksMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"term\":{\"network.transport\":\"udp\"}},{\"terms\":{\"source.port\":[17,19,53,69,111,123,137,161,389,520,751,1434,1645,1646,1812,1813,1900,3702,5093,5353,11211,27015,27960]}}],\"must_not\":[{\"term\":{\"source.as.organization.name\":\"PRIVATE\"}}]},\"meta\":{\"alias\":\"UDP Public\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"term\\\":{\\\"network.transport\\\":\\\"udp\\\"}},{\\\"terms\\\":{\\\"source.port\\\":[17,19,53,69,111,123,137,161,389,520,751,1434,1645,1646,1812,1813,1900,3702,5093,5353,11211,27015,27960]}}],\\\"must_not\\\":[{\\\"term\\\":{\\\"source.as.organization.name\\\":\\\"PRIVATE\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): UDP Amplification Sources (Public) - table","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: UDP Amplification Sources (Public) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"source.ip\",\"customLabel\":\"Sources\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.l4.port.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Bytes\"},\"schema\":\"metric\"},{\"id\":\"6\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"Packets\"},\"schema\":\"metric\"}],\"params\":{\"perPage\":14,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"e90a8835-2cca-4f73-9c04-2dd0c0382a3b","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1675811601479,14151],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY2MjgsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Src/Dst - input list","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Src/Dst - input list\",\"type\":\"input_control_vis\",\"aggs\":[],\"params\":{\"controls\":[{\"id\":\"1607868729183\",\"fieldName\":\"host.name\",\"parent\":\"\",\"label\":\"Flow Exporter\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":1000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_0_index_pattern\"},{\"id\":\"1607868774014\",\"fieldName\":\"source.domain\",\"parent\":\"\",\"label\":\"Source\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":5000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_1_index_pattern\"},{\"id\":\"1607868810362\",\"fieldName\":\"destination.domain\",\"parent\":\"\",\"label\":\"Destination\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":5000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_2_index_pattern\"},{\"id\":\"1607868835824\",\"fieldName\":\"flow.dst.l4.port.name\",\"parent\":\"\",\"label\":\"Destination Port\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":1000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_3_index_pattern\"},{\"id\":\"1619032296511\",\"fieldName\":\"l4.session.established\",\"parent\":\"\",\"label\":\"Session Established\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":false,\"size\":3,\"order\":\"desc\"},\"indexPatternRefName\":\"control_4_index_pattern\"}],\"updateFiltersOnChange\":true,\"useTimeFilter\":true,\"pinFilters\":true}}"},"coreMigrationVersion":"8.2.0","id":"f554b5f4-8ab0-4f5f-89b9-2d8afb89207b","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"control_0_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"control_1_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"control_2_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"control_3_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"control_4_index_pattern","type":"index-pattern"}],"sort":[1675811601479,14157],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY2MjksMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Sources (bytes) - donut/left","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow (flow): Sources (bytes) - donut/left\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Bytes\",\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"left\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"nestedLegend\":false,\"truncateLegend\":true,\"maxLegendLines\":1,\"emptySizeRatio\":0.3,\"legendSize\":180}}"},"coreMigrationVersion":"8.2.0","id":"c9317819-dafd-437b-87f5-c18418ae95a5","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1675812071450,16086],"type":"visualization","updated_at":"2023-02-07T23:21:11.450Z","version":"Wzc3NjksMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Flows (src/dst) - Vega (sankey)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Flows (src/dst) - Vega (sankey)\",\"type\":\"vega\",\"aggs\":[],\"params\":{\"spec\":\"{\\n  \\\"$schema\\\": \\\"https://vega.github.io/schema/vega/v3.0.json\\\",\\n  \\\"data\\\": [\\n    {\\n      \\\"name\\\": \\\"rawData\\\",\\n      \\\"url\\\": {\\n        \\\"%context%\\\": true,\\n        \\\"%timefield%\\\": \\\"@timestamp\\\",\\n        \\\"index\\\": \\\"elastiflow-*\\\",\\n        \\\"body\\\": {\\n          \\\"size\\\": 0,\\n          \\\"aggs\\\": {\\n            \\\"table\\\": {\\n              \\\"composite\\\": {\\n                \\\"size\\\": 1000,\\n                \\\"sources\\\": [\\n                  {\\\"stk1\\\": {\\\"terms\\\": {\\\"field\\\": \\\"source.domain\\\"}}},\\n                  {\\\"stk2\\\": {\\\"terms\\\": {\\\"field\\\": \\\"destination.domain\\\"}}}\\n                ]\\n              },\\n        \\t\\t\\t\\\"aggs\\\": {\\n        \\t\\t\\t\\t\\\"bytes\\\": {\\n        \\t\\t\\t\\t\\t\\\"sum\\\": {\\n        \\t\\t\\t\\t\\t\\t\\\"field\\\": \\\"network.bytes\\\"\\n        \\t\\t\\t\\t\\t}\\n        \\t\\t\\t\\t}\\n        \\t\\t\\t}\\n            }\\n          }\\n        }\\n      },\\n      \\\"format\\\": {\\\"property\\\": \\\"aggregations.table.buckets\\\"},\\n      \\\"transform\\\": [\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.key.stk1\\\", \\\"as\\\": \\\"stk1\\\"},\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.key.stk2\\\", \\\"as\\\": \\\"stk2\\\"},\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.bytes.value\\\", \\\"as\\\": \\\"size\\\"}\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"nodes\\\",\\n      \\\"source\\\": \\\"rawData\\\",\\n      \\\"transform\\\": [\\n        {\\n          \\\"type\\\": \\\"filter\\\",\\n          \\\"expr\\\": \\\"!groupSelector || groupSelector.stk1 == datum.stk1 || groupSelector.stk2 == datum.stk2\\\"\\n        },\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.stk1+datum.stk2\\\", \\\"as\\\": \\\"key\\\"},\\n        {\\\"type\\\": \\\"fold\\\", \\\"fields\\\": [\\\"stk1\\\", \\\"stk2\\\"], \\\"as\\\": [\\\"stack\\\", \\\"grpId\\\"]},\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.stack == 'stk1' ? datum.stk1+datum.stk2 : datum.stk2+datum.stk1\\\",\\n          \\\"as\\\": \\\"sortField\\\"\\n        },\\n        {\\n          \\\"type\\\": \\\"stack\\\",\\n          \\\"groupby\\\": [\\\"stack\\\"],\\n          \\\"sort\\\": {\\\"field\\\": \\\"sortField\\\", \\\"order\\\": \\\"descending\\\"},\\n          \\\"field\\\": \\\"size\\\"\\n        },\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"(datum.y0+datum.y1)/2\\\", \\\"as\\\": \\\"yc\\\"}\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"groups\\\",\\n      \\\"source\\\": \\\"nodes\\\",\\n      \\\"transform\\\": [\\n        {\\n          \\\"type\\\": \\\"aggregate\\\",\\n          \\\"groupby\\\": [\\\"stack\\\", \\\"grpId\\\"],\\n          \\\"fields\\\": [\\\"size\\\"],\\n          \\\"ops\\\": [\\\"sum\\\"],\\n          \\\"as\\\": [\\\"total\\\"]\\n        },\\n        {\\n          \\\"type\\\": \\\"stack\\\",\\n          \\\"groupby\\\": [\\\"stack\\\"],\\n          \\\"sort\\\": {\\\"field\\\": \\\"grpId\\\", \\\"order\\\": \\\"descending\\\"},\\n          \\\"field\\\": \\\"total\\\"\\n        },\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"scale('y', datum.y0)\\\", \\\"as\\\": \\\"scaledY0\\\"},\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"scale('y', datum.y1)\\\", \\\"as\\\": \\\"scaledY1\\\"},\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.stack == 'stk1'\\\", \\\"as\\\": \\\"rightLabel\\\"},\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.total/domain('y')[1]\\\",\\n          \\\"as\\\": \\\"percentage\\\"\\n        }\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"destinationNodes\\\",\\n      \\\"source\\\": \\\"nodes\\\",\\n      \\\"transform\\\": [{\\\"type\\\": \\\"filter\\\", \\\"expr\\\": \\\"datum.stack == 'stk2'\\\"}]\\n    },\\n    {\\n      \\\"name\\\": \\\"edges\\\",\\n      \\\"source\\\": \\\"nodes\\\",\\n      \\\"transform\\\": [\\n        {\\\"type\\\": \\\"filter\\\", \\\"expr\\\": \\\"datum.stack == 'stk1'\\\"},\\n        {\\n          \\\"type\\\": \\\"lookup\\\",\\n          \\\"from\\\": \\\"destinationNodes\\\",\\n          \\\"key\\\": \\\"key\\\",\\n          \\\"fields\\\": [\\\"key\\\"],\\n          \\\"as\\\": [\\\"target\\\"]\\n        },\\n        {\\n          \\\"type\\\": \\\"linkpath\\\",\\n          \\\"orient\\\": \\\"horizontal\\\",\\n          \\\"shape\\\": \\\"diagonal\\\",\\n          \\\"sourceY\\\": {\\\"expr\\\": \\\"scale('y', datum.yc)\\\"},\\n          \\\"sourceX\\\": {\\\"expr\\\": \\\"scale('x', 'stk1') + bandwidth('x')\\\"},\\n          \\\"targetY\\\": {\\\"expr\\\": \\\"scale('y', datum.target.yc)\\\"},\\n          \\\"targetX\\\": {\\\"expr\\\": \\\"scale('x', 'stk2')\\\"}\\n        },\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"range('y')[0]-scale('y', datum.size)\\\",\\n          \\\"as\\\": \\\"strokeWidth\\\"\\n        },\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.size/domain('y')[1]\\\",\\n          \\\"as\\\": \\\"percentage\\\"\\n        }\\n      ]\\n    }\\n  ],\\n  \\\"scales\\\": [\\n    {\\n      \\\"name\\\": \\\"x\\\",\\n      \\\"type\\\": \\\"band\\\",\\n      \\\"range\\\": \\\"width\\\",\\n      \\\"domain\\\": [\\\"stk1\\\", \\\"stk2\\\"],\\n      \\\"paddingOuter\\\": 0.01,\\n      \\\"paddingInner\\\": 0.98\\n    },\\n    {\\n      \\\"name\\\": \\\"y\\\",\\n      \\\"type\\\": \\\"linear\\\",\\n      \\\"range\\\": \\\"height\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"nodes\\\", \\\"field\\\": \\\"y1\\\"}\\n    },\\n    {\\n      \\\"name\\\": \\\"color\\\",\\n      \\\"type\\\": \\\"ordinal\\\",\\n      \\\"range\\\": \\\"category\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"rawData\\\", \\\"fields\\\": [\\\"stk1\\\",\\\"stk2\\\"]}\\n    },\\n    {\\n      \\\"name\\\": \\\"stackNames\\\",\\n      \\\"type\\\": \\\"ordinal\\\",\\n      \\\"range\\\": [\\\"Source\\\", \\\"Destination\\\"],\\n      \\\"domain\\\": [\\\"stk1\\\", \\\"stk2\\\"]\\n    }\\n  ],\\n  \\\"axes\\\": [\\n    {\\n      \\\"orient\\\": \\\"bottom\\\",\\n      \\\"scale\\\": \\\"x\\\",\\n      \\\"labelColor\\\": {\\n        \\\"value\\\": \\\"#444444\\\"\\n      },\\n      \\\"encode\\\": {\\n        \\\"labels\\\": {\\n          \\\"update\\\": {\\n            \\\"text\\\": {\\\"scale\\\": \\\"stackNames\\\", \\\"field\\\": \\\"value\\\"},\\n            \\\"fontSize\\\": {\\\"value\\\": 14}\\n          }\\n        }\\n      }\\n    },\\n    {\\n      \\\"orient\\\": \\\"left\\\",\\n      \\\"scale\\\": \\\"y\\\",\\n      \\\"labelColor\\\": {\\n        \\\"value\\\": \\\"#444444\\\"\\n      },\\n      \\\"encode\\\": {\\n        \\\"labels\\\": {\\n          \\\"update\\\": {\\n            \\\"text\\\": {\\\"signal\\\": \\\"format(datum.value, '.2s') + 'B'\\\"},\\n            \\\"fontSize\\\": {\\\"value\\\": 12}\\n          }\\n        }\\n      }\\n    }\\n  ],\\n  \\\"marks\\\": [\\n    {\\n      \\\"type\\\": \\\"path\\\",\\n      \\\"name\\\": \\\"edgeMark\\\",\\n      \\\"from\\\": {\\\"data\\\": \\\"edges\\\"},\\n      \\\"clip\\\": true,\\n      \\\"encode\\\": {\\n        \\\"update\\\": {\\n          \\\"stroke\\\": [\\n            {\\n              \\\"test\\\": \\\"groupSelector && groupSelector.stack=='stk1'\\\",\\n              \\\"scale\\\": \\\"color\\\",\\n              \\\"field\\\": \\\"stk2\\\"\\n            },\\n            {\\\"scale\\\": \\\"color\\\", \\\"field\\\": \\\"stk1\\\"}\\n          ],\\n          \\\"strokeWidth\\\": {\\\"field\\\": \\\"strokeWidth\\\"},\\n          \\\"path\\\": {\\\"field\\\": \\\"path\\\"},\\n          \\\"strokeOpacity\\\": {\\n            \\\"signal\\\": \\\"!groupSelector && (groupHover.stk1 == datum.stk1 || groupHover.stk2 == datum.stk2) ? 0.8 : 0.4\\\"\\n          },\\n          \\\"zindex\\\": {\\n            \\\"signal\\\": \\\"!groupSelector && (groupHover.stk1 == datum.stk1 || groupHover.stk2 == datum.stk2) ? 1 : 0\\\"\\n          },\\n          \\\"tooltip\\\": {\\n            \\\"signal\\\": \\\"datum.stk1 + ' → ' + datum.stk2 + '    ' + format(datum.size, '.2s') + 'B (' + format(datum.percentage, '.1%') + ')'\\\"\\n          }\\n        },\\n        \\\"hover\\\": {\\\"strokeOpacity\\\": {\\\"value\\\": 0.8}}\\n      }\\n    },\\n    {\\n      \\\"type\\\": \\\"rect\\\",\\n      \\\"name\\\": \\\"groupMark\\\",\\n      \\\"from\\\": {\\\"data\\\": \\\"groups\\\"},\\n      \\\"encode\\\": {\\n        \\\"enter\\\": {\\n          \\\"fill\\\": {\\\"scale\\\": \\\"color\\\", \\\"field\\\": \\\"grpId\\\"},\\n          \\\"width\\\": {\\\"scale\\\": \\\"x\\\", \\\"band\\\": 1}\\n        },\\n        \\\"update\\\": {\\n          \\\"x\\\": {\\\"scale\\\": \\\"x\\\", \\\"field\\\": \\\"stack\\\"},\\n          \\\"y\\\": {\\\"field\\\": \\\"scaledY0\\\"},\\n          \\\"y2\\\": {\\\"field\\\": \\\"scaledY1\\\"},\\n          \\\"fillOpacity\\\": {\\\"value\\\": 0.7},\\n          \\\"tooltip\\\": {\\n            \\\"signal\\\": \\\"datum.grpId + '   ' + format(datum.total, '.2s') + 'B (' + format(datum.percentage, '.1%') + ')'\\\"\\n          }\\n        },\\n        \\\"hover\\\": {\\\"fillOpacity\\\": {\\\"value\\\": 1}}\\n      }\\n    },\\n    {\\n      \\\"type\\\": \\\"text\\\",\\n      \\\"from\\\": {\\\"data\\\": \\\"groups\\\"},\\n      \\\"interactive\\\": false,\\n      \\\"encode\\\": {\\n        \\\"update\\\": {\\n          \\\"x\\\": {\\n            \\\"signal\\\": \\\"scale('x', datum.stack) + (datum.rightLabel ? bandwidth('x') + 8 : -8)\\\"\\n          },\\n          \\\"yc\\\": {\\\"signal\\\": \\\"(datum.scaledY0 + datum.scaledY1)/2\\\"},\\n          \\\"align\\\": {\\\"signal\\\": \\\"datum.rightLabel ? 'left' : 'right'\\\"},\\n          \\\"baseline\\\": {\\\"value\\\": \\\"middle\\\"},\\n          \\\"fontWeight\\\": {\\\"value\\\": \\\"bold\\\"},\\n          \\\"fontSize\\\": {\\\"value\\\": 12},\\n          \\\"fill\\\": {\\\"value\\\": \\\"#222222\\\"},\\n          \\\"text\\\": {\\n            \\\"signal\\\": \\\"abs(datum.scaledY0-datum.scaledY1) > 10 ? datum.grpId : ''\\\"\\n          }\\n        }\\n      }\\n    },\\n    {\\n      \\\"type\\\": \\\"group\\\",\\n      \\\"data\\\": [\\n        {\\n          \\\"name\\\": \\\"dataForShowAll\\\",\\n          \\\"values\\\": [{}],\\n          \\\"transform\\\": [{\\\"type\\\": \\\"filter\\\", \\\"expr\\\": \\\"groupSelector\\\"}]\\n        }\\n      ],\\n      \\\"encode\\\": {\\n        \\\"enter\\\": {\\n          \\\"xc\\\": {\\\"signal\\\": \\\"width/2\\\"},\\n          \\\"y\\\": {\\\"value\\\": 30},\\n          \\\"width\\\": {\\\"value\\\": 100},\\n          \\\"height\\\": {\\\"value\\\": 36}\\n        }\\n      },\\n      \\\"marks\\\": [\\n        {\\n          \\\"type\\\": \\\"group\\\",\\n          \\\"name\\\": \\\"groupReset\\\",\\n          \\\"from\\\": {\\\"data\\\": \\\"dataForShowAll\\\"},\\n          \\\"encode\\\": {\\n            \\\"enter\\\": {\\n              \\\"cornerRadius\\\": {\\\"value\\\": 3.5},\\n              \\\"fill\\\": {\\\"value\\\": \\\"#666666\\\"},\\n              \\\"height\\\": {\\\"field\\\": {\\\"group\\\": \\\"height\\\"}},\\n              \\\"width\\\": {\\\"field\\\": {\\\"group\\\": \\\"width\\\"}}\\n            },\\n            \\\"update\\\": {\\\"opacity\\\": {\\\"value\\\": 1}},\\n            \\\"hover\\\": {\\\"fill\\\": {\\\"value\\\": \\\"#444444\\\"}}\\n          },\\n          \\\"marks\\\": [\\n            {\\n              \\\"type\\\": \\\"text\\\",\\n              \\\"interactive\\\": false,\\n              \\\"encode\\\": {\\n                \\\"enter\\\": {\\n                  \\\"xc\\\": {\\\"field\\\": {\\\"group\\\": \\\"width\\\"}, \\\"mult\\\": 0.5},\\n                  \\\"yc\\\": {\\\"field\\\": {\\\"group\\\": \\\"height\\\"}, \\\"mult\\\": 0.5, \\\"offset\\\": 1},\\n                  \\\"align\\\": {\\\"value\\\": \\\"center\\\"},\\n                  \\\"baseline\\\": {\\\"value\\\": \\\"middle\\\"},\\n                  \\\"text\\\": {\\\"value\\\": \\\"Show All\\\"},\\n                  \\\"fontSize\\\": {\\\"value\\\": 14},\\n                  \\\"stroke\\\": {\\\"value\\\": \\\"#ecf0f1\\\"}\\n                }\\n              }\\n            }\\n          ]\\n        }\\n      ]\\n    }\\n  ],\\n  \\\"signals\\\": [\\n    {\\n      \\\"name\\\": \\\"groupHover\\\",\\n      \\\"value\\\": {},\\n      \\\"on\\\": [\\n        {\\n          \\\"events\\\": \\\"@groupMark:mouseover\\\",\\n          \\\"update\\\": \\\"{stk1:datum.stack=='stk1' && datum.grpId, stk2:datum.stack=='stk2' && datum.grpId}\\\"\\n        },\\n        {\\\"events\\\": \\\"mouseout\\\", \\\"update\\\": \\\"{}\\\"}\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"groupSelector\\\",\\n      \\\"value\\\": false,\\n      \\\"on\\\": [\\n        {\\n          \\\"events\\\": \\\"@groupMark:click!\\\",\\n          \\\"update\\\": \\\"{stack:datum.stack, stk1:datum.stack=='stk1' && datum.grpId, stk2:datum.stack=='stk2' && datum.grpId}\\\"\\n        },\\n        {\\n          \\\"events\\\": [\\n            {\\\"type\\\": \\\"click\\\", \\\"markname\\\": \\\"groupReset\\\"},\\n            {\\\"type\\\": \\\"dblclick\\\"}\\n          ],\\n          \\\"update\\\": \\\"false\\\"\\n        }\\n      ]\\n    }\\n  ]\\n}\\n\"}}"},"coreMigrationVersion":"8.2.0","id":"a0267894-21cb-4ede-a20f-45d26f0113eb","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,14160],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY2MzEsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Destinations (bytes) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow (flow): Destinations (bytes) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Bytes\",\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"nestedLegend\":false,\"truncateLegend\":true,\"maxLegendLines\":1,\"emptySizeRatio\":0.3,\"legendSize\":180}}"},"coreMigrationVersion":"8.2.0","id":"af27d18b-9e48-47f2-9bd1-83294a6c86c3","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1675812139114,16201],"type":"visualization","updated_at":"2023-02-07T23:22:19.114Z","version":"Wzc4ODUsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Sources (packets) - donut/left","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow (flow): Sources (packets) - donut/left\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"Packets\",\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"left\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"nestedLegend\":false,\"truncateLegend\":true,\"maxLegendLines\":1,\"emptySizeRatio\":0.3,\"legendSize\":180}}"},"coreMigrationVersion":"8.2.0","id":"7a8fcb34-f120-4a5f-99f6-1e5b1b0246cc","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1675812084365,16083],"type":"visualization","updated_at":"2023-02-07T23:21:24.365Z","version":"Wzc3OTAsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Destinations (packets) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow (flow): Destinations (packets) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"Packets\",\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"nestedLegend\":false,\"truncateLegend\":true,\"maxLegendLines\":1,\"emptySizeRatio\":0.3,\"legendSize\":180}}"},"coreMigrationVersion":"8.2.0","id":"d29c61a4-3439-4e20-8d2b-9b64bbc619dc","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1675812125599,16177],"type":"visualization","updated_at":"2023-02-07T23:22:05.599Z","version":"Wzc4NjQsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Sources (flow records) - donut/left","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow (flow): Sources (flow records) - donut/left\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Records\",\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"left\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"nestedLegend\":false,\"truncateLegend\":true,\"maxLegendLines\":1,\"emptySizeRatio\":0.3,\"legendSize\":180}}"},"coreMigrationVersion":"8.2.0","id":"5df2eb01-24ff-4308-9aac-6cfc7eda51ed","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1675812097259,16138],"type":"visualization","updated_at":"2023-02-07T23:21:37.259Z","version":"Wzc4MjEsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Destinations (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow (flow): Destinations (flow records) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Records\",\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"nestedLegend\":false,\"truncateLegend\":true,\"maxLegendLines\":1,\"emptySizeRatio\":0.3,\"legendSize\":180}}"},"coreMigrationVersion":"8.2.0","id":"e2acbbf7-a50d-440f-ae17-9c0aab36a051","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1675812110985,16141],"type":"visualization","updated_at":"2023-02-07T23:21:50.985Z","version":"Wzc4NDMsMl0="}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":false}","panelsJSON":"[{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":28,\"h\":4,\"i\":\"068d8ad6-4f1d-4f57-af6c-47c92991a8f0\"},\"panelIndex\":\"068d8ad6-4f1d-4f57-af6c-47c92991a8f0\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_068d8ad6-4f1d-4f57-af6c-47c92991a8f0\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":28,\"y\":0,\"w\":15,\"h\":4,\"i\":\"7c838cd1-dfb7-436e-b3a7-21e2ecd0a2bc\"},\"panelIndex\":\"7c838cd1-dfb7-436e-b3a7-21e2ecd0a2bc\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_7c838cd1-dfb7-436e-b3a7-21e2ecd0a2bc\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":43,\"y\":0,\"w\":5,\"h\":4,\"i\":\"70be6510-d89b-4f38-aef0-bf443f56914f\"},\"panelIndex\":\"70be6510-d89b-4f38-aef0-bf443f56914f\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_70be6510-d89b-4f38-aef0-bf443f56914f\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":4,\"w\":48,\"h\":5,\"i\":\"7a5bacdb-ccc4-405d-96f3-50e6f7b47c06\"},\"panelIndex\":\"7a5bacdb-ccc4-405d-96f3-50e6f7b47c06\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_7a5bacdb-ccc4-405d-96f3-50e6f7b47c06\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":9,\"w\":11,\"h\":11,\"i\":\"af684f1e-8159-459f-8c6e-99ad224abd57\"},\"panelIndex\":\"af684f1e-8159-459f-8c6e-99ad224abd57\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Sources (bytes)\",\"panelRefName\":\"panel_af684f1e-8159-459f-8c6e-99ad224abd57\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":11,\"y\":9,\"w\":26,\"h\":33,\"i\":\"942fa454-8236-4330-987b-2f92940c4bdb\"},\"panelIndex\":\"942fa454-8236-4330-987b-2f92940c4bdb\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_942fa454-8236-4330-987b-2f92940c4bdb\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":37,\"y\":9,\"w\":11,\"h\":11,\"i\":\"b00c89d7-60a8-4d65-a16c-29957ecca022\"},\"panelIndex\":\"b00c89d7-60a8-4d65-a16c-29957ecca022\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Destinations (bytes)\",\"panelRefName\":\"panel_b00c89d7-60a8-4d65-a16c-29957ecca022\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":20,\"w\":11,\"h\":11,\"i\":\"efacf7be-ca21-467d-bf38-96faa9c4389c\"},\"panelIndex\":\"efacf7be-ca21-467d-bf38-96faa9c4389c\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Sources (packets)\",\"panelRefName\":\"panel_efacf7be-ca21-467d-bf38-96faa9c4389c\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":37,\"y\":20,\"w\":11,\"h\":11,\"i\":\"d7539da2-f999-417b-b83b-8ac077a1b460\"},\"panelIndex\":\"d7539da2-f999-417b-b83b-8ac077a1b460\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Destinations (packets)\",\"panelRefName\":\"panel_d7539da2-f999-417b-b83b-8ac077a1b460\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":31,\"w\":11,\"h\":11,\"i\":\"d67ff12d-5557-46a4-b401-ba7d5ba0c7ad\"},\"panelIndex\":\"d67ff12d-5557-46a4-b401-ba7d5ba0c7ad\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Sources (flow records)\",\"panelRefName\":\"panel_d67ff12d-5557-46a4-b401-ba7d5ba0c7ad\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":37,\"y\":31,\"w\":11,\"h\":11,\"i\":\"7bac3166-b6fc-4603-b6a6-211f84879f3c\"},\"panelIndex\":\"7bac3166-b6fc-4603-b6a6-211f84879f3c\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Destinations (flow records)\",\"panelRefName\":\"panel_7bac3166-b6fc-4603-b6a6-211f84879f3c\"}]","timeRestore":false,"title":"ElastiFlow (flow): Flows (src/dst)","version":1},"coreMigrationVersion":"8.2.0","id":"44e9cc46-9a3c-4ace-a3f0-8d3020ebe252","migrationVersion":{"dashboard":"8.2.0"},"references":[{"id":"24ef2c72-f362-48c1-9898-10ad79c2f162","name":"068d8ad6-4f1d-4f57-af6c-47c92991a8f0:panel_068d8ad6-4f1d-4f57-af6c-47c92991a8f0","type":"visualization"},{"id":"8136a4d4-c11a-4ae0-b4c1-daad8d2d8c6d","name":"7c838cd1-dfb7-436e-b3a7-21e2ecd0a2bc:panel_7c838cd1-dfb7-436e-b3a7-21e2ecd0a2bc","type":"visualization"},{"id":"b3a59822-c752-45ed-b321-fe35aa1edda7","name":"70be6510-d89b-4f38-aef0-bf443f56914f:panel_70be6510-d89b-4f38-aef0-bf443f56914f","type":"visualization"},{"id":"f554b5f4-8ab0-4f5f-89b9-2d8afb89207b","name":"7a5bacdb-ccc4-405d-96f3-50e6f7b47c06:panel_7a5bacdb-ccc4-405d-96f3-50e6f7b47c06","type":"visualization"},{"id":"c9317819-dafd-437b-87f5-c18418ae95a5","name":"af684f1e-8159-459f-8c6e-99ad224abd57:panel_af684f1e-8159-459f-8c6e-99ad224abd57","type":"visualization"},{"id":"a0267894-21cb-4ede-a20f-45d26f0113eb","name":"942fa454-8236-4330-987b-2f92940c4bdb:panel_942fa454-8236-4330-987b-2f92940c4bdb","type":"visualization"},{"id":"af27d18b-9e48-47f2-9bd1-83294a6c86c3","name":"b00c89d7-60a8-4d65-a16c-29957ecca022:panel_b00c89d7-60a8-4d65-a16c-29957ecca022","type":"visualization"},{"id":"7a8fcb34-f120-4a5f-99f6-1e5b1b0246cc","name":"efacf7be-ca21-467d-bf38-96faa9c4389c:panel_efacf7be-ca21-467d-bf38-96faa9c4389c","type":"visualization"},{"id":"d29c61a4-3439-4e20-8d2b-9b64bbc619dc","name":"d7539da2-f999-417b-b83b-8ac077a1b460:panel_d7539da2-f999-417b-b83b-8ac077a1b460","type":"visualization"},{"id":"5df2eb01-24ff-4308-9aac-6cfc7eda51ed","name":"d67ff12d-5557-46a4-b401-ba7d5ba0c7ad:panel_d67ff12d-5557-46a4-b401-ba7d5ba0c7ad","type":"visualization"},{"id":"e2acbbf7-a50d-440f-ae17-9c0aab36a051","name":"7bac3166-b6fc-4603-b6a6-211f84879f3c:panel_7bac3166-b6fc-4603-b6a6-211f84879f3c","type":"visualization"}],"sort":[1675811601479,14182],"type":"dashboard","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY2MzcsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Top Layer-4 Protocols - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: Top Layer-4 Protocols - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Bytes\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"Packets\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Flow Records\"},\"schema\":\"metric\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.transport\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":99,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Top Layer-4 Protocols\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"7ced98a8-e4d3-46b3-9646-e838766de3ef","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1675811601479,14184],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY2MzgsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Destinations and Ports (bytes) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Destinations and Ports (bytes) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Bytes\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"},\"schema\":\"segment\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.l4.port.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Port\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\"}}"},"coreMigrationVersion":"8.2.0","id":"51053455-7c90-491b-80a8-65dd75f76a11","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1675811601479,14186],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY2MzksMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"terms\":{\"destination.port\":[22,23]}}]}}],\"must_not\":[{\"term\":{\"source.as.organization.name\":\"PRIVATE\"}},{\"terms\":{\"source.port\":[53,123,80,443,25,465,110,195,143,993]}}]},\"meta\":{\"alias\":\"CLI Public\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"bool\\\":{\\\"minimum_should_match\\\":1,\\\"should\\\":[{\\\"terms\\\":{\\\"destination.port\\\":[22,23]}}]}}],\\\"must_not\\\":[{\\\"term\\\":{\\\"source.as.organization.name\\\":\\\"PRIVATE\\\"}},{\\\"terms\\\":{\\\"source.port\\\":[53,123,80,443,25,465,110,195,143,993]}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): CLI Sessions (Public) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: CLI Sessions (Public) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"source.port\",\"customLabel\":\"Sessions\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.l4.port.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":15,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"c1a5a79c-729c-4313-89f2-2e450d7cb860","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1675811601479,14189],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY2NDAsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Server Cities (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow (flow): Server Cities (flow records) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Records\",\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"server.geo.city_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"City\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"nestedLegend\":false,\"truncateLegend\":true,\"maxLegendLines\":1,\"emptySizeRatio\":0.3,\"legendSize\":180}}"},"coreMigrationVersion":"8.2.0","id":"caff8d54-5d15-4148-bc9b-ef787f2278c3","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1675812447064,16560],"type":"visualization","updated_at":"2023-02-07T23:27:27.064Z","version":"WzgyMjksMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): NTP Req/Resp (packets) - TSVB (line)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NTP Req/Resp (packets) - TSVB (line)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"time_range_mode\":\"entire_time_range\",\"id\":\"243e6f91-2230-4e05-bcdd-3fb4a0941bab\",\"type\":\"timeseries\",\"series\":[{\"id\":\"51ea642f-d1a5-4d80-963e-5990c33fc8e0\",\"color\":\"rgba(255,69,69,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\",\"type\":\"sum\",\"field\":\"network.packets\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"3\",\"point_size\":\"0\",\"fill\":\"0\",\"stacked\":\"none\",\"label\":\"client requests\",\"type\":\"timeseries\",\"filter\":{\"query\":\"destination.port: 123 AND NOT source.port: 123\",\"language\":\"kuery\"}},{\"id\":\"eebf03a7-ddfb-4583-bf53-66f1908a614e\",\"color\":\"rgba(88,224,97,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"483e84a5-0810-4223-a287-f2bc89a2c4c9\",\"type\":\"sum\",\"field\":\"network.packets\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"3\",\"point_size\":\"0\",\"fill\":\"0\",\"stacked\":\"none\",\"label\":\"server responses\",\"type\":\"timeseries\",\"filter\":{\"query\":\"source.port: 123 AND NOT destination.port: 123\",\"language\":\"kuery\"}},{\"id\":\"9ee1064d-9856-4f7a-b617-ace899093f2f\",\"color\":\"rgba(97,221,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"826d4ddc-afc9-4dc8-b2b7-3fcf669411be\",\"type\":\"sum\",\"field\":\"network.packets\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"3\",\"point_size\":\"0\",\"fill\":\"0\",\"stacked\":\"none\",\"label\":\"symmetric messages\",\"type\":\"timeseries\",\"filter\":{\"query\":\"source.port: 123 AND destination.port: 123\",\"language\":\"kuery\"}},{\"id\":\"154dd607-6e7d-4184-b77e-50af243a2469\",\"color\":\"rgba(243,163,66,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"b23914c3-8abd-4758-a67c-96512d654b82\",\"type\":\"sum\",\"field\":\"network.packets\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"3\",\"point_size\":\"0\",\"fill\":\"0\",\"stacked\":\"none\",\"label\":\"broadcasts\",\"type\":\"timeseries\",\"filter\":{\"query\":\"destination.port: 123 AND destination.ip: \\\"224.0.1.1\\\"\",\"language\":\"kuery\"}}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-ecs-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"drop_last_bucket\":1,\"filter\":{\"query\":\"network.transport: \\\"udp\\\" AND (event.dataset: \\\"ipfix\\\" OR event.dataset: \\\"netflow\\\")\",\"language\":\"kuery\"},\"use_kibana_indexes\":false,\"axis_min\":\"0\"}}"},"coreMigrationVersion":"8.2.0","id":"c86cf81c-426e-4e0c-a3fd-8867b882ad06","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,14192],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY2NDIsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): NAV - Top-N (talkers)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Top-N (talkers)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"243e6f91-2230-4e05-bcdd-3fb4a0941bab\",\"type\":\"markdown\",\"series\":[{\"id\":\"51ea642f-d1a5-4d80-963e-5990c33fc8e0\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*-ecs-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"markdown\":\"[**Talkers**](#/dashboard/6ffd0f89-824f-480e-bac3-6208b569a7c5) |  [Services](#/dashboard/4b514334-15d6-4a15-a521-10b66d5fdab9) | [Apps](#/dashboard/b6e50103-6736-40f4-9041-5a9409feeae0) | [Conversations](#/dashboard/a3998237-07ba-4b06-bd44-2d0004b405ca)\\n***\",\"markdown_css\":\"p{color:#aaaaaa;margin-top:0;margin-bottom:12px} p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none} p a strong{color:#1ba9f5;font-weight:bold} hr{background-color:#aaaaaa;margin:0;height:1px} a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"78e4a637-7817-4b7f-a9ac-ef26e4d6bf6e","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,14193],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY2NDMsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): NTP Client Requests (packets) - TSVB (metric)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NTP Client Requests (packets) - TSVB (metric)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"243e6f91-2230-4e05-bcdd-3fb4a0941bab\",\"type\":\"metric\",\"series\":[{\"id\":\"51ea642f-d1a5-4d80-963e-5990c33fc8e0\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\",\"type\":\"sum\",\"field\":\"network.packets\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"3\",\"point_size\":\"0\",\"fill\":\"0\",\"stacked\":\"none\",\"label\":\"requests\",\"type\":\"timeseries\",\"filter\":{\"query\":\"\",\"language\":\"kuery\"}}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-ecs-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"drop_last_bucket\":1,\"background_color_rules\":[{\"id\":\"5ede7772-5bb9-4e6c-886a-346f69dc073b\"}],\"filter\":{\"query\":\"network.transport: \\\"udp\\\" AND (NOT source.port: 123) AND destination.port: 123 AND (event.dataset: \\\"ipfix\\\" OR event.dataset: \\\"netflow\\\")\",\"language\":\"kuery\"},\"time_range_mode\":\"entire_time_range\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true}}"},"coreMigrationVersion":"8.2.0","id":"23ece8dd-118a-465d-8b87-0c71d6d7b156","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,14194],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY2NDQsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Flows (client AS/server AS) - Vega (directed graph)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Flows (client AS/server AS) - Vega (directed graph)\",\"type\":\"vega\",\"aggs\":[],\"params\":{\"spec\":\"{\\n  \\\"$schema\\\": \\\"https://vega.github.io/schema/vega/v5.json\\\",\\n  \\\"description\\\": \\\"Copyright (C)2022 ElastiFlow Inc.\\\",\\n  \\\"autosize\\\": \\\"fit\\\",\\n  \\n  \\\"data\\\": [\\n    {\\n      \\\"name\\\": \\\"flows\\\",\\n      \\\"url\\\": {\\n        \\\"%context%\\\": true,\\n        \\\"%timefield%\\\": \\\"@timestamp\\\",\\n        \\\"index\\\": \\\"elastiflow-flow-ecs-*\\\",\\n        \\\"body\\\": {\\n          \\\"size\\\": 0,\\n          \\\"aggs\\\": {\\n            \\\"table\\\": {\\n              \\\"composite\\\": {\\n                \\\"size\\\": 384,\\n                \\\"sources\\\": [{\\n                    \\\"client\\\": {\\n                      \\\"terms\\\": {\\n                        \\\"field\\\": \\\"flow.client.as.label\\\"\\n                      }\\n                    }\\n                  },\\n                  {\\n                    \\\"server\\\": {\\n                      \\\"terms\\\": {\\n                        \\\"field\\\": \\\"flow.server.as.label\\\"\\n                      }\\n                    }\\n                  }\\n                ]\\n              },\\n              \\\"aggs\\\": {\\n                \\\"flow_bytes\\\": {\\n                  \\\"sum\\\": {\\n                    \\\"field\\\": \\\"network.bytes\\\"\\n                  }\\n                },\\n                \\\"flow_packets\\\": {\\n                  \\\"sum\\\": {\\n                    \\\"field\\\": \\\"network.packets\\\"\\n                  }\\n                }\\n              }\\n            }\\n          }\\n        }\\n      },\\n      \\\"format\\\": {\\n        \\\"property\\\": \\\"aggregations.table.buckets\\\"\\n      },\\n      \\\"transform\\\": [\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.key.client\\\",\\n          \\\"as\\\": \\\"source\\\"\\n        },\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.key.server\\\",\\n          \\\"as\\\": \\\"target\\\"\\n        },\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.flow_bytes.value\\\",\\n          \\\"as\\\": \\\"bytes\\\"\\n        },\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.flow_packets.value\\\",\\n          \\\"as\\\": \\\"packets\\\"\\n        }\\n      ]\\n    },\\n\\n    {\\n      \\\"name\\\": \\\"endpoints\\\",\\n      \\\"source\\\": \\\"flows\\\",\\n      \\\"transform\\\": [\\n        {\\n          \\\"type\\\": \\\"fold\\\",\\n          \\\"fields\\\": [\\\"source\\\", \\\"target\\\"],\\n          \\\"as\\\": [\\\"stack\\\", \\\"key\\\"]\\n        },\\n        {\\n          \\\"type\\\": \\\"aggregate\\\",\\n          \\\"groupby\\\": [\\\"key\\\"],\\n          \\\"fields\\\": [\\\"doc_count\\\", \\\"bytes\\\", \\\"packets\\\"],\\n          \\\"ops\\\": [\\\"sum\\\", \\\"sum\\\", \\\"sum\\\"],\\n          \\\"as\\\": [\\\"doc_count\\\", \\\"bytes\\\", \\\"packets\\\"]\\n        }\\n      ]\\n    },\\n\\n    {\\n      \\\"name\\\": \\\"traffic\\\",\\n      \\\"source\\\": \\\"flows\\\",\\n      \\\"transform\\\": [\\n        {\\n          \\\"type\\\": \\\"aggregate\\\",\\n          \\\"groupby\\\": [\\\"source\\\", \\\"target\\\"],\\n          \\\"fields\\\": [\\\"doc_count\\\", \\\"bytes\\\", \\\"packets\\\"],\\n          \\\"ops\\\": [\\\"sum\\\", \\\"sum\\\", \\\"sum\\\"],\\n          \\\"as\\\": [\\\"doc_count\\\", \\\"bytes\\\", \\\"packets\\\"]\\n        }\\n      ]\\n    }\\n  ],\\n\\n  \\\"scales\\\": [\\n    {\\n      \\\"name\\\": \\\"endpointBytesScale\\\",\\n      \\\"type\\\": \\\"quantile\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"endpoints\\\", \\\"field\\\": \\\"bytes\\\"},\\n      \\\"range\\\": [128,192,256,320,384,448,512,576,640,768,896,1024]\\n    },\\n    {\\n      \\\"name\\\": \\\"fontsizeEndpointBytesScale\\\",\\n      \\\"type\\\": \\\"quantile\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"endpoints\\\", \\\"field\\\": \\\"bytes\\\"},\\n      \\\"range\\\": [0,0,0,0,0,0,0,12]\\n    },\\n    {\\n      \\\"name\\\": \\\"colorEndpointsBytesBlues\\\",\\n      \\\"type\\\": \\\"quantile\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"endpoints\\\", \\\"field\\\": \\\"bytes\\\"},\\n      \\\"range\\\": [\\\"#99ddff\\\", \\\"#80d4ff\\\", \\\"#66ccff\\\", \\\"#33bbff\\\", \\\"#00aaff\\\", \\\"#0099e6\\\"]\\n    },\\n    {\\n      \\\"name\\\": \\\"colorEndpointsBytesLightBlues\\\",\\n      \\\"type\\\": \\\"quantile\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"endpoints\\\", \\\"field\\\": \\\"bytes\\\"},\\n      \\\"range\\\": [\\\"#e6f7ff\\\", \\\"#cceeff\\\", \\\"#b3e6ff\\\", \\\"#99ddff\\\"]\\n    },\\n    {\\n      \\\"name\\\": \\\"trafficBytesScale\\\",\\n      \\\"type\\\": \\\"quantile\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"traffic\\\", \\\"field\\\": \\\"bytes\\\"},\\n      \\\"range\\\": [1,2,3,4,6,8]\\n    },\\n    {\\n      \\\"name\\\": \\\"colorTrafficBytesGreys\\\",\\n      \\\"type\\\": \\\"quantile\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"traffic\\\", \\\"field\\\": \\\"bytes\\\"},\\n      \\\"range\\\": [\\\"#ddd\\\", \\\"#ccc\\\", \\\"#bbb\\\", \\\"#aaa\\\", \\\"#999\\\", \\\"#888\\\"]\\n    }\\n  ],\\n  \\n  \\\"signals\\\": [\\n    {\\n      \\\"name\\\": \\\"cx\\\",\\n      \\\"update\\\": \\\"width / 2\\\"\\n    },\\n    {\\n      \\\"name\\\": \\\"cy\\\",\\n      \\\"update\\\": \\\"height / 2\\\"\\n    },\\n    {\\n      \\\"name\\\": \\\"nodeCharge\\\",\\n      \\\"value\\\": -128,\\n      \\\"bind\\\": {\\\"input\\\": \\\"range\\\", \\\"min\\\": -200, \\\"max\\\": 10, \\\"step\\\": 1}\\n    },\\n    {\\n      \\\"name\\\": \\\"linkDistance\\\",\\n      \\\"value\\\": 18,\\n      \\\"bind\\\": {\\\"input\\\": \\\"range\\\", \\\"min\\\": 8, \\\"max\\\": 64, \\\"step\\\": 1}\\n    },\\n    {\\n      \\\"name\\\": \\\"decay\\\",\\n      \\\"value\\\": 0.5,\\n      \\\"bind\\\": {\\\"input\\\": \\\"range\\\", \\\"min\\\": 0, \\\"max\\\": 1, \\\"step\\\": 0.01}\\n    },\\n    {\\n      \\\"name\\\": \\\"gravityX\\\",\\n      \\\"value\\\": 0.1,\\n      \\\"bind\\\": {\\\"input\\\": \\\"range\\\", \\\"min\\\": 0, \\\"max\\\": 1}\\n    },\\n    {\\n      \\\"name\\\": \\\"gravityY\\\",\\n      \\\"value\\\": 0.2,\\n      \\\"bind\\\": {\\\"input\\\": \\\"range\\\", \\\"min\\\": 0, \\\"max\\\": 1}\\n    },\\n    {\\n      \\\"name\\\": \\\"static\\\",\\n      \\\"value\\\": false,\\n      \\\"bind\\\": {\\\"input\\\": \\\"checkbox\\\"}\\n    },\\n    {\\n      \\\"name\\\": \\\"fix\\\",\\n      \\\"value\\\": false,\\n      \\\"on\\\": [\\n        {\\n          \\\"events\\\": \\\"symbol:mouseout[!event.buttons], window:mouseup\\\",\\n          \\\"update\\\": \\\"false\\\"\\n        },\\n        {\\n          \\\"events\\\": \\\"symbol:mouseover\\\",\\n          \\\"update\\\": \\\"fix || true\\\"\\n        },\\n        {\\n          \\\"events\\\": \\\"[symbol:mousedown, window:mouseup] > window:mousemove!\\\",\\n          \\\"update\\\": \\\"xy()\\\",\\n          \\\"force\\\": true\\n        }\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"node\\\",\\n      \\\"value\\\": null,\\n      \\\"on\\\": [\\n        {\\n          \\\"events\\\": \\\"symbol:mouseover\\\",\\n          \\\"update\\\": \\\"fix === true ? item() : node\\\"\\n        }\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"restart\\\",\\n      \\\"value\\\": false,\\n      \\\"on\\\": [\\n        {\\n          \\\"events\\\": {\\\"signal\\\": \\\"fix\\\"}, \\\"update\\\": \\\"fix && fix.length\\\"\\n        }\\n      ]\\n    }\\n  ],\\n  \\n  \\\"marks\\\": [\\n    {\\n      \\\"name\\\": \\\"nodes\\\",\\n      \\\"type\\\": \\\"symbol\\\",\\n      \\\"zindex\\\": 1,\\n      \\\"from\\\": {\\\"data\\\": \\\"endpoints\\\"},\\n      \\\"on\\\": [\\n        {\\n          \\\"trigger\\\": \\\"fix\\\",\\n          \\\"modify\\\": \\\"node\\\",\\n          \\\"values\\\": \\\"fix === true ? {fx: node.x, fy: node.y} : {fx: fix[0], fy: fix[1]}\\\"\\n        },\\n        {\\\"trigger\\\": \\\"!fix\\\", \\\"modify\\\": \\\"node\\\", \\\"values\\\": \\\"{fx: null, fy: null}\\\"}\\n      ],\\n      \\\"encode\\\": {\\n        \\\"enter\\\": {\\n          \\\"fill\\\": {\\\"scale\\\": \\\"colorEndpointsBytesBlues\\\", \\\"field\\\": \\\"bytes\\\"},\\n          \\\"stroke\\\": {\\\"scale\\\": \\\"colorEndpointsBytesLightBlues\\\", \\\"field\\\": \\\"bytes\\\"},\\n          \\\"xfocus\\\": {\\\"signal\\\": \\\"cx\\\"},\\n          \\\"yfocus\\\": {\\\"signal\\\": \\\"cy\\\"}\\n        },\\n        \\\"update\\\": {\\n          \\\"size\\\": {\\\"scale\\\": \\\"endpointBytesScale\\\", \\\"field\\\": \\\"bytes\\\"},\\n          \\\"cursor\\\": {\\\"value\\\": \\\"pointer\\\"}\\n        },\\n        \\\"hover\\\": {\\n          \\\"tooltip\\\": {\\n            \\\"signal\\\": \\\"datum.key + ' (Bytes: ' + format(datum.bytes, '.2s') + ', Packets: ' + datum.packets + ', Records: ' + datum.doc_count + ')'\\\"\\n          }\\n        }\\n      },\\n      \\\"transform\\\": [\\n        {\\n          \\\"type\\\": \\\"force\\\",\\n          \\\"iterations\\\": 160,\\n          \\\"velocityDecay\\\": {\\n            \\\"signal\\\": \\\"decay\\\"\\n          },\\n          \\\"restart\\\": {\\\"signal\\\": \\\"restart\\\"},\\n          \\\"static\\\": {\\\"signal\\\": \\\"static\\\"},\\n          \\\"signal\\\": \\\"force\\\",\\n          \\\"forces\\\": [\\n            {\\\"force\\\": \\\"center\\\", \\\"x\\\": {\\\"signal\\\": \\\"cx\\\"}, \\\"y\\\": {\\\"signal\\\": \\\"cy\\\"}},\\n            {\\\"force\\\": \\\"x\\\", \\\"x\\\": \\\"xfocus\\\", \\\"strength\\\": {\\\"signal\\\": \\\"gravityX\\\"}},\\n            {\\\"force\\\": \\\"y\\\", \\\"y\\\": \\\"yfocus\\\", \\\"strength\\\": {\\\"signal\\\": \\\"gravityY\\\"}},\\n            {\\\"force\\\": \\\"collide\\\", \\\"radius\\\": {\\\"signal\\\": \\\"linkDistance\\\"}},\\n            {\\\"force\\\": \\\"nbody\\\", \\\"strength\\\": {\\\"signal\\\": \\\"nodeCharge\\\"}},\\n            {\\\"force\\\": \\\"link\\\", \\\"links\\\": \\\"traffic\\\", \\\"id\\\": \\\"datum.key\\\", \\\"distance\\\": {\\\"signal\\\": \\\"linkDistance\\\"}}\\n          ]\\n        }\\n      ]\\n    },\\n    {\\n      \\\"type\\\": \\\"text\\\",\\n      \\\"zindex\\\": 2,\\n      \\\"from\\\": {\\\"data\\\": \\\"nodes\\\"},\\n      \\\"interactive\\\": false,\\n      \\\"encode\\\": {\\n        \\\"enter\\\": {\\n          \\\"fill\\\": {\\\"value\\\": \\\"black\\\"},\\n          \\\"fontSize\\\": {\\\"scale\\\": \\\"fontsizeEndpointBytesScale\\\", \\\"field\\\": \\\"datum.bytes\\\"}\\n        },\\n        \\\"update\\\": {\\n          \\\"y\\\": {\\\"field\\\": \\\"y\\\", \\\"offset\\\": {\\\"signal\\\": \\\"sqrt(datum.size/2) * 1.3\\\"}},\\n          \\\"x\\\": {\\\"field\\\": \\\"x\\\"},\\n          \\\"text\\\": {\\\"field\\\": \\\"datum.key\\\"},\\n          \\\"align\\\": {\\\"value\\\": \\\"center\\\"}\\n        }\\n      }\\n    },\\n    {\\n      \\\"name\\\": \\\"paths\\\",\\n      \\\"type\\\": \\\"path\\\",\\n      \\\"from\\\": {\\\"data\\\": \\\"traffic\\\"},\\n      \\\"interactive\\\": true,\\n      \\\"encode\\\": {\\n        \\\"update\\\": {\\n          \\\"stroke\\\": {\\\"scale\\\": \\\"colorTrafficBytesGreys\\\", \\\"field\\\": \\\"bytes\\\"},\\n          \\\"strokeWidth\\\": {\\\"scale\\\": \\\"trafficBytesScale\\\", \\\"field\\\": \\\"bytes\\\"}\\n        },\\n        \\\"hover\\\": {\\n          \\\"tooltip\\\": {\\n            \\\"signal\\\": \\\"'Bytes: ' + format(datum.bytes, '.2s') + ', Packets: ' + datum.packets + ', Records: ' + datum.doc_count\\\"\\n          }\\n        }\\n      },\\n      \\\"transform\\\": [\\n        {\\n          \\\"type\\\": \\\"linkpath\\\",\\n          \\\"require\\\": {\\\"signal\\\": \\\"force\\\"},\\n          \\\"shape\\\": \\\"curve\\\",\\n          \\\"sourceX\\\": \\\"datum.source.x\\\",\\n          \\\"sourceY\\\": \\\"datum.source.y\\\",\\n          \\\"targetX\\\": \\\"datum.target.x\\\",\\n          \\\"targetY\\\": \\\"datum.target.y\\\"\\n        }\\n      ]\\n    }\\n  ]\\n}\\n\"}}"},"coreMigrationVersion":"8.2.0","id":"bec8666b-5425-41d0-b02c-2755d8b8af17","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,14195],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY2NDUsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"event.dataset\",\"negate\":false,\"params\":[\"ipfix\",\"netflow\"],\"type\":\"phrases\",\"value\":\"ipfix, netflow\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"event.dataset\":\"ipfix\"}},{\"match_phrase\":{\"event.dataset\":\"netflow\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"network.transport\",\"negate\":false,\"params\":{\"query\":\"udp\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"match_phrase\":{\"network.transport\":\"udp\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"source.port\",\"negate\":true,\"params\":{\"query\":\"123\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"match_phrase\":{\"source.port\":\"123\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"destination.port\",\"negate\":false,\"params\":{\"query\":\"123\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[3].meta.index\"},\"query\":{\"match_phrase\":{\"destination.port\":\"123\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): NTP Client Requests by Client - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: NTP Client Requests by Client - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"Req\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"client.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":99,\"otherBucket\":true,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"NTP Client\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"fc89185c-ccf2-44fd-8508-f71dd89f3b01","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[3].meta.index","type":"index-pattern"}],"sort":[1675811601479,14201],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY2NDYsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Source Autonomous Systems (packets) - donut/left","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow (flow): Source Autonomous Systems (packets) - donut/left\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"Packets\",\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.as.label\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source AS\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"left\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"nestedLegend\":false,\"truncateLegend\":true,\"maxLegendLines\":1,\"emptySizeRatio\":0.3,\"legendSize\":180}}"},"coreMigrationVersion":"8.2.0","id":"0e8e65ee-3966-497c-bfe6-e5f1afc90168","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1675812203558,16258],"type":"visualization","updated_at":"2023-02-07T23:23:23.558Z","version":"Wzc5NDYsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Remote Desktop Sessions from Private IP - metric","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Remote Desktop Sessions from Private IP - metric\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"value\":0,\"id\":\"3374bc0c-cb5c-4fce-943a-f37049156236\",\"background_color\":\"rgba(204,204,204,1)\",\"operator\":\"gte\"},{\"value\":50,\"id\":\"c17422fd-f5ec-4ec6-b841-adaaa6a32d63\",\"background_color\":\"rgba(68,170,255,1)\",\"operator\":\"gte\"},{\"value\":500,\"id\":\"f581ce81-0463-4201-b122-a3d34fc5bee2\",\"background_color\":\"rgba(255,136,0,1)\",\"operator\":\"gte\"},{\"value\":5000,\"id\":\"0e11ceff-5cde-4958-a909-1a417e4c0e46\",\"background_color\":\"rgba(221,0,0,1)\",\"operator\":\"gte\"},{\"value\":null,\"id\":\"3ed105fb-aacf-4055-b64a-3d0eb83b7781\",\"background_color\":\"rgba(204,204,204,1)\",\"operator\":\"empty\"}],\"filter\":{\"query\":\"\\\"destination.port\\\": (1494 OR 3389 OR 5900 OR 5901 OR 5902 OR 5903 OR 5904) AND source.as.organization.name: \\\"PRIVATE\\\" AND destination.as.organization.name: \\\"PRIVATE\\\"\",\"language\":\"kuery\"},\"id\":\"243e6f91-2230-4e05-bcdd-3fb4a0941bab\",\"index_pattern\":\"elastiflow-flow-ecs-*\",\"interval\":\"\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"number\",\"id\":\"51ea642f-d1a5-4d80-963e-5990c33fc8e0\",\"label\":\"Remote Desktop Sessions (Private)\",\"line_width\":1,\"metrics\":[{\"id\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\",\"type\":\"cardinality\",\"field\":\"source.port\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"kibana\",\"split_mode\":\"everything\",\"stacked\":\"none\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"time_range_mode\":\"entire_time_range\",\"tooltip_mode\":\"show_all\",\"type\":\"metric\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"b82c19df-4728-4d35-b43d-1863143ad8ff","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,14204],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY2NDgsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Exporter, Type - input list","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Exporter, Type - input list\",\"type\":\"input_control_vis\",\"aggs\":[],\"params\":{\"controls\":[{\"id\":\"1607868774014\",\"fieldName\":\"flow.export.version.name\",\"parent\":\"\",\"label\":\"Flow Type\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":20,\"order\":\"desc\"},\"indexPatternRefName\":\"control_0_index_pattern\"},{\"id\":\"1607868729183\",\"fieldName\":\"host.name\",\"parent\":\"\",\"label\":\"Flow Exporter\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":1000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_1_index_pattern\"}],\"updateFiltersOnChange\":true,\"useTimeFilter\":true,\"pinFilters\":true}}"},"coreMigrationVersion":"8.2.0","id":"945ad491-6ca5-42f6-a90d-8a8b6a833f4b","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"control_0_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"control_1_index_pattern","type":"index-pattern"}],"sort":[1675811601479,14207],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY2NDksMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): VLANs Ingress and Egress (records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: VLANs Ingress and Egress (records) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Records\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.vlan.id\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Ingress VLAN\"},\"schema\":\"segment\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.out.vlan.tag.id\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Egress VLAN\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\"}}"},"coreMigrationVersion":"8.2.0","id":"2eb8f546-4155-4770-bea5-9145a7f921c1","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1675811601479,14209],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY2NTAsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): DHCP Req/Resp (packets) - TSVB (line)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: DHCP Req/Resp (packets) - TSVB (line)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"time_range_mode\":\"entire_time_range\",\"id\":\"243e6f91-2230-4e05-bcdd-3fb4a0941bab\",\"type\":\"timeseries\",\"series\":[{\"id\":\"1e83b472-b02c-4699-8166-43c6c9a164a2\",\"color\":\"rgba(163,144,185,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"a8d5d30f-0529-43f4-879c-b2218d1a40e4\",\"type\":\"sum\",\"field\":\"network.packets\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"3\",\"point_size\":\"0\",\"fill\":\"0\",\"stacked\":\"none\",\"label\":\"broadcast\",\"type\":\"timeseries\",\"filter\":{\"query\":\"source.port: 68 AND destination.port: 67 AND destination.ip: 255.255.255.255\",\"language\":\"kuery\"}},{\"id\":\"51ea642f-d1a5-4d80-963e-5990c33fc8e0\",\"color\":\"rgba(255,69,69,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\",\"type\":\"sum\",\"field\":\"network.packets\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"3\",\"point_size\":\"0\",\"fill\":\"0\",\"stacked\":\"none\",\"label\":\"requests\",\"type\":\"timeseries\",\"filter\":{\"query\":\"source.port: 68 AND destination.port: 67 AND NOT destination.ip: 255.255.255.255\",\"language\":\"kuery\"}},{\"id\":\"eebf03a7-ddfb-4583-bf53-66f1908a614e\",\"color\":\"rgba(88,224,97,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"483e84a5-0810-4223-a287-f2bc89a2c4c9\",\"type\":\"sum\",\"field\":\"network.packets\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"3\",\"point_size\":\"0\",\"fill\":\"0\",\"stacked\":\"none\",\"label\":\"responses\",\"type\":\"timeseries\",\"filter\":{\"query\":\"source.port: 67 AND destination.port: 68\",\"language\":\"kuery\"}},{\"id\":\"94f97745-5c9e-4e5f-ab39-3ae858ee434a\",\"color\":\"rgba(138,182,223,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"5f3fe1ef-9fe6-4496-b353-820c73520ebb\",\"type\":\"sum\",\"field\":\"network.packets\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"3\",\"point_size\":\"0\",\"fill\":\"0\",\"stacked\":\"none\",\"label\":\"relayed\",\"type\":\"timeseries\",\"filter\":{\"query\":\"source.port: 67 AND destination.port: 67\",\"language\":\"kuery\"}}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-ecs-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"drop_last_bucket\":1,\"filter\":{\"query\":\"network.transport: \\\"udp\\\" AND (event.dataset: \\\"ipfix\\\" OR event.dataset: \\\"netflow\\\")\",\"language\":\"kuery\"},\"use_kibana_indexes\":false,\"axis_min\":\"0\"}}"},"coreMigrationVersion":"8.2.0","id":"5f66844b-ad53-4aa5-b666-3cc37259b181","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,14210],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY2NTEsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): NAV - Overview","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Overview\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"time_range_mode\":\"last_value\",\"id\":\"243e6f91-2230-4e05-bcdd-3fb4a0941bab\",\"type\":\"markdown\",\"series\":[{\"time_range_mode\":\"entire_time_range\",\"id\":\"51ea642f-d1a5-4d80-963e-5990c33fc8e0\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*-ecs-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"markdown\":\"[**Overview**](#/dashboard/bbed16d8-b093-43a7-906a-c540bd306de6) | [Top-N](#/dashboard/6ffd0f89-824f-480e-bac3-6208b569a7c5) | [Core Services](#/dashboard/7bba2030-1878-4d50-a9c4-21372a9a3c73) | [Threats](#/dashboard/b9f81d8f-5f4a-4396-9372-de586cd9e67c) | [Flows](#/dashboard/d65172bd-25ad-445d-a6d7-c8c088993cdb) | [Graph](#/dashboard/428e8b89-92d5-4e7b-a83a-8379083a0874) | [Geo IP](#/dashboard/4d2f9e68-5019-4811-a3b6-081fd79db1e1) | [AS Traffic](#/dashboard/81f1a40e-98e5-4d15-bb0f-938a495f2af1) | [Exporters](#/dashboard/14d5dd97-4807-4267-9399-b5ced2d9abbe) | [Traffic Details](#/dashboard/fc15dfee-2dc4-4370-8cac-e6f9c73bcdf2) | [Flow Records](#/dashboard/31e00644-3a1e-4e11-9256-5f35aadd077c)\\n***\",\"markdown_css\":\"p{color:#aaaaaa;margin-top:0;margin-bottom:12px} p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none} p a strong{color:#1ba9f5;font-weight:bold} hr{background-color:#aaaaaa;margin:0;height:1px} a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1,\"truncate_legend\":1,\"max_lines_legend\":1}}"},"coreMigrationVersion":"8.2.0","id":"20b9a33a-1f6b-4228-86c6-6362ffecbabc","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,14211],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY2NTIsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Flow Record Count (Threats) - TSVB (metric)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Flow Record Count (Threats) - TSVB (metric)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"243e6f91-2230-4e05-bcdd-3fb4a0941bab\",\"type\":\"metric\",\"series\":[{\"id\":\"51ea642f-d1a5-4d80-963e-5990c33fc8e0\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\",\"type\":\"count\",\"field\":\"flow.conversation.id\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Flow Records\",\"filter\":{\"query\":\"\",\"language\":\"kuery\"}}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-ecs-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"background_color_rules\":[{\"id\":\"a075e039-575f-4c8b-b940-2e884eba28aa\"}],\"time_range_mode\":\"entire_time_range\",\"filter\":{\"query\":\"sec.threat.name: * and (network.community_id : * or flow.conversation.id : *) \",\"language\":\"kuery\"},\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"8e357780-159d-46d8-9a74-ce18696dee9e","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,14212],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY2NTMsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): UDP Amplification Sources - metric","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: UDP Amplification Sources - metric\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"value\":0,\"id\":\"3374bc0c-cb5c-4fce-943a-f37049156236\",\"background_color\":\"rgba(204,204,204,1)\",\"operator\":\"gte\"},{\"value\":100,\"id\":\"c17422fd-f5ec-4ec6-b841-adaaa6a32d63\",\"background_color\":\"rgba(68,170,255,1)\",\"operator\":\"gte\"},{\"value\":1000,\"id\":\"f581ce81-0463-4201-b122-a3d34fc5bee2\",\"background_color\":\"rgba(255,136,0,1)\",\"operator\":\"gte\"},{\"value\":10000,\"id\":\"0e11ceff-5cde-4958-a909-1a417e4c0e46\",\"background_color\":\"rgba(221,0,0,1)\",\"operator\":\"gte\"},{\"value\":null,\"id\":\"d0d65d08-4d96-49fa-b1b4-cd2cbee0feb9\",\"background_color\":\"rgba(204,204,204,1)\",\"operator\":\"empty\"}],\"filter\":{\"query\":\"network.transport: \\\"udp\\\" AND NOT source.as.organization.name: \\\"PRIVATE\\\" AND source.port: (17 OR 19 OR 53 OR 69 OR 111 OR 123 OR 137 OR 161 OR 389 OR 520 OR 751 OR 1434 OR 1645 OR 1646 OR 1812 OR 1813 OR 1900 OR 3702 OR 5093 OR 5353 OR 11211 OR 27015 OR 27960)\",\"language\":\"kuery\"},\"id\":\"243e6f91-2230-4e05-bcdd-3fb4a0941bab\",\"index_pattern\":\"elastiflow-flow-ecs-*\",\"interval\":\"\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"number\",\"id\":\"51ea642f-d1a5-4d80-963e-5990c33fc8e0\",\"label\":\"UDP Sources\",\"line_width\":1,\"metrics\":[{\"id\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\",\"type\":\"cardinality\",\"field\":\"source.ip\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"kibana\",\"split_mode\":\"everything\",\"stacked\":\"none\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"time_range_mode\":\"entire_time_range\",\"tooltip_mode\":\"show_all\",\"type\":\"metric\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"6906a606-6f4c-4c7b-b20b-18c7ec43b90c","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,14213],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY2NTQsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Service Count - TSVB (metric)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Service Count - TSVB (metric)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"243e6f91-2230-4e05-bcdd-3fb4a0941bab\",\"type\":\"metric\",\"series\":[{\"id\":\"51ea642f-d1a5-4d80-963e-5990c33fc8e0\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\",\"type\":\"cardinality\",\"field\":\"flow.server.l4.port.name\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Services\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-ecs-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"background_color_rules\":[{\"id\":\"a075e039-575f-4c8b-b940-2e884eba28aa\"}],\"time_range_mode\":\"entire_time_range\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"1d4d0453-c9b5-486a-9732-be533d0462ed","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,14214],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY2NTUsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Remote Desktop Sessions from Public IP - metric","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Remote Desktop Sessions from Public IP - metric\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"value\":0,\"id\":\"3374bc0c-cb5c-4fce-943a-f37049156236\",\"background_color\":\"rgba(204,204,204,1)\",\"operator\":\"gte\"},{\"value\":50,\"id\":\"c17422fd-f5ec-4ec6-b841-adaaa6a32d63\",\"background_color\":\"rgba(68,170,255,1)\",\"operator\":\"gte\"},{\"value\":500,\"id\":\"f581ce81-0463-4201-b122-a3d34fc5bee2\",\"background_color\":\"rgba(255,136,0,1)\",\"operator\":\"gte\"},{\"value\":5000,\"id\":\"0e11ceff-5cde-4958-a909-1a417e4c0e46\",\"background_color\":\"rgba(221,0,0,1)\",\"operator\":\"gte\"},{\"value\":null,\"id\":\"e9eb955e-c562-4807-b961-89be5980a477\",\"background_color\":\"rgba(204,204,204,1)\",\"operator\":\"empty\"}],\"filter\":{\"query\":\"\\\"destination.port\\\": (1494 OR 3389 OR 5900 OR 5901 OR 5902 OR 5903 OR 5904) AND NOT source.as.organization.name: \\\"PRIVATE\\\"\",\"language\":\"kuery\"},\"id\":\"243e6f91-2230-4e05-bcdd-3fb4a0941bab\",\"index_pattern\":\"elastiflow-flow-ecs-*\",\"interval\":\"\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"number\",\"id\":\"51ea642f-d1a5-4d80-963e-5990c33fc8e0\",\"label\":\"Remote Desktop Sessions (Public)\",\"line_width\":1,\"metrics\":[{\"id\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\",\"type\":\"cardinality\",\"field\":\"source.port\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"kibana\",\"split_mode\":\"everything\",\"stacked\":\"none\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"time_range_mode\":\"entire_time_range\",\"tooltip_mode\":\"show_all\",\"type\":\"metric\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"4180ab1f-46ab-4c68-a8d6-694ba0900a61","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,14215],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY2NTYsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): UDP Amplification Bytes - metric","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: UDP Amplification Bytes - metric\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"value\":0,\"id\":\"3374bc0c-cb5c-4fce-943a-f37049156236\",\"background_color\":\"rgba(204,204,204,1)\",\"operator\":\"gte\"},{\"value\":100000000,\"id\":\"c17422fd-f5ec-4ec6-b841-adaaa6a32d63\",\"background_color\":\"rgba(68,170,255,1)\",\"operator\":\"gte\"},{\"value\":1000000000,\"id\":\"f581ce81-0463-4201-b122-a3d34fc5bee2\",\"background_color\":\"rgba(255,136,0,1)\",\"operator\":\"gte\"},{\"value\":10000000000,\"id\":\"0e11ceff-5cde-4958-a909-1a417e4c0e46\",\"background_color\":\"rgba(221,0,0,1)\",\"operator\":\"gte\"},{\"value\":null,\"id\":\"1cb6ed3d-c7e2-4e43-a953-becef7f24cea\",\"background_color\":\"rgba(204,204,204,1)\",\"operator\":\"empty\"}],\"filter\":{\"query\":\"network.transport: \\\"udp\\\" AND NOT source.as.organization.name: \\\"PRIVATE\\\" AND source.port: (17 OR 19 OR 53 OR 69 OR 111 OR 123 OR 137 OR 161 OR 389 OR 520 OR 751 OR 1434 OR 1645 OR 1646 OR 1812 OR 1813 OR 1900 OR 3702 OR 5093 OR 5353 OR 11211 OR 27015 OR 27960)\",\"language\":\"kuery\"},\"id\":\"243e6f91-2230-4e05-bcdd-3fb4a0941bab\",\"index_pattern\":\"elastiflow-flow-ecs-*\",\"interval\":\"\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"bytes\",\"id\":\"51ea642f-d1a5-4d80-963e-5990c33fc8e0\",\"label\":\"UDP Bytes\",\"line_width\":1,\"metrics\":[{\"id\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\",\"type\":\"sum\",\"field\":\"network.bytes\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"kibana\",\"split_mode\":\"everything\",\"stacked\":\"none\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"time_range_mode\":\"entire_time_range\",\"tooltip_mode\":\"show_all\",\"type\":\"metric\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"b937c42c-931d-49a1-b06a-4942513fc749","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,14216],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY2NTcsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"term\":{\"client.as.organization.name\":\"PRIVATE\"}},{\"term\":{\"server.as.organization.name\":\"PRIVATE\"}}]},\"meta\":{\"alias\":\"Private\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"term\\\":{\\\"client.as.organization.name\\\":\\\"PRIVATE\\\"}},{\\\"term\\\":{\\\"server.as.organization.name\\\":\\\"PRIVATE\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Recon Port Scan (Private) - table","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Recon Port Scan (Private) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"server.port\",\"customLabel\":\"Ports\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"client.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"server.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":14,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"00af5765-8fd2-47ad-93ac-55edec4f99e3","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1675811601479,14219],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY2NTgsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Throughput/Layer-4 Protocol (bits/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/Layer-4 Protocol (bits/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"243e6f91-2230-4e05-bcdd-3fb4a0941bab\",\"type\":\"timeseries\",\"series\":[{\"id\":\"51ea642f-d1a5-4d80-963e-5990c33fc8e0\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\",\"type\":\"sum\",\"field\":\"network.bytes\"},{\"id\":\"6a8fef1c-81ba-4dc7-9707-418a50286686\",\"type\":\"calculation\",\"variables\":[{\"id\":\"99002288-db72-4bdf-a45f-ab3f6fd9def5\",\"name\":\"bytes\",\"field\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\"},{\"id\":\"421e0fdf-4321-44f1-bb3e-439c1e13ed98\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"be634496-f50c-476b-b941-f643e4e5e302\",\"type\":\"sum\",\"field\":\"network.bytes\"},{\"id\":\"ad71e075-6b32-48d3-9166-56de5602e828\",\"type\":\"calculation\",\"variables\":[{\"id\":\"6444c352-97d0-411f-a9cb-84d693544965\",\"name\":\"bytes\",\"field\":\"be634496-f50c-476b-b941-f643e4e5e302\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Cities\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\",\"terms_field\":\"network.transport\",\"terms_size\":\"25\",\"terms_order_by\":\"be634496-f50c-476b-b941-f643e4e5e302\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-ecs-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"filter\":{\"query\":\"network.transport: * \",\"language\":\"kuery\"},\"axis_min\":\"0\",\"use_kibana_indexes\":false,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"8b82ca12-4e6c-4a03-9d65-2ab08fe88743","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,14220],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY2NTksMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Source Count - TSVB (metric)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Source Count - TSVB (metric)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"243e6f91-2230-4e05-bcdd-3fb4a0941bab\",\"type\":\"metric\",\"series\":[{\"id\":\"51ea642f-d1a5-4d80-963e-5990c33fc8e0\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\",\"type\":\"cardinality\",\"field\":\"source.domain\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Sources\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-ecs-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"background_color_rules\":[{\"id\":\"a075e039-575f-4c8b-b940-2e884eba28aa\"}],\"time_range_mode\":\"entire_time_range\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"28538b29-ec02-4319-9772-96fd3256a00e","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,14221],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY2NjAsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Throughput/City (pkts/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/City (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"243e6f91-2230-4e05-bcdd-3fb4a0941bab\",\"type\":\"timeseries\",\"series\":[{\"id\":\"51ea642f-d1a5-4d80-963e-5990c33fc8e0\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\",\"type\":\"sum\",\"field\":\"network.packets\"},{\"id\":\"c683167b-0266-4ef9-8b84-e76434f9a4ff\",\"type\":\"math\",\"variables\":[{\"id\":\"5bdf7abc-9557-45fb-96df-0bab20808722\",\"name\":\"packets\",\"field\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\"},{\"id\":\"421e0fdf-4321-44f1-bb3e-439c1e13ed98\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"be634496-f50c-476b-b941-f643e4e5e302\",\"type\":\"sum\",\"field\":\"network.packets\"},{\"id\":\"205afdc2-c633-440f-a985-68c282af07fc\",\"type\":\"math\",\"variables\":[{\"id\":\"955cf233-9c5d-4b8e-b892-2113994a9948\",\"name\":\"packets\",\"field\":\"be634496-f50c-476b-b941-f643e4e5e302\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Cities\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\",\"terms_field\":\"geo.city.name\",\"terms_size\":\"25\",\"terms_order_by\":\"be634496-f50c-476b-b941-f643e4e5e302\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-ecs-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"filter\":{\"query\":\"geo.city.name: * \",\"language\":\"kuery\"},\"axis_min\":\"0\",\"use_kibana_indexes\":false,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"ee563759-c60c-4f01-b9cb-009f1b74f4ec","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,14222],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY2NjEsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): NAV - Traffic Details (types)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Traffic Details (types)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"243e6f91-2230-4e05-bcdd-3fb4a0941bab\",\"type\":\"markdown\",\"series\":[{\"id\":\"51ea642f-d1a5-4d80-963e-5990c33fc8e0\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*-ecs-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"markdown\":\"[Attributes](#/dashboard/fc15dfee-2dc4-4370-8cac-e6f9c73bcdf2) | [**Types**](#/dashboard/6e0aaa1b-5b37-44e7-8034-7a5cbd14023b) | [Locality](#/dashboard/52ec57df-2a74-488f-afc2-ccbcf5c70918)\\n***\",\"markdown_css\":\"p{color:#aaaaaa;margin-top:0;margin-bottom:12px} p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none} p a strong{color:#1ba9f5;font-weight:bold} hr{background-color:#aaaaaa;margin:0;height:1px} a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"05a3bf66-0b09-49d5-82b3-9f49992dfb4b","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,14223],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY2NjIsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"terms\":{\"network.transport\":[\"icmp\",\"ipv6-icmp\"]}},{\"term\":{\"source.as.organization.name\":\"PRIVATE\"}}],\"must_not\":[{\"term\":{\"destination.as.organization.name\":\"PRIVATE\"}}]},\"meta\":{\"alias\":\"ICMP Outbound\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"terms\\\":{\\\"network.transport\\\":[\\\"icmp\\\",\\\"ipv6-icmp\\\"]}},{\\\"term\\\":{\\\"source.as.organization.name\\\":\\\"PRIVATE\\\"}}],\\\"must_not\\\":[{\\\"term\\\":{\\\"destination.as.organization.name\\\":\\\"PRIVATE\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): ICMP Sources (Outbound) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: ICMP Sources (Outbound) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"source.ip\",\"customLabel\":\"Sources\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"29911d9b-c9ff-43c5-b5de-d672554dac89","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1675811601479,14226],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY2NjMsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): NAV - Top-N (services)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Top-N (services)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"243e6f91-2230-4e05-bcdd-3fb4a0941bab\",\"type\":\"markdown\",\"series\":[{\"id\":\"51ea642f-d1a5-4d80-963e-5990c33fc8e0\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*-ecs-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"markdown\":\"[Talkers](#/dashboard/6ffd0f89-824f-480e-bac3-6208b569a7c5) |  [**Services**](#/dashboard/4b514334-15d6-4a15-a521-10b66d5fdab9) | [Apps](#/dashboard/b6e50103-6736-40f4-9041-5a9409feeae0) | [Conversations](#/dashboard/a3998237-07ba-4b06-bd44-2d0004b405ca)\\n***\",\"markdown_css\":\"p{color:#aaaaaa;margin-top:0;margin-bottom:12px} p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none} p a strong{color:#1ba9f5;font-weight:bold} hr{background-color:#aaaaaa;margin:0;height:1px} a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"551fc8be-4f1f-4db2-bae3-d31f48477a51","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,14227],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY2NjQsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Flow Locality (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow (flow): Flow Locality (flow records) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Records\",\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.locality\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Locality\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"nestedLegend\":false,\"truncateLegend\":true,\"maxLegendLines\":1,\"emptySizeRatio\":0.3,\"legendSize\":180}}"},"coreMigrationVersion":"8.2.0","id":"39d5cd36-e9b0-44ed-af52-72808d2cee86","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1675812956733,17602],"type":"visualization","updated_at":"2023-02-07T23:35:56.733Z","version":"WzkyODQsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Throughput/Server AS (pkts/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/Server AS (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"243e6f91-2230-4e05-bcdd-3fb4a0941bab\",\"type\":\"timeseries\",\"series\":[{\"id\":\"51ea642f-d1a5-4d80-963e-5990c33fc8e0\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\",\"type\":\"sum\",\"field\":\"network.packets\"},{\"id\":\"6898d734-0611-4919-a660-4a89679ee110\",\"type\":\"math\",\"variables\":[{\"id\":\"638e6df2-c5c3-4fec-be69-0f1d2d67036c\",\"name\":\"packets\",\"field\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\"},{\"id\":\"421e0fdf-4321-44f1-bb3e-439c1e13ed98\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"be634496-f50c-476b-b941-f643e4e5e302\",\"type\":\"sum\",\"field\":\"network.packets\"},{\"id\":\"f7cd2a3c-8c18-4132-9664-2142fb8f0326\",\"type\":\"math\",\"variables\":[{\"id\":\"8244cb54-ce83-4dec-a132-2c7e979cf02d\",\"name\":\"packets\",\"field\":\"be634496-f50c-476b-b941-f643e4e5e302\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Autonomous Systems\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\",\"terms_field\":\"flow.server.as.label\",\"terms_size\":\"25\",\"terms_order_by\":\"be634496-f50c-476b-b941-f643e4e5e302\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-ecs-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"filter\":{\"query\":\"flow.server.as.label: * \",\"language\":\"kuery\"},\"axis_min\":\"0\",\"use_kibana_indexes\":false,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"80dec333-26a2-4a1f-9adf-9ad4da5fe4a6","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,14230],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY2NjYsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): NAV - Flows (AS)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Flows (AS)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"243e6f91-2230-4e05-bcdd-3fb4a0941bab\",\"type\":\"markdown\",\"series\":[{\"id\":\"51ea642f-d1a5-4d80-963e-5990c33fc8e0\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*-ecs-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"markdown\":\"[Client/Server](#/dashboard/d65172bd-25ad-445d-a6d7-c8c088993cdb) | [Src/Dst](#/dashboard/44e9cc46-9a3c-4ace-a3f0-8d3020ebe252) | [**AS**](#/dashboard/887ff20a-0f6e-4737-addb-efdafdabf5a4)\\n***\",\"markdown_css\":\"p{color:#aaaaaa;margin-top:0;margin-bottom:12px} p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none} p a strong{color:#1ba9f5;font-weight:bold} hr{background-color:#aaaaaa;margin:0;height:1px} a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"acb98238-1969-422c-b6ad-780e6980e8ac","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,14231],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY2NjcsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Client/Server Autonomous Systems - input list","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Client/Server Autonomous Systems - input list\",\"type\":\"input_control_vis\",\"aggs\":[],\"params\":{\"controls\":[{\"id\":\"1607868729183\",\"fieldName\":\"host.name\",\"parent\":\"\",\"label\":\"Flow Exporter\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":1000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_0_index_pattern\"},{\"id\":\"1607868774014\",\"fieldName\":\"flow.client.as.label\",\"parent\":\"\",\"label\":\"Client AS\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":5000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_1_index_pattern\"},{\"id\":\"1607868810362\",\"fieldName\":\"flow.server.as.label\",\"parent\":\"\",\"label\":\"Server AS\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":5000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_2_index_pattern\"},{\"id\":\"1607868835824\",\"fieldName\":\"flow.server.l4.port.name\",\"parent\":\"\",\"label\":\"Service\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":1000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_3_index_pattern\"},{\"id\":\"1619032399767\",\"fieldName\":\"l4.session.established\",\"parent\":\"\",\"label\":\"Session Established\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":false,\"size\":3,\"order\":\"desc\"},\"indexPatternRefName\":\"control_4_index_pattern\"}],\"updateFiltersOnChange\":true,\"useTimeFilter\":true,\"pinFilters\":true}}"},"coreMigrationVersion":"8.2.0","id":"85e77dbd-ef5e-4425-8701-687176adeab3","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"control_0_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"control_1_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"control_2_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"control_3_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"control_4_index_pattern","type":"index-pattern"}],"sort":[1675811601479,14237],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY2NjgsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Flows (src AS/dst AS) - Vega (sankey)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Flows (src AS/dst AS) - Vega (sankey)\",\"type\":\"vega\",\"aggs\":[],\"params\":{\"spec\":\"{\\n  \\\"$schema\\\": \\\"https://vega.github.io/schema/vega/v3.0.json\\\",\\n  \\\"data\\\": [\\n    {\\n      \\\"name\\\": \\\"rawData\\\",\\n      \\\"url\\\": {\\n        \\\"%context%\\\": true,\\n        \\\"%timefield%\\\": \\\"@timestamp\\\",\\n        \\\"index\\\": \\\"elastiflow-*\\\",\\n        \\\"body\\\": {\\n          \\\"size\\\": 0,\\n          \\\"aggs\\\": {\\n            \\\"table\\\": {\\n              \\\"composite\\\": {\\n                \\\"size\\\": 1000,\\n                \\\"sources\\\": [\\n                  {\\\"stk1\\\": {\\\"terms\\\": {\\\"field\\\": \\\"flow.src.as.label\\\"}}},\\n                  {\\\"stk2\\\": {\\\"terms\\\": {\\\"field\\\": \\\"flow.dst.as.label\\\"}}}\\n                ]\\n              },\\n        \\t\\t\\t\\\"aggs\\\": {\\n        \\t\\t\\t\\t\\\"bytes\\\": {\\n        \\t\\t\\t\\t\\t\\\"sum\\\": {\\n        \\t\\t\\t\\t\\t\\t\\\"field\\\": \\\"network.bytes\\\"\\n        \\t\\t\\t\\t\\t}\\n        \\t\\t\\t\\t}\\n        \\t\\t\\t}\\n            }\\n          }\\n        }\\n      },\\n      \\\"format\\\": {\\\"property\\\": \\\"aggregations.table.buckets\\\"},\\n      \\\"transform\\\": [\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.key.stk1\\\", \\\"as\\\": \\\"stk1\\\"},\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.key.stk2\\\", \\\"as\\\": \\\"stk2\\\"},\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.bytes.value\\\", \\\"as\\\": \\\"size\\\"}\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"nodes\\\",\\n      \\\"source\\\": \\\"rawData\\\",\\n      \\\"transform\\\": [\\n        {\\n          \\\"type\\\": \\\"filter\\\",\\n          \\\"expr\\\": \\\"!groupSelector || groupSelector.stk1 == datum.stk1 || groupSelector.stk2 == datum.stk2\\\"\\n        },\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.stk1+datum.stk2\\\", \\\"as\\\": \\\"key\\\"},\\n        {\\\"type\\\": \\\"fold\\\", \\\"fields\\\": [\\\"stk1\\\", \\\"stk2\\\"], \\\"as\\\": [\\\"stack\\\", \\\"grpId\\\"]},\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.stack == 'stk1' ? datum.stk1+datum.stk2 : datum.stk2+datum.stk1\\\",\\n          \\\"as\\\": \\\"sortField\\\"\\n        },\\n        {\\n          \\\"type\\\": \\\"stack\\\",\\n          \\\"groupby\\\": [\\\"stack\\\"],\\n          \\\"sort\\\": {\\\"field\\\": \\\"sortField\\\", \\\"order\\\": \\\"descending\\\"},\\n          \\\"field\\\": \\\"size\\\"\\n        },\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"(datum.y0+datum.y1)/2\\\", \\\"as\\\": \\\"yc\\\"}\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"groups\\\",\\n      \\\"source\\\": \\\"nodes\\\",\\n      \\\"transform\\\": [\\n        {\\n          \\\"type\\\": \\\"aggregate\\\",\\n          \\\"groupby\\\": [\\\"stack\\\", \\\"grpId\\\"],\\n          \\\"fields\\\": [\\\"size\\\"],\\n          \\\"ops\\\": [\\\"sum\\\"],\\n          \\\"as\\\": [\\\"total\\\"]\\n        },\\n        {\\n          \\\"type\\\": \\\"stack\\\",\\n          \\\"groupby\\\": [\\\"stack\\\"],\\n          \\\"sort\\\": {\\\"field\\\": \\\"grpId\\\", \\\"order\\\": \\\"descending\\\"},\\n          \\\"field\\\": \\\"total\\\"\\n        },\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"scale('y', datum.y0)\\\", \\\"as\\\": \\\"scaledY0\\\"},\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"scale('y', datum.y1)\\\", \\\"as\\\": \\\"scaledY1\\\"},\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.stack == 'stk1'\\\", \\\"as\\\": \\\"rightLabel\\\"},\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.total/domain('y')[1]\\\",\\n          \\\"as\\\": \\\"percentage\\\"\\n        }\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"destinationNodes\\\",\\n      \\\"source\\\": \\\"nodes\\\",\\n      \\\"transform\\\": [{\\\"type\\\": \\\"filter\\\", \\\"expr\\\": \\\"datum.stack == 'stk2'\\\"}]\\n    },\\n    {\\n      \\\"name\\\": \\\"edges\\\",\\n      \\\"source\\\": \\\"nodes\\\",\\n      \\\"transform\\\": [\\n        {\\\"type\\\": \\\"filter\\\", \\\"expr\\\": \\\"datum.stack == 'stk1'\\\"},\\n        {\\n          \\\"type\\\": \\\"lookup\\\",\\n          \\\"from\\\": \\\"destinationNodes\\\",\\n          \\\"key\\\": \\\"key\\\",\\n          \\\"fields\\\": [\\\"key\\\"],\\n          \\\"as\\\": [\\\"target\\\"]\\n        },\\n        {\\n          \\\"type\\\": \\\"linkpath\\\",\\n          \\\"orient\\\": \\\"horizontal\\\",\\n          \\\"shape\\\": \\\"diagonal\\\",\\n          \\\"sourceY\\\": {\\\"expr\\\": \\\"scale('y', datum.yc)\\\"},\\n          \\\"sourceX\\\": {\\\"expr\\\": \\\"scale('x', 'stk1') + bandwidth('x')\\\"},\\n          \\\"targetY\\\": {\\\"expr\\\": \\\"scale('y', datum.target.yc)\\\"},\\n          \\\"targetX\\\": {\\\"expr\\\": \\\"scale('x', 'stk2')\\\"}\\n        },\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"range('y')[0]-scale('y', datum.size)\\\",\\n          \\\"as\\\": \\\"strokeWidth\\\"\\n        },\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.size/domain('y')[1]\\\",\\n          \\\"as\\\": \\\"percentage\\\"\\n        }\\n      ]\\n    }\\n  ],\\n  \\\"scales\\\": [\\n    {\\n      \\\"name\\\": \\\"x\\\",\\n      \\\"type\\\": \\\"band\\\",\\n      \\\"range\\\": \\\"width\\\",\\n      \\\"domain\\\": [\\\"stk1\\\", \\\"stk2\\\"],\\n      \\\"paddingOuter\\\": 0.01,\\n      \\\"paddingInner\\\": 0.98\\n    },\\n    {\\n      \\\"name\\\": \\\"y\\\",\\n      \\\"type\\\": \\\"linear\\\",\\n      \\\"range\\\": \\\"height\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"nodes\\\", \\\"field\\\": \\\"y1\\\"}\\n    },\\n    {\\n      \\\"name\\\": \\\"color\\\",\\n      \\\"type\\\": \\\"ordinal\\\",\\n      \\\"range\\\": \\\"category\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"rawData\\\", \\\"fields\\\": [\\\"stk1\\\",\\\"stk2\\\"]}\\n    },\\n    {\\n      \\\"name\\\": \\\"stackNames\\\",\\n      \\\"type\\\": \\\"ordinal\\\",\\n      \\\"range\\\": [\\\"Src AS\\\", \\\"Dst AS\\\"],\\n      \\\"domain\\\": [\\\"stk1\\\", \\\"stk2\\\"]\\n    }\\n  ],\\n  \\\"axes\\\": [\\n    {\\n      \\\"orient\\\": \\\"bottom\\\",\\n      \\\"scale\\\": \\\"x\\\",\\n      \\\"labelColor\\\": {\\n        \\\"value\\\": \\\"#444444\\\"\\n      },\\n      \\\"encode\\\": {\\n        \\\"labels\\\": {\\n          \\\"update\\\": {\\n            \\\"text\\\": {\\\"scale\\\": \\\"stackNames\\\", \\\"field\\\": \\\"value\\\"},\\n            \\\"fontSize\\\": {\\\"value\\\": 14}\\n          }\\n        }\\n      }\\n    },\\n    {\\n      \\\"orient\\\": \\\"left\\\",\\n      \\\"scale\\\": \\\"y\\\",\\n      \\\"labelColor\\\": {\\n        \\\"value\\\": \\\"#444444\\\"\\n      },\\n      \\\"encode\\\": {\\n        \\\"labels\\\": {\\n          \\\"update\\\": {\\n            \\\"text\\\": {\\\"signal\\\": \\\"format(datum.value, '.2s') + 'B'\\\"},\\n            \\\"fontSize\\\": {\\\"value\\\": 12}\\n          }\\n        }\\n      }\\n    }\\n  ],\\n  \\\"marks\\\": [\\n    {\\n      \\\"type\\\": \\\"path\\\",\\n      \\\"name\\\": \\\"edgeMark\\\",\\n      \\\"from\\\": {\\\"data\\\": \\\"edges\\\"},\\n      \\\"clip\\\": true,\\n      \\\"encode\\\": {\\n        \\\"update\\\": {\\n          \\\"stroke\\\": [\\n            {\\n              \\\"test\\\": \\\"groupSelector && groupSelector.stack=='stk1'\\\",\\n              \\\"scale\\\": \\\"color\\\",\\n              \\\"field\\\": \\\"stk2\\\"\\n            },\\n            {\\\"scale\\\": \\\"color\\\", \\\"field\\\": \\\"stk1\\\"}\\n          ],\\n          \\\"strokeWidth\\\": {\\\"field\\\": \\\"strokeWidth\\\"},\\n          \\\"path\\\": {\\\"field\\\": \\\"path\\\"},\\n          \\\"strokeOpacity\\\": {\\n            \\\"signal\\\": \\\"!groupSelector && (groupHover.stk1 == datum.stk1 || groupHover.stk2 == datum.stk2) ? 0.8 : 0.4\\\"\\n          },\\n          \\\"zindex\\\": {\\n            \\\"signal\\\": \\\"!groupSelector && (groupHover.stk1 == datum.stk1 || groupHover.stk2 == datum.stk2) ? 1 : 0\\\"\\n          },\\n          \\\"tooltip\\\": {\\n            \\\"signal\\\": \\\"datum.stk1 + ' → ' + datum.stk2 + '    ' + format(datum.size, '.2s') + 'B (' + format(datum.percentage, '.1%') + ')'\\\"\\n          }\\n        },\\n        \\\"hover\\\": {\\\"strokeOpacity\\\": {\\\"value\\\": 0.8}}\\n      }\\n    },\\n    {\\n      \\\"type\\\": \\\"rect\\\",\\n      \\\"name\\\": \\\"groupMark\\\",\\n      \\\"from\\\": {\\\"data\\\": \\\"groups\\\"},\\n      \\\"encode\\\": {\\n        \\\"enter\\\": {\\n          \\\"fill\\\": {\\\"scale\\\": \\\"color\\\", \\\"field\\\": \\\"grpId\\\"},\\n          \\\"width\\\": {\\\"scale\\\": \\\"x\\\", \\\"band\\\": 1}\\n        },\\n        \\\"update\\\": {\\n          \\\"x\\\": {\\\"scale\\\": \\\"x\\\", \\\"field\\\": \\\"stack\\\"},\\n          \\\"y\\\": {\\\"field\\\": \\\"scaledY0\\\"},\\n          \\\"y2\\\": {\\\"field\\\": \\\"scaledY1\\\"},\\n          \\\"fillOpacity\\\": {\\\"value\\\": 0.7},\\n          \\\"tooltip\\\": {\\n            \\\"signal\\\": \\\"datum.grpId + '   ' + format(datum.total, '.2s') + 'B (' + format(datum.percentage, '.1%') + ')'\\\"\\n          }\\n        },\\n        \\\"hover\\\": {\\\"fillOpacity\\\": {\\\"value\\\": 1}}\\n      }\\n    },\\n    {\\n      \\\"type\\\": \\\"text\\\",\\n      \\\"from\\\": {\\\"data\\\": \\\"groups\\\"},\\n      \\\"interactive\\\": false,\\n      \\\"encode\\\": {\\n        \\\"update\\\": {\\n          \\\"x\\\": {\\n            \\\"signal\\\": \\\"scale('x', datum.stack) + (datum.rightLabel ? bandwidth('x') + 8 : -8)\\\"\\n          },\\n          \\\"yc\\\": {\\\"signal\\\": \\\"(datum.scaledY0 + datum.scaledY1)/2\\\"},\\n          \\\"align\\\": {\\\"signal\\\": \\\"datum.rightLabel ? 'left' : 'right'\\\"},\\n          \\\"baseline\\\": {\\\"value\\\": \\\"middle\\\"},\\n          \\\"fontWeight\\\": {\\\"value\\\": \\\"bold\\\"},\\n          \\\"fontSize\\\": {\\\"value\\\": 12},\\n          \\\"fill\\\": {\\\"value\\\": \\\"#222222\\\"},\\n          \\\"text\\\": {\\n            \\\"signal\\\": \\\"abs(datum.scaledY0-datum.scaledY1) > 10 ? datum.grpId : ''\\\"\\n          }\\n        }\\n      }\\n    },\\n    {\\n      \\\"type\\\": \\\"group\\\",\\n      \\\"data\\\": [\\n        {\\n          \\\"name\\\": \\\"dataForShowAll\\\",\\n          \\\"values\\\": [{}],\\n          \\\"transform\\\": [{\\\"type\\\": \\\"filter\\\", \\\"expr\\\": \\\"groupSelector\\\"}]\\n        }\\n      ],\\n      \\\"encode\\\": {\\n        \\\"enter\\\": {\\n          \\\"xc\\\": {\\\"signal\\\": \\\"width/2\\\"},\\n          \\\"y\\\": {\\\"value\\\": 30},\\n          \\\"width\\\": {\\\"value\\\": 100},\\n          \\\"height\\\": {\\\"value\\\": 36}\\n        }\\n      },\\n      \\\"marks\\\": [\\n        {\\n          \\\"type\\\": \\\"group\\\",\\n          \\\"name\\\": \\\"groupReset\\\",\\n          \\\"from\\\": {\\\"data\\\": \\\"dataForShowAll\\\"},\\n          \\\"encode\\\": {\\n            \\\"enter\\\": {\\n              \\\"cornerRadius\\\": {\\\"value\\\": 3.5},\\n              \\\"fill\\\": {\\\"value\\\": \\\"#666666\\\"},\\n              \\\"height\\\": {\\\"field\\\": {\\\"group\\\": \\\"height\\\"}},\\n              \\\"width\\\": {\\\"field\\\": {\\\"group\\\": \\\"width\\\"}}\\n            },\\n            \\\"update\\\": {\\\"opacity\\\": {\\\"value\\\": 1}},\\n            \\\"hover\\\": {\\\"fill\\\": {\\\"value\\\": \\\"#444444\\\"}}\\n          },\\n          \\\"marks\\\": [\\n            {\\n              \\\"type\\\": \\\"text\\\",\\n              \\\"interactive\\\": false,\\n              \\\"encode\\\": {\\n                \\\"enter\\\": {\\n                  \\\"xc\\\": {\\\"field\\\": {\\\"group\\\": \\\"width\\\"}, \\\"mult\\\": 0.5},\\n                  \\\"yc\\\": {\\\"field\\\": {\\\"group\\\": \\\"height\\\"}, \\\"mult\\\": 0.5, \\\"offset\\\": 1},\\n                  \\\"align\\\": {\\\"value\\\": \\\"center\\\"},\\n                  \\\"baseline\\\": {\\\"value\\\": \\\"middle\\\"},\\n                  \\\"text\\\": {\\\"value\\\": \\\"Show All\\\"},\\n                  \\\"fontSize\\\": {\\\"value\\\": 14},\\n                  \\\"stroke\\\": {\\\"value\\\": \\\"#ecf0f1\\\"}\\n                }\\n              }\\n            }\\n          ]\\n        }\\n      ]\\n    }\\n  ],\\n  \\\"signals\\\": [\\n    {\\n      \\\"name\\\": \\\"groupHover\\\",\\n      \\\"value\\\": {},\\n      \\\"on\\\": [\\n        {\\n          \\\"events\\\": \\\"@groupMark:mouseover\\\",\\n          \\\"update\\\": \\\"{stk1:datum.stack=='stk1' && datum.grpId, stk2:datum.stack=='stk2' && datum.grpId}\\\"\\n        },\\n        {\\\"events\\\": \\\"mouseout\\\", \\\"update\\\": \\\"{}\\\"}\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"groupSelector\\\",\\n      \\\"value\\\": false,\\n      \\\"on\\\": [\\n        {\\n          \\\"events\\\": \\\"@groupMark:click!\\\",\\n          \\\"update\\\": \\\"{stack:datum.stack, stk1:datum.stack=='stk1' && datum.grpId, stk2:datum.stack=='stk2' && datum.grpId}\\\"\\n        },\\n        {\\n          \\\"events\\\": [\\n            {\\\"type\\\": \\\"click\\\", \\\"markname\\\": \\\"groupReset\\\"},\\n            {\\\"type\\\": \\\"dblclick\\\"}\\n          ],\\n          \\\"update\\\": \\\"false\\\"\\n        }\\n      ]\\n    }\\n  ]\\n}\\n\"}}"},"coreMigrationVersion":"8.2.0","id":"1778c17f-17ce-4944-a1f8-1fbfacfefbfc","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,14238],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY2NjksMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Destination Autonomous Systems (bytes) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow (flow): Destination Autonomous Systems (bytes) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Bytes\",\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.as.label\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"nestedLegend\":false,\"truncateLegend\":true,\"maxLegendLines\":1,\"emptySizeRatio\":0.3,\"legendSize\":180}}"},"coreMigrationVersion":"8.2.0","id":"72ae0e21-ece8-4ed1-888e-b949f3179dc5","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1675812231056,16315],"type":"visualization","updated_at":"2023-02-07T23:23:51.056Z","version":"Wzc5OTAsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Destination Autonomous Systems (packets) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow (flow): Destination Autonomous Systems (packets) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"Packets\",\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.as.label\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"nestedLegend\":false,\"truncateLegend\":true,\"maxLegendLines\":1,\"emptySizeRatio\":0.3,\"legendSize\":180}}"},"coreMigrationVersion":"8.2.0","id":"309a48b8-9985-409e-b23b-9126426c2bb3","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1675812260943,16312],"type":"visualization","updated_at":"2023-02-07T23:24:20.943Z","version":"WzgwMTEsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Source Autonomous Systems (flow records) - donut/left","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow (flow): Source Autonomous Systems (flow records) - donut/left\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Records\",\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.as.label\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source AS\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"left\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"nestedLegend\":false,\"truncateLegend\":true,\"maxLegendLines\":1,\"emptySizeRatio\":0.3,\"legendSize\":180}}"},"coreMigrationVersion":"8.2.0","id":"058e257d-945b-4478-b381-18d4ee053eb0","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1675812216523,16290],"type":"visualization","updated_at":"2023-02-07T23:23:36.523Z","version":"Wzc5NjksMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Destination Autonomous Systems (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow (flow): Destination Autonomous Systems (flow records) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Records\",\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.as.label\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"nestedLegend\":false,\"truncateLegend\":true,\"maxLegendLines\":1,\"emptySizeRatio\":0.3,\"legendSize\":180}}"},"coreMigrationVersion":"8.2.0","id":"7e6e9c29-3dfe-447a-9e71-59f2f5d84145","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1675812277035,16372],"type":"visualization","updated_at":"2023-02-07T23:24:37.035Z","version":"WzgwNDYsMl0="}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":false}","panelsJSON":"[{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":28,\"h\":4,\"i\":\"10fe2cdb-7085-450f-bcd9-b4a5407110c3\"},\"panelIndex\":\"10fe2cdb-7085-450f-bcd9-b4a5407110c3\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_10fe2cdb-7085-450f-bcd9-b4a5407110c3\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":28,\"y\":0,\"w\":15,\"h\":4,\"i\":\"61bbf33d-8766-40da-81a3-40dd2bf526a9\"},\"panelIndex\":\"61bbf33d-8766-40da-81a3-40dd2bf526a9\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_61bbf33d-8766-40da-81a3-40dd2bf526a9\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":43,\"y\":0,\"w\":5,\"h\":4,\"i\":\"f5901d33-b722-4ca2-8544-96a812ee8b13\"},\"panelIndex\":\"f5901d33-b722-4ca2-8544-96a812ee8b13\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_f5901d33-b722-4ca2-8544-96a812ee8b13\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":4,\"w\":48,\"h\":5,\"i\":\"fd7af275-4567-477b-a72f-c97da7ce1da5\"},\"panelIndex\":\"fd7af275-4567-477b-a72f-c97da7ce1da5\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_fd7af275-4567-477b-a72f-c97da7ce1da5\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":9,\"w\":11,\"h\":11,\"i\":\"83142ace-144c-4b0f-aad8-5df612e0fa14\"},\"panelIndex\":\"83142ace-144c-4b0f-aad8-5df612e0fa14\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Source AS (bytes)\",\"panelRefName\":\"panel_83142ace-144c-4b0f-aad8-5df612e0fa14\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":11,\"y\":9,\"w\":26,\"h\":33,\"i\":\"aa2673c7-1d14-44c3-b9bc-f3b7549aa4fa\"},\"panelIndex\":\"aa2673c7-1d14-44c3-b9bc-f3b7549aa4fa\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_aa2673c7-1d14-44c3-b9bc-f3b7549aa4fa\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":37,\"y\":9,\"w\":11,\"h\":11,\"i\":\"7350aecd-35f1-4578-8505-0ff699eb5a61\"},\"panelIndex\":\"7350aecd-35f1-4578-8505-0ff699eb5a61\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Destination AS (bytes)\",\"panelRefName\":\"panel_7350aecd-35f1-4578-8505-0ff699eb5a61\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":20,\"w\":11,\"h\":11,\"i\":\"d6f12614-c5b8-41ec-900c-29c85027c4e5\"},\"panelIndex\":\"d6f12614-c5b8-41ec-900c-29c85027c4e5\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Source AS (packets)\",\"panelRefName\":\"panel_d6f12614-c5b8-41ec-900c-29c85027c4e5\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":37,\"y\":20,\"w\":11,\"h\":11,\"i\":\"d40d02a6-b375-4bc0-9f6b-1e385fc9b8bb\"},\"panelIndex\":\"d40d02a6-b375-4bc0-9f6b-1e385fc9b8bb\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Destination AS (packets)\",\"panelRefName\":\"panel_d40d02a6-b375-4bc0-9f6b-1e385fc9b8bb\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":31,\"w\":11,\"h\":11,\"i\":\"2302fa78-eb12-4b2e-9f2d-0c8753cbd04b\"},\"panelIndex\":\"2302fa78-eb12-4b2e-9f2d-0c8753cbd04b\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Source AS (flow records)\",\"panelRefName\":\"panel_2302fa78-eb12-4b2e-9f2d-0c8753cbd04b\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":37,\"y\":31,\"w\":11,\"h\":11,\"i\":\"3f074ade-a936-40c4-886c-7467300ba26c\"},\"panelIndex\":\"3f074ade-a936-40c4-886c-7467300ba26c\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Destination AS (flow records)\",\"panelRefName\":\"panel_3f074ade-a936-40c4-886c-7467300ba26c\"}]","timeRestore":false,"title":"ElastiFlow (flow): Flows (AS)","version":1},"coreMigrationVersion":"8.2.0","id":"887ff20a-0f6e-4737-addb-efdafdabf5a4","migrationVersion":{"dashboard":"8.2.0"},"references":[{"id":"24ef2c72-f362-48c1-9898-10ad79c2f162","name":"10fe2cdb-7085-450f-bcd9-b4a5407110c3:panel_10fe2cdb-7085-450f-bcd9-b4a5407110c3","type":"visualization"},{"id":"acb98238-1969-422c-b6ad-780e6980e8ac","name":"61bbf33d-8766-40da-81a3-40dd2bf526a9:panel_61bbf33d-8766-40da-81a3-40dd2bf526a9","type":"visualization"},{"id":"b3a59822-c752-45ed-b321-fe35aa1edda7","name":"f5901d33-b722-4ca2-8544-96a812ee8b13:panel_f5901d33-b722-4ca2-8544-96a812ee8b13","type":"visualization"},{"id":"85e77dbd-ef5e-4425-8701-687176adeab3","name":"fd7af275-4567-477b-a72f-c97da7ce1da5:panel_fd7af275-4567-477b-a72f-c97da7ce1da5","type":"visualization"},{"id":"4f125ee1-2fc4-4d97-9d35-4afdc52e0953","name":"83142ace-144c-4b0f-aad8-5df612e0fa14:panel_83142ace-144c-4b0f-aad8-5df612e0fa14","type":"visualization"},{"id":"1778c17f-17ce-4944-a1f8-1fbfacfefbfc","name":"aa2673c7-1d14-44c3-b9bc-f3b7549aa4fa:panel_aa2673c7-1d14-44c3-b9bc-f3b7549aa4fa","type":"visualization"},{"id":"72ae0e21-ece8-4ed1-888e-b949f3179dc5","name":"7350aecd-35f1-4578-8505-0ff699eb5a61:panel_7350aecd-35f1-4578-8505-0ff699eb5a61","type":"visualization"},{"id":"0e8e65ee-3966-497c-bfe6-e5f1afc90168","name":"d6f12614-c5b8-41ec-900c-29c85027c4e5:panel_d6f12614-c5b8-41ec-900c-29c85027c4e5","type":"visualization"},{"id":"309a48b8-9985-409e-b23b-9126426c2bb3","name":"d40d02a6-b375-4bc0-9f6b-1e385fc9b8bb:panel_d40d02a6-b375-4bc0-9f6b-1e385fc9b8bb","type":"visualization"},{"id":"058e257d-945b-4478-b381-18d4ee053eb0","name":"2302fa78-eb12-4b2e-9f2d-0c8753cbd04b:panel_2302fa78-eb12-4b2e-9f2d-0c8753cbd04b","type":"visualization"},{"id":"7e6e9c29-3dfe-447a-9e71-59f2f5d84145","name":"3f074ade-a936-40c4-886c-7467300ba26c:panel_3f074ade-a936-40c4-886c-7467300ba26c","type":"visualization"}],"sort":[1675811601479,14258],"type":"dashboard","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY2NzQsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Client Countries (flow records) - donut/left","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow (flow): Client Countries (flow records) - donut/left\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Records\",\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"client.geo.country_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Country\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"left\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"nestedLegend\":false,\"truncateLegend\":true,\"maxLegendLines\":1,\"emptySizeRatio\":0.3,\"legendSize\":180}}"},"coreMigrationVersion":"8.2.0","id":"73ef092d-ac99-435b-b2a7-59f649f36b3e","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1675812350164,16470],"type":"visualization","updated_at":"2023-02-07T23:25:50.164Z","version":"WzgxNTEsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Throughput/DSCP (bits/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/DSCP (bits/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"243e6f91-2230-4e05-bcdd-3fb4a0941bab\",\"type\":\"timeseries\",\"series\":[{\"id\":\"51ea642f-d1a5-4d80-963e-5990c33fc8e0\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\",\"type\":\"sum\",\"field\":\"network.bytes\"},{\"id\":\"6a8fef1c-81ba-4dc7-9707-418a50286686\",\"type\":\"calculation\",\"variables\":[{\"id\":\"99002288-db72-4bdf-a45f-ab3f6fd9def5\",\"name\":\"bytes\",\"field\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\"},{\"id\":\"421e0fdf-4321-44f1-bb3e-439c1e13ed98\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"be634496-f50c-476b-b941-f643e4e5e302\",\"type\":\"sum\",\"field\":\"network.bytes\"},{\"id\":\"ad71e075-6b32-48d3-9166-56de5602e828\",\"type\":\"calculation\",\"variables\":[{\"id\":\"6444c352-97d0-411f-a9cb-84d693544965\",\"name\":\"bytes\",\"field\":\"be634496-f50c-476b-b941-f643e4e5e302\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Cities\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\",\"terms_field\":\"ip.dscp.name\",\"terms_size\":\"25\",\"terms_order_by\":\"be634496-f50c-476b-b941-f643e4e5e302\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-ecs-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"filter\":{\"query\":\"ip.dscp.name: * \",\"language\":\"kuery\"},\"axis_min\":\"0\",\"use_kibana_indexes\":false,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"1f0eee99-cb69-4f0c-a12e-f21c85cc2ad5","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,14261],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY2NzYsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"terms\":{\"network.transport\":[\"icmp\",\"ipv6-icmp\"]}},{\"term\":{\"icmp.type.name\":\"Echo\"}},{\"term\":{\"source.as.organization.name\":\"PRIVATE\"}}],\"must_not\":[{\"term\":{\"destination.as.organization.name\":\"PRIVATE\"}}]},\"meta\":{\"alias\":\"ICMP Echo Outbound\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"terms\\\":{\\\"network.transport\\\":[\\\"icmp\\\",\\\"ipv6-icmp\\\"]}},{\\\"term\\\":{\\\"icmp.type.name\\\":\\\"Echo\\\"}},{\\\"term\\\":{\\\"source.as.organization.name\\\":\\\"PRIVATE\\\"}}],\\\"must_not\\\":[{\\\"term\\\":{\\\"destination.as.organization.name\\\":\\\"PRIVATE\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): ICMP Echo (Outbound) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: ICMP Echo (Outbound) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"destination.ip\",\"customLabel\":\"Pinged IPs\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"a086e65f-469b-474f-9b1b-e7b199b478c5","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1675811601479,14264],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY2NzcsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"terms\":{\"event.dataset\":[\"netflow\",\"ipfix\"]}},{\"term\":{\"tcp.flags.bits\":2}}],\"must_not\":[{\"term\":{\"destination.as.organization.name\":\"PRIVATE\"}},{\"term\":{\"source.as.organization.name\":\"PRIVATE\"}}]},\"meta\":{\"alias\":\"SYN-only Edge\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"terms\\\":{\\\"event.dataset\\\":[\\\"netflow\\\",\\\"ipfix\\\"]}},{\\\"term\\\":{\\\"tcp.flags.bits\\\":2}}],\\\"must_not\\\":[{\\\"term\\\":{\\\"destination.as.organization.name\\\":\\\"PRIVATE\\\"}},{\\\"term\\\":{\\\"source.as.organization.name\\\":\\\"PRIVATE\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): TCP SYN-only Sessions (Edge) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: TCP SYN-only Sessions (Edge) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"source.port\",\"customLabel\":\"Sessions\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.l4.port.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"8faaba29-2912-437d-bcd4-c6632c87e89a","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1675811601479,14267],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY2NzgsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Ingress/Egress Interfaces - input list","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Ingress/Egress Interfaces - input list\",\"type\":\"input_control_vis\",\"aggs\":[],\"params\":{\"controls\":[{\"id\":\"1607868729183\",\"fieldName\":\"host.name\",\"parent\":\"\",\"label\":\"Flow Exporter\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":1000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_0_index_pattern\"},{\"id\":\"1607868774014\",\"fieldName\":\"flow.in.netif.type.name\",\"parent\":\"1607868729183\",\"label\":\"Interface Type\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":50,\"order\":\"desc\"},\"indexPatternRefName\":\"control_1_index_pattern\"},{\"id\":\"1607868810362\",\"fieldName\":\"observer.ingress.interface.name\",\"parent\":\"1607868729183\",\"label\":\"Ingress Interface\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":250,\"order\":\"desc\"},\"indexPatternRefName\":\"control_2_index_pattern\"},{\"id\":\"1607868835824\",\"fieldName\":\"observer.egress.interface.name\",\"parent\":\"1607868729183\",\"label\":\"Egress Interface\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":250,\"order\":\"desc\"},\"indexPatternRefName\":\"control_3_index_pattern\"}],\"updateFiltersOnChange\":true,\"useTimeFilter\":true,\"pinFilters\":true}}"},"coreMigrationVersion":"8.2.0","id":"dd9a3d38-9e74-480d-9c9f-153015f5691b","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"control_0_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"control_1_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"control_2_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"control_3_index_pattern","type":"index-pattern"}],"sort":[1675811601479,14272],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY2NzksMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Maximum Throughput (bits/s) - TSVB (metric)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Maximum Throughput (bits/s) - TSVB (metric)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"243e6f91-2230-4e05-bcdd-3fb4a0941bab\",\"type\":\"metric\",\"series\":[{\"id\":\"51ea642f-d1a5-4d80-963e-5990c33fc8e0\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\",\"type\":\"sum\",\"field\":\"network.bytes\"},{\"id\":\"6a8fef1c-81ba-4dc7-9707-418a50286686\",\"type\":\"calculation\",\"variables\":[{\"id\":\"99002288-db72-4bdf-a45f-ab3f6fd9def5\",\"name\":\"bytes\",\"field\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"},{\"sigma\":\"\",\"id\":\"4bf6573f-f58b-4baa-aa11-bcfbb25174a6\",\"type\":\"max_bucket\",\"field\":\"6a8fef1c-81ba-4dc7-9707-418a50286686\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Max. Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\"}],\"time_field\":\"\",\"index_pattern\":\"\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"background_color_rules\":[{\"id\":\"9c8e063a-0d8d-46ed-816a-48bc34d06ce3\"}],\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"b02ec528-048c-4a6a-849a-343d6d22f69a","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,14273],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY2ODAsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Source Autonomous Systems (bytes) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Source Autonomous Systems (bytes) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Bytes\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.as.label\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source AS\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\"}}"},"coreMigrationVersion":"8.2.0","id":"8aed9f3a-7949-4425-91ff-19263fc5f267","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1675811601479,14275],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY2ODEsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"terms\":{\"network.transport\":[\"icmp\",\"ipv6-icmp\"]}}],\"must_not\":[{\"term\":{\"destination.as.organization.name\":\"PRIVATE\"}},{\"term\":{\"source.as.organization.name\":\"PRIVATE\"}}]},\"meta\":{\"alias\":\"ICMP Edge\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"terms\\\":{\\\"network.transport\\\":[\\\"icmp\\\",\\\"ipv6-icmp\\\"]}}],\\\"must_not\\\":[{\\\"term\\\":{\\\"destination.as.organization.name\\\":\\\"PRIVATE\\\"}},{\\\"term\\\":{\\\"source.as.organization.name\\\":\\\"PRIVATE\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): ICMP Messages Direct (Edge) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: ICMP Messages Direct (Edge) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Messages\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"e688bf8e-4934-4f1d-a404-79b7ec7283ef","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1675811601479,14278],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY2ODIsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"term\":{\"network.transport\":\"tcp\"}},{\"term\":{\"client.as.organization.name\":\"PRIVATE\"}}],\"must_not\":[{\"term\":{\"server.as.organization.name\":\"PRIVATE\"}}]},\"meta\":{\"alias\":\"TCP Outbound\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"term\\\":{\\\"network.transport\\\":\\\"tcp\\\"}},{\\\"term\\\":{\\\"client.as.organization.name\\\":\\\"PRIVATE\\\"}}],\\\"must_not\\\":[{\\\"term\\\":{\\\"server.as.organization.name\\\":\\\"PRIVATE\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): TCP Clients (Outbound) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: TCP Clients (Outbound) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"client.ip\",\"customLabel\":\"Clients\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"server.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.server.l4.port.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Bytes\"},\"schema\":\"metric\"},{\"id\":\"6\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"Packets\"},\"schema\":\"metric\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"46d13e51-df79-4ccd-bfd9-e213362c3d5b","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1675811601479,14281],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY2ODMsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Throughput/Applications (bits/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/Applications (bits/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"243e6f91-2230-4e05-bcdd-3fb4a0941bab\",\"type\":\"timeseries\",\"series\":[{\"id\":\"51ea642f-d1a5-4d80-963e-5990c33fc8e0\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\",\"type\":\"sum\",\"field\":\"network.bytes\"},{\"id\":\"6a8fef1c-81ba-4dc7-9707-418a50286686\",\"type\":\"calculation\",\"variables\":[{\"id\":\"99002288-db72-4bdf-a45f-ab3f6fd9def5\",\"name\":\"bytes\",\"field\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\"},{\"id\":\"421e0fdf-4321-44f1-bb3e-439c1e13ed98\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"be634496-f50c-476b-b941-f643e4e5e302\",\"type\":\"sum\",\"field\":\"network.bytes\"},{\"id\":\"ad71e075-6b32-48d3-9166-56de5602e828\",\"type\":\"calculation\",\"variables\":[{\"id\":\"6444c352-97d0-411f-a9cb-84d693544965\",\"name\":\"bytes\",\"field\":\"be634496-f50c-476b-b941-f643e4e5e302\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Applications\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\",\"terms_field\":\"network.application\",\"terms_size\":\"25\",\"terms_order_by\":\"be634496-f50c-476b-b941-f643e4e5e302\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-ecs-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"axis_min\":\"0\",\"use_kibana_indexes\":false,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"69a0a3bf-1b4f-47b9-b9f9-4a52faa66cc1","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,14282],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY2ODQsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Source Countries (flow records) - donut/left","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow (flow): Source Countries (flow records) - donut/left\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Records\",\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.geo.country_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Country\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"left\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"nestedLegend\":false,\"truncateLegend\":true,\"maxLegendLines\":1,\"emptySizeRatio\":0.3,\"legendSize\":180}}"},"coreMigrationVersion":"8.2.0","id":"200bcea2-102b-4981-9e60-ac02f358f80b","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1675812501666,16603],"type":"visualization","updated_at":"2023-02-07T23:28:21.666Z","version":"WzgyODQsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): NAV - Top-N (apps)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Top-N (apps)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"243e6f91-2230-4e05-bcdd-3fb4a0941bab\",\"type\":\"markdown\",\"series\":[{\"id\":\"51ea642f-d1a5-4d80-963e-5990c33fc8e0\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*-ecs-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"markdown\":\"[Talkers](#/dashboard/6ffd0f89-824f-480e-bac3-6208b569a7c5) |  [Services](#/dashboard/4b514334-15d6-4a15-a521-10b66d5fdab9) | [**Apps**](#/dashboard/b6e50103-6736-40f4-9041-5a9409feeae0) | [Conversations](#/dashboard/a3998237-07ba-4b06-bd44-2d0004b405ca)\\n***\",\"markdown_css\":\"p{color:#aaaaaa;margin-top:0;margin-bottom:12px} p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none} p a strong{color:#1ba9f5;font-weight:bold} hr{background-color:#aaaaaa;margin:0;height:1px} a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"f849b9ae-03df-4f6a-a9a0-e9c194411506","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,14285],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY2ODYsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Application Count - TSVB (metric)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Application Count - TSVB (metric)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"243e6f91-2230-4e05-bcdd-3fb4a0941bab\",\"type\":\"metric\",\"series\":[{\"id\":\"51ea642f-d1a5-4d80-963e-5990c33fc8e0\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\",\"type\":\"cardinality\",\"field\":\"network.application\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Applications\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-ecs-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"background_color_rules\":[{\"id\":\"a075e039-575f-4c8b-b940-2e884eba28aa\"}],\"time_range_mode\":\"entire_time_range\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"16bde5ae-70e6-4a32-9838-0c127c6e0fb3","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,14286],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY2ODcsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): DSCP Count - TSVB (metric)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: DSCP Count - TSVB (metric)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"243e6f91-2230-4e05-bcdd-3fb4a0941bab\",\"type\":\"metric\",\"series\":[{\"id\":\"51ea642f-d1a5-4d80-963e-5990c33fc8e0\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\",\"type\":\"cardinality\",\"field\":\"ip.dscp.name\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"DSCP Values\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-ecs-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"background_color_rules\":[{\"id\":\"a075e039-575f-4c8b-b940-2e884eba28aa\"}],\"time_range_mode\":\"entire_time_range\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"73efab4e-dc6a-4b35-a9a6-6efb818b2cbf","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,14287],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY2ODgsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Conversation Count (Threats) - TSVB (metric)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Conversation Count (Threats) - TSVB (metric)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"243e6f91-2230-4e05-bcdd-3fb4a0941bab\",\"type\":\"metric\",\"series\":[{\"id\":\"51ea642f-d1a5-4d80-963e-5990c33fc8e0\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\",\"type\":\"cardinality\",\"field\":\"flow.conversation.id\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Conversations\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-ecs-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"background_color_rules\":[{\"id\":\"a075e039-575f-4c8b-b940-2e884eba28aa\"}],\"time_range_mode\":\"entire_time_range\",\"filter\":{\"query\":\"sec.threat.name: *\",\"language\":\"kuery\"},\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"779598e9-1369-4008-85e0-9da964526acd","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,14288],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY2ODksMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"terms\":{\"destination.port\":[1494,3389]}},{\"range\":{\"destination.port\":{\"gte\":\"5900\",\"lte\":\"5904\"}}}]}}],\"must_not\":[{\"term\":{\"source.as.organization.name\":\"PRIVATE\"}},{\"terms\":{\"source.port\":[53,123,80,443,25,465,110,195,143,993]}}]},\"meta\":{\"alias\":\"Remote Desktop Public\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"bool\\\":{\\\"minimum_should_match\\\":1,\\\"should\\\":[{\\\"terms\\\":{\\\"destination.port\\\":[1494,3389]}},{\\\"range\\\":{\\\"destination.port\\\":{\\\"gte\\\":\\\"5900\\\",\\\"lte\\\":\\\"5904\\\"}}}]}}],\\\"must_not\\\":[{\\\"term\\\":{\\\"source.as.organization.name\\\":\\\"PRIVATE\\\"}},{\\\"terms\\\":{\\\"source.port\\\":[53,123,80,443,25,465,110,195,143,993]}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Remote Desktop Sessions (Public) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: Remote Desktop Sessions (Public) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"source.port\",\"customLabel\":\"Sessions\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.l4.port.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":15,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"f157acc9-b04d-4129-bbc8-7dc3c328dee1","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1675811601479,14291],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY2OTAsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): NAV - Core Services (DHCP)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Core Services (DHCP)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"243e6f91-2230-4e05-bcdd-3fb4a0941bab\",\"type\":\"markdown\",\"series\":[{\"id\":\"51ea642f-d1a5-4d80-963e-5990c33fc8e0\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*-ecs-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"markdown\":\"[DNS](#/dashboard/7bba2030-1878-4d50-a9c4-21372a9a3c73) | [**DHCP**](#/dashboard/2bed80e1-8261-4848-b58e-55e065089e12) | \\n[RADIUS](#/dashboard/e143d802-f5ae-433c-8dce-07dd5726d7e9) | \\n[LDAP](#/dashboard/104fd74b-929f-4d74-a9af-7a07273da4f2) | [NTP](#/dashboard/4489cb79-2538-4d11-b976-516d94999050)\\n***\",\"markdown_css\":\"p{color:#aaaaaa;margin-top:0;margin-bottom:12px} p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none} p a strong{color:#1ba9f5;font-weight:bold} hr{background-color:#aaaaaa;margin:0;height:1px} a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"bcf26736-8c18-4eb2-a74c-d26a0663dc7c","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,14292],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY2OTEsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"term\":{\"network.transport\":\"udp\"}},{\"terms\":{\"source.port\":[17,19,53,69,111,123,137,161,389,520,751,1434,1645,1646,1812,1813,1900,3702,5093,5353,11211,27015,27960]}},{\"term\":{\"destination.as.organization.name\":\"PRIVATE\"}}],\"must_not\":[{\"term\":{\"source.as.organization.name\":\"PRIVATE\"}}]},\"meta\":{\"alias\":\"UDP Inbound\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"term\\\":{\\\"network.transport\\\":\\\"udp\\\"}},{\\\"terms\\\":{\\\"source.port\\\":[17,19,53,69,111,123,137,161,389,520,751,1434,1645,1646,1812,1813,1900,3702,5093,5353,11211,27015,27960]}},{\\\"term\\\":{\\\"destination.as.organization.name\\\":\\\"PRIVATE\\\"}}],\\\"must_not\\\":[{\\\"term\\\":{\\\"source.as.organization.name\\\":\\\"PRIVATE\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): UDP Amplification Sources (Inbound) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: UDP Amplification Sources (Inbound) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"source.ip\",\"customLabel\":\"Sources\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.l4.port.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Bytes\"},\"schema\":\"metric\"},{\"id\":\"6\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"Packets\"},\"schema\":\"metric\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"a9506e56-ed0f-4fc9-b898-9d48d8680b39","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1675811601479,14295],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY2OTIsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"event.dataset\",\"negate\":false,\"params\":[\"ipfix\",\"netflow\"],\"type\":\"phrases\",\"value\":\"ipfix, netflow\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"event.dataset\":\"ipfix\"}},{\"match_phrase\":{\"event.dataset\":\"netflow\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"destination.port\",\"negate\":false,\"params\":{\"query\":\"53\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"match_phrase\":{\"destination.port\":\"53\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"network.transport\",\"negate\":false,\"params\":{\"query\":\"udp\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"match_phrase\":{\"network.transport\":\"udp\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): DNS Requests by Name Server - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: DNS Requests by Name Server - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"Requests\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":99,\"otherBucket\":true,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Name Server\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"d82b8abd-66ea-43ea-8701-b8664dc6df4e","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index","type":"index-pattern"}],"sort":[1675811601479,14300],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY2OTMsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Destination Count - TSVB (metric)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Destination Count - TSVB (metric)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"243e6f91-2230-4e05-bcdd-3fb4a0941bab\",\"type\":\"metric\",\"series\":[{\"id\":\"51ea642f-d1a5-4d80-963e-5990c33fc8e0\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\",\"type\":\"cardinality\",\"field\":\"destination.domain\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Destinations\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-ecs-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"background_color_rules\":[{\"id\":\"a075e039-575f-4c8b-b940-2e884eba28aa\"}],\"time_range_mode\":\"entire_time_range\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"7746766c-c71b-4a8a-8b5d-863e8e16aa02","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,14301],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY2OTQsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"destination.port\",\"negate\":false,\"params\":{\"query\":\"68\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match_phrase\":{\"destination.port\":\"68\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"event.dataset\",\"negate\":false,\"params\":[\"ipfix\",\"netflow\"],\"type\":\"phrases\",\"value\":\"ipfix, netflow\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"event.dataset\":\"ipfix\"}},{\"match_phrase\":{\"event.dataset\":\"netflow\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"source.port\",\"negate\":false,\"params\":{\"query\":\"67\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"match_phrase\":{\"source.port\":\"67\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"network.transport\",\"negate\":false,\"params\":{\"query\":\"udp\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[3].meta.index\"},\"query\":{\"match_phrase\":{\"network.transport\":\"udp\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): DHCP Responses by Server - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: DHCP Responses by Server - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"Resp\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":99,\"otherBucket\":true,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"DHCP Server\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"68a95a90-45ae-4adf-a699-26ee8e76e617","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[3].meta.index","type":"index-pattern"}],"sort":[1675811601479,14307],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY2OTUsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Throughput/Ingress Interface (bits/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/Ingress Interface (bits/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"243e6f91-2230-4e05-bcdd-3fb4a0941bab\",\"type\":\"timeseries\",\"series\":[{\"id\":\"51ea642f-d1a5-4d80-963e-5990c33fc8e0\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\",\"type\":\"sum\",\"field\":\"network.bytes\"},{\"id\":\"6a8fef1c-81ba-4dc7-9707-418a50286686\",\"type\":\"calculation\",\"variables\":[{\"id\":\"99002288-db72-4bdf-a45f-ab3f6fd9def5\",\"name\":\"bytes\",\"field\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\"},{\"id\":\"421e0fdf-4321-44f1-bb3e-439c1e13ed98\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"be634496-f50c-476b-b941-f643e4e5e302\",\"type\":\"sum\",\"field\":\"network.bytes\"},{\"id\":\"ad71e075-6b32-48d3-9166-56de5602e828\",\"type\":\"calculation\",\"variables\":[{\"id\":\"6444c352-97d0-411f-a9cb-84d693544965\",\"name\":\"bytes\",\"field\":\"be634496-f50c-476b-b941-f643e4e5e302\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Interfaces\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\",\"terms_field\":\"observer.ingress.interface.name\",\"terms_size\":\"25\",\"terms_order_by\":\"be634496-f50c-476b-b941-f643e4e5e302\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-ecs-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"filter\":{\"query\":\"observer.ingress.interface.name: * \",\"language\":\"kuery\"},\"axis_min\":\"0\",\"use_kibana_indexes\":false,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"0be4eb16-7646-417a-887b-adac03ee6ae0","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,14308],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY2OTYsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Sources (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Sources (flow records) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Records\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\"}}"},"coreMigrationVersion":"8.2.0","id":"24b96fa1-57ab-49e2-a739-014f5152e9c7","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1675811601479,14310],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY2OTcsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"event.dataset\",\"negate\":false,\"params\":[\"ipfix\",\"netflow\"],\"type\":\"phrases\",\"value\":\"ipfix, netflow\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"event.dataset\":\"ipfix\"}},{\"match_phrase\":{\"event.dataset\":\"netflow\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"network.transport\",\"negate\":false,\"params\":{\"query\":\"udp\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"match_phrase\":{\"network.transport\":\"udp\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"source.port\",\"negate\":false,\"params\":{\"query\":\"123\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"match_phrase\":{\"source.port\":\"123\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"destination.port\",\"negate\":true,\"params\":{\"query\":\"123\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[3].meta.index\"},\"query\":{\"match_phrase\":{\"destination.port\":\"123\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): NTP Server Responses by Server - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: NTP Server Responses by Server - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"Resp\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"server.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":99,\"otherBucket\":true,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"NTP Server\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"69e7dfdb-968e-4338-8136-abf1de8e306f","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[3].meta.index","type":"index-pattern"}],"sort":[1675811601479,14316],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY2OTgsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Client/Server/Service/Application - input list","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Client/Server/Service/Application - input list\",\"type\":\"input_control_vis\",\"aggs\":[],\"params\":{\"controls\":[{\"id\":\"1607868729183\",\"fieldName\":\"host.name\",\"parent\":\"\",\"label\":\"Flow Exporter\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":1000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_0_index_pattern\"},{\"id\":\"1607868774014\",\"fieldName\":\"client.domain\",\"parent\":\"\",\"label\":\"Client\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":5000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_1_index_pattern\"},{\"id\":\"1607868810362\",\"fieldName\":\"server.domain\",\"parent\":\"\",\"label\":\"Server\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":5000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_2_index_pattern\"},{\"id\":\"1607868835824\",\"fieldName\":\"flow.server.l4.port.name\",\"parent\":\"\",\"label\":\"Service\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":1000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_3_index_pattern\"},{\"id\":\"1608040362438\",\"fieldName\":\"network.application\",\"parent\":\"\",\"label\":\"Applications\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":250,\"order\":\"desc\"},\"indexPatternRefName\":\"control_4_index_pattern\"}],\"updateFiltersOnChange\":true,\"useTimeFilter\":true,\"pinFilters\":true}}"},"coreMigrationVersion":"8.2.0","id":"ce234572-e80c-4059-becc-80e278d75fc4","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"control_0_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"control_1_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"control_2_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"control_3_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"control_4_index_pattern","type":"index-pattern"}],"sort":[1675811601479,14322],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY2OTksMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"terms\":{\"event.dataset\":[\"netflow\",\"ipfix\"]}},{\"term\":{\"tcp.flags.bits\":2}},{\"term\":{\"source.as.organization.name\":\"PRIVATE\"}},{\"term\":{\"destination.as.organization.name\":\"PRIVATE\"}}]},\"meta\":{\"alias\":\"SYN-only Private\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"terms\\\":{\\\"event.dataset\\\":[\\\"netflow\\\",\\\"ipfix\\\"]}},{\\\"term\\\":{\\\"tcp.flags.bits\\\":2}},{\\\"term\\\":{\\\"source.as.organization.name\\\":\\\"PRIVATE\\\"}},{\\\"term\\\":{\\\"destination.as.organization.name\\\":\\\"PRIVATE\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): TCP SYN-only Sessions (Private) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: TCP SYN-only Sessions (Private) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"source.port\",\"customLabel\":\"Sessions\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.l4.port.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"832d1a6f-af72-47de-9ebf-9af2947151c5","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1675811601479,14325],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY3MDAsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): NAV - Geo IP","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Geo IP\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"time_range_mode\":\"last_value\",\"id\":\"243e6f91-2230-4e05-bcdd-3fb4a0941bab\",\"type\":\"markdown\",\"series\":[{\"time_range_mode\":\"entire_time_range\",\"id\":\"51ea642f-d1a5-4d80-963e-5990c33fc8e0\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*-ecs-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"markdown\":\"[Overview](#/dashboard/bbed16d8-b093-43a7-906a-c540bd306de6) | [Top-N](#/dashboard/6ffd0f89-824f-480e-bac3-6208b569a7c5) | [Core Services](#/dashboard/7bba2030-1878-4d50-a9c4-21372a9a3c73) | [Threats](#/dashboard/b9f81d8f-5f4a-4396-9372-de586cd9e67c) | [Flows](#/dashboard/d65172bd-25ad-445d-a6d7-c8c088993cdb) | [Graph](#/dashboard/428e8b89-92d5-4e7b-a83a-8379083a0874) | [**Geo IP**](#/dashboard/4d2f9e68-5019-4811-a3b6-081fd79db1e1) | [AS Traffic](#/dashboard/81f1a40e-98e5-4d15-bb0f-938a495f2af1) | [Exporters](#/dashboard/14d5dd97-4807-4267-9399-b5ced2d9abbe) | [Traffic Details](#/dashboard/fc15dfee-2dc4-4370-8cac-e6f9c73bcdf2) | [Flow Records](#/dashboard/31e00644-3a1e-4e11-9256-5f35aadd077c)\\n***\",\"markdown_css\":\"p{color:#aaaaaa;margin-top:0;margin-bottom:12px} p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none} p a strong{color:#1ba9f5;font-weight:bold} hr{background-color:#aaaaaa;margin:0;height:1px} a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1,\"truncate_legend\":1,\"max_lines_legend\":1}}"},"coreMigrationVersion":"8.2.0","id":"c780c975-cb83-4cf7-9fbe-09c084a88659","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,14326],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY3MDEsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): NAV - Geo IP (client/server)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Geo IP (client/server)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"243e6f91-2230-4e05-bcdd-3fb4a0941bab\",\"type\":\"markdown\",\"series\":[{\"id\":\"51ea642f-d1a5-4d80-963e-5990c33fc8e0\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*-ecs-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"markdown\":\"[**Client/Server**](#/dashboard/4d2f9e68-5019-4811-a3b6-081fd79db1e1) | [Src/Dst](#/dashboard/701b97b9-fce3-46a0-9f19-d7e7eca92467)\\n***\",\"markdown_css\":\"p{color:#aaaaaa;margin-top:0;margin-bottom:12px} p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none} p a strong{color:#1ba9f5;font-weight:bold} hr{background-color:#aaaaaa;margin:0;height:1px} a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"06a161bb-4cbb-4993-8f99-728023715ea4","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,14327],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY3MDIsMl0="}
{"attributes":{"description":"","layerListJSON":"[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true,\"lightModeDefault\":\"road_map\"},\"id\":\"12f040e6-7b27-478f-96ac-750e8095adec\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"type\":\"EMS_VECTOR_TILE\"},{\"sourceDescriptor\":{\"type\":\"ES_PEW_PEW\",\"id\":\"29d2d536-f072-475e-8409-9309de8eed53\",\"sourceGeoField\":\"client.geo.location\",\"destGeoField\":\"server.geo.location\",\"metrics\":[{\"type\":\"count\",\"label\":\"Flows\"},{\"type\":\"sum\",\"field\":\"network.bytes\",\"label\":\"Bytes\"},{\"type\":\"sum\",\"field\":\"network.packets\",\"label\":\"Packets\"}],\"applyGlobalTime\":true,\"applyGlobalQuery\":true,\"indexPatternRefName\":\"layer_1_source_index_pattern\"},\"style\":{\"type\":\"VECTOR\",\"properties\":{\"icon\":{\"type\":\"STATIC\",\"options\":{\"value\":\"marker\"}},\"fillColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#54B399\"}},\"lineColor\":{\"type\":\"DYNAMIC\",\"options\":{\"color\":\"Blue to Red\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":true,\"sigma\":3},\"type\":\"ORDINAL\",\"useCustomColorRamp\":false}},\"lineWidth\":{\"type\":\"DYNAMIC\",\"options\":{\"minSize\":2,\"maxSize\":12,\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":true,\"sigma\":3}}},\"iconSize\":{\"type\":\"STATIC\",\"options\":{\"size\":6}},\"iconOrientation\":{\"type\":\"STATIC\",\"options\":{\"orientation\":0}},\"labelText\":{\"type\":\"STATIC\",\"options\":{\"value\":\"\"}},\"labelColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#FFFFFF\"}},\"labelSize\":{\"type\":\"STATIC\",\"options\":{\"size\":14}},\"labelBorderColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#000000\"}},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}}},\"isTimeAware\":true},\"id\":\"cea4d504-06b3-40dc-a1f8-154000f62677\",\"label\":\"Flows\",\"minZoom\":0,\"maxZoom\":24,\"alpha\":0.75,\"visible\":true,\"type\":\"GEOJSON_VECTOR\",\"joins\":[],\"query\":{\"query\":\"\",\"language\":\"kuery\"}},{\"sourceDescriptor\":{\"geoField\":\"server.geo.location\",\"filterByMapBounds\":true,\"scalingType\":\"TOP_HITS\",\"topHitsSplitField\":\"server.domain\",\"topHitsSize\":100,\"id\":\"b0e3718f-ad48-446d-8291-85ea7197b3ba\",\"type\":\"ES_SEARCH\",\"tooltipProperties\":[\"server.domain\",\"server.ip\",\"flow.server.as.label\",\"network.bytes\",\"network.packets\"],\"sortField\":\"network.bytes\",\"sortOrder\":\"desc\",\"indexPatternRefName\":\"layer_2_source_index_pattern\"},\"id\":\"ab37090b-08db-4bfd-ae91-1a5592f3bfa0\",\"label\":\"Servers\",\"minZoom\":0,\"maxZoom\":24,\"alpha\":0.5,\"visible\":true,\"style\":{\"type\":\"VECTOR\",\"properties\":{\"icon\":{\"type\":\"STATIC\",\"options\":{\"value\":\"square\"}},\"fillColor\":{\"type\":\"DYNAMIC\",\"options\":{\"color\":\"Green to Red\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"network.bytes\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":true,\"sigma\":3},\"type\":\"ORDINAL\",\"useCustomColorRamp\":false}},\"lineColor\":{\"type\":\"DYNAMIC\",\"options\":{\"color\":\"Green to Red\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"network.packets\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":true,\"sigma\":3},\"type\":\"ORDINAL\",\"useCustomColorRamp\":false}},\"lineWidth\":{\"type\":\"STATIC\",\"options\":{\"size\":2}},\"iconSize\":{\"type\":\"DYNAMIC\",\"options\":{\"minSize\":4,\"maxSize\":16,\"field\":{\"label\":\"network.bytes\",\"name\":\"network.bytes\",\"origin\":\"source\",\"type\":\"number\",\"supportsAutoDomain\":true},\"fieldMetaOptions\":{\"isEnabled\":true,\"sigma\":3}}},\"iconOrientation\":{\"type\":\"STATIC\",\"options\":{\"orientation\":0}},\"labelText\":{\"type\":\"STATIC\",\"options\":{\"value\":\"\"}},\"labelColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#FFFFFF\"}},\"labelSize\":{\"type\":\"STATIC\",\"options\":{\"size\":14}},\"labelBorderColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#000000\"}},\"symbolizeAs\":{\"options\":{\"value\":\"icon\"}},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}}},\"isTimeAware\":true},\"type\":\"GEOJSON_VECTOR\",\"joins\":[],\"query\":{\"query\":\"client.geo.location:* and server.geo.location:*\",\"language\":\"kuery\"}},{\"sourceDescriptor\":{\"geoField\":\"client.geo.location\",\"filterByMapBounds\":true,\"scalingType\":\"TOP_HITS\",\"topHitsSplitField\":\"client.domain\",\"topHitsSize\":100,\"id\":\"ced3a773-8156-4eca-b485-c624aff19887\",\"type\":\"ES_SEARCH\",\"tooltipProperties\":[\"client.domain\",\"client.ip\",\"flow.client.as.label\",\"network.bytes\",\"network.packets\"],\"sortField\":\"network.bytes\",\"sortOrder\":\"desc\",\"indexPatternRefName\":\"layer_3_source_index_pattern\"},\"id\":\"585d81d7-35fd-4ed4-ab03-fd4a9666008f\",\"label\":\"Clients\",\"minZoom\":0,\"maxZoom\":24,\"alpha\":0.5,\"visible\":true,\"style\":{\"type\":\"VECTOR\",\"properties\":{\"icon\":{\"type\":\"STATIC\",\"options\":{\"value\":\"marker\"}},\"fillColor\":{\"type\":\"DYNAMIC\",\"options\":{\"color\":\"Blue to Red\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"network.bytes\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":true,\"sigma\":3},\"type\":\"ORDINAL\",\"useCustomColorRamp\":false}},\"lineColor\":{\"type\":\"DYNAMIC\",\"options\":{\"color\":\"Blue to Red\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"network.packets\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":true,\"sigma\":3},\"type\":\"ORDINAL\",\"useCustomColorRamp\":false}},\"lineWidth\":{\"type\":\"STATIC\",\"options\":{\"size\":2}},\"iconSize\":{\"type\":\"DYNAMIC\",\"options\":{\"minSize\":4,\"maxSize\":16,\"field\":{\"label\":\"network.bytes\",\"name\":\"network.bytes\",\"origin\":\"source\",\"type\":\"number\",\"supportsAutoDomain\":true},\"fieldMetaOptions\":{\"isEnabled\":true,\"sigma\":3}}},\"iconOrientation\":{\"type\":\"STATIC\",\"options\":{\"orientation\":0}},\"labelText\":{\"type\":\"STATIC\",\"options\":{\"value\":\"\"}},\"labelColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#FFFFFF\"}},\"labelSize\":{\"type\":\"STATIC\",\"options\":{\"size\":14}},\"labelBorderColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#000000\"}},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}}},\"isTimeAware\":true},\"type\":\"GEOJSON_VECTOR\",\"joins\":[],\"query\":{\"query\":\"client.geo.location:* and server.geo.location:*\",\"language\":\"kuery\"}}]","mapStateJSON":"{\"zoom\":1.64,\"center\":{\"lon\":12.69507,\"lat\":17.00548},\"timeFilters\":{\"from\":\"now-1h/m\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}","title":"ElastiFlow (flow): Client/Server Flows (light)","uiStateJSON":"{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}"},"coreMigrationVersion":"8.2.0","id":"df5d830a-f3b4-4fa0-9ac4-fc8ccb652fc9","migrationVersion":{"map":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"layer_1_source_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"layer_2_source_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"layer_3_source_index_pattern","type":"index-pattern"}],"sort":[1675811601479,14331],"type":"map","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY3MDMsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Server Countries (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow (flow): Server Countries (flow records) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Records\",\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"server.geo.country_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Country\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"nestedLegend\":false,\"truncateLegend\":true,\"maxLegendLines\":1,\"emptySizeRatio\":0.3,\"legendSize\":180}}"},"coreMigrationVersion":"8.2.0","id":"43c71077-cf2a-4443-a872-186b0c4b2801","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1675812468621,16578],"type":"visualization","updated_at":"2023-02-07T23:27:48.621Z","version":"WzgyNTMsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Client Time Zones (flow records) - donut/left","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow (flow): Client Time Zones (flow records) - donut/left\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Records\",\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.client.geo.tz.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Time Zone\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"left\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"nestedLegend\":false,\"truncateLegend\":true,\"maxLegendLines\":1,\"emptySizeRatio\":0.3,\"legendSize\":180}}"},"coreMigrationVersion":"8.2.0","id":"3f8974a2-1f4b-4eb8-9d57-2156941e7cc1","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1675812373481,16516],"type":"visualization","updated_at":"2023-02-07T23:26:13.481Z","version":"WzgxOTEsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Server Time Zones (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow (flow): Server Time Zones (flow records) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Records\",\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.server.geo.tz.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Time Zone\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"nestedLegend\":false,\"truncateLegend\":true,\"maxLegendLines\":1,\"emptySizeRatio\":0.3,\"legendSize\":180}}"},"coreMigrationVersion":"8.2.0","id":"f1a2f52e-d0b0-4693-a7c2-0819da14e6fe","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1675812413584,16542],"type":"visualization","updated_at":"2023-02-07T23:26:53.584Z","version":"WzgyMTEsMl0="}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":false}","panelsJSON":"[{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"h\":4,\"i\":\"660af104-510a-41ce-807a-5a1636784be0\",\"w\":28,\"x\":0,\"y\":0},\"panelIndex\":\"660af104-510a-41ce-807a-5a1636784be0\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_660af104-510a-41ce-807a-5a1636784be0\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"h\":4,\"i\":\"885e8189-5c22-4fb9-ba0f-bdbe58c9d1cb\",\"w\":15,\"x\":28,\"y\":0},\"panelIndex\":\"885e8189-5c22-4fb9-ba0f-bdbe58c9d1cb\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_885e8189-5c22-4fb9-ba0f-bdbe58c9d1cb\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"h\":4,\"i\":\"99e989b8-3904-4c2e-850a-d7e2f645a43b\",\"w\":5,\"x\":43,\"y\":0},\"panelIndex\":\"99e989b8-3904-4c2e-850a-d7e2f645a43b\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_99e989b8-3904-4c2e-850a-d7e2f645a43b\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"h\":5,\"i\":\"a5e9c5ae-6c46-4fc9-8e63-4ded0859e4a7\",\"w\":48,\"x\":0,\"y\":4},\"panelIndex\":\"a5e9c5ae-6c46-4fc9-8e63-4ded0859e4a7\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_a5e9c5ae-6c46-4fc9-8e63-4ded0859e4a7\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"h\":11,\"i\":\"a8cf2c04-99aa-4061-8217-90914f3b1c0d\",\"w\":11,\"x\":0,\"y\":9},\"panelIndex\":\"a8cf2c04-99aa-4061-8217-90914f3b1c0d\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Client Countries (flow records)\",\"panelRefName\":\"panel_a8cf2c04-99aa-4061-8217-90914f3b1c0d\"},{\"version\":\"7.10.0\",\"type\":\"map\",\"gridData\":{\"h\":33,\"i\":\"39d678e0-0305-4fe7-95f3-4d92712bfbcd\",\"w\":26,\"x\":11,\"y\":9},\"panelIndex\":\"39d678e0-0305-4fe7-95f3-4d92712bfbcd\",\"embeddableConfig\":{\"hiddenLayers\":[],\"hidePanelTitles\":true,\"isLayerTOCOpen\":false,\"mapCenter\":{\"lat\":23.45479,\"lon\":14.41315,\"zoom\":1.11},\"openTOCDetails\":[],\"enhancements\":{}},\"panelRefName\":\"panel_39d678e0-0305-4fe7-95f3-4d92712bfbcd\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"h\":11,\"i\":\"b7fa9c2d-3fbd-4a67-bf85-5ce2b4fcc6be\",\"w\":11,\"x\":37,\"y\":9},\"panelIndex\":\"b7fa9c2d-3fbd-4a67-bf85-5ce2b4fcc6be\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Server Countries (flow records)\",\"panelRefName\":\"panel_b7fa9c2d-3fbd-4a67-bf85-5ce2b4fcc6be\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"h\":11,\"i\":\"d50336cb-a4a5-4355-9ca7-8e4a7f7052b0\",\"w\":11,\"x\":0,\"y\":20},\"panelIndex\":\"d50336cb-a4a5-4355-9ca7-8e4a7f7052b0\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Client Cities (flow records)\",\"panelRefName\":\"panel_d50336cb-a4a5-4355-9ca7-8e4a7f7052b0\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"h\":11,\"i\":\"9c1c8c50-6db3-40bf-b947-678a8a5189d9\",\"w\":11,\"x\":37,\"y\":20},\"panelIndex\":\"9c1c8c50-6db3-40bf-b947-678a8a5189d9\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Server Cities (flow records)\",\"panelRefName\":\"panel_9c1c8c50-6db3-40bf-b947-678a8a5189d9\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"h\":11,\"i\":\"5c2aa379-8f58-43e7-a8f1-c541dbd3d610\",\"w\":11,\"x\":0,\"y\":31},\"panelIndex\":\"5c2aa379-8f58-43e7-a8f1-c541dbd3d610\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Client Time Zones (flow records)\",\"panelRefName\":\"panel_5c2aa379-8f58-43e7-a8f1-c541dbd3d610\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"h\":11,\"i\":\"c5c3fcdf-75e7-441a-a7cf-1996e45e4712\",\"w\":11,\"x\":37,\"y\":31},\"panelIndex\":\"c5c3fcdf-75e7-441a-a7cf-1996e45e4712\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Server Time Zones (flow records)\",\"panelRefName\":\"panel_c5c3fcdf-75e7-441a-a7cf-1996e45e4712\"}]","timeRestore":false,"title":"ElastiFlow (flow): Geo Location (client/server)","version":1},"coreMigrationVersion":"8.2.0","id":"4d2f9e68-5019-4811-a3b6-081fd79db1e1","migrationVersion":{"dashboard":"8.2.0"},"references":[{"id":"c780c975-cb83-4cf7-9fbe-09c084a88659","name":"660af104-510a-41ce-807a-5a1636784be0:panel_660af104-510a-41ce-807a-5a1636784be0","type":"visualization"},{"id":"06a161bb-4cbb-4993-8f99-728023715ea4","name":"885e8189-5c22-4fb9-ba0f-bdbe58c9d1cb:panel_885e8189-5c22-4fb9-ba0f-bdbe58c9d1cb","type":"visualization"},{"id":"b3a59822-c752-45ed-b321-fe35aa1edda7","name":"99e989b8-3904-4c2e-850a-d7e2f645a43b:panel_99e989b8-3904-4c2e-850a-d7e2f645a43b","type":"visualization"},{"id":"9b879173-cdea-404a-9b6a-2265262cdf8b","name":"a5e9c5ae-6c46-4fc9-8e63-4ded0859e4a7:panel_a5e9c5ae-6c46-4fc9-8e63-4ded0859e4a7","type":"visualization"},{"id":"73ef092d-ac99-435b-b2a7-59f649f36b3e","name":"a8cf2c04-99aa-4061-8217-90914f3b1c0d:panel_a8cf2c04-99aa-4061-8217-90914f3b1c0d","type":"visualization"},{"id":"df5d830a-f3b4-4fa0-9ac4-fc8ccb652fc9","name":"39d678e0-0305-4fe7-95f3-4d92712bfbcd:panel_39d678e0-0305-4fe7-95f3-4d92712bfbcd","type":"map"},{"id":"43c71077-cf2a-4443-a872-186b0c4b2801","name":"b7fa9c2d-3fbd-4a67-bf85-5ce2b4fcc6be:panel_b7fa9c2d-3fbd-4a67-bf85-5ce2b4fcc6be","type":"visualization"},{"id":"389b8364-81d4-4d7f-b2a5-b5dc2cb32c57","name":"d50336cb-a4a5-4355-9ca7-8e4a7f7052b0:panel_d50336cb-a4a5-4355-9ca7-8e4a7f7052b0","type":"visualization"},{"id":"caff8d54-5d15-4148-bc9b-ef787f2278c3","name":"9c1c8c50-6db3-40bf-b947-678a8a5189d9:panel_9c1c8c50-6db3-40bf-b947-678a8a5189d9","type":"visualization"},{"id":"3f8974a2-1f4b-4eb8-9d57-2156941e7cc1","name":"5c2aa379-8f58-43e7-a8f1-c541dbd3d610:panel_5c2aa379-8f58-43e7-a8f1-c541dbd3d610","type":"visualization"},{"id":"f1a2f52e-d0b0-4693-a7c2-0819da14e6fe","name":"c5c3fcdf-75e7-441a-a7cf-1996e45e4712:panel_c5c3fcdf-75e7-441a-a7cf-1996e45e4712","type":"visualization"}],"sort":[1675811601479,14349],"type":"dashboard","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY3MDcsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): VLAN Count - TSVB (metric)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: VLAN Count - TSVB (metric)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"243e6f91-2230-4e05-bcdd-3fb4a0941bab\",\"type\":\"metric\",\"series\":[{\"id\":\"51ea642f-d1a5-4d80-963e-5990c33fc8e0\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\",\"type\":\"cardinality\",\"field\":\"vlan.tag.id\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"VLANs\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-ecs-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"background_color_rules\":[{\"id\":\"a075e039-575f-4c8b-b940-2e884eba28aa\"}],\"time_range_mode\":\"entire_time_range\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"908cb983-6944-4968-8fe7-88584e7ab676","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,14350],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY3MDgsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): NAV - AS-Path Hops","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow (flow): NAV - AS-Path Hops\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"time_range_mode\":\"last_value\",\"id\":\"243e6f91-2230-4e05-bcdd-3fb4a0941bab\",\"type\":\"markdown\",\"series\":[{\"time_range_mode\":\"entire_time_range\",\"id\":\"51ea642f-d1a5-4d80-963e-5990c33fc8e0\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*-ecs-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"markdown\":\"[Return to Flows](#/dashboard/81f1a40e-98e5-4d15-bb0f-938a495f2af1) | [**Hops**](#/dashboard/ae9fd5a6-4145-4604-b96b-d8b34c5300b3) | [Flows](#/dashboard/1d3441a2-28f5-47d5-8301-ece76849777e) | [Endpoints](#/dashboard/7a242ad4-af3c-403c-8253-e636edd413a4)\\n***\",\"markdown_css\":\"p{color:#aaaaaa;margin-top:0;margin-bottom:12px} p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none} p a strong{color:#1ba9f5;font-weight:bold} hr{background-color:#aaaaaa;margin:0;height:1px} a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1,\"truncate_legend\":1,\"max_lines_legend\":1}}"},"coreMigrationVersion":"8.2.0","id":"7d3f51c6-ce20-4c01-a159-e93d1b268288","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,14351],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY3MDksMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"event.dataset\",\"negate\":false,\"params\":[\"ipfix\",\"netflow\"],\"type\":\"phrases\",\"value\":\"ipfix, netflow\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"event.dataset\":\"ipfix\"}},{\"match_phrase\":{\"event.dataset\":\"netflow\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":\"DNS\",\"disabled\":false,\"key\":\"query\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"bool\\\":{\\\"minimum_should_match\\\":1,\\\"should\\\":[{\\\"match_phrase\\\":{\\\"source.port\\\":53}},{\\\"match_phrase\\\":{\\\"destination.port\\\":53}}]}}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"source.port\":53}},{\"match_phrase\":{\"destination.port\":53}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"network.transport\",\"negate\":false,\"params\":{\"query\":\"udp\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"match_phrase\":{\"network.transport\":\"udp\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): DNS Messages by Exporter - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: DNS Messages by Exporter - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"Messages\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":99,\"otherBucket\":true,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Flow Exporter\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"eee37a32-4b8b-411c-9c91-a270241c75e9","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index","type":"index-pattern"}],"sort":[1675811601479,14356],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY3MTAsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Source Autonomous Systems (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Source Autonomous Systems (flow records) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Records\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.as.label\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source AS\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\"}}"},"coreMigrationVersion":"8.2.0","id":"58f24544-6dbb-416e-a015-5ecf077d82da","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1675811601479,14358],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY3MTEsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Client Countries and Cities (bytes) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Client Countries and Cities (bytes) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Bytes\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"client.geo.country_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Country\"},\"schema\":\"segment\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"client.geo.city_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"City\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\"}}"},"coreMigrationVersion":"8.2.0","id":"25349134-ccb3-4207-b511-7b5bab7cfc68","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1675811601479,14360],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY3MTIsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"terms\":{\"network.transport\":[\"icmp\",\"ipv6-icmp\"]}},{\"term\":{\"source.as.organization.name\":\"PRIVATE\"}}],\"must_not\":[{\"term\":{\"destination.as.organization.name\":\"PRIVATE\"}}]},\"meta\":{\"alias\":\"ICMP Outbound\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"terms\\\":{\\\"network.transport\\\":[\\\"icmp\\\",\\\"ipv6-icmp\\\"]}},{\\\"term\\\":{\\\"source.as.organization.name\\\":\\\"PRIVATE\\\"}}],\\\"must_not\\\":[{\\\"term\\\":{\\\"destination.as.organization.name\\\":\\\"PRIVATE\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): ICMP Messages Direct (Outbound) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: ICMP Messages Direct (Outbound) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Messages\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"f4724049-72e3-4841-a5a6-61c27be6f444","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1675811601479,14363],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY3MTMsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"terms\":{\"event.dataset\":[\"netflow\",\"ipfix\"]}},{\"term\":{\"tcp.flags.bits\":2}},{\"term\":{\"source.as.organization.name\":\"PRIVATE\"}}],\"must_not\":[{\"term\":{\"destination.as.organization.name\":\"PRIVATE\"}}]},\"meta\":{\"alias\":\"SYN-only Outbound\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"terms\\\":{\\\"event.dataset\\\":[\\\"netflow\\\",\\\"ipfix\\\"]}},{\\\"term\\\":{\\\"tcp.flags.bits\\\":2}},{\\\"term\\\":{\\\"source.as.organization.name\\\":\\\"PRIVATE\\\"}}],\\\"must_not\\\":[{\\\"term\\\":{\\\"destination.as.organization.name\\\":\\\"PRIVATE\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): TCP SYN-only Sources (Outbound) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: TCP SYN-only Sources (Outbound) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"source.ip\",\"customLabel\":\"Sources\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.l4.port.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"9a3074a0-2b62-4216-b3a6-ff706fcf799c","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1675811601479,14366],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY3MTQsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"event.dataset\",\"negate\":false,\"params\":[\"ipfix\",\"netflow\"],\"type\":\"phrases\",\"value\":\"ipfix, netflow\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"event.dataset\":\"ipfix\"}},{\"match_phrase\":{\"event.dataset\":\"netflow\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"network.transport\",\"negate\":false,\"params\":{\"query\":\"udp\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"match_phrase\":{\"network.transport\":\"udp\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"source.port\",\"negate\":false,\"params\":{\"query\":\"123\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"match_phrase\":{\"source.port\":\"123\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"destination.port\",\"negate\":true,\"params\":{\"query\":\"123\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[3].meta.index\"},\"query\":{\"match_phrase\":{\"destination.port\":\"123\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): NTP Server Responses by Client - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: NTP Server Responses by Client - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"Resp\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"client.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":99,\"otherBucket\":true,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"NTP Client\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"86a2cc1e-15df-45ab-a1aa-3e66bf0301dd","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[3].meta.index","type":"index-pattern"}],"sort":[1675811601479,14372],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY3MTUsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Throughput/DSCP (pkts/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/DSCP (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"243e6f91-2230-4e05-bcdd-3fb4a0941bab\",\"type\":\"timeseries\",\"series\":[{\"id\":\"51ea642f-d1a5-4d80-963e-5990c33fc8e0\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\",\"type\":\"sum\",\"field\":\"network.packets\"},{\"id\":\"d5cdca01-07bc-4ef8-9818-506c99debcf5\",\"type\":\"math\",\"variables\":[{\"id\":\"63d9e346-cb8f-4f47-a54b-fd62125c9497\",\"name\":\"packets\",\"field\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\"},{\"id\":\"421e0fdf-4321-44f1-bb3e-439c1e13ed98\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"be634496-f50c-476b-b941-f643e4e5e302\",\"type\":\"sum\",\"field\":\"network.packets\"},{\"id\":\"c21fe41a-dd71-40d1-b64f-cd70fe99a07c\",\"type\":\"math\",\"variables\":[{\"id\":\"28d09142-4454-4295-aaf6-a3e3cd11d2ff\",\"name\":\"packets\",\"field\":\"be634496-f50c-476b-b941-f643e4e5e302\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top DSCPs\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\",\"terms_field\":\"ip.dscp.name\",\"terms_size\":\"25\",\"terms_order_by\":\"be634496-f50c-476b-b941-f643e4e5e302\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-ecs-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"filter\":{\"query\":\"ip.dscp.name: * \",\"language\":\"kuery\"},\"axis_min\":\"0\",\"use_kibana_indexes\":false,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"dd877113-e815-4d47-96c6-2047abe073d3","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,14373],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY3MTYsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): IP Reputations (flows) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: IP Reputations (flows) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"3\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"flow.conversation.id\",\"customLabel\":\"Conversations\"},\"schema\":\"metric\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"sec.threat.name\",\"orderBy\":\"3\",\"order\":\"desc\",\"size\":99,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Top IP Reputations\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"2ce97e1c-91b7-494b-b972-0c5146cf3e60","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1675811601479,14375],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY3MTcsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): NAV - Geo IP (src/dst)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Geo IP (src/dst)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"243e6f91-2230-4e05-bcdd-3fb4a0941bab\",\"type\":\"markdown\",\"series\":[{\"id\":\"51ea642f-d1a5-4d80-963e-5990c33fc8e0\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*-ecs-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"markdown\":\"[Client/Server](#/dashboard/4d2f9e68-5019-4811-a3b6-081fd79db1e1) | [**Src/Dst**](#/dashboard/701b97b9-fce3-46a0-9f19-d7e7eca92467)\\n***\",\"markdown_css\":\"p{color:#aaaaaa;margin-top:0;margin-bottom:12px} p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none} p a strong{color:#1ba9f5;font-weight:bold} hr{background-color:#aaaaaa;margin:0;height:1px} a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"da2cc63c-a205-4408-9e8d-ca76c37c587e","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,14376],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY3MTgsMl0="}
{"attributes":{"description":"","layerListJSON":"[{\"sourceDescriptor\":{\"type\":\"EMS_TMS\",\"isAutoSelect\":true,\"lightModeDefault\":\"road_map\"},\"id\":\"12f040e6-7b27-478f-96ac-750e8095adec\",\"label\":null,\"minZoom\":0,\"maxZoom\":24,\"alpha\":1,\"visible\":true,\"style\":{\"type\":\"TILE\"},\"type\":\"EMS_VECTOR_TILE\"},{\"sourceDescriptor\":{\"type\":\"ES_PEW_PEW\",\"id\":\"de6a6096-28b3-4ffd-b522-75e742f134cc\",\"sourceGeoField\":\"source.geo.location\",\"destGeoField\":\"destination.geo.location\",\"metrics\":[{\"type\":\"count\",\"label\":\"Flows\"},{\"type\":\"sum\",\"field\":\"network.bytes\",\"label\":\"Bytes\"},{\"type\":\"sum\",\"field\":\"network.packets\",\"label\":\"Packets\"}],\"applyGlobalQuery\":true,\"applyGlobalTime\":true,\"indexPatternRefName\":\"layer_1_source_index_pattern\"},\"style\":{\"type\":\"VECTOR\",\"properties\":{\"icon\":{\"type\":\"STATIC\",\"options\":{\"value\":\"marker\"}},\"fillColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#54B399\"}},\"lineColor\":{\"type\":\"DYNAMIC\",\"options\":{\"color\":\"Blue to Red\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":true,\"sigma\":3},\"type\":\"ORDINAL\",\"useCustomColorRamp\":false}},\"lineWidth\":{\"type\":\"DYNAMIC\",\"options\":{\"minSize\":2,\"maxSize\":12,\"field\":{\"name\":\"doc_count\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":true,\"sigma\":3}}},\"iconSize\":{\"type\":\"STATIC\",\"options\":{\"size\":6}},\"iconOrientation\":{\"type\":\"STATIC\",\"options\":{\"orientation\":0}},\"labelText\":{\"type\":\"STATIC\",\"options\":{\"value\":\"\"}},\"labelColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#FFFFFF\"}},\"labelSize\":{\"type\":\"STATIC\",\"options\":{\"size\":14}},\"labelBorderColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#000000\"}},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}}},\"isTimeAware\":true},\"id\":\"f444f2b1-2c81-4468-9e0b-64bee8913d05\",\"label\":\"Flows\",\"minZoom\":0,\"maxZoom\":24,\"alpha\":0.75,\"visible\":true,\"type\":\"GEOJSON_VECTOR\",\"joins\":[],\"query\":{\"query\":\"\",\"language\":\"kuery\"}},{\"sourceDescriptor\":{\"geoField\":\"destination.geo.location\",\"filterByMapBounds\":true,\"scalingType\":\"TOP_HITS\",\"topHitsSplitField\":\"destination.domain\",\"topHitsSize\":100,\"id\":\"0ee4dbb6-ad58-4afd-999f-707bac5c8069\",\"type\":\"ES_SEARCH\",\"tooltipProperties\":[\"destination.domain\",\"destination.ip\",\"flow.dst.as.label\",\"network.bytes\",\"network.packets\"],\"sortField\":\"network.bytes\",\"sortOrder\":\"desc\",\"indexPatternRefName\":\"layer_2_source_index_pattern\"},\"id\":\"3507a642-0912-4f26-b63c-a32a59d65119\",\"label\":\"Destinations\",\"minZoom\":0,\"maxZoom\":24,\"alpha\":0.5,\"visible\":true,\"style\":{\"type\":\"VECTOR\",\"properties\":{\"icon\":{\"type\":\"STATIC\",\"options\":{\"value\":\"square\"}},\"fillColor\":{\"type\":\"DYNAMIC\",\"options\":{\"color\":\"Green to Red\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"network.bytes\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":true,\"sigma\":3},\"type\":\"ORDINAL\",\"useCustomColorRamp\":false}},\"lineColor\":{\"type\":\"DYNAMIC\",\"options\":{\"color\":\"Green to Red\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"network.packets\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":true,\"sigma\":3},\"type\":\"ORDINAL\",\"useCustomColorRamp\":false}},\"lineWidth\":{\"type\":\"STATIC\",\"options\":{\"size\":2}},\"iconSize\":{\"type\":\"DYNAMIC\",\"options\":{\"minSize\":4,\"maxSize\":16,\"field\":{\"label\":\"network.bytes\",\"name\":\"network.bytes\",\"origin\":\"source\",\"type\":\"number\",\"supportsAutoDomain\":true},\"fieldMetaOptions\":{\"isEnabled\":true,\"sigma\":3}}},\"iconOrientation\":{\"type\":\"STATIC\",\"options\":{\"orientation\":0}},\"labelText\":{\"type\":\"STATIC\",\"options\":{\"value\":\"\"}},\"labelColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#FFFFFF\"}},\"labelSize\":{\"type\":\"STATIC\",\"options\":{\"size\":14}},\"labelBorderColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#000000\"}},\"symbolizeAs\":{\"options\":{\"value\":\"icon\"}},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}}},\"isTimeAware\":true},\"type\":\"GEOJSON_VECTOR\",\"joins\":[],\"query\":{\"query\":\"source.geo.location:* and destination.geo.location:*\",\"language\":\"kuery\"}},{\"sourceDescriptor\":{\"geoField\":\"source.geo.location\",\"filterByMapBounds\":true,\"scalingType\":\"TOP_HITS\",\"topHitsSplitField\":\"source.domain\",\"topHitsSize\":100,\"id\":\"e7628737-98b0-4980-8686-b931926963b7\",\"type\":\"ES_SEARCH\",\"tooltipProperties\":[\"source.domain\",\"source.ip\",\"flow.src.as.label\",\"network.bytes\",\"network.packets\"],\"sortField\":\"network.bytes\",\"sortOrder\":\"desc\",\"indexPatternRefName\":\"layer_3_source_index_pattern\"},\"id\":\"e08cc6b7-c61f-466b-8e01-3a93204ea161\",\"label\":\"Sources\",\"minZoom\":0,\"maxZoom\":24,\"alpha\":0.5,\"visible\":true,\"style\":{\"type\":\"VECTOR\",\"properties\":{\"icon\":{\"type\":\"STATIC\",\"options\":{\"value\":\"marker\"}},\"fillColor\":{\"type\":\"DYNAMIC\",\"options\":{\"color\":\"Blue to Red\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"network.bytes\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":true,\"sigma\":3},\"type\":\"ORDINAL\",\"useCustomColorRamp\":false}},\"lineColor\":{\"type\":\"DYNAMIC\",\"options\":{\"color\":\"Blue to Red\",\"colorCategory\":\"palette_0\",\"field\":{\"name\":\"network.packets\",\"origin\":\"source\"},\"fieldMetaOptions\":{\"isEnabled\":true,\"sigma\":3},\"type\":\"ORDINAL\",\"useCustomColorRamp\":false}},\"lineWidth\":{\"type\":\"STATIC\",\"options\":{\"size\":2}},\"iconSize\":{\"type\":\"DYNAMIC\",\"options\":{\"minSize\":4,\"maxSize\":16,\"field\":{\"label\":\"network.bytes\",\"name\":\"network.bytes\",\"origin\":\"source\",\"type\":\"number\",\"supportsAutoDomain\":true},\"fieldMetaOptions\":{\"isEnabled\":true,\"sigma\":3}}},\"iconOrientation\":{\"type\":\"STATIC\",\"options\":{\"orientation\":0}},\"labelText\":{\"type\":\"STATIC\",\"options\":{\"value\":\"\"}},\"labelColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#FFFFFF\"}},\"labelSize\":{\"type\":\"STATIC\",\"options\":{\"size\":14}},\"labelBorderColor\":{\"type\":\"STATIC\",\"options\":{\"color\":\"#000000\"}},\"symbolizeAs\":{\"options\":{\"value\":\"circle\"}},\"labelBorderSize\":{\"options\":{\"size\":\"SMALL\"}}},\"isTimeAware\":true},\"type\":\"GEOJSON_VECTOR\",\"joins\":[],\"query\":{\"query\":\"source.geo.location:* and destination.geo.location:*\",\"language\":\"kuery\"}}]","mapStateJSON":"{\"zoom\":1.64,\"center\":{\"lon\":0,\"lat\":19.94277},\"timeFilters\":{\"from\":\"now-1h/m\",\"to\":\"now\"},\"refreshConfig\":{\"isPaused\":true,\"interval\":0},\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filters\":[],\"settings\":{\"autoFitToDataBounds\":false,\"backgroundColor\":\"#ffffff\",\"disableInteractive\":false,\"disableTooltipControl\":false,\"hideToolbarOverlay\":false,\"hideLayerControl\":false,\"hideViewControl\":false,\"initialLocation\":\"LAST_SAVED_LOCATION\",\"fixedLocation\":{\"lat\":0,\"lon\":0,\"zoom\":2},\"browserLocation\":{\"zoom\":2},\"maxZoom\":24,\"minZoom\":0,\"showScaleControl\":false,\"showSpatialFilters\":true,\"spatialFiltersAlpa\":0.3,\"spatialFiltersFillColor\":\"#DA8B45\",\"spatialFiltersLineColor\":\"#DA8B45\"}}","title":"ElastiFlow (flow): Source/Destination Flows (light)","uiStateJSON":"{\"isLayerTOCOpen\":true,\"openTOCDetails\":[]}"},"coreMigrationVersion":"8.2.0","id":"ee792ffa-52a9-4d2a-a36e-afd38436ed86","migrationVersion":{"map":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"layer_1_source_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"layer_2_source_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"layer_3_source_index_pattern","type":"index-pattern"}],"sort":[1675811601479,14380],"type":"map","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY3MTksMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Destination Countries (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow (flow): Destination Countries (flow records) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Records\",\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.geo.country_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Country\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"nestedLegend\":false,\"truncateLegend\":true,\"maxLegendLines\":1,\"emptySizeRatio\":0.3,\"legendSize\":180}}"},"coreMigrationVersion":"8.2.0","id":"74cd5a37-07a2-4ce1-82e1-4515d076edd2","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1675812595729,16710],"type":"visualization","updated_at":"2023-02-07T23:29:55.729Z","version":"WzgzODIsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Source Cities (flow records) - donut/left","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow (flow): Source Cities (flow records) - donut/left\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Records\",\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.geo.city_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"City\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"left\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"nestedLegend\":false,\"truncateLegend\":true,\"maxLegendLines\":1,\"emptySizeRatio\":0.3,\"legendSize\":180}}"},"coreMigrationVersion":"8.2.0","id":"d6136935-451a-4b22-818c-b9c78db1c771","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1675812513336,16627],"type":"visualization","updated_at":"2023-02-07T23:28:33.336Z","version":"WzgzMDIsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Destination Cities (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow (flow): Destination Cities (flow records) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Records\",\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.geo.city_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"City\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"nestedLegend\":false,\"truncateLegend\":true,\"maxLegendLines\":1,\"emptySizeRatio\":0.3,\"legendSize\":180}}"},"coreMigrationVersion":"8.2.0","id":"b0b5ce92-afb7-45b6-8e4c-1efaf10610de","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1675812578510,16680],"type":"visualization","updated_at":"2023-02-07T23:29:38.510Z","version":"WzgzNjIsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Source Time Zones (flow records) - donut/left","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow (flow): Source Time Zones (flow records) - donut/left\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Records\",\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.geo.tz.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Time Zone\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"left\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"nestedLegend\":false,\"truncateLegend\":true,\"maxLegendLines\":1,\"emptySizeRatio\":0.3,\"legendSize\":180}}"},"coreMigrationVersion":"8.2.0","id":"c48bb924-da5c-473d-bb7a-501d2603712b","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1675812526622,16660],"type":"visualization","updated_at":"2023-02-07T23:28:46.622Z","version":"WzgzMjAsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Destination Time Zones (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow (flow): Destination Time Zones (flow records) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Records\",\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.geo.tz.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Time Zone\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"nestedLegend\":false,\"truncateLegend\":true,\"maxLegendLines\":1,\"emptySizeRatio\":0.3,\"legendSize\":180}}"},"coreMigrationVersion":"8.2.0","id":"02d741a3-ccba-48a7-a0f4-7893593f64c8","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1675812543705,16664],"type":"visualization","updated_at":"2023-02-07T23:29:03.705Z","version":"WzgzNDAsMl0="}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":false}","panelsJSON":"[{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"h\":4,\"i\":\"c1851228-e0bf-4bff-b408-8ecb9b6d8bdf\",\"w\":28,\"x\":0,\"y\":0},\"panelIndex\":\"c1851228-e0bf-4bff-b408-8ecb9b6d8bdf\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_c1851228-e0bf-4bff-b408-8ecb9b6d8bdf\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"h\":4,\"i\":\"6d491af1-25c2-4c0d-9d65-56c9584a4dae\",\"w\":15,\"x\":28,\"y\":0},\"panelIndex\":\"6d491af1-25c2-4c0d-9d65-56c9584a4dae\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_6d491af1-25c2-4c0d-9d65-56c9584a4dae\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"h\":4,\"i\":\"1ddceb9a-22a6-467e-a30b-43f3bcd97cda\",\"w\":5,\"x\":43,\"y\":0},\"panelIndex\":\"1ddceb9a-22a6-467e-a30b-43f3bcd97cda\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_1ddceb9a-22a6-467e-a30b-43f3bcd97cda\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"h\":5,\"i\":\"84dedae1-2e0f-45af-8f18-79cd9c4ece36\",\"w\":48,\"x\":0,\"y\":4},\"panelIndex\":\"84dedae1-2e0f-45af-8f18-79cd9c4ece36\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_84dedae1-2e0f-45af-8f18-79cd9c4ece36\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"h\":11,\"i\":\"24085c74-b685-42f0-980c-e5a41ddb205a\",\"w\":11,\"x\":0,\"y\":9},\"panelIndex\":\"24085c74-b685-42f0-980c-e5a41ddb205a\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Source Countries (flow records)\",\"panelRefName\":\"panel_24085c74-b685-42f0-980c-e5a41ddb205a\"},{\"version\":\"7.10.0\",\"type\":\"map\",\"gridData\":{\"h\":33,\"i\":\"86a609a7-68af-4ab9-8162-3b250a827976\",\"w\":26,\"x\":11,\"y\":9},\"panelIndex\":\"86a609a7-68af-4ab9-8162-3b250a827976\",\"embeddableConfig\":{\"hiddenLayers\":[],\"hidePanelTitles\":true,\"isLayerTOCOpen\":false,\"mapCenter\":{\"lat\":23.45479,\"lon\":14.41315,\"zoom\":1.11},\"openTOCDetails\":[],\"enhancements\":{}},\"panelRefName\":\"panel_86a609a7-68af-4ab9-8162-3b250a827976\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"h\":11,\"i\":\"76907f1b-626d-461c-b296-ae9dd6da5000\",\"w\":11,\"x\":37,\"y\":9},\"panelIndex\":\"76907f1b-626d-461c-b296-ae9dd6da5000\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Destination Countries (flow records)\",\"panelRefName\":\"panel_76907f1b-626d-461c-b296-ae9dd6da5000\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"h\":11,\"i\":\"3ae68300-c9e6-40f9-abbb-57ff0be87161\",\"w\":11,\"x\":0,\"y\":20},\"panelIndex\":\"3ae68300-c9e6-40f9-abbb-57ff0be87161\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Source Cities (flow records)\",\"panelRefName\":\"panel_3ae68300-c9e6-40f9-abbb-57ff0be87161\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"h\":11,\"i\":\"66615872-aaee-45be-8119-9c21874bb619\",\"w\":11,\"x\":37,\"y\":20},\"panelIndex\":\"66615872-aaee-45be-8119-9c21874bb619\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Destination Cities (flow records)\",\"panelRefName\":\"panel_66615872-aaee-45be-8119-9c21874bb619\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"h\":11,\"i\":\"22d17dd7-aad7-42bc-8094-fa465fa66204\",\"w\":11,\"x\":0,\"y\":31},\"panelIndex\":\"22d17dd7-aad7-42bc-8094-fa465fa66204\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Source Time Zones (flow records)\",\"panelRefName\":\"panel_22d17dd7-aad7-42bc-8094-fa465fa66204\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"h\":11,\"i\":\"b9c61c46-218b-4410-845b-21edae4be382\",\"w\":11,\"x\":37,\"y\":31},\"panelIndex\":\"b9c61c46-218b-4410-845b-21edae4be382\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Destination Time Zones (flow records)\",\"panelRefName\":\"panel_b9c61c46-218b-4410-845b-21edae4be382\"}]","timeRestore":false,"title":"ElastiFlow (flow): Geo Location (src/dst)","version":1},"coreMigrationVersion":"8.2.0","id":"701b97b9-fce3-46a0-9f19-d7e7eca92467","migrationVersion":{"dashboard":"8.2.0"},"references":[{"id":"c780c975-cb83-4cf7-9fbe-09c084a88659","name":"c1851228-e0bf-4bff-b408-8ecb9b6d8bdf:panel_c1851228-e0bf-4bff-b408-8ecb9b6d8bdf","type":"visualization"},{"id":"da2cc63c-a205-4408-9e8d-ca76c37c587e","name":"6d491af1-25c2-4c0d-9d65-56c9584a4dae:panel_6d491af1-25c2-4c0d-9d65-56c9584a4dae","type":"visualization"},{"id":"b3a59822-c752-45ed-b321-fe35aa1edda7","name":"1ddceb9a-22a6-467e-a30b-43f3bcd97cda:panel_1ddceb9a-22a6-467e-a30b-43f3bcd97cda","type":"visualization"},{"id":"f554b5f4-8ab0-4f5f-89b9-2d8afb89207b","name":"84dedae1-2e0f-45af-8f18-79cd9c4ece36:panel_84dedae1-2e0f-45af-8f18-79cd9c4ece36","type":"visualization"},{"id":"200bcea2-102b-4981-9e60-ac02f358f80b","name":"24085c74-b685-42f0-980c-e5a41ddb205a:panel_24085c74-b685-42f0-980c-e5a41ddb205a","type":"visualization"},{"id":"ee792ffa-52a9-4d2a-a36e-afd38436ed86","name":"86a609a7-68af-4ab9-8162-3b250a827976:panel_86a609a7-68af-4ab9-8162-3b250a827976","type":"map"},{"id":"74cd5a37-07a2-4ce1-82e1-4515d076edd2","name":"76907f1b-626d-461c-b296-ae9dd6da5000:panel_76907f1b-626d-461c-b296-ae9dd6da5000","type":"visualization"},{"id":"d6136935-451a-4b22-818c-b9c78db1c771","name":"3ae68300-c9e6-40f9-abbb-57ff0be87161:panel_3ae68300-c9e6-40f9-abbb-57ff0be87161","type":"visualization"},{"id":"b0b5ce92-afb7-45b6-8e4c-1efaf10610de","name":"66615872-aaee-45be-8119-9c21874bb619:panel_66615872-aaee-45be-8119-9c21874bb619","type":"visualization"},{"id":"c48bb924-da5c-473d-bb7a-501d2603712b","name":"22d17dd7-aad7-42bc-8094-fa465fa66204:panel_22d17dd7-aad7-42bc-8094-fa465fa66204","type":"visualization"},{"id":"02d741a3-ccba-48a7-a0f4-7893593f64c8","name":"b9c61c46-218b-4410-845b-21edae4be382:panel_b9c61c46-218b-4410-845b-21edae4be382","type":"visualization"}],"sort":[1675811601479,14402],"type":"dashboard","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY3MjUsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Countries (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow (flow): Countries (flow records) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Records\",\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"geo.country.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Country\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"nestedLegend\":false,\"truncateLegend\":true,\"maxLegendLines\":1,\"emptySizeRatio\":0.3,\"legendSize\":180}}"},"coreMigrationVersion":"8.2.0","id":"5a0ed3a9-b3a6-4991-91e5-26301151431f","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1675812911552,17515],"type":"visualization","updated_at":"2023-02-07T23:35:11.552Z","version":"WzkxNjAsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Throughput/Layer-4 Protocol (pkts/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/Layer-4 Protocol (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"243e6f91-2230-4e05-bcdd-3fb4a0941bab\",\"type\":\"timeseries\",\"series\":[{\"id\":\"51ea642f-d1a5-4d80-963e-5990c33fc8e0\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\",\"type\":\"sum\",\"field\":\"network.packets\"},{\"id\":\"f2a17c43-aa4d-4e19-a931-ff2f6eb38bc9\",\"type\":\"math\",\"variables\":[{\"id\":\"51a817d1-924c-4a5a-8834-35446062a1ba\",\"name\":\"packets\",\"field\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\"},{\"id\":\"421e0fdf-4321-44f1-bb3e-439c1e13ed98\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"be634496-f50c-476b-b941-f643e4e5e302\",\"type\":\"sum\",\"field\":\"network.packets\"},{\"id\":\"f0598441-8596-466a-b0a0-12869192ef02\",\"type\":\"math\",\"variables\":[{\"id\":\"0674f3c9-9f59-4bcc-987e-dc15365e06b1\",\"name\":\"packets\",\"field\":\"be634496-f50c-476b-b941-f643e4e5e302\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Layer-4 Protocols\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\",\"terms_field\":\"network.transport\",\"terms_size\":\"25\",\"terms_order_by\":\"be634496-f50c-476b-b941-f643e4e5e302\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-ecs-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"filter\":{\"query\":\"network.transport: * \",\"language\":\"kuery\"},\"axis_min\":\"0\",\"use_kibana_indexes\":false,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"b6a162c6-1858-4553-a6bd-e1805a046ace","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,14405],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY3MjcsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Servers and Clients (bytes) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow (flow): Servers and Clients (bytes) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Bytes\",\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"server.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server\"},\"schema\":\"segment\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"client.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"nestedLegend\":true,\"legendDisplay\":\"show\",\"truncateLegend\":true,\"maxLegendLines\":1,\"emptySizeRatio\":0.3,\"legendSize\":230}}"},"coreMigrationVersion":"8.2.0","id":"7d3f1ac4-6bbf-4a4a-a0d1-9f7f7e5f33c4","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1675811623551,15230],"type":"visualization","updated_at":"2023-02-07T23:13:43.551Z","version":"WzY5NzIsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Services (bytes) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow (flow): Services (bytes) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Bytes\",\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.server.l4.port.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"nestedLegend\":false,\"truncateLegend\":true,\"maxLegendLines\":1,\"emptySizeRatio\":0.3,\"legendSize\":230}}"},"coreMigrationVersion":"8.2.0","id":"4548db6f-b142-4223-b4d9-58ab455b2f25","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1675811666178,15277],"type":"visualization","updated_at":"2023-02-07T23:14:26.178Z","version":"WzcwMjYsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Threats (records) - tag cloud","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Threats (records) - tag cloud\",\"type\":\"tagcloud\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"sec.threat.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":16,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\"},\"schema\":\"segment\"}],\"params\":{\"scale\":\"linear\",\"orientation\":\"single\",\"minFontSize\":12,\"maxFontSize\":32,\"showLabel\":false,\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"}}}"},"coreMigrationVersion":"8.2.0","id":"8c45a1fa-6a2a-4dd8-a1de-131e1045100f","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1675811601479,14411],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY3MzAsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): IP Versions and Protocols (bytes) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow (flow): IP Versions and Protocols (bytes) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Bytes\",\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.type\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Version\"},\"schema\":\"segment\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.transport\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Layer-4 Protocol\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"nestedLegend\":true,\"legendDisplay\":\"show\",\"truncateLegend\":true,\"maxLegendLines\":1,\"emptySizeRatio\":0.3,\"legendSize\":230}}"},"coreMigrationVersion":"8.2.0","id":"e85f932f-548b-4239-a282-55399b6e6bdd","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1675811655766,15262],"type":"visualization","updated_at":"2023-02-07T23:14:15.766Z","version":"WzcwMTEsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow: BLANK","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: BLANK\",\"type\":\"markdown\",\"aggs\":[],\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"\"}}"},"coreMigrationVersion":"8.2.0","id":"2a974000-47a6-404e-ac3c-37667c202cbd","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,14414],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY3MzIsMl0="}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"useMargins\":false,\"hidePanelTitles\":false}","panelsJSON":"[{\"version\":\"7.14.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":43,\"h\":4,\"i\":\"70ea5fc1-b67d-44d4-ac6b-c86b5f71e60b\"},\"panelIndex\":\"70ea5fc1-b67d-44d4-ac6b-c86b5f71e60b\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_70ea5fc1-b67d-44d4-ac6b-c86b5f71e60b\"},{\"version\":\"7.14.0\",\"type\":\"visualization\",\"gridData\":{\"x\":43,\"y\":0,\"w\":5,\"h\":4,\"i\":\"28249447-0b83-47e6-bbdf-0d12e957777d\"},\"panelIndex\":\"28249447-0b83-47e6-bbdf-0d12e957777d\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_28249447-0b83-47e6-bbdf-0d12e957777d\"},{\"version\":\"7.14.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":4,\"w\":48,\"h\":5,\"i\":\"b9e24169-b405-447c-85d5-64ffdabece1c\"},\"panelIndex\":\"b9e24169-b405-447c-85d5-64ffdabece1c\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_b9e24169-b405-447c-85d5-64ffdabece1c\"},{\"version\":\"7.14.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":9,\"w\":16,\"h\":16,\"i\":\"5ceb404e-a60c-4a8f-a4da-dd2cb22debf1\"},\"panelIndex\":\"5ceb404e-a60c-4a8f-a4da-dd2cb22debf1\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{},\"vis\":{\"legendOpen\":true}},\"title\":\"Servers and Clients (bytes)\",\"panelRefName\":\"panel_5ceb404e-a60c-4a8f-a4da-dd2cb22debf1\"},{\"version\":\"7.14.0\",\"type\":\"visualization\",\"gridData\":{\"x\":16,\"y\":9,\"w\":16,\"h\":16,\"i\":\"6d753680-9786-484f-b946-7707c4981431\"},\"panelIndex\":\"6d753680-9786-484f-b946-7707c4981431\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{},\"vis\":{\"legendOpen\":true}},\"title\":\"Services (bytes)\",\"panelRefName\":\"panel_6d753680-9786-484f-b946-7707c4981431\"},{\"version\":\"7.14.0\",\"type\":\"visualization\",\"gridData\":{\"x\":32,\"y\":9,\"w\":16,\"h\":10,\"i\":\"c06c50f8-9530-446a-8abc-ae5641bc5862\"},\"panelIndex\":\"c06c50f8-9530-446a-8abc-ae5641bc5862\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_c06c50f8-9530-446a-8abc-ae5641bc5862\"},{\"version\":\"7.14.0\",\"type\":\"visualization\",\"gridData\":{\"x\":32,\"y\":19,\"w\":16,\"h\":22,\"i\":\"44cbf109-3864-4299-aa15-c0214491ac13\"},\"panelIndex\":\"44cbf109-3864-4299-aa15-c0214491ac13\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_44cbf109-3864-4299-aa15-c0214491ac13\"},{\"version\":\"7.14.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":25,\"w\":16,\"h\":16,\"i\":\"d29e3d8f-b1d4-49f7-b129-7a26e9cf701b\"},\"panelIndex\":\"d29e3d8f-b1d4-49f7-b129-7a26e9cf701b\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{},\"vis\":{\"legendOpen\":true}},\"title\":\"Autonomous Systems (bytes)\",\"panelRefName\":\"panel_d29e3d8f-b1d4-49f7-b129-7a26e9cf701b\"},{\"version\":\"7.14.0\",\"type\":\"visualization\",\"gridData\":{\"x\":16,\"y\":25,\"w\":16,\"h\":16,\"i\":\"f3e1fd4e-37f0-43d5-a6e0-3be7456b5bbb\"},\"panelIndex\":\"f3e1fd4e-37f0-43d5-a6e0-3be7456b5bbb\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{},\"vis\":{\"legendOpen\":true}},\"title\":\"IP Versions and Protocols (bytes)\",\"panelRefName\":\"panel_f3e1fd4e-37f0-43d5-a6e0-3be7456b5bbb\"},{\"version\":\"7.14.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":41,\"w\":48,\"h\":1,\"i\":\"c868ffe5-756d-4654-bc1b-7f2d617f3c19\"},\"panelIndex\":\"c868ffe5-756d-4654-bc1b-7f2d617f3c19\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_c868ffe5-756d-4654-bc1b-7f2d617f3c19\"}]","timeRestore":false,"title":"ElastiFlow (flow): Overview","version":1},"coreMigrationVersion":"8.2.0","id":"bbed16d8-b093-43a7-906a-c540bd306de6","migrationVersion":{"dashboard":"8.2.0"},"references":[{"id":"20b9a33a-1f6b-4228-86c6-6362ffecbabc","name":"70ea5fc1-b67d-44d4-ac6b-c86b5f71e60b:panel_70ea5fc1-b67d-44d4-ac6b-c86b5f71e60b","type":"visualization"},{"id":"b3a59822-c752-45ed-b321-fe35aa1edda7","name":"28249447-0b83-47e6-bbdf-0d12e957777d:panel_28249447-0b83-47e6-bbdf-0d12e957777d","type":"visualization"},{"id":"9b879173-cdea-404a-9b6a-2265262cdf8b","name":"b9e24169-b405-447c-85d5-64ffdabece1c:panel_b9e24169-b405-447c-85d5-64ffdabece1c","type":"visualization"},{"id":"7d3f1ac4-6bbf-4a4a-a0d1-9f7f7e5f33c4","name":"5ceb404e-a60c-4a8f-a4da-dd2cb22debf1:panel_5ceb404e-a60c-4a8f-a4da-dd2cb22debf1","type":"visualization"},{"id":"4548db6f-b142-4223-b4d9-58ab455b2f25","name":"6d753680-9786-484f-b946-7707c4981431:panel_6d753680-9786-484f-b946-7707c4981431","type":"visualization"},{"id":"93767e25-189b-40ae-84c5-21d9f801acbf","name":"c06c50f8-9530-446a-8abc-ae5641bc5862:panel_c06c50f8-9530-446a-8abc-ae5641bc5862","type":"visualization"},{"id":"8c45a1fa-6a2a-4dd8-a1de-131e1045100f","name":"44cbf109-3864-4299-aa15-c0214491ac13:panel_44cbf109-3864-4299-aa15-c0214491ac13","type":"visualization"},{"id":"78100c84-0bdc-4ccf-b7d1-ab154c008c35","name":"d29e3d8f-b1d4-49f7-b129-7a26e9cf701b:panel_d29e3d8f-b1d4-49f7-b129-7a26e9cf701b","type":"visualization"},{"id":"e85f932f-548b-4239-a282-55399b6e6bdd","name":"f3e1fd4e-37f0-43d5-a6e0-3be7456b5bbb:panel_f3e1fd4e-37f0-43d5-a6e0-3be7456b5bbb","type":"visualization"},{"id":"2a974000-47a6-404e-ac3c-37667c202cbd","name":"c868ffe5-756d-4654-bc1b-7f2d617f3c19:panel_c868ffe5-756d-4654-bc1b-7f2d617f3c19","type":"visualization"}],"sort":[1675811601479,14425],"type":"dashboard","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY3MzMsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Flow Record Count (src/dst) - TSVB (metric)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Flow Record Count (src/dst) - TSVB (metric)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"243e6f91-2230-4e05-bcdd-3fb4a0941bab\",\"type\":\"metric\",\"series\":[{\"id\":\"51ea642f-d1a5-4d80-963e-5990c33fc8e0\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\",\"type\":\"count\",\"field\":\"flow.conversation.id\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Flow Records\",\"filter\":{\"query\":\"\",\"language\":\"kuery\"}}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-ecs-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"background_color_rules\":[{\"id\":\"a075e039-575f-4c8b-b940-2e884eba28aa\"}],\"time_range_mode\":\"entire_time_range\",\"filter\":{\"query\":\"source.ip: * and destination.ip: *\",\"language\":\"kuery\"},\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"e97e0990-94f9-46c8-8e5f-fbb9a41c4d6a","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,14426],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY3MzQsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Destination and Source ASs (bytes) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Destination and Source ASs (bytes) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Bytes\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.as.label\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination AS\"},\"schema\":\"segment\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.as.label\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source AS\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\"}}"},"coreMigrationVersion":"8.2.0","id":"ad2f6c5e-a563-46b4-8bac-bb1be0f29253","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1675811601479,14428],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY3MzUsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Top Services - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: Top Services - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Bytes\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"Packets\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Flow Records\"},\"schema\":\"metric\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.server.l4.port.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":99,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Top Services\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"c4c9bc7c-7859-4cf9-8184-8e5d4085effa","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1675811601479,14430],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY3MzYsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Exporter, Locality, Application - input list","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Exporter, Locality, Application - input list\",\"type\":\"input_control_vis\",\"aggs\":[],\"params\":{\"controls\":[{\"id\":\"1607868729183\",\"fieldName\":\"host.name\",\"parent\":\"\",\"label\":\"Flow Exporter\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":1000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_0_index_pattern\"},{\"id\":\"1607868774014\",\"fieldName\":\"flow.locality\",\"parent\":\"\",\"label\":\"Traffic Locality\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":5,\"order\":\"desc\"},\"indexPatternRefName\":\"control_1_index_pattern\"},{\"id\":\"1607868835824\",\"fieldName\":\"network.application\",\"parent\":\"\",\"label\":\"Application\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":1000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_2_index_pattern\"}],\"updateFiltersOnChange\":true,\"useTimeFilter\":true,\"pinFilters\":true}}"},"coreMigrationVersion":"8.2.0","id":"4329a6be-3c41-434c-b55b-9d1cfd98e404","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"control_0_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"control_1_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"control_2_index_pattern","type":"index-pattern"}],"sort":[1675811601479,14434],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY3MzcsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Throughput/Source AS (bits/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/Source AS (bits/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"243e6f91-2230-4e05-bcdd-3fb4a0941bab\",\"type\":\"timeseries\",\"series\":[{\"id\":\"51ea642f-d1a5-4d80-963e-5990c33fc8e0\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\",\"type\":\"sum\",\"field\":\"network.bytes\"},{\"id\":\"6a8fef1c-81ba-4dc7-9707-418a50286686\",\"type\":\"calculation\",\"variables\":[{\"id\":\"99002288-db72-4bdf-a45f-ab3f6fd9def5\",\"name\":\"bytes\",\"field\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\"},{\"id\":\"421e0fdf-4321-44f1-bb3e-439c1e13ed98\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"be634496-f50c-476b-b941-f643e4e5e302\",\"type\":\"sum\",\"field\":\"network.bytes\"},{\"id\":\"ad71e075-6b32-48d3-9166-56de5602e828\",\"type\":\"calculation\",\"variables\":[{\"id\":\"6444c352-97d0-411f-a9cb-84d693544965\",\"name\":\"bytes\",\"field\":\"be634496-f50c-476b-b941-f643e4e5e302\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Autonomous Systems\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\",\"terms_field\":\"flow.src.as.label\",\"terms_size\":\"25\",\"terms_order_by\":\"be634496-f50c-476b-b941-f643e4e5e302\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-ecs-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"filter\":{\"query\":\"flow.src.as.label : * \",\"language\":\"kuery\"},\"axis_min\":\"0\",\"use_kibana_indexes\":false,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"bdf89d0a-76fc-46b8-9d9e-85cb5f3ed05f","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,14435],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY3MzgsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Throughput/Ingress Interface (pkts/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/Ingress Interface (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"243e6f91-2230-4e05-bcdd-3fb4a0941bab\",\"type\":\"timeseries\",\"series\":[{\"id\":\"51ea642f-d1a5-4d80-963e-5990c33fc8e0\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\",\"type\":\"sum\",\"field\":\"network.packets\"},{\"id\":\"0205c28c-ac98-4eba-82a8-11f48d759bf1\",\"type\":\"math\",\"variables\":[{\"id\":\"8db4a7f5-ded8-4d80-9057-f8ac6e769688\",\"name\":\"packets\",\"field\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\"},{\"id\":\"421e0fdf-4321-44f1-bb3e-439c1e13ed98\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"be634496-f50c-476b-b941-f643e4e5e302\",\"type\":\"sum\",\"field\":\"network.packets\"},{\"id\":\"f22b2df3-5eda-4156-b7a6-e1f8a2b5341d\",\"type\":\"math\",\"variables\":[{\"id\":\"1b3d5332-474b-460c-9457-bcd1c8283862\",\"name\":\"packets\",\"field\":\"be634496-f50c-476b-b941-f643e4e5e302\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Interfaces\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\",\"terms_field\":\"observer.ingress.interface.name\",\"terms_size\":\"25\",\"terms_order_by\":\"be634496-f50c-476b-b941-f643e4e5e302\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-ecs-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"filter\":{\"query\":\"observer.ingress.interface.name: * \",\"language\":\"kuery\"},\"axis_min\":\"0\",\"use_kibana_indexes\":false,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"c882af07-d8a9-4df2-a64c-07ef0a9a7ac5","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,14436],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY3MzksMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"terms\":{\"network.transport\":[\"icmp\",\"ipv6-icmp\"]}},{\"term\":{\"source.as.organization.name\":\"PRIVATE\"}},{\"term\":{\"destination.as.organization.name\":\"PRIVATE\"}}]},\"meta\":{\"alias\":\"ICMP Private\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"terms\\\":{\\\"network.transport\\\":[\\\"icmp\\\",\\\"ipv6-icmp\\\"]}},{\\\"term\\\":{\\\"source.as.organization.name\\\":\\\"PRIVATE\\\"}},{\\\"term\\\":{\\\"destination.as.organization.name\\\":\\\"PRIVATE\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): ICMP Sources (Private) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: ICMP Sources (Private) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"source.ip\",\"customLabel\":\"Sources\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"aecd5437-cede-4e51-aaeb-3d8e1cd64964","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1675811601479,14439],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY3NDAsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"term\":{\"server.as.organization.name\":\"PRIVATE\"}}],\"must_not\":[{\"term\":{\"client.as.organization.name\":\"PRIVATE\"}}]},\"meta\":{\"alias\":\"Inbound\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"term\\\":{\\\"server.as.organization.name\\\":\\\"PRIVATE\\\"}}],\\\"must_not\\\":[{\\\"term\\\":{\\\"client.as.organization.name\\\":\\\"PRIVATE\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Recon Port Scan (Inbound) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: Recon Port Scan (Inbound) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"server.port\",\"customLabel\":\"Ports\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"client.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"server.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"0c274fc4-e4c9-498e-9751-ded0d89449f2","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1675811601479,14442],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY3NDEsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Accessed Ports from Public IP - metric","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Accessed Ports from Public IP - metric\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"value\":0,\"id\":\"3374bc0c-cb5c-4fce-943a-f37049156236\",\"background_color\":\"rgba(204,204,204,1)\",\"operator\":\"gte\"},{\"value\":50,\"id\":\"c17422fd-f5ec-4ec6-b841-adaaa6a32d63\",\"background_color\":\"rgba(68,170,255,1)\",\"operator\":\"gte\"},{\"value\":500,\"id\":\"f581ce81-0463-4201-b122-a3d34fc5bee2\",\"background_color\":\"rgba(255,136,0,1)\",\"operator\":\"gte\"},{\"value\":5000,\"id\":\"0e11ceff-5cde-4958-a909-1a417e4c0e46\",\"background_color\":\"rgba(221,0,0,1)\",\"operator\":\"gte\"},{\"value\":null,\"id\":\"7f591c09-3e79-42f6-82c3-e8678baddd98\",\"background_color\":\"rgba(204,204,204,1)\",\"operator\":\"empty\"}],\"filter\":{\"query\":\"NOT client.as.organization.name: \\\"PRIVATE\\\"\",\"language\":\"kuery\"},\"id\":\"243e6f91-2230-4e05-bcdd-3fb4a0941bab\",\"index_pattern\":\"elastiflow-flow-ecs-*\",\"interval\":\"\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"number\",\"id\":\"51ea642f-d1a5-4d80-963e-5990c33fc8e0\",\"label\":\"Accessed Ports (Public)\",\"line_width\":1,\"metrics\":[{\"id\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\",\"type\":\"cardinality\",\"field\":\"server.port\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"kibana\",\"split_mode\":\"everything\",\"stacked\":\"none\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"time_range_mode\":\"entire_time_range\",\"tooltip_mode\":\"show_all\",\"type\":\"metric\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"a591fb11-2f08-402d-97c0-8fc95e29ed71","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,14443],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY3NDIsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"event.dataset\",\"negate\":false,\"params\":[\"ipfix\",\"netflow\"],\"type\":\"phrases\",\"value\":\"ipfix, netflow\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"event.dataset\":\"ipfix\"}},{\"match_phrase\":{\"event.dataset\":\"netflow\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"source.port\",\"negate\":false,\"params\":{\"query\":\"53\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"match_phrase\":{\"source.port\":\"53\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"network.transport\",\"negate\":false,\"params\":{\"query\":\"udp\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"match_phrase\":{\"network.transport\":\"udp\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): DNS Responses by Name Server - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: DNS Responses by Name Server - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"Responses\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":99,\"otherBucket\":true,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Name Server\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"1f0b5626-a4b5-46cd-9bcb-5849d8a80c75","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index","type":"index-pattern"}],"sort":[1675811601479,14448],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY3NDMsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): NAV - Autonomous Systems","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Autonomous Systems\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"time_range_mode\":\"last_value\",\"id\":\"243e6f91-2230-4e05-bcdd-3fb4a0941bab\",\"type\":\"markdown\",\"series\":[{\"time_range_mode\":\"entire_time_range\",\"id\":\"51ea642f-d1a5-4d80-963e-5990c33fc8e0\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*-ecs-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"markdown\":\"[Overview](#/dashboard/bbed16d8-b093-43a7-906a-c540bd306de6) | [Top-N](#/dashboard/6ffd0f89-824f-480e-bac3-6208b569a7c5) | [Core Services](#/dashboard/7bba2030-1878-4d50-a9c4-21372a9a3c73) | [Threats](#/dashboard/b9f81d8f-5f4a-4396-9372-de586cd9e67c) | [Flows](#/dashboard/d65172bd-25ad-445d-a6d7-c8c088993cdb) | [Graph](#/dashboard/428e8b89-92d5-4e7b-a83a-8379083a0874) | [Geo IP](#/dashboard/4d2f9e68-5019-4811-a3b6-081fd79db1e1) | [**AS Traffic**](#/dashboard/81f1a40e-98e5-4d15-bb0f-938a495f2af1) | [Exporters](#/dashboard/14d5dd97-4807-4267-9399-b5ced2d9abbe) | [Traffic Details](#/dashboard/fc15dfee-2dc4-4370-8cac-e6f9c73bcdf2) | [Flow Records](#/dashboard/31e00644-3a1e-4e11-9256-5f35aadd077c)\\n***\",\"markdown_css\":\"p{color:#aaaaaa;margin-top:0;margin-bottom:12px} p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none} p a strong{color:#1ba9f5;font-weight:bold} hr{background-color:#aaaaaa;margin:0;height:1px} a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1,\"truncate_legend\":1,\"max_lines_legend\":1}}"},"coreMigrationVersion":"8.2.0","id":"c04bfae0-6df5-4ccc-acc5-387a6d20f1aa","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,14449],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY3NDQsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): NAV - Autonomous Systems (src/dst)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow (flow): NAV - Autonomous Systems (src/dst)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"time_range_mode\":\"last_value\",\"id\":\"243e6f91-2230-4e05-bcdd-3fb4a0941bab\",\"type\":\"markdown\",\"series\":[{\"time_range_mode\":\"entire_time_range\",\"id\":\"51ea642f-d1a5-4d80-963e-5990c33fc8e0\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*-ecs-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"markdown\":\"[Client/Server](#/dashboard/81f1a40e-98e5-4d15-bb0f-938a495f2af1) | [**Src/Dst**](#/dashboard/3b8f4e10-40c3-49eb-8a06-b3cf38239d54) | [AS-Path Hops](#/dashboard/ae9fd5a6-4145-4604-b96b-d8b34c5300b3)\\n***\",\"markdown_css\":\"p{color:#aaaaaa;margin-top:0;margin-bottom:12px} p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none} p a strong{color:#1ba9f5;font-weight:bold} hr{background-color:#aaaaaa;margin:0;height:1px} a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1,\"truncate_legend\":1,\"max_lines_legend\":1}}"},"coreMigrationVersion":"8.2.0","id":"f5418330-3d66-473d-b437-6bc3803c7ab2","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,14450],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY3NDUsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Throughput/Destination AS (bits/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/Destination AS (bits/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"243e6f91-2230-4e05-bcdd-3fb4a0941bab\",\"type\":\"timeseries\",\"series\":[{\"id\":\"51ea642f-d1a5-4d80-963e-5990c33fc8e0\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\",\"type\":\"sum\",\"field\":\"network.bytes\"},{\"id\":\"6a8fef1c-81ba-4dc7-9707-418a50286686\",\"type\":\"calculation\",\"variables\":[{\"id\":\"99002288-db72-4bdf-a45f-ab3f6fd9def5\",\"name\":\"bytes\",\"field\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\"},{\"id\":\"421e0fdf-4321-44f1-bb3e-439c1e13ed98\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"be634496-f50c-476b-b941-f643e4e5e302\",\"type\":\"sum\",\"field\":\"network.bytes\"},{\"id\":\"ad71e075-6b32-48d3-9166-56de5602e828\",\"type\":\"calculation\",\"variables\":[{\"id\":\"6444c352-97d0-411f-a9cb-84d693544965\",\"name\":\"bytes\",\"field\":\"be634496-f50c-476b-b941-f643e4e5e302\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Autonomous Systems\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\",\"terms_field\":\"flow.dst.as.label\",\"terms_size\":\"25\",\"terms_order_by\":\"be634496-f50c-476b-b941-f643e4e5e302\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-ecs-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"filter\":{\"query\":\"flow.dst.as.label : * \",\"language\":\"kuery\"},\"axis_min\":\"0\",\"use_kibana_indexes\":false,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"d68fd491-6269-41ee-af10-eb5469033260","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,14451],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY3NDYsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Throughput/Source AS (pkts/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/Source AS (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"243e6f91-2230-4e05-bcdd-3fb4a0941bab\",\"type\":\"timeseries\",\"series\":[{\"id\":\"51ea642f-d1a5-4d80-963e-5990c33fc8e0\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\",\"type\":\"sum\",\"field\":\"network.packets\"},{\"id\":\"d25b00b1-8e3a-40ac-8613-94a842b4cc30\",\"type\":\"math\",\"variables\":[{\"id\":\"6c5838d4-dd6e-43e2-87f7-1d2123a5bd31\",\"name\":\"packets\",\"field\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\"},{\"id\":\"421e0fdf-4321-44f1-bb3e-439c1e13ed98\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"be634496-f50c-476b-b941-f643e4e5e302\",\"type\":\"sum\",\"field\":\"network.packets\"},{\"id\":\"1d23a511-9c04-41d0-8c8d-9540a0d00fd0\",\"type\":\"math\",\"variables\":[{\"id\":\"a93f97e5-0d6f-4280-b402-303396d04854\",\"name\":\"packets\",\"field\":\"be634496-f50c-476b-b941-f643e4e5e302\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Autonomous Systems\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\",\"terms_field\":\"flow.src.as.label\",\"terms_size\":\"25\",\"terms_order_by\":\"be634496-f50c-476b-b941-f643e4e5e302\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-ecs-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"filter\":{\"query\":\"flow.src.as.label: * \",\"language\":\"kuery\"},\"axis_min\":\"0\",\"use_kibana_indexes\":false,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"f4bccafe-7283-42f4-a8e0-4aa817bc3da1","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,14452],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY3NDcsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Throughput/Destination AS (pkts/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/Destination AS (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"243e6f91-2230-4e05-bcdd-3fb4a0941bab\",\"type\":\"timeseries\",\"series\":[{\"id\":\"51ea642f-d1a5-4d80-963e-5990c33fc8e0\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\",\"type\":\"sum\",\"field\":\"network.packets\"},{\"id\":\"4daf35a7-91fc-40b8-afc3-4304b967b2e2\",\"type\":\"math\",\"variables\":[{\"id\":\"272b0b92-7834-44b8-b922-ec036b0baf31\",\"name\":\"packets\",\"field\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\"},{\"id\":\"421e0fdf-4321-44f1-bb3e-439c1e13ed98\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"be634496-f50c-476b-b941-f643e4e5e302\",\"type\":\"sum\",\"field\":\"network.packets\"},{\"id\":\"dc46c8f5-2609-447b-9c9f-e6c6e9e7dd64\",\"type\":\"math\",\"variables\":[{\"id\":\"03d1bbee-319b-4504-bf91-bd5d5338fc87\",\"name\":\"packets\",\"field\":\"be634496-f50c-476b-b941-f643e4e5e302\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Autonomous Systems\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\",\"terms_field\":\"flow.dst.as.label\",\"terms_size\":\"25\",\"terms_order_by\":\"be634496-f50c-476b-b941-f643e4e5e302\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-ecs-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"filter\":{\"query\":\"flow.dst.as.label: * \",\"language\":\"kuery\"},\"axis_min\":\"0\",\"use_kibana_indexes\":false,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"2a990a12-3dd9-4352-84ff-c30416aa03e7","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,14453],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY3NDgsMl0="}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":false}","panelsJSON":"[{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":28,\"h\":4,\"i\":\"fbb0193b-390f-41c3-9b98-6b3ab79f66a1\"},\"panelIndex\":\"fbb0193b-390f-41c3-9b98-6b3ab79f66a1\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_fbb0193b-390f-41c3-9b98-6b3ab79f66a1\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":28,\"y\":0,\"w\":15,\"h\":4,\"i\":\"6cd57eaa-f16b-4acd-9ea1-d045ff052bd5\"},\"panelIndex\":\"6cd57eaa-f16b-4acd-9ea1-d045ff052bd5\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_6cd57eaa-f16b-4acd-9ea1-d045ff052bd5\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":43,\"y\":0,\"w\":5,\"h\":4,\"i\":\"c942cf30-2ce5-440b-a136-e9095c68dbc6\"},\"panelIndex\":\"c942cf30-2ce5-440b-a136-e9095c68dbc6\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_c942cf30-2ce5-440b-a136-e9095c68dbc6\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":4,\"w\":48,\"h\":5,\"i\":\"7ebe60a4-3e4e-4153-8427-45c166527feb\"},\"panelIndex\":\"7ebe60a4-3e4e-4153-8427-45c166527feb\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_7ebe60a4-3e4e-4153-8427-45c166527feb\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":9,\"w\":24,\"h\":16,\"i\":\"2dcae555-abae-4abc-bd3c-2bf9fbe9f629\"},\"panelIndex\":\"2dcae555-abae-4abc-bd3c-2bf9fbe9f629\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Source AS (bits/s)\",\"panelRefName\":\"panel_2dcae555-abae-4abc-bd3c-2bf9fbe9f629\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":9,\"w\":24,\"h\":16,\"i\":\"3f738ff5-f778-420e-89c9-0a5c78e6d83b\"},\"panelIndex\":\"3f738ff5-f778-420e-89c9-0a5c78e6d83b\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Destination AS (bits/s)\",\"panelRefName\":\"panel_3f738ff5-f778-420e-89c9-0a5c78e6d83b\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":25,\"w\":24,\"h\":16,\"i\":\"cb156f85-7751-4aec-93b1-34b84633fb21\"},\"panelIndex\":\"cb156f85-7751-4aec-93b1-34b84633fb21\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Source AS (pkts/s)\",\"panelRefName\":\"panel_cb156f85-7751-4aec-93b1-34b84633fb21\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":25,\"w\":24,\"h\":16,\"i\":\"007d125f-8c3f-4fde-aa8d-21dc68ec0b8b\"},\"panelIndex\":\"007d125f-8c3f-4fde-aa8d-21dc68ec0b8b\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Destination AS (pkts/s)\",\"panelRefName\":\"panel_007d125f-8c3f-4fde-aa8d-21dc68ec0b8b\"}]","timeRestore":false,"title":"ElastiFlow (flow): AS Traffic (src/dst)","version":1},"coreMigrationVersion":"8.2.0","id":"3b8f4e10-40c3-49eb-8a06-b3cf38239d54","migrationVersion":{"dashboard":"8.2.0"},"references":[{"id":"c04bfae0-6df5-4ccc-acc5-387a6d20f1aa","name":"fbb0193b-390f-41c3-9b98-6b3ab79f66a1:panel_fbb0193b-390f-41c3-9b98-6b3ab79f66a1","type":"visualization"},{"id":"f5418330-3d66-473d-b437-6bc3803c7ab2","name":"6cd57eaa-f16b-4acd-9ea1-d045ff052bd5:panel_6cd57eaa-f16b-4acd-9ea1-d045ff052bd5","type":"visualization"},{"id":"b3a59822-c752-45ed-b321-fe35aa1edda7","name":"c942cf30-2ce5-440b-a136-e9095c68dbc6:panel_c942cf30-2ce5-440b-a136-e9095c68dbc6","type":"visualization"},{"id":"ee149178-3ffe-431b-9775-a0a0c139b04f","name":"7ebe60a4-3e4e-4153-8427-45c166527feb:panel_7ebe60a4-3e4e-4153-8427-45c166527feb","type":"visualization"},{"id":"bdf89d0a-76fc-46b8-9d9e-85cb5f3ed05f","name":"2dcae555-abae-4abc-bd3c-2bf9fbe9f629:panel_2dcae555-abae-4abc-bd3c-2bf9fbe9f629","type":"visualization"},{"id":"d68fd491-6269-41ee-af10-eb5469033260","name":"3f738ff5-f778-420e-89c9-0a5c78e6d83b:panel_3f738ff5-f778-420e-89c9-0a5c78e6d83b","type":"visualization"},{"id":"f4bccafe-7283-42f4-a8e0-4aa817bc3da1","name":"cb156f85-7751-4aec-93b1-34b84633fb21:panel_cb156f85-7751-4aec-93b1-34b84633fb21","type":"visualization"},{"id":"2a990a12-3dd9-4352-84ff-c30416aa03e7","name":"007d125f-8c3f-4fde-aa8d-21dc68ec0b8b:panel_007d125f-8c3f-4fde-aa8d-21dc68ec0b8b","type":"visualization"}],"sort":[1675811601479,14462],"type":"dashboard","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY3NDksMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Client/Server (graph) - input list","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Client/Server (graph) - input list\",\"type\":\"input_control_vis\",\"aggs\":[],\"params\":{\"controls\":[{\"id\":\"1607868729183\",\"fieldName\":\"host.name\",\"parent\":\"\",\"label\":\"Flow Exporter\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":false,\"size\":1000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_0_index_pattern\"},{\"id\":\"1607868774014\",\"fieldName\":\"client.domain\",\"parent\":\"\",\"label\":\"Client\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":false,\"size\":5000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_1_index_pattern\"},{\"id\":\"1607868810362\",\"fieldName\":\"server.domain\",\"parent\":\"\",\"label\":\"Server\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":false,\"size\":5000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_2_index_pattern\"},{\"id\":\"1675028333285\",\"fieldName\":\"network.transport\",\"parent\":\"\",\"label\":\"Layer-4 Protocol\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":false,\"size\":250,\"order\":\"desc\"},\"indexPatternRefName\":\"control_3_index_pattern\"},{\"id\":\"1607868835824\",\"fieldName\":\"flow.server.l4.port.name\",\"parent\":\"\",\"label\":\"Service\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":false,\"size\":1000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_4_index_pattern\"},{\"id\":\"1619032196248\",\"fieldName\":\"l4.session.established\",\"parent\":\"\",\"label\":\"Session Established\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":false,\"size\":3,\"order\":\"desc\"},\"indexPatternRefName\":\"control_5_index_pattern\"},{\"id\":\"1675028472647\",\"fieldName\":\"sec.threat.name\",\"parent\":\"\",\"label\":\"Threat\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":false,\"size\":250,\"order\":\"desc\"},\"indexPatternRefName\":\"control_6_index_pattern\"}],\"updateFiltersOnChange\":true,\"useTimeFilter\":true,\"pinFilters\":true}}"},"coreMigrationVersion":"8.2.0","id":"c5430802-97d5-4a43-84ac-bb751e6f222b","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"control_0_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"control_1_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"control_2_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"control_3_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"control_4_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"control_5_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"control_6_index_pattern","type":"index-pattern"}],"sort":[1675811601479,14470],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY3NTAsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Flows (client/server) - Vega (directed graph)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Flows (client/server) - Vega (directed graph)\",\"type\":\"vega\",\"aggs\":[],\"params\":{\"spec\":\"{\\n  \\\"$schema\\\": \\\"https://vega.github.io/schema/vega/v5.json\\\",\\n  \\\"description\\\": \\\"Copyright (C)2022 ElastiFlow Inc.\\\",\\n  \\\"autosize\\\": \\\"fit\\\",\\n  \\n  \\\"data\\\": [\\n    {\\n      \\\"name\\\": \\\"flows\\\",\\n      \\\"url\\\": {\\n        \\\"%context%\\\": true,\\n        \\\"%timefield%\\\": \\\"@timestamp\\\",\\n        \\\"index\\\": \\\"elastiflow-flow-ecs-*\\\",\\n        \\\"body\\\": {\\n          \\\"size\\\": 0,\\n          \\\"aggs\\\": {\\n            \\\"table\\\": {\\n              \\\"composite\\\": {\\n                \\\"size\\\": 384,\\n                \\\"sources\\\": [{\\n                    \\\"client\\\": {\\n                      \\\"terms\\\": {\\n                        \\\"field\\\": \\\"client.domain\\\"\\n                      }\\n                    }\\n                  },\\n                  {\\n                    \\\"server\\\": {\\n                      \\\"terms\\\": {\\n                        \\\"field\\\": \\\"server.domain\\\"\\n                      }\\n                    }\\n                  }\\n                ]\\n              },\\n              \\\"aggs\\\": {\\n                \\\"flow_bytes\\\": {\\n                  \\\"sum\\\": {\\n                    \\\"field\\\": \\\"network.bytes\\\"\\n                  }\\n                },\\n                \\\"flow_packets\\\": {\\n                  \\\"sum\\\": {\\n                    \\\"field\\\": \\\"network.packets\\\"\\n                  }\\n                }\\n              }\\n            }\\n          }\\n        }\\n      },\\n      \\\"format\\\": {\\n        \\\"property\\\": \\\"aggregations.table.buckets\\\"\\n      },\\n      \\\"transform\\\": [\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.key.client\\\",\\n          \\\"as\\\": \\\"source\\\"\\n        },\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.key.server\\\",\\n          \\\"as\\\": \\\"target\\\"\\n        },\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.flow_bytes.value\\\",\\n          \\\"as\\\": \\\"bytes\\\"\\n        },\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.flow_packets.value\\\",\\n          \\\"as\\\": \\\"packets\\\"\\n        }\\n      ]\\n    },\\n\\n    {\\n      \\\"name\\\": \\\"endpoints\\\",\\n      \\\"source\\\": \\\"flows\\\",\\n      \\\"transform\\\": [\\n        {\\n          \\\"type\\\": \\\"fold\\\",\\n          \\\"fields\\\": [\\\"source\\\", \\\"target\\\"],\\n          \\\"as\\\": [\\\"stack\\\", \\\"key\\\"]\\n        },\\n        {\\n          \\\"type\\\": \\\"aggregate\\\",\\n          \\\"groupby\\\": [\\\"key\\\"],\\n          \\\"fields\\\": [\\\"doc_count\\\", \\\"bytes\\\", \\\"packets\\\"],\\n          \\\"ops\\\": [\\\"sum\\\", \\\"sum\\\", \\\"sum\\\"],\\n          \\\"as\\\": [\\\"doc_count\\\", \\\"bytes\\\", \\\"packets\\\"]\\n        }\\n      ]\\n    },\\n\\n    {\\n      \\\"name\\\": \\\"traffic\\\",\\n      \\\"source\\\": \\\"flows\\\",\\n      \\\"transform\\\": [\\n        {\\n          \\\"type\\\": \\\"aggregate\\\",\\n          \\\"groupby\\\": [\\\"source\\\", \\\"target\\\"],\\n          \\\"fields\\\": [\\\"doc_count\\\", \\\"bytes\\\", \\\"packets\\\"],\\n          \\\"ops\\\": [\\\"sum\\\", \\\"sum\\\", \\\"sum\\\"],\\n          \\\"as\\\": [\\\"doc_count\\\", \\\"bytes\\\", \\\"packets\\\"]\\n        }\\n      ]\\n    }\\n  ],\\n\\n  \\\"scales\\\": [\\n    {\\n      \\\"name\\\": \\\"endpointBytesScale\\\",\\n      \\\"type\\\": \\\"quantile\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"endpoints\\\", \\\"field\\\": \\\"bytes\\\"},\\n      \\\"range\\\": [128,192,256,320,384,448,512,576,640,768,896,1024]\\n    },\\n    {\\n      \\\"name\\\": \\\"fontsizeEndpointBytesScale\\\",\\n      \\\"type\\\": \\\"quantile\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"endpoints\\\", \\\"field\\\": \\\"bytes\\\"},\\n      \\\"range\\\": [0,0,0,0,0,0,0,12]\\n    },\\n    {\\n      \\\"name\\\": \\\"colorEndpointsBytesBlues\\\",\\n      \\\"type\\\": \\\"quantile\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"endpoints\\\", \\\"field\\\": \\\"bytes\\\"},\\n      \\\"range\\\": [\\\"#99ddff\\\", \\\"#80d4ff\\\", \\\"#66ccff\\\", \\\"#33bbff\\\", \\\"#00aaff\\\", \\\"#0099e6\\\"]\\n    },\\n    {\\n      \\\"name\\\": \\\"colorEndpointsBytesLightBlues\\\",\\n      \\\"type\\\": \\\"quantile\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"endpoints\\\", \\\"field\\\": \\\"bytes\\\"},\\n      \\\"range\\\": [\\\"#e6f7ff\\\", \\\"#cceeff\\\", \\\"#b3e6ff\\\", \\\"#99ddff\\\"]\\n    },\\n    {\\n      \\\"name\\\": \\\"trafficBytesScale\\\",\\n      \\\"type\\\": \\\"quantile\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"traffic\\\", \\\"field\\\": \\\"bytes\\\"},\\n      \\\"range\\\": [1,2,3,4,6,8]\\n    },\\n    {\\n      \\\"name\\\": \\\"colorTrafficBytesGreys\\\",\\n      \\\"type\\\": \\\"quantile\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"traffic\\\", \\\"field\\\": \\\"bytes\\\"},\\n      \\\"range\\\": [\\\"#ddd\\\", \\\"#ccc\\\", \\\"#bbb\\\", \\\"#aaa\\\", \\\"#999\\\", \\\"#888\\\"]\\n    }\\n  ],\\n  \\n  \\\"signals\\\": [\\n    {\\n      \\\"name\\\": \\\"cx\\\",\\n      \\\"update\\\": \\\"width / 2\\\"\\n    },\\n    {\\n      \\\"name\\\": \\\"cy\\\",\\n      \\\"update\\\": \\\"height / 2\\\"\\n    },\\n    {\\n      \\\"name\\\": \\\"nodeCharge\\\",\\n      \\\"value\\\": -128,\\n      \\\"bind\\\": {\\\"input\\\": \\\"range\\\", \\\"min\\\": -200, \\\"max\\\": 10, \\\"step\\\": 1}\\n    },\\n    {\\n      \\\"name\\\": \\\"linkDistance\\\",\\n      \\\"value\\\": 18,\\n      \\\"bind\\\": {\\\"input\\\": \\\"range\\\", \\\"min\\\": 8, \\\"max\\\": 64, \\\"step\\\": 1}\\n    },\\n    {\\n      \\\"name\\\": \\\"decay\\\",\\n      \\\"value\\\": 0.5,\\n      \\\"bind\\\": {\\\"input\\\": \\\"range\\\", \\\"min\\\": 0, \\\"max\\\": 1, \\\"step\\\": 0.01}\\n    },\\n    {\\n      \\\"name\\\": \\\"gravityX\\\",\\n      \\\"value\\\": 0.1,\\n      \\\"bind\\\": {\\\"input\\\": \\\"range\\\", \\\"min\\\": 0, \\\"max\\\": 1}\\n    },\\n    {\\n      \\\"name\\\": \\\"gravityY\\\",\\n      \\\"value\\\": 0.2,\\n      \\\"bind\\\": {\\\"input\\\": \\\"range\\\", \\\"min\\\": 0, \\\"max\\\": 1}\\n    },\\n    {\\n      \\\"name\\\": \\\"static\\\",\\n      \\\"value\\\": false,\\n      \\\"bind\\\": {\\\"input\\\": \\\"checkbox\\\"}\\n    },\\n    {\\n      \\\"name\\\": \\\"fix\\\",\\n      \\\"value\\\": false,\\n      \\\"on\\\": [\\n        {\\n          \\\"events\\\": \\\"symbol:mouseout[!event.buttons], window:mouseup\\\",\\n          \\\"update\\\": \\\"false\\\"\\n        },\\n        {\\n          \\\"events\\\": \\\"symbol:mouseover\\\",\\n          \\\"update\\\": \\\"fix || true\\\"\\n        },\\n        {\\n          \\\"events\\\": \\\"[symbol:mousedown, window:mouseup] > window:mousemove!\\\",\\n          \\\"update\\\": \\\"xy()\\\",\\n          \\\"force\\\": true\\n        }\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"node\\\",\\n      \\\"value\\\": null,\\n      \\\"on\\\": [\\n        {\\n          \\\"events\\\": \\\"symbol:mouseover\\\",\\n          \\\"update\\\": \\\"fix === true ? item() : node\\\"\\n        }\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"restart\\\",\\n      \\\"value\\\": false,\\n      \\\"on\\\": [\\n        {\\n          \\\"events\\\": {\\\"signal\\\": \\\"fix\\\"}, \\\"update\\\": \\\"fix && fix.length\\\"\\n        }\\n      ]\\n    }\\n  ],\\n  \\n  \\\"marks\\\": [\\n    {\\n      \\\"name\\\": \\\"nodes\\\",\\n      \\\"type\\\": \\\"symbol\\\",\\n      \\\"zindex\\\": 1,\\n      \\\"from\\\": {\\\"data\\\": \\\"endpoints\\\"},\\n      \\\"on\\\": [\\n        {\\n          \\\"trigger\\\": \\\"fix\\\",\\n          \\\"modify\\\": \\\"node\\\",\\n          \\\"values\\\": \\\"fix === true ? {fx: node.x, fy: node.y} : {fx: fix[0], fy: fix[1]}\\\"\\n        },\\n        {\\\"trigger\\\": \\\"!fix\\\", \\\"modify\\\": \\\"node\\\", \\\"values\\\": \\\"{fx: null, fy: null}\\\"}\\n      ],\\n      \\\"encode\\\": {\\n        \\\"enter\\\": {\\n          \\\"fill\\\": {\\\"scale\\\": \\\"colorEndpointsBytesBlues\\\", \\\"field\\\": \\\"bytes\\\"},\\n          \\\"stroke\\\": {\\\"scale\\\": \\\"colorEndpointsBytesLightBlues\\\", \\\"field\\\": \\\"bytes\\\"},\\n          \\\"xfocus\\\": {\\\"signal\\\": \\\"cx\\\"},\\n          \\\"yfocus\\\": {\\\"signal\\\": \\\"cy\\\"}\\n        },\\n        \\\"update\\\": {\\n          \\\"size\\\": {\\\"scale\\\": \\\"endpointBytesScale\\\", \\\"field\\\": \\\"bytes\\\"},\\n          \\\"cursor\\\": {\\\"value\\\": \\\"pointer\\\"}\\n        },\\n        \\\"hover\\\": {\\n          \\\"tooltip\\\": {\\n            \\\"signal\\\": \\\"datum.key + ' (Bytes: ' + format(datum.bytes, '.2s') + ', Packets: ' + datum.packets + ', Records: ' + datum.doc_count + ')'\\\"\\n          }\\n        }\\n      },\\n      \\\"transform\\\": [\\n        {\\n          \\\"type\\\": \\\"force\\\",\\n          \\\"iterations\\\": 160,\\n          \\\"velocityDecay\\\": {\\n            \\\"signal\\\": \\\"decay\\\"\\n          },\\n          \\\"restart\\\": {\\\"signal\\\": \\\"restart\\\"},\\n          \\\"static\\\": {\\\"signal\\\": \\\"static\\\"},\\n          \\\"signal\\\": \\\"force\\\",\\n          \\\"forces\\\": [\\n            {\\\"force\\\": \\\"center\\\", \\\"x\\\": {\\\"signal\\\": \\\"cx\\\"}, \\\"y\\\": {\\\"signal\\\": \\\"cy\\\"}},\\n            {\\\"force\\\": \\\"x\\\", \\\"x\\\": \\\"xfocus\\\", \\\"strength\\\": {\\\"signal\\\": \\\"gravityX\\\"}},\\n            {\\\"force\\\": \\\"y\\\", \\\"y\\\": \\\"yfocus\\\", \\\"strength\\\": {\\\"signal\\\": \\\"gravityY\\\"}},\\n            {\\\"force\\\": \\\"collide\\\", \\\"radius\\\": {\\\"signal\\\": \\\"linkDistance\\\"}},\\n            {\\\"force\\\": \\\"nbody\\\", \\\"strength\\\": {\\\"signal\\\": \\\"nodeCharge\\\"}},\\n            {\\\"force\\\": \\\"link\\\", \\\"links\\\": \\\"traffic\\\", \\\"id\\\": \\\"datum.key\\\", \\\"distance\\\": {\\\"signal\\\": \\\"linkDistance\\\"}}\\n          ]\\n        }\\n      ]\\n    },\\n    {\\n      \\\"type\\\": \\\"text\\\",\\n      \\\"zindex\\\": 2,\\n      \\\"from\\\": {\\\"data\\\": \\\"nodes\\\"},\\n      \\\"interactive\\\": false,\\n      \\\"encode\\\": {\\n        \\\"enter\\\": {\\n          \\\"fill\\\": {\\\"value\\\": \\\"black\\\"},\\n          \\\"fontSize\\\": {\\\"scale\\\": \\\"fontsizeEndpointBytesScale\\\", \\\"field\\\": \\\"datum.bytes\\\"}\\n        },\\n        \\\"update\\\": {\\n          \\\"y\\\": {\\\"field\\\": \\\"y\\\", \\\"offset\\\": {\\\"signal\\\": \\\"sqrt(datum.size/2) * 1.3\\\"}},\\n          \\\"x\\\": {\\\"field\\\": \\\"x\\\"},\\n          \\\"text\\\": {\\\"field\\\": \\\"datum.key\\\"},\\n          \\\"align\\\": {\\\"value\\\": \\\"center\\\"}\\n        }\\n      }\\n    },\\n    {\\n      \\\"name\\\": \\\"paths\\\",\\n      \\\"type\\\": \\\"path\\\",\\n      \\\"from\\\": {\\\"data\\\": \\\"traffic\\\"},\\n      \\\"interactive\\\": true,\\n      \\\"encode\\\": {\\n        \\\"update\\\": {\\n          \\\"stroke\\\": {\\\"scale\\\": \\\"colorTrafficBytesGreys\\\", \\\"field\\\": \\\"bytes\\\"},\\n          \\\"strokeWidth\\\": {\\\"scale\\\": \\\"trafficBytesScale\\\", \\\"field\\\": \\\"bytes\\\"}\\n        },\\n        \\\"hover\\\": {\\n          \\\"tooltip\\\": {\\n            \\\"signal\\\": \\\"'Bytes: ' + format(datum.bytes, '.2s') + ', Packets: ' + datum.packets + ', Records: ' + datum.doc_count\\\"\\n          }\\n        }\\n      },\\n      \\\"transform\\\": [\\n        {\\n          \\\"type\\\": \\\"linkpath\\\",\\n          \\\"require\\\": {\\\"signal\\\": \\\"force\\\"},\\n          \\\"shape\\\": \\\"curve\\\",\\n          \\\"sourceX\\\": \\\"datum.source.x\\\",\\n          \\\"sourceY\\\": \\\"datum.source.y\\\",\\n          \\\"targetX\\\": \\\"datum.target.x\\\",\\n          \\\"targetY\\\": \\\"datum.target.y\\\"\\n        }\\n      ]\\n    }\\n  ]\\n}\\n\"}}"},"coreMigrationVersion":"8.2.0","id":"ffcfa3d4-eda9-45b3-adc8-0e78b66a2e49","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,14471],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY3NTEsMl0="}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"query\":{\"bool\":{\"should\":[{\"terms\":{\"source.ip\":[\"224.0.0.0/4\",\"ff00::/8\",\"255.255.255.255\"]}},{\"terms\":{\"destination.ip\":[\"224.0.0.0/4\",\"ff00::/8\",\"255.255.255.255\"]}}],\"minimum_should_match\":1}},\"meta\":{\"type\":\"custom\",\"disabled\":false,\"negate\":true,\"alias\":\"non-unicast IPs\",\"key\":\"query\",\"value\":\"{\\\"bool\\\":{\\\"should\\\":[{\\\"terms\\\":{\\\"source.ip\\\":[\\\"224.0.0.0/4\\\",\\\"ff00::/8\\\",\\\"255.255.255.255\\\"]}},{\\\"terms\\\":{\\\"destination.ip\\\":[\\\"224.0.0.0/4\\\",\\\"ff00::/8\\\",\\\"255.255.255.255\\\"]}}],\\\"minimum_should_match\\\":1}}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"$state\":{\"store\":\"appState\"}}]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":false}","panelsJSON":"[{\"version\":\"7.17.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":28,\"h\":4,\"i\":\"9b941667-5c3d-442b-a5df-322369d09b66\"},\"panelIndex\":\"9b941667-5c3d-442b-a5df-322369d09b66\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_9b941667-5c3d-442b-a5df-322369d09b66\"},{\"version\":\"7.17.0\",\"type\":\"visualization\",\"gridData\":{\"x\":28,\"y\":0,\"w\":15,\"h\":4,\"i\":\"f4edeb79-3a34-40d3-b9c5-b0aa7394dc03\"},\"panelIndex\":\"f4edeb79-3a34-40d3-b9c5-b0aa7394dc03\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_f4edeb79-3a34-40d3-b9c5-b0aa7394dc03\"},{\"version\":\"7.17.0\",\"type\":\"visualization\",\"gridData\":{\"x\":43,\"y\":0,\"w\":5,\"h\":4,\"i\":\"fa831312-1122-4a7f-8899-2ad2ddfa1bee\"},\"panelIndex\":\"fa831312-1122-4a7f-8899-2ad2ddfa1bee\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_fa831312-1122-4a7f-8899-2ad2ddfa1bee\"},{\"version\":\"7.17.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":4,\"w\":10,\"h\":37,\"i\":\"2fae49c4-11c1-49c7-b556-7fbd74eaca63\"},\"panelIndex\":\"2fae49c4-11c1-49c7-b556-7fbd74eaca63\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_2fae49c4-11c1-49c7-b556-7fbd74eaca63\"},{\"version\":\"7.17.0\",\"type\":\"visualization\",\"gridData\":{\"x\":10,\"y\":4,\"w\":38,\"h\":37,\"i\":\"565210b0-612e-4edf-b771-3ddb66705c4f\"},\"panelIndex\":\"565210b0-612e-4edf-b771-3ddb66705c4f\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_565210b0-612e-4edf-b771-3ddb66705c4f\"}]","timeRestore":false,"title":"ElastiFlow (flow): Graph (client/server)","version":1},"coreMigrationVersion":"8.2.0","id":"428e8b89-92d5-4e7b-a83a-8379083a0874","migrationVersion":{"dashboard":"8.2.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"392d40dc-85b5-41d8-a730-97bba5aec226","name":"9b941667-5c3d-442b-a5df-322369d09b66:panel_9b941667-5c3d-442b-a5df-322369d09b66","type":"visualization"},{"id":"99bb02dd-48ff-42e4-a2f2-7ff0d44a9138","name":"f4edeb79-3a34-40d3-b9c5-b0aa7394dc03:panel_f4edeb79-3a34-40d3-b9c5-b0aa7394dc03","type":"visualization"},{"id":"b3a59822-c752-45ed-b321-fe35aa1edda7","name":"fa831312-1122-4a7f-8899-2ad2ddfa1bee:panel_fa831312-1122-4a7f-8899-2ad2ddfa1bee","type":"visualization"},{"id":"c5430802-97d5-4a43-84ac-bb751e6f222b","name":"2fae49c4-11c1-49c7-b556-7fbd74eaca63:panel_2fae49c4-11c1-49c7-b556-7fbd74eaca63","type":"visualization"},{"id":"ffcfa3d4-eda9-45b3-adc8-0e78b66a2e49","name":"565210b0-612e-4edf-b771-3ddb66705c4f:panel_565210b0-612e-4edf-b771-3ddb66705c4f","type":"visualization"}],"sort":[1675811601479,14478],"type":"dashboard","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY3NTIsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): NAV - Top-N","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Top-N\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"time_range_mode\":\"last_value\",\"id\":\"243e6f91-2230-4e05-bcdd-3fb4a0941bab\",\"type\":\"markdown\",\"series\":[{\"time_range_mode\":\"entire_time_range\",\"id\":\"51ea642f-d1a5-4d80-963e-5990c33fc8e0\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*-ecs-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"markdown\":\"[Overview](#/dashboard/bbed16d8-b093-43a7-906a-c540bd306de6) | [**Top-N**](#/dashboard/6ffd0f89-824f-480e-bac3-6208b569a7c5) | [Core Services](#/dashboard/7bba2030-1878-4d50-a9c4-21372a9a3c73) | [Threats](#/dashboard/b9f81d8f-5f4a-4396-9372-de586cd9e67c) | [Flows](#/dashboard/d65172bd-25ad-445d-a6d7-c8c088993cdb) | [Graph](#/dashboard/428e8b89-92d5-4e7b-a83a-8379083a0874) | [Geo IP](#/dashboard/4d2f9e68-5019-4811-a3b6-081fd79db1e1) | [AS Traffic](#/dashboard/81f1a40e-98e5-4d15-bb0f-938a495f2af1) | [Exporters](#/dashboard/14d5dd97-4807-4267-9399-b5ced2d9abbe) | [Traffic Details](#/dashboard/fc15dfee-2dc4-4370-8cac-e6f9c73bcdf2) | [Flow Records](#/dashboard/31e00644-3a1e-4e11-9256-5f35aadd077c)\\n***\",\"markdown_css\":\"p{color:#aaaaaa;margin-top:0;margin-bottom:12px} p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none} p a strong{color:#1ba9f5;font-weight:bold} hr{background-color:#aaaaaa;margin:0;height:1px} a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1,\"truncate_legend\":1,\"max_lines_legend\":1}}"},"coreMigrationVersion":"8.2.0","id":"b7435d4b-4e85-4460-8cda-e4bea7a79cb2","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,14479],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY3NTMsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"destination.ip\",\"negate\":true,\"params\":{\"query\":\"255.255.255.255\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match_phrase\":{\"destination.ip\":\"255.255.255.255\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"source.port\",\"negate\":false,\"params\":{\"query\":\"68\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"match_phrase\":{\"source.port\":\"68\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"event.dataset\",\"negate\":false,\"params\":[\"ipfix\",\"netflow\"],\"type\":\"phrases\",\"value\":\"ipfix, netflow\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"event.dataset\":\"ipfix\"}},{\"match_phrase\":{\"event.dataset\":\"netflow\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"destination.port\",\"negate\":false,\"params\":{\"query\":\"67\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[3].meta.index\"},\"query\":{\"match_phrase\":{\"destination.port\":\"67\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"network.transport\",\"negate\":false,\"params\":{\"query\":\"udp\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[4].meta.index\"},\"query\":{\"match_phrase\":{\"network.transport\":\"udp\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): DHCP Requests by Client - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: DHCP Requests by Client - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"Req\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":99,\"otherBucket\":true,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"412475ef-7f6e-414c-b4d5-ceffb9768044","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[3].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[4].meta.index","type":"index-pattern"}],"sort":[1675811601479,14486],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY3NTQsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Throughput/Services (bits/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/Services (bits/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"243e6f91-2230-4e05-bcdd-3fb4a0941bab\",\"type\":\"timeseries\",\"series\":[{\"id\":\"51ea642f-d1a5-4d80-963e-5990c33fc8e0\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\",\"type\":\"sum\",\"field\":\"network.bytes\"},{\"id\":\"6a8fef1c-81ba-4dc7-9707-418a50286686\",\"type\":\"calculation\",\"variables\":[{\"id\":\"99002288-db72-4bdf-a45f-ab3f6fd9def5\",\"name\":\"bytes\",\"field\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\"},{\"id\":\"421e0fdf-4321-44f1-bb3e-439c1e13ed98\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"be634496-f50c-476b-b941-f643e4e5e302\",\"type\":\"sum\",\"field\":\"network.bytes\"},{\"id\":\"ad71e075-6b32-48d3-9166-56de5602e828\",\"type\":\"calculation\",\"variables\":[{\"id\":\"6444c352-97d0-411f-a9cb-84d693544965\",\"name\":\"bytes\",\"field\":\"be634496-f50c-476b-b941-f643e4e5e302\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Services\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\",\"terms_field\":\"flow.server.l4.port.name\",\"terms_size\":\"25\",\"terms_order_by\":\"be634496-f50c-476b-b941-f643e4e5e302\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-ecs-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"axis_min\":\"0\",\"use_kibana_indexes\":false,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"252eb2fb-a498-49a2-ac8a-c807f4942582","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,14487],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY3NTUsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"terms\":{\"network.transport\":[\"icmp\",\"ipv6-icmp\"]}},{\"term\":{\"icmp.type.name\":\"Echo\"}}],\"must_not\":[{\"term\":{\"source.as.organization.name\":\"PRIVATE\"}}]},\"meta\":{\"alias\":\"ICMP Echo Public\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"terms\\\":{\\\"network.transport\\\":[\\\"icmp\\\",\\\"ipv6-icmp\\\"]}},{\\\"term\\\":{\\\"icmp.type.name\\\":\\\"Echo\\\"}}],\\\"must_not\\\":[{\\\"term\\\":{\\\"source.as.organization.name\\\":\\\"PRIVATE\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): ICMP Echo (Public) - table","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: ICMP Echo (Public) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"destination.ip\",\"customLabel\":\"Pinged IPs\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":14,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"cef3dd34-2ca7-4f76-b2b7-330cb9a982bb","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1675811601479,14490],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY3NTYsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): NAV - Exporters (traffic)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Exporters (traffic)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"243e6f91-2230-4e05-bcdd-3fb4a0941bab\",\"type\":\"markdown\",\"series\":[{\"id\":\"51ea642f-d1a5-4d80-963e-5990c33fc8e0\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*-ecs-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"markdown\":\"[**Traffic**](#/dashboard/14d5dd97-4807-4267-9399-b5ced2d9abbe) | [Metrics](#/dashboard/e22f5d65-718a-461e-b824-9a9c167d973c)\\n***\",\"markdown_css\":\"p{color:#aaaaaa;margin-top:0;margin-bottom:12px} p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none} p a strong{color:#1ba9f5;font-weight:bold} hr{background-color:#aaaaaa;margin:0;height:1px} a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"2e6bb286-d9a0-4941-9bb5-5c9ba5f3cfcc","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,14491],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY3NTcsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): City Count - TSVB (metric)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: City Count - TSVB (metric)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"243e6f91-2230-4e05-bcdd-3fb4a0941bab\",\"type\":\"metric\",\"series\":[{\"id\":\"51ea642f-d1a5-4d80-963e-5990c33fc8e0\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\",\"type\":\"cardinality\",\"field\":\"geo.city.name\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Cities\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-ecs-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"background_color_rules\":[{\"id\":\"a075e039-575f-4c8b-b940-2e884eba28aa\"}],\"time_range_mode\":\"entire_time_range\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"9dec8c8e-f804-44fb-88ca-7d16dd02c04b","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,14492],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY3NTgsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Layer-4 Protocol (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow (flow): Layer-4 Protocol (flow records) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Records\",\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.transport\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Layer-4 Protocol\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"nestedLegend\":false,\"truncateLegend\":true,\"maxLegendLines\":1,\"emptySizeRatio\":0.3,\"legendSize\":180}}"},"coreMigrationVersion":"8.2.0","id":"60916b92-c39b-4b6c-8936-ce5ef87f5d94","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1675812789606,17190],"type":"visualization","updated_at":"2023-02-07T23:33:09.606Z","version":"Wzg4NTgsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): AS-Path Hops - Vega (directed graph)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow (flow): AS-Path Hops - Vega (directed graph)\",\"type\":\"vega\",\"aggs\":[],\"params\":{\"spec\":\"{\\n  \\\"$schema\\\": \\\"https://vega.github.io/schema/vega/v5.json\\\",\\n  \\\"description\\\": \\\"Copyright (C)2022 ElastiFlow Inc.\\\",\\n  \\\"autosize\\\": \\\"fit\\\",\\n  \\n  \\\"data\\\": [\\n    {\\n      \\\"name\\\": \\\"flows\\\",\\n      \\\"url\\\": {\\n        \\\"%context%\\\": true,\\n        \\\"%timefield%\\\": \\\"@timestamp\\\",\\n        \\\"index\\\": \\\"elastiflow-path-ecs-*\\\",\\n        \\\"body\\\": {\\n          \\\"size\\\": 0,\\n          \\\"aggs\\\": {\\n            \\\"table\\\": {\\n              \\\"composite\\\": {\\n                \\\"size\\\": 384,\\n                \\\"sources\\\": [{\\n                    \\\"client\\\": {\\n                      \\\"terms\\\": {\\n                        \\\"field\\\": \\\"hop.src.as.label\\\"\\n                      }\\n                    }\\n                  },\\n                  {\\n                    \\\"server\\\": {\\n                      \\\"terms\\\": {\\n                        \\\"field\\\": \\\"hop.dst.as.label\\\"\\n                      }\\n                    }\\n                  }\\n                ]\\n              },\\n              \\\"aggs\\\": {\\n                \\\"flow_bytes\\\": {\\n                  \\\"sum\\\": {\\n                    \\\"field\\\": \\\"network.bytes\\\"\\n                  }\\n                },\\n                \\\"flow_packets\\\": {\\n                  \\\"sum\\\": {\\n                    \\\"field\\\": \\\"network.packets\\\"\\n                  }\\n                }\\n              }\\n            }\\n          }\\n        }\\n      },\\n      \\\"format\\\": {\\n        \\\"property\\\": \\\"aggregations.table.buckets\\\"\\n      },\\n      \\\"transform\\\": [\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.key.client\\\",\\n          \\\"as\\\": \\\"source\\\"\\n        },\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.key.server\\\",\\n          \\\"as\\\": \\\"target\\\"\\n        },\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.flow_bytes.value\\\",\\n          \\\"as\\\": \\\"bytes\\\"\\n        },\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.flow_packets.value\\\",\\n          \\\"as\\\": \\\"packets\\\"\\n        }\\n      ]\\n    },\\n\\n    {\\n      \\\"name\\\": \\\"endpoints\\\",\\n      \\\"source\\\": \\\"flows\\\",\\n      \\\"transform\\\": [\\n        {\\n          \\\"type\\\": \\\"fold\\\",\\n          \\\"fields\\\": [\\\"source\\\", \\\"target\\\"],\\n          \\\"as\\\": [\\\"stack\\\", \\\"key\\\"]\\n        },\\n        {\\n          \\\"type\\\": \\\"aggregate\\\",\\n          \\\"groupby\\\": [\\\"key\\\"],\\n          \\\"fields\\\": [\\\"doc_count\\\", \\\"bytes\\\", \\\"packets\\\"],\\n          \\\"ops\\\": [\\\"sum\\\", \\\"sum\\\", \\\"sum\\\"],\\n          \\\"as\\\": [\\\"doc_count\\\", \\\"bytes\\\", \\\"packets\\\"]\\n        }\\n      ]\\n    },\\n\\n    {\\n      \\\"name\\\": \\\"traffic\\\",\\n      \\\"source\\\": \\\"flows\\\",\\n      \\\"transform\\\": [\\n        {\\n          \\\"type\\\": \\\"aggregate\\\",\\n          \\\"groupby\\\": [\\\"source\\\", \\\"target\\\"],\\n          \\\"fields\\\": [\\\"doc_count\\\", \\\"bytes\\\", \\\"packets\\\"],\\n          \\\"ops\\\": [\\\"sum\\\", \\\"sum\\\", \\\"sum\\\"],\\n          \\\"as\\\": [\\\"doc_count\\\", \\\"bytes\\\", \\\"packets\\\"]\\n        }\\n      ]\\n    }\\n  ],\\n\\n  \\\"scales\\\": [\\n    {\\n      \\\"name\\\": \\\"endpointBytesScale\\\",\\n      \\\"type\\\": \\\"quantile\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"endpoints\\\", \\\"field\\\": \\\"bytes\\\"},\\n      \\\"range\\\": [128,192,256,320,384,448,512,576,640,768,896,1024]\\n    },\\n    {\\n      \\\"name\\\": \\\"fontsizeEndpointBytesScale\\\",\\n      \\\"type\\\": \\\"quantile\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"endpoints\\\", \\\"field\\\": \\\"bytes\\\"},\\n      \\\"range\\\": [0,0,0,0,0,0,0,12]\\n    },\\n    {\\n      \\\"name\\\": \\\"colorEndpointsBytesBlues\\\",\\n      \\\"type\\\": \\\"quantile\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"endpoints\\\", \\\"field\\\": \\\"bytes\\\"},\\n      \\\"range\\\": [\\\"#99ddff\\\", \\\"#80d4ff\\\", \\\"#66ccff\\\", \\\"#33bbff\\\", \\\"#00aaff\\\", \\\"#0099e6\\\"]\\n    },\\n    {\\n      \\\"name\\\": \\\"colorEndpointsBytesLightBlues\\\",\\n      \\\"type\\\": \\\"quantile\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"endpoints\\\", \\\"field\\\": \\\"bytes\\\"},\\n      \\\"range\\\": [\\\"#e6f7ff\\\", \\\"#cceeff\\\", \\\"#b3e6ff\\\", \\\"#99ddff\\\"]\\n    },\\n    {\\n      \\\"name\\\": \\\"trafficBytesScale\\\",\\n      \\\"type\\\": \\\"quantile\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"traffic\\\", \\\"field\\\": \\\"bytes\\\"},\\n      \\\"range\\\": [1,2,3,4,6,8]\\n    },\\n    {\\n      \\\"name\\\": \\\"colorTrafficBytesGreys\\\",\\n      \\\"type\\\": \\\"quantile\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"traffic\\\", \\\"field\\\": \\\"bytes\\\"},\\n      \\\"range\\\": [\\\"#ddd\\\", \\\"#ccc\\\", \\\"#bbb\\\", \\\"#aaa\\\", \\\"#999\\\", \\\"#888\\\"]\\n    }\\n  ],\\n  \\n  \\\"signals\\\": [\\n    {\\n      \\\"name\\\": \\\"cx\\\",\\n      \\\"update\\\": \\\"width / 2\\\"\\n    },\\n    {\\n      \\\"name\\\": \\\"cy\\\",\\n      \\\"update\\\": \\\"height / 2\\\"\\n    },\\n    {\\n      \\\"name\\\": \\\"nodeCharge\\\",\\n      \\\"value\\\": -128,\\n      \\\"bind\\\": {\\\"input\\\": \\\"range\\\", \\\"min\\\": -200, \\\"max\\\": 10, \\\"step\\\": 1}\\n    },\\n    {\\n      \\\"name\\\": \\\"linkDistance\\\",\\n      \\\"value\\\": 24,\\n      \\\"bind\\\": {\\\"input\\\": \\\"range\\\", \\\"min\\\": 8, \\\"max\\\": 64, \\\"step\\\": 1}\\n    },\\n    {\\n      \\\"name\\\": \\\"decay\\\",\\n      \\\"value\\\": 0.7,\\n      \\\"bind\\\": {\\\"input\\\": \\\"range\\\", \\\"min\\\": 0, \\\"max\\\": 1, \\\"step\\\": 0.01}\\n    },\\n    {\\n      \\\"name\\\": \\\"gravityX\\\",\\n      \\\"value\\\": 0.1,\\n      \\\"bind\\\": {\\\"input\\\": \\\"range\\\", \\\"min\\\": 0, \\\"max\\\": 1}\\n    },\\n    {\\n      \\\"name\\\": \\\"gravityY\\\",\\n      \\\"value\\\": 0.2,\\n      \\\"bind\\\": {\\\"input\\\": \\\"range\\\", \\\"min\\\": 0, \\\"max\\\": 1}\\n    },\\n    {\\n      \\\"name\\\": \\\"static\\\",\\n      \\\"value\\\": false,\\n      \\\"bind\\\": {\\\"input\\\": \\\"checkbox\\\"}\\n    },\\n    {\\n      \\\"name\\\": \\\"fix\\\",\\n      \\\"value\\\": false,\\n      \\\"on\\\": [\\n        {\\n          \\\"events\\\": \\\"symbol:mouseout[!event.buttons], window:mouseup\\\",\\n          \\\"update\\\": \\\"false\\\"\\n        },\\n        {\\n          \\\"events\\\": \\\"symbol:mouseover\\\",\\n          \\\"update\\\": \\\"fix || true\\\"\\n        },\\n        {\\n          \\\"events\\\": \\\"[symbol:mousedown, window:mouseup] > window:mousemove!\\\",\\n          \\\"update\\\": \\\"xy()\\\",\\n          \\\"force\\\": true\\n        }\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"node\\\",\\n      \\\"value\\\": null,\\n      \\\"on\\\": [\\n        {\\n          \\\"events\\\": \\\"symbol:mouseover\\\",\\n          \\\"update\\\": \\\"fix === true ? item() : node\\\"\\n        }\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"restart\\\",\\n      \\\"value\\\": false,\\n      \\\"on\\\": [\\n        {\\n          \\\"events\\\": {\\\"signal\\\": \\\"fix\\\"}, \\\"update\\\": \\\"fix && fix.length\\\"\\n        }\\n      ]\\n    }\\n  ],\\n  \\n  \\\"marks\\\": [\\n    {\\n      \\\"name\\\": \\\"nodes\\\",\\n      \\\"type\\\": \\\"symbol\\\",\\n      \\\"zindex\\\": 1,\\n      \\\"from\\\": {\\\"data\\\": \\\"endpoints\\\"},\\n      \\\"on\\\": [\\n        {\\n          \\\"trigger\\\": \\\"fix\\\",\\n          \\\"modify\\\": \\\"node\\\",\\n          \\\"values\\\": \\\"fix === true ? {fx: node.x, fy: node.y} : {fx: fix[0], fy: fix[1]}\\\"\\n        },\\n        {\\\"trigger\\\": \\\"!fix\\\", \\\"modify\\\": \\\"node\\\", \\\"values\\\": \\\"{fx: null, fy: null}\\\"}\\n      ],\\n      \\\"encode\\\": {\\n        \\\"enter\\\": {\\n          \\\"fill\\\": {\\\"scale\\\": \\\"colorEndpointsBytesBlues\\\", \\\"field\\\": \\\"bytes\\\"},\\n          \\\"stroke\\\": {\\\"scale\\\": \\\"colorEndpointsBytesLightBlues\\\", \\\"field\\\": \\\"bytes\\\"},\\n          \\\"xfocus\\\": {\\\"signal\\\": \\\"cx\\\"},\\n          \\\"yfocus\\\": {\\\"signal\\\": \\\"cy\\\"}\\n        },\\n        \\\"update\\\": {\\n          \\\"size\\\": {\\\"scale\\\": \\\"endpointBytesScale\\\", \\\"field\\\": \\\"bytes\\\"},\\n          \\\"cursor\\\": {\\\"value\\\": \\\"pointer\\\"}\\n        },\\n        \\\"hover\\\": {\\n          \\\"tooltip\\\": {\\n            \\\"signal\\\": \\\"datum.key + ' (Bytes: ' + format(datum.bytes, '.2s') + ', Packets: ' + datum.packets + ', Records: ' + datum.doc_count + ')'\\\"\\n          }\\n        }\\n      },\\n      \\\"transform\\\": [\\n        {\\n          \\\"type\\\": \\\"force\\\",\\n          \\\"iterations\\\": 160,\\n          \\\"velocityDecay\\\": {\\n            \\\"signal\\\": \\\"decay\\\"\\n          },\\n          \\\"restart\\\": {\\\"signal\\\": \\\"restart\\\"},\\n          \\\"static\\\": {\\\"signal\\\": \\\"static\\\"},\\n          \\\"signal\\\": \\\"force\\\",\\n          \\\"forces\\\": [\\n            {\\\"force\\\": \\\"center\\\", \\\"x\\\": {\\\"signal\\\": \\\"cx\\\"}, \\\"y\\\": {\\\"signal\\\": \\\"cy\\\"}},\\n            {\\\"force\\\": \\\"x\\\", \\\"x\\\": \\\"xfocus\\\", \\\"strength\\\": {\\\"signal\\\": \\\"gravityX\\\"}},\\n            {\\\"force\\\": \\\"y\\\", \\\"y\\\": \\\"yfocus\\\", \\\"strength\\\": {\\\"signal\\\": \\\"gravityY\\\"}},\\n            {\\\"force\\\": \\\"collide\\\", \\\"radius\\\": {\\\"signal\\\": \\\"linkDistance\\\"}},\\n            {\\\"force\\\": \\\"nbody\\\", \\\"strength\\\": {\\\"signal\\\": \\\"nodeCharge\\\"}},\\n            {\\\"force\\\": \\\"link\\\", \\\"links\\\": \\\"traffic\\\", \\\"id\\\": \\\"datum.key\\\", \\\"distance\\\": {\\\"signal\\\": \\\"linkDistance\\\"}}\\n          ]\\n        }\\n      ]\\n    },\\n    {\\n      \\\"type\\\": \\\"text\\\",\\n      \\\"zindex\\\": 2,\\n      \\\"from\\\": {\\\"data\\\": \\\"nodes\\\"},\\n      \\\"interactive\\\": false,\\n      \\\"encode\\\": {\\n        \\\"enter\\\": {\\n          \\\"fill\\\": {\\\"value\\\": \\\"black\\\"},\\n          \\\"fontSize\\\": {\\\"scale\\\": \\\"fontsizeEndpointBytesScale\\\", \\\"field\\\": \\\"datum.bytes\\\"}\\n        },\\n        \\\"update\\\": {\\n          \\\"y\\\": {\\\"field\\\": \\\"y\\\", \\\"offset\\\": {\\\"signal\\\": \\\"sqrt(datum.size/2) * 1.3\\\"}},\\n          \\\"x\\\": {\\\"field\\\": \\\"x\\\"},\\n          \\\"text\\\": {\\\"field\\\": \\\"datum.key\\\"},\\n          \\\"align\\\": {\\\"value\\\": \\\"center\\\"}\\n        }\\n      }\\n    },\\n    {\\n      \\\"name\\\": \\\"paths\\\",\\n      \\\"type\\\": \\\"path\\\",\\n      \\\"from\\\": {\\\"data\\\": \\\"traffic\\\"},\\n      \\\"interactive\\\": true,\\n      \\\"encode\\\": {\\n        \\\"update\\\": {\\n          \\\"stroke\\\": {\\\"scale\\\": \\\"colorTrafficBytesGreys\\\", \\\"field\\\": \\\"bytes\\\"},\\n          \\\"strokeWidth\\\": {\\\"scale\\\": \\\"trafficBytesScale\\\", \\\"field\\\": \\\"bytes\\\"}\\n        },\\n        \\\"hover\\\": {\\n          \\\"tooltip\\\": {\\n            \\\"signal\\\": \\\"'Bytes: ' + format(datum.bytes, '.2s') + ', Packets: ' + datum.packets + ', Records: ' + datum.doc_count\\\"\\n          }\\n        }\\n      },\\n      \\\"transform\\\": [\\n        {\\n          \\\"type\\\": \\\"linkpath\\\",\\n          \\\"require\\\": {\\\"signal\\\": \\\"force\\\"},\\n          \\\"shape\\\": \\\"curve\\\",\\n          \\\"sourceX\\\": \\\"datum.source.x\\\",\\n          \\\"sourceY\\\": \\\"datum.source.y\\\",\\n          \\\"targetX\\\": \\\"datum.target.x\\\",\\n          \\\"targetY\\\": \\\"datum.target.y\\\"\\n        }\\n      ]\\n    }\\n  ]\\n}\\n\"}}"},"coreMigrationVersion":"8.2.0","id":"c0bfa554-f769-4935-9033-e8486469aa31","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,14495],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY3NjAsMl0="}
{"attributes":{"fieldAttrs":"{}","fieldFormatMap":"{\"network.bytes\":{\"id\":\"bytes\",\"params\":{\"pattern\":\"0,0.[00]b\"}},\"destination.port\":{\"id\":\"number\",\"params\":{\"pattern\":\"0\"}},\"source.port\":{\"id\":\"number\",\"params\":{\"pattern\":\"0\"}}}","fields":"[]","runtimeFieldMap":"{}","timeFieldName":"@timestamp","title":"elastiflow-path-ecs-*","typeMeta":"{}"},"coreMigrationVersion":"8.2.0","id":"elastiflow-path-ecs-*","migrationVersion":{"index-pattern":"8.0.0"},"references":[],"sort":[1675811601479,14496],"type":"index-pattern","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY3NjEsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): AS-Path - input list","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow (flow): AS-Path - input list\",\"type\":\"input_control_vis\",\"aggs\":[],\"params\":{\"controls\":[{\"id\":\"1675163780141\",\"fieldName\":\"host.name\",\"parent\":\"\",\"label\":\"Flow Exporter\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":false,\"size\":1000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_0_index_pattern\"},{\"id\":\"1675163909739\",\"fieldName\":\"network.transport\",\"parent\":\"\",\"label\":\"Protocol\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":false,\"size\":250,\"order\":\"desc\"},\"indexPatternRefName\":\"control_1_index_pattern\"},{\"id\":\"1675163985360\",\"fieldName\":\"hop.src.as.label\",\"parent\":\"\",\"label\":\"Hop Source AS\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":false,\"size\":1000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_2_index_pattern\"},{\"id\":\"1675164139595\",\"fieldName\":\"hop.dst.as.label\",\"parent\":\"\",\"label\":\"Hop Destination AS\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":false,\"size\":1000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_3_index_pattern\"},{\"id\":\"1675164222515\",\"fieldName\":\"flow.src.as.label\",\"parent\":\"\",\"label\":\"Flow Source AS\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":false,\"size\":1000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_4_index_pattern\"},{\"id\":\"1675164336411\",\"fieldName\":\"flow.dst.as.label\",\"parent\":\"\",\"label\":\"Flow Destination AS\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":false,\"size\":1000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_5_index_pattern\"},{\"id\":\"1675164415620\",\"fieldName\":\"source.domain\",\"parent\":\"\",\"label\":\"Endpoint Source IP/Host\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":false,\"size\":2000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_6_index_pattern\"},{\"id\":\"1675164457596\",\"fieldName\":\"destination.domain\",\"parent\":\"\",\"label\":\"Endpoint Destination IP/Host\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":false,\"size\":2000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_7_index_pattern\"}],\"updateFiltersOnChange\":true,\"useTimeFilter\":true,\"pinFilters\":true}}"},"coreMigrationVersion":"8.2.0","id":"d2fd7ceb-e5a7-4a9b-aeac-38d17227dabe","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-path-ecs-*","name":"control_0_index_pattern","type":"index-pattern"},{"id":"elastiflow-path-ecs-*","name":"control_1_index_pattern","type":"index-pattern"},{"id":"elastiflow-path-ecs-*","name":"control_2_index_pattern","type":"index-pattern"},{"id":"elastiflow-path-ecs-*","name":"control_3_index_pattern","type":"index-pattern"},{"id":"elastiflow-path-ecs-*","name":"control_4_index_pattern","type":"index-pattern"},{"id":"elastiflow-path-ecs-*","name":"control_5_index_pattern","type":"index-pattern"},{"id":"elastiflow-path-ecs-*","name":"control_6_index_pattern","type":"index-pattern"},{"id":"elastiflow-path-ecs-*","name":"control_7_index_pattern","type":"index-pattern"}],"sort":[1675811601479,14505],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY3NjIsMl0="}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":false}","panelsJSON":"[{\"version\":\"7.17.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":43,\"h\":4,\"i\":\"6e7778e0-9be0-423a-b60a-c7ccf0810522\"},\"panelIndex\":\"6e7778e0-9be0-423a-b60a-c7ccf0810522\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_6e7778e0-9be0-423a-b60a-c7ccf0810522\"},{\"version\":\"7.17.0\",\"type\":\"visualization\",\"gridData\":{\"x\":43,\"y\":0,\"w\":5,\"h\":4,\"i\":\"fa831312-1122-4a7f-8899-2ad2ddfa1bee\"},\"panelIndex\":\"fa831312-1122-4a7f-8899-2ad2ddfa1bee\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_fa831312-1122-4a7f-8899-2ad2ddfa1bee\"},{\"version\":\"7.17.0\",\"type\":\"visualization\",\"gridData\":{\"x\":10,\"y\":4,\"w\":38,\"h\":37,\"i\":\"8dcef790-6ea6-424e-88f6-4dd72e4790bc\"},\"panelIndex\":\"8dcef790-6ea6-424e-88f6-4dd72e4790bc\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_8dcef790-6ea6-424e-88f6-4dd72e4790bc\"},{\"version\":\"7.17.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":4,\"w\":10,\"h\":37,\"i\":\"097c83a2-ae6f-4f7e-8e38-83661cf4dfd6\"},\"panelIndex\":\"097c83a2-ae6f-4f7e-8e38-83661cf4dfd6\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_097c83a2-ae6f-4f7e-8e38-83661cf4dfd6\"}]","timeRestore":false,"title":"ElastiFlow (flow): AS-Path Graph (hops)","version":1},"coreMigrationVersion":"8.2.0","id":"ae9fd5a6-4145-4604-b96b-d8b34c5300b3","migrationVersion":{"dashboard":"8.2.0"},"references":[{"id":"7d3f51c6-ce20-4c01-a159-e93d1b268288","name":"6e7778e0-9be0-423a-b60a-c7ccf0810522:panel_6e7778e0-9be0-423a-b60a-c7ccf0810522","type":"visualization"},{"id":"b3a59822-c752-45ed-b321-fe35aa1edda7","name":"fa831312-1122-4a7f-8899-2ad2ddfa1bee:panel_fa831312-1122-4a7f-8899-2ad2ddfa1bee","type":"visualization"},{"id":"c0bfa554-f769-4935-9033-e8486469aa31","name":"8dcef790-6ea6-424e-88f6-4dd72e4790bc:panel_8dcef790-6ea6-424e-88f6-4dd72e4790bc","type":"visualization"},{"id":"d2fd7ceb-e5a7-4a9b-aeac-38d17227dabe","name":"097c83a2-ae6f-4f7e-8e38-83661cf4dfd6:panel_097c83a2-ae6f-4f7e-8e38-83661cf4dfd6","type":"visualization"}],"sort":[1675811601479,14510],"type":"dashboard","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY3NjMsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): TCP Flag Count - TSVB (metric)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: TCP Flag Count - TSVB (metric)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"243e6f91-2230-4e05-bcdd-3fb4a0941bab\",\"type\":\"metric\",\"series\":[{\"id\":\"51ea642f-d1a5-4d80-963e-5990c33fc8e0\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\",\"type\":\"cardinality\",\"field\":\"tcp.flags.tags\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"TCP Flags\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-ecs-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"background_color_rules\":[{\"id\":\"a075e039-575f-4c8b-b940-2e884eba28aa\"}],\"time_range_mode\":\"entire_time_range\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"1fd1af3d-bad3-47a1-95fd-838b5350c506","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,14511],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY3NjQsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): NAV - Autonomous Systems (client/server)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow (flow): NAV - Autonomous Systems (client/server)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"time_range_mode\":\"last_value\",\"id\":\"243e6f91-2230-4e05-bcdd-3fb4a0941bab\",\"type\":\"markdown\",\"series\":[{\"time_range_mode\":\"entire_time_range\",\"id\":\"51ea642f-d1a5-4d80-963e-5990c33fc8e0\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*-ecs-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"markdown\":\"[**Client/Server**](#/dashboard/81f1a40e-98e5-4d15-bb0f-938a495f2af1) | [Src/Dst](#/dashboard/3b8f4e10-40c3-49eb-8a06-b3cf38239d54) | [AS-Path Hops](#/dashboard/ae9fd5a6-4145-4604-b96b-d8b34c5300b3)\\n***\",\"markdown_css\":\"p{color:#aaaaaa;margin-top:0;margin-bottom:12px} p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none} p a strong{color:#1ba9f5;font-weight:bold} hr{background-color:#aaaaaa;margin:0;height:1px} a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1,\"truncate_legend\":1,\"max_lines_legend\":1}}"},"coreMigrationVersion":"8.2.0","id":"a6886f41-24df-4900-a258-fb616a8cd744","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,14512],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY3NjUsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Throughput/Client AS (bits/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/Client AS (bits/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"243e6f91-2230-4e05-bcdd-3fb4a0941bab\",\"type\":\"timeseries\",\"series\":[{\"id\":\"51ea642f-d1a5-4d80-963e-5990c33fc8e0\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\",\"type\":\"sum\",\"field\":\"network.bytes\"},{\"id\":\"6a8fef1c-81ba-4dc7-9707-418a50286686\",\"type\":\"calculation\",\"variables\":[{\"id\":\"99002288-db72-4bdf-a45f-ab3f6fd9def5\",\"name\":\"bytes\",\"field\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\"},{\"id\":\"421e0fdf-4321-44f1-bb3e-439c1e13ed98\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"be634496-f50c-476b-b941-f643e4e5e302\",\"type\":\"sum\",\"field\":\"network.bytes\"},{\"id\":\"ad71e075-6b32-48d3-9166-56de5602e828\",\"type\":\"calculation\",\"variables\":[{\"id\":\"6444c352-97d0-411f-a9cb-84d693544965\",\"name\":\"bytes\",\"field\":\"be634496-f50c-476b-b941-f643e4e5e302\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Autonomous Systems\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\",\"terms_field\":\"flow.client.as.label\",\"terms_size\":\"25\",\"terms_order_by\":\"be634496-f50c-476b-b941-f643e4e5e302\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-ecs-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"filter\":{\"query\":\"flow.client.as.label : * \",\"language\":\"kuery\"},\"axis_min\":\"0\",\"use_kibana_indexes\":false,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"460edd03-9393-43ae-b613-ef7a7f0a30f0","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,14513],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY3NjYsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Throughput/Client AS (pkts/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/Client AS (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"243e6f91-2230-4e05-bcdd-3fb4a0941bab\",\"type\":\"timeseries\",\"series\":[{\"id\":\"51ea642f-d1a5-4d80-963e-5990c33fc8e0\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\",\"type\":\"sum\",\"field\":\"network.packets\"},{\"id\":\"7414246f-2cc6-409b-8d23-7beb72dbd39f\",\"type\":\"math\",\"variables\":[{\"id\":\"d0edd64b-3e94-4e65-b5e3-e92d61f23fe4\",\"name\":\"packets\",\"field\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\"},{\"id\":\"421e0fdf-4321-44f1-bb3e-439c1e13ed98\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"be634496-f50c-476b-b941-f643e4e5e302\",\"type\":\"sum\",\"field\":\"network.packets\"},{\"id\":\"d82bb085-b464-4045-b30f-7dd214c95d88\",\"type\":\"math\",\"variables\":[{\"id\":\"7eef86ee-c8b6-4fc8-85a2-bfda7364c15f\",\"name\":\"packets\",\"field\":\"be634496-f50c-476b-b941-f643e4e5e302\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Autonomous Systems\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\",\"terms_field\":\"flow.client.as.label\",\"terms_size\":\"25\",\"terms_order_by\":\"be634496-f50c-476b-b941-f643e4e5e302\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-ecs-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"filter\":{\"query\":\"flow.client.as.label: * \",\"language\":\"kuery\"},\"axis_min\":\"0\",\"use_kibana_indexes\":false,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"7400cab5-9d34-48dc-8402-3e26c52f7370","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,14514],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY3NjcsMl0="}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":false}","panelsJSON":"[{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":28,\"h\":4,\"i\":\"973b3ed1-870e-43e9-939b-0e645e87d45e\"},\"panelIndex\":\"973b3ed1-870e-43e9-939b-0e645e87d45e\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_973b3ed1-870e-43e9-939b-0e645e87d45e\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":28,\"y\":0,\"w\":15,\"h\":4,\"i\":\"50dd9f5c-6a5d-4d74-b84d-214adba16e10\"},\"panelIndex\":\"50dd9f5c-6a5d-4d74-b84d-214adba16e10\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_50dd9f5c-6a5d-4d74-b84d-214adba16e10\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":43,\"y\":0,\"w\":5,\"h\":4,\"i\":\"c96d7538-37e9-48a2-a330-64b1d6adb723\"},\"panelIndex\":\"c96d7538-37e9-48a2-a330-64b1d6adb723\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_c96d7538-37e9-48a2-a330-64b1d6adb723\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":4,\"w\":48,\"h\":5,\"i\":\"ce083403-1864-4426-9a84-82b286720d34\"},\"panelIndex\":\"ce083403-1864-4426-9a84-82b286720d34\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_ce083403-1864-4426-9a84-82b286720d34\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":9,\"w\":24,\"h\":16,\"i\":\"ee71f339-8697-4a39-8679-1ddee30762b5\"},\"panelIndex\":\"ee71f339-8697-4a39-8679-1ddee30762b5\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Client AS (bits/s)\",\"panelRefName\":\"panel_ee71f339-8697-4a39-8679-1ddee30762b5\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":9,\"w\":24,\"h\":16,\"i\":\"33f61020-2637-4fa0-ad30-9a33f8894bc4\"},\"panelIndex\":\"33f61020-2637-4fa0-ad30-9a33f8894bc4\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Server AS (bits/s)\",\"panelRefName\":\"panel_33f61020-2637-4fa0-ad30-9a33f8894bc4\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":25,\"w\":24,\"h\":16,\"i\":\"ad7513cb-8485-409f-b300-49fcef9d282c\"},\"panelIndex\":\"ad7513cb-8485-409f-b300-49fcef9d282c\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Client AS (pkts/s)\",\"panelRefName\":\"panel_ad7513cb-8485-409f-b300-49fcef9d282c\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":25,\"w\":24,\"h\":16,\"i\":\"a7d0d6fa-f0bf-4669-9983-09f9e5ad7b38\"},\"panelIndex\":\"a7d0d6fa-f0bf-4669-9983-09f9e5ad7b38\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Server AS (pkts/s)\",\"panelRefName\":\"panel_a7d0d6fa-f0bf-4669-9983-09f9e5ad7b38\"}]","timeRestore":false,"title":"ElastiFlow (flow): AS Traffic (client/server)","version":1},"coreMigrationVersion":"8.2.0","id":"81f1a40e-98e5-4d15-bb0f-938a495f2af1","migrationVersion":{"dashboard":"8.2.0"},"references":[{"id":"c04bfae0-6df5-4ccc-acc5-387a6d20f1aa","name":"973b3ed1-870e-43e9-939b-0e645e87d45e:panel_973b3ed1-870e-43e9-939b-0e645e87d45e","type":"visualization"},{"id":"a6886f41-24df-4900-a258-fb616a8cd744","name":"50dd9f5c-6a5d-4d74-b84d-214adba16e10:panel_50dd9f5c-6a5d-4d74-b84d-214adba16e10","type":"visualization"},{"id":"b3a59822-c752-45ed-b321-fe35aa1edda7","name":"c96d7538-37e9-48a2-a330-64b1d6adb723:panel_c96d7538-37e9-48a2-a330-64b1d6adb723","type":"visualization"},{"id":"85e77dbd-ef5e-4425-8701-687176adeab3","name":"ce083403-1864-4426-9a84-82b286720d34:panel_ce083403-1864-4426-9a84-82b286720d34","type":"visualization"},{"id":"460edd03-9393-43ae-b613-ef7a7f0a30f0","name":"ee71f339-8697-4a39-8679-1ddee30762b5:panel_ee71f339-8697-4a39-8679-1ddee30762b5","type":"visualization"},{"id":"298f1fe8-9eb7-4fd8-885d-1309f4197a8a","name":"33f61020-2637-4fa0-ad30-9a33f8894bc4:panel_33f61020-2637-4fa0-ad30-9a33f8894bc4","type":"visualization"},{"id":"7400cab5-9d34-48dc-8402-3e26c52f7370","name":"ad7513cb-8485-409f-b300-49fcef9d282c:panel_ad7513cb-8485-409f-b300-49fcef9d282c","type":"visualization"},{"id":"80dec333-26a2-4a1f-9adf-9ad4da5fe4a6","name":"a7d0d6fa-f0bf-4669-9983-09f9e5ad7b38:panel_a7d0d6fa-f0bf-4669-9983-09f9e5ad7b38","type":"visualization"}],"sort":[1675811601479,14523],"type":"dashboard","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY3NjgsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Threats (DDoS Flood) - input list","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Threats (DDoS Flood) - input list\",\"type\":\"input_control_vis\",\"aggs\":[],\"params\":{\"controls\":[{\"id\":\"1607868729183\",\"fieldName\":\"host.name\",\"parent\":\"\",\"label\":\"Flow Exporter\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":1000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_0_index_pattern\"}],\"updateFiltersOnChange\":true,\"useTimeFilter\":true,\"pinFilters\":true}}"},"coreMigrationVersion":"8.2.0","id":"830a5905-13c8-44c1-81b3-d386512ecf57","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"control_0_index_pattern","type":"index-pattern"}],"sort":[1675811601479,14525],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY3NjksMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Autonomous Systems (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow (flow): Autonomous Systems (flow records) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Records\",\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"as.label\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"AS\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"nestedLegend\":false,\"truncateLegend\":true,\"maxLegendLines\":1,\"emptySizeRatio\":0.3,\"legendSize\":180}}"},"coreMigrationVersion":"8.2.0","id":"7fe0d159-0d2b-4f49-80ce-550e07bfb226","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1675812939721,17599],"type":"visualization","updated_at":"2023-02-07T23:35:39.721Z","version":"WzkyNDMsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): NTP Server Responses (packets) - TSVB (metric)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NTP Server Responses (packets) - TSVB (metric)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"243e6f91-2230-4e05-bcdd-3fb4a0941bab\",\"type\":\"metric\",\"series\":[{\"id\":\"51ea642f-d1a5-4d80-963e-5990c33fc8e0\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\",\"type\":\"sum\",\"field\":\"network.packets\"},{\"sigma\":\"\",\"id\":\"9f929eed-1261-4f02-9bea-a72d23a9eb19\",\"type\":\"cumulative_sum\",\"field\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"3\",\"point_size\":\"0\",\"fill\":\"0\",\"stacked\":\"none\",\"label\":\"responses\",\"type\":\"timeseries\",\"filter\":{\"query\":\"\",\"language\":\"kuery\"}}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-ecs-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"drop_last_bucket\":1,\"background_color_rules\":[{\"id\":\"5ede7772-5bb9-4e6c-886a-346f69dc073b\"}],\"filter\":{\"query\":\"network.transport: \\\"udp\\\" AND (NOT destination.port: 123) AND source.port: 123 AND (event.dataset: \\\"ipfix\\\" OR event.dataset: \\\"netflow\\\")\",\"language\":\"kuery\"},\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true}}"},"coreMigrationVersion":"8.2.0","id":"b6a37e54-24ac-4cf7-b680-95f7e9fc4c48","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,14528],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY3NzEsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): NAV - Core Services (DNS)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Core Services (DNS)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"243e6f91-2230-4e05-bcdd-3fb4a0941bab\",\"type\":\"markdown\",\"series\":[{\"id\":\"51ea642f-d1a5-4d80-963e-5990c33fc8e0\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*-ecs-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"markdown\":\"[**DNS**](#/dashboard/7bba2030-1878-4d50-a9c4-21372a9a3c73) | [DHCP](#/dashboard/2bed80e1-8261-4848-b58e-55e065089e12) | \\n[RADIUS](#/dashboard/e143d802-f5ae-433c-8dce-07dd5726d7e9) | \\n[LDAP](#/dashboard/104fd74b-929f-4d74-a9af-7a07273da4f2) | [NTP](#/dashboard/4489cb79-2538-4d11-b976-516d94999050)\\n***\",\"markdown_css\":\"p{color:#aaaaaa;margin-top:0;margin-bottom:12px} p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none} p a strong{color:#1ba9f5;font-weight:bold} hr{background-color:#aaaaaa;margin:0;height:1px} a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"0602bc0f-a5de-416e-be7d-1a8030f74801","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,14529],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY3NzIsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): DNS Requests (packets) - TSVB (metric)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: DNS Requests (packets) - TSVB (metric)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"243e6f91-2230-4e05-bcdd-3fb4a0941bab\",\"type\":\"metric\",\"series\":[{\"id\":\"51ea642f-d1a5-4d80-963e-5990c33fc8e0\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\",\"type\":\"sum\",\"field\":\"network.packets\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"3\",\"point_size\":\"0\",\"fill\":\"0\",\"stacked\":\"none\",\"label\":\"requests\",\"type\":\"timeseries\",\"filter\":{\"query\":\"\",\"language\":\"kuery\"}}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-ecs-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"drop_last_bucket\":1,\"background_color_rules\":[{\"id\":\"5ede7772-5bb9-4e6c-886a-346f69dc073b\"}],\"filter\":{\"query\":\"network.transport: \\\"udp\\\" AND destination.port: 53 AND (event.dataset: \\\"ipfix\\\" OR event.dataset: \\\"netflow\\\")\",\"language\":\"kuery\"},\"time_range_mode\":\"entire_time_range\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true}}"},"coreMigrationVersion":"8.2.0","id":"57f29c43-0493-4c58-99d0-1b301c0e9953","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,14530],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY3NzMsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): DNS Responses (packets) - TSVB (metric)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: DNS Responses (packets) - TSVB (metric)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"243e6f91-2230-4e05-bcdd-3fb4a0941bab\",\"type\":\"metric\",\"series\":[{\"id\":\"51ea642f-d1a5-4d80-963e-5990c33fc8e0\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\",\"type\":\"sum\",\"field\":\"network.packets\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"3\",\"point_size\":\"0\",\"fill\":\"0\",\"stacked\":\"none\",\"label\":\"responses\",\"type\":\"timeseries\",\"filter\":{\"query\":\"\",\"language\":\"kuery\"}}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-ecs-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"drop_last_bucket\":1,\"background_color_rules\":[{\"id\":\"5ede7772-5bb9-4e6c-886a-346f69dc073b\"}],\"filter\":{\"query\":\"network.transport: \\\"udp\\\" AND source.port: 53 AND (event.dataset: \\\"ipfix\\\" OR event.dataset: \\\"netflow\\\")\",\"language\":\"kuery\"},\"time_range_mode\":\"entire_time_range\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true}}"},"coreMigrationVersion":"8.2.0","id":"4cfdfce5-a6c0-4439-ae25-7849083d7256","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,14531],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY3NzQsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): DNS Req/Resp (packets) - TSVB (line)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: DNS Req/Resp (packets) - TSVB (line)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"time_range_mode\":\"entire_time_range\",\"id\":\"243e6f91-2230-4e05-bcdd-3fb4a0941bab\",\"type\":\"timeseries\",\"series\":[{\"id\":\"51ea642f-d1a5-4d80-963e-5990c33fc8e0\",\"color\":\"rgba(255,69,69,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\",\"type\":\"sum\",\"field\":\"network.packets\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"3\",\"point_size\":\"0\",\"fill\":\"0\",\"stacked\":\"none\",\"label\":\"requests\",\"type\":\"timeseries\",\"filter\":{\"query\":\"destination.port: 53\",\"language\":\"kuery\"}},{\"id\":\"eebf03a7-ddfb-4583-bf53-66f1908a614e\",\"color\":\"rgba(88,224,97,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"483e84a5-0810-4223-a287-f2bc89a2c4c9\",\"type\":\"sum\",\"field\":\"network.packets\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"3\",\"point_size\":\"0\",\"fill\":\"0\",\"stacked\":\"none\",\"label\":\"responses\",\"type\":\"timeseries\",\"filter\":{\"query\":\"source.port: 53\",\"language\":\"kuery\"}}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-ecs-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"drop_last_bucket\":1,\"filter\":{\"query\":\"network.transport: \\\"udp\\\" AND (event.dataset: \\\"ipfix\\\" OR event.dataset: \\\"netflow\\\")\",\"language\":\"kuery\"},\"use_kibana_indexes\":false,\"axis_min\":\"0\"}}"},"coreMigrationVersion":"8.2.0","id":"68c2957e-29a6-464b-acbe-6e80e37b7236","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,14532],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY3NzUsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"destination.port\",\"negate\":false,\"params\":{\"query\":\"53\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match_phrase\":{\"destination.port\":\"53\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"event.dataset\",\"negate\":false,\"params\":[\"ipfix\",\"netflow\"],\"type\":\"phrases\",\"value\":\"ipfix, netflow\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"event.dataset\":\"ipfix\"}},{\"match_phrase\":{\"event.dataset\":\"netflow\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"network.transport\",\"negate\":false,\"params\":{\"query\":\"udp\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"match_phrase\":{\"network.transport\":\"udp\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): DNS Requests by Name Server - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow (flow): DNS Requests by Name Server - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"Requests\",\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":24,\"otherBucket\":true,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Name Server\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"nestedLegend\":false,\"truncateLegend\":true,\"maxLegendLines\":1,\"emptySizeRatio\":0.3,\"legendSize\":180}}"},"coreMigrationVersion":"8.2.0","id":"863ce1a9-a474-4d14-ba2e-58181a99a99b","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index","type":"index-pattern"}],"sort":[1675811757412,15396],"type":"visualization","updated_at":"2023-02-07T23:15:57.412Z","version":"WzcxMzEsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"source.port\",\"negate\":false,\"params\":{\"query\":\"53\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match_phrase\":{\"source.port\":\"53\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"event.dataset\",\"negate\":false,\"params\":[\"ipfix\",\"netflow\"],\"type\":\"phrases\",\"value\":\"ipfix, netflow\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"event.dataset\":\"ipfix\"}},{\"match_phrase\":{\"event.dataset\":\"netflow\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"network.transport\",\"negate\":false,\"params\":{\"query\":\"udp\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"match_phrase\":{\"network.transport\":\"udp\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): DNS Responses by Name Server - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow (flow): DNS Responses by Name Server - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"Requests\",\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":24,\"otherBucket\":true,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Name Server\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"nestedLegend\":false,\"truncateLegend\":true,\"maxLegendLines\":1,\"emptySizeRatio\":0.3,\"legendSize\":180}}"},"coreMigrationVersion":"8.2.0","id":"eadefb5e-c3d1-4315-be29-fdeab739b12a","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index","type":"index-pattern"}],"sort":[1675811768567,15432],"type":"visualization","updated_at":"2023-02-07T23:16:08.567Z","version":"WzcxNTUsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"event.dataset\",\"negate\":false,\"params\":[\"ipfix\",\"netflow\"],\"type\":\"phrases\",\"value\":\"ipfix, netflow\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"event.dataset\":\"ipfix\"}},{\"match_phrase\":{\"event.dataset\":\"netflow\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"destination.port\",\"negate\":false,\"params\":{\"query\":\"53\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"match_phrase\":{\"destination.port\":\"53\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"network.transport\",\"negate\":false,\"params\":{\"query\":\"udp\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"match_phrase\":{\"network.transport\":\"udp\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): DNS Requests by Client - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: DNS Requests by Client - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"Requests\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":99,\"otherBucket\":true,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"c18ff124-06d8-4791-ba22-40770738ab10","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index","type":"index-pattern"}],"sort":[1675811601479,14547],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY3NzgsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"event.dataset\",\"negate\":false,\"params\":[\"ipfix\",\"netflow\"],\"type\":\"phrases\",\"value\":\"ipfix, netflow\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"event.dataset\":\"ipfix\"}},{\"match_phrase\":{\"event.dataset\":\"netflow\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"source.port\",\"negate\":false,\"params\":{\"query\":\"53\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"match_phrase\":{\"source.port\":\"53\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"network.transport\",\"negate\":false,\"params\":{\"query\":\"udp\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"match_phrase\":{\"network.transport\":\"udp\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): DNS Responses by Client - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: DNS Responses by Client - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"Responses\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":99,\"otherBucket\":true,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"d0a988f9-fd04-4794-8d37-78edf4967bcd","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index","type":"index-pattern"}],"sort":[1675811601479,14552],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY3NzksMl0="}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":false}","panelsJSON":"[{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":28,\"h\":4,\"i\":\"adbc3d93-667c-4e3a-b541-2aa499025164\"},\"panelIndex\":\"adbc3d93-667c-4e3a-b541-2aa499025164\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_adbc3d93-667c-4e3a-b541-2aa499025164\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":28,\"y\":0,\"w\":15,\"h\":4,\"i\":\"a18f1475-063c-43c7-86f4-ec8180d9d4de\"},\"panelIndex\":\"a18f1475-063c-43c7-86f4-ec8180d9d4de\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_a18f1475-063c-43c7-86f4-ec8180d9d4de\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":43,\"y\":0,\"w\":5,\"h\":4,\"i\":\"28249447-0b83-47e6-bbdf-0d12e957777d\"},\"panelIndex\":\"28249447-0b83-47e6-bbdf-0d12e957777d\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_28249447-0b83-47e6-bbdf-0d12e957777d\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":4,\"w\":9,\"h\":5,\"i\":\"c133e9f5-fdfa-432f-b7fe-5c472b5dac39\"},\"panelIndex\":\"c133e9f5-fdfa-432f-b7fe-5c472b5dac39\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_c133e9f5-fdfa-432f-b7fe-5c472b5dac39\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":9,\"y\":4,\"w\":9,\"h\":5,\"i\":\"5e54ead7-e90a-44e7-8469-6d5c080304d8\"},\"panelIndex\":\"5e54ead7-e90a-44e7-8469-6d5c080304d8\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_5e54ead7-e90a-44e7-8469-6d5c080304d8\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":18,\"y\":4,\"w\":30,\"h\":14,\"i\":\"0b3543ea-42f3-4534-885d-262f1b0dee30\"},\"panelIndex\":\"0b3543ea-42f3-4534-885d-262f1b0dee30\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_0b3543ea-42f3-4534-885d-262f1b0dee30\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":9,\"w\":9,\"h\":9,\"i\":\"bd8043c1-7a27-4692-9c40-dd85e9a92c38\"},\"panelIndex\":\"bd8043c1-7a27-4692-9c40-dd85e9a92c38\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"title\":\"Requests by Name Server\",\"panelRefName\":\"panel_bd8043c1-7a27-4692-9c40-dd85e9a92c38\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":9,\"y\":9,\"w\":9,\"h\":9,\"i\":\"5bd11a6b-3dbf-432e-9f9a-b842a5683306\"},\"panelIndex\":\"5bd11a6b-3dbf-432e-9f9a-b842a5683306\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"title\":\"Responses by Name Server\",\"panelRefName\":\"panel_5bd11a6b-3dbf-432e-9f9a-b842a5683306\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":18,\"w\":9,\"h\":23,\"i\":\"0ad50a37-b816-4b44-97ea-fd9bb8accf7d\"},\"panelIndex\":\"0ad50a37-b816-4b44-97ea-fd9bb8accf7d\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"title\":\"Requests by Name Server\",\"panelRefName\":\"panel_0ad50a37-b816-4b44-97ea-fd9bb8accf7d\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":9,\"y\":18,\"w\":9,\"h\":23,\"i\":\"9633aff9-700d-41b5-9f0b-561bfb8087ae\"},\"panelIndex\":\"9633aff9-700d-41b5-9f0b-561bfb8087ae\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"title\":\"Responses by Name Server\",\"panelRefName\":\"panel_9633aff9-700d-41b5-9f0b-561bfb8087ae\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":18,\"y\":18,\"w\":10,\"h\":23,\"i\":\"0a0fef7a-9162-4dbd-a946-313ed4fb50fb\"},\"panelIndex\":\"0a0fef7a-9162-4dbd-a946-313ed4fb50fb\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"title\":\"Requests by Client\",\"panelRefName\":\"panel_0a0fef7a-9162-4dbd-a946-313ed4fb50fb\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":28,\"y\":18,\"w\":10,\"h\":23,\"i\":\"02f70ae7-fc0c-4921-97a1-ec73f1fb3a46\"},\"panelIndex\":\"02f70ae7-fc0c-4921-97a1-ec73f1fb3a46\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"title\":\"Responses by Client\",\"panelRefName\":\"panel_02f70ae7-fc0c-4921-97a1-ec73f1fb3a46\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":38,\"y\":18,\"w\":10,\"h\":23,\"i\":\"94730105-5228-4f56-bc79-e1b82fcc255c\"},\"panelIndex\":\"94730105-5228-4f56-bc79-e1b82fcc255c\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_94730105-5228-4f56-bc79-e1b82fcc255c\"}]","timeRestore":false,"title":"ElastiFlow (flow): Core Services (DNS)","version":1},"coreMigrationVersion":"8.2.0","id":"7bba2030-1878-4d50-a9c4-21372a9a3c73","migrationVersion":{"dashboard":"8.2.0"},"references":[{"id":"f86c51c3-069d-4973-8789-e15fbe01fa77","name":"adbc3d93-667c-4e3a-b541-2aa499025164:panel_adbc3d93-667c-4e3a-b541-2aa499025164","type":"visualization"},{"id":"0602bc0f-a5de-416e-be7d-1a8030f74801","name":"a18f1475-063c-43c7-86f4-ec8180d9d4de:panel_a18f1475-063c-43c7-86f4-ec8180d9d4de","type":"visualization"},{"id":"b3a59822-c752-45ed-b321-fe35aa1edda7","name":"28249447-0b83-47e6-bbdf-0d12e957777d:panel_28249447-0b83-47e6-bbdf-0d12e957777d","type":"visualization"},{"id":"57f29c43-0493-4c58-99d0-1b301c0e9953","name":"c133e9f5-fdfa-432f-b7fe-5c472b5dac39:panel_c133e9f5-fdfa-432f-b7fe-5c472b5dac39","type":"visualization"},{"id":"4cfdfce5-a6c0-4439-ae25-7849083d7256","name":"5e54ead7-e90a-44e7-8469-6d5c080304d8:panel_5e54ead7-e90a-44e7-8469-6d5c080304d8","type":"visualization"},{"id":"68c2957e-29a6-464b-acbe-6e80e37b7236","name":"0b3543ea-42f3-4534-885d-262f1b0dee30:panel_0b3543ea-42f3-4534-885d-262f1b0dee30","type":"visualization"},{"id":"863ce1a9-a474-4d14-ba2e-58181a99a99b","name":"bd8043c1-7a27-4692-9c40-dd85e9a92c38:panel_bd8043c1-7a27-4692-9c40-dd85e9a92c38","type":"visualization"},{"id":"eadefb5e-c3d1-4315-be29-fdeab739b12a","name":"5bd11a6b-3dbf-432e-9f9a-b842a5683306:panel_5bd11a6b-3dbf-432e-9f9a-b842a5683306","type":"visualization"},{"id":"d82b8abd-66ea-43ea-8701-b8664dc6df4e","name":"0ad50a37-b816-4b44-97ea-fd9bb8accf7d:panel_0ad50a37-b816-4b44-97ea-fd9bb8accf7d","type":"visualization"},{"id":"1f0b5626-a4b5-46cd-9bcb-5849d8a80c75","name":"9633aff9-700d-41b5-9f0b-561bfb8087ae:panel_9633aff9-700d-41b5-9f0b-561bfb8087ae","type":"visualization"},{"id":"c18ff124-06d8-4791-ba22-40770738ab10","name":"0a0fef7a-9162-4dbd-a946-313ed4fb50fb:panel_0a0fef7a-9162-4dbd-a946-313ed4fb50fb","type":"visualization"},{"id":"d0a988f9-fd04-4794-8d37-78edf4967bcd","name":"02f70ae7-fc0c-4921-97a1-ec73f1fb3a46:panel_02f70ae7-fc0c-4921-97a1-ec73f1fb3a46","type":"visualization"},{"id":"eee37a32-4b8b-411c-9c91-a270241c75e9","name":"94730105-5228-4f56-bc79-e1b82fcc255c:panel_94730105-5228-4f56-bc79-e1b82fcc255c","type":"visualization"}],"sort":[1675811601479,14566],"type":"dashboard","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY3ODAsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Locality Count - TSVB (metric)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Locality Count - TSVB (metric)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"243e6f91-2230-4e05-bcdd-3fb4a0941bab\",\"type\":\"metric\",\"series\":[{\"id\":\"51ea642f-d1a5-4d80-963e-5990c33fc8e0\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\",\"type\":\"cardinality\",\"field\":\"flow.locality\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Localities\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-ecs-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"background_color_rules\":[{\"id\":\"a075e039-575f-4c8b-b940-2e884eba28aa\"}],\"time_range_mode\":\"entire_time_range\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"9118aa97-ba0d-46e6-addf-bfd9f4f3b0d3","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,14567],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY3ODEsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): DHCP Relayed (packets) - TSVB (metric)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: DHCP Relayed (packets) - TSVB (metric)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"243e6f91-2230-4e05-bcdd-3fb4a0941bab\",\"type\":\"metric\",\"series\":[{\"id\":\"51ea642f-d1a5-4d80-963e-5990c33fc8e0\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\",\"type\":\"sum\",\"field\":\"network.packets\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"3\",\"point_size\":\"0\",\"fill\":\"0\",\"stacked\":\"none\",\"label\":\"relayed\",\"type\":\"timeseries\",\"filter\":{\"query\":\"\",\"language\":\"kuery\"}}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-ecs-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"drop_last_bucket\":1,\"background_color_rules\":[{\"id\":\"5ede7772-5bb9-4e6c-886a-346f69dc073b\"}],\"filter\":{\"query\":\"network.transport: \\\"udp\\\" AND source.port: 67 AND destination.port: 67 AND (event.dataset: \\\"ipfix\\\" OR event.dataset: \\\"netflow\\\")\",\"language\":\"kuery\"},\"time_range_mode\":\"entire_time_range\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true}}"},"coreMigrationVersion":"8.2.0","id":"423fed94-54fb-4d50-8f89-83c0d10d9a2c","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,14568],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY3ODIsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Src/Dst (graph) - input list","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Src/Dst (graph) - input list\",\"type\":\"input_control_vis\",\"aggs\":[],\"params\":{\"controls\":[{\"id\":\"1607868729183\",\"fieldName\":\"host.name\",\"parent\":\"\",\"label\":\"Flow Exporter\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":false,\"size\":1000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_0_index_pattern\"},{\"id\":\"1607868774014\",\"fieldName\":\"source.domain\",\"parent\":\"\",\"label\":\"Source\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":false,\"size\":5000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_1_index_pattern\"},{\"id\":\"1607868810362\",\"fieldName\":\"destination.domain\",\"parent\":\"\",\"label\":\"Destination\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":false,\"size\":5000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_2_index_pattern\"},{\"id\":\"1675028723968\",\"fieldName\":\"network.transport\",\"parent\":\"\",\"label\":\"Layer-4 Protocol\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":false,\"size\":250,\"order\":\"desc\"},\"indexPatternRefName\":\"control_3_index_pattern\"},{\"id\":\"1607868835824\",\"fieldName\":\"flow.dst.l4.port.name\",\"parent\":\"\",\"label\":\"Destination Port\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":false,\"size\":1000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_4_index_pattern\"},{\"id\":\"1619032296511\",\"fieldName\":\"l4.session.established\",\"parent\":\"\",\"label\":\"Session Established\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":false,\"size\":3,\"order\":\"desc\"},\"indexPatternRefName\":\"control_5_index_pattern\"},{\"id\":\"1675028823795\",\"fieldName\":\"sec.threat.name\",\"parent\":\"\",\"label\":\"Threat\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":false,\"size\":250,\"order\":\"desc\"},\"indexPatternRefName\":\"control_6_index_pattern\"}],\"updateFiltersOnChange\":true,\"useTimeFilter\":true,\"pinFilters\":true}}"},"coreMigrationVersion":"8.2.0","id":"76bf9bb7-6881-413f-a264-2989d275d1d8","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"control_0_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"control_1_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"control_2_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"control_3_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"control_4_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"control_5_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"control_6_index_pattern","type":"index-pattern"}],"sort":[1675811601479,14576],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY3ODMsMl0="}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"query\":{\"bool\":{\"should\":[{\"terms\":{\"source.ip\":[\"224.0.0.0/4\",\"ff00::/8\",\"255.255.255.255\"]}},{\"terms\":{\"destination.ip\":[\"224.0.0.0/4\",\"ff00::/8\",\"255.255.255.255\"]}}],\"minimum_should_match\":1}},\"meta\":{\"type\":\"custom\",\"disabled\":false,\"negate\":true,\"alias\":\"non-unicast IPs\",\"key\":\"query\",\"value\":\"{\\\"bool\\\":{\\\"should\\\":[{\\\"terms\\\":{\\\"source.ip\\\":[\\\"224.0.0.0/4\\\",\\\"ff00::/8\\\",\\\"255.255.255.255\\\"]}},{\\\"terms\\\":{\\\"destination.ip\\\":[\\\"224.0.0.0/4\\\",\\\"ff00::/8\\\",\\\"255.255.255.255\\\"]}}],\\\"minimum_should_match\\\":1}}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"$state\":{\"store\":\"appState\"}}]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":false}","panelsJSON":"[{\"version\":\"7.17.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":28,\"h\":4,\"i\":\"d1a6b13f-1da7-4329-be85-45c298e91161\"},\"panelIndex\":\"d1a6b13f-1da7-4329-be85-45c298e91161\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_d1a6b13f-1da7-4329-be85-45c298e91161\"},{\"version\":\"7.17.0\",\"type\":\"visualization\",\"gridData\":{\"x\":28,\"y\":0,\"w\":15,\"h\":4,\"i\":\"7faa6308-421e-484f-a47f-8e703d4e0d2c\"},\"panelIndex\":\"7faa6308-421e-484f-a47f-8e703d4e0d2c\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_7faa6308-421e-484f-a47f-8e703d4e0d2c\"},{\"version\":\"7.17.0\",\"type\":\"visualization\",\"gridData\":{\"x\":43,\"y\":0,\"w\":5,\"h\":4,\"i\":\"70be6510-d89b-4f38-aef0-bf443f56914f\"},\"panelIndex\":\"70be6510-d89b-4f38-aef0-bf443f56914f\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_70be6510-d89b-4f38-aef0-bf443f56914f\"},{\"version\":\"7.17.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":4,\"w\":10,\"h\":37,\"i\":\"3d0157f7-3648-4a5b-8def-d184a3f33088\"},\"panelIndex\":\"3d0157f7-3648-4a5b-8def-d184a3f33088\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_3d0157f7-3648-4a5b-8def-d184a3f33088\"},{\"version\":\"7.17.0\",\"type\":\"visualization\",\"gridData\":{\"x\":10,\"y\":4,\"w\":38,\"h\":37,\"i\":\"88a6af9a-2469-465c-ac85-2f3beefbe0b2\"},\"panelIndex\":\"88a6af9a-2469-465c-ac85-2f3beefbe0b2\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_88a6af9a-2469-465c-ac85-2f3beefbe0b2\"}]","timeRestore":false,"title":"ElastiFlow (flow): Graph (src/dst)","version":1},"coreMigrationVersion":"8.2.0","id":"2f0a86fc-9e3d-4916-b4f0-921e77871f31","migrationVersion":{"dashboard":"8.2.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"392d40dc-85b5-41d8-a730-97bba5aec226","name":"d1a6b13f-1da7-4329-be85-45c298e91161:panel_d1a6b13f-1da7-4329-be85-45c298e91161","type":"visualization"},{"id":"5de41b05-5273-4637-9d77-29aefabde37c","name":"7faa6308-421e-484f-a47f-8e703d4e0d2c:panel_7faa6308-421e-484f-a47f-8e703d4e0d2c","type":"visualization"},{"id":"b3a59822-c752-45ed-b321-fe35aa1edda7","name":"70be6510-d89b-4f38-aef0-bf443f56914f:panel_70be6510-d89b-4f38-aef0-bf443f56914f","type":"visualization"},{"id":"76bf9bb7-6881-413f-a264-2989d275d1d8","name":"3d0157f7-3648-4a5b-8def-d184a3f33088:panel_3d0157f7-3648-4a5b-8def-d184a3f33088","type":"visualization"},{"id":"cd63910d-400f-471d-9d68-107e8b6612b3","name":"88a6af9a-2469-465c-ac85-2f3beefbe0b2:panel_88a6af9a-2469-465c-ac85-2f3beefbe0b2","type":"visualization"}],"sort":[1675811601479,14583],"type":"dashboard","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY3ODQsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"terms\":{\"event.dataset\":[\"netflow\",\"ipfix\"]}},{\"term\":{\"tcp.flags.bits\":2}},{\"term\":{\"destination.as.organization.name\":\"PRIVATE\"}}],\"must_not\":[{\"term\":{\"source.as.organization.name\":\"PRIVATE\"}}]},\"meta\":{\"alias\":\"SYN-only Inbound\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"terms\\\":{\\\"event.dataset\\\":[\\\"netflow\\\",\\\"ipfix\\\"]}},{\\\"term\\\":{\\\"tcp.flags.bits\\\":2}},{\\\"term\\\":{\\\"destination.as.organization.name\\\":\\\"PRIVATE\\\"}}],\\\"must_not\\\":[{\\\"term\\\":{\\\"source.as.organization.name\\\":\\\"PRIVATE\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): TCP SYN-only Sessions (Inbound) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: TCP SYN-only Sessions (Inbound) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"source.port\",\"customLabel\":\"Sessions\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.l4.port.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"65c4db74-ebcc-459a-9027-93e4c1a1ffe3","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1675811601479,14586],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY3ODUsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Throughput/IP Version (bits/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/IP Version (bits/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"243e6f91-2230-4e05-bcdd-3fb4a0941bab\",\"type\":\"timeseries\",\"series\":[{\"id\":\"51ea642f-d1a5-4d80-963e-5990c33fc8e0\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\",\"type\":\"sum\",\"field\":\"network.bytes\"},{\"id\":\"6a8fef1c-81ba-4dc7-9707-418a50286686\",\"type\":\"calculation\",\"variables\":[{\"id\":\"99002288-db72-4bdf-a45f-ab3f6fd9def5\",\"name\":\"bytes\",\"field\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\"},{\"id\":\"421e0fdf-4321-44f1-bb3e-439c1e13ed98\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"gradient\",\"metrics\":[{\"id\":\"be634496-f50c-476b-b941-f643e4e5e302\",\"type\":\"sum\",\"field\":\"network.bytes\"},{\"id\":\"ad71e075-6b32-48d3-9166-56de5602e828\",\"type\":\"calculation\",\"variables\":[{\"id\":\"6444c352-97d0-411f-a9cb-84d693544965\",\"name\":\"bytes\",\"field\":\"be634496-f50c-476b-b941-f643e4e5e302\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Cities\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\",\"terms_field\":\"network.type\",\"terms_size\":\"25\",\"terms_order_by\":\"be634496-f50c-476b-b941-f643e4e5e302\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-ecs-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"filter\":{\"query\":\"network.type: * \",\"language\":\"kuery\"},\"axis_min\":\"0\",\"use_kibana_indexes\":false,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"9ce1239f-c97e-4b8c-a8c5-14e77a9ecb54","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,14587],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY3ODYsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): DHCP Broadcast (packets) - TSVB (metric)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: DHCP Broadcast (packets) - TSVB (metric)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"243e6f91-2230-4e05-bcdd-3fb4a0941bab\",\"type\":\"metric\",\"series\":[{\"id\":\"51ea642f-d1a5-4d80-963e-5990c33fc8e0\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\",\"type\":\"sum\",\"field\":\"network.packets\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"3\",\"point_size\":\"0\",\"fill\":\"0\",\"stacked\":\"none\",\"label\":\"broadcast\",\"type\":\"timeseries\",\"filter\":{\"query\":\"\",\"language\":\"kuery\"}}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-ecs-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"drop_last_bucket\":1,\"background_color_rules\":[{\"id\":\"5ede7772-5bb9-4e6c-886a-346f69dc073b\"}],\"filter\":{\"query\":\"network.transport: \\\"udp\\\" AND source.port: 68 AND destination.port: 67 AND destination.ip: 255.255.255.255 AND (event.dataset: \\\"ipfix\\\" OR event.dataset: \\\"netflow\\\")\",\"language\":\"kuery\"},\"time_range_mode\":\"entire_time_range\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true}}"},"coreMigrationVersion":"8.2.0","id":"a979dabd-31a8-42b8-8e57-df8cd5b6d7d3","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,14588],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY3ODcsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Clients (bytes) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Clients (bytes) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Bytes\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"client.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\"}}"},"coreMigrationVersion":"8.2.0","id":"faceb6fc-4a47-4925-b7da-fb85e4882299","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1675811601479,14590],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY3ODgsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"terms\":{\"destination.port\":[22,23,1494,3389]}},{\"range\":{\"destination.port\":{\"gte\":\"5900\",\"lte\":\"5904\"}}}]}},{\"term\":{\"source.as.organization.name\":\"PRIVATE\"}},{\"term\":{\"destination.as.organization.name\":\"PRIVATE\"}}],\"must_not\":[{\"terms\":{\"source.port\":[53,123,80,443,25,465,110,195,143,993]}}]},\"meta\":{\"alias\":\"Brute Force Private\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"bool\\\":{\\\"should\\\":[{\\\"terms\\\":{\\\"destination.port\\\":[22,23,1494,3389]}},{\\\"range\\\":{\\\"destination.port\\\":{\\\"gte\\\":\\\"5900\\\",\\\"lte\\\":\\\"5904\\\"}}}],\\\"minimum_should_match\\\":1}},{\\\"term\\\":{\\\"source.as.organization.name\\\":\\\"PRIVATE\\\"}},{\\\"term\\\":{\\\"destination.as.organization.name\\\":\\\"PRIVATE\\\"}}],\\\"must_not\\\":[{\\\"terms\\\":{\\\"source.port\\\":[53,123,80,443,25,465,110,195,143,993]}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Brute Force Sessions (Private) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: Brute Force Sessions (Private) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"source.port\",\"customLabel\":\"Sessions\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.l4.port.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"5500a105-14ed-4c12-8383-3f529b37a20c","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1675811601479,14593],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY3ODksMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): ICMP Destinations from Public IP - metric","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: ICMP Destinations from Public IP - metric\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"value\":0,\"id\":\"3374bc0c-cb5c-4fce-943a-f37049156236\",\"background_color\":\"rgba(204,204,204,1)\",\"operator\":\"gte\"},{\"value\":100000000,\"id\":\"c17422fd-f5ec-4ec6-b841-adaaa6a32d63\",\"background_color\":\"rgba(68,170,255,1)\",\"operator\":\"gte\"},{\"value\":1000000000,\"id\":\"f581ce81-0463-4201-b122-a3d34fc5bee2\",\"background_color\":\"rgba(255,136,0,1)\",\"operator\":\"gte\"},{\"value\":10000000000,\"id\":\"0e11ceff-5cde-4958-a909-1a417e4c0e46\",\"background_color\":\"rgba(221,0,0,1)\",\"operator\":\"gte\"},{\"value\":null,\"id\":\"e5bca257-273b-4866-8290-d424a226e77e\",\"background_color\":\"rgba(204,204,204,1)\",\"operator\":\"empty\"}],\"filter\":{\"query\":\"network.transport: (\\\"icmp\\\" OR \\\"ipv6-icmp\\\") AND NOT source.as.organization.name: \\\"PRIVATE\\\"\",\"language\":\"kuery\"},\"id\":\"243e6f91-2230-4e05-bcdd-3fb4a0941bab\",\"index_pattern\":\"elastiflow-flow-ecs-*\",\"interval\":\"\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"number\",\"id\":\"51ea642f-d1a5-4d80-963e-5990c33fc8e0\",\"label\":\"ICMP Destinations (Public)\",\"line_width\":1,\"metrics\":[{\"id\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\",\"type\":\"cardinality\",\"field\":\"destination.ip\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"kibana\",\"split_mode\":\"everything\",\"stacked\":\"none\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"time_range_mode\":\"entire_time_range\",\"tooltip_mode\":\"show_all\",\"type\":\"metric\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"77c672df-cbb2-44d0-a09e-b74e28460ee5","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,14594],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY3OTAsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Throughput/Egress Interface (bits/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/Egress Interface (bits/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"243e6f91-2230-4e05-bcdd-3fb4a0941bab\",\"type\":\"timeseries\",\"series\":[{\"id\":\"51ea642f-d1a5-4d80-963e-5990c33fc8e0\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\",\"type\":\"sum\",\"field\":\"network.bytes\"},{\"id\":\"6a8fef1c-81ba-4dc7-9707-418a50286686\",\"type\":\"calculation\",\"variables\":[{\"id\":\"99002288-db72-4bdf-a45f-ab3f6fd9def5\",\"name\":\"bytes\",\"field\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\"},{\"id\":\"421e0fdf-4321-44f1-bb3e-439c1e13ed98\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"be634496-f50c-476b-b941-f643e4e5e302\",\"type\":\"sum\",\"field\":\"network.bytes\"},{\"id\":\"ad71e075-6b32-48d3-9166-56de5602e828\",\"type\":\"calculation\",\"variables\":[{\"id\":\"6444c352-97d0-411f-a9cb-84d693544965\",\"name\":\"bytes\",\"field\":\"be634496-f50c-476b-b941-f643e4e5e302\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Interfaces\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\",\"terms_field\":\"observer.egress.interface.name\",\"terms_size\":\"25\",\"terms_order_by\":\"be634496-f50c-476b-b941-f643e4e5e302\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-ecs-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"filter\":{\"query\":\"observer.egress.interface.name: * \",\"language\":\"kuery\"},\"axis_min\":\"0\",\"use_kibana_indexes\":false,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"3b6987d8-0c05-490e-8d98-d8c205f918b1","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,14595],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY3OTEsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): NAV - Graph (AS)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Graph (AS)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"time_range_mode\":\"last_value\",\"id\":\"243e6f91-2230-4e05-bcdd-3fb4a0941bab\",\"type\":\"markdown\",\"series\":[{\"time_range_mode\":\"entire_time_range\",\"id\":\"51ea642f-d1a5-4d80-963e-5990c33fc8e0\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*-ecs-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"markdown\":\"[Client/Server](#/dashboard/428e8b89-92d5-4e7b-a83a-8379083a0874) | [Src/Dst](#/dashboard/2f0a86fc-9e3d-4916-b4f0-921e77871f31) | [**AS**](#/dashboard/cfe94c44-f8bd-4770-99ab-7f482ecda3a5)\\n***\",\"markdown_css\":\"p{color:#aaaaaa;margin-top:0;margin-bottom:12px} p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none} p a strong{color:#1ba9f5;font-weight:bold} hr{background-color:#aaaaaa;margin:0;height:1px} a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1,\"truncate_legend\":1,\"max_lines_legend\":1}}"},"coreMigrationVersion":"8.2.0","id":"3f0834aa-2de7-4008-a572-58314a4ee5d0","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,14596],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY3OTIsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Client/Server Autonomous Systems (graph) - input list","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Client/Server Autonomous Systems (graph) - input list\",\"type\":\"input_control_vis\",\"aggs\":[],\"params\":{\"controls\":[{\"id\":\"1607868729183\",\"fieldName\":\"host.name\",\"parent\":\"\",\"label\":\"Flow Exporter\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":false,\"size\":1000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_0_index_pattern\"},{\"id\":\"1607868774014\",\"fieldName\":\"flow.client.as.label\",\"parent\":\"\",\"label\":\"Client AS\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":false,\"size\":5000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_1_index_pattern\"},{\"id\":\"1607868810362\",\"fieldName\":\"flow.server.as.label\",\"parent\":\"\",\"label\":\"Server AS\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":false,\"size\":5000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_2_index_pattern\"},{\"id\":\"1675029046836\",\"fieldName\":\"network.transport\",\"parent\":\"\",\"label\":\"Layer-4 Protocol\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":false,\"size\":250,\"order\":\"desc\"},\"indexPatternRefName\":\"control_3_index_pattern\"},{\"id\":\"1607868835824\",\"fieldName\":\"flow.server.l4.port.name\",\"parent\":\"\",\"label\":\"Service\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":false,\"size\":1000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_4_index_pattern\"},{\"id\":\"1619032399767\",\"fieldName\":\"l4.session.established\",\"parent\":\"\",\"label\":\"Session Established\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":false,\"size\":3,\"order\":\"desc\"},\"indexPatternRefName\":\"control_5_index_pattern\"},{\"id\":\"1675029096506\",\"fieldName\":\"sec.threat.name\",\"parent\":\"\",\"label\":\"Threat\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":false,\"size\":250,\"order\":\"desc\"},\"indexPatternRefName\":\"control_6_index_pattern\"}],\"updateFiltersOnChange\":true,\"useTimeFilter\":true,\"pinFilters\":true}}"},"coreMigrationVersion":"8.2.0","id":"cc83ea6a-d789-4ea7-9674-ce998a2880c6","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"control_0_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"control_1_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"control_2_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"control_3_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"control_4_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"control_5_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"control_6_index_pattern","type":"index-pattern"}],"sort":[1675811601479,14604],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY3OTMsMl0="}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"meta\":{\"alias\":\"client is PRIVATE\",\"negate\":true,\"disabled\":true,\"type\":\"phrase\",\"key\":\"flow.client.as.label\",\"params\":{\"query\":\"PRIVATE\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match_phrase\":{\"flow.client.as.label\":\"PRIVATE\"}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"alias\":\"server is PRIVATE\",\"negate\":true,\"disabled\":true,\"type\":\"phrase\",\"key\":\"flow.server.as.label\",\"params\":{\"query\":\"PRIVATE\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"match_phrase\":{\"flow.server.as.label\":\"PRIVATE\"}},\"$state\":{\"store\":\"appState\"}}]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":false}","panelsJSON":"[{\"version\":\"7.17.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":28,\"h\":4,\"i\":\"54e51499-4b7d-4df6-8e86-b0a935d6f415\"},\"panelIndex\":\"54e51499-4b7d-4df6-8e86-b0a935d6f415\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_54e51499-4b7d-4df6-8e86-b0a935d6f415\"},{\"version\":\"7.17.0\",\"type\":\"visualization\",\"gridData\":{\"x\":28,\"y\":0,\"w\":15,\"h\":4,\"i\":\"c99cfeb3-89b5-4247-9d47-758d0905ea05\"},\"panelIndex\":\"c99cfeb3-89b5-4247-9d47-758d0905ea05\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_c99cfeb3-89b5-4247-9d47-758d0905ea05\"},{\"version\":\"7.17.0\",\"type\":\"visualization\",\"gridData\":{\"x\":43,\"y\":0,\"w\":5,\"h\":4,\"i\":\"f5901d33-b722-4ca2-8544-96a812ee8b13\"},\"panelIndex\":\"f5901d33-b722-4ca2-8544-96a812ee8b13\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_f5901d33-b722-4ca2-8544-96a812ee8b13\"},{\"version\":\"7.17.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":4,\"w\":10,\"h\":37,\"i\":\"86ba0837-ff69-4d7a-85a2-4225583b8ef7\"},\"panelIndex\":\"86ba0837-ff69-4d7a-85a2-4225583b8ef7\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_86ba0837-ff69-4d7a-85a2-4225583b8ef7\"},{\"version\":\"7.17.0\",\"type\":\"visualization\",\"gridData\":{\"x\":10,\"y\":4,\"w\":38,\"h\":37,\"i\":\"1691582b-34e9-4e8b-b4dd-3ea191995e17\"},\"panelIndex\":\"1691582b-34e9-4e8b-b4dd-3ea191995e17\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_1691582b-34e9-4e8b-b4dd-3ea191995e17\"}]","timeRestore":false,"title":"ElastiFlow (flow): Graph (AS)","version":1},"coreMigrationVersion":"8.2.0","id":"cfe94c44-f8bd-4770-99ab-7f482ecda3a5","migrationVersion":{"dashboard":"8.2.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"392d40dc-85b5-41d8-a730-97bba5aec226","name":"54e51499-4b7d-4df6-8e86-b0a935d6f415:panel_54e51499-4b7d-4df6-8e86-b0a935d6f415","type":"visualization"},{"id":"3f0834aa-2de7-4008-a572-58314a4ee5d0","name":"c99cfeb3-89b5-4247-9d47-758d0905ea05:panel_c99cfeb3-89b5-4247-9d47-758d0905ea05","type":"visualization"},{"id":"b3a59822-c752-45ed-b321-fe35aa1edda7","name":"f5901d33-b722-4ca2-8544-96a812ee8b13:panel_f5901d33-b722-4ca2-8544-96a812ee8b13","type":"visualization"},{"id":"cc83ea6a-d789-4ea7-9674-ce998a2880c6","name":"86ba0837-ff69-4d7a-85a2-4225583b8ef7:panel_86ba0837-ff69-4d7a-85a2-4225583b8ef7","type":"visualization"},{"id":"bec8666b-5425-41d0-b02c-2755d8b8af17","name":"1691582b-34e9-4e8b-b4dd-3ea191995e17:panel_1691582b-34e9-4e8b-b4dd-3ea191995e17","type":"visualization"}],"sort":[1675811601479,14612],"type":"dashboard","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY3OTQsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Top Conversations - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: Top Conversations - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Bytes\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"Packets\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Flow Records\"},\"schema\":\"metric\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.conversation.id\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":199,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Conversation ID\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"client.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":1,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"},\"schema\":\"bucket\"},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"client.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":1,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client IP\"},\"schema\":\"bucket\"},{\"id\":\"7\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"server.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":1,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server\"},\"schema\":\"bucket\"},{\"id\":\"8\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"server.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":1,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server IP\"},\"schema\":\"bucket\"},{\"id\":\"9\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.server.l4.port.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":1,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"aa158060-bd29-45a4-8abb-a16bf51bd3a9","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1675811601479,14614],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY3OTUsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): RADIUS AUTH Responses (packets) - TSVB (metric)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: RADIUS AUTH Responses (packets) - TSVB (metric)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"243e6f91-2230-4e05-bcdd-3fb4a0941bab\",\"type\":\"metric\",\"series\":[{\"id\":\"51ea642f-d1a5-4d80-963e-5990c33fc8e0\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\",\"type\":\"sum\",\"field\":\"network.packets\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"3\",\"point_size\":\"0\",\"fill\":\"0\",\"stacked\":\"none\",\"label\":\"AUTH responses\",\"type\":\"timeseries\",\"filter\":{\"query\":\"\",\"language\":\"kuery\"}}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-ecs-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"drop_last_bucket\":1,\"background_color_rules\":[{\"id\":\"5ede7772-5bb9-4e6c-886a-346f69dc073b\"}],\"filter\":{\"query\":\"network.transport: \\\"udp\\\" AND (source.port: 1812 OR source.port: 1645) AND (event.dataset: \\\"ipfix\\\" OR event.dataset: \\\"netflow\\\")\",\"language\":\"kuery\"},\"time_range_mode\":\"entire_time_range\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true}}"},"coreMigrationVersion":"8.2.0","id":"0a228acd-9f76-4830-9a4c-a4a7e5ca1dd3","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,14615],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY3OTYsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Country Count - TSVB (metric)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Country Count - TSVB (metric)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"243e6f91-2230-4e05-bcdd-3fb4a0941bab\",\"type\":\"metric\",\"series\":[{\"id\":\"51ea642f-d1a5-4d80-963e-5990c33fc8e0\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\",\"type\":\"cardinality\",\"field\":\"geo.country.name\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Countries\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-ecs-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"background_color_rules\":[{\"id\":\"a075e039-575f-4c8b-b940-2e884eba28aa\"}],\"time_range_mode\":\"entire_time_range\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"226e6ca1-c08a-4ec6-bfbd-cb34669ed5d3","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,14616],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY3OTcsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"terms\":{\"network.transport\":[\"icmp\",\"ipv6-icmp\"]}}],\"must_not\":[{\"term\":{\"destination.as.organization.name\":\"PRIVATE\"}},{\"term\":{\"source.as.organization.name\":\"PRIVATE\"}}]},\"meta\":{\"alias\":\"ICMP Edge\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"terms\\\":{\\\"network.transport\\\":[\\\"icmp\\\",\\\"ipv6-icmp\\\"]}}],\\\"must_not\\\":[{\\\"term\\\":{\\\"destination.as.organization.name\\\":\\\"PRIVATE\\\"}},{\\\"term\\\":{\\\"source.as.organization.name\\\":\\\"PRIVATE\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): ICMP Sources (Edge) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: ICMP Sources (Edge) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"source.ip\",\"customLabel\":\"Sources\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"520a61e6-d37f-425c-8543-5917ef974bdf","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1675811601479,14619],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY3OTgsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): NAV - Exporters","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Exporters\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"time_range_mode\":\"last_value\",\"id\":\"243e6f91-2230-4e05-bcdd-3fb4a0941bab\",\"type\":\"markdown\",\"series\":[{\"time_range_mode\":\"entire_time_range\",\"id\":\"51ea642f-d1a5-4d80-963e-5990c33fc8e0\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*-ecs-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"markdown\":\"[Overview](#/dashboard/bbed16d8-b093-43a7-906a-c540bd306de6) | [Top-N](#/dashboard/6ffd0f89-824f-480e-bac3-6208b569a7c5) | [Core Services](#/dashboard/7bba2030-1878-4d50-a9c4-21372a9a3c73) | [Threats](#/dashboard/b9f81d8f-5f4a-4396-9372-de586cd9e67c) | [Flows](#/dashboard/d65172bd-25ad-445d-a6d7-c8c088993cdb) | [Graph](#/dashboard/428e8b89-92d5-4e7b-a83a-8379083a0874) | [Geo IP](#/dashboard/4d2f9e68-5019-4811-a3b6-081fd79db1e1) | [AS Traffic](#/dashboard/81f1a40e-98e5-4d15-bb0f-938a495f2af1) | [**Exporters**](#/dashboard/14d5dd97-4807-4267-9399-b5ced2d9abbe) | [Traffic Details](#/dashboard/fc15dfee-2dc4-4370-8cac-e6f9c73bcdf2) | [Flow Records](#/dashboard/31e00644-3a1e-4e11-9256-5f35aadd077c)\\n***\",\"markdown_css\":\"p{color:#aaaaaa;margin-top:0;margin-bottom:12px} p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none} p a strong{color:#1ba9f5;font-weight:bold} hr{background-color:#aaaaaa;margin:0;height:1px} a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1,\"truncate_legend\":1,\"max_lines_legend\":1}}"},"coreMigrationVersion":"8.2.0","id":"c054c6a5-27cd-40ad-800c-9c24533ad897","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,14620],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY3OTksMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Throughput/Egress Interface (pkts/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/Egress Interface (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"243e6f91-2230-4e05-bcdd-3fb4a0941bab\",\"type\":\"timeseries\",\"series\":[{\"id\":\"51ea642f-d1a5-4d80-963e-5990c33fc8e0\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\",\"type\":\"sum\",\"field\":\"network.packets\"},{\"id\":\"7a1a86de-a4f0-468a-a6d3-eb1ec31e9e1c\",\"type\":\"math\",\"variables\":[{\"id\":\"174d044a-8fc2-4b10-9145-5d2c01b152d5\",\"name\":\"packets\",\"field\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\"},{\"id\":\"421e0fdf-4321-44f1-bb3e-439c1e13ed98\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"be634496-f50c-476b-b941-f643e4e5e302\",\"type\":\"sum\",\"field\":\"network.packets\"},{\"id\":\"99d5bd1c-c870-4a44-a16c-badca6954124\",\"type\":\"math\",\"variables\":[{\"id\":\"d97a7d87-115d-4c9d-83cc-b263958a557b\",\"name\":\"packets\",\"field\":\"be634496-f50c-476b-b941-f643e4e5e302\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Interfaces\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\",\"terms_field\":\"observer.egress.interface.name\",\"terms_size\":\"25\",\"terms_order_by\":\"be634496-f50c-476b-b941-f643e4e5e302\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-ecs-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"filter\":{\"query\":\"observer.egress.interface.name: * \",\"language\":\"kuery\"},\"axis_min\":\"0\",\"use_kibana_indexes\":false,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"836c8f7c-42ac-4975-a35f-bc6b8e2917ed","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,14621],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY4MDAsMl0="}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":false}","panelsJSON":"[{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":28,\"h\":4,\"i\":\"85d904c7-7c89-4880-9c63-cddb20513185\"},\"panelIndex\":\"85d904c7-7c89-4880-9c63-cddb20513185\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_85d904c7-7c89-4880-9c63-cddb20513185\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":28,\"y\":0,\"w\":15,\"h\":4,\"i\":\"f328eea0-65a3-4404-9bae-e9079b3a76d9\"},\"panelIndex\":\"f328eea0-65a3-4404-9bae-e9079b3a76d9\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_f328eea0-65a3-4404-9bae-e9079b3a76d9\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":43,\"y\":0,\"w\":5,\"h\":4,\"i\":\"1c3459fc-8086-4ce3-a7b2-bfc7ca73253f\"},\"panelIndex\":\"1c3459fc-8086-4ce3-a7b2-bfc7ca73253f\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_1c3459fc-8086-4ce3-a7b2-bfc7ca73253f\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":4,\"w\":39,\"h\":5,\"i\":\"609a9d66-a1ea-40bf-8a7b-cd957eca939d\"},\"panelIndex\":\"609a9d66-a1ea-40bf-8a7b-cd957eca939d\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_609a9d66-a1ea-40bf-8a7b-cd957eca939d\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":39,\"y\":4,\"w\":9,\"h\":5,\"i\":\"95b9b6bb-46b8-4bcb-b8f4-54a51514ab1b\"},\"panelIndex\":\"95b9b6bb-46b8-4bcb-b8f4-54a51514ab1b\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_95b9b6bb-46b8-4bcb-b8f4-54a51514ab1b\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":9,\"w\":24,\"h\":16,\"i\":\"df6d2b16-67ac-434f-85a5-aa430141492d\"},\"panelIndex\":\"df6d2b16-67ac-434f-85a5-aa430141492d\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Ingress Interface (bits/s)\",\"panelRefName\":\"panel_df6d2b16-67ac-434f-85a5-aa430141492d\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":9,\"w\":24,\"h\":16,\"i\":\"469194b9-6822-4da9-a56d-739eced269cb\"},\"panelIndex\":\"469194b9-6822-4da9-a56d-739eced269cb\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Egress Interface (bits/s)\",\"panelRefName\":\"panel_469194b9-6822-4da9-a56d-739eced269cb\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":25,\"w\":24,\"h\":16,\"i\":\"74898571-0cde-48ed-b6a5-caa2e1c25028\"},\"panelIndex\":\"74898571-0cde-48ed-b6a5-caa2e1c25028\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Ingress Interface (pkts/s)\",\"panelRefName\":\"panel_74898571-0cde-48ed-b6a5-caa2e1c25028\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":25,\"w\":24,\"h\":16,\"i\":\"99ef8d15-bdb6-4ae0-bf9e-9b0ea7bb69f0\"},\"panelIndex\":\"99ef8d15-bdb6-4ae0-bf9e-9b0ea7bb69f0\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Egress Interface (pkts/s)\",\"panelRefName\":\"panel_99ef8d15-bdb6-4ae0-bf9e-9b0ea7bb69f0\"}]","timeRestore":false,"title":"ElastiFlow (flow): Flow Exporters (traffic)","version":1},"coreMigrationVersion":"8.2.0","id":"14d5dd97-4807-4267-9399-b5ced2d9abbe","migrationVersion":{"dashboard":"8.2.0"},"references":[{"id":"c054c6a5-27cd-40ad-800c-9c24533ad897","name":"85d904c7-7c89-4880-9c63-cddb20513185:panel_85d904c7-7c89-4880-9c63-cddb20513185","type":"visualization"},{"id":"2e6bb286-d9a0-4941-9bb5-5c9ba5f3cfcc","name":"f328eea0-65a3-4404-9bae-e9079b3a76d9:panel_f328eea0-65a3-4404-9bae-e9079b3a76d9","type":"visualization"},{"id":"b3a59822-c752-45ed-b321-fe35aa1edda7","name":"1c3459fc-8086-4ce3-a7b2-bfc7ca73253f:panel_1c3459fc-8086-4ce3-a7b2-bfc7ca73253f","type":"visualization"},{"id":"dd9a3d38-9e74-480d-9c9f-153015f5691b","name":"609a9d66-a1ea-40bf-8a7b-cd957eca939d:panel_609a9d66-a1ea-40bf-8a7b-cd957eca939d","type":"visualization"},{"id":"2a974000-47a6-404e-ac3c-37667c202cbd","name":"95b9b6bb-46b8-4bcb-b8f4-54a51514ab1b:panel_95b9b6bb-46b8-4bcb-b8f4-54a51514ab1b","type":"visualization"},{"id":"0be4eb16-7646-417a-887b-adac03ee6ae0","name":"df6d2b16-67ac-434f-85a5-aa430141492d:panel_df6d2b16-67ac-434f-85a5-aa430141492d","type":"visualization"},{"id":"3b6987d8-0c05-490e-8d98-d8c205f918b1","name":"469194b9-6822-4da9-a56d-739eced269cb:panel_469194b9-6822-4da9-a56d-739eced269cb","type":"visualization"},{"id":"c882af07-d8a9-4df2-a64c-07ef0a9a7ac5","name":"74898571-0cde-48ed-b6a5-caa2e1c25028:panel_74898571-0cde-48ed-b6a5-caa2e1c25028","type":"visualization"},{"id":"836c8f7c-42ac-4975-a35f-bc6b8e2917ed","name":"99ef8d15-bdb6-4ae0-bf9e-9b0ea7bb69f0:panel_99ef8d15-bdb6-4ae0-bf9e-9b0ea7bb69f0","type":"visualization"}],"sort":[1675811601479,14631],"type":"dashboard","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY4MDEsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"terms\":{\"destination.port\":[22,23,1494,3389]}},{\"range\":{\"destination.port\":{\"gte\":\"5900\",\"lte\":\"5904\"}}}]}}],\"must_not\":[{\"term\":{\"source.as.organization.name\":\"PRIVATE\"}},{\"terms\":{\"source.port\":[53,123,80,443,25,465,110,195,143,993]}}]},\"meta\":{\"alias\":\"Brute Force Public\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"bool\\\":{\\\"minimum_should_match\\\":1,\\\"should\\\":[{\\\"terms\\\":{\\\"destination.port\\\":[22,23,1494,3389]}},{\\\"range\\\":{\\\"destination.port\\\":{\\\"gte\\\":\\\"5900\\\",\\\"lte\\\":\\\"5904\\\"}}}]}}],\\\"must_not\\\":[{\\\"term\\\":{\\\"source.as.organization.name\\\":\\\"PRIVATE\\\"}},{\\\"terms\\\":{\\\"source.port\\\":[53,123,80,443,25,465,110,195,143,993]}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Brute Force Sessions (Public) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: Brute Force Sessions (Public) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"source.port\",\"customLabel\":\"Sessions\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.l4.port.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"48f97749-796d-435a-981c-1fbde14a3cd4","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1675811601479,14634],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY4MDIsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): NAV - AS-Path Flows","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow (flow): NAV - AS-Path Flows\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"time_range_mode\":\"last_value\",\"id\":\"243e6f91-2230-4e05-bcdd-3fb4a0941bab\",\"type\":\"markdown\",\"series\":[{\"time_range_mode\":\"entire_time_range\",\"id\":\"51ea642f-d1a5-4d80-963e-5990c33fc8e0\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*-ecs-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"markdown\":\"[Return to Flows](#/dashboard/81f1a40e-98e5-4d15-bb0f-938a495f2af1) | [Hops](#/dashboard/ae9fd5a6-4145-4604-b96b-d8b34c5300b3) | [**Flows**](#/dashboard/1d3441a2-28f5-47d5-8301-ece76849777e) | [Endpoints](#/dashboard/7a242ad4-af3c-403c-8253-e636edd413a4)\\n***\",\"markdown_css\":\"p{color:#aaaaaa;margin-top:0;margin-bottom:12px} p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none} p a strong{color:#1ba9f5;font-weight:bold} hr{background-color:#aaaaaa;margin:0;height:1px} a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1,\"truncate_legend\":1,\"max_lines_legend\":1}}"},"coreMigrationVersion":"8.2.0","id":"1adedbdb-0f59-4ab4-9e4b-50e6444ecbf3","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,14635],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY4MDMsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): AS-Path Flows - Vega (directed graph)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow (flow): AS-Path Flows - Vega (directed graph)\",\"type\":\"vega\",\"aggs\":[],\"params\":{\"spec\":\"{\\n  \\\"$schema\\\": \\\"https://vega.github.io/schema/vega/v5.json\\\",\\n  \\\"description\\\": \\\"Copyright (C)2022 ElastiFlow Inc.\\\",\\n  \\\"autosize\\\": \\\"fit\\\",\\n  \\n  \\\"data\\\": [\\n    {\\n      \\\"name\\\": \\\"flows\\\",\\n      \\\"url\\\": {\\n        \\\"%context%\\\": true,\\n        \\\"%timefield%\\\": \\\"@timestamp\\\",\\n        \\\"index\\\": \\\"elastiflow-path-ecs-*\\\",\\n        \\\"body\\\": {\\n          \\\"size\\\": 0,\\n          \\\"aggs\\\": {\\n            \\\"table\\\": {\\n              \\\"composite\\\": {\\n                \\\"size\\\": 384,\\n                \\\"sources\\\": [{\\n                    \\\"client\\\": {\\n                      \\\"terms\\\": {\\n                        \\\"field\\\": \\\"flow.src.as.label\\\"\\n                      }\\n                    }\\n                  },\\n                  {\\n                    \\\"server\\\": {\\n                      \\\"terms\\\": {\\n                        \\\"field\\\": \\\"flow.dst.as.label\\\"\\n                      }\\n                    }\\n                  }\\n                ]\\n              },\\n              \\\"aggs\\\": {\\n                \\\"flow_bytes\\\": {\\n                  \\\"sum\\\": {\\n                    \\\"field\\\": \\\"network.bytes\\\"\\n                  }\\n                },\\n                \\\"flow_packets\\\": {\\n                  \\\"sum\\\": {\\n                    \\\"field\\\": \\\"network.packets\\\"\\n                  }\\n                }\\n              }\\n            }\\n          }\\n        }\\n      },\\n      \\\"format\\\": {\\n        \\\"property\\\": \\\"aggregations.table.buckets\\\"\\n      },\\n      \\\"transform\\\": [\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.key.client\\\",\\n          \\\"as\\\": \\\"source\\\"\\n        },\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.key.server\\\",\\n          \\\"as\\\": \\\"target\\\"\\n        },\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.flow_bytes.value\\\",\\n          \\\"as\\\": \\\"bytes\\\"\\n        },\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.flow_packets.value\\\",\\n          \\\"as\\\": \\\"packets\\\"\\n        }\\n      ]\\n    },\\n\\n    {\\n      \\\"name\\\": \\\"endpoints\\\",\\n      \\\"source\\\": \\\"flows\\\",\\n      \\\"transform\\\": [\\n        {\\n          \\\"type\\\": \\\"fold\\\",\\n          \\\"fields\\\": [\\\"source\\\", \\\"target\\\"],\\n          \\\"as\\\": [\\\"stack\\\", \\\"key\\\"]\\n        },\\n        {\\n          \\\"type\\\": \\\"aggregate\\\",\\n          \\\"groupby\\\": [\\\"key\\\"],\\n          \\\"fields\\\": [\\\"doc_count\\\", \\\"bytes\\\", \\\"packets\\\"],\\n          \\\"ops\\\": [\\\"sum\\\", \\\"sum\\\", \\\"sum\\\"],\\n          \\\"as\\\": [\\\"doc_count\\\", \\\"bytes\\\", \\\"packets\\\"]\\n        }\\n      ]\\n    },\\n\\n    {\\n      \\\"name\\\": \\\"traffic\\\",\\n      \\\"source\\\": \\\"flows\\\",\\n      \\\"transform\\\": [\\n        {\\n          \\\"type\\\": \\\"aggregate\\\",\\n          \\\"groupby\\\": [\\\"source\\\", \\\"target\\\"],\\n          \\\"fields\\\": [\\\"doc_count\\\", \\\"bytes\\\", \\\"packets\\\"],\\n          \\\"ops\\\": [\\\"sum\\\", \\\"sum\\\", \\\"sum\\\"],\\n          \\\"as\\\": [\\\"doc_count\\\", \\\"bytes\\\", \\\"packets\\\"]\\n        }\\n      ]\\n    }\\n  ],\\n\\n  \\\"scales\\\": [\\n    {\\n      \\\"name\\\": \\\"endpointBytesScale\\\",\\n      \\\"type\\\": \\\"quantile\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"endpoints\\\", \\\"field\\\": \\\"bytes\\\"},\\n      \\\"range\\\": [128,192,256,320,384,448,512,576,640,768,896,1024]\\n    },\\n    {\\n      \\\"name\\\": \\\"fontsizeEndpointBytesScale\\\",\\n      \\\"type\\\": \\\"quantile\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"endpoints\\\", \\\"field\\\": \\\"bytes\\\"},\\n      \\\"range\\\": [0,0,0,0,0,0,0,12]\\n    },\\n    {\\n      \\\"name\\\": \\\"colorEndpointsBytesBlues\\\",\\n      \\\"type\\\": \\\"quantile\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"endpoints\\\", \\\"field\\\": \\\"bytes\\\"},\\n      \\\"range\\\": [\\\"#99ddff\\\", \\\"#80d4ff\\\", \\\"#66ccff\\\", \\\"#33bbff\\\", \\\"#00aaff\\\", \\\"#0099e6\\\"]\\n    },\\n    {\\n      \\\"name\\\": \\\"colorEndpointsBytesLightBlues\\\",\\n      \\\"type\\\": \\\"quantile\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"endpoints\\\", \\\"field\\\": \\\"bytes\\\"},\\n      \\\"range\\\": [\\\"#e6f7ff\\\", \\\"#cceeff\\\", \\\"#b3e6ff\\\", \\\"#99ddff\\\"]\\n    },\\n    {\\n      \\\"name\\\": \\\"trafficBytesScale\\\",\\n      \\\"type\\\": \\\"quantile\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"traffic\\\", \\\"field\\\": \\\"bytes\\\"},\\n      \\\"range\\\": [1,2,3,4,6,8]\\n    },\\n    {\\n      \\\"name\\\": \\\"colorTrafficBytesGreys\\\",\\n      \\\"type\\\": \\\"quantile\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"traffic\\\", \\\"field\\\": \\\"bytes\\\"},\\n      \\\"range\\\": [\\\"#ddd\\\", \\\"#ccc\\\", \\\"#bbb\\\", \\\"#aaa\\\", \\\"#999\\\", \\\"#888\\\"]\\n    }\\n  ],\\n  \\n  \\\"signals\\\": [\\n    {\\n      \\\"name\\\": \\\"cx\\\",\\n      \\\"update\\\": \\\"width / 2\\\"\\n    },\\n    {\\n      \\\"name\\\": \\\"cy\\\",\\n      \\\"update\\\": \\\"height / 2\\\"\\n    },\\n    {\\n      \\\"name\\\": \\\"nodeCharge\\\",\\n      \\\"value\\\": -128,\\n      \\\"bind\\\": {\\\"input\\\": \\\"range\\\", \\\"min\\\": -200, \\\"max\\\": 10, \\\"step\\\": 1}\\n    },\\n    {\\n      \\\"name\\\": \\\"linkDistance\\\",\\n      \\\"value\\\": 24,\\n      \\\"bind\\\": {\\\"input\\\": \\\"range\\\", \\\"min\\\": 8, \\\"max\\\": 64, \\\"step\\\": 1}\\n    },\\n    {\\n      \\\"name\\\": \\\"decay\\\",\\n      \\\"value\\\": 0.7,\\n      \\\"bind\\\": {\\\"input\\\": \\\"range\\\", \\\"min\\\": 0, \\\"max\\\": 1, \\\"step\\\": 0.01}\\n    },\\n    {\\n      \\\"name\\\": \\\"gravityX\\\",\\n      \\\"value\\\": 0.1,\\n      \\\"bind\\\": {\\\"input\\\": \\\"range\\\", \\\"min\\\": 0, \\\"max\\\": 1}\\n    },\\n    {\\n      \\\"name\\\": \\\"gravityY\\\",\\n      \\\"value\\\": 0.2,\\n      \\\"bind\\\": {\\\"input\\\": \\\"range\\\", \\\"min\\\": 0, \\\"max\\\": 1}\\n    },\\n    {\\n      \\\"name\\\": \\\"static\\\",\\n      \\\"value\\\": false,\\n      \\\"bind\\\": {\\\"input\\\": \\\"checkbox\\\"}\\n    },\\n    {\\n      \\\"name\\\": \\\"fix\\\",\\n      \\\"value\\\": false,\\n      \\\"on\\\": [\\n        {\\n          \\\"events\\\": \\\"symbol:mouseout[!event.buttons], window:mouseup\\\",\\n          \\\"update\\\": \\\"false\\\"\\n        },\\n        {\\n          \\\"events\\\": \\\"symbol:mouseover\\\",\\n          \\\"update\\\": \\\"fix || true\\\"\\n        },\\n        {\\n          \\\"events\\\": \\\"[symbol:mousedown, window:mouseup] > window:mousemove!\\\",\\n          \\\"update\\\": \\\"xy()\\\",\\n          \\\"force\\\": true\\n        }\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"node\\\",\\n      \\\"value\\\": null,\\n      \\\"on\\\": [\\n        {\\n          \\\"events\\\": \\\"symbol:mouseover\\\",\\n          \\\"update\\\": \\\"fix === true ? item() : node\\\"\\n        }\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"restart\\\",\\n      \\\"value\\\": false,\\n      \\\"on\\\": [\\n        {\\n          \\\"events\\\": {\\\"signal\\\": \\\"fix\\\"}, \\\"update\\\": \\\"fix && fix.length\\\"\\n        }\\n      ]\\n    }\\n  ],\\n  \\n  \\\"marks\\\": [\\n    {\\n      \\\"name\\\": \\\"nodes\\\",\\n      \\\"type\\\": \\\"symbol\\\",\\n      \\\"zindex\\\": 1,\\n      \\\"from\\\": {\\\"data\\\": \\\"endpoints\\\"},\\n      \\\"on\\\": [\\n        {\\n          \\\"trigger\\\": \\\"fix\\\",\\n          \\\"modify\\\": \\\"node\\\",\\n          \\\"values\\\": \\\"fix === true ? {fx: node.x, fy: node.y} : {fx: fix[0], fy: fix[1]}\\\"\\n        },\\n        {\\\"trigger\\\": \\\"!fix\\\", \\\"modify\\\": \\\"node\\\", \\\"values\\\": \\\"{fx: null, fy: null}\\\"}\\n      ],\\n      \\\"encode\\\": {\\n        \\\"enter\\\": {\\n          \\\"fill\\\": {\\\"scale\\\": \\\"colorEndpointsBytesBlues\\\", \\\"field\\\": \\\"bytes\\\"},\\n          \\\"stroke\\\": {\\\"scale\\\": \\\"colorEndpointsBytesLightBlues\\\", \\\"field\\\": \\\"bytes\\\"},\\n          \\\"xfocus\\\": {\\\"signal\\\": \\\"cx\\\"},\\n          \\\"yfocus\\\": {\\\"signal\\\": \\\"cy\\\"}\\n        },\\n        \\\"update\\\": {\\n          \\\"size\\\": {\\\"scale\\\": \\\"endpointBytesScale\\\", \\\"field\\\": \\\"bytes\\\"},\\n          \\\"cursor\\\": {\\\"value\\\": \\\"pointer\\\"}\\n        },\\n        \\\"hover\\\": {\\n          \\\"tooltip\\\": {\\n            \\\"signal\\\": \\\"datum.key + ' (Bytes: ' + format(datum.bytes, '.2s') + ', Packets: ' + datum.packets + ', Records: ' + datum.doc_count + ')'\\\"\\n          }\\n        }\\n      },\\n      \\\"transform\\\": [\\n        {\\n          \\\"type\\\": \\\"force\\\",\\n          \\\"iterations\\\": 160,\\n          \\\"velocityDecay\\\": {\\n            \\\"signal\\\": \\\"decay\\\"\\n          },\\n          \\\"restart\\\": {\\\"signal\\\": \\\"restart\\\"},\\n          \\\"static\\\": {\\\"signal\\\": \\\"static\\\"},\\n          \\\"signal\\\": \\\"force\\\",\\n          \\\"forces\\\": [\\n            {\\\"force\\\": \\\"center\\\", \\\"x\\\": {\\\"signal\\\": \\\"cx\\\"}, \\\"y\\\": {\\\"signal\\\": \\\"cy\\\"}},\\n            {\\\"force\\\": \\\"x\\\", \\\"x\\\": \\\"xfocus\\\", \\\"strength\\\": {\\\"signal\\\": \\\"gravityX\\\"}},\\n            {\\\"force\\\": \\\"y\\\", \\\"y\\\": \\\"yfocus\\\", \\\"strength\\\": {\\\"signal\\\": \\\"gravityY\\\"}},\\n            {\\\"force\\\": \\\"collide\\\", \\\"radius\\\": {\\\"signal\\\": \\\"linkDistance\\\"}},\\n            {\\\"force\\\": \\\"nbody\\\", \\\"strength\\\": {\\\"signal\\\": \\\"nodeCharge\\\"}},\\n            {\\\"force\\\": \\\"link\\\", \\\"links\\\": \\\"traffic\\\", \\\"id\\\": \\\"datum.key\\\", \\\"distance\\\": {\\\"signal\\\": \\\"linkDistance\\\"}}\\n          ]\\n        }\\n      ]\\n    },\\n    {\\n      \\\"type\\\": \\\"text\\\",\\n      \\\"zindex\\\": 2,\\n      \\\"from\\\": {\\\"data\\\": \\\"nodes\\\"},\\n      \\\"interactive\\\": false,\\n      \\\"encode\\\": {\\n        \\\"enter\\\": {\\n          \\\"fill\\\": {\\\"value\\\": \\\"black\\\"},\\n          \\\"fontSize\\\": {\\\"scale\\\": \\\"fontsizeEndpointBytesScale\\\", \\\"field\\\": \\\"datum.bytes\\\"}\\n        },\\n        \\\"update\\\": {\\n          \\\"y\\\": {\\\"field\\\": \\\"y\\\", \\\"offset\\\": {\\\"signal\\\": \\\"sqrt(datum.size/2) * 1.3\\\"}},\\n          \\\"x\\\": {\\\"field\\\": \\\"x\\\"},\\n          \\\"text\\\": {\\\"field\\\": \\\"datum.key\\\"},\\n          \\\"align\\\": {\\\"value\\\": \\\"center\\\"}\\n        }\\n      }\\n    },\\n    {\\n      \\\"name\\\": \\\"paths\\\",\\n      \\\"type\\\": \\\"path\\\",\\n      \\\"from\\\": {\\\"data\\\": \\\"traffic\\\"},\\n      \\\"interactive\\\": true,\\n      \\\"encode\\\": {\\n        \\\"update\\\": {\\n          \\\"stroke\\\": {\\\"scale\\\": \\\"colorTrafficBytesGreys\\\", \\\"field\\\": \\\"bytes\\\"},\\n          \\\"strokeWidth\\\": {\\\"scale\\\": \\\"trafficBytesScale\\\", \\\"field\\\": \\\"bytes\\\"}\\n        },\\n        \\\"hover\\\": {\\n          \\\"tooltip\\\": {\\n            \\\"signal\\\": \\\"'Bytes: ' + format(datum.bytes, '.2s') + ', Packets: ' + datum.packets + ', Records: ' + datum.doc_count\\\"\\n          }\\n        }\\n      },\\n      \\\"transform\\\": [\\n        {\\n          \\\"type\\\": \\\"linkpath\\\",\\n          \\\"require\\\": {\\\"signal\\\": \\\"force\\\"},\\n          \\\"shape\\\": \\\"curve\\\",\\n          \\\"sourceX\\\": \\\"datum.source.x\\\",\\n          \\\"sourceY\\\": \\\"datum.source.y\\\",\\n          \\\"targetX\\\": \\\"datum.target.x\\\",\\n          \\\"targetY\\\": \\\"datum.target.y\\\"\\n        }\\n      ]\\n    }\\n  ]\\n}\\n\"}}"},"coreMigrationVersion":"8.2.0","id":"9310925d-9684-4ea0-b47d-900f0e97172b","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,14636],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY4MDQsMl0="}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":false}","panelsJSON":"[{\"version\":\"7.17.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":43,\"h\":4,\"i\":\"eab21eaf-d1bf-4d18-af30-763062fa171d\"},\"panelIndex\":\"eab21eaf-d1bf-4d18-af30-763062fa171d\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_eab21eaf-d1bf-4d18-af30-763062fa171d\"},{\"version\":\"7.17.0\",\"type\":\"visualization\",\"gridData\":{\"x\":43,\"y\":0,\"w\":5,\"h\":4,\"i\":\"fa831312-1122-4a7f-8899-2ad2ddfa1bee\"},\"panelIndex\":\"fa831312-1122-4a7f-8899-2ad2ddfa1bee\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_fa831312-1122-4a7f-8899-2ad2ddfa1bee\"},{\"version\":\"7.17.0\",\"type\":\"visualization\",\"gridData\":{\"x\":10,\"y\":4,\"w\":38,\"h\":37,\"i\":\"aeaec106-7d8a-480c-9c07-a42a7441d4b3\"},\"panelIndex\":\"aeaec106-7d8a-480c-9c07-a42a7441d4b3\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_aeaec106-7d8a-480c-9c07-a42a7441d4b3\"},{\"version\":\"7.17.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":4,\"w\":10,\"h\":37,\"i\":\"016930e5-bc8b-44de-b6e9-29450b500c9e\"},\"panelIndex\":\"016930e5-bc8b-44de-b6e9-29450b500c9e\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_016930e5-bc8b-44de-b6e9-29450b500c9e\"}]","timeRestore":false,"title":"ElastiFlow (flow): AS-Path Graph (flows)","version":1},"coreMigrationVersion":"8.2.0","id":"1d3441a2-28f5-47d5-8301-ece76849777e","migrationVersion":{"dashboard":"8.2.0"},"references":[{"id":"1adedbdb-0f59-4ab4-9e4b-50e6444ecbf3","name":"eab21eaf-d1bf-4d18-af30-763062fa171d:panel_eab21eaf-d1bf-4d18-af30-763062fa171d","type":"visualization"},{"id":"b3a59822-c752-45ed-b321-fe35aa1edda7","name":"fa831312-1122-4a7f-8899-2ad2ddfa1bee:panel_fa831312-1122-4a7f-8899-2ad2ddfa1bee","type":"visualization"},{"id":"9310925d-9684-4ea0-b47d-900f0e97172b","name":"aeaec106-7d8a-480c-9c07-a42a7441d4b3:panel_aeaec106-7d8a-480c-9c07-a42a7441d4b3","type":"visualization"},{"id":"d2fd7ceb-e5a7-4a9b-aeac-38d17227dabe","name":"016930e5-bc8b-44de-b6e9-29450b500c9e:panel_016930e5-bc8b-44de-b6e9-29450b500c9e","type":"visualization"}],"sort":[1675811601479,14641],"type":"dashboard","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY4MDUsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Throughput/Locality (bits/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/Locality (bits/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"243e6f91-2230-4e05-bcdd-3fb4a0941bab\",\"type\":\"timeseries\",\"series\":[{\"id\":\"51ea642f-d1a5-4d80-963e-5990c33fc8e0\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\",\"type\":\"sum\",\"field\":\"network.bytes\"},{\"id\":\"6a8fef1c-81ba-4dc7-9707-418a50286686\",\"type\":\"calculation\",\"variables\":[{\"id\":\"99002288-db72-4bdf-a45f-ab3f6fd9def5\",\"name\":\"bytes\",\"field\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\"},{\"id\":\"421e0fdf-4321-44f1-bb3e-439c1e13ed98\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"gradient\",\"metrics\":[{\"id\":\"be634496-f50c-476b-b941-f643e4e5e302\",\"type\":\"sum\",\"field\":\"network.bytes\"},{\"id\":\"ad71e075-6b32-48d3-9166-56de5602e828\",\"type\":\"calculation\",\"variables\":[{\"id\":\"6444c352-97d0-411f-a9cb-84d693544965\",\"name\":\"bytes\",\"field\":\"be634496-f50c-476b-b941-f643e4e5e302\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Autonomous Systems\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\",\"terms_field\":\"flow.locality\",\"terms_size\":\"25\",\"terms_order_by\":\"be634496-f50c-476b-b941-f643e4e5e302\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-ecs-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"filter\":{\"query\":\"flow.locality : * \",\"language\":\"kuery\"},\"axis_min\":\"0\",\"use_kibana_indexes\":false,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"d4c923f7-589f-4b1a-a7a9-6dad91de307a","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,14642],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY4MDYsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): NAV - Exporters (metrics)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Exporters (metrics)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"243e6f91-2230-4e05-bcdd-3fb4a0941bab\",\"type\":\"markdown\",\"series\":[{\"id\":\"51ea642f-d1a5-4d80-963e-5990c33fc8e0\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*-ecs-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"markdown\":\"[Traffic](#/dashboard/14d5dd97-4807-4267-9399-b5ced2d9abbe) | [**Metrics**](#/dashboard/e22f5d65-718a-461e-b824-9a9c167d973c)\\n***\",\"markdown_css\":\"p{color:#aaaaaa;margin-top:0;margin-bottom:12px} p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none} p a strong{color:#1ba9f5;font-weight:bold} hr{background-color:#aaaaaa;margin:0;height:1px} a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"3e2c865c-d2b2-44fd-86f0-0f5b1571080c","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,14643],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY4MDcsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Server Countries and Cities (bytes) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Server Countries and Cities (bytes) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Bytes\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"server.geo.country_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Country\"},\"schema\":\"segment\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"server.geo.city_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"City\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\"}}"},"coreMigrationVersion":"8.2.0","id":"facfd1c5-3d04-4fbc-8ccd-99ca97769215","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1675811601479,14645],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY4MDgsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): VLANs (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow (flow): VLANs (flow records) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Records\",\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"vlan.tag.id\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"VLAN\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"nestedLegend\":false,\"truncateLegend\":true,\"maxLegendLines\":1,\"emptySizeRatio\":0.3,\"legendSize\":180}}"},"coreMigrationVersion":"8.2.0","id":"53fd7b1e-cf5c-4ecc-9261-0f4b99fbc73d","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1675812758615,17081],"type":"visualization","updated_at":"2023-02-07T23:32:38.615Z","version":"Wzg3NDgsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Throughput/VLAN (bits/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/VLAN (bits/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"243e6f91-2230-4e05-bcdd-3fb4a0941bab\",\"type\":\"timeseries\",\"series\":[{\"id\":\"51ea642f-d1a5-4d80-963e-5990c33fc8e0\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\",\"type\":\"sum\",\"field\":\"network.bytes\"},{\"id\":\"6a8fef1c-81ba-4dc7-9707-418a50286686\",\"type\":\"calculation\",\"variables\":[{\"id\":\"99002288-db72-4bdf-a45f-ab3f6fd9def5\",\"name\":\"bytes\",\"field\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\"},{\"id\":\"421e0fdf-4321-44f1-bb3e-439c1e13ed98\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"be634496-f50c-476b-b941-f643e4e5e302\",\"type\":\"sum\",\"field\":\"network.bytes\"},{\"id\":\"ad71e075-6b32-48d3-9166-56de5602e828\",\"type\":\"calculation\",\"variables\":[{\"id\":\"6444c352-97d0-411f-a9cb-84d693544965\",\"name\":\"bytes\",\"field\":\"be634496-f50c-476b-b941-f643e4e5e302\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Cities\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\",\"terms_field\":\"vlan.tag.id\",\"terms_size\":\"25\",\"terms_order_by\":\"be634496-f50c-476b-b941-f643e4e5e302\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-ecs-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"filter\":{\"query\":\"vlan.tag.id: * \",\"language\":\"kuery\"},\"axis_min\":\"0\",\"use_kibana_indexes\":false,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"c6690d40-7e9d-47c0-91e5-b9bd43fbc64d","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,14648],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY4MTAsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Cities (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow (flow): Cities (flow records) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Records\",\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"geo.city.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"City\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"nestedLegend\":false,\"truncateLegend\":true,\"maxLegendLines\":1,\"emptySizeRatio\":0.3,\"legendSize\":180}}"},"coreMigrationVersion":"8.2.0","id":"42d8cfe0-ddb2-4c1e-a4af-73c116456e3a","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1675812923902,17519],"type":"visualization","updated_at":"2023-02-07T23:35:23.902Z","version":"WzkyMDIsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Client Count - TSVB (metric)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Client Count - TSVB (metric)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"243e6f91-2230-4e05-bcdd-3fb4a0941bab\",\"type\":\"metric\",\"series\":[{\"id\":\"51ea642f-d1a5-4d80-963e-5990c33fc8e0\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\",\"type\":\"cardinality\",\"field\":\"client.domain\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Clients\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-ecs-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"background_color_rules\":[{\"id\":\"a075e039-575f-4c8b-b940-2e884eba28aa\"}],\"time_range_mode\":\"entire_time_range\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"9648f7de-710b-4293-b71c-bba434472ab6","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,14651],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY4MTIsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"destination.port\",\"negate\":false,\"params\":{\"query\":\"68\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match_phrase\":{\"destination.port\":\"68\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"event.dataset\",\"negate\":false,\"params\":[\"ipfix\",\"netflow\"],\"type\":\"phrases\",\"value\":\"ipfix, netflow\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"event.dataset\":\"ipfix\"}},{\"match_phrase\":{\"event.dataset\":\"netflow\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"source.port\",\"negate\":false,\"params\":{\"query\":\"67\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"match_phrase\":{\"source.port\":\"67\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"network.transport\",\"negate\":false,\"params\":{\"query\":\"udp\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[3].meta.index\"},\"query\":{\"match_phrase\":{\"network.transport\":\"udp\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): DHCP Responses by Client - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: DHCP Responses by Client - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"Resp\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":99,\"otherBucket\":true,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"242a0cb8-a95f-4ca8-b598-0914ee925143","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[3].meta.index","type":"index-pattern"}],"sort":[1675811601479,14657],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY4MTMsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":\"At-Risk Servers\",\"disabled\":false,\"key\":\"query\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"bool\\\":{\\\"must\\\":[{\\\"exists\\\":{\\\"field\\\":\\\"flow.client.sec.threat.name\\\"}},{\\\"term\\\":{\\\"server.as.organization.name\\\":\\\"PRIVATE\\\"}}]}}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"must\":[{\"exists\":{\"field\":\"flow.client.sec.threat.name\"}},{\"term\":{\"server.as.organization.name\":\"PRIVATE\"}}]}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): At-Risk Servers (flows) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: At-Risk Servers (flows) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"3\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"flow.conversation.id\",\"customLabel\":\"Conversations\"},\"schema\":\"metric\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"server.domain\",\"orderBy\":\"3\",\"order\":\"desc\",\"size\":99,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"At-Risk Servers\"},\"schema\":\"bucket\"},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"server.ip\",\"orderBy\":\"3\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"7f902e0e-e253-47c4-b3c7-546cf270f05b","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1675811601479,14660],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY4MTQsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Throughput/TCP Option (bits/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/TCP Option (bits/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"243e6f91-2230-4e05-bcdd-3fb4a0941bab\",\"type\":\"timeseries\",\"series\":[{\"id\":\"51ea642f-d1a5-4d80-963e-5990c33fc8e0\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\",\"type\":\"sum\",\"field\":\"network.bytes\"},{\"id\":\"6a8fef1c-81ba-4dc7-9707-418a50286686\",\"type\":\"calculation\",\"variables\":[{\"id\":\"99002288-db72-4bdf-a45f-ab3f6fd9def5\",\"name\":\"bytes\",\"field\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\"},{\"id\":\"421e0fdf-4321-44f1-bb3e-439c1e13ed98\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"be634496-f50c-476b-b941-f643e4e5e302\",\"type\":\"sum\",\"field\":\"network.bytes\"},{\"id\":\"ad71e075-6b32-48d3-9166-56de5602e828\",\"type\":\"calculation\",\"variables\":[{\"id\":\"6444c352-97d0-411f-a9cb-84d693544965\",\"name\":\"bytes\",\"field\":\"be634496-f50c-476b-b941-f643e4e5e302\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Cities\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\",\"terms_field\":\"tcp.options.tags\",\"terms_size\":\"25\",\"terms_order_by\":\"be634496-f50c-476b-b941-f643e4e5e302\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-ecs-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"filter\":{\"query\":\"tcp.options.tags: * \",\"language\":\"kuery\"},\"axis_min\":\"0\",\"use_kibana_indexes\":false,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"08059b31-05db-4269-b28d-92a5fdba0417","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,14661],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY4MTUsMl0="}
{"attributes":{"columns":["network.community_id","host.name","source.domain","flow.src.l4.port.name","destination.domain","flow.dst.l4.port.name","network.bytes","network.packets"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"bool\":{\"must\":[{\"exists\":{\"field\":\"source.ip\"}},{\"exists\":{\"field\":\"destination.ip\"}}]},\"meta\":{\"type\":\"custom\",\"disabled\":false,\"negate\":false,\"alias\":null,\"key\":\"bool\",\"value\":\"{\\\"must\\\":[{\\\"exists\\\":{\\\"field\\\":\\\"source.ip\\\"}},{\\\"exists\\\":{\\\"field\\\":\\\"destination.ip\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"$state\":{\"store\":\"appState\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[],"title":"ElastiFlow (flow): Flow Records (src/dst) - search","version":1},"coreMigrationVersion":"8.2.0","id":"02ad3778-528d-46a7-9e05-31a57f1b89d4","migrationVersion":{"search":"8.0.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1675811601479,14664],"type":"search","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY4MTYsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"terms\":{\"event.dataset\":[\"netflow\",\"ipfix\"]}},{\"term\":{\"tcp.flags.bits\":2}},{\"term\":{\"source.as.organization.name\":\"PRIVATE\"}},{\"term\":{\"destination.as.organization.name\":\"PRIVATE\"}}]},\"meta\":{\"alias\":\"SYN-only Private\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"terms\\\":{\\\"event.dataset\\\":[\\\"netflow\\\",\\\"ipfix\\\"]}},{\\\"term\\\":{\\\"tcp.flags.bits\\\":2}},{\\\"term\\\":{\\\"source.as.organization.name\\\":\\\"PRIVATE\\\"}},{\\\"term\\\":{\\\"destination.as.organization.name\\\":\\\"PRIVATE\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): TCP SYN-only Sources (Private) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: TCP SYN-only Sources (Private) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"source.ip\",\"customLabel\":\"Source\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.l4.port.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"ad4119d0-0abd-4766-99f9-7a6ef51b1750","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1675811601479,14667],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY4MTcsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"event.dataset\",\"negate\":false,\"params\":[\"ipfix\",\"netflow\"],\"type\":\"phrases\",\"value\":\"ipfix, netflow\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"event.dataset\":\"ipfix\"}},{\"match_phrase\":{\"event.dataset\":\"netflow\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":\"DHCP\",\"disabled\":false,\"key\":\"query\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"bool\\\":{\\\"minimum_should_match\\\":1,\\\"should\\\":[{\\\"match_phrase\\\":{\\\"source.port\\\":67}},{\\\"match_phrase\\\":{\\\"destination.port\\\":67}}]}}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"source.port\":67}},{\"match_phrase\":{\"destination.port\":67}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"network.transport\",\"negate\":false,\"params\":{\"query\":\"udp\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"match_phrase\":{\"network.transport\":\"udp\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): DHCP Messages by Exporter - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: DHCP Messages by Exporter - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"Msg\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":99,\"otherBucket\":true,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Flow Exporter\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"6cd0b931-79f6-4f59-907d-1d4d81e80c25","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index","type":"index-pattern"}],"sort":[1675811601479,14672],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY4MTgsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): NAV - AS-Path Endpoints","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow (flow): NAV - AS-Path Endpoints\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"time_range_mode\":\"last_value\",\"id\":\"243e6f91-2230-4e05-bcdd-3fb4a0941bab\",\"type\":\"markdown\",\"series\":[{\"time_range_mode\":\"entire_time_range\",\"id\":\"51ea642f-d1a5-4d80-963e-5990c33fc8e0\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*-ecs-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"markdown\":\"[Return to Flows](#/dashboard/81f1a40e-98e5-4d15-bb0f-938a495f2af1) | [Hops](#/dashboard/ae9fd5a6-4145-4604-b96b-d8b34c5300b3) | [Flows](#/dashboard/1d3441a2-28f5-47d5-8301-ece76849777e) | [**Endpoints**](#/dashboard/7a242ad4-af3c-403c-8253-e636edd413a4)\\n***\",\"markdown_css\":\"p{color:#aaaaaa;margin-top:0;margin-bottom:12px} p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none} p a strong{color:#1ba9f5;font-weight:bold} hr{background-color:#aaaaaa;margin:0;height:1px} a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1,\"truncate_legend\":1,\"max_lines_legend\":1}}"},"coreMigrationVersion":"8.2.0","id":"9bd9d74f-4633-4a06-8658-ab46cb228ad5","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,14673],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY4MTksMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): AS-Path Endpoints - Vega (directed graph)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow (flow): AS-Path Endpoints - Vega (directed graph)\",\"type\":\"vega\",\"aggs\":[],\"params\":{\"spec\":\"{\\n  \\\"$schema\\\": \\\"https://vega.github.io/schema/vega/v5.json\\\",\\n  \\\"description\\\": \\\"Copyright (C)2022 ElastiFlow Inc.\\\",\\n  \\\"autosize\\\": \\\"fit\\\",\\n  \\n  \\\"data\\\": [\\n    {\\n      \\\"name\\\": \\\"flows\\\",\\n      \\\"url\\\": {\\n        \\\"%context%\\\": true,\\n        \\\"%timefield%\\\": \\\"@timestamp\\\",\\n        \\\"index\\\": \\\"elastiflow-path-ecs-*\\\",\\n        \\\"body\\\": {\\n          \\\"size\\\": 0,\\n          \\\"aggs\\\": {\\n            \\\"table\\\": {\\n              \\\"composite\\\": {\\n                \\\"size\\\": 384,\\n                \\\"sources\\\": [{\\n                    \\\"client\\\": {\\n                      \\\"terms\\\": {\\n                        \\\"field\\\": \\\"source.domain\\\"\\n                      }\\n                    }\\n                  },\\n                  {\\n                    \\\"server\\\": {\\n                      \\\"terms\\\": {\\n                        \\\"field\\\": \\\"destination.domain\\\"\\n                      }\\n                    }\\n                  }\\n                ]\\n              },\\n              \\\"aggs\\\": {\\n                \\\"flow_bytes\\\": {\\n                  \\\"sum\\\": {\\n                    \\\"field\\\": \\\"network.bytes\\\"\\n                  }\\n                },\\n                \\\"flow_packets\\\": {\\n                  \\\"sum\\\": {\\n                    \\\"field\\\": \\\"network.packets\\\"\\n                  }\\n                }\\n              }\\n            }\\n          }\\n        }\\n      },\\n      \\\"format\\\": {\\n        \\\"property\\\": \\\"aggregations.table.buckets\\\"\\n      },\\n      \\\"transform\\\": [\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.key.client\\\",\\n          \\\"as\\\": \\\"source\\\"\\n        },\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.key.server\\\",\\n          \\\"as\\\": \\\"target\\\"\\n        },\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.flow_bytes.value\\\",\\n          \\\"as\\\": \\\"bytes\\\"\\n        },\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.flow_packets.value\\\",\\n          \\\"as\\\": \\\"packets\\\"\\n        }\\n      ]\\n    },\\n\\n    {\\n      \\\"name\\\": \\\"endpoints\\\",\\n      \\\"source\\\": \\\"flows\\\",\\n      \\\"transform\\\": [\\n        {\\n          \\\"type\\\": \\\"fold\\\",\\n          \\\"fields\\\": [\\\"source\\\", \\\"target\\\"],\\n          \\\"as\\\": [\\\"stack\\\", \\\"key\\\"]\\n        },\\n        {\\n          \\\"type\\\": \\\"aggregate\\\",\\n          \\\"groupby\\\": [\\\"key\\\"],\\n          \\\"fields\\\": [\\\"doc_count\\\", \\\"bytes\\\", \\\"packets\\\"],\\n          \\\"ops\\\": [\\\"sum\\\", \\\"sum\\\", \\\"sum\\\"],\\n          \\\"as\\\": [\\\"doc_count\\\", \\\"bytes\\\", \\\"packets\\\"]\\n        }\\n      ]\\n    },\\n\\n    {\\n      \\\"name\\\": \\\"traffic\\\",\\n      \\\"source\\\": \\\"flows\\\",\\n      \\\"transform\\\": [\\n        {\\n          \\\"type\\\": \\\"aggregate\\\",\\n          \\\"groupby\\\": [\\\"source\\\", \\\"target\\\"],\\n          \\\"fields\\\": [\\\"doc_count\\\", \\\"bytes\\\", \\\"packets\\\"],\\n          \\\"ops\\\": [\\\"sum\\\", \\\"sum\\\", \\\"sum\\\"],\\n          \\\"as\\\": [\\\"doc_count\\\", \\\"bytes\\\", \\\"packets\\\"]\\n        }\\n      ]\\n    }\\n  ],\\n\\n  \\\"scales\\\": [\\n    {\\n      \\\"name\\\": \\\"endpointBytesScale\\\",\\n      \\\"type\\\": \\\"quantile\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"endpoints\\\", \\\"field\\\": \\\"bytes\\\"},\\n      \\\"range\\\": [128,192,256,320,384,448,512,576,640,768,896,1024]\\n    },\\n    {\\n      \\\"name\\\": \\\"fontsizeEndpointBytesScale\\\",\\n      \\\"type\\\": \\\"quantile\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"endpoints\\\", \\\"field\\\": \\\"bytes\\\"},\\n      \\\"range\\\": [0,0,0,0,0,0,0,12]\\n    },\\n    {\\n      \\\"name\\\": \\\"colorEndpointsBytesBlues\\\",\\n      \\\"type\\\": \\\"quantile\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"endpoints\\\", \\\"field\\\": \\\"bytes\\\"},\\n      \\\"range\\\": [\\\"#99ddff\\\", \\\"#80d4ff\\\", \\\"#66ccff\\\", \\\"#33bbff\\\", \\\"#00aaff\\\", \\\"#0099e6\\\"]\\n    },\\n    {\\n      \\\"name\\\": \\\"colorEndpointsBytesLightBlues\\\",\\n      \\\"type\\\": \\\"quantile\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"endpoints\\\", \\\"field\\\": \\\"bytes\\\"},\\n      \\\"range\\\": [\\\"#e6f7ff\\\", \\\"#cceeff\\\", \\\"#b3e6ff\\\", \\\"#99ddff\\\"]\\n    },\\n    {\\n      \\\"name\\\": \\\"trafficBytesScale\\\",\\n      \\\"type\\\": \\\"quantile\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"traffic\\\", \\\"field\\\": \\\"bytes\\\"},\\n      \\\"range\\\": [1,2,3,4,6,8]\\n    },\\n    {\\n      \\\"name\\\": \\\"colorTrafficBytesGreys\\\",\\n      \\\"type\\\": \\\"quantile\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"traffic\\\", \\\"field\\\": \\\"bytes\\\"},\\n      \\\"range\\\": [\\\"#ddd\\\", \\\"#ccc\\\", \\\"#bbb\\\", \\\"#aaa\\\", \\\"#999\\\", \\\"#888\\\"]\\n    }\\n  ],\\n  \\n  \\\"signals\\\": [\\n    {\\n      \\\"name\\\": \\\"cx\\\",\\n      \\\"update\\\": \\\"width / 2\\\"\\n    },\\n    {\\n      \\\"name\\\": \\\"cy\\\",\\n      \\\"update\\\": \\\"height / 2\\\"\\n    },\\n    {\\n      \\\"name\\\": \\\"nodeCharge\\\",\\n      \\\"value\\\": -128,\\n      \\\"bind\\\": {\\\"input\\\": \\\"range\\\", \\\"min\\\": -200, \\\"max\\\": 10, \\\"step\\\": 1}\\n    },\\n    {\\n      \\\"name\\\": \\\"linkDistance\\\",\\n      \\\"value\\\": 24,\\n      \\\"bind\\\": {\\\"input\\\": \\\"range\\\", \\\"min\\\": 8, \\\"max\\\": 64, \\\"step\\\": 1}\\n    },\\n    {\\n      \\\"name\\\": \\\"decay\\\",\\n      \\\"value\\\": 0.7,\\n      \\\"bind\\\": {\\\"input\\\": \\\"range\\\", \\\"min\\\": 0, \\\"max\\\": 1, \\\"step\\\": 0.01}\\n    },\\n    {\\n      \\\"name\\\": \\\"gravityX\\\",\\n      \\\"value\\\": 0.1,\\n      \\\"bind\\\": {\\\"input\\\": \\\"range\\\", \\\"min\\\": 0, \\\"max\\\": 1}\\n    },\\n    {\\n      \\\"name\\\": \\\"gravityY\\\",\\n      \\\"value\\\": 0.2,\\n      \\\"bind\\\": {\\\"input\\\": \\\"range\\\", \\\"min\\\": 0, \\\"max\\\": 1}\\n    },\\n    {\\n      \\\"name\\\": \\\"static\\\",\\n      \\\"value\\\": false,\\n      \\\"bind\\\": {\\\"input\\\": \\\"checkbox\\\"}\\n    },\\n    {\\n      \\\"name\\\": \\\"fix\\\",\\n      \\\"value\\\": false,\\n      \\\"on\\\": [\\n        {\\n          \\\"events\\\": \\\"symbol:mouseout[!event.buttons], window:mouseup\\\",\\n          \\\"update\\\": \\\"false\\\"\\n        },\\n        {\\n          \\\"events\\\": \\\"symbol:mouseover\\\",\\n          \\\"update\\\": \\\"fix || true\\\"\\n        },\\n        {\\n          \\\"events\\\": \\\"[symbol:mousedown, window:mouseup] > window:mousemove!\\\",\\n          \\\"update\\\": \\\"xy()\\\",\\n          \\\"force\\\": true\\n        }\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"node\\\",\\n      \\\"value\\\": null,\\n      \\\"on\\\": [\\n        {\\n          \\\"events\\\": \\\"symbol:mouseover\\\",\\n          \\\"update\\\": \\\"fix === true ? item() : node\\\"\\n        }\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"restart\\\",\\n      \\\"value\\\": false,\\n      \\\"on\\\": [\\n        {\\n          \\\"events\\\": {\\\"signal\\\": \\\"fix\\\"}, \\\"update\\\": \\\"fix && fix.length\\\"\\n        }\\n      ]\\n    }\\n  ],\\n  \\n  \\\"marks\\\": [\\n    {\\n      \\\"name\\\": \\\"nodes\\\",\\n      \\\"type\\\": \\\"symbol\\\",\\n      \\\"zindex\\\": 1,\\n      \\\"from\\\": {\\\"data\\\": \\\"endpoints\\\"},\\n      \\\"on\\\": [\\n        {\\n          \\\"trigger\\\": \\\"fix\\\",\\n          \\\"modify\\\": \\\"node\\\",\\n          \\\"values\\\": \\\"fix === true ? {fx: node.x, fy: node.y} : {fx: fix[0], fy: fix[1]}\\\"\\n        },\\n        {\\\"trigger\\\": \\\"!fix\\\", \\\"modify\\\": \\\"node\\\", \\\"values\\\": \\\"{fx: null, fy: null}\\\"}\\n      ],\\n      \\\"encode\\\": {\\n        \\\"enter\\\": {\\n          \\\"fill\\\": {\\\"scale\\\": \\\"colorEndpointsBytesBlues\\\", \\\"field\\\": \\\"bytes\\\"},\\n          \\\"stroke\\\": {\\\"scale\\\": \\\"colorEndpointsBytesLightBlues\\\", \\\"field\\\": \\\"bytes\\\"},\\n          \\\"xfocus\\\": {\\\"signal\\\": \\\"cx\\\"},\\n          \\\"yfocus\\\": {\\\"signal\\\": \\\"cy\\\"}\\n        },\\n        \\\"update\\\": {\\n          \\\"size\\\": {\\\"scale\\\": \\\"endpointBytesScale\\\", \\\"field\\\": \\\"bytes\\\"},\\n          \\\"cursor\\\": {\\\"value\\\": \\\"pointer\\\"}\\n        },\\n        \\\"hover\\\": {\\n          \\\"tooltip\\\": {\\n            \\\"signal\\\": \\\"datum.key + ' (Bytes: ' + format(datum.bytes, '.2s') + ', Packets: ' + datum.packets + ', Records: ' + datum.doc_count + ')'\\\"\\n          }\\n        }\\n      },\\n      \\\"transform\\\": [\\n        {\\n          \\\"type\\\": \\\"force\\\",\\n          \\\"iterations\\\": 160,\\n          \\\"velocityDecay\\\": {\\n            \\\"signal\\\": \\\"decay\\\"\\n          },\\n          \\\"restart\\\": {\\\"signal\\\": \\\"restart\\\"},\\n          \\\"static\\\": {\\\"signal\\\": \\\"static\\\"},\\n          \\\"signal\\\": \\\"force\\\",\\n          \\\"forces\\\": [\\n            {\\\"force\\\": \\\"center\\\", \\\"x\\\": {\\\"signal\\\": \\\"cx\\\"}, \\\"y\\\": {\\\"signal\\\": \\\"cy\\\"}},\\n            {\\\"force\\\": \\\"x\\\", \\\"x\\\": \\\"xfocus\\\", \\\"strength\\\": {\\\"signal\\\": \\\"gravityX\\\"}},\\n            {\\\"force\\\": \\\"y\\\", \\\"y\\\": \\\"yfocus\\\", \\\"strength\\\": {\\\"signal\\\": \\\"gravityY\\\"}},\\n            {\\\"force\\\": \\\"collide\\\", \\\"radius\\\": {\\\"signal\\\": \\\"linkDistance\\\"}},\\n            {\\\"force\\\": \\\"nbody\\\", \\\"strength\\\": {\\\"signal\\\": \\\"nodeCharge\\\"}},\\n            {\\\"force\\\": \\\"link\\\", \\\"links\\\": \\\"traffic\\\", \\\"id\\\": \\\"datum.key\\\", \\\"distance\\\": {\\\"signal\\\": \\\"linkDistance\\\"}}\\n          ]\\n        }\\n      ]\\n    },\\n    {\\n      \\\"type\\\": \\\"text\\\",\\n      \\\"zindex\\\": 2,\\n      \\\"from\\\": {\\\"data\\\": \\\"nodes\\\"},\\n      \\\"interactive\\\": false,\\n      \\\"encode\\\": {\\n        \\\"enter\\\": {\\n          \\\"fill\\\": {\\\"value\\\": \\\"black\\\"},\\n          \\\"fontSize\\\": {\\\"scale\\\": \\\"fontsizeEndpointBytesScale\\\", \\\"field\\\": \\\"datum.bytes\\\"}\\n        },\\n        \\\"update\\\": {\\n          \\\"y\\\": {\\\"field\\\": \\\"y\\\", \\\"offset\\\": {\\\"signal\\\": \\\"sqrt(datum.size/2) * 1.3\\\"}},\\n          \\\"x\\\": {\\\"field\\\": \\\"x\\\"},\\n          \\\"text\\\": {\\\"field\\\": \\\"datum.key\\\"},\\n          \\\"align\\\": {\\\"value\\\": \\\"center\\\"}\\n        }\\n      }\\n    },\\n    {\\n      \\\"name\\\": \\\"paths\\\",\\n      \\\"type\\\": \\\"path\\\",\\n      \\\"from\\\": {\\\"data\\\": \\\"traffic\\\"},\\n      \\\"interactive\\\": true,\\n      \\\"encode\\\": {\\n        \\\"update\\\": {\\n          \\\"stroke\\\": {\\\"scale\\\": \\\"colorTrafficBytesGreys\\\", \\\"field\\\": \\\"bytes\\\"},\\n          \\\"strokeWidth\\\": {\\\"scale\\\": \\\"trafficBytesScale\\\", \\\"field\\\": \\\"bytes\\\"}\\n        },\\n        \\\"hover\\\": {\\n          \\\"tooltip\\\": {\\n            \\\"signal\\\": \\\"'Bytes: ' + format(datum.bytes, '.2s') + ', Packets: ' + datum.packets + ', Records: ' + datum.doc_count\\\"\\n          }\\n        }\\n      },\\n      \\\"transform\\\": [\\n        {\\n          \\\"type\\\": \\\"linkpath\\\",\\n          \\\"require\\\": {\\\"signal\\\": \\\"force\\\"},\\n          \\\"shape\\\": \\\"curve\\\",\\n          \\\"sourceX\\\": \\\"datum.source.x\\\",\\n          \\\"sourceY\\\": \\\"datum.source.y\\\",\\n          \\\"targetX\\\": \\\"datum.target.x\\\",\\n          \\\"targetY\\\": \\\"datum.target.y\\\"\\n        }\\n      ]\\n    }\\n  ]\\n}\\n\"}}"},"coreMigrationVersion":"8.2.0","id":"06ac51b4-7701-40df-aad8-5ae7e309b643","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,14674],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY4MjAsMl0="}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":false}","panelsJSON":"[{\"version\":\"7.17.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":43,\"h\":4,\"i\":\"44a96cfa-71fd-45c9-bfa1-68980198ed29\"},\"panelIndex\":\"44a96cfa-71fd-45c9-bfa1-68980198ed29\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_44a96cfa-71fd-45c9-bfa1-68980198ed29\"},{\"version\":\"7.17.0\",\"type\":\"visualization\",\"gridData\":{\"x\":43,\"y\":0,\"w\":5,\"h\":4,\"i\":\"fa831312-1122-4a7f-8899-2ad2ddfa1bee\"},\"panelIndex\":\"fa831312-1122-4a7f-8899-2ad2ddfa1bee\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_fa831312-1122-4a7f-8899-2ad2ddfa1bee\"},{\"version\":\"7.17.0\",\"type\":\"visualization\",\"gridData\":{\"x\":10,\"y\":4,\"w\":38,\"h\":37,\"i\":\"a176c810-96c7-4177-9078-6ecb271c064c\"},\"panelIndex\":\"a176c810-96c7-4177-9078-6ecb271c064c\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_a176c810-96c7-4177-9078-6ecb271c064c\"},{\"version\":\"7.17.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":4,\"w\":10,\"h\":37,\"i\":\"0ef85b38-0edf-4764-b82f-869cd0d7b41e\"},\"panelIndex\":\"0ef85b38-0edf-4764-b82f-869cd0d7b41e\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_0ef85b38-0edf-4764-b82f-869cd0d7b41e\"}]","timeRestore":false,"title":"ElastiFlow (flow): AS-Path Graph (endpoints)","version":1},"coreMigrationVersion":"8.2.0","id":"7a242ad4-af3c-403c-8253-e636edd413a4","migrationVersion":{"dashboard":"8.2.0"},"references":[{"id":"9bd9d74f-4633-4a06-8658-ab46cb228ad5","name":"44a96cfa-71fd-45c9-bfa1-68980198ed29:panel_44a96cfa-71fd-45c9-bfa1-68980198ed29","type":"visualization"},{"id":"b3a59822-c752-45ed-b321-fe35aa1edda7","name":"fa831312-1122-4a7f-8899-2ad2ddfa1bee:panel_fa831312-1122-4a7f-8899-2ad2ddfa1bee","type":"visualization"},{"id":"06ac51b4-7701-40df-aad8-5ae7e309b643","name":"a176c810-96c7-4177-9078-6ecb271c064c:panel_a176c810-96c7-4177-9078-6ecb271c064c","type":"visualization"},{"id":"d2fd7ceb-e5a7-4a9b-aeac-38d17227dabe","name":"0ef85b38-0edf-4764-b82f-869cd0d7b41e:panel_0ef85b38-0edf-4764-b82f-869cd0d7b41e","type":"visualization"}],"sort":[1675811601479,14679],"type":"dashboard","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY4MjEsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): NAV - Traffic Details","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Traffic Details\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"time_range_mode\":\"last_value\",\"id\":\"243e6f91-2230-4e05-bcdd-3fb4a0941bab\",\"type\":\"markdown\",\"series\":[{\"time_range_mode\":\"entire_time_range\",\"id\":\"51ea642f-d1a5-4d80-963e-5990c33fc8e0\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*-ecs-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"markdown\":\"[Overview](#/dashboard/bbed16d8-b093-43a7-906a-c540bd306de6) | [Top-N](#/dashboard/6ffd0f89-824f-480e-bac3-6208b569a7c5) | [Core Services](#/dashboard/7bba2030-1878-4d50-a9c4-21372a9a3c73) | [Threats](#/dashboard/b9f81d8f-5f4a-4396-9372-de586cd9e67c) | [Flows](#/dashboard/d65172bd-25ad-445d-a6d7-c8c088993cdb) | [Graph](#/dashboard/428e8b89-92d5-4e7b-a83a-8379083a0874) | [Geo IP](#/dashboard/4d2f9e68-5019-4811-a3b6-081fd79db1e1) | [AS Traffic](#/dashboard/81f1a40e-98e5-4d15-bb0f-938a495f2af1) | [Exporters](#/dashboard/14d5dd97-4807-4267-9399-b5ced2d9abbe) | [**Traffic Details**](#/dashboard/fc15dfee-2dc4-4370-8cac-e6f9c73bcdf2) | [Flow Records](#/dashboard/31e00644-3a1e-4e11-9256-5f35aadd077c)\\n***\",\"markdown_css\":\"p{color:#aaaaaa;margin-top:0;margin-bottom:12px} p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none} p a strong{color:#1ba9f5;font-weight:bold} hr{background-color:#aaaaaa;margin:0;height:1px} a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1,\"truncate_legend\":1,\"max_lines_legend\":1}}"},"coreMigrationVersion":"8.2.0","id":"4082b96d-f3df-4a2f-b18d-e350bd2632a7","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,14680],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY4MjIsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Server Count - TSVB (metric)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Server Count - TSVB (metric)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"243e6f91-2230-4e05-bcdd-3fb4a0941bab\",\"type\":\"metric\",\"series\":[{\"id\":\"51ea642f-d1a5-4d80-963e-5990c33fc8e0\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\",\"type\":\"cardinality\",\"field\":\"server.domain\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Servers\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-ecs-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"background_color_rules\":[{\"id\":\"a075e039-575f-4c8b-b940-2e884eba28aa\"}],\"time_range_mode\":\"entire_time_range\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"4b39512e-34a2-4369-8e14-a7eb7b4b4ccf","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,14681],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY4MjMsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Throughput/Client (bits/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/Client (bits/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"243e6f91-2230-4e05-bcdd-3fb4a0941bab\",\"type\":\"timeseries\",\"series\":[{\"id\":\"51ea642f-d1a5-4d80-963e-5990c33fc8e0\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\",\"type\":\"sum\",\"field\":\"network.bytes\"},{\"id\":\"6a8fef1c-81ba-4dc7-9707-418a50286686\",\"type\":\"calculation\",\"variables\":[{\"id\":\"99002288-db72-4bdf-a45f-ab3f6fd9def5\",\"name\":\"bytes\",\"field\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\"},{\"id\":\"421e0fdf-4321-44f1-bb3e-439c1e13ed98\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"be634496-f50c-476b-b941-f643e4e5e302\",\"type\":\"sum\",\"field\":\"network.bytes\"},{\"id\":\"ad71e075-6b32-48d3-9166-56de5602e828\",\"type\":\"calculation\",\"variables\":[{\"id\":\"6444c352-97d0-411f-a9cb-84d693544965\",\"name\":\"bytes\",\"field\":\"be634496-f50c-476b-b941-f643e4e5e302\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Autonomous Systems\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\",\"terms_field\":\"client.domain\",\"terms_size\":\"25\",\"terms_order_by\":\"be634496-f50c-476b-b941-f643e4e5e302\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-ecs-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"filter\":{\"query\":\"client.domain : * \",\"language\":\"kuery\"},\"axis_min\":\"0\",\"use_kibana_indexes\":false,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"258c911d-4e6e-4e43-ae0b-944b846cfbfa","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,14682],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY4MjQsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Throughput/Server (bits/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/Server (bits/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"243e6f91-2230-4e05-bcdd-3fb4a0941bab\",\"type\":\"timeseries\",\"series\":[{\"id\":\"51ea642f-d1a5-4d80-963e-5990c33fc8e0\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\",\"type\":\"sum\",\"field\":\"network.bytes\"},{\"id\":\"6a8fef1c-81ba-4dc7-9707-418a50286686\",\"type\":\"calculation\",\"variables\":[{\"id\":\"99002288-db72-4bdf-a45f-ab3f6fd9def5\",\"name\":\"bytes\",\"field\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\"},{\"id\":\"421e0fdf-4321-44f1-bb3e-439c1e13ed98\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"be634496-f50c-476b-b941-f643e4e5e302\",\"type\":\"sum\",\"field\":\"network.bytes\"},{\"id\":\"ad71e075-6b32-48d3-9166-56de5602e828\",\"type\":\"calculation\",\"variables\":[{\"id\":\"6444c352-97d0-411f-a9cb-84d693544965\",\"name\":\"bytes\",\"field\":\"be634496-f50c-476b-b941-f643e4e5e302\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Autonomous Systems\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\",\"terms_field\":\"server.domain\",\"terms_size\":\"25\",\"terms_order_by\":\"be634496-f50c-476b-b941-f643e4e5e302\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-ecs-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"filter\":{\"query\":\"server.domain : * \",\"language\":\"kuery\"},\"axis_min\":\"0\",\"use_kibana_indexes\":false,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"e8a95769-2013-487a-96a2-298bbc9853a6","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,14683],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY4MjUsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Throughput/Client (pkts/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/Client (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"243e6f91-2230-4e05-bcdd-3fb4a0941bab\",\"type\":\"timeseries\",\"series\":[{\"id\":\"51ea642f-d1a5-4d80-963e-5990c33fc8e0\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\",\"type\":\"sum\",\"field\":\"network.packets\"},{\"id\":\"99b8e722-d570-4876-b12c-435d3f9be77b\",\"type\":\"math\",\"variables\":[{\"id\":\"a87d1542-1aaf-4499-94e0-c8e21c84448d\",\"name\":\"packets\",\"field\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\"},{\"id\":\"421e0fdf-4321-44f1-bb3e-439c1e13ed98\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"be634496-f50c-476b-b941-f643e4e5e302\",\"type\":\"sum\",\"field\":\"network.packets\"},{\"id\":\"4a125679-322a-4a39-b576-88e121172694\",\"type\":\"math\",\"variables\":[{\"id\":\"c40472b7-b7ca-445a-bf75-9ece94c49d53\",\"name\":\"packets\",\"field\":\"be634496-f50c-476b-b941-f643e4e5e302\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Clients\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\",\"terms_field\":\"client.domain\",\"terms_size\":\"25\",\"terms_order_by\":\"be634496-f50c-476b-b941-f643e4e5e302\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-ecs-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"filter\":{\"query\":\"client.domain: * \",\"language\":\"kuery\"},\"axis_min\":\"0\",\"use_kibana_indexes\":false,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"83ab2501-9315-49b2-b03d-8eb3986bb3a8","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,14684],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY4MjYsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Services (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow (flow): Services (flow records) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Records\",\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.server.l4.port.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"nestedLegend\":false,\"truncateLegend\":true,\"maxLegendLines\":1,\"emptySizeRatio\":0.3,\"legendSize\":180}}"},"coreMigrationVersion":"8.2.0","id":"c2199ba3-ca0c-40fd-974b-49b4f0469417","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1675812822649,17291],"type":"visualization","updated_at":"2023-02-07T23:33:42.649Z","version":"Wzg5NTEsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Applications (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow (flow): Applications (flow records) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Records\",\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.application\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Application\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"nestedLegend\":false,\"truncateLegend\":true,\"maxLegendLines\":1,\"emptySizeRatio\":0.3,\"legendSize\":180}}"},"coreMigrationVersion":"8.2.0","id":"63511222-6e9c-484c-9a66-43be1c82236e","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1675812834807,17343],"type":"visualization","updated_at":"2023-02-07T23:33:54.807Z","version":"Wzg5OTIsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Throughput/Service (bits/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/Service (bits/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"243e6f91-2230-4e05-bcdd-3fb4a0941bab\",\"type\":\"timeseries\",\"series\":[{\"id\":\"51ea642f-d1a5-4d80-963e-5990c33fc8e0\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\",\"type\":\"sum\",\"field\":\"network.bytes\"},{\"id\":\"6a8fef1c-81ba-4dc7-9707-418a50286686\",\"type\":\"calculation\",\"variables\":[{\"id\":\"99002288-db72-4bdf-a45f-ab3f6fd9def5\",\"name\":\"bytes\",\"field\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\"},{\"id\":\"421e0fdf-4321-44f1-bb3e-439c1e13ed98\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"be634496-f50c-476b-b941-f643e4e5e302\",\"type\":\"sum\",\"field\":\"network.bytes\"},{\"id\":\"ad71e075-6b32-48d3-9166-56de5602e828\",\"type\":\"calculation\",\"variables\":[{\"id\":\"6444c352-97d0-411f-a9cb-84d693544965\",\"name\":\"bytes\",\"field\":\"be634496-f50c-476b-b941-f643e4e5e302\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Autonomous Systems\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\",\"terms_field\":\"flow.server.l4.port.name\",\"terms_size\":\"25\",\"terms_order_by\":\"be634496-f50c-476b-b941-f643e4e5e302\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-ecs-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"filter\":{\"query\":\"flow.server.l4.port.name : * \",\"language\":\"kuery\"},\"axis_min\":\"0\",\"use_kibana_indexes\":false,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"4b6acaf5-1d97-4880-b425-b8bb69e9fa10","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,14689],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY4MjksMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Throughput/Application (bits/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/Application (bits/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"243e6f91-2230-4e05-bcdd-3fb4a0941bab\",\"type\":\"timeseries\",\"series\":[{\"id\":\"51ea642f-d1a5-4d80-963e-5990c33fc8e0\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\",\"type\":\"sum\",\"field\":\"network.bytes\"},{\"id\":\"6a8fef1c-81ba-4dc7-9707-418a50286686\",\"type\":\"calculation\",\"variables\":[{\"id\":\"99002288-db72-4bdf-a45f-ab3f6fd9def5\",\"name\":\"bytes\",\"field\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\"},{\"id\":\"421e0fdf-4321-44f1-bb3e-439c1e13ed98\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"be634496-f50c-476b-b941-f643e4e5e302\",\"type\":\"sum\",\"field\":\"network.bytes\"},{\"id\":\"ad71e075-6b32-48d3-9166-56de5602e828\",\"type\":\"calculation\",\"variables\":[{\"id\":\"6444c352-97d0-411f-a9cb-84d693544965\",\"name\":\"bytes\",\"field\":\"be634496-f50c-476b-b941-f643e4e5e302\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Autonomous Systems\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\",\"terms_field\":\"network.application\",\"terms_size\":\"25\",\"terms_order_by\":\"be634496-f50c-476b-b941-f643e4e5e302\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-ecs-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"filter\":{\"query\":\"network.application : * \",\"language\":\"kuery\"},\"axis_min\":\"0\",\"use_kibana_indexes\":false,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"5337d5ff-6f40-404e-95c8-915cef51222d","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,14690],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY4MzAsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Throughput/Service (pkts/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/Service (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"243e6f91-2230-4e05-bcdd-3fb4a0941bab\",\"type\":\"timeseries\",\"series\":[{\"id\":\"51ea642f-d1a5-4d80-963e-5990c33fc8e0\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\",\"type\":\"sum\",\"field\":\"network.packets\"},{\"id\":\"ca7226bf-2db5-4302-a9ff-b2f685e08b21\",\"type\":\"math\",\"variables\":[{\"id\":\"c1f58255-a91f-42ee-b261-52bb500a7084\",\"name\":\"packets\",\"field\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\"},{\"id\":\"421e0fdf-4321-44f1-bb3e-439c1e13ed98\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"be634496-f50c-476b-b941-f643e4e5e302\",\"type\":\"sum\",\"field\":\"network.packets\"},{\"id\":\"ebf28f79-cd02-4e1e-954b-bd595e520e7a\",\"type\":\"math\",\"variables\":[{\"id\":\"ef8294fa-715a-4c8c-a19c-f2c93143cbf4\",\"name\":\"packets\",\"field\":\"be634496-f50c-476b-b941-f643e4e5e302\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Services\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\",\"terms_field\":\"flow.server.l4.port.name\",\"terms_size\":\"25\",\"terms_order_by\":\"be634496-f50c-476b-b941-f643e4e5e302\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-ecs-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"filter\":{\"query\":\"flow.server.l4.port.name: * \",\"language\":\"kuery\"},\"axis_min\":\"0\",\"use_kibana_indexes\":false,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"8c039ef6-075c-454c-9374-ec96a2b21eef","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,14691],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY4MzEsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Throughput/Application (pkts/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/Application (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"243e6f91-2230-4e05-bcdd-3fb4a0941bab\",\"type\":\"timeseries\",\"series\":[{\"id\":\"51ea642f-d1a5-4d80-963e-5990c33fc8e0\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\",\"type\":\"sum\",\"field\":\"network.packets\"},{\"id\":\"200fa0bb-8ccd-450c-bd49-83d287ac2e07\",\"type\":\"math\",\"variables\":[{\"id\":\"5debac04-1d06-4e1d-b2f9-809a8aec3931\",\"name\":\"packets\",\"field\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\"},{\"id\":\"421e0fdf-4321-44f1-bb3e-439c1e13ed98\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"be634496-f50c-476b-b941-f643e4e5e302\",\"type\":\"sum\",\"field\":\"network.packets\"},{\"id\":\"47bb1c0f-7b50-4024-a988-d6ea730a2376\",\"type\":\"math\",\"variables\":[{\"id\":\"65996de7-a7a6-4365-a3ac-b8b88fe2827d\",\"name\":\"packets\",\"field\":\"be634496-f50c-476b-b941-f643e4e5e302\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Applications\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\",\"terms_field\":\"network.application\",\"terms_size\":\"25\",\"terms_order_by\":\"be634496-f50c-476b-b941-f643e4e5e302\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-ecs-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"filter\":{\"query\":\"network.application: * \",\"language\":\"kuery\"},\"axis_min\":\"0\",\"use_kibana_indexes\":false,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"0a352bf2-8fc3-4b0d-acc0-d87ee7b4f15d","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,14692],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY4MzIsMl0="}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":false}","panelsJSON":"[{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":28,\"h\":4,\"i\":\"61502b38-2e02-479c-bb33-a24d68ac2f8a\"},\"panelIndex\":\"61502b38-2e02-479c-bb33-a24d68ac2f8a\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_61502b38-2e02-479c-bb33-a24d68ac2f8a\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":28,\"y\":0,\"w\":15,\"h\":4,\"i\":\"3ad86b82-f219-49b3-bab6-7b37bbc3bd25\"},\"panelIndex\":\"3ad86b82-f219-49b3-bab6-7b37bbc3bd25\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_3ad86b82-f219-49b3-bab6-7b37bbc3bd25\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":43,\"y\":0,\"w\":5,\"h\":4,\"i\":\"8a8df662-46ac-46a9-ad1c-cfcb2281469f\"},\"panelIndex\":\"8a8df662-46ac-46a9-ad1c-cfcb2281469f\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_8a8df662-46ac-46a9-ad1c-cfcb2281469f\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":4,\"w\":48,\"h\":5,\"i\":\"3ee4ea24-13c6-4c40-96a5-6953b7db9b8f\"},\"panelIndex\":\"3ee4ea24-13c6-4c40-96a5-6953b7db9b8f\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_3ee4ea24-13c6-4c40-96a5-6953b7db9b8f\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":9,\"w\":12,\"h\":11,\"i\":\"473711a0-8ffa-442e-898a-7ad2113c1095\"},\"panelIndex\":\"473711a0-8ffa-442e-898a-7ad2113c1095\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Clients (flow records)\",\"panelRefName\":\"panel_473711a0-8ffa-442e-898a-7ad2113c1095\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":12,\"y\":9,\"w\":12,\"h\":2,\"i\":\"14679dbc-7b86-4754-acdd-5fb776ac5468\"},\"panelIndex\":\"14679dbc-7b86-4754-acdd-5fb776ac5468\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_14679dbc-7b86-4754-acdd-5fb776ac5468\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":9,\"w\":12,\"h\":11,\"i\":\"19d9fdeb-6e7c-46d4-a2c0-bf8d5da2b0db\"},\"panelIndex\":\"19d9fdeb-6e7c-46d4-a2c0-bf8d5da2b0db\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Servers (flow records)\",\"panelRefName\":\"panel_19d9fdeb-6e7c-46d4-a2c0-bf8d5da2b0db\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":36,\"y\":9,\"w\":12,\"h\":2,\"i\":\"6b1d6348-c927-47ef-8760-b954967d6f97\"},\"panelIndex\":\"6b1d6348-c927-47ef-8760-b954967d6f97\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_6b1d6348-c927-47ef-8760-b954967d6f97\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":12,\"y\":11,\"w\":12,\"h\":7,\"i\":\"11c4b0f1-5f4a-4854-9f9b-60afbc39019b\"},\"panelIndex\":\"11c4b0f1-5f4a-4854-9f9b-60afbc39019b\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_11c4b0f1-5f4a-4854-9f9b-60afbc39019b\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":36,\"y\":11,\"w\":12,\"h\":7,\"i\":\"c70b08d0-81e8-42dc-ba2a-653fd59004c8\"},\"panelIndex\":\"c70b08d0-81e8-42dc-ba2a-653fd59004c8\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_c70b08d0-81e8-42dc-ba2a-653fd59004c8\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":12,\"y\":18,\"w\":12,\"h\":2,\"i\":\"012e6e1a-e457-4fe9-bbbd-efa487e1dd1b\"},\"panelIndex\":\"012e6e1a-e457-4fe9-bbbd-efa487e1dd1b\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_012e6e1a-e457-4fe9-bbbd-efa487e1dd1b\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":36,\"y\":18,\"w\":12,\"h\":2,\"i\":\"4d3b7b14-eaf8-49c8-a552-3d2db5d695d9\"},\"panelIndex\":\"4d3b7b14-eaf8-49c8-a552-3d2db5d695d9\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_4d3b7b14-eaf8-49c8-a552-3d2db5d695d9\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":20,\"w\":24,\"h\":13,\"i\":\"7b910603-647f-4e61-9a23-9a96dcb62a76\"},\"panelIndex\":\"7b910603-647f-4e61-9a23-9a96dcb62a76\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Clients (bits/s)\",\"panelRefName\":\"panel_7b910603-647f-4e61-9a23-9a96dcb62a76\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":20,\"w\":24,\"h\":13,\"i\":\"2bae47f2-82fe-4102-9460-f502a6a5f95b\"},\"panelIndex\":\"2bae47f2-82fe-4102-9460-f502a6a5f95b\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Servers (bits/s)\",\"panelRefName\":\"panel_2bae47f2-82fe-4102-9460-f502a6a5f95b\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":33,\"w\":24,\"h\":14,\"i\":\"25f8b086-2c4b-4429-97e8-9c6d5db24698\"},\"panelIndex\":\"25f8b086-2c4b-4429-97e8-9c6d5db24698\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Clients (pkts/s)\",\"panelRefName\":\"panel_25f8b086-2c4b-4429-97e8-9c6d5db24698\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":33,\"w\":24,\"h\":14,\"i\":\"e9fb8601-54d7-418e-a20b-1bd4008b70ca\"},\"panelIndex\":\"e9fb8601-54d7-418e-a20b-1bd4008b70ca\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Servers (pkts/s)\",\"panelRefName\":\"panel_e9fb8601-54d7-418e-a20b-1bd4008b70ca\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":47,\"w\":12,\"h\":11,\"i\":\"01e78085-0f71-4ba8-8bb2-df77cd08b899\"},\"panelIndex\":\"01e78085-0f71-4ba8-8bb2-df77cd08b899\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Services (flow records)\",\"panelRefName\":\"panel_01e78085-0f71-4ba8-8bb2-df77cd08b899\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":12,\"y\":47,\"w\":12,\"h\":2,\"i\":\"147fc805-3a0f-46d4-9a1f-60448ab27aa7\"},\"panelIndex\":\"147fc805-3a0f-46d4-9a1f-60448ab27aa7\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_147fc805-3a0f-46d4-9a1f-60448ab27aa7\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":47,\"w\":12,\"h\":11,\"i\":\"2bac6900-71db-45c9-abe7-007347b98960\"},\"panelIndex\":\"2bac6900-71db-45c9-abe7-007347b98960\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Applications (flow records)\",\"panelRefName\":\"panel_2bac6900-71db-45c9-abe7-007347b98960\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":36,\"y\":47,\"w\":12,\"h\":2,\"i\":\"19f6ba02-684e-4878-85fc-a4bcfa4f2fbc\"},\"panelIndex\":\"19f6ba02-684e-4878-85fc-a4bcfa4f2fbc\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_19f6ba02-684e-4878-85fc-a4bcfa4f2fbc\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":12,\"y\":49,\"w\":12,\"h\":7,\"i\":\"73629442-40b8-480a-ac68-e5abd3c5acb8\"},\"panelIndex\":\"73629442-40b8-480a-ac68-e5abd3c5acb8\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_73629442-40b8-480a-ac68-e5abd3c5acb8\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":36,\"y\":49,\"w\":12,\"h\":7,\"i\":\"913a3359-fd86-4954-9b92-fdada0bffc8d\"},\"panelIndex\":\"913a3359-fd86-4954-9b92-fdada0bffc8d\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_913a3359-fd86-4954-9b92-fdada0bffc8d\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":12,\"y\":56,\"w\":12,\"h\":2,\"i\":\"dbd8c58d-8efb-4abc-b4fd-9ac1c53b68c0\"},\"panelIndex\":\"dbd8c58d-8efb-4abc-b4fd-9ac1c53b68c0\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_dbd8c58d-8efb-4abc-b4fd-9ac1c53b68c0\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":36,\"y\":56,\"w\":12,\"h\":2,\"i\":\"0ac67184-1538-4f44-96ea-8ad0475c1270\"},\"panelIndex\":\"0ac67184-1538-4f44-96ea-8ad0475c1270\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_0ac67184-1538-4f44-96ea-8ad0475c1270\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":58,\"w\":24,\"h\":14,\"i\":\"177e54ae-7f61-452c-ae42-64f629296d78\"},\"panelIndex\":\"177e54ae-7f61-452c-ae42-64f629296d78\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Services (bits/s)\",\"panelRefName\":\"panel_177e54ae-7f61-452c-ae42-64f629296d78\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":58,\"w\":24,\"h\":14,\"i\":\"24df66d5-7ba6-49c8-aba5-e6d62a1dc4ba\"},\"panelIndex\":\"24df66d5-7ba6-49c8-aba5-e6d62a1dc4ba\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Applications (bits/s)\",\"panelRefName\":\"panel_24df66d5-7ba6-49c8-aba5-e6d62a1dc4ba\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":72,\"w\":24,\"h\":14,\"i\":\"55cb8951-1eed-4764-8fad-ec04854aa51f\"},\"panelIndex\":\"55cb8951-1eed-4764-8fad-ec04854aa51f\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Services (pkts/s)\",\"panelRefName\":\"panel_55cb8951-1eed-4764-8fad-ec04854aa51f\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":72,\"w\":24,\"h\":14,\"i\":\"4faedb4f-5164-4356-855e-3599e99e9b2b\"},\"panelIndex\":\"4faedb4f-5164-4356-855e-3599e99e9b2b\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Applications (pkts/s)\",\"panelRefName\":\"panel_4faedb4f-5164-4356-855e-3599e99e9b2b\"}]","timeRestore":false,"title":"ElastiFlow (flow): Traffic Details (types)","version":1},"coreMigrationVersion":"8.2.0","id":"6e0aaa1b-5b37-44e7-8034-7a5cbd14023b","migrationVersion":{"dashboard":"8.2.0"},"references":[{"id":"4082b96d-f3df-4a2f-b18d-e350bd2632a7","name":"61502b38-2e02-479c-bb33-a24d68ac2f8a:panel_61502b38-2e02-479c-bb33-a24d68ac2f8a","type":"visualization"},{"id":"05a3bf66-0b09-49d5-82b3-9f49992dfb4b","name":"3ad86b82-f219-49b3-bab6-7b37bbc3bd25:panel_3ad86b82-f219-49b3-bab6-7b37bbc3bd25","type":"visualization"},{"id":"b3a59822-c752-45ed-b321-fe35aa1edda7","name":"8a8df662-46ac-46a9-ad1c-cfcb2281469f:panel_8a8df662-46ac-46a9-ad1c-cfcb2281469f","type":"visualization"},{"id":"ce234572-e80c-4059-becc-80e278d75fc4","name":"3ee4ea24-13c6-4c40-96a5-6953b7db9b8f:panel_3ee4ea24-13c6-4c40-96a5-6953b7db9b8f","type":"visualization"},{"id":"b39062a4-35b6-426f-b026-927bed96b0a2","name":"473711a0-8ffa-442e-898a-7ad2113c1095:panel_473711a0-8ffa-442e-898a-7ad2113c1095","type":"visualization"},{"id":"2a974000-47a6-404e-ac3c-37667c202cbd","name":"14679dbc-7b86-4754-acdd-5fb776ac5468:panel_14679dbc-7b86-4754-acdd-5fb776ac5468","type":"visualization"},{"id":"d14228d1-9ca9-4ee0-8a4b-86546252ca7d","name":"19d9fdeb-6e7c-46d4-a2c0-bf8d5da2b0db:panel_19d9fdeb-6e7c-46d4-a2c0-bf8d5da2b0db","type":"visualization"},{"id":"2a974000-47a6-404e-ac3c-37667c202cbd","name":"6b1d6348-c927-47ef-8760-b954967d6f97:panel_6b1d6348-c927-47ef-8760-b954967d6f97","type":"visualization"},{"id":"9648f7de-710b-4293-b71c-bba434472ab6","name":"11c4b0f1-5f4a-4854-9f9b-60afbc39019b:panel_11c4b0f1-5f4a-4854-9f9b-60afbc39019b","type":"visualization"},{"id":"4b39512e-34a2-4369-8e14-a7eb7b4b4ccf","name":"c70b08d0-81e8-42dc-ba2a-653fd59004c8:panel_c70b08d0-81e8-42dc-ba2a-653fd59004c8","type":"visualization"},{"id":"2a974000-47a6-404e-ac3c-37667c202cbd","name":"012e6e1a-e457-4fe9-bbbd-efa487e1dd1b:panel_012e6e1a-e457-4fe9-bbbd-efa487e1dd1b","type":"visualization"},{"id":"2a974000-47a6-404e-ac3c-37667c202cbd","name":"4d3b7b14-eaf8-49c8-a552-3d2db5d695d9:panel_4d3b7b14-eaf8-49c8-a552-3d2db5d695d9","type":"visualization"},{"id":"258c911d-4e6e-4e43-ae0b-944b846cfbfa","name":"7b910603-647f-4e61-9a23-9a96dcb62a76:panel_7b910603-647f-4e61-9a23-9a96dcb62a76","type":"visualization"},{"id":"e8a95769-2013-487a-96a2-298bbc9853a6","name":"2bae47f2-82fe-4102-9460-f502a6a5f95b:panel_2bae47f2-82fe-4102-9460-f502a6a5f95b","type":"visualization"},{"id":"83ab2501-9315-49b2-b03d-8eb3986bb3a8","name":"25f8b086-2c4b-4429-97e8-9c6d5db24698:panel_25f8b086-2c4b-4429-97e8-9c6d5db24698","type":"visualization"},{"id":"5822316f-243c-4dac-8562-9277d553352d","name":"e9fb8601-54d7-418e-a20b-1bd4008b70ca:panel_e9fb8601-54d7-418e-a20b-1bd4008b70ca","type":"visualization"},{"id":"c2199ba3-ca0c-40fd-974b-49b4f0469417","name":"01e78085-0f71-4ba8-8bb2-df77cd08b899:panel_01e78085-0f71-4ba8-8bb2-df77cd08b899","type":"visualization"},{"id":"2a974000-47a6-404e-ac3c-37667c202cbd","name":"147fc805-3a0f-46d4-9a1f-60448ab27aa7:panel_147fc805-3a0f-46d4-9a1f-60448ab27aa7","type":"visualization"},{"id":"63511222-6e9c-484c-9a66-43be1c82236e","name":"2bac6900-71db-45c9-abe7-007347b98960:panel_2bac6900-71db-45c9-abe7-007347b98960","type":"visualization"},{"id":"2a974000-47a6-404e-ac3c-37667c202cbd","name":"19f6ba02-684e-4878-85fc-a4bcfa4f2fbc:panel_19f6ba02-684e-4878-85fc-a4bcfa4f2fbc","type":"visualization"},{"id":"1d4d0453-c9b5-486a-9732-be533d0462ed","name":"73629442-40b8-480a-ac68-e5abd3c5acb8:panel_73629442-40b8-480a-ac68-e5abd3c5acb8","type":"visualization"},{"id":"16bde5ae-70e6-4a32-9838-0c127c6e0fb3","name":"913a3359-fd86-4954-9b92-fdada0bffc8d:panel_913a3359-fd86-4954-9b92-fdada0bffc8d","type":"visualization"},{"id":"2a974000-47a6-404e-ac3c-37667c202cbd","name":"dbd8c58d-8efb-4abc-b4fd-9ac1c53b68c0:panel_dbd8c58d-8efb-4abc-b4fd-9ac1c53b68c0","type":"visualization"},{"id":"2a974000-47a6-404e-ac3c-37667c202cbd","name":"0ac67184-1538-4f44-96ea-8ad0475c1270:panel_0ac67184-1538-4f44-96ea-8ad0475c1270","type":"visualization"},{"id":"4b6acaf5-1d97-4880-b425-b8bb69e9fa10","name":"177e54ae-7f61-452c-ae42-64f629296d78:panel_177e54ae-7f61-452c-ae42-64f629296d78","type":"visualization"},{"id":"5337d5ff-6f40-404e-95c8-915cef51222d","name":"24df66d5-7ba6-49c8-aba5-e6d62a1dc4ba:panel_24df66d5-7ba6-49c8-aba5-e6d62a1dc4ba","type":"visualization"},{"id":"8c039ef6-075c-454c-9374-ec96a2b21eef","name":"55cb8951-1eed-4764-8fad-ec04854aa51f:panel_55cb8951-1eed-4764-8fad-ec04854aa51f","type":"visualization"},{"id":"0a352bf2-8fc3-4b0d-acc0-d87ee7b4f15d","name":"4faedb4f-5164-4356-855e-3599e99e9b2b:panel_4faedb4f-5164-4356-855e-3599e99e9b2b","type":"visualization"}],"sort":[1675811601479,14721],"type":"dashboard","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY4MzMsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"event.dataset\",\"negate\":false,\"params\":[\"ipfix\",\"netflow\"],\"type\":\"phrases\",\"value\":\"ipfix, netflow\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"event.dataset\":\"ipfix\"}},{\"match_phrase\":{\"event.dataset\":\"netflow\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"network.transport\",\"negate\":false,\"params\":{\"query\":\"udp\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"match_phrase\":{\"network.transport\":\"udp\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"source.port\",\"negate\":false,\"params\":{\"query\":\"123\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"match_phrase\":{\"source.port\":\"123\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"destination.port\",\"negate\":false,\"params\":{\"query\":\"123\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[3].meta.index\"},\"query\":{\"match_phrase\":{\"destination.port\":\"123\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): NTP Symmetric Messages by src/dst - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: NTP Symmetric Messages by src/dst - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"Sym\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":99,\"otherBucket\":true,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":99,\"otherBucket\":true,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"c95fd75a-47db-4254-bdcc-b5a7b11466ca","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[3].meta.index","type":"index-pattern"}],"sort":[1675811601479,14727],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY4MzQsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Clients (packets) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Clients (packets) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"Packets\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"client.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\"}}"},"coreMigrationVersion":"8.2.0","id":"f9e62f41-d339-4750-b549-611f07d3b4e2","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1675811601479,14729],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY4MzUsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Destinations and Sources (bytes) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Destinations and Sources (bytes) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Bytes\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"},\"schema\":\"segment\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\"}}"},"coreMigrationVersion":"8.2.0","id":"19c5219e-4d10-4024-8044-1def9b37ca7d","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1675811601479,14731],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY4MzYsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Observed Traffic (pkts/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Observed Traffic (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"243e6f91-2230-4e05-bcdd-3fb4a0941bab\",\"type\":\"timeseries\",\"series\":[{\"id\":\"51ea642f-d1a5-4d80-963e-5990c33fc8e0\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\",\"type\":\"sum\",\"field\":\"network.packets\"},{\"id\":\"9854c07d-5496-4c80-99bf-925ac83847f7\",\"type\":\"math\",\"variables\":[{\"id\":\"09db70bd-4409-4c3f-9dd1-37d7c53dfd2a\",\"name\":\"packets\",\"field\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\"},{\"id\":\"421e0fdf-4321-44f1-bb3e-439c1e13ed98\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"be634496-f50c-476b-b941-f643e4e5e302\",\"type\":\"sum\",\"field\":\"network.packets\"},{\"id\":\"e0f1fa38-720f-45bd-82c7-7ed1ea30a0fc\",\"type\":\"math\",\"variables\":[{\"id\":\"c67a3222-0407-4628-88e5-d89dab28ec11\",\"name\":\"packets\",\"field\":\"be634496-f50c-476b-b941-f643e4e5e302\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Exporters\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\",\"terms_field\":\"host.name\",\"terms_size\":\"25\",\"terms_order_by\":\"be634496-f50c-476b-b941-f643e4e5e302\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-ecs-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"filter\":{\"query\":\"host.name: * \",\"language\":\"kuery\"},\"axis_min\":\"0\",\"use_kibana_indexes\":false,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"75b93145-3439-4b2b-9686-c5b68631ff88","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,14732],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY4MzcsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"terms\":{\"network.transport\":[\"icmp\",\"ipv6-icmp\"]}}],\"must_not\":[{\"term\":{\"source.as.organization.name\":\"PRIVATE\"}}]},\"meta\":{\"alias\":\"ICMP Public\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"terms\\\":{\\\"network.transport\\\":[\\\"icmp\\\",\\\"ipv6-icmp\\\"]}}],\\\"must_not\\\":[{\\\"term\\\":{\\\"source.as.organization.name\\\":\\\"PRIVATE\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): ICMP Sources (Public) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: ICMP Sources (Public) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"source.ip\",\"customLabel\":\"Sources\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":14,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"d9b0e614-a901-4ec7-aa27-a43191c84db5","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1675811601479,14735],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY4MzgsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Accessed Ports from Private IP - metric","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Accessed Ports from Private IP - metric\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"value\":0,\"id\":\"3374bc0c-cb5c-4fce-943a-f37049156236\",\"background_color\":\"rgba(204,204,204,1)\",\"operator\":\"gte\"},{\"value\":50,\"id\":\"c17422fd-f5ec-4ec6-b841-adaaa6a32d63\",\"background_color\":\"rgba(68,170,255,1)\",\"operator\":\"gte\"},{\"value\":500,\"id\":\"f581ce81-0463-4201-b122-a3d34fc5bee2\",\"background_color\":\"rgba(255,136,0,1)\",\"operator\":\"gte\"},{\"value\":5000,\"id\":\"0e11ceff-5cde-4958-a909-1a417e4c0e46\",\"background_color\":\"rgba(221,0,0,1)\",\"operator\":\"gte\"},{\"value\":null,\"id\":\"ff32d7a5-d18e-4084-bc15-7c1885262822\",\"background_color\":\"rgba(204,204,204,1)\",\"operator\":\"empty\"}],\"filter\":{\"query\":\"client.as.organization.name: \\\"PRIVATE\\\" AND server.as.organization.name: \\\"PRIVATE\\\"\",\"language\":\"kuery\"},\"id\":\"243e6f91-2230-4e05-bcdd-3fb4a0941bab\",\"index_pattern\":\"elastiflow-flow-ecs-*\",\"interval\":\"\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"number\",\"id\":\"51ea642f-d1a5-4d80-963e-5990c33fc8e0\",\"label\":\"Accessed Ports (Private)\",\"line_width\":1,\"metrics\":[{\"id\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\",\"type\":\"cardinality\",\"field\":\"server.port\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"kibana\",\"split_mode\":\"everything\",\"stacked\":\"none\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"time_range_mode\":\"entire_time_range\",\"tooltip_mode\":\"show_all\",\"type\":\"metric\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"8dbc3c86-5fd0-4730-a318-45538cee9fb4","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,14736],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY4MzksMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Average Throughput (bits/s) - TSVB (metric)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Average Throughput (bits/s) - TSVB (metric)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"243e6f91-2230-4e05-bcdd-3fb4a0941bab\",\"type\":\"metric\",\"series\":[{\"id\":\"51ea642f-d1a5-4d80-963e-5990c33fc8e0\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\",\"type\":\"sum\",\"field\":\"network.bytes\"},{\"id\":\"6a8fef1c-81ba-4dc7-9707-418a50286686\",\"type\":\"calculation\",\"variables\":[{\"id\":\"99002288-db72-4bdf-a45f-ab3f6fd9def5\",\"name\":\"bytes\",\"field\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"},{\"sigma\":\"\",\"id\":\"4bf6573f-f58b-4baa-aa11-bcfbb25174a6\",\"type\":\"avg_bucket\",\"field\":\"6a8fef1c-81ba-4dc7-9707-418a50286686\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Avg. Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\"}],\"time_field\":\"\",\"index_pattern\":\"\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"background_color_rules\":[{\"id\":\"9c8e063a-0d8d-46ed-816a-48bc34d06ce3\"}],\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"60bfaea8-fd16-4404-8bba-4b76db9163e8","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,14737],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY4NDAsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"terms\":{\"destination.port\":[22,23,1494,3389]}},{\"range\":{\"destination.port\":{\"gte\":\"5900\",\"lte\":\"5904\"}}}]}}],\"must_not\":[{\"term\":{\"source.as.organization.name\":\"PRIVATE\"}},{\"terms\":{\"source.port\":[53,123,80,443,25,465,110,195,143,993]}}]},\"meta\":{\"alias\":\"CLI & Remote Desktop Public\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"bool\\\":{\\\"minimum_should_match\\\":1,\\\"should\\\":[{\\\"terms\\\":{\\\"destination.port\\\":[22,23,1494,3389]}},{\\\"range\\\":{\\\"destination.port\\\":{\\\"gte\\\":\\\"5900\\\",\\\"lte\\\":\\\"5904\\\"}}}]}}],\\\"must_not\\\":[{\\\"term\\\":{\\\"source.as.organization.name\\\":\\\"PRIVATE\\\"}},{\\\"terms\\\":{\\\"source.port\\\":[53,123,80,443,25,465,110,195,143,993]}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): CLI & Remote Desktop Sessions (Public) - table","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: CLI & Remote Desktop Sessions (Public) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"source.port\",\"customLabel\":\"Sessions\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.l4.port.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":14,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"6dd53623-58f0-4fd1-bae0-bb415eb1e766","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1675811601479,14740],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY4NDEsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): VLAN/DSCP/TCP Flags/TCP Options - input list","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: VLAN/DSCP/TCP Flags/TCP Options - input list\",\"type\":\"input_control_vis\",\"aggs\":[],\"params\":{\"controls\":[{\"id\":\"1607868729183\",\"fieldName\":\"host.name\",\"parent\":\"\",\"label\":\"Flow Exporter\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":1000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_0_index_pattern\"},{\"id\":\"1607868774014\",\"fieldName\":\"vlan.tag.id\",\"parent\":\"\",\"label\":\"VLANs\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":1000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_1_index_pattern\"},{\"id\":\"1607868810362\",\"fieldName\":\"ip.dscp.name\",\"parent\":\"\",\"label\":\"DSCP\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":1000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_2_index_pattern\"},{\"id\":\"1607868835824\",\"fieldName\":\"tcp.flags.tags\",\"parent\":\"\",\"label\":\"TCP Flags\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":16,\"order\":\"desc\"},\"indexPatternRefName\":\"control_3_index_pattern\"},{\"id\":\"1608040362438\",\"fieldName\":\"tcp.options.tags\",\"parent\":\"\",\"label\":\"TCP Options\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":64,\"order\":\"desc\"},\"indexPatternRefName\":\"control_4_index_pattern\"}],\"updateFiltersOnChange\":true,\"useTimeFilter\":true,\"pinFilters\":true}}"},"coreMigrationVersion":"8.2.0","id":"a0114428-e039-420b-bd73-c135988739f3","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"control_0_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"control_1_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"control_2_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"control_3_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"control_4_index_pattern","type":"index-pattern"}],"sort":[1675811601479,14746],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY4NDIsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): IP Versions (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow (flow): IP Versions (flow records) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Records\",\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.type\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Layer-4 Protocol\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"nestedLegend\":false,\"truncateLegend\":true,\"maxLegendLines\":1,\"emptySizeRatio\":0.3,\"legendSize\":180}}"},"coreMigrationVersion":"8.2.0","id":"c7beaf55-f1c1-4ca4-a855-85bdd0d94323","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1675812775340,17129],"type":"visualization","updated_at":"2023-02-07T23:32:55.340Z","version":"Wzg4MDIsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): IP Version Count - TSVB (metric)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: IP Version Count - TSVB (metric)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"243e6f91-2230-4e05-bcdd-3fb4a0941bab\",\"type\":\"metric\",\"series\":[{\"id\":\"51ea642f-d1a5-4d80-963e-5990c33fc8e0\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\",\"type\":\"cardinality\",\"field\":\"network.type\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"IP Versions\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-ecs-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"background_color_rules\":[{\"id\":\"a075e039-575f-4c8b-b940-2e884eba28aa\"}],\"time_range_mode\":\"entire_time_range\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"3bc643b0-71d5-4775-81eb-67b2fdc3bfda","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,14749],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY4NDQsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Throughput/IP Version (pkts/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/IP Version (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"243e6f91-2230-4e05-bcdd-3fb4a0941bab\",\"type\":\"timeseries\",\"series\":[{\"id\":\"51ea642f-d1a5-4d80-963e-5990c33fc8e0\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\",\"type\":\"sum\",\"field\":\"network.packets\"},{\"id\":\"257662fa-ea8d-48e4-99d1-4348eb175d64\",\"type\":\"math\",\"variables\":[{\"id\":\"b70df311-872d-4708-bd1b-efeddbcc390f\",\"name\":\"packets\",\"field\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\"},{\"id\":\"421e0fdf-4321-44f1-bb3e-439c1e13ed98\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"gradient\",\"metrics\":[{\"id\":\"be634496-f50c-476b-b941-f643e4e5e302\",\"type\":\"sum\",\"field\":\"network.packets\"},{\"id\":\"e7e32c40-d2a2-4917-a4df-989015708b9b\",\"type\":\"math\",\"variables\":[{\"id\":\"f4534402-617a-4cc1-a7c1-648ed94a40da\",\"name\":\"packets\",\"field\":\"be634496-f50c-476b-b941-f643e4e5e302\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top IP Versions\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\",\"terms_field\":\"network.type\",\"terms_size\":\"25\",\"terms_order_by\":\"be634496-f50c-476b-b941-f643e4e5e302\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-ecs-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"filter\":{\"query\":\"network.type: * \",\"language\":\"kuery\"},\"axis_min\":\"0\",\"use_kibana_indexes\":false,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"69fa1163-bce8-4068-a5eb-061717a32077","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,14750],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY4NDUsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): DSCP (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow (flow): DSCP (flow records) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Records\",\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.in.ip.dscp.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP DSCP\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"nestedLegend\":false,\"truncateLegend\":true,\"maxLegendLines\":1,\"emptySizeRatio\":0.3,\"legendSize\":180}}"},"coreMigrationVersion":"8.2.0","id":"7ef1043e-0981-4d8e-b73c-5de69c4e98bc","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1675812738129,17027],"type":"visualization","updated_at":"2023-02-07T23:32:18.129Z","version":"Wzg2OTMsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): TCP Flags (flow records) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow (flow): TCP Flags (flow records) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Records\",\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"tcp.flags.tags\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":16,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"TCP Flags\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"nestedLegend\":false,\"truncateLegend\":true,\"maxLegendLines\":1,\"emptySizeRatio\":0.3,\"legendSize\":180}}"},"coreMigrationVersion":"8.2.0","id":"d4518576-9bf5-4f1d-9524-8a22c7c5c951","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1675812710318,16927],"type":"visualization","updated_at":"2023-02-07T23:31:50.318Z","version":"Wzg1ODEsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): TCP Option Count - TSVB (metric)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: TCP Option Count - TSVB (metric)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"243e6f91-2230-4e05-bcdd-3fb4a0941bab\",\"type\":\"metric\",\"series\":[{\"id\":\"51ea642f-d1a5-4d80-963e-5990c33fc8e0\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\",\"type\":\"cardinality\",\"field\":\"tcp.options.tags\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"TCP Options\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-ecs-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"background_color_rules\":[{\"id\":\"a075e039-575f-4c8b-b940-2e884eba28aa\"}],\"time_range_mode\":\"entire_time_range\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"59265837-fe23-4208-8b43-713523d8e37c","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,14755],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY4NDgsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Throughput/TCP Flag (bits/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/TCP Flag (bits/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"243e6f91-2230-4e05-bcdd-3fb4a0941bab\",\"type\":\"timeseries\",\"series\":[{\"id\":\"51ea642f-d1a5-4d80-963e-5990c33fc8e0\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\",\"type\":\"sum\",\"field\":\"network.bytes\"},{\"id\":\"6a8fef1c-81ba-4dc7-9707-418a50286686\",\"type\":\"calculation\",\"variables\":[{\"id\":\"99002288-db72-4bdf-a45f-ab3f6fd9def5\",\"name\":\"bytes\",\"field\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\"},{\"id\":\"421e0fdf-4321-44f1-bb3e-439c1e13ed98\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"be634496-f50c-476b-b941-f643e4e5e302\",\"type\":\"sum\",\"field\":\"network.bytes\"},{\"id\":\"ad71e075-6b32-48d3-9166-56de5602e828\",\"type\":\"calculation\",\"variables\":[{\"id\":\"6444c352-97d0-411f-a9cb-84d693544965\",\"name\":\"bytes\",\"field\":\"be634496-f50c-476b-b941-f643e4e5e302\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Cities\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\",\"terms_field\":\"tcp.flags.tags\",\"terms_size\":\"25\",\"terms_order_by\":\"be634496-f50c-476b-b941-f643e4e5e302\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-ecs-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"filter\":{\"query\":\"tcp.flags.tags: * \",\"language\":\"kuery\"},\"axis_min\":\"0\",\"use_kibana_indexes\":false,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"813bffe5-3d3b-4a5a-af29-f88f84768b99","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,14756],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY4NDksMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Throughput/TCP Flag (pkts/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/TCP Flag (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"243e6f91-2230-4e05-bcdd-3fb4a0941bab\",\"type\":\"timeseries\",\"series\":[{\"id\":\"51ea642f-d1a5-4d80-963e-5990c33fc8e0\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\",\"type\":\"sum\",\"field\":\"network.packets\"},{\"id\":\"f53d7559-d83f-404f-9318-564dd6ee0e41\",\"type\":\"math\",\"variables\":[{\"id\":\"355ad569-93b3-4620-94c6-ff27d3df6f9d\",\"name\":\"packets\",\"field\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\"},{\"id\":\"421e0fdf-4321-44f1-bb3e-439c1e13ed98\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"be634496-f50c-476b-b941-f643e4e5e302\",\"type\":\"sum\",\"field\":\"network.packets\"},{\"id\":\"333c6dab-7b17-4a81-bd5c-68227fd86382\",\"type\":\"math\",\"variables\":[{\"id\":\"d0f58422-11f3-472f-824a-a23d543c196f\",\"name\":\"packets\",\"field\":\"be634496-f50c-476b-b941-f643e4e5e302\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top TCP Flags\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\",\"terms_field\":\"tcp.flags.tags\",\"terms_size\":\"25\",\"terms_order_by\":\"be634496-f50c-476b-b941-f643e4e5e302\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-ecs-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"filter\":{\"query\":\"tcp.flags.tags: * \",\"language\":\"kuery\"},\"axis_min\":\"0\",\"use_kibana_indexes\":false,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"4e79cb35-68a5-4c34-87b9-6f204557e2b7","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,14757],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY4NTAsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Throughput/TCP Option (pkts/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/TCP Option (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"243e6f91-2230-4e05-bcdd-3fb4a0941bab\",\"type\":\"timeseries\",\"series\":[{\"id\":\"51ea642f-d1a5-4d80-963e-5990c33fc8e0\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\",\"type\":\"sum\",\"field\":\"network.packets\"},{\"id\":\"edb04301-a04b-4343-89e4-aeb8698fde9a\",\"type\":\"math\",\"variables\":[{\"id\":\"ec92c0fc-fe2b-404a-adc5-a2a8f4181b86\",\"name\":\"packets\",\"field\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\"},{\"id\":\"421e0fdf-4321-44f1-bb3e-439c1e13ed98\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"be634496-f50c-476b-b941-f643e4e5e302\",\"type\":\"sum\",\"field\":\"network.packets\"},{\"id\":\"d7bdba28-f7fb-4306-b72f-736315147500\",\"type\":\"math\",\"variables\":[{\"id\":\"811b144a-d930-4e18-ab04-2dbb16ae9b8a\",\"name\":\"packets\",\"field\":\"be634496-f50c-476b-b941-f643e4e5e302\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top TCP Options\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\",\"terms_field\":\"tcp.options.tags\",\"terms_size\":\"25\",\"terms_order_by\":\"be634496-f50c-476b-b941-f643e4e5e302\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-ecs-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"filter\":{\"query\":\"tcp.options.tags: * \",\"language\":\"kuery\"},\"axis_min\":\"0\",\"use_kibana_indexes\":false,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"72cdd234-d89a-4db1-919e-7b4f40d4b277","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,14758],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY4NTEsMl0="}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":false}","panelsJSON":"[{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":28,\"h\":4,\"i\":\"c5bde1bc-b2de-401f-a23f-131064d644d7\"},\"panelIndex\":\"c5bde1bc-b2de-401f-a23f-131064d644d7\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_c5bde1bc-b2de-401f-a23f-131064d644d7\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":28,\"y\":0,\"w\":15,\"h\":4,\"i\":\"fb4912d9-9f2a-4fe0-9ce5-c3b71ae917c4\"},\"panelIndex\":\"fb4912d9-9f2a-4fe0-9ce5-c3b71ae917c4\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_fb4912d9-9f2a-4fe0-9ce5-c3b71ae917c4\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":43,\"y\":0,\"w\":5,\"h\":4,\"i\":\"7ecb1234-4fe9-4ad0-bf58-cb0e5197069f\"},\"panelIndex\":\"7ecb1234-4fe9-4ad0-bf58-cb0e5197069f\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_7ecb1234-4fe9-4ad0-bf58-cb0e5197069f\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":4,\"w\":48,\"h\":5,\"i\":\"2c349539-b64c-4193-9102-bdb01d935a60\"},\"panelIndex\":\"2c349539-b64c-4193-9102-bdb01d935a60\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_2c349539-b64c-4193-9102-bdb01d935a60\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":9,\"w\":12,\"h\":11,\"i\":\"0f452f83-b5cc-4edf-af5c-c0c60bb155c1\"},\"panelIndex\":\"0f452f83-b5cc-4edf-af5c-c0c60bb155c1\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"IP Versions (flow records)\",\"panelRefName\":\"panel_0f452f83-b5cc-4edf-af5c-c0c60bb155c1\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":12,\"y\":9,\"w\":12,\"h\":2,\"i\":\"3771ee16-b40d-494d-8cbe-e8573cc8573e\"},\"panelIndex\":\"3771ee16-b40d-494d-8cbe-e8573cc8573e\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_3771ee16-b40d-494d-8cbe-e8573cc8573e\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":9,\"w\":12,\"h\":11,\"i\":\"2255754f-1b06-4f3e-a379-7ca55723c70e\"},\"panelIndex\":\"2255754f-1b06-4f3e-a379-7ca55723c70e\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Layer-4 Protocols (flow records)\",\"panelRefName\":\"panel_2255754f-1b06-4f3e-a379-7ca55723c70e\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":36,\"y\":9,\"w\":12,\"h\":2,\"i\":\"fea2c507-4a28-4a12-a47c-b3254b2b7012\"},\"panelIndex\":\"fea2c507-4a28-4a12-a47c-b3254b2b7012\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_fea2c507-4a28-4a12-a47c-b3254b2b7012\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":12,\"y\":11,\"w\":12,\"h\":7,\"i\":\"5f1914a8-a293-45aa-b7eb-fe2af28cd695\"},\"panelIndex\":\"5f1914a8-a293-45aa-b7eb-fe2af28cd695\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_5f1914a8-a293-45aa-b7eb-fe2af28cd695\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":36,\"y\":11,\"w\":12,\"h\":7,\"i\":\"d71f6396-65a8-4011-b34c-ebd052c8f1b9\"},\"panelIndex\":\"d71f6396-65a8-4011-b34c-ebd052c8f1b9\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_d71f6396-65a8-4011-b34c-ebd052c8f1b9\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":12,\"y\":18,\"w\":12,\"h\":2,\"i\":\"1adc8215-0d4e-4a25-b3aa-5f0d40145aaf\"},\"panelIndex\":\"1adc8215-0d4e-4a25-b3aa-5f0d40145aaf\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_1adc8215-0d4e-4a25-b3aa-5f0d40145aaf\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":36,\"y\":18,\"w\":12,\"h\":2,\"i\":\"c815ee32-405f-4658-a8a5-66ddbde32edc\"},\"panelIndex\":\"c815ee32-405f-4658-a8a5-66ddbde32edc\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_c815ee32-405f-4658-a8a5-66ddbde32edc\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":20,\"w\":24,\"h\":14,\"i\":\"c5f3feec-ebef-4fea-a37a-c3bf0dfa7bef\"},\"panelIndex\":\"c5f3feec-ebef-4fea-a37a-c3bf0dfa7bef\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"IP Versions (bits/s)\",\"panelRefName\":\"panel_c5f3feec-ebef-4fea-a37a-c3bf0dfa7bef\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":20,\"w\":24,\"h\":14,\"i\":\"fbff9a13-48d9-4939-acf3-cedf23324370\"},\"panelIndex\":\"fbff9a13-48d9-4939-acf3-cedf23324370\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Layer-4 Protocols (bits/s)\",\"panelRefName\":\"panel_fbff9a13-48d9-4939-acf3-cedf23324370\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":34,\"w\":24,\"h\":14,\"i\":\"768b55cb-7c08-4075-8c8d-c011dbe9f856\"},\"panelIndex\":\"768b55cb-7c08-4075-8c8d-c011dbe9f856\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"IP Versions (pkts/s)\",\"panelRefName\":\"panel_768b55cb-7c08-4075-8c8d-c011dbe9f856\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":34,\"w\":24,\"h\":14,\"i\":\"20c5ad70-72c9-4473-83df-9727aea6a37c\"},\"panelIndex\":\"20c5ad70-72c9-4473-83df-9727aea6a37c\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Layer-4 Protocols (pkts/s)\",\"panelRefName\":\"panel_20c5ad70-72c9-4473-83df-9727aea6a37c\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":48,\"w\":12,\"h\":11,\"i\":\"d811222e-71f8-489f-95e2-55fdc7f920c2\"},\"panelIndex\":\"d811222e-71f8-489f-95e2-55fdc7f920c2\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"VLANs (flow records)\",\"panelRefName\":\"panel_d811222e-71f8-489f-95e2-55fdc7f920c2\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":12,\"y\":48,\"w\":12,\"h\":2,\"i\":\"e241496c-fc51-44b6-82b6-1205b4c7fd7a\"},\"panelIndex\":\"e241496c-fc51-44b6-82b6-1205b4c7fd7a\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_e241496c-fc51-44b6-82b6-1205b4c7fd7a\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":48,\"w\":12,\"h\":11,\"i\":\"b151ed65-0618-4129-b272-7923b1c8c44d\"},\"panelIndex\":\"b151ed65-0618-4129-b272-7923b1c8c44d\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"DSCP (flow records)\",\"panelRefName\":\"panel_b151ed65-0618-4129-b272-7923b1c8c44d\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":36,\"y\":48,\"w\":12,\"h\":2,\"i\":\"1bd0f51a-0064-4f30-8ae8-1f9855483d42\"},\"panelIndex\":\"1bd0f51a-0064-4f30-8ae8-1f9855483d42\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_1bd0f51a-0064-4f30-8ae8-1f9855483d42\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":12,\"y\":50,\"w\":12,\"h\":7,\"i\":\"edc08269-077f-41f2-9512-accb1d361497\"},\"panelIndex\":\"edc08269-077f-41f2-9512-accb1d361497\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_edc08269-077f-41f2-9512-accb1d361497\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":36,\"y\":50,\"w\":12,\"h\":7,\"i\":\"ada1fb0c-98dc-48c6-aad4-fc2d9c86c5ec\"},\"panelIndex\":\"ada1fb0c-98dc-48c6-aad4-fc2d9c86c5ec\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_ada1fb0c-98dc-48c6-aad4-fc2d9c86c5ec\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":12,\"y\":57,\"w\":12,\"h\":2,\"i\":\"c9563764-b736-43b6-b1f2-34a6419f5bf7\"},\"panelIndex\":\"c9563764-b736-43b6-b1f2-34a6419f5bf7\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_c9563764-b736-43b6-b1f2-34a6419f5bf7\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":36,\"y\":57,\"w\":12,\"h\":2,\"i\":\"4c5dfd13-c27c-4924-96f5-93206addcf18\"},\"panelIndex\":\"4c5dfd13-c27c-4924-96f5-93206addcf18\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_4c5dfd13-c27c-4924-96f5-93206addcf18\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":59,\"w\":24,\"h\":14,\"i\":\"caa9a995-8370-4671-923f-ade5a009e1d1\"},\"panelIndex\":\"caa9a995-8370-4671-923f-ade5a009e1d1\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_caa9a995-8370-4671-923f-ade5a009e1d1\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":59,\"w\":24,\"h\":14,\"i\":\"dc3e06bd-1c32-403b-be1b-94f00cc5dd6e\"},\"panelIndex\":\"dc3e06bd-1c32-403b-be1b-94f00cc5dd6e\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"DSCP (bits/s)\",\"panelRefName\":\"panel_dc3e06bd-1c32-403b-be1b-94f00cc5dd6e\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":73,\"w\":24,\"h\":14,\"i\":\"bad51f65-1724-41be-a3b9-25dad389c60d\"},\"panelIndex\":\"bad51f65-1724-41be-a3b9-25dad389c60d\",\"embeddableConfig\":{\"enhancements\":{}},\"panelRefName\":\"panel_bad51f65-1724-41be-a3b9-25dad389c60d\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":73,\"w\":24,\"h\":14,\"i\":\"6388e1a5-8e1a-4d7c-a9df-9ffc9dbc6c0f\"},\"panelIndex\":\"6388e1a5-8e1a-4d7c-a9df-9ffc9dbc6c0f\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"DSCP (pkts/s)\",\"panelRefName\":\"panel_6388e1a5-8e1a-4d7c-a9df-9ffc9dbc6c0f\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":87,\"w\":12,\"h\":11,\"i\":\"13c3c495-0d0a-447f-88d5-ae3640a4d7e2\"},\"panelIndex\":\"13c3c495-0d0a-447f-88d5-ae3640a4d7e2\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"TCP Flags (flow records)\",\"panelRefName\":\"panel_13c3c495-0d0a-447f-88d5-ae3640a4d7e2\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":12,\"y\":87,\"w\":12,\"h\":2,\"i\":\"405bc85e-f764-47b7-91f5-2e36d41b71fc\"},\"panelIndex\":\"405bc85e-f764-47b7-91f5-2e36d41b71fc\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_405bc85e-f764-47b7-91f5-2e36d41b71fc\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":87,\"w\":12,\"h\":11,\"i\":\"e6a0a755-20cf-4a16-8f83-240aea5943a4\"},\"panelIndex\":\"e6a0a755-20cf-4a16-8f83-240aea5943a4\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"TCP Options (flow records)\",\"panelRefName\":\"panel_e6a0a755-20cf-4a16-8f83-240aea5943a4\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":36,\"y\":87,\"w\":12,\"h\":2,\"i\":\"fa132636-7d8c-4d09-9442-c6270c8631af\"},\"panelIndex\":\"fa132636-7d8c-4d09-9442-c6270c8631af\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_fa132636-7d8c-4d09-9442-c6270c8631af\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":12,\"y\":89,\"w\":12,\"h\":7,\"i\":\"22a242dc-8c25-4b34-9b37-e553a4c6aac3\"},\"panelIndex\":\"22a242dc-8c25-4b34-9b37-e553a4c6aac3\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_22a242dc-8c25-4b34-9b37-e553a4c6aac3\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":36,\"y\":89,\"w\":12,\"h\":7,\"i\":\"68645245-81c0-404a-9281-36f50246aa27\"},\"panelIndex\":\"68645245-81c0-404a-9281-36f50246aa27\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_68645245-81c0-404a-9281-36f50246aa27\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":12,\"y\":96,\"w\":12,\"h\":2,\"i\":\"c13a96ac-4324-4ada-b803-fb54c1cdc175\"},\"panelIndex\":\"c13a96ac-4324-4ada-b803-fb54c1cdc175\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_c13a96ac-4324-4ada-b803-fb54c1cdc175\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":36,\"y\":96,\"w\":12,\"h\":2,\"i\":\"fb3eea09-e5cd-4561-aa89-075412ad2964\"},\"panelIndex\":\"fb3eea09-e5cd-4561-aa89-075412ad2964\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_fb3eea09-e5cd-4561-aa89-075412ad2964\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":98,\"w\":24,\"h\":15,\"i\":\"191ed51f-fa98-4ad5-a06c-a55f0d048b4b\"},\"panelIndex\":\"191ed51f-fa98-4ad5-a06c-a55f0d048b4b\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"TCP Flags (bits/s)\",\"panelRefName\":\"panel_191ed51f-fa98-4ad5-a06c-a55f0d048b4b\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":98,\"w\":24,\"h\":15,\"i\":\"f59938af-896b-4efe-8b63-1e41c9b62809\"},\"panelIndex\":\"f59938af-896b-4efe-8b63-1e41c9b62809\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"TCP Options (bits/s)\",\"panelRefName\":\"panel_f59938af-896b-4efe-8b63-1e41c9b62809\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":113,\"w\":24,\"h\":15,\"i\":\"8a49d639-f393-4e92-8446-da9efcbce950\"},\"panelIndex\":\"8a49d639-f393-4e92-8446-da9efcbce950\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"TCP Flags (pkts/s)\",\"panelRefName\":\"panel_8a49d639-f393-4e92-8446-da9efcbce950\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":113,\"w\":24,\"h\":15,\"i\":\"8c16e756-5f5a-42b5-9ea0-90eaf31829c9\"},\"panelIndex\":\"8c16e756-5f5a-42b5-9ea0-90eaf31829c9\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"TCP Options (pkts/s)\",\"panelRefName\":\"panel_8c16e756-5f5a-42b5-9ea0-90eaf31829c9\"}]","timeRestore":false,"title":"ElastiFlow (flow): Traffic Details (attributes)","version":1},"coreMigrationVersion":"8.2.0","id":"fc15dfee-2dc4-4370-8cac-e6f9c73bcdf2","migrationVersion":{"dashboard":"8.2.0"},"references":[{"id":"4082b96d-f3df-4a2f-b18d-e350bd2632a7","name":"c5bde1bc-b2de-401f-a23f-131064d644d7:panel_c5bde1bc-b2de-401f-a23f-131064d644d7","type":"visualization"},{"id":"811b144a-d930-4e18-ab04-2dbb16ae9b8a","name":"fb4912d9-9f2a-4fe0-9ce5-c3b71ae917c4:panel_fb4912d9-9f2a-4fe0-9ce5-c3b71ae917c4","type":"visualization"},{"id":"b3a59822-c752-45ed-b321-fe35aa1edda7","name":"7ecb1234-4fe9-4ad0-bf58-cb0e5197069f:panel_7ecb1234-4fe9-4ad0-bf58-cb0e5197069f","type":"visualization"},{"id":"a0114428-e039-420b-bd73-c135988739f3","name":"2c349539-b64c-4193-9102-bdb01d935a60:panel_2c349539-b64c-4193-9102-bdb01d935a60","type":"visualization"},{"id":"c7beaf55-f1c1-4ca4-a855-85bdd0d94323","name":"0f452f83-b5cc-4edf-af5c-c0c60bb155c1:panel_0f452f83-b5cc-4edf-af5c-c0c60bb155c1","type":"visualization"},{"id":"2a974000-47a6-404e-ac3c-37667c202cbd","name":"3771ee16-b40d-494d-8cbe-e8573cc8573e:panel_3771ee16-b40d-494d-8cbe-e8573cc8573e","type":"visualization"},{"id":"60916b92-c39b-4b6c-8936-ce5ef87f5d94","name":"2255754f-1b06-4f3e-a379-7ca55723c70e:panel_2255754f-1b06-4f3e-a379-7ca55723c70e","type":"visualization"},{"id":"2a974000-47a6-404e-ac3c-37667c202cbd","name":"fea2c507-4a28-4a12-a47c-b3254b2b7012:panel_fea2c507-4a28-4a12-a47c-b3254b2b7012","type":"visualization"},{"id":"3bc643b0-71d5-4775-81eb-67b2fdc3bfda","name":"5f1914a8-a293-45aa-b7eb-fe2af28cd695:panel_5f1914a8-a293-45aa-b7eb-fe2af28cd695","type":"visualization"},{"id":"b143197a-43cd-444e-902d-a8bed248f9db","name":"d71f6396-65a8-4011-b34c-ebd052c8f1b9:panel_d71f6396-65a8-4011-b34c-ebd052c8f1b9","type":"visualization"},{"id":"2a974000-47a6-404e-ac3c-37667c202cbd","name":"1adc8215-0d4e-4a25-b3aa-5f0d40145aaf:panel_1adc8215-0d4e-4a25-b3aa-5f0d40145aaf","type":"visualization"},{"id":"2a974000-47a6-404e-ac3c-37667c202cbd","name":"c815ee32-405f-4658-a8a5-66ddbde32edc:panel_c815ee32-405f-4658-a8a5-66ddbde32edc","type":"visualization"},{"id":"9ce1239f-c97e-4b8c-a8c5-14e77a9ecb54","name":"c5f3feec-ebef-4fea-a37a-c3bf0dfa7bef:panel_c5f3feec-ebef-4fea-a37a-c3bf0dfa7bef","type":"visualization"},{"id":"8b82ca12-4e6c-4a03-9d65-2ab08fe88743","name":"fbff9a13-48d9-4939-acf3-cedf23324370:panel_fbff9a13-48d9-4939-acf3-cedf23324370","type":"visualization"},{"id":"69fa1163-bce8-4068-a5eb-061717a32077","name":"768b55cb-7c08-4075-8c8d-c011dbe9f856:panel_768b55cb-7c08-4075-8c8d-c011dbe9f856","type":"visualization"},{"id":"b6a162c6-1858-4553-a6bd-e1805a046ace","name":"20c5ad70-72c9-4473-83df-9727aea6a37c:panel_20c5ad70-72c9-4473-83df-9727aea6a37c","type":"visualization"},{"id":"53fd7b1e-cf5c-4ecc-9261-0f4b99fbc73d","name":"d811222e-71f8-489f-95e2-55fdc7f920c2:panel_d811222e-71f8-489f-95e2-55fdc7f920c2","type":"visualization"},{"id":"2a974000-47a6-404e-ac3c-37667c202cbd","name":"e241496c-fc51-44b6-82b6-1205b4c7fd7a:panel_e241496c-fc51-44b6-82b6-1205b4c7fd7a","type":"visualization"},{"id":"7ef1043e-0981-4d8e-b73c-5de69c4e98bc","name":"b151ed65-0618-4129-b272-7923b1c8c44d:panel_b151ed65-0618-4129-b272-7923b1c8c44d","type":"visualization"},{"id":"2a974000-47a6-404e-ac3c-37667c202cbd","name":"1bd0f51a-0064-4f30-8ae8-1f9855483d42:panel_1bd0f51a-0064-4f30-8ae8-1f9855483d42","type":"visualization"},{"id":"908cb983-6944-4968-8fe7-88584e7ab676","name":"edc08269-077f-41f2-9512-accb1d361497:panel_edc08269-077f-41f2-9512-accb1d361497","type":"visualization"},{"id":"73efab4e-dc6a-4b35-a9a6-6efb818b2cbf","name":"ada1fb0c-98dc-48c6-aad4-fc2d9c86c5ec:panel_ada1fb0c-98dc-48c6-aad4-fc2d9c86c5ec","type":"visualization"},{"id":"2a974000-47a6-404e-ac3c-37667c202cbd","name":"c9563764-b736-43b6-b1f2-34a6419f5bf7:panel_c9563764-b736-43b6-b1f2-34a6419f5bf7","type":"visualization"},{"id":"2a974000-47a6-404e-ac3c-37667c202cbd","name":"4c5dfd13-c27c-4924-96f5-93206addcf18:panel_4c5dfd13-c27c-4924-96f5-93206addcf18","type":"visualization"},{"id":"c6690d40-7e9d-47c0-91e5-b9bd43fbc64d","name":"caa9a995-8370-4671-923f-ade5a009e1d1:panel_caa9a995-8370-4671-923f-ade5a009e1d1","type":"visualization"},{"id":"1f0eee99-cb69-4f0c-a12e-f21c85cc2ad5","name":"dc3e06bd-1c32-403b-be1b-94f00cc5dd6e:panel_dc3e06bd-1c32-403b-be1b-94f00cc5dd6e","type":"visualization"},{"id":"11a16093-341f-43c2-8987-2827533621c6","name":"bad51f65-1724-41be-a3b9-25dad389c60d:panel_bad51f65-1724-41be-a3b9-25dad389c60d","type":"visualization"},{"id":"dd877113-e815-4d47-96c6-2047abe073d3","name":"6388e1a5-8e1a-4d7c-a9df-9ffc9dbc6c0f:panel_6388e1a5-8e1a-4d7c-a9df-9ffc9dbc6c0f","type":"visualization"},{"id":"d4518576-9bf5-4f1d-9524-8a22c7c5c951","name":"13c3c495-0d0a-447f-88d5-ae3640a4d7e2:panel_13c3c495-0d0a-447f-88d5-ae3640a4d7e2","type":"visualization"},{"id":"2a974000-47a6-404e-ac3c-37667c202cbd","name":"405bc85e-f764-47b7-91f5-2e36d41b71fc:panel_405bc85e-f764-47b7-91f5-2e36d41b71fc","type":"visualization"},{"id":"948eae7d-a22a-4577-b6e3-e493307c324a","name":"e6a0a755-20cf-4a16-8f83-240aea5943a4:panel_e6a0a755-20cf-4a16-8f83-240aea5943a4","type":"visualization"},{"id":"2a974000-47a6-404e-ac3c-37667c202cbd","name":"fa132636-7d8c-4d09-9442-c6270c8631af:panel_fa132636-7d8c-4d09-9442-c6270c8631af","type":"visualization"},{"id":"1fd1af3d-bad3-47a1-95fd-838b5350c506","name":"22a242dc-8c25-4b34-9b37-e553a4c6aac3:panel_22a242dc-8c25-4b34-9b37-e553a4c6aac3","type":"visualization"},{"id":"59265837-fe23-4208-8b43-713523d8e37c","name":"68645245-81c0-404a-9281-36f50246aa27:panel_68645245-81c0-404a-9281-36f50246aa27","type":"visualization"},{"id":"2a974000-47a6-404e-ac3c-37667c202cbd","name":"c13a96ac-4324-4ada-b803-fb54c1cdc175:panel_c13a96ac-4324-4ada-b803-fb54c1cdc175","type":"visualization"},{"id":"2a974000-47a6-404e-ac3c-37667c202cbd","name":"fb3eea09-e5cd-4561-aa89-075412ad2964:panel_fb3eea09-e5cd-4561-aa89-075412ad2964","type":"visualization"},{"id":"813bffe5-3d3b-4a5a-af29-f88f84768b99","name":"191ed51f-fa98-4ad5-a06c-a55f0d048b4b:panel_191ed51f-fa98-4ad5-a06c-a55f0d048b4b","type":"visualization"},{"id":"08059b31-05db-4269-b28d-92a5fdba0417","name":"f59938af-896b-4efe-8b63-1e41c9b62809:panel_f59938af-896b-4efe-8b63-1e41c9b62809","type":"visualization"},{"id":"4e79cb35-68a5-4c34-87b9-6f204557e2b7","name":"8a49d639-f393-4e92-8446-da9efcbce950:panel_8a49d639-f393-4e92-8446-da9efcbce950","type":"visualization"},{"id":"72cdd234-d89a-4db1-919e-7b4f40d4b277","name":"8c16e756-5f5a-42b5-9ea0-90eaf31829c9:panel_8c16e756-5f5a-42b5-9ea0-90eaf31829c9","type":"visualization"}],"sort":[1675811601479,14799],"type":"dashboard","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY4NTIsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Flow Records/s (client/server) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Flow Records/s (client/server) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"243e6f91-2230-4e05-bcdd-3fb4a0941bab\",\"type\":\"timeseries\",\"series\":[{\"id\":\"51ea642f-d1a5-4d80-963e-5990c33fc8e0\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\",\"type\":\"count\",\"field\":\"network.bytes\"},{\"id\":\"4c707337-84e8-48be-bab0-81ca001d2988\",\"type\":\"calculation\",\"variables\":[{\"id\":\"3162983d-427e-4a24-88c8-12d3a284de14\",\"name\":\"count\",\"field\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\"}],\"script\":\"params.count / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Flow Records\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\"},{\"id\":\"421e0fdf-4321-44f1-bb3e-439c1e13ed98\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"gradient\",\"metrics\":[{\"id\":\"be634496-f50c-476b-b941-f643e4e5e302\",\"type\":\"count\",\"field\":\"network.bytes\"},{\"id\":\"b46d3418-5920-438a-8add-6985b791ef1b\",\"type\":\"calculation\",\"variables\":[{\"id\":\"d64dfea5-0d4d-401c-b19d-53b8c39c2013\",\"name\":\"count\",\"field\":\"be634496-f50c-476b-b941-f643e4e5e302\"}],\"script\":\"params.count / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Flow Types\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\",\"terms_field\":\"flow.export.version.name\",\"terms_size\":\"25\",\"terms_order_by\":\"be634496-f50c-476b-b941-f643e4e5e302\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-ecs-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"axis_min\":\"0\",\"filter\":{\"query\":\"client.ip: * AND server.ip: *\",\"language\":\"kuery\"},\"use_kibana_indexes\":false,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"2ac94a8c-687d-4e0d-b9e9-b1e5c3dfe474","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,14800],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY4NTMsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): UDP Amplification Packets - metric","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: UDP Amplification Packets - metric\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"value\":0,\"id\":\"3374bc0c-cb5c-4fce-943a-f37049156236\",\"background_color\":\"rgba(204,204,204,1)\",\"operator\":\"gte\"},{\"value\":100000,\"id\":\"c17422fd-f5ec-4ec6-b841-adaaa6a32d63\",\"background_color\":\"rgba(68,170,255,1)\",\"operator\":\"gte\"},{\"value\":1000000,\"id\":\"f581ce81-0463-4201-b122-a3d34fc5bee2\",\"background_color\":\"rgba(255,136,0,1)\",\"operator\":\"gte\"},{\"value\":10000000,\"id\":\"0e11ceff-5cde-4958-a909-1a417e4c0e46\",\"background_color\":\"rgba(221,0,0,1)\",\"operator\":\"gte\"},{\"value\":null,\"id\":\"4a0547bd-f8b4-496f-8ed6-16ebced81465\",\"background_color\":\"rgba(204,204,204,1)\",\"operator\":\"empty\"}],\"filter\":{\"query\":\"network.transport: \\\"udp\\\" AND NOT source.as.organization.name: \\\"PRIVATE\\\" AND source.port: (17 OR 19 OR 53 OR 69 OR 111 OR 123 OR 137 OR 161 OR 389 OR 520 OR 751 OR 1434 OR 1645 OR 1646 OR 1812 OR 1813 OR 1900 OR 3702 OR 5093 OR 5353 OR 11211 OR 27015 OR 27960)\",\"language\":\"kuery\"},\"id\":\"243e6f91-2230-4e05-bcdd-3fb4a0941bab\",\"index_pattern\":\"elastiflow-flow-ecs-*\",\"interval\":\"\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"number\",\"id\":\"51ea642f-d1a5-4d80-963e-5990c33fc8e0\",\"label\":\"UDP Packets\",\"line_width\":1,\"metrics\":[{\"id\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\",\"type\":\"sum\",\"field\":\"network.packets\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"kibana\",\"split_mode\":\"everything\",\"stacked\":\"none\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"time_range_mode\":\"entire_time_range\",\"tooltip_mode\":\"show_all\",\"type\":\"metric\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"c6993460-ad23-4452-8a71-4a9aec6d43c1","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,14801],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY4NTQsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): NTP Symmetric Messages (packets) - TSVB (metric)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NTP Symmetric Messages (packets) - TSVB (metric)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"243e6f91-2230-4e05-bcdd-3fb4a0941bab\",\"type\":\"metric\",\"series\":[{\"id\":\"51ea642f-d1a5-4d80-963e-5990c33fc8e0\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\",\"type\":\"sum\",\"field\":\"network.packets\"},{\"sigma\":\"\",\"id\":\"9f929eed-1261-4f02-9bea-a72d23a9eb19\",\"type\":\"cumulative_sum\",\"field\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"3\",\"point_size\":\"0\",\"fill\":\"0\",\"stacked\":\"none\",\"label\":\"symmetric\",\"type\":\"timeseries\",\"filter\":{\"query\":\"\",\"language\":\"kuery\"}}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-ecs-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"drop_last_bucket\":1,\"background_color_rules\":[{\"id\":\"5ede7772-5bb9-4e6c-886a-346f69dc073b\"}],\"filter\":{\"query\":\"network.transport: \\\"udp\\\" AND source.port: 123 AND destination.port: 123 AND (event.dataset: \\\"ipfix\\\" OR event.dataset: \\\"netflow\\\")\",\"language\":\"kuery\"},\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true}}"},"coreMigrationVersion":"8.2.0","id":"1fa1ca46-f3f8-484c-a4e9-14b86ae5ac54","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,14802],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY4NTUsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Flow Record Count (client/server) - TSVB (metric)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Flow Record Count (client/server) - TSVB (metric)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"243e6f91-2230-4e05-bcdd-3fb4a0941bab\",\"type\":\"metric\",\"series\":[{\"id\":\"51ea642f-d1a5-4d80-963e-5990c33fc8e0\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\",\"type\":\"count\",\"field\":\"flow.conversation.id\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Flow Records\",\"filter\":{\"query\":\"\",\"language\":\"kuery\"}}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-ecs-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"background_color_rules\":[{\"id\":\"a075e039-575f-4c8b-b940-2e884eba28aa\"}],\"time_range_mode\":\"entire_time_range\",\"filter\":{\"query\":\"client.ip : * and server.ip : *\",\"language\":\"kuery\"},\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"41c6337a-2e90-43a7-9082-522ec66c7bec","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,14803],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY4NTYsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Source Countries and Cities (bytes) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Source Countries and Cities (bytes) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Bytes\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.geo.country_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Country\"},\"schema\":\"segment\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.geo.city_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"City\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\"}}"},"coreMigrationVersion":"8.2.0","id":"90a52d6a-ddcf-4514-ab3a-d0d3a26129f6","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1675811601479,14805],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY4NTcsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"terms\":{\"network.transport\":[\"icmp\",\"ipv6-icmp\"]}},{\"term\":{\"destination.as.organization.name\":\"PRIVATE\"}}],\"must_not\":[{\"term\":{\"source.as.organization.name\":\"PRIVATE\"}}]},\"meta\":{\"alias\":\"ICMP Inbound\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"terms\\\":{\\\"network.transport\\\":[\\\"icmp\\\",\\\"ipv6-icmp\\\"]}},{\\\"term\\\":{\\\"destination.as.organization.name\\\":\\\"PRIVATE\\\"}}],\\\"must_not\\\":[{\\\"term\\\":{\\\"source.as.organization.name\\\":\\\"PRIVATE\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): ICMP Sources (Inbound) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: ICMP Sources (Inbound) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"source.ip\",\"customLabel\":\"Sources\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"0def8923-253e-4711-bd37-78515af60c03","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1675811601479,14808],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY4NTgsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): NAV - Traffic Details (locality)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Traffic Details (locality)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"243e6f91-2230-4e05-bcdd-3fb4a0941bab\",\"type\":\"markdown\",\"series\":[{\"id\":\"51ea642f-d1a5-4d80-963e-5990c33fc8e0\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*-ecs-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"markdown\":\"[Attributes](#/dashboard/fc15dfee-2dc4-4370-8cac-e6f9c73bcdf2) | [Types](#/dashboard/6e0aaa1b-5b37-44e7-8034-7a5cbd14023b) | [**Locality**](#/dashboard/52ec57df-2a74-488f-afc2-ccbcf5c70918)\\n***\",\"markdown_css\":\"p{color:#aaaaaa;margin-top:0;margin-bottom:12px} p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none} p a strong{color:#1ba9f5;font-weight:bold} hr{background-color:#aaaaaa;margin:0;height:1px} a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"a9af22e6-caa2-4948-b7e2-d29cd09249ef","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,14809],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY4NTksMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Locality/AS/Country/City - input list","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Locality/AS/Country/City - input list\",\"type\":\"input_control_vis\",\"aggs\":[],\"params\":{\"controls\":[{\"id\":\"1607868729183\",\"fieldName\":\"host.name\",\"parent\":\"\",\"label\":\"Flow Exporter\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":1000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_0_index_pattern\"},{\"id\":\"1607868774014\",\"fieldName\":\"flow.locality\",\"parent\":\"\",\"label\":\"Locality\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":5,\"order\":\"desc\"},\"indexPatternRefName\":\"control_1_index_pattern\"},{\"id\":\"1607868810362\",\"fieldName\":\"as.label\",\"parent\":\"\",\"label\":\"Autonomous Sytem\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":1000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_2_index_pattern\"},{\"id\":\"1607868835824\",\"fieldName\":\"client.geo.country_name\",\"parent\":\"\",\"label\":\"Country\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":250,\"order\":\"desc\"},\"indexPatternRefName\":\"control_3_index_pattern\"},{\"id\":\"1608040362438\",\"fieldName\":\"geo.city.name\",\"parent\":\"\",\"label\":\"City\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":500,\"order\":\"desc\"},\"indexPatternRefName\":\"control_4_index_pattern\"}],\"updateFiltersOnChange\":true,\"useTimeFilter\":true,\"pinFilters\":true}}"},"coreMigrationVersion":"8.2.0","id":"5b49c50b-97dc-4ea3-aa9b-caecd917a398","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"control_0_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"control_1_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"control_2_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"control_3_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"control_4_index_pattern","type":"index-pattern"}],"sort":[1675811601479,14815],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY4NjAsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Autonomous System Count - TSVB (metric)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Autonomous System Count - TSVB (metric)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"243e6f91-2230-4e05-bcdd-3fb4a0941bab\",\"type\":\"metric\",\"series\":[{\"id\":\"51ea642f-d1a5-4d80-963e-5990c33fc8e0\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\",\"type\":\"cardinality\",\"field\":\"as.label\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"ASNs\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-ecs-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"background_color_rules\":[{\"id\":\"a075e039-575f-4c8b-b940-2e884eba28aa\"}],\"time_range_mode\":\"entire_time_range\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"98c7e4b8-cdd2-49b7-ba2f-fdf075a8843a","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,14816],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY4NjEsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Throughput/Autonomous System (bits/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/Autonomous System (bits/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"243e6f91-2230-4e05-bcdd-3fb4a0941bab\",\"type\":\"timeseries\",\"series\":[{\"id\":\"51ea642f-d1a5-4d80-963e-5990c33fc8e0\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\",\"type\":\"sum\",\"field\":\"network.bytes\"},{\"id\":\"6a8fef1c-81ba-4dc7-9707-418a50286686\",\"type\":\"calculation\",\"variables\":[{\"id\":\"99002288-db72-4bdf-a45f-ab3f6fd9def5\",\"name\":\"bytes\",\"field\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\"},{\"id\":\"421e0fdf-4321-44f1-bb3e-439c1e13ed98\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"be634496-f50c-476b-b941-f643e4e5e302\",\"type\":\"sum\",\"field\":\"network.bytes\"},{\"id\":\"ad71e075-6b32-48d3-9166-56de5602e828\",\"type\":\"calculation\",\"variables\":[{\"id\":\"6444c352-97d0-411f-a9cb-84d693544965\",\"name\":\"bytes\",\"field\":\"be634496-f50c-476b-b941-f643e4e5e302\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Autonomous Systems\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\",\"terms_field\":\"as.label\",\"terms_size\":\"25\",\"terms_order_by\":\"be634496-f50c-476b-b941-f643e4e5e302\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-ecs-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"filter\":{\"query\":\"as.label : * \",\"language\":\"kuery\"},\"axis_min\":\"0\",\"use_kibana_indexes\":false,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"34c780f0-0bf4-429b-aea8-7de2f22dd0c6","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,14817],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY4NjIsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Throughput/Locality (pkts/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/Locality (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"243e6f91-2230-4e05-bcdd-3fb4a0941bab\",\"type\":\"timeseries\",\"series\":[{\"id\":\"51ea642f-d1a5-4d80-963e-5990c33fc8e0\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\",\"type\":\"sum\",\"field\":\"network.packets\"},{\"id\":\"66753fdc-ddc1-4e92-aade-a754a98d9b10\",\"type\":\"math\",\"variables\":[{\"id\":\"410eb24b-556c-4511-a4e9-e5d44e81d750\",\"name\":\"packets\",\"field\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\"},{\"id\":\"421e0fdf-4321-44f1-bb3e-439c1e13ed98\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"gradient\",\"metrics\":[{\"id\":\"be634496-f50c-476b-b941-f643e4e5e302\",\"type\":\"sum\",\"field\":\"network.packets\"},{\"id\":\"ff2a8571-bfd6-4816-8383-7aeaad3e5a47\",\"type\":\"math\",\"variables\":[{\"id\":\"a38dfc3e-9050-45aa-9aae-5209ca354cb8\",\"name\":\"packets\",\"field\":\"be634496-f50c-476b-b941-f643e4e5e302\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Localities\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\",\"terms_field\":\"flow.locality\",\"terms_size\":\"25\",\"terms_order_by\":\"be634496-f50c-476b-b941-f643e4e5e302\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-ecs-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"filter\":{\"query\":\"flow.locality: * \",\"language\":\"kuery\"},\"axis_min\":\"0\",\"use_kibana_indexes\":false,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"8eb684ba-7f9e-4917-9552-0e7c6188fd7e","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,14818],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY4NjMsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Throughput/Autonomous System (pkts/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/Autonomous System (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"243e6f91-2230-4e05-bcdd-3fb4a0941bab\",\"type\":\"timeseries\",\"series\":[{\"id\":\"51ea642f-d1a5-4d80-963e-5990c33fc8e0\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\",\"type\":\"sum\",\"field\":\"network.packets\"},{\"id\":\"1ae7ef49-5f7f-4b0a-b7ed-f9c5c3b153a5\",\"type\":\"math\",\"variables\":[{\"id\":\"1339710e-327e-412e-9c16-c497d0611b4f\",\"name\":\"packets\",\"field\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\"},{\"id\":\"421e0fdf-4321-44f1-bb3e-439c1e13ed98\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"be634496-f50c-476b-b941-f643e4e5e302\",\"type\":\"sum\",\"field\":\"network.packets\"},{\"id\":\"f4f07477-4fbf-4649-a940-b1cddf37da1b\",\"type\":\"math\",\"variables\":[{\"id\":\"47e5ff9c-e965-4b49-817f-7e443537a8df\",\"name\":\"packets\",\"field\":\"be634496-f50c-476b-b941-f643e4e5e302\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Autonomous Systems\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\",\"terms_field\":\"as.label\",\"terms_size\":\"25\",\"terms_order_by\":\"be634496-f50c-476b-b941-f643e4e5e302\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-ecs-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"filter\":{\"query\":\"as.label: * \",\"language\":\"kuery\"},\"axis_min\":\"0\",\"use_kibana_indexes\":false,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"df2bf36c-14c2-4d39-bae2-31aeb736f580","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,14819],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY4NjQsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Throughput/Country (bits/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/Country (bits/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"243e6f91-2230-4e05-bcdd-3fb4a0941bab\",\"type\":\"timeseries\",\"series\":[{\"id\":\"51ea642f-d1a5-4d80-963e-5990c33fc8e0\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\",\"type\":\"sum\",\"field\":\"network.bytes\"},{\"id\":\"6a8fef1c-81ba-4dc7-9707-418a50286686\",\"type\":\"calculation\",\"variables\":[{\"id\":\"99002288-db72-4bdf-a45f-ab3f6fd9def5\",\"name\":\"bytes\",\"field\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\"},{\"id\":\"421e0fdf-4321-44f1-bb3e-439c1e13ed98\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"be634496-f50c-476b-b941-f643e4e5e302\",\"type\":\"sum\",\"field\":\"network.bytes\"},{\"id\":\"ad71e075-6b32-48d3-9166-56de5602e828\",\"type\":\"calculation\",\"variables\":[{\"id\":\"6444c352-97d0-411f-a9cb-84d693544965\",\"name\":\"bytes\",\"field\":\"be634496-f50c-476b-b941-f643e4e5e302\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Autonomous Systems\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\",\"terms_field\":\"geo.country.name\",\"terms_size\":\"25\",\"terms_order_by\":\"be634496-f50c-476b-b941-f643e4e5e302\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-ecs-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"filter\":{\"query\":\"geo.country.name: * \",\"language\":\"kuery\"},\"axis_min\":\"0\",\"use_kibana_indexes\":false,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"4b2cf5d2-a71f-4f23-b5a9-8680736c2211","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,14820],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY4NjUsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Throughput/Country (pkts/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Throughput/Country (pkts/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"243e6f91-2230-4e05-bcdd-3fb4a0941bab\",\"type\":\"timeseries\",\"series\":[{\"id\":\"51ea642f-d1a5-4d80-963e-5990c33fc8e0\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\",\"type\":\"sum\",\"field\":\"network.packets\"},{\"id\":\"f8e4a261-f761-49c7-a5c6-56fe2d572a08\",\"type\":\"math\",\"variables\":[{\"id\":\"f902fa64-856d-4016-b9f5-139e0915cf60\",\"name\":\"packets\",\"field\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\"},{\"id\":\"421e0fdf-4321-44f1-bb3e-439c1e13ed98\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"be634496-f50c-476b-b941-f643e4e5e302\",\"type\":\"sum\",\"field\":\"network.packets\"},{\"id\":\"881e8b16-9575-4fce-a157-d5b8c1c83e1a\",\"type\":\"math\",\"variables\":[{\"id\":\"1bf3be80-422e-4c35-b1d8-4bebf44032b3\",\"name\":\"packets\",\"field\":\"be634496-f50c-476b-b941-f643e4e5e302\"}],\"script\":\"params.packets / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0a\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Countries\",\"type\":\"timeseries\",\"value_template\":\"{{value}}p/s\",\"terms_field\":\"geo.country.name\",\"terms_size\":\"25\",\"terms_order_by\":\"be634496-f50c-476b-b941-f643e4e5e302\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-ecs-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"filter\":{\"query\":\"geo.country.name: * \",\"language\":\"kuery\"},\"axis_min\":\"0\",\"use_kibana_indexes\":false,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"a170156c-638f-4dd3-8045-1c3597df4255","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,14821],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY4NjYsMl0="}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":false}","panelsJSON":"[{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":28,\"h\":4,\"i\":\"ebfe0c73-9119-4793-b907-e6abf3687470\"},\"panelIndex\":\"ebfe0c73-9119-4793-b907-e6abf3687470\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_ebfe0c73-9119-4793-b907-e6abf3687470\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":28,\"y\":0,\"w\":15,\"h\":4,\"i\":\"b064e7cb-3995-4f48-a6a6-0160bec6cf38\"},\"panelIndex\":\"b064e7cb-3995-4f48-a6a6-0160bec6cf38\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_b064e7cb-3995-4f48-a6a6-0160bec6cf38\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":43,\"y\":0,\"w\":5,\"h\":4,\"i\":\"2b0b0a7d-9601-4f77-991e-595c8f49f1cc\"},\"panelIndex\":\"2b0b0a7d-9601-4f77-991e-595c8f49f1cc\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_2b0b0a7d-9601-4f77-991e-595c8f49f1cc\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":4,\"w\":48,\"h\":5,\"i\":\"44d9de31-21bd-48f2-ae20-03c7cc02cf38\"},\"panelIndex\":\"44d9de31-21bd-48f2-ae20-03c7cc02cf38\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_44d9de31-21bd-48f2-ae20-03c7cc02cf38\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":9,\"w\":12,\"h\":11,\"i\":\"c4cfb01a-7f94-408f-9ff4-db6b5ff62e14\"},\"panelIndex\":\"c4cfb01a-7f94-408f-9ff4-db6b5ff62e14\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Flow Locality (flow records)\",\"panelRefName\":\"panel_c4cfb01a-7f94-408f-9ff4-db6b5ff62e14\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":12,\"y\":9,\"w\":12,\"h\":2,\"i\":\"45fcce14-648e-4a03-93d3-25d6877bc59b\"},\"panelIndex\":\"45fcce14-648e-4a03-93d3-25d6877bc59b\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_45fcce14-648e-4a03-93d3-25d6877bc59b\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":9,\"w\":12,\"h\":11,\"i\":\"ea1e124f-66fb-450a-91ae-b280761805b6\"},\"panelIndex\":\"ea1e124f-66fb-450a-91ae-b280761805b6\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Autonomous Systems (flow records)\",\"panelRefName\":\"panel_ea1e124f-66fb-450a-91ae-b280761805b6\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":36,\"y\":9,\"w\":12,\"h\":2,\"i\":\"89968f5f-8631-42ee-aa40-035d1b739cd8\"},\"panelIndex\":\"89968f5f-8631-42ee-aa40-035d1b739cd8\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_89968f5f-8631-42ee-aa40-035d1b739cd8\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":12,\"y\":11,\"w\":12,\"h\":7,\"i\":\"e05a9295-cfe9-4c82-ad8f-a60623c34696\"},\"panelIndex\":\"e05a9295-cfe9-4c82-ad8f-a60623c34696\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_e05a9295-cfe9-4c82-ad8f-a60623c34696\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":36,\"y\":11,\"w\":12,\"h\":7,\"i\":\"3433e143-2abc-44b8-ae19-9c78f956463c\"},\"panelIndex\":\"3433e143-2abc-44b8-ae19-9c78f956463c\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_3433e143-2abc-44b8-ae19-9c78f956463c\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":12,\"y\":18,\"w\":12,\"h\":2,\"i\":\"89dd18b8-2aae-48e7-82a3-2015cc8392cd\"},\"panelIndex\":\"89dd18b8-2aae-48e7-82a3-2015cc8392cd\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_89dd18b8-2aae-48e7-82a3-2015cc8392cd\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":36,\"y\":18,\"w\":12,\"h\":2,\"i\":\"b10fbaf5-e085-4971-b03b-fd416be14c96\"},\"panelIndex\":\"b10fbaf5-e085-4971-b03b-fd416be14c96\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_b10fbaf5-e085-4971-b03b-fd416be14c96\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":20,\"w\":24,\"h\":14,\"i\":\"6dc27cd0-b389-4e88-a037-c650b5bbae55\"},\"panelIndex\":\"6dc27cd0-b389-4e88-a037-c650b5bbae55\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Locality (bits/s)\",\"panelRefName\":\"panel_6dc27cd0-b389-4e88-a037-c650b5bbae55\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":20,\"w\":24,\"h\":14,\"i\":\"ae81dc0b-1824-45a4-a8d3-f5e1b3c53a79\"},\"panelIndex\":\"ae81dc0b-1824-45a4-a8d3-f5e1b3c53a79\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Autonomous Systems (bits/s)\",\"panelRefName\":\"panel_ae81dc0b-1824-45a4-a8d3-f5e1b3c53a79\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":34,\"w\":24,\"h\":14,\"i\":\"201584fb-714b-4a77-8ad6-fe15c569a8f3\"},\"panelIndex\":\"201584fb-714b-4a77-8ad6-fe15c569a8f3\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Locality (pkts/s)\",\"panelRefName\":\"panel_201584fb-714b-4a77-8ad6-fe15c569a8f3\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":34,\"w\":24,\"h\":14,\"i\":\"15635f46-3d83-42b6-b963-28bcb7c86d1b\"},\"panelIndex\":\"15635f46-3d83-42b6-b963-28bcb7c86d1b\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Autonomous Systems (pkts/s)\",\"panelRefName\":\"panel_15635f46-3d83-42b6-b963-28bcb7c86d1b\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":48,\"w\":12,\"h\":11,\"i\":\"2c8ef372-1cd8-46e7-af5c-2dd2d774b90d\"},\"panelIndex\":\"2c8ef372-1cd8-46e7-af5c-2dd2d774b90d\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Countries (flow records)\",\"panelRefName\":\"panel_2c8ef372-1cd8-46e7-af5c-2dd2d774b90d\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":12,\"y\":48,\"w\":12,\"h\":2,\"i\":\"8b735118-34b3-4c5d-9031-8b878c9b7d44\"},\"panelIndex\":\"8b735118-34b3-4c5d-9031-8b878c9b7d44\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_8b735118-34b3-4c5d-9031-8b878c9b7d44\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":48,\"w\":12,\"h\":11,\"i\":\"d72d52dd-65f6-43c9-af13-9f32f2e36770\"},\"panelIndex\":\"d72d52dd-65f6-43c9-af13-9f32f2e36770\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Cities (flow records)\",\"panelRefName\":\"panel_d72d52dd-65f6-43c9-af13-9f32f2e36770\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":36,\"y\":48,\"w\":12,\"h\":2,\"i\":\"49fbd4c9-3b73-40f0-8e1d-cf86c8239c18\"},\"panelIndex\":\"49fbd4c9-3b73-40f0-8e1d-cf86c8239c18\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_49fbd4c9-3b73-40f0-8e1d-cf86c8239c18\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":12,\"y\":50,\"w\":12,\"h\":7,\"i\":\"f26fb4a2-0676-498c-9ae2-33868a3b0ce5\"},\"panelIndex\":\"f26fb4a2-0676-498c-9ae2-33868a3b0ce5\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_f26fb4a2-0676-498c-9ae2-33868a3b0ce5\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":36,\"y\":50,\"w\":12,\"h\":7,\"i\":\"dadb4e2b-b70f-4bdf-88de-127c2734c01a\"},\"panelIndex\":\"dadb4e2b-b70f-4bdf-88de-127c2734c01a\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_dadb4e2b-b70f-4bdf-88de-127c2734c01a\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":12,\"y\":57,\"w\":12,\"h\":2,\"i\":\"a2954d37-6500-4d06-86bd-25628e665afc\"},\"panelIndex\":\"a2954d37-6500-4d06-86bd-25628e665afc\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_a2954d37-6500-4d06-86bd-25628e665afc\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":36,\"y\":57,\"w\":12,\"h\":2,\"i\":\"493bbb31-3d1c-4b64-8165-7404074566ea\"},\"panelIndex\":\"493bbb31-3d1c-4b64-8165-7404074566ea\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_493bbb31-3d1c-4b64-8165-7404074566ea\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":59,\"w\":24,\"h\":14,\"i\":\"7c30c64f-560b-40fc-8f52-55ced9276965\"},\"panelIndex\":\"7c30c64f-560b-40fc-8f52-55ced9276965\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Countries (bits/s)\",\"panelRefName\":\"panel_7c30c64f-560b-40fc-8f52-55ced9276965\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":59,\"w\":24,\"h\":14,\"i\":\"95b67190-70c4-4854-9e99-61dcbd7a084e\"},\"panelIndex\":\"95b67190-70c4-4854-9e99-61dcbd7a084e\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Cities (bits/s)\",\"panelRefName\":\"panel_95b67190-70c4-4854-9e99-61dcbd7a084e\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":73,\"w\":24,\"h\":14,\"i\":\"a8cd2029-26c0-48cc-a05f-dbce3b5fcb2a\"},\"panelIndex\":\"a8cd2029-26c0-48cc-a05f-dbce3b5fcb2a\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Countries (pkts/s)\",\"panelRefName\":\"panel_a8cd2029-26c0-48cc-a05f-dbce3b5fcb2a\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":73,\"w\":24,\"h\":14,\"i\":\"8fe20507-bd7d-4839-8d3d-e02e00c28a0e\"},\"panelIndex\":\"8fe20507-bd7d-4839-8d3d-e02e00c28a0e\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Cities (pkts/s)\",\"panelRefName\":\"panel_8fe20507-bd7d-4839-8d3d-e02e00c28a0e\"}]","timeRestore":false,"title":"ElastiFlow (flow): Traffic Details (locality)","version":1},"coreMigrationVersion":"8.2.0","id":"52ec57df-2a74-488f-afc2-ccbcf5c70918","migrationVersion":{"dashboard":"8.2.0"},"references":[{"id":"4082b96d-f3df-4a2f-b18d-e350bd2632a7","name":"ebfe0c73-9119-4793-b907-e6abf3687470:panel_ebfe0c73-9119-4793-b907-e6abf3687470","type":"visualization"},{"id":"a9af22e6-caa2-4948-b7e2-d29cd09249ef","name":"b064e7cb-3995-4f48-a6a6-0160bec6cf38:panel_b064e7cb-3995-4f48-a6a6-0160bec6cf38","type":"visualization"},{"id":"b3a59822-c752-45ed-b321-fe35aa1edda7","name":"2b0b0a7d-9601-4f77-991e-595c8f49f1cc:panel_2b0b0a7d-9601-4f77-991e-595c8f49f1cc","type":"visualization"},{"id":"5b49c50b-97dc-4ea3-aa9b-caecd917a398","name":"44d9de31-21bd-48f2-ae20-03c7cc02cf38:panel_44d9de31-21bd-48f2-ae20-03c7cc02cf38","type":"visualization"},{"id":"39d5cd36-e9b0-44ed-af52-72808d2cee86","name":"c4cfb01a-7f94-408f-9ff4-db6b5ff62e14:panel_c4cfb01a-7f94-408f-9ff4-db6b5ff62e14","type":"visualization"},{"id":"2a974000-47a6-404e-ac3c-37667c202cbd","name":"45fcce14-648e-4a03-93d3-25d6877bc59b:panel_45fcce14-648e-4a03-93d3-25d6877bc59b","type":"visualization"},{"id":"7fe0d159-0d2b-4f49-80ce-550e07bfb226","name":"ea1e124f-66fb-450a-91ae-b280761805b6:panel_ea1e124f-66fb-450a-91ae-b280761805b6","type":"visualization"},{"id":"2a974000-47a6-404e-ac3c-37667c202cbd","name":"89968f5f-8631-42ee-aa40-035d1b739cd8:panel_89968f5f-8631-42ee-aa40-035d1b739cd8","type":"visualization"},{"id":"9118aa97-ba0d-46e6-addf-bfd9f4f3b0d3","name":"e05a9295-cfe9-4c82-ad8f-a60623c34696:panel_e05a9295-cfe9-4c82-ad8f-a60623c34696","type":"visualization"},{"id":"98c7e4b8-cdd2-49b7-ba2f-fdf075a8843a","name":"3433e143-2abc-44b8-ae19-9c78f956463c:panel_3433e143-2abc-44b8-ae19-9c78f956463c","type":"visualization"},{"id":"2a974000-47a6-404e-ac3c-37667c202cbd","name":"89dd18b8-2aae-48e7-82a3-2015cc8392cd:panel_89dd18b8-2aae-48e7-82a3-2015cc8392cd","type":"visualization"},{"id":"2a974000-47a6-404e-ac3c-37667c202cbd","name":"b10fbaf5-e085-4971-b03b-fd416be14c96:panel_b10fbaf5-e085-4971-b03b-fd416be14c96","type":"visualization"},{"id":"d4c923f7-589f-4b1a-a7a9-6dad91de307a","name":"6dc27cd0-b389-4e88-a037-c650b5bbae55:panel_6dc27cd0-b389-4e88-a037-c650b5bbae55","type":"visualization"},{"id":"34c780f0-0bf4-429b-aea8-7de2f22dd0c6","name":"ae81dc0b-1824-45a4-a8d3-f5e1b3c53a79:panel_ae81dc0b-1824-45a4-a8d3-f5e1b3c53a79","type":"visualization"},{"id":"8eb684ba-7f9e-4917-9552-0e7c6188fd7e","name":"201584fb-714b-4a77-8ad6-fe15c569a8f3:panel_201584fb-714b-4a77-8ad6-fe15c569a8f3","type":"visualization"},{"id":"df2bf36c-14c2-4d39-bae2-31aeb736f580","name":"15635f46-3d83-42b6-b963-28bcb7c86d1b:panel_15635f46-3d83-42b6-b963-28bcb7c86d1b","type":"visualization"},{"id":"5a0ed3a9-b3a6-4991-91e5-26301151431f","name":"2c8ef372-1cd8-46e7-af5c-2dd2d774b90d:panel_2c8ef372-1cd8-46e7-af5c-2dd2d774b90d","type":"visualization"},{"id":"2a974000-47a6-404e-ac3c-37667c202cbd","name":"8b735118-34b3-4c5d-9031-8b878c9b7d44:panel_8b735118-34b3-4c5d-9031-8b878c9b7d44","type":"visualization"},{"id":"42d8cfe0-ddb2-4c1e-a4af-73c116456e3a","name":"d72d52dd-65f6-43c9-af13-9f32f2e36770:panel_d72d52dd-65f6-43c9-af13-9f32f2e36770","type":"visualization"},{"id":"2a974000-47a6-404e-ac3c-37667c202cbd","name":"49fbd4c9-3b73-40f0-8e1d-cf86c8239c18:panel_49fbd4c9-3b73-40f0-8e1d-cf86c8239c18","type":"visualization"},{"id":"226e6ca1-c08a-4ec6-bfbd-cb34669ed5d3","name":"f26fb4a2-0676-498c-9ae2-33868a3b0ce5:panel_f26fb4a2-0676-498c-9ae2-33868a3b0ce5","type":"visualization"},{"id":"9dec8c8e-f804-44fb-88ca-7d16dd02c04b","name":"dadb4e2b-b70f-4bdf-88de-127c2734c01a:panel_dadb4e2b-b70f-4bdf-88de-127c2734c01a","type":"visualization"},{"id":"2a974000-47a6-404e-ac3c-37667c202cbd","name":"a2954d37-6500-4d06-86bd-25628e665afc:panel_a2954d37-6500-4d06-86bd-25628e665afc","type":"visualization"},{"id":"2a974000-47a6-404e-ac3c-37667c202cbd","name":"493bbb31-3d1c-4b64-8165-7404074566ea:panel_493bbb31-3d1c-4b64-8165-7404074566ea","type":"visualization"},{"id":"4b2cf5d2-a71f-4f23-b5a9-8680736c2211","name":"7c30c64f-560b-40fc-8f52-55ced9276965:panel_7c30c64f-560b-40fc-8f52-55ced9276965","type":"visualization"},{"id":"f24d253a-3f12-43c9-8898-d7b7dc34cb37","name":"95b67190-70c4-4854-9e99-61dcbd7a084e:panel_95b67190-70c4-4854-9e99-61dcbd7a084e","type":"visualization"},{"id":"a170156c-638f-4dd3-8045-1c3597df4255","name":"a8cd2029-26c0-48cc-a05f-dbce3b5fcb2a:panel_a8cd2029-26c0-48cc-a05f-dbce3b5fcb2a","type":"visualization"},{"id":"ee563759-c60c-4f01-b9cb-009f1b74f4ec","name":"8fe20507-bd7d-4839-8d3d-e02e00c28a0e:panel_8fe20507-bd7d-4839-8d3d-e02e00c28a0e","type":"visualization"}],"sort":[1675811601479,14850],"type":"dashboard","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY4NjcsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Top Clients - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: Top Clients - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Bytes\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"Packets\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Flow Records\"},\"schema\":\"metric\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"client.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":199,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Top Clients\"},\"schema\":\"bucket\"},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"client.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client IP\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"48610072-036f-4992-91c4-7b8b5be79536","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1675811601479,14852],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY4NjgsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Observed Traffic (bits/s) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Observed Traffic (bits/s) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"243e6f91-2230-4e05-bcdd-3fb4a0941bab\",\"type\":\"timeseries\",\"series\":[{\"id\":\"51ea642f-d1a5-4d80-963e-5990c33fc8e0\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\",\"type\":\"sum\",\"field\":\"network.bytes\"},{\"id\":\"6a8fef1c-81ba-4dc7-9707-418a50286686\",\"type\":\"calculation\",\"variables\":[{\"id\":\"99002288-db72-4bdf-a45f-ab3f6fd9def5\",\"name\":\"bytes\",\"field\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Throughput\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\"},{\"id\":\"421e0fdf-4321-44f1-bb3e-439c1e13ed98\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"be634496-f50c-476b-b941-f643e4e5e302\",\"type\":\"sum\",\"field\":\"network.bytes\"},{\"id\":\"ad71e075-6b32-48d3-9166-56de5602e828\",\"type\":\"calculation\",\"variables\":[{\"id\":\"6444c352-97d0-411f-a9cb-84d693544965\",\"name\":\"bytes\",\"field\":\"be634496-f50c-476b-b941-f643e4e5e302\"}],\"script\":\"(params.bytes * 8) / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"0.0bitd\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Interfaces\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\",\"terms_field\":\"host.name\",\"terms_size\":\"25\",\"terms_order_by\":\"be634496-f50c-476b-b941-f643e4e5e302\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-ecs-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"filter\":{\"query\":\"host.name: * \",\"language\":\"kuery\"},\"axis_min\":\"0\",\"use_kibana_indexes\":false,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"08644857-0ee3-4b58-90d0-0597c2bdbd50","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,14853],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY4NjksMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Conversation Count - TSVB (metric)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Conversation Count - TSVB (metric)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"243e6f91-2230-4e05-bcdd-3fb4a0941bab\",\"type\":\"metric\",\"series\":[{\"id\":\"51ea642f-d1a5-4d80-963e-5990c33fc8e0\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\",\"type\":\"cardinality\",\"field\":\"flow.conversation.id\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Conversations\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-ecs-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"background_color_rules\":[{\"id\":\"a075e039-575f-4c8b-b940-2e884eba28aa\"}],\"time_range_mode\":\"entire_time_range\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"498bfb87-b9d2-42ca-a91f-076362b2aaa1","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,14854],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY4NzAsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"terms\":{\"destination.port\":[22,23,1494,3389]}},{\"range\":{\"destination.port\":{\"gte\":\"5900\",\"lte\":\"5904\"}}}]}},{\"term\":{\"source.as.organization.name\":\"PRIVATE\"}},{\"term\":{\"destination.as.organization.name\":\"PRIVATE\"}}],\"must_not\":[{\"terms\":{\"source.port\":[53,123,80,443,25,465,110,195,143,993]}}]},\"meta\":{\"alias\":\"CLI & Remote Desktop Private\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"bool\\\":{\\\"minimum_should_match\\\":1,\\\"should\\\":[{\\\"terms\\\":{\\\"destination.port\\\":[22,23,1494,3389]}},{\\\"range\\\":{\\\"destination.port\\\":{\\\"gte\\\":\\\"5900\\\",\\\"lte\\\":\\\"5904\\\"}}}]}},{\\\"term\\\":{\\\"source.as.organization.name\\\":\\\"PRIVATE\\\"}},{\\\"term\\\":{\\\"destination.as.organization.name\\\":\\\"PRIVATE\\\"}}],\\\"must_not\\\":[{\\\"terms\\\":{\\\"source.port\\\":[53,123,80,443,25,465,110,195,143,993]}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): CLI & Remote Desktop Sessions (Private) - table","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: CLI & Remote Desktop Sessions (Private) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"source.port\",\"customLabel\":\"Sessions\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.l4.port.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":14,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"d8e3497a-5070-4627-92eb-5e0c5b17cdde","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1675811601479,14857],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY4NzEsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"event.dataset\",\"negate\":false,\"params\":[\"ipfix\",\"netflow\"],\"type\":\"phrases\",\"value\":\"ipfix, netflow\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"event.dataset\":\"ipfix\"}},{\"match_phrase\":{\"event.dataset\":\"netflow\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"network.transport\",\"negate\":false,\"params\":{\"query\":\"udp\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"match_phrase\":{\"network.transport\":\"udp\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":\"NTP\",\"disabled\":false,\"key\":\"query\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"bool\\\":{\\\"minimum_should_match\\\":1,\\\"should\\\":[{\\\"match_phrase\\\":{\\\"source.port\\\":\\\"123\\\"}},{\\\"match_phrase\\\":{\\\"destination.port\\\":\\\"123\\\"}}]}}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"source.port\":\"123\"}},{\"match_phrase\":{\"destination.port\":\"123\"}}]}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): NTP Messages by Exporter - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: NTP Messages by Exporter - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"Msg\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":99,\"otherBucket\":true,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Flow Exporter\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"72a6107b-f95a-4262-9ac7-851d399e8127","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index","type":"index-pattern"}],"sort":[1675811601479,14862],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY4NzIsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): CLI Sessions from Public IP - metric","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: CLI Sessions from Public IP - metric\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"value\":0,\"id\":\"3374bc0c-cb5c-4fce-943a-f37049156236\",\"background_color\":\"rgba(204,204,204,1)\",\"operator\":\"gte\"},{\"value\":50,\"id\":\"c17422fd-f5ec-4ec6-b841-adaaa6a32d63\",\"background_color\":\"rgba(68,170,255,1)\",\"operator\":\"gte\"},{\"value\":500,\"id\":\"f581ce81-0463-4201-b122-a3d34fc5bee2\",\"background_color\":\"rgba(255,136,0,1)\",\"operator\":\"gte\"},{\"value\":5000,\"id\":\"0e11ceff-5cde-4958-a909-1a417e4c0e46\",\"background_color\":\"rgba(221,0,0,1)\",\"operator\":\"gte\"},{\"value\":null,\"id\":\"39e8d7f0-39a3-4852-a39c-57d276d8e973\",\"background_color\":\"rgba(204,204,204,1)\",\"operator\":\"empty\"}],\"filter\":{\"query\":\"\\\"destination.port\\\": (22 OR 23) AND NOT source.as.organization.name: \\\"PRIVATE\\\"\",\"language\":\"kuery\"},\"id\":\"243e6f91-2230-4e05-bcdd-3fb4a0941bab\",\"index_pattern\":\"elastiflow-flow-ecs-*\",\"interval\":\"\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"number\",\"id\":\"51ea642f-d1a5-4d80-963e-5990c33fc8e0\",\"label\":\"CLI Sessions (Public)\",\"line_width\":1,\"metrics\":[{\"id\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\",\"type\":\"cardinality\",\"field\":\"source.port\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"kibana\",\"split_mode\":\"everything\",\"stacked\":\"none\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"time_range_mode\":\"entire_time_range\",\"tooltip_mode\":\"show_all\",\"type\":\"metric\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"1b0198fa-9119-4d3b-9c4c-79c067d80000","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,14863],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY4NzMsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): CLI Sessions from Private IP - metric","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: CLI Sessions from Private IP - metric\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"value\":0,\"id\":\"3374bc0c-cb5c-4fce-943a-f37049156236\",\"background_color\":\"rgba(204,204,204,1)\",\"operator\":\"gte\"},{\"value\":50,\"id\":\"c17422fd-f5ec-4ec6-b841-adaaa6a32d63\",\"background_color\":\"rgba(68,170,255,1)\",\"operator\":\"gte\"},{\"value\":500,\"id\":\"f581ce81-0463-4201-b122-a3d34fc5bee2\",\"background_color\":\"rgba(255,136,0,1)\",\"operator\":\"gte\"},{\"value\":5000,\"id\":\"0e11ceff-5cde-4958-a909-1a417e4c0e46\",\"background_color\":\"rgba(221,0,0,1)\",\"operator\":\"gte\"},{\"value\":null,\"id\":\"b434ffa5-60dd-41a6-be3d-a9b5afffe1e7\",\"background_color\":\"rgba(204,204,204,1)\",\"operator\":\"empty\"}],\"filter\":{\"query\":\"\\\"destination.port\\\": (22 OR 23) AND source.as.organization.name: \\\"PRIVATE\\\" AND destination.as.organization.name: \\\"PRIVATE\\\"\",\"language\":\"kuery\"},\"id\":\"243e6f91-2230-4e05-bcdd-3fb4a0941bab\",\"index_pattern\":\"elastiflow-flow-ecs-*\",\"interval\":\"\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"number\",\"id\":\"51ea642f-d1a5-4d80-963e-5990c33fc8e0\",\"label\":\"CLI Sessions (Private)\",\"line_width\":1,\"metrics\":[{\"id\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\",\"type\":\"cardinality\",\"field\":\"source.port\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"kibana\",\"split_mode\":\"everything\",\"stacked\":\"none\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"time_range_mode\":\"entire_time_range\",\"tooltip_mode\":\"show_all\",\"type\":\"metric\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"2f758b7b-5473-4b32-9122-8dbee695de1e","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,14864],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY4NzQsMl0="}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":false}","panelsJSON":"[{\"version\":\"7.14.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":28,\"h\":4,\"i\":\"87e72168-6981-442c-a8af-25c39e5db52f\"},\"panelIndex\":\"87e72168-6981-442c-a8af-25c39e5db52f\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_87e72168-6981-442c-a8af-25c39e5db52f\"},{\"version\":\"7.14.0\",\"type\":\"visualization\",\"gridData\":{\"x\":28,\"y\":0,\"w\":15,\"h\":4,\"i\":\"6e1be00b-c180-4b94-b020-a607a8396b3d\"},\"panelIndex\":\"6e1be00b-c180-4b94-b020-a607a8396b3d\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_6e1be00b-c180-4b94-b020-a607a8396b3d\"},{\"version\":\"7.14.0\",\"type\":\"visualization\",\"gridData\":{\"x\":43,\"y\":0,\"w\":5,\"h\":4,\"i\":\"700597a0-0303-4f5b-bd79-e4aab7265315\"},\"panelIndex\":\"700597a0-0303-4f5b-bd79-e4aab7265315\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_700597a0-0303-4f5b-bd79-e4aab7265315\"},{\"version\":\"7.14.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":4,\"w\":8,\"h\":5,\"i\":\"c1276a14-bf7e-4918-929a-64910f39dd74\"},\"panelIndex\":\"c1276a14-bf7e-4918-929a-64910f39dd74\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_c1276a14-bf7e-4918-929a-64910f39dd74\"},{\"version\":\"7.14.0\",\"type\":\"visualization\",\"gridData\":{\"x\":8,\"y\":4,\"w\":8,\"h\":5,\"i\":\"33b7eabf-535b-4ab6-9293-31e8c1efde35\"},\"panelIndex\":\"33b7eabf-535b-4ab6-9293-31e8c1efde35\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_33b7eabf-535b-4ab6-9293-31e8c1efde35\"},{\"version\":\"7.14.0\",\"type\":\"visualization\",\"gridData\":{\"x\":16,\"y\":4,\"w\":8,\"h\":5,\"i\":\"afbd985f-ddf9-4dfd-bf8d-76a825cf38c7\"},\"panelIndex\":\"afbd985f-ddf9-4dfd-bf8d-76a825cf38c7\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_afbd985f-ddf9-4dfd-bf8d-76a825cf38c7\"},{\"version\":\"7.14.0\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":4,\"w\":8,\"h\":5,\"i\":\"f8638e95-de0a-44d6-9bc7-820b19e8fdd1\"},\"panelIndex\":\"f8638e95-de0a-44d6-9bc7-820b19e8fdd1\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_f8638e95-de0a-44d6-9bc7-820b19e8fdd1\"},{\"version\":\"7.14.0\",\"type\":\"visualization\",\"gridData\":{\"x\":32,\"y\":4,\"w\":8,\"h\":5,\"i\":\"ec53cdcb-68af-424b-8bf9-cafe97a1f544\"},\"panelIndex\":\"ec53cdcb-68af-424b-8bf9-cafe97a1f544\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_ec53cdcb-68af-424b-8bf9-cafe97a1f544\"},{\"version\":\"7.14.0\",\"type\":\"visualization\",\"gridData\":{\"x\":40,\"y\":4,\"w\":8,\"h\":5,\"i\":\"d9b0af46-5533-4afa-816d-614759636e7b\"},\"panelIndex\":\"d9b0af46-5533-4afa-816d-614759636e7b\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_d9b0af46-5533-4afa-816d-614759636e7b\"},{\"version\":\"7.14.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":9,\"w\":24,\"h\":32,\"i\":\"6fb4d85c-ca55-4c0f-99e8-6ee3267f4e5b\"},\"panelIndex\":\"6fb4d85c-ca55-4c0f-99e8-6ee3267f4e5b\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"CLI & Remote Desktop Sessions (Public)\",\"panelRefName\":\"panel_6fb4d85c-ca55-4c0f-99e8-6ee3267f4e5b\"},{\"version\":\"7.14.0\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":9,\"w\":24,\"h\":32,\"i\":\"26fd576c-c645-4473-b2c6-8f37614250b5\"},\"panelIndex\":\"26fd576c-c645-4473-b2c6-8f37614250b5\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"CLI & Remote Desktop Sessions (Private)\",\"panelRefName\":\"panel_26fd576c-c645-4473-b2c6-8f37614250b5\"}]","timeRestore":false,"title":"ElastiFlow (flow): Threats (Brute Force)","version":1},"coreMigrationVersion":"8.2.0","id":"d4634492-bd35-4e08-bb5b-00c21163817d","migrationVersion":{"dashboard":"8.2.0"},"references":[{"id":"a2268641-0cea-4dad-9ba4-0a4becaf2349","name":"87e72168-6981-442c-a8af-25c39e5db52f:panel_87e72168-6981-442c-a8af-25c39e5db52f","type":"visualization"},{"id":"913b3752-77ab-4925-8c63-1c908bce88a0","name":"6e1be00b-c180-4b94-b020-a607a8396b3d:panel_6e1be00b-c180-4b94-b020-a607a8396b3d","type":"visualization"},{"id":"b3a59822-c752-45ed-b321-fe35aa1edda7","name":"700597a0-0303-4f5b-bd79-e4aab7265315:panel_700597a0-0303-4f5b-bd79-e4aab7265315","type":"visualization"},{"id":"830a5905-13c8-44c1-81b3-d386512ecf57","name":"c1276a14-bf7e-4918-929a-64910f39dd74:panel_c1276a14-bf7e-4918-929a-64910f39dd74","type":"visualization"},{"id":"1b0198fa-9119-4d3b-9c4c-79c067d80000","name":"33b7eabf-535b-4ab6-9293-31e8c1efde35:panel_33b7eabf-535b-4ab6-9293-31e8c1efde35","type":"visualization"},{"id":"2f758b7b-5473-4b32-9122-8dbee695de1e","name":"afbd985f-ddf9-4dfd-bf8d-76a825cf38c7:panel_afbd985f-ddf9-4dfd-bf8d-76a825cf38c7","type":"visualization"},{"id":"4180ab1f-46ab-4c68-a8d6-694ba0900a61","name":"f8638e95-de0a-44d6-9bc7-820b19e8fdd1:panel_f8638e95-de0a-44d6-9bc7-820b19e8fdd1","type":"visualization"},{"id":"b82c19df-4728-4d35-b43d-1863143ad8ff","name":"ec53cdcb-68af-424b-8bf9-cafe97a1f544:panel_ec53cdcb-68af-424b-8bf9-cafe97a1f544","type":"visualization"},{"id":"2a974000-47a6-404e-ac3c-37667c202cbd","name":"d9b0af46-5533-4afa-816d-614759636e7b:panel_d9b0af46-5533-4afa-816d-614759636e7b","type":"visualization"},{"id":"6dd53623-58f0-4fd1-bae0-bb415eb1e766","name":"6fb4d85c-ca55-4c0f-99e8-6ee3267f4e5b:panel_6fb4d85c-ca55-4c0f-99e8-6ee3267f4e5b","type":"visualization"},{"id":"d8e3497a-5070-4627-92eb-5e0c5b17cdde","name":"26fd576c-c645-4473-b2c6-8f37614250b5:panel_26fd576c-c645-4473-b2c6-8f37614250b5","type":"visualization"}],"sort":[1675811601479,14876],"type":"dashboard","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY4NzUsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): RADIUS AUTH Req/Resp (packets) - TSVB (line)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: RADIUS AUTH Req/Resp (packets) - TSVB (line)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"time_range_mode\":\"entire_time_range\",\"id\":\"243e6f91-2230-4e05-bcdd-3fb4a0941bab\",\"type\":\"timeseries\",\"series\":[{\"id\":\"51ea642f-d1a5-4d80-963e-5990c33fc8e0\",\"color\":\"rgba(255,69,69,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\",\"type\":\"sum\",\"field\":\"network.packets\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"3\",\"point_size\":\"0\",\"fill\":\"0\",\"stacked\":\"none\",\"label\":\"AUTH requests\",\"type\":\"timeseries\",\"filter\":{\"query\":\"destination.port: 1812 OR destination.port: 1645\",\"language\":\"kuery\"}},{\"id\":\"eebf03a7-ddfb-4583-bf53-66f1908a614e\",\"color\":\"rgba(88,224,97,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"483e84a5-0810-4223-a287-f2bc89a2c4c9\",\"type\":\"sum\",\"field\":\"network.packets\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"3\",\"point_size\":\"0\",\"fill\":\"0\",\"stacked\":\"none\",\"label\":\"AUTH responses\",\"type\":\"timeseries\",\"filter\":{\"query\":\"source.port: 1812 OR source.port: 1645\",\"language\":\"kuery\"}}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-ecs-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"drop_last_bucket\":1,\"filter\":{\"query\":\"network.transport: \\\"udp\\\" AND (event.dataset: \\\"ipfix\\\" OR event.dataset: \\\"netflow\\\")\",\"language\":\"kuery\"},\"use_kibana_indexes\":false,\"axis_min\":\"0\"}}"},"coreMigrationVersion":"8.2.0","id":"3cb689f9-5f60-44e8-b6b7-46cc6affc8bd","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,14877],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY4NzYsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Exporter, Locality, Service - input list","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Exporter, Locality, Service - input list\",\"type\":\"input_control_vis\",\"aggs\":[],\"params\":{\"controls\":[{\"id\":\"1607868729183\",\"fieldName\":\"host.name\",\"parent\":\"\",\"label\":\"Flow Exporter\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":1000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_0_index_pattern\"},{\"id\":\"1607868774014\",\"fieldName\":\"flow.locality\",\"parent\":\"\",\"label\":\"Traffic Locality\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":5,\"order\":\"desc\"},\"indexPatternRefName\":\"control_1_index_pattern\"},{\"id\":\"1607868835824\",\"fieldName\":\"flow.server.l4.port.name\",\"parent\":\"\",\"label\":\"Service\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":1000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_2_index_pattern\"}],\"updateFiltersOnChange\":true,\"useTimeFilter\":true,\"pinFilters\":true}}"},"coreMigrationVersion":"8.2.0","id":"c98606ba-ede6-4d81-bada-77a96ea7ee6d","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"control_0_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"control_1_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"control_2_index_pattern","type":"index-pattern"}],"sort":[1675811601479,14881],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY4NzcsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Top Servers - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: Top Servers - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Bytes\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"Packets\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Flow Records\"},\"schema\":\"metric\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"server.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":199,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Top Servers\"},\"schema\":\"bucket\"},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"server.ip\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server IP\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"196869d9-c804-4a2c-b423-81692ed21a15","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1675811601479,14883],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY4NzgsMl0="}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":false}","panelsJSON":"[{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":28,\"h\":4,\"i\":\"2bcfc329-93a6-427a-a885-d50cb9577697\"},\"panelIndex\":\"2bcfc329-93a6-427a-a885-d50cb9577697\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_2bcfc329-93a6-427a-a885-d50cb9577697\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":28,\"y\":0,\"w\":15,\"h\":4,\"i\":\"58c95936-d5ed-493c-a3d7-b6b5ce5b2837\"},\"panelIndex\":\"58c95936-d5ed-493c-a3d7-b6b5ce5b2837\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_58c95936-d5ed-493c-a3d7-b6b5ce5b2837\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":43,\"y\":0,\"w\":5,\"h\":4,\"i\":\"29becbce-15b2-4817-abe8-fba5c192bb36\"},\"panelIndex\":\"29becbce-15b2-4817-abe8-fba5c192bb36\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_29becbce-15b2-4817-abe8-fba5c192bb36\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":4,\"w\":9,\"h\":14,\"i\":\"def243fd-e1a1-451b-878a-edc27fddb122\"},\"panelIndex\":\"def243fd-e1a1-451b-878a-edc27fddb122\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_def243fd-e1a1-451b-878a-edc27fddb122\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":9,\"y\":4,\"w\":9,\"h\":6,\"i\":\"413b97cf-eea4-4204-93e3-a522b80ff2d2\"},\"panelIndex\":\"413b97cf-eea4-4204-93e3-a522b80ff2d2\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_413b97cf-eea4-4204-93e3-a522b80ff2d2\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":18,\"y\":4,\"w\":30,\"h\":14,\"i\":\"494dd8e9-38d4-4f56-b388-254e513ab785\"},\"panelIndex\":\"494dd8e9-38d4-4f56-b388-254e513ab785\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Throughput (bits/s)\",\"panelRefName\":\"panel_494dd8e9-38d4-4f56-b388-254e513ab785\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":9,\"y\":10,\"w\":9,\"h\":6,\"i\":\"75cf4617-5f67-4fbf-8c6e-7ac324297b14\"},\"panelIndex\":\"75cf4617-5f67-4fbf-8c6e-7ac324297b14\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_75cf4617-5f67-4fbf-8c6e-7ac324297b14\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":9,\"y\":16,\"w\":9,\"h\":2,\"i\":\"42e7ee97-2615-4d86-aad3-69b57ac56ceb\"},\"panelIndex\":\"42e7ee97-2615-4d86-aad3-69b57ac56ceb\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_42e7ee97-2615-4d86-aad3-69b57ac56ceb\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":18,\"w\":24,\"h\":23,\"i\":\"6abb0fde-1156-4f61-af51-7ea1167fad90\"},\"panelIndex\":\"6abb0fde-1156-4f61-af51-7ea1167fad90\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_6abb0fde-1156-4f61-af51-7ea1167fad90\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":18,\"w\":24,\"h\":23,\"i\":\"5c46c727-8b39-40c1-85ad-5491c9c501d6\"},\"panelIndex\":\"5c46c727-8b39-40c1-85ad-5491c9c501d6\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_5c46c727-8b39-40c1-85ad-5491c9c501d6\"}]","timeRestore":false,"title":"ElastiFlow (flow): Top Talkers","version":1},"coreMigrationVersion":"8.2.0","id":"6ffd0f89-824f-480e-bac3-6208b569a7c5","migrationVersion":{"dashboard":"8.2.0"},"references":[{"id":"b7435d4b-4e85-4460-8cda-e4bea7a79cb2","name":"2bcfc329-93a6-427a-a885-d50cb9577697:panel_2bcfc329-93a6-427a-a885-d50cb9577697","type":"visualization"},{"id":"78e4a637-7817-4b7f-a9ac-ef26e4d6bf6e","name":"58c95936-d5ed-493c-a3d7-b6b5ce5b2837:panel_58c95936-d5ed-493c-a3d7-b6b5ce5b2837","type":"visualization"},{"id":"b3a59822-c752-45ed-b321-fe35aa1edda7","name":"29becbce-15b2-4817-abe8-fba5c192bb36:panel_29becbce-15b2-4817-abe8-fba5c192bb36","type":"visualization"},{"id":"c98606ba-ede6-4d81-bada-77a96ea7ee6d","name":"def243fd-e1a1-451b-878a-edc27fddb122:panel_def243fd-e1a1-451b-878a-edc27fddb122","type":"visualization"},{"id":"9648f7de-710b-4293-b71c-bba434472ab6","name":"413b97cf-eea4-4204-93e3-a522b80ff2d2:panel_413b97cf-eea4-4204-93e3-a522b80ff2d2","type":"visualization"},{"id":"252eb2fb-a498-49a2-ac8a-c807f4942582","name":"494dd8e9-38d4-4f56-b388-254e513ab785:panel_494dd8e9-38d4-4f56-b388-254e513ab785","type":"visualization"},{"id":"4b39512e-34a2-4369-8e14-a7eb7b4b4ccf","name":"75cf4617-5f67-4fbf-8c6e-7ac324297b14:panel_75cf4617-5f67-4fbf-8c6e-7ac324297b14","type":"visualization"},{"id":"2a974000-47a6-404e-ac3c-37667c202cbd","name":"42e7ee97-2615-4d86-aad3-69b57ac56ceb:panel_42e7ee97-2615-4d86-aad3-69b57ac56ceb","type":"visualization"},{"id":"48610072-036f-4992-91c4-7b8b5be79536","name":"6abb0fde-1156-4f61-af51-7ea1167fad90:panel_6abb0fde-1156-4f61-af51-7ea1167fad90","type":"visualization"},{"id":"196869d9-c804-4a2c-b423-81692ed21a15","name":"5c46c727-8b39-40c1-85ad-5491c9c501d6:panel_5c46c727-8b39-40c1-85ad-5491c9c501d6","type":"visualization"}],"sort":[1675811601479,14894],"type":"dashboard","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY4NzksMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): IP Reputations (flows) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: IP Reputations (flows) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"243e6f91-2230-4e05-bcdd-3fb4a0941bab\",\"type\":\"timeseries\",\"series\":[{\"id\":\"51ea642f-d1a5-4d80-963e-5990c33fc8e0\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\",\"type\":\"cardinality\",\"field\":\"flow.conversation.id\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Conversations\",\"type\":\"timeseries\",\"value_template\":\"{{value}}\",\"filter\":{\"query\":\"sec.threat.name: *\",\"language\":\"kuery\"}},{\"id\":\"421e0fdf-4321-44f1-bb3e-439c1e13ed98\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"rainbow\",\"metrics\":[{\"id\":\"be634496-f50c-476b-b941-f643e4e5e302\",\"type\":\"cardinality\",\"field\":\"flow.conversation.id\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Top Threats\",\"type\":\"timeseries\",\"value_template\":\"{{value}}\",\"terms_field\":\"sec.threat.name\",\"terms_size\":\"25\",\"terms_order_by\":\"be634496-f50c-476b-b941-f643e4e5e302\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-ecs-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"filter\":{\"query\":\"\",\"language\":\"kuery\"},\"axis_min\":\"0\",\"use_kibana_indexes\":false,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"ceb966bc-6635-4c46-be65-917f3b9da169","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,14895],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY4ODAsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"terms\":{\"destination.port\":[22,23]}}]}},{\"term\":{\"source.as.organization.name\":\"PRIVATE\"}},{\"term\":{\"destination.as.organization.name\":\"PRIVATE\"}}],\"must_not\":[{\"terms\":{\"source.port\":[53,123,80,443,25,465,110,195,143,993]}}]},\"meta\":{\"alias\":\"CLI Private\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"bool\\\":{\\\"minimum_should_match\\\":1,\\\"should\\\":[{\\\"terms\\\":{\\\"destination.port\\\":[22,23]}}]}},{\\\"term\\\":{\\\"source.as.organization.name\\\":\\\"PRIVATE\\\"}},{\\\"term\\\":{\\\"destination.as.organization.name\\\":\\\"PRIVATE\\\"}}],\\\"must_not\\\":[{\\\"terms\\\":{\\\"source.port\\\":[53,123,80,443,25,465,110,195,143,993]}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): CLI Sessions (Private) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: CLI Sessions (Private) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"source.port\",\"customLabel\":\"Sessions\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.l4.port.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":15,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"5ef492ea-3c7a-46e3-b226-8e883297f08a","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1675811601479,14898],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY4ODEsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Countries and Cities (bytes) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Countries and Cities (bytes) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Bytes\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"geo.country.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Country\"},\"schema\":\"segment\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"geo.city.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"City\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\"}}"},"coreMigrationVersion":"8.2.0","id":"ebced979-fffd-48ed-88a2-0d8dfd107543","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1675811601479,14900],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY4ODIsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"terms\":{\"destination.port\":[22,23,1494,3389]}},{\"range\":{\"destination.port\":{\"gte\":\"5900\",\"lte\":\"5904\"}}}]}}],\"must_not\":[{\"term\":{\"source.as.organization.name\":\"PRIVATE\"}},{\"term\":{\"destination.as.organization.name\":\"PRIVATE\"}},{\"terms\":{\"source.port\":[53,123,80,443,25,465,110,195,143,993]}}]},\"meta\":{\"alias\":\"Brute Force Edge\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"bool\\\":{\\\"should\\\":[{\\\"terms\\\":{\\\"destination.port\\\":[22,23,1494,3389]}},{\\\"range\\\":{\\\"destination.port\\\":{\\\"gte\\\":\\\"5900\\\",\\\"lte\\\":\\\"5904\\\"}}}],\\\"minimum_should_match\\\":1}}],\\\"must_not\\\":[{\\\"term\\\":{\\\"source.as.organization.name\\\":\\\"PRIVATE\\\"}},{\\\"term\\\":{\\\"destination.as.organization.name\\\":\\\"PRIVATE\\\"}},{\\\"terms\\\":{\\\"source.port\\\":[53,123,80,443,25,465,110,195,143,993]}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Brute Force Sessions (Edge) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: Brute Force Sessions (Edge) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"source.port\",\"customLabel\":\"Sessions\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.l4.port.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"10b9d1b6-b79e-4e58-954c-04901e29d733","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1675811601479,14903],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY4ODMsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"terms\":{\"network.transport\":[\"icmp\",\"ipv6-icmp\"]}},{\"term\":{\"destination.as.organization.name\":\"PRIVATE\"}}],\"must_not\":[{\"term\":{\"source.as.organization.name\":\"PRIVATE\"}}]},\"meta\":{\"alias\":\"ICMP Inbound\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"terms\\\":{\\\"network.transport\\\":[\\\"icmp\\\",\\\"ipv6-icmp\\\"]}},{\\\"term\\\":{\\\"destination.as.organization.name\\\":\\\"PRIVATE\\\"}}],\\\"must_not\\\":[{\\\"term\\\":{\\\"source.as.organization.name\\\":\\\"PRIVATE\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): ICMP Messages Direct (Inbound) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: ICMP Messages Direct (Inbound) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Messages\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"8f63931b-a717-4f4c-a5a4-d5de1917f81f","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1675811601479,14906],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY4ODQsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"terms\":{\"event.dataset\":[\"netflow\",\"ipfix\"]}},{\"term\":{\"tcp.flags.bits\":2}}],\"must_not\":[{\"term\":{\"destination.as.organization.name\":\"PRIVATE\"}},{\"term\":{\"source.as.organization.name\":\"PRIVATE\"}}]},\"meta\":{\"alias\":\"SYN-only Edge\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"terms\\\":{\\\"event.dataset\\\":[\\\"netflow\\\",\\\"ipfix\\\"]}},{\\\"term\\\":{\\\"tcp.flags.bits\\\":2}}],\\\"must_not\\\":[{\\\"term\\\":{\\\"destination.as.organization.name\\\":\\\"PRIVATE\\\"}},{\\\"term\\\":{\\\"source.as.organization.name\\\":\\\"PRIVATE\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): TCP SYN-only Sources (Edge) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: TCP SYN-only Sources (Edge) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"source.ip\",\"customLabel\":\"Sources\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.l4.port.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"4a74b4d1-8a83-4154-be8c-ee68eab03651","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1675811601479,14909],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY4ODUsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): DHCP Responses (packets) - TSVB (metric)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: DHCP Responses (packets) - TSVB (metric)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"243e6f91-2230-4e05-bcdd-3fb4a0941bab\",\"type\":\"metric\",\"series\":[{\"id\":\"51ea642f-d1a5-4d80-963e-5990c33fc8e0\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\",\"type\":\"sum\",\"field\":\"network.packets\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"3\",\"point_size\":\"0\",\"fill\":\"0\",\"stacked\":\"none\",\"label\":\"responses\",\"type\":\"timeseries\",\"filter\":{\"query\":\"\",\"language\":\"kuery\"}}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-ecs-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"drop_last_bucket\":1,\"background_color_rules\":[{\"id\":\"5ede7772-5bb9-4e6c-886a-346f69dc073b\"}],\"filter\":{\"query\":\"network.transport: \\\"udp\\\" AND source.port: 67 AND destination.port: 68 AND (event.dataset: \\\"ipfix\\\" OR event.dataset: \\\"netflow\\\")\",\"language\":\"kuery\"},\"time_range_mode\":\"entire_time_range\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true}}"},"coreMigrationVersion":"8.2.0","id":"dc13c22e-f2e5-4df3-9b85-b3f3e752b3d1","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,14910],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY4ODYsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"destination.ip\",\"negate\":true,\"params\":{\"query\":\"255.255.255.255\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match_phrase\":{\"destination.ip\":\"255.255.255.255\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"source.port\",\"negate\":false,\"params\":{\"query\":\"68\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"match_phrase\":{\"source.port\":\"68\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"destination.port\",\"negate\":false,\"params\":{\"query\":\"67\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"match_phrase\":{\"destination.port\":\"67\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"event.dataset\",\"negate\":false,\"params\":[\"ipfix\",\"netflow\"],\"type\":\"phrases\",\"value\":\"ipfix, netflow\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[3].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"event.dataset\":\"ipfix\"}},{\"match_phrase\":{\"event.dataset\":\"netflow\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"network.transport\",\"negate\":false,\"params\":{\"query\":\"udp\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[4].meta.index\"},\"query\":{\"match_phrase\":{\"network.transport\":\"udp\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): DHCP Requests by Server - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow (flow): DHCP Requests by Server - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"Requests\",\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":24,\"otherBucket\":true,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"DHCP Server\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"nestedLegend\":false,\"truncateLegend\":true,\"maxLegendLines\":1,\"emptySizeRatio\":0.3,\"legendSize\":180}}"},"coreMigrationVersion":"8.2.0","id":"ef36da2e-c7e1-4f67-b554-c78a2dee923f","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[3].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[4].meta.index","type":"index-pattern"}],"sort":[1675811787919,15474],"type":"visualization","updated_at":"2023-02-07T23:16:27.919Z","version":"WzcyMDMsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"destination.port\",\"negate\":false,\"params\":{\"query\":\"68\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match_phrase\":{\"destination.port\":\"68\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"source.port\",\"negate\":false,\"params\":{\"query\":\"67\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"match_phrase\":{\"source.port\":\"67\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"event.dataset\",\"negate\":false,\"params\":[\"ipfix\",\"netflow\"],\"type\":\"phrases\",\"value\":\"ipfix, netflow\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"event.dataset\":\"ipfix\"}},{\"match_phrase\":{\"event.dataset\":\"netflow\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"network.transport\",\"negate\":false,\"params\":{\"query\":\"udp\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[3].meta.index\"},\"query\":{\"match_phrase\":{\"network.transport\":\"udp\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): DHCP Responses by Server - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow (flow): DHCP Responses by Server - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"Requests\",\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":24,\"otherBucket\":true,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"DHCP Server\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"nestedLegend\":false,\"truncateLegend\":true,\"maxLegendLines\":1,\"emptySizeRatio\":0.3,\"legendSize\":180}}"},"coreMigrationVersion":"8.2.0","id":"7af1a5f6-4b44-474c-844c-ca452245a529","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[3].meta.index","type":"index-pattern"}],"sort":[1675811798116,15482],"type":"visualization","updated_at":"2023-02-07T23:16:38.116Z","version":"WzcyMzAsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"destination.ip\",\"negate\":true,\"params\":{\"query\":\"255.255.255.255\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match_phrase\":{\"destination.ip\":\"255.255.255.255\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"source.port\",\"negate\":false,\"params\":{\"query\":\"68\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"match_phrase\":{\"source.port\":\"68\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"event.dataset\",\"negate\":false,\"params\":[\"ipfix\",\"netflow\"],\"type\":\"phrases\",\"value\":\"ipfix, netflow\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"event.dataset\":\"ipfix\"}},{\"match_phrase\":{\"event.dataset\":\"netflow\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"destination.port\",\"negate\":false,\"params\":{\"query\":\"67\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[3].meta.index\"},\"query\":{\"match_phrase\":{\"destination.port\":\"67\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"network.transport\",\"negate\":false,\"params\":{\"query\":\"udp\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[4].meta.index\"},\"query\":{\"match_phrase\":{\"network.transport\":\"udp\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): DHCP Requests by Server - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: DHCP Requests by Server - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"Req\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":99,\"otherBucket\":true,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"DHCP Server\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"9005f743-40c2-48c2-b818-ef368b9be270","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[3].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[4].meta.index","type":"index-pattern"}],"sort":[1675811601479,14930],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY4ODksMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"destination.port\",\"negate\":false,\"params\":{\"query\":\"67\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match_phrase\":{\"destination.port\":\"67\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"event.dataset\",\"negate\":false,\"params\":[\"ipfix\",\"netflow\"],\"type\":\"phrases\",\"value\":\"ipfix, netflow\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"event.dataset\":\"ipfix\"}},{\"match_phrase\":{\"event.dataset\":\"netflow\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"source.port\",\"negate\":false,\"params\":{\"query\":\"67\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"match_phrase\":{\"source.port\":\"67\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"network.transport\",\"negate\":false,\"params\":{\"query\":\"udp\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[3].meta.index\"},\"query\":{\"match_phrase\":{\"network.transport\":\"udp\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): DHCP Relayed Messages by src/dst - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: DHCP Relayed Messages by src/dst - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"Relay\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":99,\"otherBucket\":true,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":99,\"otherBucket\":true,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"55596080-2b10-4772-bd17-59c3fea4d752","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[3].meta.index","type":"index-pattern"}],"sort":[1675811601479,14936],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY4OTAsMl0="}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":false}","panelsJSON":"[{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"h\":4,\"i\":\"adbc3d93-667c-4e3a-b541-2aa499025164\",\"w\":28,\"x\":0,\"y\":0},\"panelIndex\":\"adbc3d93-667c-4e3a-b541-2aa499025164\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_adbc3d93-667c-4e3a-b541-2aa499025164\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"h\":4,\"i\":\"e8c08431-0a4d-44e9-ac7b-16fd94b3a813\",\"w\":15,\"x\":28,\"y\":0},\"panelIndex\":\"e8c08431-0a4d-44e9-ac7b-16fd94b3a813\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_e8c08431-0a4d-44e9-ac7b-16fd94b3a813\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"h\":4,\"i\":\"28249447-0b83-47e6-bbdf-0d12e957777d\",\"w\":5,\"x\":43,\"y\":0},\"panelIndex\":\"28249447-0b83-47e6-bbdf-0d12e957777d\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_28249447-0b83-47e6-bbdf-0d12e957777d\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"h\":5,\"i\":\"bd92e25d-92ba-4996-ae9f-65da031e94f7\",\"w\":5,\"x\":0,\"y\":4},\"panelIndex\":\"bd92e25d-92ba-4996-ae9f-65da031e94f7\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_bd92e25d-92ba-4996-ae9f-65da031e94f7\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"h\":5,\"i\":\"1a0f5453-15a8-4c7a-a131-67dbb4b6fcfc\",\"w\":5,\"x\":5,\"y\":4},\"panelIndex\":\"1a0f5453-15a8-4c7a-a131-67dbb4b6fcfc\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_1a0f5453-15a8-4c7a-a131-67dbb4b6fcfc\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"h\":5,\"i\":\"2b46378f-d553-438d-a86a-94b6051d4b05\",\"w\":5,\"x\":10,\"y\":4},\"panelIndex\":\"2b46378f-d553-438d-a86a-94b6051d4b05\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_2b46378f-d553-438d-a86a-94b6051d4b05\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"h\":5,\"i\":\"fe6132bf-63a0-413b-9462-3d8c32eb99ee\",\"w\":5,\"x\":15,\"y\":4},\"panelIndex\":\"fe6132bf-63a0-413b-9462-3d8c32eb99ee\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_fe6132bf-63a0-413b-9462-3d8c32eb99ee\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"h\":14,\"i\":\"7a27dc02-6bfe-46e6-a3ab-48f59672d208\",\"w\":28,\"x\":20,\"y\":4},\"panelIndex\":\"7a27dc02-6bfe-46e6-a3ab-48f59672d208\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_7a27dc02-6bfe-46e6-a3ab-48f59672d208\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"h\":9,\"i\":\"d537ecff-a8e0-447b-8ce8-f5b25d9d1fe3\",\"w\":10,\"x\":0,\"y\":9},\"panelIndex\":\"d537ecff-a8e0-447b-8ce8-f5b25d9d1fe3\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_d537ecff-a8e0-447b-8ce8-f5b25d9d1fe3\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"h\":9,\"i\":\"3e619821-3c07-4d89-888b-2054a2866932\",\"w\":10,\"x\":10,\"y\":9},\"panelIndex\":\"3e619821-3c07-4d89-888b-2054a2866932\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_3e619821-3c07-4d89-888b-2054a2866932\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"h\":23,\"i\":\"b9607886-988b-4c5d-95e2-690f037d1eb7\",\"w\":8,\"x\":0,\"y\":18},\"panelIndex\":\"b9607886-988b-4c5d-95e2-690f037d1eb7\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_b9607886-988b-4c5d-95e2-690f037d1eb7\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"h\":23,\"i\":\"828bfdc3-75c9-4ff2-b441-9c8f2122bd60\",\"w\":8,\"x\":8,\"y\":18},\"panelIndex\":\"828bfdc3-75c9-4ff2-b441-9c8f2122bd60\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_828bfdc3-75c9-4ff2-b441-9c8f2122bd60\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"h\":23,\"i\":\"7fe7af38-04a6-4ea9-95ec-d9444c13696d\",\"w\":8,\"x\":16,\"y\":18},\"panelIndex\":\"7fe7af38-04a6-4ea9-95ec-d9444c13696d\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_7fe7af38-04a6-4ea9-95ec-d9444c13696d\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"h\":23,\"i\":\"8d8f2112-327e-45f0-bd40-6e53a64b4919\",\"w\":8,\"x\":24,\"y\":18},\"panelIndex\":\"8d8f2112-327e-45f0-bd40-6e53a64b4919\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_8d8f2112-327e-45f0-bd40-6e53a64b4919\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"h\":23,\"i\":\"ceb26ed9-2116-4f78-8d8f-9a7d4b2db209\",\"w\":9,\"x\":32,\"y\":18},\"panelIndex\":\"ceb26ed9-2116-4f78-8d8f-9a7d4b2db209\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_ceb26ed9-2116-4f78-8d8f-9a7d4b2db209\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"h\":23,\"i\":\"e1a3894a-3bea-46cb-9264-99d1652d8846\",\"w\":7,\"x\":41,\"y\":18},\"panelIndex\":\"e1a3894a-3bea-46cb-9264-99d1652d8846\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_e1a3894a-3bea-46cb-9264-99d1652d8846\"}]","timeRestore":false,"title":"ElastiFlow (flow): Core Services (DHCP)","version":1},"coreMigrationVersion":"8.2.0","id":"2bed80e1-8261-4848-b58e-55e065089e12","migrationVersion":{"dashboard":"8.2.0"},"references":[{"id":"f86c51c3-069d-4973-8789-e15fbe01fa77","name":"adbc3d93-667c-4e3a-b541-2aa499025164:panel_adbc3d93-667c-4e3a-b541-2aa499025164","type":"visualization"},{"id":"bcf26736-8c18-4eb2-a74c-d26a0663dc7c","name":"e8c08431-0a4d-44e9-ac7b-16fd94b3a813:panel_e8c08431-0a4d-44e9-ac7b-16fd94b3a813","type":"visualization"},{"id":"b3a59822-c752-45ed-b321-fe35aa1edda7","name":"28249447-0b83-47e6-bbdf-0d12e957777d:panel_28249447-0b83-47e6-bbdf-0d12e957777d","type":"visualization"},{"id":"a979dabd-31a8-42b8-8e57-df8cd5b6d7d3","name":"bd92e25d-92ba-4996-ae9f-65da031e94f7:panel_bd92e25d-92ba-4996-ae9f-65da031e94f7","type":"visualization"},{"id":"fa8e8343-803b-46b0-ac5b-173c917e27bf","name":"1a0f5453-15a8-4c7a-a131-67dbb4b6fcfc:panel_1a0f5453-15a8-4c7a-a131-67dbb4b6fcfc","type":"visualization"},{"id":"dc13c22e-f2e5-4df3-9b85-b3f3e752b3d1","name":"2b46378f-d553-438d-a86a-94b6051d4b05:panel_2b46378f-d553-438d-a86a-94b6051d4b05","type":"visualization"},{"id":"423fed94-54fb-4d50-8f89-83c0d10d9a2c","name":"fe6132bf-63a0-413b-9462-3d8c32eb99ee:panel_fe6132bf-63a0-413b-9462-3d8c32eb99ee","type":"visualization"},{"id":"5f66844b-ad53-4aa5-b666-3cc37259b181","name":"7a27dc02-6bfe-46e6-a3ab-48f59672d208:panel_7a27dc02-6bfe-46e6-a3ab-48f59672d208","type":"visualization"},{"id":"ef36da2e-c7e1-4f67-b554-c78a2dee923f","name":"d537ecff-a8e0-447b-8ce8-f5b25d9d1fe3:panel_d537ecff-a8e0-447b-8ce8-f5b25d9d1fe3","type":"visualization"},{"id":"7af1a5f6-4b44-474c-844c-ca452245a529","name":"3e619821-3c07-4d89-888b-2054a2866932:panel_3e619821-3c07-4d89-888b-2054a2866932","type":"visualization"},{"id":"9005f743-40c2-48c2-b818-ef368b9be270","name":"b9607886-988b-4c5d-95e2-690f037d1eb7:panel_b9607886-988b-4c5d-95e2-690f037d1eb7","type":"visualization"},{"id":"68a95a90-45ae-4adf-a699-26ee8e76e617","name":"828bfdc3-75c9-4ff2-b441-9c8f2122bd60:panel_828bfdc3-75c9-4ff2-b441-9c8f2122bd60","type":"visualization"},{"id":"412475ef-7f6e-414c-b4d5-ceffb9768044","name":"7fe7af38-04a6-4ea9-95ec-d9444c13696d:panel_7fe7af38-04a6-4ea9-95ec-d9444c13696d","type":"visualization"},{"id":"242a0cb8-a95f-4ca8-b598-0914ee925143","name":"8d8f2112-327e-45f0-bd40-6e53a64b4919:panel_8d8f2112-327e-45f0-bd40-6e53a64b4919","type":"visualization"},{"id":"55596080-2b10-4772-bd17-59c3fea4d752","name":"ceb26ed9-2116-4f78-8d8f-9a7d4b2db209:panel_ceb26ed9-2116-4f78-8d8f-9a7d4b2db209","type":"visualization"},{"id":"6cd0b931-79f6-4f59-907d-1d4d81e80c25","name":"e1a3894a-3bea-46cb-9264-99d1652d8846:panel_e1a3894a-3bea-46cb-9264-99d1652d8846","type":"visualization"}],"sort":[1675811601479,14953],"type":"dashboard","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY4OTEsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Community Count - TSVB (metric)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Community Count - TSVB (metric)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"243e6f91-2230-4e05-bcdd-3fb4a0941bab\",\"type\":\"metric\",\"series\":[{\"id\":\"51ea642f-d1a5-4d80-963e-5990c33fc8e0\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\",\"type\":\"cardinality\",\"field\":\"network.community_id\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"label\":\"Sessions\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-ecs-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"background_color_rules\":[{\"id\":\"a075e039-575f-4c8b-b940-2e884eba28aa\"}],\"time_range_mode\":\"entire_time_range\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"4bb30a6a-7eba-40fa-ae54-46c929a4bc0a","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,14954],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY4OTIsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): NAV - Flow Records (client/server)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Flow Records (client/server)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"243e6f91-2230-4e05-bcdd-3fb4a0941bab\",\"type\":\"markdown\",\"series\":[{\"id\":\"51ea642f-d1a5-4d80-963e-5990c33fc8e0\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*-ecs-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"markdown\":\"[**Client/Server**](#/dashboard/31e00644-3a1e-4e11-9256-5f35aadd077c) | [Src/Dst](#/dashboard/35334425-db89-4390-aa03-a037d51cc811)\\n***\",\"markdown_css\":\"p{color:#aaaaaa;margin-top:0;margin-bottom:12px} p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none} p a strong{color:#1ba9f5;font-weight:bold} hr{background-color:#aaaaaa;margin:0;height:1px} a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"034e6479-1b45-484f-b368-774ae6907238","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,14955],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY4OTMsMl0="}
{"attributes":{"columns":["flow.conversation.id","host.name","client.domain","server.domain","flow.server.l4.port.name","network.bytes","network.packets"],"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"bool\":{\"must\":[{\"exists\":{\"field\":\"client.ip\"}},{\"exists\":{\"field\":\"server.ip\"}}]},\"meta\":{\"type\":\"custom\",\"disabled\":false,\"negate\":false,\"alias\":null,\"key\":\"bool\",\"value\":\"{\\\"must\\\":[{\\\"exists\\\":{\\\"field\\\":\\\"client.ip\\\"}},{\\\"exists\\\":{\\\"field\\\":\\\"server.ip\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"$state\":{\"store\":\"appState\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"sort":[],"title":"ElastiFlow (flow): Flow Records (client/server) - search","version":1},"coreMigrationVersion":"8.2.0","id":"f0b9a698-01ef-4b0b-8175-71ce885e95c3","migrationVersion":{"search":"8.0.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1675811601479,14958],"type":"search","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY4OTQsMl0="}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":false}","panelsJSON":"[{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":28,\"h\":4,\"i\":\"48d94dd2-d77a-42a3-9073-44054fabbf41\"},\"panelIndex\":\"48d94dd2-d77a-42a3-9073-44054fabbf41\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_48d94dd2-d77a-42a3-9073-44054fabbf41\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":28,\"y\":0,\"w\":15,\"h\":4,\"i\":\"25e02d81-98aa-4047-8f62-b84e9f9f20c1\"},\"panelIndex\":\"25e02d81-98aa-4047-8f62-b84e9f9f20c1\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_25e02d81-98aa-4047-8f62-b84e9f9f20c1\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":43,\"y\":0,\"w\":5,\"h\":4,\"i\":\"060c4134-aa4d-4c37-8656-566584009fbc\"},\"panelIndex\":\"060c4134-aa4d-4c37-8656-566584009fbc\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_060c4134-aa4d-4c37-8656-566584009fbc\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":4,\"w\":9,\"h\":10,\"i\":\"8a1915aa-fc4c-4df7-8cae-f12e1a8226e6\"},\"panelIndex\":\"8a1915aa-fc4c-4df7-8cae-f12e1a8226e6\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_8a1915aa-fc4c-4df7-8cae-f12e1a8226e6\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":9,\"y\":4,\"w\":9,\"h\":5,\"i\":\"bf0af2e8-0172-44e3-adb2-bdb97822506d\"},\"panelIndex\":\"bf0af2e8-0172-44e3-adb2-bdb97822506d\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_bf0af2e8-0172-44e3-adb2-bdb97822506d\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":18,\"y\":4,\"w\":30,\"h\":10,\"i\":\"6b9c0433-edcc-4e47-8e69-417299ba4bde\"},\"panelIndex\":\"6b9c0433-edcc-4e47-8e69-417299ba4bde\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_6b9c0433-edcc-4e47-8e69-417299ba4bde\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":9,\"y\":9,\"w\":9,\"h\":5,\"i\":\"45d137e3-1795-4f01-b234-c91fcccccd41\"},\"panelIndex\":\"45d137e3-1795-4f01-b234-c91fcccccd41\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_45d137e3-1795-4f01-b234-c91fcccccd41\"},{\"version\":\"7.10.0\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":14,\"w\":48,\"h\":27,\"i\":\"33c16d7e-173e-44f5-9cd9-4d962bbf1f30\"},\"panelIndex\":\"33c16d7e-173e-44f5-9cd9-4d962bbf1f30\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_33c16d7e-173e-44f5-9cd9-4d962bbf1f30\"}]","timeRestore":false,"title":"ElastiFlow (flow): Flow Records (client/server)","version":1},"coreMigrationVersion":"8.2.0","id":"31e00644-3a1e-4e11-9256-5f35aadd077c","migrationVersion":{"dashboard":"8.2.0"},"references":[{"id":"17c76001-f9c9-46ae-a3ab-7107b297d677","name":"48d94dd2-d77a-42a3-9073-44054fabbf41:panel_48d94dd2-d77a-42a3-9073-44054fabbf41","type":"visualization"},{"id":"034e6479-1b45-484f-b368-774ae6907238","name":"25e02d81-98aa-4047-8f62-b84e9f9f20c1:panel_25e02d81-98aa-4047-8f62-b84e9f9f20c1","type":"visualization"},{"id":"b3a59822-c752-45ed-b321-fe35aa1edda7","name":"060c4134-aa4d-4c37-8656-566584009fbc:panel_060c4134-aa4d-4c37-8656-566584009fbc","type":"visualization"},{"id":"945ad491-6ca5-42f6-a90d-8a8b6a833f4b","name":"8a1915aa-fc4c-4df7-8cae-f12e1a8226e6:panel_8a1915aa-fc4c-4df7-8cae-f12e1a8226e6","type":"visualization"},{"id":"41c6337a-2e90-43a7-9082-522ec66c7bec","name":"bf0af2e8-0172-44e3-adb2-bdb97822506d:panel_bf0af2e8-0172-44e3-adb2-bdb97822506d","type":"visualization"},{"id":"2ac94a8c-687d-4e0d-b9e9-b1e5c3dfe474","name":"6b9c0433-edcc-4e47-8e69-417299ba4bde:panel_6b9c0433-edcc-4e47-8e69-417299ba4bde","type":"visualization"},{"id":"498bfb87-b9d2-42ca-a91f-076362b2aaa1","name":"45d137e3-1795-4f01-b234-c91fcccccd41:panel_45d137e3-1795-4f01-b234-c91fcccccd41","type":"visualization"},{"id":"f0b9a698-01ef-4b0b-8175-71ce885e95c3","name":"33c16d7e-173e-44f5-9cd9-4d962bbf1f30:panel_33c16d7e-173e-44f5-9cd9-4d962bbf1f30","type":"search"}],"sort":[1675811601479,14967],"type":"dashboard","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY4OTUsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Exporters (records) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: Exporters (records) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Records\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"host.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":299,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Flow Exporter\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.export.version.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":5,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Flow Type\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Bytes\"},\"schema\":\"metric\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"Packets\"},\"schema\":\"metric\"}],\"params\":{\"perPage\":15,\"percentageCol\":\"\",\"showMetricsAtAllLevels\":false,\"showPartialRows\":false,\"showTotal\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"totalFunc\":\"sum\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"b2503cb8-d23c-41f1-93ed-4db0ee709720","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1675811601479,14969],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY4OTYsMl0="}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":false}","panelsJSON":"[{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":28,\"h\":4,\"i\":\"75533f79-380c-4848-8899-de1b1b59518c\"},\"panelIndex\":\"75533f79-380c-4848-8899-de1b1b59518c\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_75533f79-380c-4848-8899-de1b1b59518c\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":28,\"y\":0,\"w\":15,\"h\":4,\"i\":\"0b6cfb50-271f-43ec-a7aa-03a8cdfe586a\"},\"panelIndex\":\"0b6cfb50-271f-43ec-a7aa-03a8cdfe586a\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_0b6cfb50-271f-43ec-a7aa-03a8cdfe586a\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":43,\"y\":0,\"w\":5,\"h\":4,\"i\":\"33ca95b6-25b5-4523-a96e-b81ec3e856ed\"},\"panelIndex\":\"33ca95b6-25b5-4523-a96e-b81ec3e856ed\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_33ca95b6-25b5-4523-a96e-b81ec3e856ed\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":4,\"w\":24,\"h\":5,\"i\":\"05e5595e-7aa9-44e2-b67c-6d8ecd18f31f\"},\"panelIndex\":\"05e5595e-7aa9-44e2-b67c-6d8ecd18f31f\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_05e5595e-7aa9-44e2-b67c-6d8ecd18f31f\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":4,\"w\":24,\"h\":2,\"i\":\"fb54bb29-bbfb-44b7-a6af-0a2f9edee772\"},\"panelIndex\":\"fb54bb29-bbfb-44b7-a6af-0a2f9edee772\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_fb54bb29-bbfb-44b7-a6af-0a2f9edee772\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":6,\"w\":24,\"h\":11,\"i\":\"2dbbca01-707f-4310-91fb-c0393b1c9018\"},\"panelIndex\":\"2dbbca01-707f-4310-91fb-c0393b1c9018\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Observed Traffic (flow records/s)\",\"panelRefName\":\"panel_2dbbca01-707f-4310-91fb-c0393b1c9018\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":9,\"w\":24,\"h\":32,\"i\":\"88da28be-ba67-4462-967f-805ee1df8ae8\"},\"panelIndex\":\"88da28be-ba67-4462-967f-805ee1df8ae8\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Observed Traffic (records)\",\"panelRefName\":\"panel_88da28be-ba67-4462-967f-805ee1df8ae8\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":17,\"w\":24,\"h\":12,\"i\":\"02fff4db-06e2-47aa-8131-437a255042d5\"},\"panelIndex\":\"02fff4db-06e2-47aa-8131-437a255042d5\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Observed Traffic (bits/s)\",\"panelRefName\":\"panel_02fff4db-06e2-47aa-8131-437a255042d5\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":29,\"w\":24,\"h\":12,\"i\":\"e39df040-066c-48eb-9339-d78426120d1a\"},\"panelIndex\":\"e39df040-066c-48eb-9339-d78426120d1a\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Observed Traffic (pkts/s)\",\"panelRefName\":\"panel_e39df040-066c-48eb-9339-d78426120d1a\"}]","timeRestore":false,"title":"ElastiFlow (flow): Flow Exporters (metrics)","version":1},"coreMigrationVersion":"8.2.0","id":"e22f5d65-718a-461e-b824-9a9c167d973c","migrationVersion":{"dashboard":"8.2.0"},"references":[{"id":"c054c6a5-27cd-40ad-800c-9c24533ad897","name":"75533f79-380c-4848-8899-de1b1b59518c:panel_75533f79-380c-4848-8899-de1b1b59518c","type":"visualization"},{"id":"3e2c865c-d2b2-44fd-86f0-0f5b1571080c","name":"0b6cfb50-271f-43ec-a7aa-03a8cdfe586a:panel_0b6cfb50-271f-43ec-a7aa-03a8cdfe586a","type":"visualization"},{"id":"b3a59822-c752-45ed-b321-fe35aa1edda7","name":"33ca95b6-25b5-4523-a96e-b81ec3e856ed:panel_33ca95b6-25b5-4523-a96e-b81ec3e856ed","type":"visualization"},{"id":"70a63cdd-09c3-4901-8d50-81ee290b56a4","name":"05e5595e-7aa9-44e2-b67c-6d8ecd18f31f:panel_05e5595e-7aa9-44e2-b67c-6d8ecd18f31f","type":"visualization"},{"id":"2a974000-47a6-404e-ac3c-37667c202cbd","name":"fb54bb29-bbfb-44b7-a6af-0a2f9edee772:panel_fb54bb29-bbfb-44b7-a6af-0a2f9edee772","type":"visualization"},{"id":"3ce639bc-8a62-4804-8b6e-741b0b9d125d","name":"2dbbca01-707f-4310-91fb-c0393b1c9018:panel_2dbbca01-707f-4310-91fb-c0393b1c9018","type":"visualization"},{"id":"b2503cb8-d23c-41f1-93ed-4db0ee709720","name":"88da28be-ba67-4462-967f-805ee1df8ae8:panel_88da28be-ba67-4462-967f-805ee1df8ae8","type":"visualization"},{"id":"08644857-0ee3-4b58-90d0-0597c2bdbd50","name":"02fff4db-06e2-47aa-8131-437a255042d5:panel_02fff4db-06e2-47aa-8131-437a255042d5","type":"visualization"},{"id":"75b93145-3439-4b2b-9686-c5b68631ff88","name":"e39df040-066c-48eb-9339-d78426120d1a:panel_e39df040-066c-48eb-9339-d78426120d1a","type":"visualization"}],"sort":[1675811601479,14979],"type":"dashboard","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY4OTcsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): NAV - Threats (IP Reputations)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Threats (IP Reputations)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"243e6f91-2230-4e05-bcdd-3fb4a0941bab\",\"type\":\"markdown\",\"series\":[{\"id\":\"51ea642f-d1a5-4d80-963e-5990c33fc8e0\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*-ecs-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"markdown\":\"[**IP Reputation**](#/dashboard/b9f81d8f-5f4a-4396-9372-de586cd9e67c) | [DDoS TCP](#/dashboard/0a0f816a-ee62-4e61-a458-3a8a85b0581e) | [DDoS Flood](#/dashboard/8e2524a2-77e5-4e50-a03f-5bd7cd508c91) | [RECON](#/dashboard/cd13df0e-7a98-4046-af75-f2b202fee2cb) | [Brute Force](#/dashboard/d4634492-bd35-4e08-bb5b-00c21163817d)\\n***\",\"markdown_css\":\"p{color:#aaaaaa;margin-top:0;margin-bottom:12px} p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none} p a strong{color:#1ba9f5;font-weight:bold} hr{background-color:#aaaaaa;margin:0;height:1px} a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"8aa21fbf-7386-4302-a8ee-148c076dfc38","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,14980],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY4OTgsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Destination Countries and Cities (bytes) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Destination Countries and Cities (bytes) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Bytes\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.geo.country_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Country\"},\"schema\":\"segment\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.geo.city_name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"City\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\"}}"},"coreMigrationVersion":"8.2.0","id":"fe63e3f5-1b6f-4fa7-81ac-bc0512ef7a3d","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1675811601479,14982],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY4OTksMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"terms\":{\"network.transport\":[\"icmp\",\"ipv6-icmp\"]}}],\"must_not\":[{\"term\":{\"source.as.organization.name\":\"PRIVATE\"}}]},\"meta\":{\"alias\":\"ICMP Public\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"terms\\\":{\\\"network.transport\\\":[\\\"icmp\\\",\\\"ipv6-icmp\\\"]}}],\\\"must_not\\\":[{\\\"term\\\":{\\\"source.as.organization.name\\\":\\\"PRIVATE\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): ICMP Messages Direct (Public) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: ICMP Messages Direct (Public) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Messages\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":14,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"14090489-9558-40a9-94cc-235664a84df4","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1675811601479,14985],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY5MDAsMl0="}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":false}","panelsJSON":"[{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":28,\"h\":4,\"i\":\"6a095a17-8f22-4e1d-9943-d412cbf49625\"},\"panelIndex\":\"6a095a17-8f22-4e1d-9943-d412cbf49625\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_6a095a17-8f22-4e1d-9943-d412cbf49625\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":28,\"y\":0,\"w\":15,\"h\":4,\"i\":\"20d30441-f9a9-4cfd-b956-321f7a00882b\"},\"panelIndex\":\"20d30441-f9a9-4cfd-b956-321f7a00882b\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_20d30441-f9a9-4cfd-b956-321f7a00882b\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":43,\"y\":0,\"w\":5,\"h\":4,\"i\":\"02485df3-fe94-4068-b101-0fb814bf2969\"},\"panelIndex\":\"02485df3-fe94-4068-b101-0fb814bf2969\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_02485df3-fe94-4068-b101-0fb814bf2969\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":4,\"w\":9,\"h\":14,\"i\":\"b2830f9c-d87f-486e-aeaf-d6442881aa47\"},\"panelIndex\":\"b2830f9c-d87f-486e-aeaf-d6442881aa47\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_b2830f9c-d87f-486e-aeaf-d6442881aa47\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":9,\"y\":4,\"w\":9,\"h\":6,\"i\":\"92019220-f702-4450-9ddb-d33b56995bec\"},\"panelIndex\":\"92019220-f702-4450-9ddb-d33b56995bec\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_92019220-f702-4450-9ddb-d33b56995bec\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":18,\"y\":4,\"w\":30,\"h\":14,\"i\":\"3c4078f7-e114-4b9c-95d1-64163d57e787\"},\"panelIndex\":\"3c4078f7-e114-4b9c-95d1-64163d57e787\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"title\":\"Throughput (bits/s)\",\"panelRefName\":\"panel_3c4078f7-e114-4b9c-95d1-64163d57e787\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":9,\"y\":10,\"w\":9,\"h\":6,\"i\":\"b29d5b70-b326-4869-9c20-e55858b02abe\"},\"panelIndex\":\"b29d5b70-b326-4869-9c20-e55858b02abe\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_b29d5b70-b326-4869-9c20-e55858b02abe\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":9,\"y\":16,\"w\":9,\"h\":2,\"i\":\"340f6cdd-9ecd-429b-b30a-07b0b8ce894f\"},\"panelIndex\":\"340f6cdd-9ecd-429b-b30a-07b0b8ce894f\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_340f6cdd-9ecd-429b-b30a-07b0b8ce894f\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":18,\"w\":24,\"h\":23,\"i\":\"39226328-0cd8-42fe-8c1e-005095f952d5\"},\"panelIndex\":\"39226328-0cd8-42fe-8c1e-005095f952d5\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_39226328-0cd8-42fe-8c1e-005095f952d5\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":18,\"w\":24,\"h\":23,\"i\":\"ac369e86-1e2e-47c2-9d7b-8f599dd253ea\"},\"panelIndex\":\"ac369e86-1e2e-47c2-9d7b-8f599dd253ea\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_ac369e86-1e2e-47c2-9d7b-8f599dd253ea\"}]","timeRestore":false,"title":"ElastiFlow (flow): Top Services","version":1},"coreMigrationVersion":"8.2.0","id":"4b514334-15d6-4a15-a521-10b66d5fdab9","migrationVersion":{"dashboard":"8.2.0"},"references":[{"id":"b7435d4b-4e85-4460-8cda-e4bea7a79cb2","name":"6a095a17-8f22-4e1d-9943-d412cbf49625:panel_6a095a17-8f22-4e1d-9943-d412cbf49625","type":"visualization"},{"id":"551fc8be-4f1f-4db2-bae3-d31f48477a51","name":"20d30441-f9a9-4cfd-b956-321f7a00882b:panel_20d30441-f9a9-4cfd-b956-321f7a00882b","type":"visualization"},{"id":"b3a59822-c752-45ed-b321-fe35aa1edda7","name":"02485df3-fe94-4068-b101-0fb814bf2969:panel_02485df3-fe94-4068-b101-0fb814bf2969","type":"visualization"},{"id":"c98606ba-ede6-4d81-bada-77a96ea7ee6d","name":"b2830f9c-d87f-486e-aeaf-d6442881aa47:panel_b2830f9c-d87f-486e-aeaf-d6442881aa47","type":"visualization"},{"id":"1d4d0453-c9b5-486a-9732-be533d0462ed","name":"92019220-f702-4450-9ddb-d33b56995bec:panel_92019220-f702-4450-9ddb-d33b56995bec","type":"visualization"},{"id":"252eb2fb-a498-49a2-ac8a-c807f4942582","name":"3c4078f7-e114-4b9c-95d1-64163d57e787:panel_3c4078f7-e114-4b9c-95d1-64163d57e787","type":"visualization"},{"id":"b143197a-43cd-444e-902d-a8bed248f9db","name":"b29d5b70-b326-4869-9c20-e55858b02abe:panel_b29d5b70-b326-4869-9c20-e55858b02abe","type":"visualization"},{"id":"2a974000-47a6-404e-ac3c-37667c202cbd","name":"340f6cdd-9ecd-429b-b30a-07b0b8ce894f:panel_340f6cdd-9ecd-429b-b30a-07b0b8ce894f","type":"visualization"},{"id":"c4c9bc7c-7859-4cf9-8184-8e5d4085effa","name":"39226328-0cd8-42fe-8c1e-005095f952d5:panel_39226328-0cd8-42fe-8c1e-005095f952d5","type":"visualization"},{"id":"7ced98a8-e4d3-46b3-9646-e838766de3ef","name":"ac369e86-1e2e-47c2-9d7b-8f599dd253ea:panel_ac369e86-1e2e-47c2-9d7b-8f599dd253ea","type":"visualization"}],"sort":[1675811601479,14996],"type":"dashboard","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY5MDEsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Top Applications - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: Top Applications - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Bytes\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"Packets\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Flow Records\"},\"schema\":\"metric\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"network.application\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":99,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Top Applications\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"02f73a06-bf26-4df6-9f7d-b59690f7f50d","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1675811601479,14998],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY5MDIsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"exists\":{\"field\":\"flow.server.sec.threat.name\"},\"meta\":{\"type\":\"exists\",\"disabled\":false,\"negate\":false,\"alias\":\"Bad Server Reputation\",\"key\":\"flow.server.sec.threat.name\",\"value\":\"exists\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"$state\":{\"store\":\"appState\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): High-Risk Clients (flows) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: High-Risk Clients (flows) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"3\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"flow.conversation.id\",\"customLabel\":\"Conversations\"},\"schema\":\"metric\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"client.domain\",\"orderBy\":\"3\",\"order\":\"desc\",\"size\":99,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"High-Risk Clients\"},\"schema\":\"bucket\"},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"client.ip\",\"orderBy\":\"3\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"34eef0a2-4ddb-46b0-af29-ed0d52897670","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1675811601479,15001],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY5MDMsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"term\":{\"network.transport\":\"udp\"}},{\"terms\":{\"source.port\":[17,19,53,69,111,123,137,161,389,520,751,1434,1645,1646,1812,1813,1900,3702,5093,5353,11211,27015,27960]}},{\"term\":{\"source.as.organization.name\":\"PRIVATE\"}},{\"term\":{\"destination.as.organization.name\":\"PRIVATE\"}}]},\"meta\":{\"alias\":\"UDP Private\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"term\\\":{\\\"network.transport\\\":\\\"udp\\\"}},{\\\"terms\\\":{\\\"source.port\\\":[17,19,53,69,111,123,137,161,389,520,751,1434,1645,1646,1812,1813,1900,3702,5093,5353,11211,27015,27960]}},{\\\"term\\\":{\\\"source.as.organization.name\\\":\\\"PRIVATE\\\"}},{\\\"term\\\":{\\\"destination.as.organization.name\\\":\\\"PRIVATE\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): UDP Amplification Sources (Private) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: UDP Amplification Sources (Private) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"source.ip\",\"customLabel\":\"Source\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.l4.port.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Bytes\"},\"schema\":\"metric\"},{\"id\":\"6\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"Packets\"},\"schema\":\"metric\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"c3ba0a11-ef2c-41e2-b668-e0a2a3e6320f","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1675811601479,15004],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY5MDQsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"event.dataset\",\"negate\":false,\"params\":[\"ipfix\",\"netflow\"],\"type\":\"phrases\",\"value\":\"ipfix, netflow\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"event.dataset\":\"ipfix\"}},{\"match_phrase\":{\"event.dataset\":\"netflow\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":\"RADIUS AUTH Requests\",\"disabled\":false,\"key\":\"query\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"bool\\\":{\\\"minimum_should_match\\\":1,\\\"should\\\":[{\\\"match_phrase\\\":{\\\"destination.port\\\":\\\"1812\\\"}},{\\\"match_phrase\\\":{\\\"destination.port\\\":\\\"1645\\\"}}]}}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"destination.port\":\"1812\"}},{\"match_phrase\":{\"destination.port\":\"1645\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"network.transport\",\"negate\":false,\"params\":{\"query\":\"udp\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"match_phrase\":{\"network.transport\":\"udp\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): RADIUS AUTH Requests by Server - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: RADIUS AUTH Requests by Server - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"AUTH Requests\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":99,\"otherBucket\":true,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"RADIUS Server\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"126729e2-7a73-4671-905c-37b4ec2a4edd","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index","type":"index-pattern"}],"sort":[1675811601479,15009],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY5MDUsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"terms\":{\"event.dataset\":[\"netflow\",\"ipfix\"]}},{\"term\":{\"tcp.flags.bits\":2}},{\"term\":{\"source.as.organization.name\":\"PRIVATE\"}}],\"must_not\":[{\"term\":{\"destination.as.organization.name\":\"PRIVATE\"}}]},\"meta\":{\"alias\":\"SYN-only Outbound\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"terms\\\":{\\\"event.dataset\\\":[\\\"netflow\\\",\\\"ipfix\\\"]}},{\\\"term\\\":{\\\"tcp.flags.bits\\\":2}},{\\\"term\\\":{\\\"source.as.organization.name\\\":\\\"PRIVATE\\\"}}],\\\"must_not\\\":[{\\\"term\\\":{\\\"destination.as.organization.name\\\":\\\"PRIVATE\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): TCP SYN-only Sessions (Outbound) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: TCP SYN-only Sessions (Outbound) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"source.port\",\"customLabel\":\"Sessions\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.l4.port.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"0dab7621-e9c0-48fd-b592-25424e8ae1f8","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1675811601479,15012],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY5MDYsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Servers and Services (bytes) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Servers and Services (bytes) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Bytes\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"server.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server\"},\"schema\":\"segment\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.server.l4.port.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\"}}"},"coreMigrationVersion":"8.2.0","id":"e35b3e3f-33f7-4f45-9409-e593e1b0f738","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1675811601479,15014],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY5MDcsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): NAV - Threats (RECON)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Threats (RECON)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"243e6f91-2230-4e05-bcdd-3fb4a0941bab\",\"type\":\"markdown\",\"series\":[{\"id\":\"51ea642f-d1a5-4d80-963e-5990c33fc8e0\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*-ecs-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"markdown\":\"[IP Reputation](#/dashboard/b9f81d8f-5f4a-4396-9372-de586cd9e67c) | [DDoS TCP](#/dashboard/0a0f816a-ee62-4e61-a458-3a8a85b0581e) | [DDoS Flood](#/dashboard/8e2524a2-77e5-4e50-a03f-5bd7cd508c91) | [**RECON**](#/dashboard/cd13df0e-7a98-4046-af75-f2b202fee2cb) | [Brute Force](#/dashboard/d4634492-bd35-4e08-bb5b-00c21163817d)\\n***\",\"markdown_css\":\"p{color:#aaaaaa;margin-top:0;margin-bottom:12px} p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none} p a strong{color:#1ba9f5;font-weight:bold} hr{background-color:#aaaaaa;margin:0;height:1px} a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"b504e3d2-15ab-469b-9842-0f801bbd0f59","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,15015],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY5MDgsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"terms\":{\"network.transport\":[\"icmp\",\"ipv6-icmp\"]}},{\"term\":{\"icmp.type.name\":\"Echo\"}},{\"term\":{\"source.as.organization.name\":\"PRIVATE\"}},{\"term\":{\"destination.as.organization.name\":\"PRIVATE\"}}],\"must_not\":[]},\"meta\":{\"alias\":\"ICMP Echo Private\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"terms\\\":{\\\"network.transport\\\":[\\\"icmp\\\",\\\"ipv6-icmp\\\"]}},{\\\"term\\\":{\\\"icmp.type.name\\\":\\\"Echo\\\"}},{\\\"term\\\":{\\\"source.as.organization.name\\\":\\\"PRIVATE\\\"}},{\\\"term\\\":{\\\"destination.as.organization.name\\\":\\\"PRIVATE\\\"}}],\\\"must_not\\\":[]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): ICMP Echo (Private) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: ICMP Echo (Private) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"destination.ip\",\"customLabel\":\"Pinged IPs\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":14,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"ee0ece1a-b3d5-4882-bce8-ab663dace9c3","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1675811601479,15018],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY5MDksMl0="}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":false}","panelsJSON":"[{\"version\":\"7.14.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":28,\"h\":4,\"i\":\"87e72168-6981-442c-a8af-25c39e5db52f\"},\"panelIndex\":\"87e72168-6981-442c-a8af-25c39e5db52f\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_87e72168-6981-442c-a8af-25c39e5db52f\"},{\"version\":\"7.14.0\",\"type\":\"visualization\",\"gridData\":{\"x\":28,\"y\":0,\"w\":15,\"h\":4,\"i\":\"1ad7b7e3-5ed8-4d40-bffe-d3efa953b608\"},\"panelIndex\":\"1ad7b7e3-5ed8-4d40-bffe-d3efa953b608\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_1ad7b7e3-5ed8-4d40-bffe-d3efa953b608\"},{\"version\":\"7.14.0\",\"type\":\"visualization\",\"gridData\":{\"x\":43,\"y\":0,\"w\":5,\"h\":4,\"i\":\"700597a0-0303-4f5b-bd79-e4aab7265315\"},\"panelIndex\":\"700597a0-0303-4f5b-bd79-e4aab7265315\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_700597a0-0303-4f5b-bd79-e4aab7265315\"},{\"version\":\"7.14.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":4,\"w\":8,\"h\":5,\"i\":\"c1276a14-bf7e-4918-929a-64910f39dd74\"},\"panelIndex\":\"c1276a14-bf7e-4918-929a-64910f39dd74\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_c1276a14-bf7e-4918-929a-64910f39dd74\"},{\"version\":\"7.14.0\",\"type\":\"visualization\",\"gridData\":{\"x\":8,\"y\":4,\"w\":8,\"h\":5,\"i\":\"bbd15b44-cd89-4744-a0a2-a4808f659c45\"},\"panelIndex\":\"bbd15b44-cd89-4744-a0a2-a4808f659c45\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_bbd15b44-cd89-4744-a0a2-a4808f659c45\"},{\"version\":\"7.14.0\",\"type\":\"visualization\",\"gridData\":{\"x\":16,\"y\":4,\"w\":8,\"h\":5,\"i\":\"51a8affd-82ab-446e-b504-2fcd67238ae8\"},\"panelIndex\":\"51a8affd-82ab-446e-b504-2fcd67238ae8\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_51a8affd-82ab-446e-b504-2fcd67238ae8\"},{\"version\":\"7.14.0\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":4,\"w\":8,\"h\":5,\"i\":\"c4344efb-9e43-4797-b94b-75ae05aa9240\"},\"panelIndex\":\"c4344efb-9e43-4797-b94b-75ae05aa9240\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_c4344efb-9e43-4797-b94b-75ae05aa9240\"},{\"version\":\"7.14.0\",\"type\":\"visualization\",\"gridData\":{\"x\":32,\"y\":4,\"w\":8,\"h\":5,\"i\":\"4dbe4b02-13ef-48f8-8e94-3e5582ae80c1\"},\"panelIndex\":\"4dbe4b02-13ef-48f8-8e94-3e5582ae80c1\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_4dbe4b02-13ef-48f8-8e94-3e5582ae80c1\"},{\"version\":\"7.14.0\",\"type\":\"visualization\",\"gridData\":{\"x\":40,\"y\":4,\"w\":8,\"h\":5,\"i\":\"9145a022-8348-4f90-94af-4eae3a4ffced\"},\"panelIndex\":\"9145a022-8348-4f90-94af-4eae3a4ffced\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_9145a022-8348-4f90-94af-4eae3a4ffced\"},{\"version\":\"7.14.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":9,\"w\":14,\"h\":32,\"i\":\"f7298cc1-4703-4d7a-8249-76a1cdaf0409\"},\"panelIndex\":\"f7298cc1-4703-4d7a-8249-76a1cdaf0409\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Port Scan (Public)\",\"panelRefName\":\"panel_f7298cc1-4703-4d7a-8249-76a1cdaf0409\"},{\"version\":\"7.14.0\",\"type\":\"visualization\",\"gridData\":{\"x\":14,\"y\":9,\"w\":14,\"h\":32,\"i\":\"8fc748a4-10d2-40ed-bc2c-7df5d1c424db\"},\"panelIndex\":\"8fc748a4-10d2-40ed-bc2c-7df5d1c424db\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Port Scan (Private)\",\"panelRefName\":\"panel_8fc748a4-10d2-40ed-bc2c-7df5d1c424db\"},{\"version\":\"7.14.0\",\"type\":\"visualization\",\"gridData\":{\"x\":28,\"y\":9,\"w\":10,\"h\":32,\"i\":\"6b4fb32f-e60e-4a8f-9551-d4d668a6cd79\"},\"panelIndex\":\"6b4fb32f-e60e-4a8f-9551-d4d668a6cd79\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"ICMP Echo (Public)\",\"panelRefName\":\"panel_6b4fb32f-e60e-4a8f-9551-d4d668a6cd79\"},{\"version\":\"7.14.0\",\"type\":\"visualization\",\"gridData\":{\"x\":38,\"y\":9,\"w\":10,\"h\":32,\"i\":\"2940610c-b421-4b3e-b345-129d8725ed3a\"},\"panelIndex\":\"2940610c-b421-4b3e-b345-129d8725ed3a\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{},\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"title\":\"ICMP Echo (Private)\",\"panelRefName\":\"panel_2940610c-b421-4b3e-b345-129d8725ed3a\"}]","timeRestore":false,"title":"ElastiFlow (flow): Threats (RECON)","version":1},"coreMigrationVersion":"8.2.0","id":"cd13df0e-7a98-4046-af75-f2b202fee2cb","migrationVersion":{"dashboard":"8.2.0"},"references":[{"id":"a2268641-0cea-4dad-9ba4-0a4becaf2349","name":"87e72168-6981-442c-a8af-25c39e5db52f:panel_87e72168-6981-442c-a8af-25c39e5db52f","type":"visualization"},{"id":"b504e3d2-15ab-469b-9842-0f801bbd0f59","name":"1ad7b7e3-5ed8-4d40-bffe-d3efa953b608:panel_1ad7b7e3-5ed8-4d40-bffe-d3efa953b608","type":"visualization"},{"id":"b3a59822-c752-45ed-b321-fe35aa1edda7","name":"700597a0-0303-4f5b-bd79-e4aab7265315:panel_700597a0-0303-4f5b-bd79-e4aab7265315","type":"visualization"},{"id":"830a5905-13c8-44c1-81b3-d386512ecf57","name":"c1276a14-bf7e-4918-929a-64910f39dd74:panel_c1276a14-bf7e-4918-929a-64910f39dd74","type":"visualization"},{"id":"a591fb11-2f08-402d-97c0-8fc95e29ed71","name":"bbd15b44-cd89-4744-a0a2-a4808f659c45:panel_bbd15b44-cd89-4744-a0a2-a4808f659c45","type":"visualization"},{"id":"8dbc3c86-5fd0-4730-a318-45538cee9fb4","name":"51a8affd-82ab-446e-b504-2fcd67238ae8:panel_51a8affd-82ab-446e-b504-2fcd67238ae8","type":"visualization"},{"id":"77c672df-cbb2-44d0-a09e-b74e28460ee5","name":"c4344efb-9e43-4797-b94b-75ae05aa9240:panel_c4344efb-9e43-4797-b94b-75ae05aa9240","type":"visualization"},{"id":"72368579-3acb-4691-9786-3babcc52d016","name":"4dbe4b02-13ef-48f8-8e94-3e5582ae80c1:panel_4dbe4b02-13ef-48f8-8e94-3e5582ae80c1","type":"visualization"},{"id":"2a974000-47a6-404e-ac3c-37667c202cbd","name":"9145a022-8348-4f90-94af-4eae3a4ffced:panel_9145a022-8348-4f90-94af-4eae3a4ffced","type":"visualization"},{"id":"6e9e2e78-a748-4749-a556-256cff748f3a","name":"f7298cc1-4703-4d7a-8249-76a1cdaf0409:panel_f7298cc1-4703-4d7a-8249-76a1cdaf0409","type":"visualization"},{"id":"00af5765-8fd2-47ad-93ac-55edec4f99e3","name":"8fc748a4-10d2-40ed-bc2c-7df5d1c424db:panel_8fc748a4-10d2-40ed-bc2c-7df5d1c424db","type":"visualization"},{"id":"cef3dd34-2ca7-4f76-b2b7-330cb9a982bb","name":"6b4fb32f-e60e-4a8f-9551-d4d668a6cd79:panel_6b4fb32f-e60e-4a8f-9551-d4d668a6cd79","type":"visualization"},{"id":"ee0ece1a-b3d5-4882-bce8-ab663dace9c3","name":"2940610c-b421-4b3e-b345-129d8725ed3a:panel_2940610c-b421-4b3e-b345-129d8725ed3a","type":"visualization"}],"sort":[1675811601479,15032],"type":"dashboard","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY5MTAsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"destination.port\",\"negate\":false,\"params\":{\"query\":\"123\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match_phrase\":{\"destination.port\":\"123\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"source.port\",\"negate\":true,\"params\":{\"query\":\"123\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"match_phrase\":{\"source.port\":\"123\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"event.dataset\",\"negate\":false,\"params\":[\"ipfix\",\"netflow\"],\"type\":\"phrases\",\"value\":\"ipfix, netflow\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"event.dataset\":\"ipfix\"}},{\"match_phrase\":{\"event.dataset\":\"netflow\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"network.transport\",\"negate\":false,\"params\":{\"query\":\"udp\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[3].meta.index\"},\"query\":{\"match_phrase\":{\"network.transport\":\"udp\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): NTP Requests by Server - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow (flow): NTP Requests by Server - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"Requests\",\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":24,\"otherBucket\":true,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"nestedLegend\":false,\"truncateLegend\":true,\"maxLegendLines\":1,\"emptySizeRatio\":0.3,\"legendSize\":180}}"},"coreMigrationVersion":"8.2.0","id":"c5f99ad0-e124-409a-b25c-53b19e90a2a2","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[3].meta.index","type":"index-pattern"}],"sort":[1675811902585,15717],"type":"visualization","updated_at":"2023-02-07T23:18:22.585Z","version":"Wzc0MDcsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Exporter, Service, Established - input list","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Exporter, Service, Established - input list\",\"type\":\"input_control_vis\",\"aggs\":[],\"params\":{\"controls\":[{\"id\":\"1607868729183\",\"fieldName\":\"host.name\",\"parent\":\"\",\"label\":\"Flow Exporter\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":1000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_0_index_pattern\"},{\"id\":\"1607868835824\",\"fieldName\":\"flow.server.l4.port.name\",\"parent\":\"\",\"label\":\"Service\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"dynamicOptions\":false,\"size\":1000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_1_index_pattern\"},{\"id\":\"1607868774014\",\"fieldName\":\"l4.session.established\",\"parent\":\"\",\"label\":\"Session Established\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":false,\"size\":3,\"order\":\"desc\"},\"indexPatternRefName\":\"control_2_index_pattern\"}],\"updateFiltersOnChange\":true,\"useTimeFilter\":true,\"pinFilters\":true}}"},"coreMigrationVersion":"8.2.0","id":"a7a26ee4-5054-442b-a596-4ed39c660f61","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"control_0_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"control_1_index_pattern","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"control_2_index_pattern","type":"index-pattern"}],"sort":[1675811601479,15042],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY5MTIsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): NAV - Flow Records (src/dst)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Flow Records (src/dst)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"243e6f91-2230-4e05-bcdd-3fb4a0941bab\",\"type\":\"markdown\",\"series\":[{\"id\":\"51ea642f-d1a5-4d80-963e-5990c33fc8e0\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*-ecs-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"markdown\":\"[Client/Server](#/dashboard/31e00644-3a1e-4e11-9256-5f35aadd077c) | [**Src/Dst**](#/dashboard/35334425-db89-4390-aa03-a037d51cc811)\\n***\",\"markdown_css\":\"p{color:#aaaaaa;margin-top:0;margin-bottom:12px} p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none} p a strong{color:#1ba9f5;font-weight:bold} hr{background-color:#aaaaaa;margin:0;height:1px} a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"65777645-9b32-47c0-ad7d-53656923880d","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,15043],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY5MTMsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Flow Records/s (src/dst) - TSVB (stacked area)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Flow Records/s (src/dst) - TSVB (stacked area)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"243e6f91-2230-4e05-bcdd-3fb4a0941bab\",\"type\":\"timeseries\",\"series\":[{\"id\":\"51ea642f-d1a5-4d80-963e-5990c33fc8e0\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\",\"type\":\"count\",\"field\":\"network.bytes\"},{\"id\":\"4c707337-84e8-48be-bab0-81ca001d2988\",\"type\":\"calculation\",\"variables\":[{\"id\":\"3162983d-427e-4a24-88c8-12d3a284de14\",\"name\":\"count\",\"field\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\"}],\"script\":\"params.count / (params._interval / 1000)\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0.5\",\"stacked\":\"none\",\"label\":\"Flow Records\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\"},{\"id\":\"421e0fdf-4321-44f1-bb3e-439c1e13ed98\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"terms\",\"split_color_mode\":\"gradient\",\"metrics\":[{\"id\":\"be634496-f50c-476b-b941-f643e4e5e302\",\"type\":\"count\",\"field\":\"network.bytes\"},{\"id\":\"b46d3418-5920-438a-8add-6985b791ef1b\",\"type\":\"calculation\",\"variables\":[{\"id\":\"d64dfea5-0d4d-401c-b19d-53b8c39c2013\",\"name\":\"count\",\"field\":\"be634496-f50c-476b-b941-f643e4e5e302\"}],\"script\":\"params.count / (params._interval / 1000)\"}],\"separate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"1\",\"stacked\":\"stacked\",\"label\":\"Flow Types\",\"type\":\"timeseries\",\"value_template\":\"{{value}}/s\",\"terms_field\":\"flow.export.version.name\",\"terms_size\":\"25\",\"terms_order_by\":\"be634496-f50c-476b-b941-f643e4e5e302\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-ecs-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"axis_min\":\"0\",\"filter\":{\"query\":\"source.ip: * AND destination.ip: *\",\"language\":\"kuery\"},\"use_kibana_indexes\":false,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"d1b05291-ec37-47d4-810c-edbc9a724a58","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,15044],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY5MTQsMl0="}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":false}","panelsJSON":"[{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":28,\"h\":4,\"i\":\"049c05de-6b6a-41d5-bfae-8521713e485d\"},\"panelIndex\":\"049c05de-6b6a-41d5-bfae-8521713e485d\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_049c05de-6b6a-41d5-bfae-8521713e485d\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":28,\"y\":0,\"w\":15,\"h\":4,\"i\":\"cfa705a2-fee1-4257-8c51-ded7b4791b03\"},\"panelIndex\":\"cfa705a2-fee1-4257-8c51-ded7b4791b03\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_cfa705a2-fee1-4257-8c51-ded7b4791b03\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":43,\"y\":0,\"w\":5,\"h\":4,\"i\":\"9704a51c-bdcb-4326-99fd-1411fe4e6310\"},\"panelIndex\":\"9704a51c-bdcb-4326-99fd-1411fe4e6310\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_9704a51c-bdcb-4326-99fd-1411fe4e6310\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":4,\"w\":9,\"h\":10,\"i\":\"7c4e172d-3aaf-4141-9c5b-39012802a268\"},\"panelIndex\":\"7c4e172d-3aaf-4141-9c5b-39012802a268\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_7c4e172d-3aaf-4141-9c5b-39012802a268\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":9,\"y\":4,\"w\":9,\"h\":5,\"i\":\"5330301d-c212-4477-8d88-c83925f503ef\"},\"panelIndex\":\"5330301d-c212-4477-8d88-c83925f503ef\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_5330301d-c212-4477-8d88-c83925f503ef\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":18,\"y\":4,\"w\":30,\"h\":10,\"i\":\"3824dd21-0fcd-41f4-aac7-4eb90d79a02f\"},\"panelIndex\":\"3824dd21-0fcd-41f4-aac7-4eb90d79a02f\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_3824dd21-0fcd-41f4-aac7-4eb90d79a02f\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":9,\"y\":9,\"w\":9,\"h\":5,\"i\":\"d8e88d1c-49e4-4659-95ab-e51c7e12ff50\"},\"panelIndex\":\"d8e88d1c-49e4-4659-95ab-e51c7e12ff50\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_d8e88d1c-49e4-4659-95ab-e51c7e12ff50\"},{\"version\":\"7.10.0\",\"type\":\"search\",\"gridData\":{\"x\":0,\"y\":14,\"w\":48,\"h\":27,\"i\":\"fce4743b-3e94-40aa-a698-5b56792f1e49\"},\"panelIndex\":\"fce4743b-3e94-40aa-a698-5b56792f1e49\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_fce4743b-3e94-40aa-a698-5b56792f1e49\"}]","timeRestore":false,"title":"ElastiFlow (flow): Flow Records (src/dst)","version":1},"coreMigrationVersion":"8.2.0","id":"35334425-db89-4390-aa03-a037d51cc811","migrationVersion":{"dashboard":"8.2.0"},"references":[{"id":"17c76001-f9c9-46ae-a3ab-7107b297d677","name":"049c05de-6b6a-41d5-bfae-8521713e485d:panel_049c05de-6b6a-41d5-bfae-8521713e485d","type":"visualization"},{"id":"65777645-9b32-47c0-ad7d-53656923880d","name":"cfa705a2-fee1-4257-8c51-ded7b4791b03:panel_cfa705a2-fee1-4257-8c51-ded7b4791b03","type":"visualization"},{"id":"b3a59822-c752-45ed-b321-fe35aa1edda7","name":"9704a51c-bdcb-4326-99fd-1411fe4e6310:panel_9704a51c-bdcb-4326-99fd-1411fe4e6310","type":"visualization"},{"id":"945ad491-6ca5-42f6-a90d-8a8b6a833f4b","name":"7c4e172d-3aaf-4141-9c5b-39012802a268:panel_7c4e172d-3aaf-4141-9c5b-39012802a268","type":"visualization"},{"id":"e97e0990-94f9-46c8-8e5f-fbb9a41c4d6a","name":"5330301d-c212-4477-8d88-c83925f503ef:panel_5330301d-c212-4477-8d88-c83925f503ef","type":"visualization"},{"id":"d1b05291-ec37-47d4-810c-edbc9a724a58","name":"3824dd21-0fcd-41f4-aac7-4eb90d79a02f:panel_3824dd21-0fcd-41f4-aac7-4eb90d79a02f","type":"visualization"},{"id":"4bb30a6a-7eba-40fa-ae54-46c929a4bc0a","name":"d8e88d1c-49e4-4659-95ab-e51c7e12ff50:panel_d8e88d1c-49e4-4659-95ab-e51c7e12ff50","type":"visualization"},{"id":"02ad3778-528d-46a7-9e05-31a57f1b89d4","name":"fce4743b-3e94-40aa-a698-5b56792f1e49:panel_fce4743b-3e94-40aa-a698-5b56792f1e49","type":"search"}],"sort":[1675811601479,15053],"type":"dashboard","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY5MTUsMl0="}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":false}","panelsJSON":"[{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":28,\"h\":4,\"i\":\"cc147bf6-08ae-41d0-88b4-d4c0351789e1\"},\"panelIndex\":\"cc147bf6-08ae-41d0-88b4-d4c0351789e1\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_cc147bf6-08ae-41d0-88b4-d4c0351789e1\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":28,\"y\":0,\"w\":15,\"h\":4,\"i\":\"174a192a-3f22-48f3-8cdc-375b74c1c732\"},\"panelIndex\":\"174a192a-3f22-48f3-8cdc-375b74c1c732\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_174a192a-3f22-48f3-8cdc-375b74c1c732\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":43,\"y\":0,\"w\":5,\"h\":4,\"i\":\"7fc41509-ba45-458a-a476-2fc5253a41fc\"},\"panelIndex\":\"7fc41509-ba45-458a-a476-2fc5253a41fc\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_7fc41509-ba45-458a-a476-2fc5253a41fc\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":4,\"w\":9,\"h\":14,\"i\":\"4f63151a-e192-4b5c-8afb-dacef70daf21\"},\"panelIndex\":\"4f63151a-e192-4b5c-8afb-dacef70daf21\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_4f63151a-e192-4b5c-8afb-dacef70daf21\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":9,\"y\":4,\"w\":9,\"h\":6,\"i\":\"7f1aaf7d-d2f7-47eb-9749-8c14f03b3338\"},\"panelIndex\":\"7f1aaf7d-d2f7-47eb-9749-8c14f03b3338\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_7f1aaf7d-d2f7-47eb-9749-8c14f03b3338\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":18,\"y\":4,\"w\":30,\"h\":14,\"i\":\"839872e1-a7f8-42d2-9df0-d820e7dbe377\"},\"panelIndex\":\"839872e1-a7f8-42d2-9df0-d820e7dbe377\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"Throughput (bits/s)\",\"panelRefName\":\"panel_839872e1-a7f8-42d2-9df0-d820e7dbe377\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":9,\"y\":10,\"w\":9,\"h\":6,\"i\":\"e9cb5578-4557-441b-abc8-02441855ba74\"},\"panelIndex\":\"e9cb5578-4557-441b-abc8-02441855ba74\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_e9cb5578-4557-441b-abc8-02441855ba74\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":9,\"y\":16,\"w\":9,\"h\":2,\"i\":\"1c5a678d-6ebd-4ea0-ba2f-48f084a30120\"},\"panelIndex\":\"1c5a678d-6ebd-4ea0-ba2f-48f084a30120\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_1c5a678d-6ebd-4ea0-ba2f-48f084a30120\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":18,\"w\":48,\"h\":23,\"i\":\"1572de47-24f7-4213-94b3-434636d95e1a\"},\"panelIndex\":\"1572de47-24f7-4213-94b3-434636d95e1a\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_1572de47-24f7-4213-94b3-434636d95e1a\"}]","timeRestore":false,"title":"ElastiFlow (flow): Top Conversations","version":1},"coreMigrationVersion":"8.2.0","id":"a3998237-07ba-4b06-bd44-2d0004b405ca","migrationVersion":{"dashboard":"8.2.0"},"references":[{"id":"b7435d4b-4e85-4460-8cda-e4bea7a79cb2","name":"cc147bf6-08ae-41d0-88b4-d4c0351789e1:panel_cc147bf6-08ae-41d0-88b4-d4c0351789e1","type":"visualization"},{"id":"3817ecad-b614-4b1a-8b55-1f49a307ead5","name":"174a192a-3f22-48f3-8cdc-375b74c1c732:panel_174a192a-3f22-48f3-8cdc-375b74c1c732","type":"visualization"},{"id":"b3a59822-c752-45ed-b321-fe35aa1edda7","name":"7fc41509-ba45-458a-a476-2fc5253a41fc:panel_7fc41509-ba45-458a-a476-2fc5253a41fc","type":"visualization"},{"id":"c98606ba-ede6-4d81-bada-77a96ea7ee6d","name":"4f63151a-e192-4b5c-8afb-dacef70daf21:panel_4f63151a-e192-4b5c-8afb-dacef70daf21","type":"visualization"},{"id":"498bfb87-b9d2-42ca-a91f-076362b2aaa1","name":"7f1aaf7d-d2f7-47eb-9749-8c14f03b3338:panel_7f1aaf7d-d2f7-47eb-9749-8c14f03b3338","type":"visualization"},{"id":"252eb2fb-a498-49a2-ac8a-c807f4942582","name":"839872e1-a7f8-42d2-9df0-d820e7dbe377:panel_839872e1-a7f8-42d2-9df0-d820e7dbe377","type":"visualization"},{"id":"1d4d0453-c9b5-486a-9732-be533d0462ed","name":"e9cb5578-4557-441b-abc8-02441855ba74:panel_e9cb5578-4557-441b-abc8-02441855ba74","type":"visualization"},{"id":"2a974000-47a6-404e-ac3c-37667c202cbd","name":"1c5a678d-6ebd-4ea0-ba2f-48f084a30120:panel_1c5a678d-6ebd-4ea0-ba2f-48f084a30120","type":"visualization"},{"id":"aa158060-bd29-45a4-8abb-a16bf51bd3a9","name":"1572de47-24f7-4213-94b3-434636d95e1a:panel_1572de47-24f7-4213-94b3-434636d95e1a","type":"visualization"}],"sort":[1675811601479,15063],"type":"dashboard","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY5MTYsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"term\":{\"network.transport\":\"udp\"}},{\"terms\":{\"source.port\":[17,19,53,69,111,123,137,161,389,520,751,1434,1645,1646,1812,1813,1900,3702,5093,5353,11211,27015,27960]}},{\"term\":{\"source.as.organization.name\":\"PRIVATE\"}}],\"must_not\":[{\"term\":{\"destination.as.organization.name\":\"PRIVATE\"}}]},\"meta\":{\"alias\":\"UDP Outbound\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"term\\\":{\\\"network.transport\\\":\\\"udp\\\"}},{\\\"terms\\\":{\\\"source.port\\\":[17,19,53,69,111,123,137,161,389,520,751,1434,1645,1646,1812,1813,1900,3702,5093,5353,11211,27015,27960]}},{\\\"term\\\":{\\\"source.as.organization.name\\\":\\\"PRIVATE\\\"}}],\\\"must_not\\\":[{\\\"term\\\":{\\\"destination.as.organization.name\\\":\\\"PRIVATE\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): UDP Amplification Sources (Outbound) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: UDP Amplification Sources (Outbound) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"source.ip\",\"customLabel\":\"Sources\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.src.l4.port.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Bytes\"},\"schema\":\"metric\"},{\"id\":\"6\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"Packets\"},\"schema\":\"metric\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"1ee65bbc-5e4d-405f-91fa-bc933077aa78","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1675811601479,15066],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY5MTcsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"term\":{\"client.as.organization.name\":\"PRIVATE\"}}],\"must_not\":[{\"term\":{\"server.as.organization.name\":\"PRIVATE\"}}]},\"meta\":{\"alias\":\"Outbound\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"term\\\":{\\\"client.as.organization.name\\\":\\\"PRIVATE\\\"}}],\\\"must_not\\\":[{\\\"term\\\":{\\\"server.as.organization.name\\\":\\\"PRIVATE\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Recon Port Scan (Outbound) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: Recon Port Scan (Outbound) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"server.port\",\"customLabel\":\"Ports\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"client.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"server.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"5c8378d9-ae6e-4daa-afe5-00d0ca7dcbc5","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1675811601479,15069],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY5MTgsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"terms\":{\"network.transport\":[\"icmp\",\"ipv6-icmp\"]}},{\"term\":{\"source.as.organization.name\":\"PRIVATE\"}},{\"term\":{\"destination.as.organization.name\":\"PRIVATE\"}}]},\"meta\":{\"alias\":\"ICMP Private\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"terms\\\":{\\\"network.transport\\\":[\\\"icmp\\\",\\\"ipv6-icmp\\\"]}},{\\\"term\\\":{\\\"source.as.organization.name\\\":\\\"PRIVATE\\\"}},{\\\"term\\\":{\\\"destination.as.organization.name\\\":\\\"PRIVATE\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): ICMP Messages Direct (Private) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: ICMP Messages Direct (Private) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Messages\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"3c7b0067-2c05-4bbe-ae61-69361c369c2f","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1675811601479,15072],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY5MTksMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"terms\":{\"destination.port\":[1494,3389]}},{\"range\":{\"destination.port\":{\"gte\":\"5900\",\"lte\":\"5904\"}}}]}},{\"term\":{\"source.as.organization.name\":\"PRIVATE\"}},{\"term\":{\"destination.as.organization.name\":\"PRIVATE\"}}],\"must_not\":[{\"terms\":{\"source.port\":[53,123,80,443,25,465,110,195,143,993]}}]},\"meta\":{\"alias\":\"Remote Desktop Private\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"bool\\\":{\\\"minimum_should_match\\\":1,\\\"should\\\":[{\\\"terms\\\":{\\\"destination.port\\\":[1494,3389]}},{\\\"range\\\":{\\\"destination.port\\\":{\\\"gte\\\":\\\"5900\\\",\\\"lte\\\":\\\"5904\\\"}}}]}},{\\\"term\\\":{\\\"source.as.organization.name\\\":\\\"PRIVATE\\\"}},{\\\"term\\\":{\\\"destination.as.organization.name\\\":\\\"PRIVATE\\\"}}],\\\"must_not\\\":[{\\\"terms\\\":{\\\"source.port\\\":[53,123,80,443,25,465,110,195,143,993]}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Remote Desktop Sessions (Private) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: Remote Desktop Sessions (Private) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"source.port\",\"customLabel\":\"Sessions\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.l4.port.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":15,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"ad2c9995-d9fb-46b3-a074-4bab05a18b05","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1675811601479,15075],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY5MjAsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"source.port\",\"negate\":false,\"params\":{\"query\":\"123\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match_phrase\":{\"source.port\":\"123\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"destination.port\",\"negate\":true,\"params\":{\"query\":\"123\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"match_phrase\":{\"destination.port\":\"123\"}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"event.dataset\",\"negate\":false,\"params\":[\"ipfix\",\"netflow\"],\"type\":\"phrases\",\"value\":\"ipfix, netflow\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"event.dataset\":\"ipfix\"}},{\"match_phrase\":{\"event.dataset\":\"netflow\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"network.transport\",\"negate\":false,\"params\":{\"query\":\"udp\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[3].meta.index\"},\"query\":{\"match_phrase\":{\"network.transport\":\"udp\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): NTP Responses by Server - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow (flow): NTP Responses by Server - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"Requests\",\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":24,\"otherBucket\":true,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"nestedLegend\":false,\"truncateLegend\":true,\"maxLegendLines\":1,\"emptySizeRatio\":0.3,\"legendSize\":180}}"},"coreMigrationVersion":"8.2.0","id":"9cdeab04-6247-407a-b442-83f672bdb809","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[3].meta.index","type":"index-pattern"}],"sort":[1675811918224,15751],"type":"visualization","updated_at":"2023-02-07T23:18:38.224Z","version":"Wzc0MzcsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"terms\":{\"network.transport\":[\"icmp\",\"ipv6-icmp\"]}}]},\"meta\":{\"alias\":\"icmp\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"terms\\\":{\\\"network.transport\\\":[\\\"icmp\\\",\\\"ipv6-icmp\\\"]}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): ICMP Messages - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":4,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: ICMP Messages - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"params\":{\"customLabel\":\"Messages\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"icmp.type.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"ICMP Type\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"icmp.code.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"-\",\"customLabel\":\"ICMP Code\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"afbde0ea-e19b-45ff-bbf6-d31821c8219b","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1675811601479,15084],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY5MjIsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Countries (bytes) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Countries (bytes) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Bytes\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"geo.country.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Country\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\"}}"},"coreMigrationVersion":"8.2.0","id":"d2d1b851-465b-4668-9153-109a81969625","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1675811601479,15086],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY5MjMsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"event.dataset\",\"negate\":false,\"params\":[\"ipfix\",\"netflow\"],\"type\":\"phrases\",\"value\":\"ipfix, netflow\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"event.dataset\":\"ipfix\"}},{\"match_phrase\":{\"event.dataset\":\"netflow\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":\"RADIUS AUTH Requests\",\"disabled\":false,\"key\":\"query\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"bool\\\":{\\\"minimum_should_match\\\":1,\\\"should\\\":[{\\\"match_phrase\\\":{\\\"destination.port\\\":\\\"1812\\\"}},{\\\"match_phrase\\\":{\\\"destination.port\\\":\\\"1645\\\"}}]}}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"destination.port\":\"1812\"}},{\"match_phrase\":{\"destination.port\":\"1645\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"network.transport\",\"negate\":false,\"params\":{\"query\":\"udp\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"match_phrase\":{\"network.transport\":\"udp\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): RADIUS AUTH Requests by Client - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: RADIUS AUTH Requests by Client - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"AUTH Requests\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":99,\"otherBucket\":true,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"9ecc87aa-682d-43e7-983e-1c9087563eda","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index","type":"index-pattern"}],"sort":[1675811601479,15091],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY5MjQsMl0="}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":false}","panelsJSON":"[{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":28,\"h\":4,\"i\":\"d619095b-7dad-453e-b571-34d2ca307aa9\"},\"panelIndex\":\"d619095b-7dad-453e-b571-34d2ca307aa9\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_d619095b-7dad-453e-b571-34d2ca307aa9\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":28,\"y\":0,\"w\":15,\"h\":4,\"i\":\"276285ec-4c9c-4562-b047-29c42089d967\"},\"panelIndex\":\"276285ec-4c9c-4562-b047-29c42089d967\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_276285ec-4c9c-4562-b047-29c42089d967\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":43,\"y\":0,\"w\":5,\"h\":4,\"i\":\"a8a1d1ae-20d8-4dd5-ac43-6474fe9bc700\"},\"panelIndex\":\"a8a1d1ae-20d8-4dd5-ac43-6474fe9bc700\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_a8a1d1ae-20d8-4dd5-ac43-6474fe9bc700\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":4,\"w\":9,\"h\":14,\"i\":\"856c4f8e-d7e7-4253-9f70-13b2222ac79c\"},\"panelIndex\":\"856c4f8e-d7e7-4253-9f70-13b2222ac79c\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_856c4f8e-d7e7-4253-9f70-13b2222ac79c\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":9,\"y\":4,\"w\":9,\"h\":6,\"i\":\"e32f2f97-3e35-4919-8a31-838a058c28c9\"},\"panelIndex\":\"e32f2f97-3e35-4919-8a31-838a058c28c9\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_e32f2f97-3e35-4919-8a31-838a058c28c9\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":18,\"y\":4,\"w\":30,\"h\":14,\"i\":\"e8f1a08c-5178-4f91-b08a-34a4b55e8198\"},\"panelIndex\":\"e8f1a08c-5178-4f91-b08a-34a4b55e8198\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_e8f1a08c-5178-4f91-b08a-34a4b55e8198\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":9,\"y\":10,\"w\":9,\"h\":6,\"i\":\"829e6b17-ca2e-4d9d-adab-33b7d20c9ee7\"},\"panelIndex\":\"829e6b17-ca2e-4d9d-adab-33b7d20c9ee7\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_829e6b17-ca2e-4d9d-adab-33b7d20c9ee7\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":9,\"y\":16,\"w\":9,\"h\":2,\"i\":\"a87dea77-17a3-413d-a3c2-c1d9c3f4a6c8\"},\"panelIndex\":\"a87dea77-17a3-413d-a3c2-c1d9c3f4a6c8\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_a87dea77-17a3-413d-a3c2-c1d9c3f4a6c8\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":18,\"w\":24,\"h\":23,\"i\":\"de2fe896-6d81-4440-9eeb-2b6c4925a8d2\"},\"panelIndex\":\"de2fe896-6d81-4440-9eeb-2b6c4925a8d2\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_de2fe896-6d81-4440-9eeb-2b6c4925a8d2\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":18,\"w\":24,\"h\":23,\"i\":\"f7e78a74-18c9-4a08-a71d-a60b5c2363bc\"},\"panelIndex\":\"f7e78a74-18c9-4a08-a71d-a60b5c2363bc\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_f7e78a74-18c9-4a08-a71d-a60b5c2363bc\"}]","timeRestore":false,"title":"ElastiFlow (flow): Top Applications","version":1},"coreMigrationVersion":"8.2.0","id":"b6e50103-6736-40f4-9041-5a9409feeae0","migrationVersion":{"dashboard":"8.2.0"},"references":[{"id":"b7435d4b-4e85-4460-8cda-e4bea7a79cb2","name":"d619095b-7dad-453e-b571-34d2ca307aa9:panel_d619095b-7dad-453e-b571-34d2ca307aa9","type":"visualization"},{"id":"f849b9ae-03df-4f6a-a9a0-e9c194411506","name":"276285ec-4c9c-4562-b047-29c42089d967:panel_276285ec-4c9c-4562-b047-29c42089d967","type":"visualization"},{"id":"b3a59822-c752-45ed-b321-fe35aa1edda7","name":"a8a1d1ae-20d8-4dd5-ac43-6474fe9bc700:panel_a8a1d1ae-20d8-4dd5-ac43-6474fe9bc700","type":"visualization"},{"id":"4329a6be-3c41-434c-b55b-9d1cfd98e404","name":"856c4f8e-d7e7-4253-9f70-13b2222ac79c:panel_856c4f8e-d7e7-4253-9f70-13b2222ac79c","type":"visualization"},{"id":"16bde5ae-70e6-4a32-9838-0c127c6e0fb3","name":"e32f2f97-3e35-4919-8a31-838a058c28c9:panel_e32f2f97-3e35-4919-8a31-838a058c28c9","type":"visualization"},{"id":"69a0a3bf-1b4f-47b9-b9f9-4a52faa66cc1","name":"e8f1a08c-5178-4f91-b08a-34a4b55e8198:panel_e8f1a08c-5178-4f91-b08a-34a4b55e8198","type":"visualization"},{"id":"9648f7de-710b-4293-b71c-bba434472ab6","name":"829e6b17-ca2e-4d9d-adab-33b7d20c9ee7:panel_829e6b17-ca2e-4d9d-adab-33b7d20c9ee7","type":"visualization"},{"id":"2a974000-47a6-404e-ac3c-37667c202cbd","name":"a87dea77-17a3-413d-a3c2-c1d9c3f4a6c8:panel_a87dea77-17a3-413d-a3c2-c1d9c3f4a6c8","type":"visualization"},{"id":"02f73a06-bf26-4df6-9f7d-b59690f7f50d","name":"de2fe896-6d81-4440-9eeb-2b6c4925a8d2:panel_de2fe896-6d81-4440-9eeb-2b6c4925a8d2","type":"visualization"},{"id":"48610072-036f-4992-91c4-7b8b5be79536","name":"f7e78a74-18c9-4a08-a71d-a60b5c2363bc:panel_f7e78a74-18c9-4a08-a71d-a60b5c2363bc","type":"visualization"}],"sort":[1675811601479,15102],"type":"dashboard","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY5MjUsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"term\":{\"network.transport\":\"tcp\"}}],\"must_not\":[{\"term\":{\"server.as.organization.name\":\"PRIVATE\"}},{\"term\":{\"client.as.organization.name\":\"PRIVATE\"}}]},\"meta\":{\"alias\":\"TCP Edge\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"term\\\":{\\\"network.transport\\\":\\\"tcp\\\"}}],\\\"must_not\\\":[{\\\"term\\\":{\\\"server.as.organization.name\\\":\\\"PRIVATE\\\"}},{\\\"term\\\":{\\\"client.as.organization.name\\\":\\\"PRIVATE\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): TCP Clients (Edge) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: TCP Clients (Edge) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"client.ip\",\"customLabel\":\"Clients\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"server.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.server.l4.port.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Bytes\"},\"schema\":\"metric\"},{\"id\":\"6\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"Packets\"},\"schema\":\"metric\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"17bdff34-8a23-4c16-8a1d-2fd476797b00","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1675811601479,15105],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY5MjYsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Flows (client AS/server AS) - Vega (sankey)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Flows (client AS/server AS) - Vega (sankey)\",\"type\":\"vega\",\"aggs\":[],\"params\":{\"spec\":\"{\\n  \\\"$schema\\\": \\\"https://vega.github.io/schema/vega/v3.0.json\\\",\\n  \\\"data\\\": [\\n    {\\n      \\\"name\\\": \\\"rawData\\\",\\n      \\\"url\\\": {\\n        \\\"%context%\\\": true,\\n        \\\"%timefield%\\\": \\\"@timestamp\\\",\\n        \\\"index\\\": \\\"elastiflow-*\\\",\\n        \\\"body\\\": {\\n          \\\"size\\\": 0,\\n          \\\"aggs\\\": {\\n            \\\"table\\\": {\\n              \\\"composite\\\": {\\n                \\\"size\\\": 1000,\\n                \\\"sources\\\": [\\n                  {\\\"stk1\\\": {\\\"terms\\\": {\\\"field\\\": \\\"flow.client.as.label\\\"}}},\\n                  {\\\"stk2\\\": {\\\"terms\\\": {\\\"field\\\": \\\"flow.server.as.label\\\"}}}\\n                ]\\n              },\\n        \\t\\t\\t\\\"aggs\\\": {\\n        \\t\\t\\t\\t\\\"bytes\\\": {\\n        \\t\\t\\t\\t\\t\\\"sum\\\": {\\n        \\t\\t\\t\\t\\t\\t\\\"field\\\": \\\"network.bytes\\\"\\n        \\t\\t\\t\\t\\t}\\n        \\t\\t\\t\\t}\\n        \\t\\t\\t}\\n            }\\n          }\\n        }\\n      },\\n      \\\"format\\\": {\\\"property\\\": \\\"aggregations.table.buckets\\\"},\\n      \\\"transform\\\": [\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.key.stk1\\\", \\\"as\\\": \\\"stk1\\\"},\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.key.stk2\\\", \\\"as\\\": \\\"stk2\\\"},\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.bytes.value\\\", \\\"as\\\": \\\"size\\\"}\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"nodes\\\",\\n      \\\"source\\\": \\\"rawData\\\",\\n      \\\"transform\\\": [\\n        {\\n          \\\"type\\\": \\\"filter\\\",\\n          \\\"expr\\\": \\\"!groupSelector || groupSelector.stk1 == datum.stk1 || groupSelector.stk2 == datum.stk2\\\"\\n        },\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.stk1+datum.stk2\\\", \\\"as\\\": \\\"key\\\"},\\n        {\\\"type\\\": \\\"fold\\\", \\\"fields\\\": [\\\"stk1\\\", \\\"stk2\\\"], \\\"as\\\": [\\\"stack\\\", \\\"grpId\\\"]},\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.stack == 'stk1' ? datum.stk1+datum.stk2 : datum.stk2+datum.stk1\\\",\\n          \\\"as\\\": \\\"sortField\\\"\\n        },\\n        {\\n          \\\"type\\\": \\\"stack\\\",\\n          \\\"groupby\\\": [\\\"stack\\\"],\\n          \\\"sort\\\": {\\\"field\\\": \\\"sortField\\\", \\\"order\\\": \\\"descending\\\"},\\n          \\\"field\\\": \\\"size\\\"\\n        },\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"(datum.y0+datum.y1)/2\\\", \\\"as\\\": \\\"yc\\\"}\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"groups\\\",\\n      \\\"source\\\": \\\"nodes\\\",\\n      \\\"transform\\\": [\\n        {\\n          \\\"type\\\": \\\"aggregate\\\",\\n          \\\"groupby\\\": [\\\"stack\\\", \\\"grpId\\\"],\\n          \\\"fields\\\": [\\\"size\\\"],\\n          \\\"ops\\\": [\\\"sum\\\"],\\n          \\\"as\\\": [\\\"total\\\"]\\n        },\\n        {\\n          \\\"type\\\": \\\"stack\\\",\\n          \\\"groupby\\\": [\\\"stack\\\"],\\n          \\\"sort\\\": {\\\"field\\\": \\\"grpId\\\", \\\"order\\\": \\\"descending\\\"},\\n          \\\"field\\\": \\\"total\\\"\\n        },\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"scale('y', datum.y0)\\\", \\\"as\\\": \\\"scaledY0\\\"},\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"scale('y', datum.y1)\\\", \\\"as\\\": \\\"scaledY1\\\"},\\n        {\\\"type\\\": \\\"formula\\\", \\\"expr\\\": \\\"datum.stack == 'stk1'\\\", \\\"as\\\": \\\"rightLabel\\\"},\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.total/domain('y')[1]\\\",\\n          \\\"as\\\": \\\"percentage\\\"\\n        }\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"destinationNodes\\\",\\n      \\\"source\\\": \\\"nodes\\\",\\n      \\\"transform\\\": [{\\\"type\\\": \\\"filter\\\", \\\"expr\\\": \\\"datum.stack == 'stk2'\\\"}]\\n    },\\n    {\\n      \\\"name\\\": \\\"edges\\\",\\n      \\\"source\\\": \\\"nodes\\\",\\n      \\\"transform\\\": [\\n        {\\\"type\\\": \\\"filter\\\", \\\"expr\\\": \\\"datum.stack == 'stk1'\\\"},\\n        {\\n          \\\"type\\\": \\\"lookup\\\",\\n          \\\"from\\\": \\\"destinationNodes\\\",\\n          \\\"key\\\": \\\"key\\\",\\n          \\\"fields\\\": [\\\"key\\\"],\\n          \\\"as\\\": [\\\"target\\\"]\\n        },\\n        {\\n          \\\"type\\\": \\\"linkpath\\\",\\n          \\\"orient\\\": \\\"horizontal\\\",\\n          \\\"shape\\\": \\\"diagonal\\\",\\n          \\\"sourceY\\\": {\\\"expr\\\": \\\"scale('y', datum.yc)\\\"},\\n          \\\"sourceX\\\": {\\\"expr\\\": \\\"scale('x', 'stk1') + bandwidth('x')\\\"},\\n          \\\"targetY\\\": {\\\"expr\\\": \\\"scale('y', datum.target.yc)\\\"},\\n          \\\"targetX\\\": {\\\"expr\\\": \\\"scale('x', 'stk2')\\\"}\\n        },\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"range('y')[0]-scale('y', datum.size)\\\",\\n          \\\"as\\\": \\\"strokeWidth\\\"\\n        },\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.size/domain('y')[1]\\\",\\n          \\\"as\\\": \\\"percentage\\\"\\n        }\\n      ]\\n    }\\n  ],\\n  \\\"scales\\\": [\\n    {\\n      \\\"name\\\": \\\"x\\\",\\n      \\\"type\\\": \\\"band\\\",\\n      \\\"range\\\": \\\"width\\\",\\n      \\\"domain\\\": [\\\"stk1\\\", \\\"stk2\\\"],\\n      \\\"paddingOuter\\\": 0.01,\\n      \\\"paddingInner\\\": 0.98\\n    },\\n    {\\n      \\\"name\\\": \\\"y\\\",\\n      \\\"type\\\": \\\"linear\\\",\\n      \\\"range\\\": \\\"height\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"nodes\\\", \\\"field\\\": \\\"y1\\\"}\\n    },\\n    {\\n      \\\"name\\\": \\\"color\\\",\\n      \\\"type\\\": \\\"ordinal\\\",\\n      \\\"range\\\": \\\"category\\\",\\n      \\\"domain\\\": {\\\"data\\\": \\\"rawData\\\", \\\"fields\\\": [\\\"stk1\\\",\\\"stk2\\\"]}\\n    },\\n    {\\n      \\\"name\\\": \\\"stackNames\\\",\\n      \\\"type\\\": \\\"ordinal\\\",\\n      \\\"range\\\": [\\\"Client AS\\\", \\\"Server AS\\\"],\\n      \\\"domain\\\": [\\\"stk1\\\", \\\"stk2\\\"]\\n    }\\n  ],\\n  \\\"axes\\\": [\\n    {\\n      \\\"orient\\\": \\\"bottom\\\",\\n      \\\"scale\\\": \\\"x\\\",\\n      \\\"labelColor\\\": {\\n        \\\"value\\\": \\\"#444444\\\"\\n      },\\n      \\\"encode\\\": {\\n        \\\"labels\\\": {\\n          \\\"update\\\": {\\n            \\\"text\\\": {\\\"scale\\\": \\\"stackNames\\\", \\\"field\\\": \\\"value\\\"},\\n            \\\"fontSize\\\": {\\\"value\\\": 14}\\n          }\\n        }\\n      }\\n    },\\n    {\\n      \\\"orient\\\": \\\"left\\\",\\n      \\\"scale\\\": \\\"y\\\",\\n      \\\"labelColor\\\": {\\n        \\\"value\\\": \\\"#444444\\\"\\n      },\\n      \\\"encode\\\": {\\n        \\\"labels\\\": {\\n          \\\"update\\\": {\\n            \\\"text\\\": {\\\"signal\\\": \\\"format(datum.value, '.2s') + 'B'\\\"},\\n            \\\"fontSize\\\": {\\\"value\\\": 12}\\n          }\\n        }\\n      }\\n    }\\n  ],\\n  \\\"marks\\\": [\\n    {\\n      \\\"type\\\": \\\"path\\\",\\n      \\\"name\\\": \\\"edgeMark\\\",\\n      \\\"from\\\": {\\\"data\\\": \\\"edges\\\"},\\n      \\\"clip\\\": true,\\n      \\\"encode\\\": {\\n        \\\"update\\\": {\\n          \\\"stroke\\\": [\\n            {\\n              \\\"test\\\": \\\"groupSelector && groupSelector.stack=='stk1'\\\",\\n              \\\"scale\\\": \\\"color\\\",\\n              \\\"field\\\": \\\"stk2\\\"\\n            },\\n            {\\\"scale\\\": \\\"color\\\", \\\"field\\\": \\\"stk1\\\"}\\n          ],\\n          \\\"strokeWidth\\\": {\\\"field\\\": \\\"strokeWidth\\\"},\\n          \\\"path\\\": {\\\"field\\\": \\\"path\\\"},\\n          \\\"strokeOpacity\\\": {\\n            \\\"signal\\\": \\\"!groupSelector && (groupHover.stk1 == datum.stk1 || groupHover.stk2 == datum.stk2) ? 0.8 : 0.4\\\"\\n          },\\n          \\\"zindex\\\": {\\n            \\\"signal\\\": \\\"!groupSelector && (groupHover.stk1 == datum.stk1 || groupHover.stk2 == datum.stk2) ? 1 : 0\\\"\\n          },\\n          \\\"tooltip\\\": {\\n            \\\"signal\\\": \\\"datum.stk1 + ' → ' + datum.stk2 + '    ' + format(datum.size, '.2s') + 'B (' + format(datum.percentage, '.1%') + ')'\\\"\\n          }\\n        },\\n        \\\"hover\\\": {\\\"strokeOpacity\\\": {\\\"value\\\": 0.8}}\\n      }\\n    },\\n    {\\n      \\\"type\\\": \\\"rect\\\",\\n      \\\"name\\\": \\\"groupMark\\\",\\n      \\\"from\\\": {\\\"data\\\": \\\"groups\\\"},\\n      \\\"encode\\\": {\\n        \\\"enter\\\": {\\n          \\\"fill\\\": {\\\"scale\\\": \\\"color\\\", \\\"field\\\": \\\"grpId\\\"},\\n          \\\"width\\\": {\\\"scale\\\": \\\"x\\\", \\\"band\\\": 1}\\n        },\\n        \\\"update\\\": {\\n          \\\"x\\\": {\\\"scale\\\": \\\"x\\\", \\\"field\\\": \\\"stack\\\"},\\n          \\\"y\\\": {\\\"field\\\": \\\"scaledY0\\\"},\\n          \\\"y2\\\": {\\\"field\\\": \\\"scaledY1\\\"},\\n          \\\"fillOpacity\\\": {\\\"value\\\": 0.7},\\n          \\\"tooltip\\\": {\\n            \\\"signal\\\": \\\"datum.grpId + '   ' + format(datum.total, '.2s') + 'B (' + format(datum.percentage, '.1%') + ')'\\\"\\n          }\\n        },\\n        \\\"hover\\\": {\\\"fillOpacity\\\": {\\\"value\\\": 1}}\\n      }\\n    },\\n    {\\n      \\\"type\\\": \\\"text\\\",\\n      \\\"from\\\": {\\\"data\\\": \\\"groups\\\"},\\n      \\\"interactive\\\": false,\\n      \\\"encode\\\": {\\n        \\\"update\\\": {\\n          \\\"x\\\": {\\n            \\\"signal\\\": \\\"scale('x', datum.stack) + (datum.rightLabel ? bandwidth('x') + 8 : -8)\\\"\\n          },\\n          \\\"yc\\\": {\\\"signal\\\": \\\"(datum.scaledY0 + datum.scaledY1)/2\\\"},\\n          \\\"align\\\": {\\\"signal\\\": \\\"datum.rightLabel ? 'left' : 'right'\\\"},\\n          \\\"baseline\\\": {\\\"value\\\": \\\"middle\\\"},\\n          \\\"fontWeight\\\": {\\\"value\\\": \\\"bold\\\"},\\n          \\\"fontSize\\\": {\\\"value\\\": 12},\\n          \\\"fill\\\": {\\\"value\\\": \\\"#222222\\\"},\\n          \\\"text\\\": {\\n            \\\"signal\\\": \\\"abs(datum.scaledY0-datum.scaledY1) > 10 ? datum.grpId : ''\\\"\\n          }\\n        }\\n      }\\n    },\\n    {\\n      \\\"type\\\": \\\"group\\\",\\n      \\\"data\\\": [\\n        {\\n          \\\"name\\\": \\\"dataForShowAll\\\",\\n          \\\"values\\\": [{}],\\n          \\\"transform\\\": [{\\\"type\\\": \\\"filter\\\", \\\"expr\\\": \\\"groupSelector\\\"}]\\n        }\\n      ],\\n      \\\"encode\\\": {\\n        \\\"enter\\\": {\\n          \\\"xc\\\": {\\\"signal\\\": \\\"width/2\\\"},\\n          \\\"y\\\": {\\\"value\\\": 30},\\n          \\\"width\\\": {\\\"value\\\": 100},\\n          \\\"height\\\": {\\\"value\\\": 36}\\n        }\\n      },\\n      \\\"marks\\\": [\\n        {\\n          \\\"type\\\": \\\"group\\\",\\n          \\\"name\\\": \\\"groupReset\\\",\\n          \\\"from\\\": {\\\"data\\\": \\\"dataForShowAll\\\"},\\n          \\\"encode\\\": {\\n            \\\"enter\\\": {\\n              \\\"cornerRadius\\\": {\\\"value\\\": 3.5},\\n              \\\"fill\\\": {\\\"value\\\": \\\"#666666\\\"},\\n              \\\"height\\\": {\\\"field\\\": {\\\"group\\\": \\\"height\\\"}},\\n              \\\"width\\\": {\\\"field\\\": {\\\"group\\\": \\\"width\\\"}}\\n            },\\n            \\\"update\\\": {\\\"opacity\\\": {\\\"value\\\": 1}},\\n            \\\"hover\\\": {\\\"fill\\\": {\\\"value\\\": \\\"#444444\\\"}}\\n          },\\n          \\\"marks\\\": [\\n            {\\n              \\\"type\\\": \\\"text\\\",\\n              \\\"interactive\\\": false,\\n              \\\"encode\\\": {\\n                \\\"enter\\\": {\\n                  \\\"xc\\\": {\\\"field\\\": {\\\"group\\\": \\\"width\\\"}, \\\"mult\\\": 0.5},\\n                  \\\"yc\\\": {\\\"field\\\": {\\\"group\\\": \\\"height\\\"}, \\\"mult\\\": 0.5, \\\"offset\\\": 1},\\n                  \\\"align\\\": {\\\"value\\\": \\\"center\\\"},\\n                  \\\"baseline\\\": {\\\"value\\\": \\\"middle\\\"},\\n                  \\\"text\\\": {\\\"value\\\": \\\"Show All\\\"},\\n                  \\\"fontSize\\\": {\\\"value\\\": 14},\\n                  \\\"stroke\\\": {\\\"value\\\": \\\"#ecf0f1\\\"}\\n                }\\n              }\\n            }\\n          ]\\n        }\\n      ]\\n    }\\n  ],\\n  \\\"signals\\\": [\\n    {\\n      \\\"name\\\": \\\"groupHover\\\",\\n      \\\"value\\\": {},\\n      \\\"on\\\": [\\n        {\\n          \\\"events\\\": \\\"@groupMark:mouseover\\\",\\n          \\\"update\\\": \\\"{stk1:datum.stack=='stk1' && datum.grpId, stk2:datum.stack=='stk2' && datum.grpId}\\\"\\n        },\\n        {\\\"events\\\": \\\"mouseout\\\", \\\"update\\\": \\\"{}\\\"}\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"groupSelector\\\",\\n      \\\"value\\\": false,\\n      \\\"on\\\": [\\n        {\\n          \\\"events\\\": \\\"@groupMark:click!\\\",\\n          \\\"update\\\": \\\"{stack:datum.stack, stk1:datum.stack=='stk1' && datum.grpId, stk2:datum.stack=='stk2' && datum.grpId}\\\"\\n        },\\n        {\\n          \\\"events\\\": [\\n            {\\\"type\\\": \\\"click\\\", \\\"markname\\\": \\\"groupReset\\\"},\\n            {\\\"type\\\": \\\"dblclick\\\"}\\n          ],\\n          \\\"update\\\": \\\"false\\\"\\n        }\\n      ]\\n    }\\n  ]\\n}\\n\"}}"},"coreMigrationVersion":"8.2.0","id":"773905b5-e24b-4f44-8f9c-a97aec925bb7","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,15106],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY5MjcsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Sources (bytes) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Sources (bytes) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Bytes\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\"}}"},"coreMigrationVersion":"8.2.0","id":"3b6c0293-c3e4-4f20-a01a-d765b595de5b","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1675811601479,15108],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY5MjgsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): NAV - Threats (DDoS Flood)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Threats (DDoS Flood)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"243e6f91-2230-4e05-bcdd-3fb4a0941bab\",\"type\":\"markdown\",\"series\":[{\"id\":\"51ea642f-d1a5-4d80-963e-5990c33fc8e0\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*-ecs-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"markdown\":\"[IP Reputation](#/dashboard/b9f81d8f-5f4a-4396-9372-de586cd9e67c) | [DDoS TCP](#/dashboard/0a0f816a-ee62-4e61-a458-3a8a85b0581e) | [**DDoS Flood**](#/dashboard/8e2524a2-77e5-4e50-a03f-5bd7cd508c91) | [RECON](#/dashboard/cd13df0e-7a98-4046-af75-f2b202fee2cb) | [Brute Force](#/dashboard/d4634492-bd35-4e08-bb5b-00c21163817d)\\n***\",\"markdown_css\":\"p{color:#aaaaaa;margin-top:0;margin-bottom:12px} p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none} p a strong{color:#1ba9f5;font-weight:bold} hr{background-color:#aaaaaa;margin:0;height:1px} a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"86ac2886-467a-4a2e-998c-a61c5487ec4c","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,15109],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY5MjksMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): ICMP Messages - metric","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: ICMP Messages - metric\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"value\":0,\"id\":\"3374bc0c-cb5c-4fce-943a-f37049156236\",\"background_color\":\"rgba(204,204,204,1)\",\"operator\":\"gte\"},{\"value\":200,\"id\":\"c17422fd-f5ec-4ec6-b841-adaaa6a32d63\",\"background_color\":\"rgba(68,170,255,1)\",\"operator\":\"gte\"},{\"value\":2000,\"id\":\"f581ce81-0463-4201-b122-a3d34fc5bee2\",\"background_color\":\"rgba(255,136,0,1)\",\"operator\":\"gte\"},{\"value\":20000,\"id\":\"0e11ceff-5cde-4958-a909-1a417e4c0e46\",\"background_color\":\"rgba(221,0,0,1)\",\"operator\":\"gte\"},{\"value\":null,\"id\":\"9b604366-0581-4dd9-bbf2-85b6f05354bf\",\"background_color\":\"rgba(204,204,204,1)\",\"operator\":\"empty\"}],\"filter\":{\"query\":\"(network.transport: \\\"icmp\\\" OR network.transport: \\\"ipv6-icmp\\\") AND NOT source.as.organization.name: \\\"PRIVATE\\\"\",\"language\":\"kuery\"},\"id\":\"243e6f91-2230-4e05-bcdd-3fb4a0941bab\",\"index_pattern\":\"elastiflow-flow-ecs-*\",\"interval\":\"\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"number\",\"id\":\"51ea642f-d1a5-4d80-963e-5990c33fc8e0\",\"label\":\"ICMP Messages\",\"line_width\":1,\"metrics\":[{\"id\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\",\"type\":\"sum\",\"field\":\"network.packets\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"kibana\",\"split_mode\":\"everything\",\"stacked\":\"none\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"time_range_mode\":\"entire_time_range\",\"tooltip_mode\":\"show_all\",\"type\":\"metric\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"d8a49b06-5fac-4c32-9d10-d49fad483ef3","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,15110],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY5MzAsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): ICMP Sources - metric","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: ICMP Sources - metric\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"axis_scale\":\"normal\",\"background_color_rules\":[{\"value\":0,\"id\":\"3374bc0c-cb5c-4fce-943a-f37049156236\",\"background_color\":\"rgba(204,204,204,1)\",\"operator\":\"gte\"},{\"value\":500,\"id\":\"c17422fd-f5ec-4ec6-b841-adaaa6a32d63\",\"background_color\":\"rgba(68,170,255,1)\",\"operator\":\"gte\"},{\"value\":5000,\"id\":\"f581ce81-0463-4201-b122-a3d34fc5bee2\",\"background_color\":\"rgba(255,136,0,1)\",\"operator\":\"gte\"},{\"value\":50000,\"id\":\"0e11ceff-5cde-4958-a909-1a417e4c0e46\",\"background_color\":\"rgba(221,0,0,1)\",\"operator\":\"gte\"},{\"value\":null,\"id\":\"1642677b-0281-4600-bfec-aca645a8573a\",\"background_color\":\"rgba(204,204,204,1)\",\"operator\":\"empty\"}],\"filter\":{\"query\":\"(network.transport: \\\"icmp\\\" OR network.transport: \\\"ipv6-icmp\\\") AND NOT source.as.organization.name: \\\"PRIVATE\\\"\",\"language\":\"kuery\"},\"id\":\"243e6f91-2230-4e05-bcdd-3fb4a0941bab\",\"index_pattern\":\"elastiflow-flow-ecs-*\",\"interval\":\"\",\"isModelInvalid\":false,\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"line\",\"color\":\"#68BC00\",\"fill\":0.5,\"formatter\":\"number\",\"id\":\"51ea642f-d1a5-4d80-963e-5990c33fc8e0\",\"label\":\"ICMP Sources\",\"line_width\":1,\"metrics\":[{\"id\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\",\"type\":\"cardinality\",\"field\":\"source.ip\"}],\"point_size\":1,\"separate_axis\":0,\"split_color_mode\":\"kibana\",\"split_mode\":\"everything\",\"stacked\":\"none\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"time_range_mode\":\"entire_time_range\",\"tooltip_mode\":\"show_all\",\"type\":\"metric\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"3fab8223-7123-4ded-812d-9a15184211a5","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,15111],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY5MzEsMl0="}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":false}","panelsJSON":"[{\"version\":\"7.14.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":28,\"h\":4,\"i\":\"87e72168-6981-442c-a8af-25c39e5db52f\"},\"panelIndex\":\"87e72168-6981-442c-a8af-25c39e5db52f\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_87e72168-6981-442c-a8af-25c39e5db52f\"},{\"version\":\"7.14.0\",\"type\":\"visualization\",\"gridData\":{\"x\":28,\"y\":0,\"w\":15,\"h\":4,\"i\":\"c532a182-3b87-4882-8a80-8dd2e21a65fc\"},\"panelIndex\":\"c532a182-3b87-4882-8a80-8dd2e21a65fc\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_c532a182-3b87-4882-8a80-8dd2e21a65fc\"},{\"version\":\"7.14.0\",\"type\":\"visualization\",\"gridData\":{\"x\":43,\"y\":0,\"w\":5,\"h\":4,\"i\":\"700597a0-0303-4f5b-bd79-e4aab7265315\"},\"panelIndex\":\"700597a0-0303-4f5b-bd79-e4aab7265315\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_700597a0-0303-4f5b-bd79-e4aab7265315\"},{\"version\":\"7.14.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":4,\"w\":8,\"h\":5,\"i\":\"c1276a14-bf7e-4918-929a-64910f39dd74\"},\"panelIndex\":\"c1276a14-bf7e-4918-929a-64910f39dd74\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_c1276a14-bf7e-4918-929a-64910f39dd74\"},{\"version\":\"7.14.0\",\"type\":\"visualization\",\"gridData\":{\"x\":8,\"y\":4,\"w\":8,\"h\":5,\"i\":\"93b69416-6cf0-43f6-8875-7c84dd1ccdde\"},\"panelIndex\":\"93b69416-6cf0-43f6-8875-7c84dd1ccdde\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_93b69416-6cf0-43f6-8875-7c84dd1ccdde\"},{\"version\":\"7.14.0\",\"type\":\"visualization\",\"gridData\":{\"x\":16,\"y\":4,\"w\":8,\"h\":5,\"i\":\"535c61af-be37-451b-b6fe-ac113ea4cae6\"},\"panelIndex\":\"535c61af-be37-451b-b6fe-ac113ea4cae6\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_535c61af-be37-451b-b6fe-ac113ea4cae6\"},{\"version\":\"7.14.0\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":4,\"w\":8,\"h\":5,\"i\":\"60fee453-96df-4007-97c2-f969de124e3a\"},\"panelIndex\":\"60fee453-96df-4007-97c2-f969de124e3a\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_60fee453-96df-4007-97c2-f969de124e3a\"},{\"version\":\"7.14.0\",\"type\":\"visualization\",\"gridData\":{\"x\":32,\"y\":4,\"w\":8,\"h\":5,\"i\":\"a2b5c8c3-3394-456c-a501-be08ff7f5b8e\"},\"panelIndex\":\"a2b5c8c3-3394-456c-a501-be08ff7f5b8e\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_a2b5c8c3-3394-456c-a501-be08ff7f5b8e\"},{\"version\":\"7.14.0\",\"type\":\"visualization\",\"gridData\":{\"x\":40,\"y\":4,\"w\":8,\"h\":5,\"i\":\"3877d719-649e-45db-9014-5e7843660ce4\"},\"panelIndex\":\"3877d719-649e-45db-9014-5e7843660ce4\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_3877d719-649e-45db-9014-5e7843660ce4\"},{\"version\":\"7.14.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":9,\"w\":22,\"h\":32,\"i\":\"c8600a0b-1ea5-4393-80a2-74d9020aabb7\"},\"panelIndex\":\"c8600a0b-1ea5-4393-80a2-74d9020aabb7\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{}},\"title\":\"UDP Amplification (Public)\",\"panelRefName\":\"panel_c8600a0b-1ea5-4393-80a2-74d9020aabb7\"},{\"version\":\"7.14.0\",\"type\":\"visualization\",\"gridData\":{\"x\":22,\"y\":9,\"w\":15,\"h\":32,\"i\":\"31f3e8cd-7551-4703-aef3-760884b73ee7\"},\"panelIndex\":\"31f3e8cd-7551-4703-aef3-760884b73ee7\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{},\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"title\":\"ICMP Messages (Public)\",\"panelRefName\":\"panel_31f3e8cd-7551-4703-aef3-760884b73ee7\"},{\"version\":\"7.14.0\",\"type\":\"visualization\",\"gridData\":{\"x\":37,\"y\":9,\"w\":11,\"h\":32,\"i\":\"9b167209-b1d9-4d0b-b5f5-af8d3285bf9d\"},\"panelIndex\":\"9b167209-b1d9-4d0b-b5f5-af8d3285bf9d\",\"embeddableConfig\":{\"hidePanelTitles\":false,\"enhancements\":{},\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}},\"title\":\"ICMP Sources (Public)\",\"panelRefName\":\"panel_9b167209-b1d9-4d0b-b5f5-af8d3285bf9d\"}]","timeRestore":false,"title":"ElastiFlow (flow): Threats (DDoS Flood)","version":1},"coreMigrationVersion":"8.2.0","id":"8e2524a2-77e5-4e50-a03f-5bd7cd508c91","migrationVersion":{"dashboard":"8.2.0"},"references":[{"id":"a2268641-0cea-4dad-9ba4-0a4becaf2349","name":"87e72168-6981-442c-a8af-25c39e5db52f:panel_87e72168-6981-442c-a8af-25c39e5db52f","type":"visualization"},{"id":"86ac2886-467a-4a2e-998c-a61c5487ec4c","name":"c532a182-3b87-4882-8a80-8dd2e21a65fc:panel_c532a182-3b87-4882-8a80-8dd2e21a65fc","type":"visualization"},{"id":"b3a59822-c752-45ed-b321-fe35aa1edda7","name":"700597a0-0303-4f5b-bd79-e4aab7265315:panel_700597a0-0303-4f5b-bd79-e4aab7265315","type":"visualization"},{"id":"830a5905-13c8-44c1-81b3-d386512ecf57","name":"c1276a14-bf7e-4918-929a-64910f39dd74:panel_c1276a14-bf7e-4918-929a-64910f39dd74","type":"visualization"},{"id":"6906a606-6f4c-4c7b-b20b-18c7ec43b90c","name":"93b69416-6cf0-43f6-8875-7c84dd1ccdde:panel_93b69416-6cf0-43f6-8875-7c84dd1ccdde","type":"visualization"},{"id":"b937c42c-931d-49a1-b06a-4942513fc749","name":"535c61af-be37-451b-b6fe-ac113ea4cae6:panel_535c61af-be37-451b-b6fe-ac113ea4cae6","type":"visualization"},{"id":"c6993460-ad23-4452-8a71-4a9aec6d43c1","name":"60fee453-96df-4007-97c2-f969de124e3a:panel_60fee453-96df-4007-97c2-f969de124e3a","type":"visualization"},{"id":"d8a49b06-5fac-4c32-9d10-d49fad483ef3","name":"a2b5c8c3-3394-456c-a501-be08ff7f5b8e:panel_a2b5c8c3-3394-456c-a501-be08ff7f5b8e","type":"visualization"},{"id":"3fab8223-7123-4ded-812d-9a15184211a5","name":"3877d719-649e-45db-9014-5e7843660ce4:panel_3877d719-649e-45db-9014-5e7843660ce4","type":"visualization"},{"id":"e90a8835-2cca-4f73-9c04-2dd0c0382a3b","name":"c8600a0b-1ea5-4393-80a2-74d9020aabb7:panel_c8600a0b-1ea5-4393-80a2-74d9020aabb7","type":"visualization"},{"id":"14090489-9558-40a9-94cc-235664a84df4","name":"31f3e8cd-7551-4703-aef3-760884b73ee7:panel_31f3e8cd-7551-4703-aef3-760884b73ee7","type":"visualization"},{"id":"d9b0e614-a901-4ec7-aa27-a43191c84db5","name":"9b167209-b1d9-4d0b-b5f5-af8d3285bf9d:panel_9b167209-b1d9-4d0b-b5f5-af8d3285bf9d","type":"visualization"}],"sort":[1675811601479,15124],"type":"dashboard","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY5MzIsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Cities (bytes) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Cities (bytes) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Bytes\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"geo.city.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"City\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\"}}"},"coreMigrationVersion":"8.2.0","id":"aaf53025-663d-4219-8e1f-268dac522e55","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1675811601479,15126],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY5MzMsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): NAV - Core Services (NTP)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Core Services (NTP)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"243e6f91-2230-4e05-bcdd-3fb4a0941bab\",\"type\":\"markdown\",\"series\":[{\"id\":\"51ea642f-d1a5-4d80-963e-5990c33fc8e0\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*-ecs-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"markdown\":\"[DNS](#/dashboard/7bba2030-1878-4d50-a9c4-21372a9a3c73) | [DHCP](#/dashboard/2bed80e1-8261-4848-b58e-55e065089e12) | \\n[RADIUS](#/dashboard/e143d802-f5ae-433c-8dce-07dd5726d7e9) | \\n[LDAP](#/dashboard/104fd74b-929f-4d74-a9af-7a07273da4f2) | [**NTP**](#/dashboard/4489cb79-2538-4d11-b976-516d94999050)\\n***\",\"markdown_css\":\"p{color:#aaaaaa;margin-top:0;margin-bottom:12px} p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none} p a strong{color:#1ba9f5;font-weight:bold} hr{background-color:#aaaaaa;margin:0;height:1px} a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"4e04f864-c50e-4253-8c8a-6b10fcafa19e","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,15127],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY5MzQsMl0="}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":false}","panelsJSON":"[{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":28,\"h\":4,\"i\":\"adbc3d93-667c-4e3a-b541-2aa499025164\"},\"panelIndex\":\"adbc3d93-667c-4e3a-b541-2aa499025164\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_adbc3d93-667c-4e3a-b541-2aa499025164\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":28,\"y\":0,\"w\":15,\"h\":4,\"i\":\"fa96a796-5adf-408a-a53d-83ff3866f869\"},\"panelIndex\":\"fa96a796-5adf-408a-a53d-83ff3866f869\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_fa96a796-5adf-408a-a53d-83ff3866f869\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":43,\"y\":0,\"w\":5,\"h\":4,\"i\":\"28249447-0b83-47e6-bbdf-0d12e957777d\"},\"panelIndex\":\"28249447-0b83-47e6-bbdf-0d12e957777d\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_28249447-0b83-47e6-bbdf-0d12e957777d\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":4,\"w\":7,\"h\":5,\"i\":\"fef32558-bd53-410e-8484-768e01b7eabd\"},\"panelIndex\":\"fef32558-bd53-410e-8484-768e01b7eabd\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_fef32558-bd53-410e-8484-768e01b7eabd\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":7,\"y\":4,\"w\":7,\"h\":5,\"i\":\"909ac0cd-a45b-4f09-b4ae-86aa4d95d355\"},\"panelIndex\":\"909ac0cd-a45b-4f09-b4ae-86aa4d95d355\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_909ac0cd-a45b-4f09-b4ae-86aa4d95d355\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":14,\"y\":4,\"w\":7,\"h\":5,\"i\":\"02c7f686-3860-4f25-b0ed-3232c2f4a4c3\"},\"panelIndex\":\"02c7f686-3860-4f25-b0ed-3232c2f4a4c3\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_02c7f686-3860-4f25-b0ed-3232c2f4a4c3\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":21,\"y\":4,\"w\":27,\"h\":14,\"i\":\"6bd2e9d8-9b10-4fbe-80d4-aa8d9a6667f8\"},\"panelIndex\":\"6bd2e9d8-9b10-4fbe-80d4-aa8d9a6667f8\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_6bd2e9d8-9b10-4fbe-80d4-aa8d9a6667f8\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":9,\"w\":10,\"h\":9,\"i\":\"b094df50-9065-4d92-93fc-9161778cd043\"},\"panelIndex\":\"b094df50-9065-4d92-93fc-9161778cd043\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_b094df50-9065-4d92-93fc-9161778cd043\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":10,\"y\":9,\"w\":10,\"h\":9,\"i\":\"e270f475-20f0-4004-bbdb-32865dd710c1\"},\"panelIndex\":\"e270f475-20f0-4004-bbdb-32865dd710c1\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_e270f475-20f0-4004-bbdb-32865dd710c1\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":20,\"y\":9,\"w\":1,\"h\":9,\"i\":\"585547ed-4a97-479b-9e64-e887a0f1bf9f\"},\"panelIndex\":\"585547ed-4a97-479b-9e64-e887a0f1bf9f\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_585547ed-4a97-479b-9e64-e887a0f1bf9f\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":18,\"w\":8,\"h\":23,\"i\":\"cae6dfc3-1f94-481e-90cf-4f32feb6363d\"},\"panelIndex\":\"cae6dfc3-1f94-481e-90cf-4f32feb6363d\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_cae6dfc3-1f94-481e-90cf-4f32feb6363d\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":8,\"y\":18,\"w\":8,\"h\":23,\"i\":\"d7aaf598-a43c-4cff-abd0-27b157c6bb37\"},\"panelIndex\":\"d7aaf598-a43c-4cff-abd0-27b157c6bb37\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_d7aaf598-a43c-4cff-abd0-27b157c6bb37\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":16,\"y\":18,\"w\":8,\"h\":23,\"i\":\"a7be9771-182a-4b04-9f0e-e14b336bf106\"},\"panelIndex\":\"a7be9771-182a-4b04-9f0e-e14b336bf106\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_a7be9771-182a-4b04-9f0e-e14b336bf106\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":18,\"w\":8,\"h\":23,\"i\":\"18dd85e7-92f5-4613-a604-b7b543e24269\"},\"panelIndex\":\"18dd85e7-92f5-4613-a604-b7b543e24269\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_18dd85e7-92f5-4613-a604-b7b543e24269\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":32,\"y\":18,\"w\":9,\"h\":23,\"i\":\"32822e7e-b705-43b3-8ff4-857a8eb1bb43\"},\"panelIndex\":\"32822e7e-b705-43b3-8ff4-857a8eb1bb43\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_32822e7e-b705-43b3-8ff4-857a8eb1bb43\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":41,\"y\":18,\"w\":7,\"h\":23,\"i\":\"602ed67c-c85d-4518-968a-d0d123abe072\"},\"panelIndex\":\"602ed67c-c85d-4518-968a-d0d123abe072\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_602ed67c-c85d-4518-968a-d0d123abe072\"}]","timeRestore":false,"title":"ElastiFlow (flow): Core Services (NTP)","version":1},"coreMigrationVersion":"8.2.0","id":"4489cb79-2538-4d11-b976-516d94999050","migrationVersion":{"dashboard":"8.2.0"},"references":[{"id":"f86c51c3-069d-4973-8789-e15fbe01fa77","name":"adbc3d93-667c-4e3a-b541-2aa499025164:panel_adbc3d93-667c-4e3a-b541-2aa499025164","type":"visualization"},{"id":"4e04f864-c50e-4253-8c8a-6b10fcafa19e","name":"fa96a796-5adf-408a-a53d-83ff3866f869:panel_fa96a796-5adf-408a-a53d-83ff3866f869","type":"visualization"},{"id":"b3a59822-c752-45ed-b321-fe35aa1edda7","name":"28249447-0b83-47e6-bbdf-0d12e957777d:panel_28249447-0b83-47e6-bbdf-0d12e957777d","type":"visualization"},{"id":"23ece8dd-118a-465d-8b87-0c71d6d7b156","name":"fef32558-bd53-410e-8484-768e01b7eabd:panel_fef32558-bd53-410e-8484-768e01b7eabd","type":"visualization"},{"id":"b6a37e54-24ac-4cf7-b680-95f7e9fc4c48","name":"909ac0cd-a45b-4f09-b4ae-86aa4d95d355:panel_909ac0cd-a45b-4f09-b4ae-86aa4d95d355","type":"visualization"},{"id":"1fa1ca46-f3f8-484c-a4e9-14b86ae5ac54","name":"02c7f686-3860-4f25-b0ed-3232c2f4a4c3:panel_02c7f686-3860-4f25-b0ed-3232c2f4a4c3","type":"visualization"},{"id":"c86cf81c-426e-4e0c-a3fd-8867b882ad06","name":"6bd2e9d8-9b10-4fbe-80d4-aa8d9a6667f8:panel_6bd2e9d8-9b10-4fbe-80d4-aa8d9a6667f8","type":"visualization"},{"id":"c5f99ad0-e124-409a-b25c-53b19e90a2a2","name":"b094df50-9065-4d92-93fc-9161778cd043:panel_b094df50-9065-4d92-93fc-9161778cd043","type":"visualization"},{"id":"9cdeab04-6247-407a-b442-83f672bdb809","name":"e270f475-20f0-4004-bbdb-32865dd710c1:panel_e270f475-20f0-4004-bbdb-32865dd710c1","type":"visualization"},{"id":"2a974000-47a6-404e-ac3c-37667c202cbd","name":"585547ed-4a97-479b-9e64-e887a0f1bf9f:panel_585547ed-4a97-479b-9e64-e887a0f1bf9f","type":"visualization"},{"id":"6c281561-a62f-4de5-b530-127e7000445f","name":"cae6dfc3-1f94-481e-90cf-4f32feb6363d:panel_cae6dfc3-1f94-481e-90cf-4f32feb6363d","type":"visualization"},{"id":"69e7dfdb-968e-4338-8136-abf1de8e306f","name":"d7aaf598-a43c-4cff-abd0-27b157c6bb37:panel_d7aaf598-a43c-4cff-abd0-27b157c6bb37","type":"visualization"},{"id":"fc89185c-ccf2-44fd-8508-f71dd89f3b01","name":"a7be9771-182a-4b04-9f0e-e14b336bf106:panel_a7be9771-182a-4b04-9f0e-e14b336bf106","type":"visualization"},{"id":"86a2cc1e-15df-45ab-a1aa-3e66bf0301dd","name":"18dd85e7-92f5-4613-a604-b7b543e24269:panel_18dd85e7-92f5-4613-a604-b7b543e24269","type":"visualization"},{"id":"c95fd75a-47db-4254-bdcc-b5a7b11466ca","name":"32822e7e-b705-43b3-8ff4-857a8eb1bb43:panel_32822e7e-b705-43b3-8ff4-857a8eb1bb43","type":"visualization"},{"id":"72a6107b-f95a-4262-9ac7-851d399e8127","name":"602ed67c-c85d-4518-968a-d0d123abe072:panel_602ed67c-c85d-4518-968a-d0d123abe072","type":"visualization"}],"sort":[1675811601479,15144],"type":"dashboard","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY5MzUsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"terms\":{\"destination.port\":[22,23,1494,3389]}},{\"range\":{\"destination.port\":{\"gte\":\"5900\",\"lte\":\"5904\"}}}]}},{\"term\":{\"destination.as.organization.name\":\"PRIVATE\"}}],\"must_not\":[{\"term\":{\"source.as.organization.name\":\"PRIVATE\"}},{\"terms\":{\"source.port\":[53,123,80,443,25,465,110,195,143,993]}}]},\"meta\":{\"alias\":\"Brute Force Inbound\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"bool\\\":{\\\"should\\\":[{\\\"terms\\\":{\\\"destination.port\\\":[22,23,1494,3389]}},{\\\"range\\\":{\\\"destination.port\\\":{\\\"gte\\\":\\\"5900\\\",\\\"lte\\\":\\\"5904\\\"}}}],\\\"minimum_should_match\\\":1}},{\\\"term\\\":{\\\"destination.as.organization.name\\\":\\\"PRIVATE\\\"}}],\\\"must_not\\\":[{\\\"term\\\":{\\\"source.as.organization.name\\\":\\\"PRIVATE\\\"}},{\\\"terms\\\":{\\\"source.port\\\":[53,123,80,443,25,465,110,195,143,993]}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Brute Force Sessions (Inbound) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: Brute Force Sessions (Inbound) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"source.port\",\"customLabel\":\"Sessions\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.dst.l4.port.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":20,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"7121fbdc-95da-42e6-a39e-732070625c6a","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1675811601479,15147],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY5MzYsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must_not\":[{\"term\":{\"client.as.organization.name\":\"PRIVATE\"}},{\"term\":{\"server.as.organization.name\":\"PRIVATE\"}}]},\"meta\":{\"alias\":\"Edge\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must_not\\\":[{\\\"term\\\":{\\\"client.as.organization.name\\\":\\\"PRIVATE\\\"}},{\\\"term\\\":{\\\"server.as.organization.name\\\":\\\"PRIVATE\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Recon Port Scan (Edge) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: Recon Port Scan (Edge) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"server.port\",\"customLabel\":\"Ports\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"client.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"},\"schema\":\"bucket\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"server.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"74465791-1ea9-4385-92e0-6333e19370fb","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1675811601479,15150],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY5MzcsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"event.dataset\",\"negate\":false,\"params\":[\"ipfix\",\"netflow\"],\"type\":\"phrases\",\"value\":\"ipfix, netflow\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"event.dataset\":\"ipfix\"}},{\"match_phrase\":{\"event.dataset\":\"netflow\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":\"RADIUS AUTH Responses\",\"disabled\":false,\"key\":\"query\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"bool\\\":{\\\"minimum_should_match\\\":1,\\\"should\\\":[{\\\"match_phrase\\\":{\\\"source.port\\\":\\\"1812\\\"}},{\\\"match_phrase\\\":{\\\"source.port\\\":\\\"1645\\\"}}]}}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"source.port\":\"1812\"}},{\"match_phrase\":{\"source.port\":\"1645\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"network.transport\",\"negate\":false,\"params\":{\"query\":\"udp\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"match_phrase\":{\"network.transport\":\"udp\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): RADIUS AUTH Responses by Server - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: RADIUS AUTH Responses by Server - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"AUTH Responses\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":99,\"otherBucket\":true,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"RADIUS Server\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"15435c26-c2ce-455a-a735-9ed6b01d62d0","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index","type":"index-pattern"}],"sort":[1675811601479,15155],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY5MzgsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"term\":{\"network.transport\":\"tcp\"}},{\"term\":{\"server.as.organization.name\":\"PRIVATE\"}}],\"must_not\":[{\"term\":{\"client.as.organization.name\":\"PRIVATE\"}}]},\"meta\":{\"alias\":\"TCP Inbound\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"term\\\":{\\\"network.transport\\\":\\\"tcp\\\"}},{\\\"term\\\":{\\\"server.as.organization.name\\\":\\\"PRIVATE\\\"}}],\\\"must_not\\\":[{\\\"term\\\":{\\\"client.as.organization.name\\\":\\\"PRIVATE\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): TCP Clients (Inbound) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: TCP Clients (Inbound) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"client.ip\",\"customLabel\":\"Clients\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"server.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server\"},\"schema\":\"bucket\"},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"flow.server.l4.port.name\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"},\"schema\":\"bucket\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"network.bytes\",\"customLabel\":\"Bytes\"},\"schema\":\"metric\"},{\"id\":\"6\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"Packets\"},\"schema\":\"metric\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"e21947a3-ee17-466e-9f7d-670a80fc1910","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1675811601479,15158],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY5MzksMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): NAV - Core Services (RADIUS)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: NAV - Core Services (RADIUS)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"243e6f91-2230-4e05-bcdd-3fb4a0941bab\",\"type\":\"markdown\",\"series\":[{\"id\":\"51ea642f-d1a5-4d80-963e-5990c33fc8e0\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-*-ecs-*\",\"interval\":\"\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"markdown\":\"[DNS](#/dashboard/7bba2030-1878-4d50-a9c4-21372a9a3c73) | [DHCP](#/dashboard/2bed80e1-8261-4848-b58e-55e065089e12) | \\n[**RADIUS**](#/dashboard/e143d802-f5ae-433c-8dce-07dd5726d7e9) | \\n[LDAP](#/dashboard/104fd74b-929f-4d74-a9af-7a07273da4f2) | [NTP](#/dashboard/4489cb79-2538-4d11-b976-516d94999050)\\n***\",\"markdown_css\":\"p{color:#aaaaaa;margin-top:0;margin-bottom:12px} p a{color:#888888;font-size:14px;font-weight:bold;text-decoration:none} p a strong{color:#1ba9f5;font-weight:bold} hr{background-color:#aaaaaa;margin:0;height:1px} a:hover{opacity:.7}\",\"markdown_vertical_align\":\"middle\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true,\"drop_last_bucket\":1}}"},"coreMigrationVersion":"8.2.0","id":"4a0718d4-6e5b-4494-9474-badab447f791","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,15159],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY5NDAsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): Threat Intelligence Notice","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Threat Intelligence Notice\",\"type\":\"markdown\",\"aggs\":[],\"params\":{\"fontSize\":12,\"openLinksInNewTab\":false,\"markdown\":\"# This Panel requires Threat Intelligence information which will be available in Beta 3.\"}}"},"coreMigrationVersion":"8.2.0","id":"5cd2a49e-9435-41cd-9458-69076f552ae7","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,15160],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY5NDEsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Sources (packets) - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: Sources (packets) - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"Packets\"},\"schema\":\"metric\"},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":25,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\"}}"},"coreMigrationVersion":"8.2.0","id":"eb7e4728-36bd-46a6-bd62-4b74d562dc21","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"}],"sort":[1675811601479,15162],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY5NDIsMl0="}
{"attributes":{"fieldAttrs":"{}","fields":"[]","runtimeFieldMap":"{}","timeFieldName":"@timestamp","title":"elastiflow-telemetry_flow-ecs-*","typeMeta":"{}"},"coreMigrationVersion":"8.2.0","id":"elastiflow-telemetry_flow-ecs-*","migrationVersion":{"index-pattern":"8.0.0"},"references":[],"sort":[1675811601479,15163],"type":"index-pattern","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY5NDMsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":\"RADIUS AUTH Requests\",\"disabled\":false,\"key\":\"query\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"bool\\\":{\\\"should\\\":[{\\\"match_phrase\\\":{\\\"destination.port\\\":\\\"1812\\\"}},{\\\"match_phrase\\\":{\\\"destination.port\\\":\\\"1645\\\"}}],\\\"minimum_should_match\\\":1}}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"destination.port\":\"1812\"}},{\"match_phrase\":{\"destination.port\":\"1645\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"event.dataset\",\"negate\":false,\"params\":[\"ipfix\",\"netflow\"],\"type\":\"phrases\",\"value\":\"ipfix, netflow\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"event.dataset\":\"ipfix\"}},{\"match_phrase\":{\"event.dataset\":\"netflow\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"network.transport\",\"negate\":false,\"params\":{\"query\":\"udp\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"match_phrase\":{\"network.transport\":\"udp\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): RADIUS AUTH Requests by Server - donut","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow (flow): RADIUS AUTH Requests by Server - donut\",\"type\":\"pie\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"AUTH Requests\",\"emptyAsNull\":false},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":24,\"otherBucket\":true,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"RADIUS Server\"},\"schema\":\"segment\"}],\"params\":{\"type\":\"pie\",\"addTooltip\":true,\"legendPosition\":\"right\",\"isDonut\":true,\"labels\":{\"show\":false,\"values\":true,\"last_level\":true,\"truncate\":100},\"palette\":{\"type\":\"palette\",\"name\":\"kibana_palette\"},\"distinctColors\":true,\"legendDisplay\":\"show\",\"nestedLegend\":false,\"truncateLegend\":true,\"maxLegendLines\":1,\"emptySizeRatio\":0.3,\"legendSize\":180}}"},"coreMigrationVersion":"8.2.0","id":"cabc31cb-369d-4752-817b-f2ee2125206c","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index","type":"index-pattern"}],"sort":[1675811817738,15566],"type":"visualization","updated_at":"2023-02-07T23:16:57.738Z","version":"WzcyNzMsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"event.dataset\",\"negate\":false,\"params\":[\"ipfix\",\"netflow\"],\"type\":\"phrases\",\"value\":\"ipfix, netflow\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"event.dataset\":\"ipfix\"}},{\"match_phrase\":{\"event.dataset\":\"netflow\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":\"RADIUS AUTH Responses\",\"disabled\":false,\"key\":\"query\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"bool\\\":{\\\"minimum_should_match\\\":1,\\\"should\\\":[{\\\"match_phrase\\\":{\\\"source.port\\\":\\\"1812\\\"}},{\\\"match_phrase\\\":{\\\"source.port\\\":\\\"1645\\\"}}]}}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"bool\":{\"minimum_should_match\":1,\"should\":[{\"match_phrase\":{\"source.port\":\"1812\"}},{\"match_phrase\":{\"source.port\":\"1645\"}}]}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":null,\"disabled\":false,\"key\":\"network.transport\",\"negate\":false,\"params\":{\"query\":\"udp\"},\"type\":\"phrase\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"match_phrase\":{\"network.transport\":\"udp\"}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): RADIUS AUTH Responses by Client - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: RADIUS AUTH Responses by Client - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"params\":{\"field\":\"network.packets\",\"customLabel\":\"AUTH Responses\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"destination.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":99,\"otherBucket\":true,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"c2ca85a4-1475-4ec1-8a70-f165ab9da4c6","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index","type":"index-pattern"}],"sort":[1675811601479,15173],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY5NDUsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"bool\":{\"must\":[{\"terms\":{\"network.transport\":[\"icmp\",\"ipv6-icmp\"]}},{\"term\":{\"icmp.type.name\":\"Echo\"}},{\"term\":{\"destination.as.organization.name\":\"PRIVATE\"}}],\"must_not\":[{\"term\":{\"source.as.organization.name\":\"PRIVATE\"}}]},\"meta\":{\"alias\":\"ICMP Echo Inbound\",\"disabled\":false,\"key\":\"bool\",\"negate\":false,\"type\":\"custom\",\"value\":\"{\\\"must\\\":[{\\\"terms\\\":{\\\"network.transport\\\":[\\\"icmp\\\",\\\"ipv6-icmp\\\"]}},{\\\"term\\\":{\\\"icmp.type.name\\\":\\\"Echo\\\"}},{\\\"term\\\":{\\\"destination.as.organization.name\\\":\\\"PRIVATE\\\"}}],\\\"must_not\\\":[{\\\"term\\\":{\\\"source.as.organization.name\\\":\\\"PRIVATE\\\"}}]}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): ICMP Echo (Inbound) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":3,\"direction\":\"desc\"}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: ICMP Echo (Inbound) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"destination.ip\",\"customLabel\":\"Pinged IPs\"},\"schema\":\"metric\"},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"source.domain\",\"orderBy\":\"1\",\"order\":\"desc\",\"size\":100,\"otherBucket\":false,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"396670b5-5c2a-4a39-9e20-2731a90191b4","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1675811601479,15176],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY5NDYsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"},"title":"ElastiFlow (flow): RADIUS AUTH Requests (packets) - TSVB (metric)","uiStateJSON":"{}","version":1,"visState":"{\"title\":\"ElastiFlow: RADIUS AUTH Requests (packets) - TSVB (metric)\",\"type\":\"metrics\",\"aggs\":[],\"params\":{\"id\":\"243e6f91-2230-4e05-bcdd-3fb4a0941bab\",\"type\":\"metric\",\"series\":[{\"id\":\"51ea642f-d1a5-4d80-963e-5990c33fc8e0\",\"color\":\"rgba(64,196,255,1)\",\"split_mode\":\"everything\",\"split_color_mode\":\"kibana\",\"metrics\":[{\"id\":\"48e7261b-0ea6-4e09-9358-1d7bf52ee316\",\"type\":\"sum\",\"field\":\"network.packets\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"3\",\"point_size\":\"0\",\"fill\":\"0\",\"stacked\":\"none\",\"label\":\"AUTH requests\",\"type\":\"timeseries\",\"filter\":{\"query\":\"\",\"language\":\"kuery\"}}],\"time_field\":\"@timestamp\",\"index_pattern\":\"elastiflow-flow-ecs-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"tooltip_mode\":\"show_all\",\"isModelInvalid\":false,\"drop_last_bucket\":1,\"background_color_rules\":[{\"id\":\"5ede7772-5bb9-4e6c-886a-346f69dc073b\"}],\"filter\":{\"query\":\"network.transport: \\\"udp\\\" AND (destination.port: 1812 OR destination.port: 1645) AND (event.dataset: \\\"ipfix\\\" OR event.dataset: \\\"netflow\\\")\",\"language\":\"kuery\"},\"time_range_mode\":\"entire_time_range\",\"use_kibana_indexes\":false,\"hide_last_value_indicator\":true}}"},"coreMigrationVersion":"8.2.0","id":"310521f5-3fe7-4ed2-8e8d-eeedcb10ee0b","migrationVersion":{"visualization":"8.1.0"},"references":[],"sort":[1675811601479,15177],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY5NDcsMl0="}
{"attributes":{"description":"","kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[{\"meta\":{\"negate\":false,\"disabled\":false,\"alias\":\"Public Threats\",\"type\":\"exists\",\"key\":\"flow.client.sec.threat.name\",\"value\":\"exists\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"exists\":{\"field\":\"flow.client.sec.threat.name\"},\"$state\":{\"store\":\"appState\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"},"title":"ElastiFlow (flow): Public Threats (flows) - table","uiStateJSON":"{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}","version":1,"visState":"{\"title\":\"ElastiFlow: Public Threats (flows) - table\",\"type\":\"table\",\"aggs\":[{\"id\":\"3\",\"enabled\":true,\"type\":\"cardinality\",\"params\":{\"field\":\"flow.conversation.id\",\"customLabel\":\"Conversations\"},\"schema\":\"metric\"},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"client.domain\",\"orderBy\":\"3\",\"order\":\"desc\",\"size\":99,\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Public Threats\"},\"schema\":\"bucket\"},{\"id\":\"6\",\"enabled\":true,\"type\":\"terms\",\"params\":{\"field\":\"client.ip\",\"orderBy\":\"3\",\"order\":\"desc\",\"size\":10,\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Address\"},\"schema\":\"bucket\"}],\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\",\"percentageCol\":\"\",\"showToolbar\":true}}"},"coreMigrationVersion":"8.2.0","id":"63f4d89f-aeb8-4fa5-b7e7-22e9f8570c8f","migrationVersion":{"visualization":"8.1.0"},"references":[{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.index","type":"index-pattern"},{"id":"elastiflow-flow-ecs-*","name":"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index","type":"index-pattern"}],"sort":[1675811601479,15180],"type":"visualization","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY5NDgsMl0="}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":false}","panelsJSON":"[{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":28,\"h\":4,\"i\":\"87e72168-6981-442c-a8af-25c39e5db52f\"},\"panelIndex\":\"87e72168-6981-442c-a8af-25c39e5db52f\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_87e72168-6981-442c-a8af-25c39e5db52f\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":28,\"y\":0,\"w\":15,\"h\":4,\"i\":\"f7cd07f4-61c1-49bb-aeb0-306fd34949c1\"},\"panelIndex\":\"f7cd07f4-61c1-49bb-aeb0-306fd34949c1\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_f7cd07f4-61c1-49bb-aeb0-306fd34949c1\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":43,\"y\":0,\"w\":5,\"h\":4,\"i\":\"700597a0-0303-4f5b-bd79-e4aab7265315\"},\"panelIndex\":\"700597a0-0303-4f5b-bd79-e4aab7265315\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_700597a0-0303-4f5b-bd79-e4aab7265315\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":4,\"w\":9,\"h\":14,\"i\":\"6cccf2a0-3795-443f-a302-31383f6e818d\"},\"panelIndex\":\"6cccf2a0-3795-443f-a302-31383f6e818d\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_6cccf2a0-3795-443f-a302-31383f6e818d\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":9,\"y\":4,\"w\":9,\"h\":6,\"i\":\"2a94366a-6cdd-4294-82c4-0109f60c8769\"},\"panelIndex\":\"2a94366a-6cdd-4294-82c4-0109f60c8769\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_2a94366a-6cdd-4294-82c4-0109f60c8769\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":18,\"y\":4,\"w\":30,\"h\":14,\"i\":\"62487b1a-d502-4a88-8e2b-544dec5266fa\"},\"panelIndex\":\"62487b1a-d502-4a88-8e2b-544dec5266fa\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_62487b1a-d502-4a88-8e2b-544dec5266fa\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":9,\"y\":10,\"w\":9,\"h\":6,\"i\":\"28a8df4a-b8ed-4b76-b3d1-91bddf6a6ac9\"},\"panelIndex\":\"28a8df4a-b8ed-4b76-b3d1-91bddf6a6ac9\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_28a8df4a-b8ed-4b76-b3d1-91bddf6a6ac9\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":9,\"y\":16,\"w\":9,\"h\":2,\"i\":\"ea23b405-6918-4df6-8ca9-c5d646cf6770\"},\"panelIndex\":\"ea23b405-6918-4df6-8ca9-c5d646cf6770\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_ea23b405-6918-4df6-8ca9-c5d646cf6770\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":18,\"w\":10,\"h\":23,\"i\":\"cf98e76d-3e76-4107-87e6-5867330461a8\"},\"panelIndex\":\"cf98e76d-3e76-4107-87e6-5867330461a8\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_cf98e76d-3e76-4107-87e6-5867330461a8\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":10,\"y\":18,\"w\":14,\"h\":23,\"i\":\"1049ac1d-bd76-4185-8589-b401d2c5a73d\"},\"panelIndex\":\"1049ac1d-bd76-4185-8589-b401d2c5a73d\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_1049ac1d-bd76-4185-8589-b401d2c5a73d\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":24,\"y\":18,\"w\":12,\"h\":23,\"i\":\"1054fcb0-c8c9-44cd-9a8a-ec49b5114674\"},\"panelIndex\":\"1054fcb0-c8c9-44cd-9a8a-ec49b5114674\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_1054fcb0-c8c9-44cd-9a8a-ec49b5114674\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":36,\"y\":18,\"w\":12,\"h\":23,\"i\":\"f86f0efb-83e4-4e9d-a08b-16d124e30150\"},\"panelIndex\":\"f86f0efb-83e4-4e9d-a08b-16d124e30150\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_f86f0efb-83e4-4e9d-a08b-16d124e30150\"}]","timeRestore":false,"title":"ElastiFlow (flow): Threats (IP Reputation)","version":1},"coreMigrationVersion":"8.2.0","id":"b9f81d8f-5f4a-4396-9372-de586cd9e67c","migrationVersion":{"dashboard":"8.2.0"},"references":[{"id":"a2268641-0cea-4dad-9ba4-0a4becaf2349","name":"87e72168-6981-442c-a8af-25c39e5db52f:panel_87e72168-6981-442c-a8af-25c39e5db52f","type":"visualization"},{"id":"8aa21fbf-7386-4302-a8ee-148c076dfc38","name":"f7cd07f4-61c1-49bb-aeb0-306fd34949c1:panel_f7cd07f4-61c1-49bb-aeb0-306fd34949c1","type":"visualization"},{"id":"b3a59822-c752-45ed-b321-fe35aa1edda7","name":"700597a0-0303-4f5b-bd79-e4aab7265315:panel_700597a0-0303-4f5b-bd79-e4aab7265315","type":"visualization"},{"id":"a7a26ee4-5054-442b-a596-4ed39c660f61","name":"6cccf2a0-3795-443f-a302-31383f6e818d:panel_6cccf2a0-3795-443f-a302-31383f6e818d","type":"visualization"},{"id":"8e357780-159d-46d8-9a74-ce18696dee9e","name":"2a94366a-6cdd-4294-82c4-0109f60c8769:panel_2a94366a-6cdd-4294-82c4-0109f60c8769","type":"visualization"},{"id":"ceb966bc-6635-4c46-be65-917f3b9da169","name":"62487b1a-d502-4a88-8e2b-544dec5266fa:panel_62487b1a-d502-4a88-8e2b-544dec5266fa","type":"visualization"},{"id":"779598e9-1369-4008-85e0-9da964526acd","name":"28a8df4a-b8ed-4b76-b3d1-91bddf6a6ac9:panel_28a8df4a-b8ed-4b76-b3d1-91bddf6a6ac9","type":"visualization"},{"id":"2a974000-47a6-404e-ac3c-37667c202cbd","name":"ea23b405-6918-4df6-8ca9-c5d646cf6770:panel_ea23b405-6918-4df6-8ca9-c5d646cf6770","type":"visualization"},{"id":"2ce97e1c-91b7-494b-b972-0c5146cf3e60","name":"cf98e76d-3e76-4107-87e6-5867330461a8:panel_cf98e76d-3e76-4107-87e6-5867330461a8","type":"visualization"},{"id":"63f4d89f-aeb8-4fa5-b7e7-22e9f8570c8f","name":"1049ac1d-bd76-4185-8589-b401d2c5a73d:panel_1049ac1d-bd76-4185-8589-b401d2c5a73d","type":"visualization"},{"id":"7f902e0e-e253-47c4-b3c7-546cf270f05b","name":"1054fcb0-c8c9-44cd-9a8a-ec49b5114674:panel_1054fcb0-c8c9-44cd-9a8a-ec49b5114674","type":"visualization"},{"id":"34eef0a2-4ddb-46b0-af29-ed0d52897670","name":"f86f0efb-83e4-4e9d-a08b-16d124e30150:panel_f86f0efb-83e4-4e9d-a08b-16d124e30150","type":"visualization"}],"sort":[1675811601479,15193],"type":"dashboard","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY5NDksMl0="}
{"attributes":{"description":"","hits":0,"kibanaSavedObjectMeta":{"searchSourceJSON":"{\"query\":{\"language\":\"kuery\",\"query\":\"\"},\"filter\":[]}"},"optionsJSON":"{\"hidePanelTitles\":false,\"useMargins\":false}","panelsJSON":"[{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":0,\"w\":28,\"h\":4,\"i\":\"adbc3d93-667c-4e3a-b541-2aa499025164\"},\"panelIndex\":\"adbc3d93-667c-4e3a-b541-2aa499025164\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_adbc3d93-667c-4e3a-b541-2aa499025164\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":28,\"y\":0,\"w\":15,\"h\":4,\"i\":\"4c575538-0c3e-4409-81be-306a117dbd37\"},\"panelIndex\":\"4c575538-0c3e-4409-81be-306a117dbd37\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_4c575538-0c3e-4409-81be-306a117dbd37\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":43,\"y\":0,\"w\":5,\"h\":4,\"i\":\"28249447-0b83-47e6-bbdf-0d12e957777d\"},\"panelIndex\":\"28249447-0b83-47e6-bbdf-0d12e957777d\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_28249447-0b83-47e6-bbdf-0d12e957777d\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":4,\"w\":9,\"h\":5,\"i\":\"7c13b48f-5213-4d51-be33-c6bf29fd0d2d\"},\"panelIndex\":\"7c13b48f-5213-4d51-be33-c6bf29fd0d2d\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_7c13b48f-5213-4d51-be33-c6bf29fd0d2d\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":9,\"y\":4,\"w\":9,\"h\":5,\"i\":\"21ee503e-1884-416e-a5e8-64aa9d2f19af\"},\"panelIndex\":\"21ee503e-1884-416e-a5e8-64aa9d2f19af\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_21ee503e-1884-416e-a5e8-64aa9d2f19af\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":18,\"y\":4,\"w\":30,\"h\":14,\"i\":\"370bae3d-a64b-4f25-a5d7-8d87a6cac2be\"},\"panelIndex\":\"370bae3d-a64b-4f25-a5d7-8d87a6cac2be\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_370bae3d-a64b-4f25-a5d7-8d87a6cac2be\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":9,\"w\":9,\"h\":9,\"i\":\"03cd86bb-7159-4324-91d0-3f3265332466\"},\"panelIndex\":\"03cd86bb-7159-4324-91d0-3f3265332466\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_03cd86bb-7159-4324-91d0-3f3265332466\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":9,\"y\":9,\"w\":9,\"h\":9,\"i\":\"53604bb3-265b-42d4-9e9c-6d3bdd4e5f5f\"},\"panelIndex\":\"53604bb3-265b-42d4-9e9c-6d3bdd4e5f5f\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_53604bb3-265b-42d4-9e9c-6d3bdd4e5f5f\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":0,\"y\":18,\"w\":9,\"h\":23,\"i\":\"7d16cc83-e3a8-4011-9182-e652da9424d5\"},\"panelIndex\":\"7d16cc83-e3a8-4011-9182-e652da9424d5\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_7d16cc83-e3a8-4011-9182-e652da9424d5\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":9,\"y\":18,\"w\":9,\"h\":23,\"i\":\"722d2968-4c83-47f5-a853-f18950a2d368\"},\"panelIndex\":\"722d2968-4c83-47f5-a853-f18950a2d368\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_722d2968-4c83-47f5-a853-f18950a2d368\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":18,\"y\":18,\"w\":10,\"h\":23,\"i\":\"f8d660ca-f63d-4942-baa2-9a6b30d27d62\"},\"panelIndex\":\"f8d660ca-f63d-4942-baa2-9a6b30d27d62\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_f8d660ca-f63d-4942-baa2-9a6b30d27d62\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":28,\"y\":18,\"w\":10,\"h\":23,\"i\":\"b62963c5-7278-4b9a-9f8a-89d33da0d58b\"},\"panelIndex\":\"b62963c5-7278-4b9a-9f8a-89d33da0d58b\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_b62963c5-7278-4b9a-9f8a-89d33da0d58b\"},{\"version\":\"7.10.0\",\"type\":\"visualization\",\"gridData\":{\"x\":38,\"y\":18,\"w\":10,\"h\":23,\"i\":\"ac6f29ce-2b63-44c6-9b8a-503aa2ede900\"},\"panelIndex\":\"ac6f29ce-2b63-44c6-9b8a-503aa2ede900\",\"embeddableConfig\":{\"hidePanelTitles\":true,\"enhancements\":{}},\"panelRefName\":\"panel_ac6f29ce-2b63-44c6-9b8a-503aa2ede900\"}]","timeRestore":false,"title":"ElastiFlow (flow): Core Services (RADIUS)","version":1},"coreMigrationVersion":"8.2.0","id":"e143d802-f5ae-433c-8dce-07dd5726d7e9","migrationVersion":{"dashboard":"8.2.0"},"references":[{"id":"f86c51c3-069d-4973-8789-e15fbe01fa77","name":"adbc3d93-667c-4e3a-b541-2aa499025164:panel_adbc3d93-667c-4e3a-b541-2aa499025164","type":"visualization"},{"id":"4a0718d4-6e5b-4494-9474-badab447f791","name":"4c575538-0c3e-4409-81be-306a117dbd37:panel_4c575538-0c3e-4409-81be-306a117dbd37","type":"visualization"},{"id":"b3a59822-c752-45ed-b321-fe35aa1edda7","name":"28249447-0b83-47e6-bbdf-0d12e957777d:panel_28249447-0b83-47e6-bbdf-0d12e957777d","type":"visualization"},{"id":"310521f5-3fe7-4ed2-8e8d-eeedcb10ee0b","name":"7c13b48f-5213-4d51-be33-c6bf29fd0d2d:panel_7c13b48f-5213-4d51-be33-c6bf29fd0d2d","type":"visualization"},{"id":"0a228acd-9f76-4830-9a4c-a4a7e5ca1dd3","name":"21ee503e-1884-416e-a5e8-64aa9d2f19af:panel_21ee503e-1884-416e-a5e8-64aa9d2f19af","type":"visualization"},{"id":"3cb689f9-5f60-44e8-b6b7-46cc6affc8bd","name":"370bae3d-a64b-4f25-a5d7-8d87a6cac2be:panel_370bae3d-a64b-4f25-a5d7-8d87a6cac2be","type":"visualization"},{"id":"cabc31cb-369d-4752-817b-f2ee2125206c","name":"03cd86bb-7159-4324-91d0-3f3265332466:panel_03cd86bb-7159-4324-91d0-3f3265332466","type":"visualization"},{"id":"df36bdc2-b5ae-46ca-a42d-564ef35b749d","name":"53604bb3-265b-42d4-9e9c-6d3bdd4e5f5f:panel_53604bb3-265b-42d4-9e9c-6d3bdd4e5f5f","type":"visualization"},{"id":"126729e2-7a73-4671-905c-37b4ec2a4edd","name":"7d16cc83-e3a8-4011-9182-e652da9424d5:panel_7d16cc83-e3a8-4011-9182-e652da9424d5","type":"visualization"},{"id":"15435c26-c2ce-455a-a735-9ed6b01d62d0","name":"722d2968-4c83-47f5-a853-f18950a2d368:panel_722d2968-4c83-47f5-a853-f18950a2d368","type":"visualization"},{"id":"9ecc87aa-682d-43e7-983e-1c9087563eda","name":"f8d660ca-f63d-4942-baa2-9a6b30d27d62:panel_f8d660ca-f63d-4942-baa2-9a6b30d27d62","type":"visualization"},{"id":"c2ca85a4-1475-4ec1-8a70-f165ab9da4c6","name":"b62963c5-7278-4b9a-9f8a-89d33da0d58b:panel_b62963c5-7278-4b9a-9f8a-89d33da0d58b","type":"visualization"},{"id":"5c601c17-60bb-45a3-be49-081bb3840782","name":"ac6f29ce-2b63-44c6-9b8a-503aa2ede900:panel_ac6f29ce-2b63-44c6-9b8a-503aa2ede900","type":"visualization"}],"sort":[1675811601479,15207],"type":"dashboard","updated_at":"2023-02-07T23:13:21.479Z","version":"WzY5NTAsMl0="}
{"excludedObjects":[],"excludedObjectsCount":0,"exportedCount":400,"missingRefCount":0,"missingReferences":[]}