{ "v": "1", "id": "96b2801e-4d64-4aa9-a010-281c093b8560", "rev": 2, "name": "Graylog_Content_Pack_Active_Directory_Auditing_Dashboards_Beats", "summary": "Active Directory Auditing Dashboards For WinLogBeats", "description": "Updated version of my 2.0/NXLOG AD Audit Dashboards, but adjusted for use with WinLogBeats & 3.0 as it is the preferred log shipper with sidecar-collector.\n\nThere are no extractors or inputs necessary as they are generic searches. ", "vendor": "Jared Orzechowski ", "url": "http://www.ohjeah.net", "parameters": [], "entities": [ { "v": "1", "type": { "name": "dashboard", "version": "2" }, "id": "a4a7def4-6602-4a8f-b5bd-575d462f04e8", "data": { "summary": { "@type": "string", "@value": "This dashboard was migrated automatically." }, "search": { "queries": [ { "id": "00000170-0a70-9e45-b5da-00155dc58698", "timerange": { "type": "relative", "range": 300 }, "query": { "type": "elasticsearch", "query_string": "" }, "search_types": [ { "query": { "type": "elasticsearch", "query_string": "winlogbeat_winlog_event_id:4742" }, "name": "chart", "timerange": { "type": "relative", "range": 604800 }, "streams": [], "series": [ { "type": "count", "id": "count()", "field": null } ], "filter": null, "rollup": true, "row_groups": [], "type": "pivot", "id": "00000170-0a70-9e3e-b5da-00155dc58698", "column_groups": [], "sort": [] }, { "query": { "type": "elasticsearch", "query_string": "winlogbeat_winlog_event_id:4743" }, "name": "chart", "timerange": { "type": "relative", "range": 604800 }, "streams": [], "series": [ { "type": "count", "id": "count()", "field": null } ], "filter": null, "rollup": true, "row_groups": [ { "type": "values", "field": "collector_node_id", "limit": 50 } ], "type": "pivot", "id": "00000170-0a70-9e40-b5da-00155dc58698", "column_groups": [], "sort": [ { "type": "series", "field": "collector_node_id", "direction": "Descending" } ] }, { "query": { "type": "elasticsearch", "query_string": "winlogbeat_winlog_event_id:4741" }, "name": "trend", "timerange": { "type": "offset", "source": "search_type", "id": "00000170-0a70-9e34-b5da-00155dc58698", "offset": "1i" }, "streams": [], "series": [ { "type": "count", "id": "count()", "field": null } ], "filter": null, "rollup": true, "row_groups": [], "type": "pivot", "id": "00000170-0a70-9e35-b5da-00155dc58698", "column_groups": [], "sort": [] }, { "query": { "type": "elasticsearch", "query_string": "winlogbeat_winlog_event_id:4742" }, "name": "chart", "timerange": { "type": "relative", "range": 604800 }, "streams": [], "series": [ { "type": "count", "id": "count()", "field": null } ], "filter": null, "rollup": true, "row_groups": [ { "type": "time", "field": "timestamp", "interval": { "type": "auto", "scaling": 1 } } ], "type": "pivot", "id": "00000170-0a70-9e3d-b5da-00155dc58698", "column_groups": [], "sort": [] }, { "query": { "type": "elasticsearch", "query_string": "winlogbeat_winlog_event_id:4743" }, "name": "chart", "timerange": { "type": "relative", "range": 604800 }, "streams": [], "series": [ { "type": "count", "id": "count()", "field": null } ], "filter": null, "rollup": true, "row_groups": [], "type": "pivot", "id": "00000170-0a70-9e42-b5da-00155dc58698", "column_groups": [], "sort": [] }, { "query": { "type": "elasticsearch", "query_string": "winlogbeat_winlog_event_id:4742" }, "name": "trend", "timerange": { "type": "offset", "source": "search_type", "id": "00000170-0a70-9e3e-b5da-00155dc58698", "offset": "1i" }, "streams": [], "series": [ { "type": "count", "id": "count()", "field": null } ], "filter": null, "rollup": true, "row_groups": [], "type": "pivot", "id": "00000170-0a70-9e3f-b5da-00155dc58698", "column_groups": [], "sort": [] }, { "query": { "type": "elasticsearch", "query_string": "winlogbeat_winlog_event_id:4741" }, "name": "chart", "timerange": { "type": "relative", "range": 604800 }, "streams": [], "series": [ { "type": "count", "id": "count()", "field": null } ], "filter": null, "rollup": true, "row_groups": [ { "type": "values", "field": "winlogbeat_winlog_event_data_SamAccountName", "limit": 50 } ], "type": "pivot", "id": "00000170-0a70-9e3c-b5da-00155dc58698", "column_groups": [], "sort": [ { "type": "series", "field": "winlogbeat_winlog_event_data_SamAccountName", "direction": "Descending" } ] }, { "query": { "type": "elasticsearch", "query_string": "winlogbeat_winlog_event_id:4743" }, "name": "chart", "timerange": { "type": "relative", "range": 604800 }, "streams": [], "series": [ { "type": "count", "id": "count()", "field": null } ], "filter": null, "rollup": true, "row_groups": [ { "type": "values", "field": "winlogbeat_winlog_event_data_SubjectUserName", "limit": 50 } ], "type": "pivot", "id": "00000170-0a70-9e41-b5da-00155dc58698", "column_groups": [], "sort": [ { "type": "series", "field": "winlogbeat_winlog_event_data_SubjectUserName", "direction": "Descending" } ] }, { "query": { "type": "elasticsearch", "query_string": "winlogbeat_winlog_event_id:4741" }, "name": "chart", "timerange": { "type": "relative", "range": 604800 }, "streams": [], "series": [ { "type": "count", "id": "count()", "field": null } ], "filter": null, "rollup": true, "row_groups": [ { "type": "values", "field": "winlogbeat_winlog_event_data_SubjectUserName", "limit": 50 } ], "type": "pivot", "id": "00000170-0a70-9e37-b5da-00155dc58698", "column_groups": [], "sort": [ { "type": "series", "field": "winlogbeat_winlog_event_data_SubjectUserName", "direction": "Descending" } ] }, { "query": { "type": "elasticsearch", "query_string": "winlogbeat_winlog_event_id:4742" }, "name": "chart", "timerange": { "type": "relative", "range": 604800 }, "streams": [], "series": [ { "type": "count", "id": "count()", "field": null } ], "filter": null, "rollup": true, "row_groups": [ { "type": "values", "field": "winlogbeat_winlog_event_data_SubjectUserName", "limit": 50 } ], "type": "pivot", "id": "00000170-0a70-9e33-b5da-00155dc58698", "column_groups": [], "sort": [ { "type": "series", "field": "winlogbeat_winlog_event_data_SubjectUserName", "direction": "Descending" } ] }, { "query": { "type": "elasticsearch", "query_string": "winlogbeat_winlog_event_id:4742" }, "name": "chart", "timerange": { "type": "relative", "range": 604800 }, "streams": [], "series": [ { "type": "count", "id": "count()", "field": null } ], "filter": null, "rollup": true, "row_groups": [ { "type": "values", "field": "winlogbeat_winlog_event_data_TargetUserName", "limit": 50 } ], "type": "pivot", "id": "00000170-0a70-9e3a-b5da-00155dc58698", "column_groups": [], "sort": [ { "type": "series", "field": "winlogbeat_winlog_event_data_TargetUserName", "direction": "Descending" } ] }, { "query": { "type": "elasticsearch", "query_string": "winlogbeat_winlog_event_id:4741" }, "name": "chart", "timerange": { "type": "relative", "range": 604800 }, "streams": [], "series": [ { "type": "count", "id": "count()", "field": null } ], "filter": null, "rollup": true, "row_groups": [ { "type": "values", "field": "collector_node_id", "limit": 50 } ], "type": "pivot", "id": "00000170-0a70-9e38-b5da-00155dc58698", "column_groups": [], "sort": [ { "type": "series", "field": "collector_node_id", "direction": "Descending" } ] }, { "query": { "type": "elasticsearch", "query_string": "winlogbeat_winlog_event_id:4743" }, "name": "chart", "timerange": { "type": "relative", "range": 604800 }, "streams": [], "series": [ { "type": "count", "id": "count()", "field": null } ], "filter": null, "rollup": true, "row_groups": [ { "type": "values", "field": "winlogbeat_winlog_event_data_TargetUserName", "limit": 50 } ], "type": "pivot", "id": "00000170-0a70-9e36-b5da-00155dc58698", "column_groups": [], "sort": [ { "type": "series", "field": "winlogbeat_winlog_event_data_TargetUserName", "direction": "Descending" } ] }, { "query": { "type": "elasticsearch", "query_string": "winlogbeat_winlog_event_id:4743" }, "name": "trend", "timerange": { "type": "offset", "source": "search_type", "id": "00000170-0a70-9e42-b5da-00155dc58698", "offset": "1i" }, "streams": [], "series": [ { "type": "count", "id": "count()", "field": null } ], "filter": null, "rollup": true, "row_groups": [], "type": "pivot", "id": "00000170-0a70-9e43-b5da-00155dc58698", "column_groups": [], "sort": [] }, { "query": { "type": "elasticsearch", "query_string": "winlogbeat_winlog_event_id:4743" }, "name": "chart", "timerange": { "type": "relative", "range": 604800 }, "streams": [], "series": [ { "type": "count", "id": "count()", "field": null } ], "filter": null, "rollup": true, "row_groups": [ { "type": "time", "field": "timestamp", "interval": { "type": "auto", "scaling": 1 } } ], "type": "pivot", "id": "00000170-0a70-9e39-b5da-00155dc58698", "column_groups": [], "sort": [] }, { "query": { "type": "elasticsearch", "query_string": "winlogbeat_winlog_event_id:4742" }, "name": "chart", "timerange": { "type": "relative", "range": 604800 }, "streams": [], "series": [ { "type": "count", "id": "count()", "field": null } ], "filter": null, "rollup": true, "row_groups": [ { "type": "values", "field": "collector_node_id", "limit": 50 } ], "type": "pivot", "id": "00000170-0a70-9e3b-b5da-00155dc58698", "column_groups": [], "sort": [ { "type": "series", "field": "collector_node_id", "direction": "Descending" } ] }, { "query": { "type": "elasticsearch", "query_string": "winlogbeat_winlog_event_id:4741" }, "name": "chart", "timerange": { "type": "relative", "range": 604800 }, "streams": [], "series": [ { "type": "count", "id": "count()", "field": null } ], "filter": null, "rollup": true, "row_groups": [], "type": "pivot", "id": "00000170-0a70-9e34-b5da-00155dc58698", "column_groups": [], "sort": [] }, { "query": { "type": "elasticsearch", "query_string": "winlogbeat_winlog_event_id:4741" }, "name": "chart", "timerange": { "type": "relative", "range": 604800 }, "streams": [], "series": [ { "type": "count", "id": "count()", "field": null } ], "filter": null, "rollup": true, "row_groups": [ { "type": "time", "field": "timestamp", "interval": { "type": "auto", "scaling": 1 } } ], "type": "pivot", "id": "00000170-0a70-9e44-b5da-00155dc58698", "column_groups": [], "sort": [] } ] } ], "parameters": [], "requires": {}, "owner": "cy0712", "created_at": "2019-08-01T14:02:55.020Z" }, "created_at": "2019-08-01T14:02:55.020Z", "requires": {}, "state": { "00000170-0a70-9e45-b5da-00155dc58698": { "selected_fields": null, "static_message_list_id": null, "titles": { "widget": { "00000170-0a70-9e2d-b5da-00155dc58698": "Computer Objects Modified", "00000170-0a70-9e2e-b5da-00155dc58698": "Computer Objects Modified", "00000170-0a70-9e2f-b5da-00155dc58698": "Computer Objects Created By Source", "00000170-0a70-9e30-b5da-00155dc58698": "Computer Objects Deleted By User", "00000170-0a70-9e31-b5da-00155dc58698": "Computer Objects Deleted", "00000170-0a70-9e32-b5da-00155dc58698": "Computer Objects Created", "00000170-0a70-9e24-b5da-00155dc58698": "Computer Objects Modified By Account", "00000170-0a70-9e25-b5da-00155dc58698": "Computer Objects Created", "00000170-0a70-9e26-b5da-00155dc58698": "Computer Objects Deleted", "00000170-0a70-9e27-b5da-00155dc58698": "Computer Objects Created By User", "00000170-0a70-9e28-b5da-00155dc58698": "Computers Created By Source", "00000170-0a70-9e29-b5da-00155dc58698": "Computer Objects Deleted", "00000170-0a70-9e2a-b5da-00155dc58698": "Computer Objects Modified", "00000170-0a70-9e2b-b5da-00155dc58698": "Computer Objects Modified By Source", "00000170-0a70-9e2c-b5da-00155dc58698": "Computers Created" }, "tab": { "title": "AD Computer Object Summary (7d)" } }, "widgets": [ { "id": "00000170-0a70-9e26-b5da-00155dc58698", "type": "aggregation", "filter": null, "timerange": { "type": "relative", "range": 604800 }, "query": { "type": "elasticsearch", "query_string": "winlogbeat_winlog_event_id:4743" }, "streams": [], "config": { "visualization": "table", "event_annotation": false, "row_pivots": [ { "field": "winlogbeat_winlog_event_data_TargetUserName", "type": "values", "config": { "limit": 50 } } ], "series": [ { "config": { "name": null }, "function": "count()" } ], "rollup": true, "column_pivots": [], "visualization_config": null, "formatting_settings": null, "sort": [ { "type": "series", "field": "winlogbeat_winlog_event_data_TargetUserName", "direction": "Descending" } ] } }, { "id": "00000170-0a70-9e27-b5da-00155dc58698", "type": "aggregation", "filter": null, "timerange": { "type": "relative", "range": 604800 }, "query": { "type": "elasticsearch", "query_string": "winlogbeat_winlog_event_id:4741" }, "streams": [], "config": { "visualization": "table", "event_annotation": false, "row_pivots": [ { "field": "winlogbeat_winlog_event_data_SubjectUserName", "type": "values", "config": { "limit": 50 } } ], "series": [ { "config": { "name": null }, "function": "count()" } ], "rollup": true, "column_pivots": [], "visualization_config": null, "formatting_settings": null, "sort": [ { "type": "series", "field": "winlogbeat_winlog_event_data_SubjectUserName", "direction": "Descending" } ] } }, { "id": "00000170-0a70-9e32-b5da-00155dc58698", "type": "aggregation", "filter": null, "timerange": { "type": "relative", "range": 604800 }, "query": { "type": "elasticsearch", "query_string": "winlogbeat_winlog_event_id:4741" }, "streams": [], "config": { "visualization": "bar", "event_annotation": false, "row_pivots": [ { "field": "timestamp", "type": "time", "config": { "interval": { "type": "auto", "scaling": 4 } } } ], "series": [ { "config": { "name": "Messages" }, "function": "count()" } ], "rollup": true, "column_pivots": [], "visualization_config": null, "formatting_settings": null, "sort": [] } }, { "id": "00000170-0a70-9e2a-b5da-00155dc58698", "type": "aggregation", "filter": null, "timerange": { "type": "relative", "range": 604800 }, "query": { "type": "elasticsearch", "query_string": "winlogbeat_winlog_event_id:4742" }, "streams": [], "config": { "visualization": "table", "event_annotation": false, "row_pivots": [ { "field": "winlogbeat_winlog_event_data_TargetUserName", "type": "values", "config": { "limit": 50 } } ], "series": [ { "config": { "name": null }, "function": "count()" } ], "rollup": true, "column_pivots": [], "visualization_config": null, "formatting_settings": null, "sort": [ { "type": "series", "field": "winlogbeat_winlog_event_data_TargetUserName", "direction": "Descending" } ] } }, { "id": "00000170-0a70-9e24-b5da-00155dc58698", "type": "aggregation", "filter": null, "timerange": { "type": "relative", "range": 604800 }, "query": { "type": "elasticsearch", "query_string": "winlogbeat_winlog_event_id:4742" }, "streams": [], "config": { "visualization": "table", "event_annotation": false, "row_pivots": [ { "field": "winlogbeat_winlog_event_data_SubjectUserName", "type": "values", "config": { "limit": 50 } } ], "series": [ { "config": { "name": null }, "function": "count()" } ], "rollup": true, "column_pivots": [], "visualization_config": null, "formatting_settings": null, "sort": [ { "type": "series", "field": "winlogbeat_winlog_event_data_SubjectUserName", "direction": "Descending" } ] } }, { "id": "00000170-0a70-9e28-b5da-00155dc58698", "type": "aggregation", "filter": null, "timerange": { "type": "relative", "range": 604800 }, "query": { "type": "elasticsearch", "query_string": "winlogbeat_winlog_event_id:4741" }, "streams": [], "config": { "visualization": "table", "event_annotation": false, "row_pivots": [ { "field": "collector_node_id", "type": "values", "config": { "limit": 50 } } ], "series": [ { "config": { "name": null }, "function": "count()" } ], "rollup": true, "column_pivots": [], "visualization_config": null, "formatting_settings": null, "sort": [ { "type": "series", "field": "collector_node_id", "direction": "Descending" } ] } }, { "id": "00000170-0a70-9e25-b5da-00155dc58698", "type": "aggregation", "filter": null, "timerange": { "type": "relative", "range": 604800 }, "query": { "type": "elasticsearch", "query_string": "winlogbeat_winlog_event_id:4741" }, "streams": [], "config": { "visualization": "numeric", "event_annotation": false, "row_pivots": [], "series": [ { "config": { "name": null }, "function": "count()" } ], "rollup": true, "column_pivots": [], "visualization_config": { "trend": true, "trend_preference": "HIGHER" }, "formatting_settings": null, "sort": [] } }, { "id": "00000170-0a70-9e30-b5da-00155dc58698", "type": "aggregation", "filter": null, "timerange": { "type": "relative", "range": 604800 }, "query": { "type": "elasticsearch", "query_string": "winlogbeat_winlog_event_id:4743" }, "streams": [], "config": { "visualization": "table", "event_annotation": false, "row_pivots": [ { "field": "winlogbeat_winlog_event_data_SubjectUserName", "type": "values", "config": { "limit": 50 } } ], "series": [ { "config": { "name": null }, "function": "count()" } ], "rollup": true, "column_pivots": [], "visualization_config": null, "formatting_settings": null, "sort": [ { "type": "series", "field": "winlogbeat_winlog_event_data_SubjectUserName", "direction": "Descending" } ] } }, { "id": "00000170-0a70-9e2b-b5da-00155dc58698", "type": "aggregation", "filter": null, "timerange": { "type": "relative", "range": 604800 }, "query": { "type": "elasticsearch", "query_string": "winlogbeat_winlog_event_id:4742" }, "streams": [], "config": { "visualization": "table", "event_annotation": false, "row_pivots": [ { "field": "collector_node_id", "type": "values", "config": { "limit": 50 } } ], "series": [ { "config": { "name": null }, "function": "count()" } ], "rollup": true, "column_pivots": [], "visualization_config": null, "formatting_settings": null, "sort": [ { "type": "series", "field": "collector_node_id", "direction": "Descending" } ] } }, { "id": "00000170-0a70-9e31-b5da-00155dc58698", "type": "aggregation", "filter": null, "timerange": { "type": "relative", "range": 604800 }, "query": { "type": "elasticsearch", "query_string": "winlogbeat_winlog_event_id:4743" }, "streams": [], "config": { "visualization": "numeric", "event_annotation": false, "row_pivots": [], "series": [ { "config": { "name": null }, "function": "count()" } ], "rollup": true, "column_pivots": [], "visualization_config": { "trend": true, "trend_preference": "HIGHER" }, "formatting_settings": null, "sort": [] } }, { "id": "00000170-0a70-9e2e-b5da-00155dc58698", "type": "aggregation", "filter": null, "timerange": { "type": "relative", "range": 604800 }, "query": { "type": "elasticsearch", "query_string": "winlogbeat_winlog_event_id:4742" }, "streams": [], "config": { "visualization": "numeric", "event_annotation": false, "row_pivots": [], "series": [ { "config": { "name": null }, "function": "count()" } ], "rollup": true, "column_pivots": [], "visualization_config": { "trend": true, "trend_preference": "HIGHER" }, "formatting_settings": null, "sort": [] } }, { "id": "00000170-0a70-9e2c-b5da-00155dc58698", "type": "aggregation", "filter": null, "timerange": { "type": "relative", "range": 604800 }, "query": { "type": "elasticsearch", "query_string": "winlogbeat_winlog_event_id:4741" }, "streams": [], "config": { "visualization": "table", "event_annotation": false, "row_pivots": [ { "field": "winlogbeat_winlog_event_data_SamAccountName", "type": "values", "config": { "limit": 50 } } ], "series": [ { "config": { "name": null }, "function": "count()" } ], "rollup": true, "column_pivots": [], "visualization_config": null, "formatting_settings": null, "sort": [ { "type": "series", "field": "winlogbeat_winlog_event_data_SamAccountName", "direction": "Descending" } ] } }, { "id": "00000170-0a70-9e2f-b5da-00155dc58698", "type": "aggregation", "filter": null, "timerange": { "type": "relative", "range": 604800 }, "query": { "type": "elasticsearch", "query_string": "winlogbeat_winlog_event_id:4743" }, "streams": [], "config": { "visualization": "table", "event_annotation": false, "row_pivots": [ { "field": "collector_node_id", "type": "values", "config": { "limit": 50 } } ], "series": [ { "config": { "name": null }, "function": "count()" } ], "rollup": true, "column_pivots": [], "visualization_config": null, "formatting_settings": null, "sort": [ { "type": "series", "field": "collector_node_id", "direction": "Descending" } ] } }, { "id": "00000170-0a70-9e29-b5da-00155dc58698", "type": "aggregation", "filter": null, "timerange": { "type": "relative", "range": 604800 }, "query": { "type": "elasticsearch", "query_string": "winlogbeat_winlog_event_id:4743" }, "streams": [], "config": { "visualization": "bar", "event_annotation": false, "row_pivots": [ { "field": "timestamp", "type": "time", "config": { "interval": { "type": "auto", "scaling": 4 } } } ], "series": [ { "config": { "name": "Messages" }, "function": "count()" } ], "rollup": true, "column_pivots": [], "visualization_config": null, "formatting_settings": null, "sort": [] } }, { "id": "00000170-0a70-9e2d-b5da-00155dc58698", "type": "aggregation", "filter": null, "timerange": { "type": "relative", "range": 604800 }, "query": { "type": "elasticsearch", "query_string": "winlogbeat_winlog_event_id:4742" }, "streams": [], "config": { "visualization": "bar", "event_annotation": false, "row_pivots": [ { "field": "timestamp", "type": "time", "config": { "interval": { "type": "auto", "scaling": 4 } } } ], "series": [ { "config": { "name": "Messages" }, "function": "count()" } ], "rollup": true, "column_pivots": [], "visualization_config": null, "formatting_settings": null, "sort": [] } } ], "widget_mapping": { "00000170-0a70-9e2d-b5da-00155dc58698": [ "00000170-0a70-9e3d-b5da-00155dc58698" ], "00000170-0a70-9e2e-b5da-00155dc58698": [ "00000170-0a70-9e3f-b5da-00155dc58698", "00000170-0a70-9e3e-b5da-00155dc58698" ], "00000170-0a70-9e2f-b5da-00155dc58698": [ "00000170-0a70-9e40-b5da-00155dc58698" ], "00000170-0a70-9e30-b5da-00155dc58698": [ "00000170-0a70-9e41-b5da-00155dc58698" ], "00000170-0a70-9e31-b5da-00155dc58698": [ "00000170-0a70-9e42-b5da-00155dc58698", "00000170-0a70-9e43-b5da-00155dc58698" ], "00000170-0a70-9e32-b5da-00155dc58698": [ "00000170-0a70-9e44-b5da-00155dc58698" ], "00000170-0a70-9e24-b5da-00155dc58698": [ "00000170-0a70-9e33-b5da-00155dc58698" ], "00000170-0a70-9e25-b5da-00155dc58698": [ "00000170-0a70-9e34-b5da-00155dc58698", "00000170-0a70-9e35-b5da-00155dc58698" ], "00000170-0a70-9e26-b5da-00155dc58698": [ "00000170-0a70-9e36-b5da-00155dc58698" ], "00000170-0a70-9e27-b5da-00155dc58698": [ "00000170-0a70-9e37-b5da-00155dc58698" ], "00000170-0a70-9e28-b5da-00155dc58698": [ "00000170-0a70-9e38-b5da-00155dc58698" ], "00000170-0a70-9e29-b5da-00155dc58698": [ "00000170-0a70-9e39-b5da-00155dc58698" ], "00000170-0a70-9e2a-b5da-00155dc58698": [ "00000170-0a70-9e3a-b5da-00155dc58698" ], "00000170-0a70-9e2b-b5da-00155dc58698": [ "00000170-0a70-9e3b-b5da-00155dc58698" ], "00000170-0a70-9e2c-b5da-00155dc58698": [ "00000170-0a70-9e3c-b5da-00155dc58698" ] }, "positions": { "00000170-0a70-9e2d-b5da-00155dc58698": { "col": 1, "row": 13, "height": 2, "width": 4 }, "00000170-0a70-9e2e-b5da-00155dc58698": { "col": 5, "row": 13, "height": 2, "width": 2 }, "00000170-0a70-9e2f-b5da-00155dc58698": { "col": 3, "row": 9, "height": 4, "width": 2 }, "00000170-0a70-9e30-b5da-00155dc58698": { "col": 1, "row": 9, "height": 4, "width": 2 }, "00000170-0a70-9e31-b5da-00155dc58698": { "col": 5, "row": 7, "height": 2, "width": 2 }, "00000170-0a70-9e32-b5da-00155dc58698": { "col": 1, "row": 1, "height": 2, "width": 4 }, "00000170-0a70-9e24-b5da-00155dc58698": { "col": 1, "row": 15, "height": 4, "width": 2 }, "00000170-0a70-9e25-b5da-00155dc58698": { "col": 5, "row": 1, "height": 2, "width": 2 }, "00000170-0a70-9e26-b5da-00155dc58698": { "col": 5, "row": 9, "height": 4, "width": 2 }, "00000170-0a70-9e27-b5da-00155dc58698": { "col": 1, "row": 3, "height": 4, "width": 2 }, "00000170-0a70-9e28-b5da-00155dc58698": { "col": 3, "row": 3, "height": 4, "width": 2 }, "00000170-0a70-9e29-b5da-00155dc58698": { "col": 1, "row": 7, "height": 2, "width": 4 }, "00000170-0a70-9e2a-b5da-00155dc58698": { "col": 5, "row": 15, "height": 4, "width": 2 }, "00000170-0a70-9e2b-b5da-00155dc58698": { "col": 3, "row": 15, "height": 4, "width": 2 }, "00000170-0a70-9e2c-b5da-00155dc58698": { "col": 5, "row": 3, "height": 4, "width": 2 } }, "formatting": null, "display_mode_settings": { "positions": {} } } }, "properties": [], "owner": "cy0712", "title": { "@type": "string", "@value": "AD Computer Object Summary (7d)" }, "type": "DASHBOARD", "description": { "@type": "string", "@value": "AD Computer Object Summary (7d)" } }, "constraints": [ { "type": "server-version", "version": ">=4.1.5+01c9198" } ] }, { "v": "1", "type": { "name": "dashboard", "version": "2" }, "id": "b2960807-3dd2-4fcc-b7ab-43d2385a763d", "data": { "summary": { "@type": "string", "@value": "This dashboard was migrated automatically." }, "search": { "queries": [ { "id": "00000170-0a70-9e0c-b5da-00155dc58698", "timerange": { "type": "relative", "range": 300 }, "query": { "type": "elasticsearch", "query_string": "" }, "search_types": [ { "query": { "type": "elasticsearch", "query_string": "((winlogbeat_winlog_event_id:4764 OR winlogbeat_winlog_event_id:4735 OR winlogbeat_winlog_event_id:4737 OR winlogbeat_winlog_event_id:4755) AND winlogbeat_winlog_event_data_SamAccountName:\\-)" }, "name": "chart", "timerange": { "type": "relative", "range": 604800 }, "streams": [], "series": [ { "type": "count", "id": "count()", "field": null } ], "filter": null, "rollup": true, "row_groups": [], "type": "pivot", "id": "00000170-0a70-9dfe-b5da-00155dc58698", "column_groups": [], "sort": [] }, { "query": { "type": "elasticsearch", "query_string": "winlogbeat_winlog_event_id:4743" }, "name": "chart", "timerange": { "type": "relative", "range": 604800 }, "streams": [], "series": [ { "type": "count", "id": "count()", "field": null } ], "filter": null, "rollup": true, "row_groups": [], "type": "pivot", "id": "00000170-0a70-9dfc-b5da-00155dc58698", "column_groups": [], "sort": [] }, { "query": { "type": "elasticsearch", "query_string": "winlogbeat_winlog_event_id:630 OR winlogbeat_winlog_event_id:4726" }, "name": "trend", "timerange": { "type": "offset", "source": "search_type", "id": "00000170-0a70-9e00-b5da-00155dc58698", "offset": "1i" }, "streams": [], "series": [ { "type": "count", "id": "count()", "field": null } ], "filter": null, "rollup": true, "row_groups": [], "type": "pivot", "id": "00000170-0a70-9e01-b5da-00155dc58698", "column_groups": [], "sort": [] }, { "query": { "type": "elasticsearch", "query_string": "winlogbeat_winlog_event_id:4767" }, "name": "trend", "timerange": { "type": "offset", "source": "search_type", "id": "00000170-0a70-9df8-b5da-00155dc58698", "offset": "1i" }, "streams": [], "series": [ { "type": "count", "id": "count()", "field": null } ], "filter": null, "rollup": true, "row_groups": [], "type": "pivot", "id": "00000170-0a70-9df9-b5da-00155dc58698", "column_groups": [], "sort": [] }, { "query": { "type": "elasticsearch", "query_string": "winlogbeat_winlog_event_id:4767" }, "name": "chart", "timerange": { "type": "relative", "range": 604800 }, "streams": [], "series": [ { "type": "count", "id": "count()", "field": null } ], "filter": null, "rollup": true, "row_groups": [], "type": "pivot", "id": "00000170-0a70-9df8-b5da-00155dc58698", "column_groups": [], "sort": [] }, { "query": { "type": "elasticsearch", "query_string": "winlogbeat_winlog_event_id:4728 OR winlogbeat_winlog_event_id:4729 OR winlogbeat_winlog_event_id:4732 OR winlogbeat_winlog_event_id:4733 OR winlogbeat_winlog_event_id:4756 OR winlogbeat_winlog_event_id:4757" }, "name": "chart", "timerange": { "type": "relative", "range": 604800 }, "streams": [], "series": [ { "type": "count", "id": "count()", "field": null } ], "filter": null, "rollup": true, "row_groups": [], "type": "pivot", "id": "00000170-0a70-9e0a-b5da-00155dc58698", "column_groups": [], "sort": [] }, { "query": { "type": "elasticsearch", "query_string": "winlogbeat_winlog_event_id:631 OR winlogbeat_winlog_event_id:635 OR winlogbeat_winlog_event_id:658 OR winlogbeat_winlog_event_id:4727 OR winlogbeat_winlog_event_id:4731 OR winlogbeat_winlog_event_id:4754" }, "name": "chart", "timerange": { "type": "relative", "range": 604800 }, "streams": [], "series": [ { "type": "count", "id": "count()", "field": null } ], "filter": null, "rollup": true, "row_groups": [], "type": "pivot", "id": "00000170-0a70-9e02-b5da-00155dc58698", "column_groups": [], "sort": [] }, { "query": { "type": "elasticsearch", "query_string": "winlogbeat_winlog_event_id:4740" }, "name": "chart", "timerange": { "type": "relative", "range": 604800 }, "streams": [], "series": [ { "type": "count", "id": "count()", "field": null } ], "filter": null, "rollup": true, "row_groups": [], "type": "pivot", "id": "00000170-0a70-9dfa-b5da-00155dc58698", "column_groups": [], "sort": [] }, { "query": { "type": "elasticsearch", "query_string": "winlogbeat_winlog_event_id:630 OR winlogbeat_winlog_event_id:4726" }, "name": "chart", "timerange": { "type": "relative", "range": 604800 }, "streams": [], "series": [ { "type": "count", "id": "count()", "field": null } ], "filter": null, "rollup": true, "row_groups": [], "type": "pivot", "id": "00000170-0a70-9e00-b5da-00155dc58698", "column_groups": [], "sort": [] }, { "query": { "type": "elasticsearch", "query_string": "winlogbeat_winlog_event_id:4740" }, "name": "trend", "timerange": { "type": "offset", "source": "search_type", "id": "00000170-0a70-9dfa-b5da-00155dc58698", "offset": "1i" }, "streams": [], "series": [ { "type": "count", "id": "count()", "field": null } ], "filter": null, "rollup": true, "row_groups": [], "type": "pivot", "id": "00000170-0a70-9dfb-b5da-00155dc58698", "column_groups": [], "sort": [] }, { "query": { "type": "elasticsearch", "query_string": "winlogbeat_winlog_event_id:631 OR winlogbeat_winlog_event_id:635 OR winlogbeat_winlog_event_id:658 OR winlogbeat_winlog_event_id:4727 OR winlogbeat_winlog_event_id:4731 OR winlogbeat_winlog_event_id:4754" }, "name": "trend", "timerange": { "type": "offset", "source": "search_type", "id": "00000170-0a70-9e08-b5da-00155dc58698", "offset": "1i" }, "streams": [], "series": [ { "type": "count", "id": "count()", "field": null } ], "filter": null, "rollup": true, "row_groups": [], "type": "pivot", "id": "00000170-0a70-9e09-b5da-00155dc58698", "column_groups": [], "sort": [] }, { "query": { "type": "elasticsearch", "query_string": "winlogbeat_winlog_event_id:634 OR winlogbeat_winlog_event_id:638 OR winlogbeat_winlog_event_id:662 OR winlogbeat_winlog_event_id:4730 OR winlogbeat_winlog_event_id:4734 OR winlogbeat_winlog_event_id:4758" }, "name": "trend", "timerange": { "type": "offset", "source": "search_type", "id": "00000170-0a70-9e04-b5da-00155dc58698", "offset": "1i" }, "streams": [], "series": [ { "type": "count", "id": "count()", "field": null } ], "filter": null, "rollup": true, "row_groups": [], "type": "pivot", "id": "00000170-0a70-9e05-b5da-00155dc58698", "column_groups": [], "sort": [] }, { "query": { "type": "elasticsearch", "query_string": "winlogbeat_winlog_event_id:4741" }, "name": "trend", "timerange": { "type": "offset", "source": "search_type", "id": "00000170-0a70-9e06-b5da-00155dc58698", "offset": "1i" }, "streams": [], "series": [ { "type": "count", "id": "count()", "field": null } ], "filter": null, "rollup": true, "row_groups": [], "type": "pivot", "id": "00000170-0a70-9e07-b5da-00155dc58698", "column_groups": [], "sort": [] }, { "query": { "type": "elasticsearch", "query_string": "((winlogbeat_winlog_event_id:4764 OR winlogbeat_winlog_event_id:4735 OR winlogbeat_winlog_event_id:4737 OR winlogbeat_winlog_event_id:4755) AND winlogbeat_winlog_event_data_SamAccountName:\\-)" }, "name": "trend", "timerange": { "type": "offset", "source": "search_type", "id": "00000170-0a70-9dfe-b5da-00155dc58698", "offset": "1i" }, "streams": [], "series": [ { "type": "count", "id": "count()", "field": null } ], "filter": null, "rollup": true, "row_groups": [], "type": "pivot", "id": "00000170-0a70-9dff-b5da-00155dc58698", "column_groups": [], "sort": [] }, { "query": { "type": "elasticsearch", "query_string": "winlogbeat_winlog_event_id:4743" }, "name": "trend", "timerange": { "type": "offset", "source": "search_type", "id": "00000170-0a70-9dfc-b5da-00155dc58698", "offset": "1i" }, "streams": [], "series": [ { "type": "count", "id": "count()", "field": null } ], "filter": null, "rollup": true, "row_groups": [], "type": "pivot", "id": "00000170-0a70-9dfd-b5da-00155dc58698", "column_groups": [], "sort": [] }, { "query": { "type": "elasticsearch", "query_string": "winlogbeat_winlog_event_id:631 OR winlogbeat_winlog_event_id:635 OR winlogbeat_winlog_event_id:658 OR winlogbeat_winlog_event_id:4727 OR winlogbeat_winlog_event_id:4731 OR winlogbeat_winlog_event_id:4754" }, "name": "trend", "timerange": { "type": "offset", "source": "search_type", "id": "00000170-0a70-9e02-b5da-00155dc58698", "offset": "1i" }, "streams": [], "series": [ { "type": "count", "id": "count()", "field": null } ], "filter": null, "rollup": true, "row_groups": [], "type": "pivot", "id": "00000170-0a70-9e03-b5da-00155dc58698", "column_groups": [], "sort": [] }, { "query": { "type": "elasticsearch", "query_string": "winlogbeat_winlog_event_id:4728 OR winlogbeat_winlog_event_id:4729 OR winlogbeat_winlog_event_id:4732 OR winlogbeat_winlog_event_id:4733 OR winlogbeat_winlog_event_id:4756 OR winlogbeat_winlog_event_id:4757" }, "name": "trend", "timerange": { "type": "offset", "source": "search_type", "id": "00000170-0a70-9e0a-b5da-00155dc58698", "offset": "1i" }, "streams": [], "series": [ { "type": "count", "id": "count()", "field": null } ], "filter": null, "rollup": true, "row_groups": [], "type": "pivot", "id": "00000170-0a70-9e0b-b5da-00155dc58698", "column_groups": [], "sort": [] }, { "query": { "type": "elasticsearch", "query_string": "winlogbeat_winlog_event_id:631 OR winlogbeat_winlog_event_id:635 OR winlogbeat_winlog_event_id:658 OR winlogbeat_winlog_event_id:4727 OR winlogbeat_winlog_event_id:4731 OR winlogbeat_winlog_event_id:4754" }, "name": "chart", "timerange": { "type": "relative", "range": 604800 }, "streams": [], "series": [ { "type": "count", "id": "count()", "field": null } ], "filter": null, "rollup": true, "row_groups": [], "type": "pivot", "id": "00000170-0a70-9e08-b5da-00155dc58698", "column_groups": [], "sort": [] }, { "query": { "type": "elasticsearch", "query_string": "winlogbeat_winlog_event_id:4741" }, "name": "chart", "timerange": { "type": "relative", "range": 604800 }, "streams": [], "series": [ { "type": "count", "id": "count()", "field": null } ], "filter": null, "rollup": true, "row_groups": [], "type": "pivot", "id": "00000170-0a70-9e06-b5da-00155dc58698", "column_groups": [], "sort": [] }, { "query": { "type": "elasticsearch", "query_string": "winlogbeat_winlog_event_id:634 OR winlogbeat_winlog_event_id:638 OR winlogbeat_winlog_event_id:662 OR winlogbeat_winlog_event_id:4730 OR winlogbeat_winlog_event_id:4734 OR winlogbeat_winlog_event_id:4758" }, "name": "chart", "timerange": { "type": "relative", "range": 604800 }, "streams": [], "series": [ { "type": "count", "id": "count()", "field": null } ], "filter": null, "rollup": true, "row_groups": [], "type": "pivot", "id": "00000170-0a70-9e04-b5da-00155dc58698", "column_groups": [], "sort": [] } ] } ], "parameters": [], "requires": {}, "owner": "cy0712", "created_at": "2019-08-01T14:02:55.008Z" }, "created_at": "2019-08-01T14:02:55.008Z", "requires": {}, "state": { "00000170-0a70-9e0c-b5da-00155dc58698": { "selected_fields": null, "static_message_list_id": null, "titles": { "widget": { "00000170-0a70-9dee-b5da-00155dc58698": "Account Unlocks", "00000170-0a70-9def-b5da-00155dc58698": "Account Lockouts ", "00000170-0a70-9df0-b5da-00155dc58698": "Computers Deleted", "00000170-0a70-9df1-b5da-00155dc58698": "Group Modifications", "00000170-0a70-9df2-b5da-00155dc58698": "Account Deletions", "00000170-0a70-9df3-b5da-00155dc58698": "Groups Created", "00000170-0a70-9df4-b5da-00155dc58698": "Groups Deleted", "00000170-0a70-9df5-b5da-00155dc58698": "Computers Created", "00000170-0a70-9df6-b5da-00155dc58698": "Account Creations", "00000170-0a70-9df7-b5da-00155dc58698": "Group Membership Changes" }, "tab": { "title": "AD Summary (7d)" } }, "widgets": [ { "id": "00000170-0a70-9dee-b5da-00155dc58698", "type": "aggregation", "filter": null, "timerange": { "type": "relative", "range": 604800 }, "query": { "type": "elasticsearch", "query_string": "winlogbeat_winlog_event_id:4767" }, "streams": [], "config": { "visualization": "numeric", "event_annotation": false, "row_pivots": [], "series": [ { "config": { "name": null }, "function": "count()" } ], "rollup": true, "column_pivots": [], "visualization_config": { "trend": true, "trend_preference": "HIGHER" }, "formatting_settings": null, "sort": [] } }, { "id": "00000170-0a70-9df0-b5da-00155dc58698", "type": "aggregation", "filter": null, "timerange": { "type": "relative", "range": 604800 }, "query": { "type": "elasticsearch", "query_string": "winlogbeat_winlog_event_id:4743" }, "streams": [], "config": { "visualization": "numeric", "event_annotation": false, "row_pivots": [], "series": [ { "config": { "name": null }, "function": "count()" } ], "rollup": true, "column_pivots": [], "visualization_config": { "trend": true, "trend_preference": "HIGHER" }, "formatting_settings": null, "sort": [] } }, { "id": "00000170-0a70-9df6-b5da-00155dc58698", "type": "aggregation", "filter": null, "timerange": { "type": "relative", "range": 604800 }, "query": { "type": "elasticsearch", "query_string": "winlogbeat_winlog_event_id:631 OR winlogbeat_winlog_event_id:635 OR winlogbeat_winlog_event_id:658 OR winlogbeat_winlog_event_id:4727 OR winlogbeat_winlog_event_id:4731 OR winlogbeat_winlog_event_id:4754" }, "streams": [], "config": { "visualization": "numeric", "event_annotation": false, "row_pivots": [], "series": [ { "config": { "name": null }, "function": "count()" } ], "rollup": true, "column_pivots": [], "visualization_config": { "trend": true, "trend_preference": "HIGHER" }, "formatting_settings": null, "sort": [] } }, { "id": "00000170-0a70-9def-b5da-00155dc58698", "type": "aggregation", "filter": null, "timerange": { "type": "relative", "range": 604800 }, "query": { "type": "elasticsearch", "query_string": "winlogbeat_winlog_event_id:4740" }, "streams": [], "config": { "visualization": "numeric", "event_annotation": false, "row_pivots": [], "series": [ { "config": { "name": null }, "function": "count()" } ], "rollup": true, "column_pivots": [], "visualization_config": { "trend": true, "trend_preference": "HIGHER" }, "formatting_settings": null, "sort": [] } }, { "id": "00000170-0a70-9df3-b5da-00155dc58698", "type": "aggregation", "filter": null, "timerange": { "type": "relative", "range": 604800 }, "query": { "type": "elasticsearch", "query_string": "winlogbeat_winlog_event_id:631 OR winlogbeat_winlog_event_id:635 OR winlogbeat_winlog_event_id:658 OR winlogbeat_winlog_event_id:4727 OR winlogbeat_winlog_event_id:4731 OR winlogbeat_winlog_event_id:4754" }, "streams": [], "config": { "visualization": "numeric", "event_annotation": false, "row_pivots": [], "series": [ { "config": { "name": null }, "function": "count()" } ], "rollup": true, "column_pivots": [], "visualization_config": { "trend": true, "trend_preference": "HIGHER" }, "formatting_settings": null, "sort": [] } }, { "id": "00000170-0a70-9df4-b5da-00155dc58698", "type": "aggregation", "filter": null, "timerange": { "type": "relative", "range": 604800 }, "query": { "type": "elasticsearch", "query_string": "winlogbeat_winlog_event_id:634 OR winlogbeat_winlog_event_id:638 OR winlogbeat_winlog_event_id:662 OR winlogbeat_winlog_event_id:4730 OR winlogbeat_winlog_event_id:4734 OR winlogbeat_winlog_event_id:4758" }, "streams": [], "config": { "visualization": "numeric", "event_annotation": false, "row_pivots": [], "series": [ { "config": { "name": null }, "function": "count()" } ], "rollup": true, "column_pivots": [], "visualization_config": { "trend": true, "trend_preference": "HIGHER" }, "formatting_settings": null, "sort": [] } }, { "id": "00000170-0a70-9df7-b5da-00155dc58698", "type": "aggregation", "filter": null, "timerange": { "type": "relative", "range": 604800 }, "query": { "type": "elasticsearch", "query_string": "winlogbeat_winlog_event_id:4728 OR winlogbeat_winlog_event_id:4729 OR winlogbeat_winlog_event_id:4732 OR winlogbeat_winlog_event_id:4733 OR winlogbeat_winlog_event_id:4756 OR winlogbeat_winlog_event_id:4757" }, "streams": [], "config": { "visualization": "numeric", "event_annotation": false, "row_pivots": [], "series": [ { "config": { "name": null }, "function": "count()" } ], "rollup": true, "column_pivots": [], "visualization_config": { "trend": true, "trend_preference": "HIGHER" }, "formatting_settings": null, "sort": [] } }, { "id": "00000170-0a70-9df1-b5da-00155dc58698", "type": "aggregation", "filter": null, "timerange": { "type": "relative", "range": 604800 }, "query": { "type": "elasticsearch", "query_string": "((winlogbeat_winlog_event_id:4764 OR winlogbeat_winlog_event_id:4735 OR winlogbeat_winlog_event_id:4737 OR winlogbeat_winlog_event_id:4755) AND winlogbeat_winlog_event_data_SamAccountName:\\-)" }, "streams": [], "config": { "visualization": "numeric", "event_annotation": false, "row_pivots": [], "series": [ { "config": { "name": null }, "function": "count()" } ], "rollup": true, "column_pivots": [], "visualization_config": { "trend": true, "trend_preference": "HIGHER" }, "formatting_settings": null, "sort": [] } }, { "id": "00000170-0a70-9df5-b5da-00155dc58698", "type": "aggregation", "filter": null, "timerange": { "type": "relative", "range": 604800 }, "query": { "type": "elasticsearch", "query_string": "winlogbeat_winlog_event_id:4741" }, "streams": [], "config": { "visualization": "numeric", "event_annotation": false, "row_pivots": [], "series": [ { "config": { "name": null }, "function": "count()" } ], "rollup": true, "column_pivots": [], "visualization_config": { "trend": true, "trend_preference": "HIGHER" }, "formatting_settings": null, "sort": [] } }, { "id": "00000170-0a70-9df2-b5da-00155dc58698", "type": "aggregation", "filter": null, "timerange": { "type": "relative", "range": 604800 }, "query": { "type": "elasticsearch", "query_string": "winlogbeat_winlog_event_id:630 OR winlogbeat_winlog_event_id:4726" }, "streams": [], "config": { "visualization": "numeric", "event_annotation": false, "row_pivots": [], "series": [ { "config": { "name": null }, "function": "count()" } ], "rollup": true, "column_pivots": [], "visualization_config": { "trend": true, "trend_preference": "HIGHER" }, "formatting_settings": null, "sort": [] } } ], "widget_mapping": { "00000170-0a70-9dee-b5da-00155dc58698": [ "00000170-0a70-9df8-b5da-00155dc58698", "00000170-0a70-9df9-b5da-00155dc58698" ], "00000170-0a70-9def-b5da-00155dc58698": [ "00000170-0a70-9dfb-b5da-00155dc58698", "00000170-0a70-9dfa-b5da-00155dc58698" ], "00000170-0a70-9df0-b5da-00155dc58698": [ "00000170-0a70-9dfc-b5da-00155dc58698", "00000170-0a70-9dfd-b5da-00155dc58698" ], "00000170-0a70-9df1-b5da-00155dc58698": [ "00000170-0a70-9dfe-b5da-00155dc58698", "00000170-0a70-9dff-b5da-00155dc58698" ], "00000170-0a70-9df2-b5da-00155dc58698": [ "00000170-0a70-9e00-b5da-00155dc58698", "00000170-0a70-9e01-b5da-00155dc58698" ], "00000170-0a70-9df3-b5da-00155dc58698": [ "00000170-0a70-9e02-b5da-00155dc58698", "00000170-0a70-9e03-b5da-00155dc58698" ], "00000170-0a70-9df4-b5da-00155dc58698": [ "00000170-0a70-9e05-b5da-00155dc58698", "00000170-0a70-9e04-b5da-00155dc58698" ], "00000170-0a70-9df5-b5da-00155dc58698": [ "00000170-0a70-9e07-b5da-00155dc58698", "00000170-0a70-9e06-b5da-00155dc58698" ], "00000170-0a70-9df6-b5da-00155dc58698": [ "00000170-0a70-9e08-b5da-00155dc58698", "00000170-0a70-9e09-b5da-00155dc58698" ], "00000170-0a70-9df7-b5da-00155dc58698": [ "00000170-0a70-9e0a-b5da-00155dc58698", "00000170-0a70-9e0b-b5da-00155dc58698" ] }, "positions": { "00000170-0a70-9dee-b5da-00155dc58698": { "col": 9, "row": 3, "height": 2, "width": 2 }, "00000170-0a70-9def-b5da-00155dc58698": { "col": 9, "row": 1, "height": 2, "width": 2 }, "00000170-0a70-9df0-b5da-00155dc58698": { "col": 3, "row": 3, "height": 2, "width": 2 }, "00000170-0a70-9df1-b5da-00155dc58698": { "col": 7, "row": 3, "height": 2, "width": 2 }, "00000170-0a70-9df2-b5da-00155dc58698": { "col": 1, "row": 3, "height": 2, "width": 2 }, "00000170-0a70-9df3-b5da-00155dc58698": { "col": 5, "row": 1, "height": 2, "width": 2 }, "00000170-0a70-9df4-b5da-00155dc58698": { "col": 5, "row": 3, "height": 2, "width": 2 }, "00000170-0a70-9df5-b5da-00155dc58698": { "col": 3, "row": 1, "height": 2, "width": 2 }, "00000170-0a70-9df6-b5da-00155dc58698": { "col": 1, "row": 1, "height": 2, "width": 2 }, "00000170-0a70-9df7-b5da-00155dc58698": { "col": 7, "row": 1, "height": 2, "width": 2 } }, "formatting": null, "display_mode_settings": { "positions": {} } } }, "properties": [], "owner": "cy0712", "title": { "@type": "string", "@value": "AD Summary (7d)" }, "type": "DASHBOARD", "description": { "@type": "string", "@value": "AD Summary (7d)" } }, "constraints": [ { "type": "server-version", "version": ">=4.1.5+01c9198" } ] }, { "v": "1", "type": { "name": "dashboard", "version": "2" }, "id": "36e37874-1a75-4735-b1e2-ab722da44abf", "data": { "summary": { "@type": "string", "@value": "This dashboard was migrated automatically." }, "search": { "queries": [ { "id": "00000170-0a70-9ded-b5da-00155dc58698", "timerange": { "type": "relative", "range": 300 }, "query": { "type": "elasticsearch", "query_string": "" }, "search_types": [ { "query": { "type": "elasticsearch", "query_string": "winlogbeat_winlog_event_id:624 OR winlogbeat_winlog_event_id:4720" }, "name": "chart", "timerange": { "type": "relative", "range": 604800 }, "streams": [], "series": [ { "type": "count", "id": "count()", "field": null } ], "filter": null, "rollup": true, "row_groups": [ { "type": "values", "field": "winlogbeat_winlog_event_data_TargetUserName", "limit": 50 } ], "type": "pivot", "id": "00000170-0a70-9dde-b5da-00155dc58698", "column_groups": [], "sort": [ { "type": "series", "field": "winlogbeat_winlog_event_data_TargetUserName", "direction": "Descending" } ] }, { "query": { "type": "elasticsearch", "query_string": "winlogbeat_winlog_event_id:630 OR winlogbeat_winlog_event_id:4726" }, "name": "trend", "timerange": { "type": "offset", "source": "search_type", "id": "00000170-0a70-9deb-b5da-00155dc58698", "offset": "1i" }, "streams": [], "series": [ { "type": "count", "id": "count()", "field": null } ], "filter": null, "rollup": true, "row_groups": [], "type": "pivot", "id": "00000170-0a70-9dec-b5da-00155dc58698", "column_groups": [], "sort": [] }, { "query": { "type": "elasticsearch", "query_string": "winlogbeat_winlog_event_id:630 OR winlogbeat_winlog_event_id:4726" }, "name": "chart", "timerange": { "type": "relative", "range": 604800 }, "streams": [], "series": [ { "type": "count", "id": "count()", "field": null } ], "filter": null, "rollup": true, "row_groups": [ { "type": "values", "field": "winlogbeat_winlog_event_data_SubjectUserName", "limit": 50 } ], "type": "pivot", "id": "00000170-0a70-9dd7-b5da-00155dc58698", "column_groups": [], "sort": [ { "type": "series", "field": "winlogbeat_winlog_event_data_SubjectUserName", "direction": "Descending" } ] }, { "query": { "type": "elasticsearch", "query_string": "winlogbeat_winlog_event_id:624 OR winlogbeat_winlog_event_id:4720" }, "name": "chart", "timerange": { "type": "relative", "range": 604800 }, "streams": [], "series": [ { "type": "count", "id": "count()", "field": null } ], "filter": null, "rollup": true, "row_groups": [ { "type": "values", "field": "source", "limit": 50 } ], "type": "pivot", "id": "00000170-0a70-9de2-b5da-00155dc58698", "column_groups": [], "sort": [ { "type": "series", "field": "source", "direction": "Descending" } ] }, { "query": { "type": "elasticsearch", "query_string": "winlogbeat_winlog_event_id:624 OR winlogbeat_winlog_event_id:4720" }, "name": "chart", "timerange": { "type": "relative", "range": 604800 }, "streams": [], "series": [ { "type": "count", "id": "count()", "field": null } ], "filter": null, "rollup": true, "row_groups": [ { "type": "time", "field": "timestamp", "interval": { "type": "auto", "scaling": 1 } } ], "type": "pivot", "id": "00000170-0a70-9de8-b5da-00155dc58698", "column_groups": [], "sort": [] }, { "query": { "type": "elasticsearch", "query_string": "winlogbeat_winlog_event_id:624 OR winlogbeat_winlog_event_id:4720" }, "name": "chart", "timerange": { "type": "relative", "range": 604800 }, "streams": [], "series": [ { "type": "count", "id": "count()", "field": null } ], "filter": null, "rollup": true, "row_groups": [ { "type": "values", "field": "winlogbeat_winlog_event_data_SubjectUserName", "limit": 50 } ], "type": "pivot", "id": "00000170-0a70-9de9-b5da-00155dc58698", "column_groups": [], "sort": [ { "type": "series", "field": "winlogbeat_winlog_event_data_SubjectUserName", "direction": "Descending" } ] }, { "query": { "type": "elasticsearch", "query_string": "winlogbeat_winlog_event_id:4767" }, "name": "chart", "timerange": { "type": "relative", "range": 604800 }, "streams": [], "series": [ { "type": "count", "id": "count()", "field": null } ], "filter": null, "rollup": true, "row_groups": [ { "type": "values", "field": "winlogbeat_winlog_event_data_TargetUserName", "limit": 50 } ], "type": "pivot", "id": "00000170-0a70-9dd6-b5da-00155dc58698", "column_groups": [], "sort": [ { "type": "series", "field": "winlogbeat_winlog_event_data_TargetUserName", "direction": "Descending" } ] }, { "query": { "type": "elasticsearch", "query_string": "winlogbeat_winlog_event_id:624 OR winlogbeat_winlog_event_id:4720" }, "name": "trend", "timerange": { "type": "offset", "source": "search_type", "id": "00000170-0a70-9de6-b5da-00155dc58698", "offset": "1i" }, "streams": [], "series": [ { "type": "count", "id": "count()", "field": null } ], "filter": null, "rollup": true, "row_groups": [], "type": "pivot", "id": "00000170-0a70-9de7-b5da-00155dc58698", "column_groups": [], "sort": [] }, { "query": { "type": "elasticsearch", "query_string": "winlogbeat_winlog_event_id:4740" }, "name": "chart", "timerange": { "type": "relative", "range": 604800 }, "streams": [], "series": [ { "type": "count", "id": "count()", "field": null } ], "filter": null, "rollup": true, "row_groups": [ { "type": "values", "field": "winlogbeat_winlog_event_data_TargetDomainName", "limit": 50 } ], "type": "pivot", "id": "00000170-0a70-9de3-b5da-00155dc58698", "column_groups": [], "sort": [ { "type": "series", "field": "winlogbeat_winlog_event_data_TargetDomainName", "direction": "Descending" } ] }, { "query": { "type": "elasticsearch", "query_string": "winlogbeat_winlog_event_id:4740" }, "name": "chart", "timerange": { "type": "relative", "range": 604800 }, "streams": [], "series": [ { "type": "count", "id": "count()", "field": null } ], "filter": null, "rollup": true, "row_groups": [], "type": "pivot", "id": "00000170-0a70-9dd9-b5da-00155dc58698", "column_groups": [], "sort": [] }, { "query": { "type": "elasticsearch", "query_string": "winlogbeat_winlog_event_id:4767" }, "name": "chart", "timerange": { "type": "relative", "range": 604800 }, "streams": [], "series": [ { "type": "count", "id": "count()", "field": null } ], "filter": null, "rollup": true, "row_groups": [], "type": "pivot", "id": "00000170-0a70-9ddf-b5da-00155dc58698", "column_groups": [], "sort": [] }, { "query": { "type": "elasticsearch", "query_string": "winlogbeat_winlog_event_id:4740" }, "name": "chart", "timerange": { "type": "relative", "range": 604800 }, "streams": [], "series": [ { "type": "count", "id": "count()", "field": null } ], "filter": null, "rollup": true, "row_groups": [ { "type": "values", "field": "source", "limit": 50 } ], "type": "pivot", "id": "00000170-0a70-9de4-b5da-00155dc58698", "column_groups": [], "sort": [ { "type": "series", "field": "source", "direction": "Descending" } ] }, { "query": { "type": "elasticsearch", "query_string": "winlogbeat_winlog_event_id:630 OR winlogbeat_winlog_event_id:4726" }, "name": "chart", "timerange": { "type": "relative", "range": 604800 }, "streams": [], "series": [ { "type": "count", "id": "count()", "field": null } ], "filter": null, "rollup": true, "row_groups": [ { "type": "values", "field": "winlogbeat_winlog_event_data_TargetUserName", "limit": 50 } ], "type": "pivot", "id": "00000170-0a70-9dea-b5da-00155dc58698", "column_groups": [], "sort": [ { "type": "series", "field": "winlogbeat_winlog_event_data_TargetUserName", "direction": "Descending" } ] }, { "query": { "type": "elasticsearch", "query_string": "winlogbeat_winlog_event_id:4740" }, "name": "chart", "timerange": { "type": "relative", "range": 604800 }, "streams": [], "series": [ { "type": "count", "id": "count()", "field": null } ], "filter": null, "rollup": true, "row_groups": [ { "type": "time", "field": "timestamp", "interval": { "type": "auto", "scaling": 1 } } ], "type": "pivot", "id": "00000170-0a70-9de1-b5da-00155dc58698", "column_groups": [], "sort": [] }, { "query": { "type": "elasticsearch", "query_string": "winlogbeat_winlog_event_id:4740" }, "name": "chart", "timerange": { "type": "relative", "range": 604800 }, "streams": [], "series": [ { "type": "count", "id": "count()", "field": null } ], "filter": null, "rollup": true, "row_groups": [ { "type": "values", "field": "winlogbeat_winlog_event_data_TargetUserName", "limit": 50 } ], "type": "pivot", "id": "00000170-0a70-9ddc-b5da-00155dc58698", "column_groups": [], "sort": [ { "type": "series", "field": "winlogbeat_winlog_event_data_TargetUserName", "direction": "Descending" } ] }, { "query": { "type": "elasticsearch", "query_string": "winlogbeat_winlog_event_id:630 OR winlogbeat_winlog_event_id:4726" }, "name": "chart", "timerange": { "type": "relative", "range": 604800 }, "streams": [], "series": [ { "type": "count", "id": "count()", "field": null } ], "filter": null, "rollup": true, "row_groups": [], "type": "pivot", "id": "00000170-0a70-9deb-b5da-00155dc58698", "column_groups": [], "sort": [] }, { "query": { "type": "elasticsearch", "query_string": "winlogbeat_winlog_event_id:4767" }, "name": "chart", "timerange": { "type": "relative", "range": 604800 }, "streams": [], "series": [ { "type": "count", "id": "count()", "field": null } ], "filter": null, "rollup": true, "row_groups": [ { "type": "values", "field": "source", "limit": 50 } ], "type": "pivot", "id": "00000170-0a70-9dd8-b5da-00155dc58698", "column_groups": [], "sort": [ { "type": "series", "field": "source", "direction": "Descending" } ] }, { "query": { "type": "elasticsearch", "query_string": "winlogbeat_winlog_event_id:630 OR winlogbeat_winlog_event_id:4726" }, "name": "chart", "timerange": { "type": "relative", "range": 604800 }, "streams": [], "series": [ { "type": "count", "id": "count()", "field": null } ], "filter": null, "rollup": true, "row_groups": [ { "type": "values", "field": "source", "limit": 50 } ], "type": "pivot", "id": "00000170-0a70-9ddb-b5da-00155dc58698", "column_groups": [], "sort": [ { "type": "series", "field": "source", "direction": "Descending" } ] }, { "query": { "type": "elasticsearch", "query_string": "winlogbeat_winlog_event_id:4767" }, "name": "chart", "timerange": { "type": "relative", "range": 604800 }, "streams": [], "series": [ { "type": "count", "id": "count()", "field": null } ], "filter": null, "rollup": true, "row_groups": [ { "type": "values", "field": "winlogbeat_winlog_event_data_SubjectUserName", "limit": 50 } ], "type": "pivot", "id": "00000170-0a70-9dd5-b5da-00155dc58698", "column_groups": [], "sort": [ { "type": "series", "field": "winlogbeat_winlog_event_data_SubjectUserName", "direction": "Descending" } ] }, { "query": { "type": "elasticsearch", "query_string": "winlogbeat_winlog_event_id:4740" }, "name": "trend", "timerange": { "type": "offset", "source": "search_type", "id": "00000170-0a70-9dd9-b5da-00155dc58698", "offset": "1i" }, "streams": [], "series": [ { "type": "count", "id": "count()", "field": null } ], "filter": null, "rollup": true, "row_groups": [], "type": "pivot", "id": "00000170-0a70-9dda-b5da-00155dc58698", "column_groups": [], "sort": [] }, { "query": { "type": "elasticsearch", "query_string": "winlogbeat_winlog_event_id:630 OR winlogbeat_winlog_event_id:4726" }, "name": "chart", "timerange": { "type": "relative", "range": 604800 }, "streams": [], "series": [ { "type": "count", "id": "count()", "field": null } ], "filter": null, "rollup": true, "row_groups": [ { "type": "time", "field": "timestamp", "interval": { "type": "auto", "scaling": 1 } } ], "type": "pivot", "id": "00000170-0a70-9de5-b5da-00155dc58698", "column_groups": [], "sort": [] }, { "query": { "type": "elasticsearch", "query_string": "winlogbeat_winlog_event_id:4767" }, "name": "chart", "timerange": { "type": "relative", "range": 604800 }, "streams": [], "series": [ { "type": "count", "id": "count()", "field": null } ], "filter": null, "rollup": true, "row_groups": [ { "type": "time", "field": "timestamp", "interval": { "type": "auto", "scaling": 1 } } ], "type": "pivot", "id": "00000170-0a70-9ddd-b5da-00155dc58698", "column_groups": [], "sort": [] }, { "query": { "type": "elasticsearch", "query_string": "winlogbeat_winlog_event_id:624 OR winlogbeat_winlog_event_id:4720" }, "name": "chart", "timerange": { "type": "relative", "range": 604800 }, "streams": [], "series": [ { "type": "count", "id": "count()", "field": null } ], "filter": null, "rollup": true, "row_groups": [], "type": "pivot", "id": "00000170-0a70-9de6-b5da-00155dc58698", "column_groups": [], "sort": [] }, { "query": { "type": "elasticsearch", "query_string": "winlogbeat_winlog_event_id:4767" }, "name": "trend", "timerange": { "type": "offset", "source": "search_type", "id": "00000170-0a70-9ddf-b5da-00155dc58698", "offset": "1i" }, "streams": [], "series": [ { "type": "count", "id": "count()", "field": null } ], "filter": null, "rollup": true, "row_groups": [], "type": "pivot", "id": "00000170-0a70-9de0-b5da-00155dc58698", "column_groups": [], "sort": [] } ] } ], "parameters": [], "requires": {}, "owner": "cy0712", "created_at": "2019-08-01T14:02:55.000Z" }, "created_at": "2019-08-01T14:02:55.000Z", "requires": {}, "state": { "00000170-0a70-9ded-b5da-00155dc58698": { "selected_fields": null, "static_message_list_id": null, "titles": { "widget": { "00000170-0a70-9dc6-b5da-00155dc58698": "Accounts Deleted By Source", "00000170-0a70-9dc7-b5da-00155dc58698": "Locked Out Accounts", "00000170-0a70-9dc8-b5da-00155dc58698": "Account Unlocks", "00000170-0a70-9dc9-b5da-00155dc58698": "Created Accounts", "00000170-0a70-9dca-b5da-00155dc58698": "Account Unlocks", "00000170-0a70-9dcb-b5da-00155dc58698": "Account Lockouts", "00000170-0a70-9dcc-b5da-00155dc58698": "Accounts Created By Source", "00000170-0a70-9dcd-b5da-00155dc58698": "Account Lockouts By Machine", "00000170-0a70-9dce-b5da-00155dc58698": "Account Lockouts By Source", "00000170-0a70-9dcf-b5da-00155dc58698": "Account Deletions", "00000170-0a70-9dd0-b5da-00155dc58698": "Account Creations", "00000170-0a70-9dd1-b5da-00155dc58698": "Account Creations", "00000170-0a70-9dc1-b5da-00155dc58698": "Account Unlocks By User", "00000170-0a70-9dd2-b5da-00155dc58698": "Accounts Created By User", "00000170-0a70-9dc2-b5da-00155dc58698": "Accounts Unlocked", "00000170-0a70-9dd3-b5da-00155dc58698": "Deleted Accounts", "00000170-0a70-9dc3-b5da-00155dc58698": "Accounts Deleted By User", "00000170-0a70-9dd4-b5da-00155dc58698": "Account Deletions", "00000170-0a70-9dc4-b5da-00155dc58698": "Account Unlocks By Source", "00000170-0a70-9dc5-b5da-00155dc58698": "Account Lockouts" }, "tab": { "title": "AD User Object Summary (7d)" } }, "widgets": [ { "id": "00000170-0a70-9dc5-b5da-00155dc58698", "type": "aggregation", "filter": null, "timerange": { "type": "relative", "range": 604800 }, "query": { "type": "elasticsearch", "query_string": "winlogbeat_winlog_event_id:4740" }, "streams": [], "config": { "visualization": "numeric", "event_annotation": false, "row_pivots": [], "series": [ { "config": { "name": null }, "function": "count()" } ], "rollup": true, "column_pivots": [], "visualization_config": { "trend": true, "trend_preference": "HIGHER" }, "formatting_settings": null, "sort": [] } }, { "id": "00000170-0a70-9dc8-b5da-00155dc58698", "type": "aggregation", "filter": null, "timerange": { "type": "relative", "range": 604800 }, "query": { "type": "elasticsearch", "query_string": "winlogbeat_winlog_event_id:4767" }, "streams": [], "config": { "visualization": "bar", "event_annotation": false, "row_pivots": [ { "field": "timestamp", "type": "time", "config": { "interval": { "type": "auto", "scaling": 4 } } } ], "series": [ { "config": { "name": "Messages" }, "function": "count()" } ], "rollup": true, "column_pivots": [], "visualization_config": null, "formatting_settings": null, "sort": [] } }, { "id": "00000170-0a70-9dc3-b5da-00155dc58698", "type": "aggregation", "filter": null, "timerange": { "type": "relative", "range": 604800 }, "query": { "type": "elasticsearch", "query_string": "winlogbeat_winlog_event_id:630 OR winlogbeat_winlog_event_id:4726" }, "streams": [], "config": { "visualization": "table", "event_annotation": false, "row_pivots": [ { "field": "winlogbeat_winlog_event_data_SubjectUserName", "type": "values", "config": { "limit": 50 } } ], "series": [ { "config": { "name": null }, "function": "count()" } ], "rollup": true, "column_pivots": [], "visualization_config": null, "formatting_settings": null, "sort": [ { "type": "series", "field": "winlogbeat_winlog_event_data_SubjectUserName", "direction": "Descending" } ] } }, { "id": "00000170-0a70-9dd0-b5da-00155dc58698", "type": "aggregation", "filter": null, "timerange": { "type": "relative", "range": 604800 }, "query": { "type": "elasticsearch", "query_string": "winlogbeat_winlog_event_id:624 OR winlogbeat_winlog_event_id:4720" }, "streams": [], "config": { "visualization": "numeric", "event_annotation": false, "row_pivots": [], "series": [ { "config": { "name": null }, "function": "count()" } ], "rollup": true, "column_pivots": [], "visualization_config": { "trend": true, "trend_preference": "HIGHER" }, "formatting_settings": null, "sort": [] } }, { "id": "00000170-0a70-9dc7-b5da-00155dc58698", "type": "aggregation", "filter": null, "timerange": { "type": "relative", "range": 604800 }, "query": { "type": "elasticsearch", "query_string": "winlogbeat_winlog_event_id:4740" }, "streams": [], "config": { "visualization": "table", "event_annotation": false, "row_pivots": [ { "field": "winlogbeat_winlog_event_data_TargetUserName", "type": "values", "config": { "limit": 50 } } ], "series": [ { "config": { "name": null }, "function": "count()" } ], "rollup": true, "column_pivots": [], "visualization_config": null, "formatting_settings": null, "sort": [ { "type": "series", "field": "winlogbeat_winlog_event_data_TargetUserName", "direction": "Descending" } ] } }, { "id": "00000170-0a70-9dc9-b5da-00155dc58698", "type": "aggregation", "filter": null, "timerange": { "type": "relative", "range": 604800 }, "query": { "type": "elasticsearch", "query_string": "winlogbeat_winlog_event_id:624 OR winlogbeat_winlog_event_id:4720" }, "streams": [], "config": { "visualization": "table", "event_annotation": false, "row_pivots": [ { "field": "winlogbeat_winlog_event_data_TargetUserName", "type": "values", "config": { "limit": 50 } } ], "series": [ { "config": { "name": null }, "function": "count()" } ], "rollup": true, "column_pivots": [], "visualization_config": null, "formatting_settings": null, "sort": [ { "type": "series", "field": "winlogbeat_winlog_event_data_TargetUserName", "direction": "Descending" } ] } }, { "id": "00000170-0a70-9dc2-b5da-00155dc58698", "type": "aggregation", "filter": null, "timerange": { "type": "relative", "range": 604800 }, "query": { "type": "elasticsearch", "query_string": "winlogbeat_winlog_event_id:4767" }, "streams": [], "config": { "visualization": "table", "event_annotation": false, "row_pivots": [ { "field": "winlogbeat_winlog_event_data_TargetUserName", "type": "values", "config": { "limit": 50 } } ], "series": [ { "config": { "name": null }, "function": "count()" } ], "rollup": true, "column_pivots": [], "visualization_config": null, "formatting_settings": null, "sort": [ { "type": "series", "field": "winlogbeat_winlog_event_data_TargetUserName", "direction": "Descending" } ] } }, { "id": "00000170-0a70-9dcf-b5da-00155dc58698", "type": "aggregation", "filter": null, "timerange": { "type": "relative", "range": 604800 }, "query": { "type": "elasticsearch", "query_string": "winlogbeat_winlog_event_id:630 OR winlogbeat_winlog_event_id:4726" }, "streams": [], "config": { "visualization": "bar", "event_annotation": false, "row_pivots": [ { "field": "timestamp", "type": "time", "config": { "interval": { "type": "auto", "scaling": 4 } } } ], "series": [ { "config": { "name": "Messages" }, "function": "count()" } ], "rollup": true, "column_pivots": [], "visualization_config": null, "formatting_settings": null, "sort": [] } }, { "id": "00000170-0a70-9dd4-b5da-00155dc58698", "type": "aggregation", "filter": null, "timerange": { "type": "relative", "range": 604800 }, "query": { "type": "elasticsearch", "query_string": "winlogbeat_winlog_event_id:630 OR winlogbeat_winlog_event_id:4726" }, "streams": [], "config": { "visualization": "numeric", "event_annotation": false, "row_pivots": [], "series": [ { "config": { "name": null }, "function": "count()" } ], "rollup": true, "column_pivots": [], "visualization_config": { "trend": true, "trend_preference": "HIGHER" }, "formatting_settings": null, "sort": [] } }, { "id": "00000170-0a70-9dd1-b5da-00155dc58698", "type": "aggregation", "filter": null, "timerange": { "type": "relative", "range": 604800 }, "query": { "type": "elasticsearch", "query_string": "winlogbeat_winlog_event_id:624 OR winlogbeat_winlog_event_id:4720" }, "streams": [], "config": { "visualization": "bar", "event_annotation": false, "row_pivots": [ { "field": "timestamp", "type": "time", "config": { "interval": { "type": "auto", "scaling": 4 } } } ], "series": [ { "config": { "name": "Messages" }, "function": "count()" } ], "rollup": true, "column_pivots": [], "visualization_config": null, "formatting_settings": null, "sort": [] } }, { "id": "00000170-0a70-9dcd-b5da-00155dc58698", "type": "aggregation", "filter": null, "timerange": { "type": "relative", "range": 604800 }, "query": { "type": "elasticsearch", "query_string": "winlogbeat_winlog_event_id:4740" }, "streams": [], "config": { "visualization": "table", "event_annotation": false, "row_pivots": [ { "field": "winlogbeat_winlog_event_data_TargetDomainName", "type": "values", "config": { "limit": 50 } } ], "series": [ { "config": { "name": null }, "function": "count()" } ], "rollup": true, "column_pivots": [], "visualization_config": null, "formatting_settings": null, "sort": [ { "type": "series", "field": "winlogbeat_winlog_event_data_TargetDomainName", "direction": "Descending" } ] } }, { "id": "00000170-0a70-9dca-b5da-00155dc58698", "type": "aggregation", "filter": null, "timerange": { "type": "relative", "range": 604800 }, "query": { "type": "elasticsearch", "query_string": "winlogbeat_winlog_event_id:4767" }, "streams": [], "config": { "visualization": "numeric", "event_annotation": false, "row_pivots": [], "series": [ { "config": { "name": null }, "function": "count()" } ], "rollup": true, "column_pivots": [], "visualization_config": { "trend": true, "trend_preference": "HIGHER" }, "formatting_settings": null, "sort": [] } }, { "id": "00000170-0a70-9dc4-b5da-00155dc58698", "type": "aggregation", "filter": null, "timerange": { "type": "relative", "range": 604800 }, "query": { "type": "elasticsearch", "query_string": "winlogbeat_winlog_event_id:4767" }, "streams": [], "config": { "visualization": "table", "event_annotation": false, "row_pivots": [ { "field": "source", "type": "values", "config": { "limit": 50 } } ], "series": [ { "config": { "name": null }, "function": "count()" } ], "rollup": true, "column_pivots": [], "visualization_config": null, "formatting_settings": null, "sort": [ { "type": "series", "field": "source", "direction": "Descending" } ] } }, { "id": "00000170-0a70-9dce-b5da-00155dc58698", "type": "aggregation", "filter": null, "timerange": { "type": "relative", "range": 604800 }, "query": { "type": "elasticsearch", "query_string": "winlogbeat_winlog_event_id:4740" }, "streams": [], "config": { "visualization": "table", "event_annotation": false, "row_pivots": [ { "field": "source", "type": "values", "config": { "limit": 50 } } ], "series": [ { "config": { "name": null }, "function": "count()" } ], "rollup": true, "column_pivots": [], "visualization_config": null, "formatting_settings": null, "sort": [ { "type": "series", "field": "source", "direction": "Descending" } ] } }, { "id": "00000170-0a70-9dc1-b5da-00155dc58698", "type": "aggregation", "filter": null, "timerange": { "type": "relative", "range": 604800 }, "query": { "type": "elasticsearch", "query_string": "winlogbeat_winlog_event_id:4767" }, "streams": [], "config": { "visualization": "table", "event_annotation": false, "row_pivots": [ { "field": "winlogbeat_winlog_event_data_SubjectUserName", "type": "values", "config": { "limit": 50 } } ], "series": [ { "config": { "name": null }, "function": "count()" } ], "rollup": true, "column_pivots": [], "visualization_config": null, "formatting_settings": null, "sort": [ { "type": "series", "field": "winlogbeat_winlog_event_data_SubjectUserName", "direction": "Descending" } ] } }, { "id": "00000170-0a70-9dcb-b5da-00155dc58698", "type": "aggregation", "filter": null, "timerange": { "type": "relative", "range": 604800 }, "query": { "type": "elasticsearch", "query_string": "winlogbeat_winlog_event_id:4740" }, "streams": [], "config": { "visualization": "bar", "event_annotation": false, "row_pivots": [ { "field": "timestamp", "type": "time", "config": { "interval": { "type": "auto", "scaling": 4 } } } ], "series": [ { "config": { "name": "Messages" }, "function": "count()" } ], "rollup": true, "column_pivots": [], "visualization_config": null, "formatting_settings": null, "sort": [] } }, { "id": "00000170-0a70-9dcc-b5da-00155dc58698", "type": "aggregation", "filter": null, "timerange": { "type": "relative", "range": 604800 }, "query": { "type": "elasticsearch", "query_string": "winlogbeat_winlog_event_id:624 OR winlogbeat_winlog_event_id:4720" }, "streams": [], "config": { "visualization": "table", "event_annotation": false, "row_pivots": [ { "field": "source", "type": "values", "config": { "limit": 50 } } ], "series": [ { "config": { "name": null }, "function": "count()" } ], "rollup": true, "column_pivots": [], "visualization_config": null, "formatting_settings": null, "sort": [ { "type": "series", "field": "source", "direction": "Descending" } ] } }, { "id": "00000170-0a70-9dd3-b5da-00155dc58698", "type": "aggregation", "filter": null, "timerange": { "type": "relative", "range": 604800 }, "query": { "type": "elasticsearch", "query_string": "winlogbeat_winlog_event_id:630 OR winlogbeat_winlog_event_id:4726" }, "streams": [], "config": { "visualization": "table", "event_annotation": false, "row_pivots": [ { "field": "winlogbeat_winlog_event_data_TargetUserName", "type": "values", "config": { "limit": 50 } } ], "series": [ { "config": { "name": null }, "function": "count()" } ], "rollup": true, "column_pivots": [], "visualization_config": null, "formatting_settings": null, "sort": [ { "type": "series", "field": "winlogbeat_winlog_event_data_TargetUserName", "direction": "Descending" } ] } }, { "id": "00000170-0a70-9dc6-b5da-00155dc58698", "type": "aggregation", "filter": null, "timerange": { "type": "relative", "range": 604800 }, "query": { "type": "elasticsearch", "query_string": "winlogbeat_winlog_event_id:630 OR winlogbeat_winlog_event_id:4726" }, "streams": [], "config": { "visualization": "table", "event_annotation": false, "row_pivots": [ { "field": "source", "type": "values", "config": { "limit": 50 } } ], "series": [ { "config": { "name": null }, "function": "count()" } ], "rollup": true, "column_pivots": [], "visualization_config": null, "formatting_settings": null, "sort": [ { "type": "series", "field": "source", "direction": "Descending" } ] } }, { "id": "00000170-0a70-9dd2-b5da-00155dc58698", "type": "aggregation", "filter": null, "timerange": { "type": "relative", "range": 604800 }, "query": { "type": "elasticsearch", "query_string": "winlogbeat_winlog_event_id:624 OR winlogbeat_winlog_event_id:4720" }, "streams": [], "config": { "visualization": "table", "event_annotation": false, "row_pivots": [ { "field": "winlogbeat_winlog_event_data_SubjectUserName", "type": "values", "config": { "limit": 50 } } ], "series": [ { "config": { "name": null }, "function": "count()" } ], "rollup": true, "column_pivots": [], "visualization_config": null, "formatting_settings": null, "sort": [ { "type": "series", "field": "winlogbeat_winlog_event_data_SubjectUserName", "direction": "Descending" } ] } } ], "widget_mapping": { "00000170-0a70-9dc6-b5da-00155dc58698": [ "00000170-0a70-9ddb-b5da-00155dc58698" ], "00000170-0a70-9dc7-b5da-00155dc58698": [ "00000170-0a70-9ddc-b5da-00155dc58698" ], "00000170-0a70-9dc8-b5da-00155dc58698": [ "00000170-0a70-9ddd-b5da-00155dc58698" ], "00000170-0a70-9dc9-b5da-00155dc58698": [ "00000170-0a70-9dde-b5da-00155dc58698" ], "00000170-0a70-9dca-b5da-00155dc58698": [ "00000170-0a70-9ddf-b5da-00155dc58698", "00000170-0a70-9de0-b5da-00155dc58698" ], "00000170-0a70-9dcb-b5da-00155dc58698": [ "00000170-0a70-9de1-b5da-00155dc58698" ], "00000170-0a70-9dcc-b5da-00155dc58698": [ "00000170-0a70-9de2-b5da-00155dc58698" ], "00000170-0a70-9dcd-b5da-00155dc58698": [ "00000170-0a70-9de3-b5da-00155dc58698" ], "00000170-0a70-9dce-b5da-00155dc58698": [ "00000170-0a70-9de4-b5da-00155dc58698" ], "00000170-0a70-9dcf-b5da-00155dc58698": [ "00000170-0a70-9de5-b5da-00155dc58698" ], "00000170-0a70-9dd0-b5da-00155dc58698": [ "00000170-0a70-9de7-b5da-00155dc58698", "00000170-0a70-9de6-b5da-00155dc58698" ], "00000170-0a70-9dd1-b5da-00155dc58698": [ "00000170-0a70-9de8-b5da-00155dc58698" ], "00000170-0a70-9dc1-b5da-00155dc58698": [ "00000170-0a70-9dd5-b5da-00155dc58698" ], "00000170-0a70-9dd2-b5da-00155dc58698": [ "00000170-0a70-9de9-b5da-00155dc58698" ], "00000170-0a70-9dc2-b5da-00155dc58698": [ "00000170-0a70-9dd6-b5da-00155dc58698" ], "00000170-0a70-9dd3-b5da-00155dc58698": [ "00000170-0a70-9dea-b5da-00155dc58698" ], "00000170-0a70-9dc3-b5da-00155dc58698": [ "00000170-0a70-9dd7-b5da-00155dc58698" ], "00000170-0a70-9dd4-b5da-00155dc58698": [ "00000170-0a70-9deb-b5da-00155dc58698", "00000170-0a70-9dec-b5da-00155dc58698" ], "00000170-0a70-9dc4-b5da-00155dc58698": [ "00000170-0a70-9dd8-b5da-00155dc58698" ], "00000170-0a70-9dc5-b5da-00155dc58698": [ "00000170-0a70-9dd9-b5da-00155dc58698", "00000170-0a70-9dda-b5da-00155dc58698" ] }, "positions": { "00000170-0a70-9dc6-b5da-00155dc58698": { "col": 3, "row": 9, "height": 4, "width": 2 }, "00000170-0a70-9dc7-b5da-00155dc58698": { "col": 5, "row": 15, "height": 4, "width": 2 }, "00000170-0a70-9dc8-b5da-00155dc58698": { "col": 1, "row": 19, "height": 2, "width": 4 }, "00000170-0a70-9dc9-b5da-00155dc58698": { "col": 5, "row": 3, "height": 4, "width": 2 }, "00000170-0a70-9dca-b5da-00155dc58698": { "col": 5, "row": 19, "height": 2, "width": 2 }, "00000170-0a70-9dcb-b5da-00155dc58698": { "col": 1, "row": 13, "height": 2, "width": 4 }, "00000170-0a70-9dcc-b5da-00155dc58698": { "col": 3, "row": 3, "height": 4, "width": 2 }, "00000170-0a70-9dcd-b5da-00155dc58698": { "col": 1, "row": 15, "height": 4, "width": 2 }, "00000170-0a70-9dce-b5da-00155dc58698": { "col": 3, "row": 15, "height": 4, "width": 2 }, "00000170-0a70-9dcf-b5da-00155dc58698": { "col": 1, "row": 7, "height": 2, "width": 4 }, "00000170-0a70-9dd0-b5da-00155dc58698": { "col": 5, "row": 1, "height": 2, "width": 2 }, "00000170-0a70-9dd1-b5da-00155dc58698": { "col": 1, "row": 1, "height": 2, "width": 4 }, "00000170-0a70-9dc1-b5da-00155dc58698": { "col": 1, "row": 21, "height": 4, "width": 2 }, "00000170-0a70-9dd2-b5da-00155dc58698": { "col": 1, "row": 3, "height": 4, "width": 2 }, "00000170-0a70-9dc2-b5da-00155dc58698": { "col": 5, "row": 21, "height": 4, "width": 2 }, "00000170-0a70-9dd3-b5da-00155dc58698": { "col": 5, "row": 9, "height": 4, "width": 2 }, "00000170-0a70-9dc3-b5da-00155dc58698": { "col": 1, "row": 9, "height": 4, "width": 2 }, "00000170-0a70-9dd4-b5da-00155dc58698": { "col": 5, "row": 7, "height": 2, "width": 2 }, "00000170-0a70-9dc4-b5da-00155dc58698": { "col": 3, "row": 21, "height": 4, "width": 2 }, "00000170-0a70-9dc5-b5da-00155dc58698": { "col": 5, "row": 13, "height": 2, "width": 2 } }, "formatting": null, "display_mode_settings": { "positions": {} } } }, "properties": [], "owner": "cy0712", "title": { "@type": "string", "@value": "AD User Object Summary (7d)" }, "type": "DASHBOARD", "description": { "@type": "string", "@value": "AD User Object Summary (7d)" } }, "constraints": [ { "type": "server-version", "version": ">=4.1.5+01c9198" } ] }, { "v": "1", "type": { "name": "dashboard", "version": "2" }, "id": "f5b4ceb3-e9ee-43f4-9e3e-05fcabfbead3", "data": { "summary": { "@type": "string", "@value": "This dashboard was migrated automatically." }, "search": { "queries": [ { "id": "00000170-0a70-9e89-b5da-00155dc58698", "timerange": { "type": "relative", "range": 300 }, "query": { "type": "elasticsearch", "query_string": "" }, "search_types": [ { "query": { "type": "elasticsearch", "query_string": "((winlogbeat_winlog_event_id:5136 AND winlogbeat_winlog_event_data_AttributeLDAPDisplayName:dNSTombstoned) OR (winlogbeat_winlog_event_id:5141)) AND winlogbeat_winlog_event_data_ObjectClass:dnsNode AND NOT (winlogbeat_winlog_event_data_SubjectUserName:*$ OR winlogbeat_winlog_event_data_SubjectUserName:SYSTEM)" }, "name": "chart", "timerange": { "type": "relative", "range": 604800 }, "streams": [], "series": [ { "type": "count", "id": "count()", "field": null } ], "filter": null, "rollup": true, "row_groups": [], "type": "pivot", "id": "00000170-0a70-9e82-b5da-00155dc58698", "column_groups": [], "sort": [] }, { "query": { "type": "elasticsearch", "query_string": "((winlogbeat_winlog_event_id:5136 AND winlogbeat_winlog_event_data_AttributeLDAPDisplayName:dNSTombstoned) OR (winlogbeat_winlog_event_id:5141)) AND winlogbeat_winlog_event_data_ObjectClass:dnsNode AND NOT (winlogbeat_winlog_event_data_SubjectUserName:*$ OR winlogbeat_winlog_event_data_SubjectUserName:SYSTEM)" }, "name": "chart", "timerange": { "type": "relative", "range": 604800 }, "streams": [], "series": [ { "type": "count", "id": "count()", "field": null } ], "filter": null, "rollup": true, "row_groups": [ { "type": "values", "field": "source", "limit": 50 } ], "type": "pivot", "id": "00000170-0a70-9e7d-b5da-00155dc58698", "column_groups": [], "sort": [ { "type": "series", "field": "source", "direction": "Descending" } ] }, { "query": { "type": "elasticsearch", "query_string": "((winlogbeat_winlog_event_id:5136 AND winlogbeat_winlog_event_data_AttributeLDAPDisplayName:dNSTombstoned) OR (winlogbeat_winlog_event_id:5141)) AND winlogbeat_winlog_event_data_ObjectClass:dnsNode AND NOT (winlogbeat_winlog_event_data_SubjectUserName:*$ OR winlogbeat_winlog_event_data_SubjectUserName:SYSTEM)" }, "name": "chart", "timerange": { "type": "relative", "range": 604800 }, "streams": [], "series": [ { "type": "count", "id": "count()", "field": null } ], "filter": null, "rollup": true, "row_groups": [ { "type": "values", "field": "winlogbeat_winlog_event_data_ObjectDN", "limit": 50 } ], "type": "pivot", "id": "00000170-0a70-9e7f-b5da-00155dc58698", "column_groups": [], "sort": [ { "type": "series", "field": "winlogbeat_winlog_event_data_ObjectDN", "direction": "Descending" } ] }, { "query": { "type": "elasticsearch", "query_string": "((winlogbeat_winlog_event_id:5136 AND winlogbeat_winlog_event_data_AttributeLDAPDisplayName:dNSTombstoned) OR (winlogbeat_winlog_event_id:5141)) AND winlogbeat_winlog_event_data_ObjectClass:dnsNode AND NOT (winlogbeat_winlog_event_data_SubjectUserName:*$ OR winlogbeat_winlog_event_data_SubjectUserName:SYSTEM)" }, "name": "chart", "timerange": { "type": "relative", "range": 604800 }, "streams": [], "series": [ { "type": "count", "id": "count()", "field": null } ], "filter": null, "rollup": true, "row_groups": [ { "type": "time", "field": "timestamp", "interval": { "type": "auto", "scaling": 1 } } ], "type": "pivot", "id": "00000170-0a70-9e80-b5da-00155dc58698", "column_groups": [], "sort": [] }, { "query": { "type": "elasticsearch", "query_string": "winlogbeat_winlog_event_id:5137 AND winlogbeat_winlog_event_data_ObjectClass:dnsNode AND created AND NOT (winlogbeat_winlog_event_data_SubjectUserName:*$ OR winlogbeat_winlog_event_data_SubjectUserName:SYSTEM OR winlogbeat_winlog_event_data_SubjectUserName:\\-)" }, "name": "chart", "timerange": { "type": "relative", "range": 604800 }, "streams": [], "series": [ { "type": "count", "id": "count()", "field": null } ], "filter": null, "rollup": true, "row_groups": [ { "type": "values", "field": "source", "limit": 50 } ], "type": "pivot", "id": "00000170-0a70-9e85-b5da-00155dc58698", "column_groups": [], "sort": [ { "type": "series", "field": "source", "direction": "Descending" } ] }, { "query": { "type": "elasticsearch", "query_string": "((winlogbeat_winlog_event_id:5136 AND winlogbeat_winlog_event_data_AttributeLDAPDisplayName:dNSTombstoned) OR (winlogbeat_winlog_event_id:5141)) AND winlogbeat_winlog_event_data_ObjectClass:dnsNode AND NOT (winlogbeat_winlog_event_data_SubjectUserName:*$ OR winlogbeat_winlog_event_data_SubjectUserName:SYSTEM)" }, "name": "chart", "timerange": { "type": "relative", "range": 604800 }, "streams": [], "series": [ { "type": "count", "id": "count()", "field": null } ], "filter": null, "rollup": true, "row_groups": [ { "type": "values", "field": "winlogbeat_winlog_event_data_SubjectUserName", "limit": 50 } ], "type": "pivot", "id": "00000170-0a70-9e7e-b5da-00155dc58698", "column_groups": [], "sort": [ { "type": "series", "field": "winlogbeat_winlog_event_data_SubjectUserName", "direction": "Descending" } ] }, { "query": { "type": "elasticsearch", "query_string": "winlogbeat_winlog_event_id:5137 AND winlogbeat_winlog_event_data_ObjectClass:dnsNode AND created AND NOT (winlogbeat_winlog_event_data_SubjectUserName:*$ OR winlogbeat_winlog_event_data_SubjectUserName:SYSTEM OR winlogbeat_winlog_event_data_SubjectUserName:\\-)" }, "name": "chart", "timerange": { "type": "relative", "range": 604800 }, "streams": [], "series": [ { "type": "count", "id": "count()", "field": null } ], "filter": null, "rollup": true, "row_groups": [ { "type": "values", "field": "winlogbeat_winlog_event_data_ObjectDN", "limit": 50 } ], "type": "pivot", "id": "00000170-0a70-9e84-b5da-00155dc58698", "column_groups": [], "sort": [ { "type": "series", "field": "winlogbeat_winlog_event_data_ObjectDN", "direction": "Descending" } ] }, { "query": { "type": "elasticsearch", "query_string": "winlogbeat_winlog_event_id:5137 AND winlogbeat_winlog_event_data_ObjectClass:dnsNode AND created AND NOT (winlogbeat_winlog_event_data_SubjectUserName:*$ OR winlogbeat_winlog_event_data_SubjectUserName:SYSTEM OR winlogbeat_winlog_event_data_SubjectUserName:\\-)" }, "name": "chart", "timerange": { "type": "relative", "range": 604800 }, "streams": [], "series": [ { "type": "count", "id": "count()", "field": null } ], "filter": null, "rollup": true, "row_groups": [ { "type": "values", "field": "winlogbeat_winlog_event_data_SubjectUserName", "limit": 50 } ], "type": "pivot", "id": "00000170-0a70-9e81-b5da-00155dc58698", "column_groups": [], "sort": [ { "type": "series", "field": "winlogbeat_winlog_event_data_SubjectUserName", "direction": "Descending" } ] }, { "query": { "type": "elasticsearch", "query_string": "winlogbeat_winlog_event_id:5137 AND winlogbeat_winlog_event_data_ObjectClass:dnsNode AND created AND NOT (winlogbeat_winlog_event_data_SubjectUserName:*$ OR winlogbeat_winlog_event_data_SubjectUserName:SYSTEM OR winlogbeat_winlog_event_data_SubjectUserName:\\-)" }, "name": "chart", "timerange": { "type": "relative", "range": 604800 }, "streams": [], "series": [ { "type": "count", "id": "count()", "field": null } ], "filter": null, "rollup": true, "row_groups": [ { "type": "time", "field": "timestamp", "interval": { "type": "auto", "scaling": 1 } } ], "type": "pivot", "id": "00000170-0a70-9e88-b5da-00155dc58698", "column_groups": [], "sort": [] }, { "query": { "type": "elasticsearch", "query_string": "((winlogbeat_winlog_event_id:5136 AND winlogbeat_winlog_event_data_AttributeLDAPDisplayName:dNSTombstoned) OR (winlogbeat_winlog_event_id:5141)) AND winlogbeat_winlog_event_data_ObjectClass:dnsNode AND NOT (winlogbeat_winlog_event_data_SubjectUserName:*$ OR winlogbeat_winlog_event_data_SubjectUserName:SYSTEM)" }, "name": "trend", "timerange": { "type": "offset", "source": "search_type", "id": "00000170-0a70-9e82-b5da-00155dc58698", "offset": "1i" }, "streams": [], "series": [ { "type": "count", "id": "count()", "field": null } ], "filter": null, "rollup": true, "row_groups": [], "type": "pivot", "id": "00000170-0a70-9e83-b5da-00155dc58698", "column_groups": [], "sort": [] }, { "query": { "type": "elasticsearch", "query_string": "winlogbeat_winlog_event_id:5137 AND winlogbeat_winlog_event_data_ObjectClass:dnsNode AND created AND NOT (winlogbeat_winlog_event_data_SubjectUserName:*$ OR winlogbeat_winlog_event_data_SubjectUserName:SYSTEM OR winlogbeat_winlog_event_data_SubjectUserName:\\-)" }, "name": "chart", "timerange": { "type": "relative", "range": 604800 }, "streams": [], "series": [ { "type": "count", "id": "count()", "field": null } ], "filter": null, "rollup": true, "row_groups": [], "type": "pivot", "id": "00000170-0a70-9e86-b5da-00155dc58698", "column_groups": [], "sort": [] }, { "query": { "type": "elasticsearch", "query_string": "winlogbeat_winlog_event_id:5137 AND winlogbeat_winlog_event_data_ObjectClass:dnsNode AND created AND NOT (winlogbeat_winlog_event_data_SubjectUserName:*$ OR winlogbeat_winlog_event_data_SubjectUserName:SYSTEM OR winlogbeat_winlog_event_data_SubjectUserName:\\-)" }, "name": "trend", "timerange": { "type": "offset", "source": "search_type", "id": "00000170-0a70-9e86-b5da-00155dc58698", "offset": "1i" }, "streams": [], "series": [ { "type": "count", "id": "count()", "field": null } ], "filter": null, "rollup": true, "row_groups": [], "type": "pivot", "id": "00000170-0a70-9e87-b5da-00155dc58698", "column_groups": [], "sort": [] } ] } ], "parameters": [], "requires": {}, "owner": "cy0712", "created_at": "2019-08-01T14:02:55.044Z" }, "created_at": "2019-08-01T14:02:55.044Z", "requires": {}, "state": { "00000170-0a70-9e89-b5da-00155dc58698": { "selected_fields": null, "static_message_list_id": null, "titles": { "widget": { "00000170-0a70-9e73-b5da-00155dc58698": "Deleted DNS Objects By Source", "00000170-0a70-9e74-b5da-00155dc58698": "Deleted DNS Objects By User", "00000170-0a70-9e75-b5da-00155dc58698": "Deleted DNS Objects", "00000170-0a70-9e76-b5da-00155dc58698": "Deleted Objects", "00000170-0a70-9e77-b5da-00155dc58698": "Created DNS Objects By User", "00000170-0a70-9e78-b5da-00155dc58698": "Deleted DNS Objects By User", "00000170-0a70-9e79-b5da-00155dc58698": "Created DNS Objects", "00000170-0a70-9e7a-b5da-00155dc58698": "Created DNS Objects By Source", "00000170-0a70-9e7b-b5da-00155dc58698": "Created DNS Objects", "00000170-0a70-9e7c-b5da-00155dc58698": "Created DNS Objects" }, "tab": { "title": "AD DNS Object Summary (7d)" } }, "widgets": [ { "id": "00000170-0a70-9e74-b5da-00155dc58698", "type": "aggregation", "filter": null, "timerange": { "type": "relative", "range": 604800 }, "query": { "type": "elasticsearch", "query_string": "((winlogbeat_winlog_event_id:5136 AND winlogbeat_winlog_event_data_AttributeLDAPDisplayName:dNSTombstoned) OR (winlogbeat_winlog_event_id:5141)) AND winlogbeat_winlog_event_data_ObjectClass:dnsNode AND NOT (winlogbeat_winlog_event_data_SubjectUserName:*$ OR winlogbeat_winlog_event_data_SubjectUserName:SYSTEM)" }, "streams": [], "config": { "visualization": "table", "event_annotation": false, "row_pivots": [ { "field": "winlogbeat_winlog_event_data_SubjectUserName", "type": "values", "config": { "limit": 50 } } ], "series": [ { "config": { "name": null }, "function": "count()" } ], "rollup": true, "column_pivots": [], "visualization_config": null, "formatting_settings": null, "sort": [ { "type": "series", "field": "winlogbeat_winlog_event_data_SubjectUserName", "direction": "Descending" } ] } }, { "id": "00000170-0a70-9e78-b5da-00155dc58698", "type": "aggregation", "filter": null, "timerange": { "type": "relative", "range": 604800 }, "query": { "type": "elasticsearch", "query_string": "((winlogbeat_winlog_event_id:5136 AND winlogbeat_winlog_event_data_AttributeLDAPDisplayName:dNSTombstoned) OR (winlogbeat_winlog_event_id:5141)) AND winlogbeat_winlog_event_data_ObjectClass:dnsNode AND NOT (winlogbeat_winlog_event_data_SubjectUserName:*$ OR winlogbeat_winlog_event_data_SubjectUserName:SYSTEM)" }, "streams": [], "config": { "visualization": "numeric", "event_annotation": false, "row_pivots": [], "series": [ { "config": { "name": null }, "function": "count()" } ], "rollup": true, "column_pivots": [], "visualization_config": { "trend": true, "trend_preference": "HIGHER" }, "formatting_settings": null, "sort": [] } }, { "id": "00000170-0a70-9e7a-b5da-00155dc58698", "type": "aggregation", "filter": null, "timerange": { "type": "relative", "range": 604800 }, "query": { "type": "elasticsearch", "query_string": "winlogbeat_winlog_event_id:5137 AND winlogbeat_winlog_event_data_ObjectClass:dnsNode AND created AND NOT (winlogbeat_winlog_event_data_SubjectUserName:*$ OR winlogbeat_winlog_event_data_SubjectUserName:SYSTEM OR winlogbeat_winlog_event_data_SubjectUserName:\\-)" }, "streams": [], "config": { "visualization": "table", "event_annotation": false, "row_pivots": [ { "field": "source", "type": "values", "config": { "limit": 50 } } ], "series": [ { "config": { "name": null }, "function": "count()" } ], "rollup": true, "column_pivots": [], "visualization_config": null, "formatting_settings": null, "sort": [ { "type": "series", "field": "source", "direction": "Descending" } ] } }, { "id": "00000170-0a70-9e76-b5da-00155dc58698", "type": "aggregation", "filter": null, "timerange": { "type": "relative", "range": 604800 }, "query": { "type": "elasticsearch", "query_string": "((winlogbeat_winlog_event_id:5136 AND winlogbeat_winlog_event_data_AttributeLDAPDisplayName:dNSTombstoned) OR (winlogbeat_winlog_event_id:5141)) AND winlogbeat_winlog_event_data_ObjectClass:dnsNode AND NOT (winlogbeat_winlog_event_data_SubjectUserName:*$ OR winlogbeat_winlog_event_data_SubjectUserName:SYSTEM)" }, "streams": [], "config": { "visualization": "bar", "event_annotation": false, "row_pivots": [ { "field": "timestamp", "type": "time", "config": { "interval": { "type": "auto", "scaling": 4 } } } ], "series": [ { "config": { "name": "Messages" }, "function": "count()" } ], "rollup": true, "column_pivots": [], "visualization_config": null, "formatting_settings": null, "sort": [] } }, { "id": "00000170-0a70-9e79-b5da-00155dc58698", "type": "aggregation", "filter": null, "timerange": { "type": "relative", "range": 604800 }, "query": { "type": "elasticsearch", "query_string": "winlogbeat_winlog_event_id:5137 AND winlogbeat_winlog_event_data_ObjectClass:dnsNode AND created AND NOT (winlogbeat_winlog_event_data_SubjectUserName:*$ OR winlogbeat_winlog_event_data_SubjectUserName:SYSTEM OR winlogbeat_winlog_event_data_SubjectUserName:\\-)" }, "streams": [], "config": { "visualization": "table", "event_annotation": false, "row_pivots": [ { "field": "winlogbeat_winlog_event_data_ObjectDN", "type": "values", "config": { "limit": 50 } } ], "series": [ { "config": { "name": null }, "function": "count()" } ], "rollup": true, "column_pivots": [], "visualization_config": null, "formatting_settings": null, "sort": [ { "type": "series", "field": "winlogbeat_winlog_event_data_ObjectDN", "direction": "Descending" } ] } }, { "id": "00000170-0a70-9e7b-b5da-00155dc58698", "type": "aggregation", "filter": null, "timerange": { "type": "relative", "range": 604800 }, "query": { "type": "elasticsearch", "query_string": "winlogbeat_winlog_event_id:5137 AND winlogbeat_winlog_event_data_ObjectClass:dnsNode AND created AND NOT (winlogbeat_winlog_event_data_SubjectUserName:*$ OR winlogbeat_winlog_event_data_SubjectUserName:SYSTEM OR winlogbeat_winlog_event_data_SubjectUserName:\\-)" }, "streams": [], "config": { "visualization": "numeric", "event_annotation": false, "row_pivots": [], "series": [ { "config": { "name": null }, "function": "count()" } ], "rollup": true, "column_pivots": [], "visualization_config": { "trend": true, "trend_preference": "HIGHER" }, "formatting_settings": null, "sort": [] } }, { "id": "00000170-0a70-9e73-b5da-00155dc58698", "type": "aggregation", "filter": null, "timerange": { "type": "relative", "range": 604800 }, "query": { "type": "elasticsearch", "query_string": "((winlogbeat_winlog_event_id:5136 AND winlogbeat_winlog_event_data_AttributeLDAPDisplayName:dNSTombstoned) OR (winlogbeat_winlog_event_id:5141)) AND winlogbeat_winlog_event_data_ObjectClass:dnsNode AND NOT (winlogbeat_winlog_event_data_SubjectUserName:*$ OR winlogbeat_winlog_event_data_SubjectUserName:SYSTEM)" }, "streams": [], "config": { "visualization": "table", "event_annotation": false, "row_pivots": [ { "field": "source", "type": "values", "config": { "limit": 50 } } ], "series": [ { "config": { "name": null }, "function": "count()" } ], "rollup": true, "column_pivots": [], "visualization_config": null, "formatting_settings": null, "sort": [ { "type": "series", "field": "source", "direction": "Descending" } ] } }, { "id": "00000170-0a70-9e77-b5da-00155dc58698", "type": "aggregation", "filter": null, "timerange": { "type": "relative", "range": 604800 }, "query": { "type": "elasticsearch", "query_string": "winlogbeat_winlog_event_id:5137 AND winlogbeat_winlog_event_data_ObjectClass:dnsNode AND created AND NOT (winlogbeat_winlog_event_data_SubjectUserName:*$ OR winlogbeat_winlog_event_data_SubjectUserName:SYSTEM OR winlogbeat_winlog_event_data_SubjectUserName:\\-)" }, "streams": [], "config": { "visualization": "table", "event_annotation": false, "row_pivots": [ { "field": "winlogbeat_winlog_event_data_SubjectUserName", "type": "values", "config": { "limit": 50 } } ], "series": [ { "config": { "name": null }, "function": "count()" } ], "rollup": true, "column_pivots": [], "visualization_config": null, "formatting_settings": null, "sort": [ { "type": "series", "field": "winlogbeat_winlog_event_data_SubjectUserName", "direction": "Descending" } ] } }, { "id": "00000170-0a70-9e75-b5da-00155dc58698", "type": "aggregation", "filter": null, "timerange": { "type": "relative", "range": 604800 }, "query": { "type": "elasticsearch", "query_string": "((winlogbeat_winlog_event_id:5136 AND winlogbeat_winlog_event_data_AttributeLDAPDisplayName:dNSTombstoned) OR (winlogbeat_winlog_event_id:5141)) AND winlogbeat_winlog_event_data_ObjectClass:dnsNode AND NOT (winlogbeat_winlog_event_data_SubjectUserName:*$ OR winlogbeat_winlog_event_data_SubjectUserName:SYSTEM)" }, "streams": [], "config": { "visualization": "table", "event_annotation": false, "row_pivots": [ { "field": "winlogbeat_winlog_event_data_ObjectDN", "type": "values", "config": { "limit": 50 } } ], "series": [ { "config": { "name": null }, "function": "count()" } ], "rollup": true, "column_pivots": [], "visualization_config": null, "formatting_settings": null, "sort": [ { "type": "series", "field": "winlogbeat_winlog_event_data_ObjectDN", "direction": "Descending" } ] } }, { "id": "00000170-0a70-9e7c-b5da-00155dc58698", "type": "aggregation", "filter": null, "timerange": { "type": "relative", "range": 604800 }, "query": { "type": "elasticsearch", "query_string": "winlogbeat_winlog_event_id:5137 AND winlogbeat_winlog_event_data_ObjectClass:dnsNode AND created AND NOT (winlogbeat_winlog_event_data_SubjectUserName:*$ OR winlogbeat_winlog_event_data_SubjectUserName:SYSTEM OR winlogbeat_winlog_event_data_SubjectUserName:\\-)" }, "streams": [], "config": { "visualization": "bar", "event_annotation": false, "row_pivots": [ { "field": "timestamp", "type": "time", "config": { "interval": { "type": "auto", "scaling": 4 } } } ], "series": [ { "config": { "name": "Messages" }, "function": "count()" } ], "rollup": true, "column_pivots": [], "visualization_config": null, "formatting_settings": null, "sort": [] } } ], "widget_mapping": { "00000170-0a70-9e73-b5da-00155dc58698": [ "00000170-0a70-9e7d-b5da-00155dc58698" ], "00000170-0a70-9e74-b5da-00155dc58698": [ "00000170-0a70-9e7e-b5da-00155dc58698" ], "00000170-0a70-9e75-b5da-00155dc58698": [ "00000170-0a70-9e7f-b5da-00155dc58698" ], "00000170-0a70-9e76-b5da-00155dc58698": [ "00000170-0a70-9e80-b5da-00155dc58698" ], "00000170-0a70-9e77-b5da-00155dc58698": [ "00000170-0a70-9e81-b5da-00155dc58698" ], "00000170-0a70-9e78-b5da-00155dc58698": [ "00000170-0a70-9e83-b5da-00155dc58698", "00000170-0a70-9e82-b5da-00155dc58698" ], "00000170-0a70-9e79-b5da-00155dc58698": [ "00000170-0a70-9e84-b5da-00155dc58698" ], "00000170-0a70-9e7a-b5da-00155dc58698": [ "00000170-0a70-9e85-b5da-00155dc58698" ], "00000170-0a70-9e7b-b5da-00155dc58698": [ "00000170-0a70-9e86-b5da-00155dc58698", "00000170-0a70-9e87-b5da-00155dc58698" ], "00000170-0a70-9e7c-b5da-00155dc58698": [ "00000170-0a70-9e88-b5da-00155dc58698" ] }, "positions": { "00000170-0a70-9e73-b5da-00155dc58698": { "col": 3, "row": 9, "height": 4, "width": 2 }, "00000170-0a70-9e74-b5da-00155dc58698": { "col": 1, "row": 9, "height": 4, "width": 2 }, "00000170-0a70-9e75-b5da-00155dc58698": { "col": 5, "row": 9, "height": 4, "width": 2 }, "00000170-0a70-9e76-b5da-00155dc58698": { "col": 1, "row": 7, "height": 2, "width": 4 }, "00000170-0a70-9e77-b5da-00155dc58698": { "col": 1, "row": 3, "height": 4, "width": 2 }, "00000170-0a70-9e78-b5da-00155dc58698": { "col": 5, "row": 7, "height": 2, "width": 2 }, "00000170-0a70-9e79-b5da-00155dc58698": { "col": 5, "row": 3, "height": 4, "width": 2 }, "00000170-0a70-9e7a-b5da-00155dc58698": { "col": 3, "row": 3, "height": 4, "width": 2 }, "00000170-0a70-9e7b-b5da-00155dc58698": { "col": 5, "row": 1, "height": 2, "width": 2 }, "00000170-0a70-9e7c-b5da-00155dc58698": { "col": 1, "row": 1, "height": 2, "width": 4 } }, "formatting": null, "display_mode_settings": { "positions": {} } } }, "properties": [], "owner": "cy0712", "title": { "@type": "string", "@value": "AD DNS Object Summary (7d)" }, "type": "DASHBOARD", "description": { "@type": "string", "@value": "AD DNS Object Summary (7d)" } }, "constraints": [ { "type": "server-version", "version": ">=4.1.5+01c9198" } ] }, { "v": "1", "type": { "name": "dashboard", "version": "2" }, "id": "364a0bf3-1ed8-480b-b7ac-d51a29a66938", "data": { "summary": { "@type": "string", "@value": "This dashboard was migrated automatically." }, "search": { "queries": [ { "id": "00000170-0a70-9e23-b5da-00155dc58698", "timerange": { "type": "relative", "range": 300 }, "query": { "type": "elasticsearch", "query_string": "" }, "search_types": [ { "query": { "type": "elasticsearch", "query_string": "(winlogbeat_winlog_event_id:4624 AND (winlogbeat_winlog_event_data_LogonType:2 OR winlogbeat_winlog_event_data_LogonType:10 OR winlogbeat_winlog_event_data_LogonType:11))" }, "name": "chart", "timerange": { "type": "relative", "range": 7200 }, "streams": [], "series": [ { "type": "count", "id": "count()", "field": null } ], "filter": null, "rollup": true, "row_groups": [], "type": "pivot", "id": "00000170-0a70-9e1c-b5da-00155dc58698", "column_groups": [], "sort": [] }, { "query": { "type": "elasticsearch", "query_string": "(winlogbeat_winlog_event_id:4624 AND (winlogbeat_winlog_event_data_LogonType:2 OR winlogbeat_winlog_event_data_LogonType:10 OR winlogbeat_winlog_event_data_LogonType:11))" }, "name": "trend", "timerange": { "type": "offset", "source": "search_type", "id": "00000170-0a70-9e1c-b5da-00155dc58698", "offset": "1i" }, "streams": [], "series": [ { "type": "count", "id": "count()", "field": null } ], "filter": null, "rollup": true, "row_groups": [], "type": "pivot", "id": "00000170-0a70-9e1d-b5da-00155dc58698", "column_groups": [], "sort": [] }, { "query": { "type": "elasticsearch", "query_string": "winlogbeat_winlog_event_id:4625" }, "name": "chart", "timerange": { "type": "relative", "range": 7200 }, "streams": [], "series": [ { "type": "count", "id": "count()", "field": null } ], "filter": null, "rollup": true, "row_groups": [ { "type": "time", "field": "timestamp", "interval": { "type": "auto", "scaling": 1 } } ], "type": "pivot", "id": "00000170-0a70-9e17-b5da-00155dc58698", "column_groups": [], "sort": [] }, { "query": { "type": "elasticsearch", "query_string": "(winlogbeat_winlog_event_id:4624 AND (winlogbeat_winlog_event_data_LogonType:2 OR winlogbeat_winlog_event_data_LogonType:10 OR winlogbeat_winlog_event_data_LogonType:11))" }, "name": "chart", "timerange": { "type": "relative", "range": 7200 }, "streams": [], "series": [ { "type": "count", "id": "count()", "field": null } ], "filter": null, "rollup": true, "row_groups": [ { "type": "time", "field": "timestamp", "interval": { "type": "auto", "scaling": 1 } } ], "type": "pivot", "id": "00000170-0a70-9e18-b5da-00155dc58698", "column_groups": [], "sort": [] }, { "query": { "type": "elasticsearch", "query_string": "(winlogbeat_winlog_event_id:4624 AND (winlogbeat_winlog_event_data_LogonType:2 OR winlogbeat_winlog_event_data_LogonType:10 OR winlogbeat_winlog_event_data_LogonType:11))" }, "name": "chart", "timerange": { "type": "relative", "range": 7200 }, "streams": [], "series": [ { "type": "count", "id": "count()", "field": null } ], "filter": null, "rollup": true, "row_groups": [ { "type": "values", "field": "winlogbeat_winlog_event_data_IpAddress", "limit": 50 } ], "type": "pivot", "id": "00000170-0a70-9e22-b5da-00155dc58698", "column_groups": [], "sort": [ { "type": "series", "field": "winlogbeat_winlog_event_data_IpAddress", "direction": "Descending" } ] }, { "query": { "type": "elasticsearch", "query_string": "winlogbeat_winlog_event_id:4625" }, "name": "trend", "timerange": { "type": "offset", "source": "search_type", "id": "00000170-0a70-9e20-b5da-00155dc58698", "offset": "1i" }, "streams": [], "series": [ { "type": "count", "id": "count()", "field": null } ], "filter": null, "rollup": true, "row_groups": [], "type": "pivot", "id": "00000170-0a70-9e21-b5da-00155dc58698", "column_groups": [], "sort": [] }, { "query": { "type": "elasticsearch", "query_string": "(winlogbeat_winlog_event_id:4624 AND (winlogbeat_winlog_event_data_LogonType:2 OR winlogbeat_winlog_event_data_LogonType:10 OR winlogbeat_winlog_event_data_LogonType:11))" }, "name": "chart", "timerange": { "type": "relative", "range": 7200 }, "streams": [], "series": [ { "type": "count", "id": "count()", "field": null } ], "filter": null, "rollup": true, "row_groups": [ { "type": "values", "field": "winlogbeat_winlog_event_data_TargetUserName", "limit": 50 } ], "type": "pivot", "id": "00000170-0a70-9e1b-b5da-00155dc58698", "column_groups": [], "sort": [ { "type": "series", "field": "winlogbeat_winlog_event_data_TargetUserName", "direction": "Descending" } ] }, { "query": { "type": "elasticsearch", "query_string": "winlogbeat_winlog_event_id:4625" }, "name": "chart", "timerange": { "type": "relative", "range": 7200 }, "streams": [], "series": [ { "type": "count", "id": "count()", "field": null } ], "filter": null, "rollup": true, "row_groups": [ { "type": "values", "field": "winlogbeat_winlog_event_data_IpAddress", "limit": 50 } ], "type": "pivot", "id": "00000170-0a70-9e1e-b5da-00155dc58698", "column_groups": [], "sort": [ { "type": "series", "field": "winlogbeat_winlog_event_data_IpAddress", "direction": "Descending" } ] }, { "query": { "type": "elasticsearch", "query_string": "winlogbeat_winlog_event_id:4625" }, "name": "chart", "timerange": { "type": "relative", "range": 7200 }, "streams": [], "series": [ { "type": "count", "id": "count()", "field": null } ], "filter": null, "rollup": true, "row_groups": [], "type": "pivot", "id": "00000170-0a70-9e20-b5da-00155dc58698", "column_groups": [], "sort": [] }, { "query": { "type": "elasticsearch", "query_string": "(winlogbeat_winlog_event_id:4624 AND (winlogbeat_winlog_event_data_LogonType:2 OR winlogbeat_winlog_event_data_LogonType:10 OR winlogbeat_winlog_event_data_LogonType:11))" }, "name": "chart", "timerange": { "type": "relative", "range": 7200 }, "streams": [], "series": [ { "type": "count", "id": "count()", "field": null } ], "filter": null, "rollup": true, "row_groups": [ { "type": "values", "field": "winlogbeat_winlog_event_data_WorkstationName", "limit": 50 } ], "type": "pivot", "id": "00000170-0a70-9e19-b5da-00155dc58698", "column_groups": [], "sort": [ { "type": "series", "field": "winlogbeat_winlog_event_data_WorkstationName", "direction": "Descending" } ] }, { "query": { "type": "elasticsearch", "query_string": "winlogbeat_winlog_event_id:4625" }, "name": "chart", "timerange": { "type": "relative", "range": 7200 }, "streams": [], "series": [ { "type": "count", "id": "count()", "field": null } ], "filter": null, "rollup": true, "row_groups": [ { "type": "values", "field": "winlogbeat_winlog_event_data_TargetUserName", "limit": 50 } ], "type": "pivot", "id": "00000170-0a70-9e1a-b5da-00155dc58698", "column_groups": [], "sort": [ { "type": "series", "field": "winlogbeat_winlog_event_data_TargetUserName", "direction": "Descending" } ] }, { "query": { "type": "elasticsearch", "query_string": "winlogbeat_winlog_event_id:4625" }, "name": "chart", "timerange": { "type": "relative", "range": 7200 }, "streams": [], "series": [ { "type": "count", "id": "count()", "field": null } ], "filter": null, "rollup": true, "row_groups": [ { "type": "values", "field": "source", "limit": 50 } ], "type": "pivot", "id": "00000170-0a70-9e1f-b5da-00155dc58698", "column_groups": [], "sort": [ { "type": "series", "field": "source", "direction": "Descending" } ] } ] } ], "parameters": [], "requires": {}, "owner": "cy0712", "created_at": "2019-08-01T14:02:55.015Z" }, "created_at": "2019-08-01T14:02:55.015Z", "requires": {}, "state": { "00000170-0a70-9e23-b5da-00155dc58698": { "selected_fields": null, "static_message_list_id": null, "titles": { "widget": { "00000170-0a70-9e0d-b5da-00155dc58698": "Failed Authentication Attempts", "00000170-0a70-9e0e-b5da-00155dc58698": "Interactive Logins", "00000170-0a70-9e0f-b5da-00155dc58698": "Interactive Logins By Destination", "00000170-0a70-9e10-b5da-00155dc58698": "Failed Authentication Attempts By User", "00000170-0a70-9e11-b5da-00155dc58698": "Interactive Logins By User", "00000170-0a70-9e12-b5da-00155dc58698": "Interactive Logons", "00000170-0a70-9e13-b5da-00155dc58698": "Failed Authentication Attempts By IP", "00000170-0a70-9e14-b5da-00155dc58698": "Failed Authentication Attempts By Destination", "00000170-0a70-9e15-b5da-00155dc58698": "Failed Authentication Attempts", "00000170-0a70-9e16-b5da-00155dc58698": "Interactive Logins By IP" }, "tab": { "title": "AD Logon Summary (2h)" } }, "widgets": [ { "id": "00000170-0a70-9e0e-b5da-00155dc58698", "type": "aggregation", "filter": null, "timerange": { "type": "relative", "range": 7200 }, "query": { "type": "elasticsearch", "query_string": "(winlogbeat_winlog_event_id:4624 AND (winlogbeat_winlog_event_data_LogonType:2 OR winlogbeat_winlog_event_data_LogonType:10 OR winlogbeat_winlog_event_data_LogonType:11))" }, "streams": [], "config": { "visualization": "bar", "event_annotation": false, "row_pivots": [ { "field": "timestamp", "type": "time", "config": { "interval": { "type": "auto", "scaling": 2 } } } ], "series": [ { "config": { "name": "Messages" }, "function": "count()" } ], "rollup": true, "column_pivots": [], "visualization_config": null, "formatting_settings": null, "sort": [] } }, { "id": "00000170-0a70-9e14-b5da-00155dc58698", "type": "aggregation", "filter": null, "timerange": { "type": "relative", "range": 7200 }, "query": { "type": "elasticsearch", "query_string": "winlogbeat_winlog_event_id:4625" }, "streams": [], "config": { "visualization": "table", "event_annotation": false, "row_pivots": [ { "field": "source", "type": "values", "config": { "limit": 50 } } ], "series": [ { "config": { "name": null }, "function": "count()" } ], "rollup": true, "column_pivots": [], "visualization_config": null, "formatting_settings": null, "sort": [ { "type": "series", "field": "source", "direction": "Descending" } ] } }, { "id": "00000170-0a70-9e12-b5da-00155dc58698", "type": "aggregation", "filter": null, "timerange": { "type": "relative", "range": 7200 }, "query": { "type": "elasticsearch", "query_string": "(winlogbeat_winlog_event_id:4624 AND (winlogbeat_winlog_event_data_LogonType:2 OR winlogbeat_winlog_event_data_LogonType:10 OR winlogbeat_winlog_event_data_LogonType:11))" }, "streams": [], "config": { "visualization": "numeric", "event_annotation": false, "row_pivots": [], "series": [ { "config": { "name": null }, "function": "count()" } ], "rollup": true, "column_pivots": [], "visualization_config": { "trend": true, "trend_preference": "LOWER" }, "formatting_settings": null, "sort": [] } }, { "id": "00000170-0a70-9e15-b5da-00155dc58698", "type": "aggregation", "filter": null, "timerange": { "type": "relative", "range": 7200 }, "query": { "type": "elasticsearch", "query_string": "winlogbeat_winlog_event_id:4625" }, "streams": [], "config": { "visualization": "numeric", "event_annotation": false, "row_pivots": [], "series": [ { "config": { "name": null }, "function": "count()" } ], "rollup": true, "column_pivots": [], "visualization_config": { "trend": true, "trend_preference": "LOWER" }, "formatting_settings": null, "sort": [] } }, { "id": "00000170-0a70-9e11-b5da-00155dc58698", "type": "aggregation", "filter": null, "timerange": { "type": "relative", "range": 7200 }, "query": { "type": "elasticsearch", "query_string": "(winlogbeat_winlog_event_id:4624 AND (winlogbeat_winlog_event_data_LogonType:2 OR winlogbeat_winlog_event_data_LogonType:10 OR winlogbeat_winlog_event_data_LogonType:11))" }, "streams": [], "config": { "visualization": "table", "event_annotation": false, "row_pivots": [ { "field": "winlogbeat_winlog_event_data_TargetUserName", "type": "values", "config": { "limit": 50 } } ], "series": [ { "config": { "name": null }, "function": "count()" } ], "rollup": true, "column_pivots": [], "visualization_config": null, "formatting_settings": null, "sort": [ { "type": "series", "field": "winlogbeat_winlog_event_data_TargetUserName", "direction": "Descending" } ] } }, { "id": "00000170-0a70-9e13-b5da-00155dc58698", "type": "aggregation", "filter": null, "timerange": { "type": "relative", "range": 7200 }, "query": { "type": "elasticsearch", "query_string": "winlogbeat_winlog_event_id:4625" }, "streams": [], "config": { "visualization": "table", "event_annotation": false, "row_pivots": [ { "field": "winlogbeat_winlog_event_data_IpAddress", "type": "values", "config": { "limit": 50 } } ], "series": [ { "config": { "name": null }, "function": "count()" } ], "rollup": true, "column_pivots": [], "visualization_config": null, "formatting_settings": null, "sort": [ { "type": "series", "field": "winlogbeat_winlog_event_data_IpAddress", "direction": "Descending" } ] } }, { "id": "00000170-0a70-9e0d-b5da-00155dc58698", "type": "aggregation", "filter": null, "timerange": { "type": "relative", "range": 7200 }, "query": { "type": "elasticsearch", "query_string": "winlogbeat_winlog_event_id:4625" }, "streams": [], "config": { "visualization": "bar", "event_annotation": false, "row_pivots": [ { "field": "timestamp", "type": "time", "config": { "interval": { "type": "auto", "scaling": 2 } } } ], "series": [ { "config": { "name": "Messages" }, "function": "count()" } ], "rollup": true, "column_pivots": [], "visualization_config": null, "formatting_settings": null, "sort": [] } }, { "id": "00000170-0a70-9e16-b5da-00155dc58698", "type": "aggregation", "filter": null, "timerange": { "type": "relative", "range": 7200 }, "query": { "type": "elasticsearch", "query_string": "(winlogbeat_winlog_event_id:4624 AND (winlogbeat_winlog_event_data_LogonType:2 OR winlogbeat_winlog_event_data_LogonType:10 OR winlogbeat_winlog_event_data_LogonType:11))" }, "streams": [], "config": { "visualization": "table", "event_annotation": false, "row_pivots": [ { "field": "winlogbeat_winlog_event_data_IpAddress", "type": "values", "config": { "limit": 50 } } ], "series": [ { "config": { "name": null }, "function": "count()" } ], "rollup": true, "column_pivots": [], "visualization_config": null, "formatting_settings": null, "sort": [ { "type": "series", "field": "winlogbeat_winlog_event_data_IpAddress", "direction": "Descending" } ] } }, { "id": "00000170-0a70-9e0f-b5da-00155dc58698", "type": "aggregation", "filter": null, "timerange": { "type": "relative", "range": 7200 }, "query": { "type": "elasticsearch", "query_string": "(winlogbeat_winlog_event_id:4624 AND (winlogbeat_winlog_event_data_LogonType:2 OR winlogbeat_winlog_event_data_LogonType:10 OR winlogbeat_winlog_event_data_LogonType:11))" }, "streams": [], "config": { "visualization": "table", "event_annotation": false, "row_pivots": [ { "field": "winlogbeat_winlog_event_data_WorkstationName", "type": "values", "config": { "limit": 50 } } ], "series": [ { "config": { "name": null }, "function": "count()" } ], "rollup": true, "column_pivots": [], "visualization_config": null, "formatting_settings": null, "sort": [ { "type": "series", "field": "winlogbeat_winlog_event_data_WorkstationName", "direction": "Descending" } ] } }, { "id": "00000170-0a70-9e10-b5da-00155dc58698", "type": "aggregation", "filter": null, "timerange": { "type": "relative", "range": 7200 }, "query": { "type": "elasticsearch", "query_string": "winlogbeat_winlog_event_id:4625" }, "streams": [], "config": { "visualization": "table", "event_annotation": false, "row_pivots": [ { "field": "winlogbeat_winlog_event_data_TargetUserName", "type": "values", "config": { "limit": 50 } } ], "series": [ { "config": { "name": null }, "function": "count()" } ], "rollup": true, "column_pivots": [], "visualization_config": null, "formatting_settings": null, "sort": [ { "type": "series", "field": "winlogbeat_winlog_event_data_TargetUserName", "direction": "Descending" } ] } } ], "widget_mapping": { "00000170-0a70-9e0d-b5da-00155dc58698": [ "00000170-0a70-9e17-b5da-00155dc58698" ], "00000170-0a70-9e0e-b5da-00155dc58698": [ "00000170-0a70-9e18-b5da-00155dc58698" ], "00000170-0a70-9e0f-b5da-00155dc58698": [ "00000170-0a70-9e19-b5da-00155dc58698" ], "00000170-0a70-9e10-b5da-00155dc58698": [ "00000170-0a70-9e1a-b5da-00155dc58698" ], "00000170-0a70-9e11-b5da-00155dc58698": [ "00000170-0a70-9e1b-b5da-00155dc58698" ], "00000170-0a70-9e12-b5da-00155dc58698": [ "00000170-0a70-9e1c-b5da-00155dc58698", "00000170-0a70-9e1d-b5da-00155dc58698" ], "00000170-0a70-9e13-b5da-00155dc58698": [ "00000170-0a70-9e1e-b5da-00155dc58698" ], "00000170-0a70-9e14-b5da-00155dc58698": [ "00000170-0a70-9e1f-b5da-00155dc58698" ], "00000170-0a70-9e15-b5da-00155dc58698": [ "00000170-0a70-9e21-b5da-00155dc58698", "00000170-0a70-9e20-b5da-00155dc58698" ], "00000170-0a70-9e16-b5da-00155dc58698": [ "00000170-0a70-9e22-b5da-00155dc58698" ] }, "positions": { "00000170-0a70-9e0d-b5da-00155dc58698": { "col": 1, "row": 1, "height": 2, "width": 4 }, "00000170-0a70-9e0e-b5da-00155dc58698": { "col": 1, "row": 7, "height": 2, "width": 4 }, "00000170-0a70-9e0f-b5da-00155dc58698": { "col": 5, "row": 9, "height": 4, "width": 2 }, "00000170-0a70-9e10-b5da-00155dc58698": { "col": 1, "row": 3, "height": 4, "width": 2 }, "00000170-0a70-9e11-b5da-00155dc58698": { "col": 1, "row": 9, "height": 4, "width": 2 }, "00000170-0a70-9e12-b5da-00155dc58698": { "col": 5, "row": 7, "height": 2, "width": 2 }, "00000170-0a70-9e13-b5da-00155dc58698": { "col": 3, "row": 3, "height": 4, "width": 2 }, "00000170-0a70-9e14-b5da-00155dc58698": { "col": 5, "row": 3, "height": 4, "width": 2 }, "00000170-0a70-9e15-b5da-00155dc58698": { "col": 5, "row": 1, "height": 2, "width": 2 }, "00000170-0a70-9e16-b5da-00155dc58698": { "col": 3, "row": 9, "height": 4, "width": 2 } }, "formatting": null, "display_mode_settings": { "positions": {} } } }, "properties": [], "owner": "cy0712", "title": { "@type": "string", "@value": "AD Logon Summary (2h)" }, "type": "DASHBOARD", "description": { "@type": "string", "@value": "AD Logon Summary (2h)" } }, "constraints": [ { "type": "server-version", "version": ">=4.1.5+01c9198" } ] }, { "v": "1", "type": { "name": "dashboard", "version": "2" }, "id": "5f506447-58f7-48bb-9885-f01f981938f6", "data": { "summary": { "@type": "string", "@value": "This dashboard was migrated automatically." }, "search": { "queries": [ { "id": "00000170-0a70-9e72-b5da-00155dc58698", "timerange": { "type": "relative", "range": 300 }, "query": { "type": "elasticsearch", "query_string": "" }, "search_types": [ { "query": { "type": "elasticsearch", "query_string": "((winlogbeat_winlog_event_id:4764 OR winlogbeat_winlog_event_id:4735 OR winlogbeat_winlog_event_id:4737 OR winlogbeat_winlog_event_id:4755) AND winlogbeat_winlog_event_data_SamAccountName:\\-)" }, "name": "chart", "timerange": { "type": "relative", "range": 604800 }, "streams": [], "series": [ { "type": "count", "id": "count()", "field": null } ], "filter": null, "rollup": true, "row_groups": [ { "type": "values", "field": "winlogbeat_winlog_event_data_SubjectUserName", "limit": 50 } ], "type": "pivot", "id": "00000170-0a70-9e64-b5da-00155dc58698", "column_groups": [], "sort": [ { "type": "series", "field": "winlogbeat_winlog_event_data_SubjectUserName", "direction": "Descending" } ] }, { "query": { "type": "elasticsearch", "query_string": "winlogbeat_winlog_event_id:631 OR winlogbeat_winlog_event_id:635 OR winlogbeat_winlog_event_id:658 OR winlogbeat_winlog_event_id:4727 OR winlogbeat_winlog_event_id:4731 OR winlogbeat_winlog_event_id:4754" }, "name": "chart", "timerange": { "type": "relative", "range": 604800 }, "streams": [], "series": [ { "type": "count", "id": "count()", "field": null } ], "filter": null, "rollup": true, "row_groups": [], "type": "pivot", "id": "00000170-0a70-9e66-b5da-00155dc58698", "column_groups": [], "sort": [] }, { "query": { "type": "elasticsearch", "query_string": "winlogbeat_winlog_event_id:631 OR winlogbeat_winlog_event_id:635 OR winlogbeat_winlog_event_id:658 OR winlogbeat_winlog_event_id:4727 OR winlogbeat_winlog_event_id:4731 OR winlogbeat_winlog_event_id:4754" }, "name": "trend", "timerange": { "type": "offset", "source": "search_type", "id": "00000170-0a70-9e66-b5da-00155dc58698", "offset": "1i" }, "streams": [], "series": [ { "type": "count", "id": "count()", "field": null } ], "filter": null, "rollup": true, "row_groups": [], "type": "pivot", "id": "00000170-0a70-9e67-b5da-00155dc58698", "column_groups": [], "sort": [] }, { "query": { "type": "elasticsearch", "query_string": "winlogbeat_winlog_event_id:634 OR winlogbeat_winlog_event_id:638 OR winlogbeat_winlog_event_id:662 OR winlogbeat_winlog_event_id:4730 OR winlogbeat_winlog_event_id:4734 OR winlogbeat_winlog_event_id:4758" }, "name": "chart", "timerange": { "type": "relative", "range": 604800 }, "streams": [], "series": [ { "type": "count", "id": "count()", "field": null } ], "filter": null, "rollup": true, "row_groups": [ { "type": "time", "field": "timestamp", "interval": { "type": "auto", "scaling": 1 } } ], "type": "pivot", "id": "00000170-0a70-9e68-b5da-00155dc58698", "column_groups": [], "sort": [] }, { "query": { "type": "elasticsearch", "query_string": "((winlogbeat_winlog_event_id:4764 OR winlogbeat_winlog_event_id:4735 OR winlogbeat_winlog_event_id:4737 OR winlogbeat_winlog_event_id:4755) AND winlogbeat_winlog_event_data_SamAccountName:\\-)" }, "name": "chart", "timerange": { "type": "relative", "range": 604800 }, "streams": [], "series": [ { "type": "count", "id": "count()", "field": null } ], "filter": null, "rollup": true, "row_groups": [ { "type": "values", "field": "winlogbeat_winlog_event_data_TargetUserName", "limit": 50 } ], "type": "pivot", "id": "00000170-0a70-9e5c-b5da-00155dc58698", "column_groups": [], "sort": [ { "type": "series", "field": "winlogbeat_winlog_event_data_TargetUserName", "direction": "Descending" } ] }, { "query": { "type": "elasticsearch", "query_string": "winlogbeat_winlog_event_id:4728 OR winlogbeat_winlog_event_id:4729 OR winlogbeat_winlog_event_id:4732 OR winlogbeat_winlog_event_id:4733 OR winlogbeat_winlog_event_id:4756 OR winlogbeat_winlog_event_id:4757" }, "name": "chart", "timerange": { "type": "relative", "range": 604800 }, "streams": [], "series": [ { "type": "count", "id": "count()", "field": null } ], "filter": null, "rollup": true, "row_groups": [ { "type": "values", "field": "winlogbeat_winlog_event_data_MemberName", "limit": 50 } ], "type": "pivot", "id": "00000170-0a70-9e6d-b5da-00155dc58698", "column_groups": [], "sort": [ { "type": "series", "field": "winlogbeat_winlog_event_data_MemberName", "direction": "Descending" } ] }, { "query": { "type": "elasticsearch", "query_string": "((winlogbeat_winlog_event_id:4764 OR winlogbeat_winlog_event_id:4735 OR winlogbeat_winlog_event_id:4737 OR winlogbeat_winlog_event_id:4755) AND winlogbeat_winlog_event_data_SamAccountName:\\-)" }, "name": "chart", "timerange": { "type": "relative", "range": 604800 }, "streams": [], "series": [ { "type": "count", "id": "count()", "field": null } ], "filter": null, "rollup": true, "row_groups": [], "type": "pivot", "id": "00000170-0a70-9e62-b5da-00155dc58698", "column_groups": [], "sort": [] }, { "query": { "type": "elasticsearch", "query_string": "winlogbeat_winlog_event_id:631 OR winlogbeat_winlog_event_id:635 OR winlogbeat_winlog_event_id:658 OR winlogbeat_winlog_event_id:4727 OR winlogbeat_winlog_event_id:4731 OR winlogbeat_winlog_event_id:4754" }, "name": "chart", "timerange": { "type": "relative", "range": 604800 }, "streams": [], "series": [ { "type": "count", "id": "count()", "field": null } ], "filter": null, "rollup": true, "row_groups": [ { "type": "values", "field": "winlogbeat_winlog_event_data_TargetUserName", "limit": 50 } ], "type": "pivot", "id": "00000170-0a70-9e60-b5da-00155dc58698", "column_groups": [], "sort": [ { "type": "series", "field": "winlogbeat_winlog_event_data_TargetUserName", "direction": "Descending" } ] }, { "query": { "type": "elasticsearch", "query_string": "winlogbeat_winlog_event_id:4728 OR winlogbeat_winlog_event_id:4729 OR winlogbeat_winlog_event_id:4732 OR winlogbeat_winlog_event_id:4733 OR winlogbeat_winlog_event_id:4756 OR winlogbeat_winlog_event_id:4757" }, "name": "chart", "timerange": { "type": "relative", "range": 604800 }, "streams": [], "series": [ { "type": "count", "id": "count()", "field": null } ], "filter": null, "rollup": true, "row_groups": [], "type": "pivot", "id": "00000170-0a70-9e6e-b5da-00155dc58698", "column_groups": [], "sort": [] }, { "query": { "type": "elasticsearch", "query_string": "winlogbeat_winlog_event_id:634 OR winlogbeat_winlog_event_id:638 OR winlogbeat_winlog_event_id:662 OR winlogbeat_winlog_event_id:4730 OR winlogbeat_winlog_event_id:4734 OR winlogbeat_winlog_event_id:4758" }, "name": "chart", "timerange": { "type": "relative", "range": 604800 }, "streams": [], "series": [ { "type": "count", "id": "count()", "field": null } ], "filter": null, "rollup": true, "row_groups": [ { "type": "values", "field": "winlogbeat_winlog_event_data_TargetUserName", "limit": 50 } ], "type": "pivot", "id": "00000170-0a70-9e6c-b5da-00155dc58698", "column_groups": [], "sort": [ { "type": "series", "field": "winlogbeat_winlog_event_data_TargetUserName", "direction": "Descending" } ] }, { "query": { "type": "elasticsearch", "query_string": "winlogbeat_winlog_event_id:631 OR winlogbeat_winlog_event_id:635 OR winlogbeat_winlog_event_id:658 OR winlogbeat_winlog_event_id:4727 OR winlogbeat_winlog_event_id:4731 OR winlogbeat_winlog_event_id:4754" }, "name": "chart", "timerange": { "type": "relative", "range": 604800 }, "streams": [], "series": [ { "type": "count", "id": "count()", "field": null } ], "filter": null, "rollup": true, "row_groups": [ { "type": "time", "field": "timestamp", "interval": { "type": "auto", "scaling": 1 } } ], "type": "pivot", "id": "00000170-0a70-9e65-b5da-00155dc58698", "column_groups": [], "sort": [] }, { "query": { "type": "elasticsearch", "query_string": "winlogbeat_winlog_event_id:4728 OR winlogbeat_winlog_event_id:4729 OR winlogbeat_winlog_event_id:4732 OR winlogbeat_winlog_event_id:4733 OR winlogbeat_winlog_event_id:4756 OR winlogbeat_winlog_event_id:4757" }, "name": "chart", "timerange": { "type": "relative", "range": 604800 }, "streams": [], "series": [ { "type": "count", "id": "count()", "field": null } ], "filter": null, "rollup": true, "row_groups": [ { "type": "values", "field": "source", "limit": 50 } ], "type": "pivot", "id": "00000170-0a70-9e5e-b5da-00155dc58698", "column_groups": [], "sort": [ { "type": "series", "field": "source", "direction": "Descending" } ] }, { "query": { "type": "elasticsearch", "query_string": "winlogbeat_winlog_event_id:631 OR winlogbeat_winlog_event_id:635 OR winlogbeat_winlog_event_id:658 OR winlogbeat_winlog_event_id:4727 OR winlogbeat_winlog_event_id:4731 OR winlogbeat_winlog_event_id:4754" }, "name": "chart", "timerange": { "type": "relative", "range": 604800 }, "streams": [], "series": [ { "type": "count", "id": "count()", "field": null } ], "filter": null, "rollup": true, "row_groups": [ { "type": "values", "field": "winlogbeat_winlog_event_data_SubjectUserName", "limit": 50 } ], "type": "pivot", "id": "00000170-0a70-9e5a-b5da-00155dc58698", "column_groups": [], "sort": [ { "type": "series", "field": "winlogbeat_winlog_event_data_SubjectUserName", "direction": "Descending" } ] }, { "query": { "type": "elasticsearch", "query_string": "((winlogbeat_winlog_event_id:4764 OR winlogbeat_winlog_event_id:4735 OR winlogbeat_winlog_event_id:4737 OR winlogbeat_winlog_event_id:4755) AND winlogbeat_winlog_event_data_SamAccountName:\\-)" }, "name": "chart", "timerange": { "type": "relative", "range": 604800 }, "streams": [], "series": [ { "type": "count", "id": "count()", "field": null } ], "filter": null, "rollup": true, "row_groups": [ { "type": "time", "field": "timestamp", "interval": { "type": "auto", "scaling": 1 } } ], "type": "pivot", "id": "00000170-0a70-9e71-b5da-00155dc58698", "column_groups": [], "sort": [] }, { "query": { "type": "elasticsearch", "query_string": "winlogbeat_winlog_event_id:634 OR winlogbeat_winlog_event_id:638 OR winlogbeat_winlog_event_id:662 OR winlogbeat_winlog_event_id:4730 OR winlogbeat_winlog_event_id:4734 OR winlogbeat_winlog_event_id:4758" }, "name": "chart", "timerange": { "type": "relative", "range": 604800 }, "streams": [], "series": [ { "type": "count", "id": "count()", "field": null } ], "filter": null, "rollup": true, "row_groups": [], "type": "pivot", "id": "00000170-0a70-9e6a-b5da-00155dc58698", "column_groups": [], "sort": [] }, { "query": { "type": "elasticsearch", "query_string": "winlogbeat_winlog_event_id:634 OR winlogbeat_winlog_event_id:638 OR winlogbeat_winlog_event_id:662 OR winlogbeat_winlog_event_id:4730 OR winlogbeat_winlog_event_id:4734 OR winlogbeat_winlog_event_id:4758" }, "name": "trend", "timerange": { "type": "offset", "source": "search_type", "id": "00000170-0a70-9e6a-b5da-00155dc58698", "offset": "1i" }, "streams": [], "series": [ { "type": "count", "id": "count()", "field": null } ], "filter": null, "rollup": true, "row_groups": [], "type": "pivot", "id": "00000170-0a70-9e6b-b5da-00155dc58698", "column_groups": [], "sort": [] }, { "query": { "type": "elasticsearch", "query_string": "winlogbeat_winlog_event_id:634 OR winlogbeat_winlog_event_id:638 OR winlogbeat_winlog_event_id:662 OR winlogbeat_winlog_event_id:4730 OR winlogbeat_winlog_event_id:4734 OR winlogbeat_winlog_event_id:4758" }, "name": "chart", "timerange": { "type": "relative", "range": 604800 }, "streams": [], "series": [ { "type": "count", "id": "count()", "field": null } ], "filter": null, "rollup": true, "row_groups": [ { "type": "values", "field": "source", "limit": 50 } ], "type": "pivot", "id": "00000170-0a70-9e5d-b5da-00155dc58698", "column_groups": [], "sort": [ { "type": "series", "field": "source", "direction": "Descending" } ] }, { "query": { "type": "elasticsearch", "query_string": "winlogbeat_winlog_event_id:4728 OR winlogbeat_winlog_event_id:4729 OR winlogbeat_winlog_event_id:4732 OR winlogbeat_winlog_event_id:4733 OR winlogbeat_winlog_event_id:4756 OR winlogbeat_winlog_event_id:4757" }, "name": "chart", "timerange": { "type": "relative", "range": 604800 }, "streams": [], "series": [ { "type": "count", "id": "count()", "field": null } ], "filter": null, "rollup": true, "row_groups": [ { "type": "values", "field": "winlogbeat_winlog_event_data_SubjectUserName", "limit": 50 } ], "type": "pivot", "id": "00000170-0a70-9e5b-b5da-00155dc58698", "column_groups": [], "sort": [ { "type": "series", "field": "winlogbeat_winlog_event_data_SubjectUserName", "direction": "Descending" } ] }, { "query": { "type": "elasticsearch", "query_string": "((winlogbeat_winlog_event_id:4764 OR winlogbeat_winlog_event_id:4735 OR winlogbeat_winlog_event_id:4737 OR winlogbeat_winlog_event_id:4755) AND winlogbeat_winlog_event_data_SamAccountName:\\-)" }, "name": "trend", "timerange": { "type": "offset", "source": "search_type", "id": "00000170-0a70-9e62-b5da-00155dc58698", "offset": "1i" }, "streams": [], "series": [ { "type": "count", "id": "count()", "field": null } ], "filter": null, "rollup": true, "row_groups": [], "type": "pivot", "id": "00000170-0a70-9e63-b5da-00155dc58698", "column_groups": [], "sort": [] }, { "query": { "type": "elasticsearch", "query_string": "winlogbeat_winlog_event_id:631 OR winlogbeat_winlog_event_id:635 OR winlogbeat_winlog_event_id:658 OR winlogbeat_winlog_event_id:4727 OR winlogbeat_winlog_event_id:4731 OR winlogbeat_winlog_event_id:4754" }, "name": "chart", "timerange": { "type": "relative", "range": 604800 }, "streams": [], "series": [ { "type": "count", "id": "count()", "field": null } ], "filter": null, "rollup": true, "row_groups": [ { "type": "values", "field": "source", "limit": 50 } ], "type": "pivot", "id": "00000170-0a70-9e61-b5da-00155dc58698", "column_groups": [], "sort": [ { "type": "series", "field": "source", "direction": "Descending" } ] }, { "query": { "type": "elasticsearch", "query_string": "winlogbeat_winlog_event_id:634 OR winlogbeat_winlog_event_id:638 OR winlogbeat_winlog_event_id:662 OR winlogbeat_winlog_event_id:4730 OR winlogbeat_winlog_event_id:4734 OR winlogbeat_winlog_event_id:4758" }, "name": "chart", "timerange": { "type": "relative", "range": 604800 }, "streams": [], "series": [ { "type": "count", "id": "count()", "field": null } ], "filter": null, "rollup": true, "row_groups": [ { "type": "values", "field": "winlogbeat_winlog_event_data_SubjectUserName", "limit": 50 } ], "type": "pivot", "id": "00000170-0a70-9e69-b5da-00155dc58698", "column_groups": [], "sort": [ { "type": "series", "field": "winlogbeat_winlog_event_data_SubjectUserName", "direction": "Descending" } ] }, { "query": { "type": "elasticsearch", "query_string": "winlogbeat_winlog_event_id:4728 OR winlogbeat_winlog_event_id:4729 OR winlogbeat_winlog_event_id:4732 OR winlogbeat_winlog_event_id:4733 OR winlogbeat_winlog_event_id:4756 OR winlogbeat_winlog_event_id:4757" }, "name": "trend", "timerange": { "type": "offset", "source": "search_type", "id": "00000170-0a70-9e6e-b5da-00155dc58698", "offset": "1i" }, "streams": [], "series": [ { "type": "count", "id": "count()", "field": null } ], "filter": null, "rollup": true, "row_groups": [], "type": "pivot", "id": "00000170-0a70-9e6f-b5da-00155dc58698", "column_groups": [], "sort": [] }, { "query": { "type": "elasticsearch", "query_string": "((winlogbeat_winlog_event_id:4764 OR winlogbeat_winlog_event_id:4735 OR winlogbeat_winlog_event_id:4737 OR winlogbeat_winlog_event_id:4755) AND winlogbeat_winlog_event_data_SamAccountName:\\-)" }, "name": "chart", "timerange": { "type": "relative", "range": 604800 }, "streams": [], "series": [ { "type": "count", "id": "count()", "field": null } ], "filter": null, "rollup": true, "row_groups": [ { "type": "values", "field": "source", "limit": 50 } ], "type": "pivot", "id": "00000170-0a70-9e5f-b5da-00155dc58698", "column_groups": [], "sort": [ { "type": "series", "field": "source", "direction": "Descending" } ] }, { "query": { "type": "elasticsearch", "query_string": "winlogbeat_winlog_event_id:4728 OR winlogbeat_winlog_event_id:4729 OR winlogbeat_winlog_event_id:4732 OR winlogbeat_winlog_event_id:4733 OR winlogbeat_winlog_event_id:4756 OR winlogbeat_winlog_event_id:4757" }, "name": "chart", "timerange": { "type": "relative", "range": 604800 }, "streams": [], "series": [ { "type": "count", "id": "count()", "field": null } ], "filter": null, "rollup": true, "row_groups": [ { "type": "time", "field": "timestamp", "interval": { "type": "auto", "scaling": 1 } } ], "type": "pivot", "id": "00000170-0a70-9e70-b5da-00155dc58698", "column_groups": [], "sort": [] } ] } ], "parameters": [], "requires": {}, "owner": "cy0712", "created_at": "2019-08-01T14:02:55.032Z" }, "created_at": "2019-08-01T14:02:55.032Z", "requires": {}, "state": { "00000170-0a70-9e72-b5da-00155dc58698": { "selected_fields": null, "static_message_list_id": null, "titles": { "widget": { "00000170-0a70-9e4f-b5da-00155dc58698": "Groups Modified By User", "00000170-0a70-9e50-b5da-00155dc58698": "Group Creations", "00000170-0a70-9e51-b5da-00155dc58698": "Group Creations", "00000170-0a70-9e52-b5da-00155dc58698": "Group Deletions", "00000170-0a70-9e53-b5da-00155dc58698": "Group Deletions By User", "00000170-0a70-9e54-b5da-00155dc58698": "Group Deletions", "00000170-0a70-9e55-b5da-00155dc58698": "Group Deletions", "00000170-0a70-9e56-b5da-00155dc58698": "Membership Changes", "00000170-0a70-9e46-b5da-00155dc58698": "Group Creations By User", "00000170-0a70-9e57-b5da-00155dc58698": "Membership Changes", "00000170-0a70-9e47-b5da-00155dc58698": "Membership Changes By User", "00000170-0a70-9e58-b5da-00155dc58698": "Membership Changes", "00000170-0a70-9e48-b5da-00155dc58698": "Groups Modified", "00000170-0a70-9e59-b5da-00155dc58698": "Groups Modified", "00000170-0a70-9e49-b5da-00155dc58698": "Group Deletions By Source", "00000170-0a70-9e4a-b5da-00155dc58698": "Membership Changes By Source", "00000170-0a70-9e4b-b5da-00155dc58698": "Groups Modified By Source", "00000170-0a70-9e4c-b5da-00155dc58698": "Group Creations", "00000170-0a70-9e4d-b5da-00155dc58698": "Group Creations By Source", "00000170-0a70-9e4e-b5da-00155dc58698": "Groups Modified" }, "tab": { "title": "AD Group Object Summary (7d)" } }, "widgets": [ { "id": "00000170-0a70-9e50-b5da-00155dc58698", "type": "aggregation", "filter": null, "timerange": { "type": "relative", "range": 604800 }, "query": { "type": "elasticsearch", "query_string": "winlogbeat_winlog_event_id:631 OR winlogbeat_winlog_event_id:635 OR winlogbeat_winlog_event_id:658 OR winlogbeat_winlog_event_id:4727 OR winlogbeat_winlog_event_id:4731 OR winlogbeat_winlog_event_id:4754" }, "streams": [], "config": { "visualization": "bar", "event_annotation": false, "row_pivots": [ { "field": "timestamp", "type": "time", "config": { "interval": { "type": "auto", "scaling": 4 } } } ], "series": [ { "config": { "name": "Messages" }, "function": "count()" } ], "rollup": true, "column_pivots": [], "visualization_config": null, "formatting_settings": null, "sort": [] } }, { "id": "00000170-0a70-9e55-b5da-00155dc58698", "type": "aggregation", "filter": null, "timerange": { "type": "relative", "range": 604800 }, "query": { "type": "elasticsearch", "query_string": "winlogbeat_winlog_event_id:634 OR winlogbeat_winlog_event_id:638 OR winlogbeat_winlog_event_id:662 OR winlogbeat_winlog_event_id:4730 OR winlogbeat_winlog_event_id:4734 OR winlogbeat_winlog_event_id:4758" }, "streams": [], "config": { "visualization": "table", "event_annotation": false, "row_pivots": [ { "field": "winlogbeat_winlog_event_data_TargetUserName", "type": "values", "config": { "limit": 50 } } ], "series": [ { "config": { "name": null }, "function": "count()" } ], "rollup": true, "column_pivots": [], "visualization_config": null, "formatting_settings": null, "sort": [ { "type": "series", "field": "winlogbeat_winlog_event_data_TargetUserName", "direction": "Descending" } ] } }, { "id": "00000170-0a70-9e4c-b5da-00155dc58698", "type": "aggregation", "filter": null, "timerange": { "type": "relative", "range": 604800 }, "query": { "type": "elasticsearch", "query_string": "winlogbeat_winlog_event_id:631 OR winlogbeat_winlog_event_id:635 OR winlogbeat_winlog_event_id:658 OR winlogbeat_winlog_event_id:4727 OR winlogbeat_winlog_event_id:4731 OR winlogbeat_winlog_event_id:4754" }, "streams": [], "config": { "visualization": "table", "event_annotation": false, "row_pivots": [ { "field": "winlogbeat_winlog_event_data_TargetUserName", "type": "values", "config": { "limit": 50 } } ], "series": [ { "config": { "name": null }, "function": "count()" } ], "rollup": true, "column_pivots": [], "visualization_config": null, "formatting_settings": null, "sort": [ { "type": "series", "field": "winlogbeat_winlog_event_data_TargetUserName", "direction": "Descending" } ] } }, { "id": "00000170-0a70-9e48-b5da-00155dc58698", "type": "aggregation", "filter": null, "timerange": { "type": "relative", "range": 604800 }, "query": { "type": "elasticsearch", "query_string": "((winlogbeat_winlog_event_id:4764 OR winlogbeat_winlog_event_id:4735 OR winlogbeat_winlog_event_id:4737 OR winlogbeat_winlog_event_id:4755) AND winlogbeat_winlog_event_data_SamAccountName:\\-)" }, "streams": [], "config": { "visualization": "table", "event_annotation": false, "row_pivots": [ { "field": "winlogbeat_winlog_event_data_TargetUserName", "type": "values", "config": { "limit": 50 } } ], "series": [ { "config": { "name": null }, "function": "count()" } ], "rollup": true, "column_pivots": [], "visualization_config": null, "formatting_settings": null, "sort": [ { "type": "series", "field": "winlogbeat_winlog_event_data_TargetUserName", "direction": "Descending" } ] } }, { "id": "00000170-0a70-9e54-b5da-00155dc58698", "type": "aggregation", "filter": null, "timerange": { "type": "relative", "range": 604800 }, "query": { "type": "elasticsearch", "query_string": "winlogbeat_winlog_event_id:634 OR winlogbeat_winlog_event_id:638 OR winlogbeat_winlog_event_id:662 OR winlogbeat_winlog_event_id:4730 OR winlogbeat_winlog_event_id:4734 OR winlogbeat_winlog_event_id:4758" }, "streams": [], "config": { "visualization": "numeric", "event_annotation": false, "row_pivots": [], "series": [ { "config": { "name": null }, "function": "count()" } ], "rollup": true, "column_pivots": [], "visualization_config": { "trend": true, "trend_preference": "HIGHER" }, "formatting_settings": null, "sort": [] } }, { "id": "00000170-0a70-9e49-b5da-00155dc58698", "type": "aggregation", "filter": null, "timerange": { "type": "relative", "range": 604800 }, "query": { "type": "elasticsearch", "query_string": "winlogbeat_winlog_event_id:634 OR winlogbeat_winlog_event_id:638 OR winlogbeat_winlog_event_id:662 OR winlogbeat_winlog_event_id:4730 OR winlogbeat_winlog_event_id:4734 OR winlogbeat_winlog_event_id:4758" }, "streams": [], "config": { "visualization": "table", "event_annotation": false, "row_pivots": [ { "field": "source", "type": "values", "config": { "limit": 50 } } ], "series": [ { "config": { "name": null }, "function": "count()" } ], "rollup": true, "column_pivots": [], "visualization_config": null, "formatting_settings": null, "sort": [ { "type": "series", "field": "source", "direction": "Descending" } ] } }, { "id": "00000170-0a70-9e53-b5da-00155dc58698", "type": "aggregation", "filter": null, "timerange": { "type": "relative", "range": 604800 }, "query": { "type": "elasticsearch", "query_string": "winlogbeat_winlog_event_id:634 OR winlogbeat_winlog_event_id:638 OR winlogbeat_winlog_event_id:662 OR winlogbeat_winlog_event_id:4730 OR winlogbeat_winlog_event_id:4734 OR winlogbeat_winlog_event_id:4758" }, "streams": [], "config": { "visualization": "table", "event_annotation": false, "row_pivots": [ { "field": "winlogbeat_winlog_event_data_SubjectUserName", "type": "values", "config": { "limit": 50 } } ], "series": [ { "config": { "name": null }, "function": "count()" } ], "rollup": true, "column_pivots": [], "visualization_config": null, "formatting_settings": null, "sort": [ { "type": "series", "field": "winlogbeat_winlog_event_data_SubjectUserName", "direction": "Descending" } ] } }, { "id": "00000170-0a70-9e4f-b5da-00155dc58698", "type": "aggregation", "filter": null, "timerange": { "type": "relative", "range": 604800 }, "query": { "type": "elasticsearch", "query_string": "((winlogbeat_winlog_event_id:4764 OR winlogbeat_winlog_event_id:4735 OR winlogbeat_winlog_event_id:4737 OR winlogbeat_winlog_event_id:4755) AND winlogbeat_winlog_event_data_SamAccountName:\\-)" }, "streams": [], "config": { "visualization": "table", "event_annotation": false, "row_pivots": [ { "field": "winlogbeat_winlog_event_data_SubjectUserName", "type": "values", "config": { "limit": 50 } } ], "series": [ { "config": { "name": null }, "function": "count()" } ], "rollup": true, "column_pivots": [], "visualization_config": null, "formatting_settings": null, "sort": [ { "type": "series", "field": "winlogbeat_winlog_event_data_SubjectUserName", "direction": "Descending" } ] } }, { "id": "00000170-0a70-9e4a-b5da-00155dc58698", "type": "aggregation", "filter": null, "timerange": { "type": "relative", "range": 604800 }, "query": { "type": "elasticsearch", "query_string": "winlogbeat_winlog_event_id:4728 OR winlogbeat_winlog_event_id:4729 OR winlogbeat_winlog_event_id:4732 OR winlogbeat_winlog_event_id:4733 OR winlogbeat_winlog_event_id:4756 OR winlogbeat_winlog_event_id:4757" }, "streams": [], "config": { "visualization": "table", "event_annotation": false, "row_pivots": [ { "field": "source", "type": "values", "config": { "limit": 50 } } ], "series": [ { "config": { "name": null }, "function": "count()" } ], "rollup": true, "column_pivots": [], "visualization_config": null, "formatting_settings": null, "sort": [ { "type": "series", "field": "source", "direction": "Descending" } ] } }, { "id": "00000170-0a70-9e47-b5da-00155dc58698", "type": "aggregation", "filter": null, "timerange": { "type": "relative", "range": 604800 }, "query": { "type": "elasticsearch", "query_string": "winlogbeat_winlog_event_id:4728 OR winlogbeat_winlog_event_id:4729 OR winlogbeat_winlog_event_id:4732 OR winlogbeat_winlog_event_id:4733 OR winlogbeat_winlog_event_id:4756 OR winlogbeat_winlog_event_id:4757" }, "streams": [], "config": { "visualization": "table", "event_annotation": false, "row_pivots": [ { "field": "winlogbeat_winlog_event_data_SubjectUserName", "type": "values", "config": { "limit": 50 } } ], "series": [ { "config": { "name": null }, "function": "count()" } ], "rollup": true, "column_pivots": [], "visualization_config": null, "formatting_settings": null, "sort": [ { "type": "series", "field": "winlogbeat_winlog_event_data_SubjectUserName", "direction": "Descending" } ] } }, { "id": "00000170-0a70-9e59-b5da-00155dc58698", "type": "aggregation", "filter": null, "timerange": { "type": "relative", "range": 604800 }, "query": { "type": "elasticsearch", "query_string": "((winlogbeat_winlog_event_id:4764 OR winlogbeat_winlog_event_id:4735 OR winlogbeat_winlog_event_id:4737 OR winlogbeat_winlog_event_id:4755) AND winlogbeat_winlog_event_data_SamAccountName:\\-)" }, "streams": [], "config": { "visualization": "bar", "event_annotation": false, "row_pivots": [ { "field": "timestamp", "type": "time", "config": { "interval": { "type": "auto", "scaling": 4 } } } ], "series": [ { "config": { "name": "Messages" }, "function": "count()" } ], "rollup": true, "column_pivots": [], "visualization_config": null, "formatting_settings": null, "sort": [] } }, { "id": "00000170-0a70-9e56-b5da-00155dc58698", "type": "aggregation", "filter": null, "timerange": { "type": "relative", "range": 604800 }, "query": { "type": "elasticsearch", "query_string": "winlogbeat_winlog_event_id:4728 OR winlogbeat_winlog_event_id:4729 OR winlogbeat_winlog_event_id:4732 OR winlogbeat_winlog_event_id:4733 OR winlogbeat_winlog_event_id:4756 OR winlogbeat_winlog_event_id:4757" }, "streams": [], "config": { "visualization": "table", "event_annotation": false, "row_pivots": [ { "field": "winlogbeat_winlog_event_data_MemberName", "type": "values", "config": { "limit": 50 } } ], "series": [ { "config": { "name": null }, "function": "count()" } ], "rollup": true, "column_pivots": [], "visualization_config": null, "formatting_settings": null, "sort": [ { "type": "series", "field": "winlogbeat_winlog_event_data_MemberName", "direction": "Descending" } ] } }, { "id": "00000170-0a70-9e4e-b5da-00155dc58698", "type": "aggregation", "filter": null, "timerange": { "type": "relative", "range": 604800 }, "query": { "type": "elasticsearch", "query_string": "((winlogbeat_winlog_event_id:4764 OR winlogbeat_winlog_event_id:4735 OR winlogbeat_winlog_event_id:4737 OR winlogbeat_winlog_event_id:4755) AND winlogbeat_winlog_event_data_SamAccountName:\\-)" }, "streams": [], "config": { "visualization": "numeric", "event_annotation": false, "row_pivots": [], "series": [ { "config": { "name": null }, "function": "count()" } ], "rollup": true, "column_pivots": [], "visualization_config": { "trend": true, "trend_preference": "HIGHER" }, "formatting_settings": null, "sort": [] } }, { "id": "00000170-0a70-9e51-b5da-00155dc58698", "type": "aggregation", "filter": null, "timerange": { "type": "relative", "range": 604800 }, "query": { "type": "elasticsearch", "query_string": "winlogbeat_winlog_event_id:631 OR winlogbeat_winlog_event_id:635 OR winlogbeat_winlog_event_id:658 OR winlogbeat_winlog_event_id:4727 OR winlogbeat_winlog_event_id:4731 OR winlogbeat_winlog_event_id:4754" }, "streams": [], "config": { "visualization": "numeric", "event_annotation": false, "row_pivots": [], "series": [ { "config": { "name": null }, "function": "count()" } ], "rollup": true, "column_pivots": [], "visualization_config": { "trend": true, "trend_preference": "HIGHER" }, "formatting_settings": null, "sort": [] } }, { "id": "00000170-0a70-9e46-b5da-00155dc58698", "type": "aggregation", "filter": null, "timerange": { "type": "relative", "range": 604800 }, "query": { "type": "elasticsearch", "query_string": "winlogbeat_winlog_event_id:631 OR winlogbeat_winlog_event_id:635 OR winlogbeat_winlog_event_id:658 OR winlogbeat_winlog_event_id:4727 OR winlogbeat_winlog_event_id:4731 OR winlogbeat_winlog_event_id:4754" }, "streams": [], "config": { "visualization": "table", "event_annotation": false, "row_pivots": [ { "field": "winlogbeat_winlog_event_data_SubjectUserName", "type": "values", "config": { "limit": 50 } } ], "series": [ { "config": { "name": null }, "function": "count()" } ], "rollup": true, "column_pivots": [], "visualization_config": null, "formatting_settings": null, "sort": [ { "type": "series", "field": "winlogbeat_winlog_event_data_SubjectUserName", "direction": "Descending" } ] } }, { "id": "00000170-0a70-9e4b-b5da-00155dc58698", "type": "aggregation", "filter": null, "timerange": { "type": "relative", "range": 604800 }, "query": { "type": "elasticsearch", "query_string": "((winlogbeat_winlog_event_id:4764 OR winlogbeat_winlog_event_id:4735 OR winlogbeat_winlog_event_id:4737 OR winlogbeat_winlog_event_id:4755) AND winlogbeat_winlog_event_data_SamAccountName:\\-)" }, "streams": [], "config": { "visualization": "table", "event_annotation": false, "row_pivots": [ { "field": "source", "type": "values", "config": { "limit": 50 } } ], "series": [ { "config": { "name": null }, "function": "count()" } ], "rollup": true, "column_pivots": [], "visualization_config": null, "formatting_settings": null, "sort": [ { "type": "series", "field": "source", "direction": "Descending" } ] } }, { "id": "00000170-0a70-9e52-b5da-00155dc58698", "type": "aggregation", "filter": null, "timerange": { "type": "relative", "range": 604800 }, "query": { "type": "elasticsearch", "query_string": "winlogbeat_winlog_event_id:634 OR winlogbeat_winlog_event_id:638 OR winlogbeat_winlog_event_id:662 OR winlogbeat_winlog_event_id:4730 OR winlogbeat_winlog_event_id:4734 OR winlogbeat_winlog_event_id:4758" }, "streams": [], "config": { "visualization": "bar", "event_annotation": false, "row_pivots": [ { "field": "timestamp", "type": "time", "config": { "interval": { "type": "auto", "scaling": 4 } } } ], "series": [ { "config": { "name": "Messages" }, "function": "count()" } ], "rollup": true, "column_pivots": [], "visualization_config": null, "formatting_settings": null, "sort": [] } }, { "id": "00000170-0a70-9e57-b5da-00155dc58698", "type": "aggregation", "filter": null, "timerange": { "type": "relative", "range": 604800 }, "query": { "type": "elasticsearch", "query_string": "winlogbeat_winlog_event_id:4728 OR winlogbeat_winlog_event_id:4729 OR winlogbeat_winlog_event_id:4732 OR winlogbeat_winlog_event_id:4733 OR winlogbeat_winlog_event_id:4756 OR winlogbeat_winlog_event_id:4757" }, "streams": [], "config": { "visualization": "numeric", "event_annotation": false, "row_pivots": [], "series": [ { "config": { "name": null }, "function": "count()" } ], "rollup": true, "column_pivots": [], "visualization_config": { "trend": true, "trend_preference": "HIGHER" }, "formatting_settings": null, "sort": [] } }, { "id": "00000170-0a70-9e58-b5da-00155dc58698", "type": "aggregation", "filter": null, "timerange": { "type": "relative", "range": 604800 }, "query": { "type": "elasticsearch", "query_string": "winlogbeat_winlog_event_id:4728 OR winlogbeat_winlog_event_id:4729 OR winlogbeat_winlog_event_id:4732 OR winlogbeat_winlog_event_id:4733 OR winlogbeat_winlog_event_id:4756 OR winlogbeat_winlog_event_id:4757" }, "streams": [], "config": { "visualization": "bar", "event_annotation": false, "row_pivots": [ { "field": "timestamp", "type": "time", "config": { "interval": { "type": "auto", "scaling": 4 } } } ], "series": [ { "config": { "name": "Messages" }, "function": "count()" } ], "rollup": true, "column_pivots": [], "visualization_config": null, "formatting_settings": null, "sort": [] } }, { "id": "00000170-0a70-9e4d-b5da-00155dc58698", "type": "aggregation", "filter": null, "timerange": { "type": "relative", "range": 604800 }, "query": { "type": "elasticsearch", "query_string": "winlogbeat_winlog_event_id:631 OR winlogbeat_winlog_event_id:635 OR winlogbeat_winlog_event_id:658 OR winlogbeat_winlog_event_id:4727 OR winlogbeat_winlog_event_id:4731 OR winlogbeat_winlog_event_id:4754" }, "streams": [], "config": { "visualization": "table", "event_annotation": false, "row_pivots": [ { "field": "source", "type": "values", "config": { "limit": 50 } } ], "series": [ { "config": { "name": null }, "function": "count()" } ], "rollup": true, "column_pivots": [], "visualization_config": null, "formatting_settings": null, "sort": [ { "type": "series", "field": "source", "direction": "Descending" } ] } } ], "widget_mapping": { "00000170-0a70-9e4f-b5da-00155dc58698": [ "00000170-0a70-9e64-b5da-00155dc58698" ], "00000170-0a70-9e50-b5da-00155dc58698": [ "00000170-0a70-9e65-b5da-00155dc58698" ], "00000170-0a70-9e51-b5da-00155dc58698": [ "00000170-0a70-9e66-b5da-00155dc58698", "00000170-0a70-9e67-b5da-00155dc58698" ], "00000170-0a70-9e52-b5da-00155dc58698": [ "00000170-0a70-9e68-b5da-00155dc58698" ], "00000170-0a70-9e53-b5da-00155dc58698": [ "00000170-0a70-9e69-b5da-00155dc58698" ], "00000170-0a70-9e54-b5da-00155dc58698": [ "00000170-0a70-9e6b-b5da-00155dc58698", "00000170-0a70-9e6a-b5da-00155dc58698" ], "00000170-0a70-9e55-b5da-00155dc58698": [ "00000170-0a70-9e6c-b5da-00155dc58698" ], "00000170-0a70-9e56-b5da-00155dc58698": [ "00000170-0a70-9e6d-b5da-00155dc58698" ], "00000170-0a70-9e46-b5da-00155dc58698": [ "00000170-0a70-9e5a-b5da-00155dc58698" ], "00000170-0a70-9e57-b5da-00155dc58698": [ "00000170-0a70-9e6e-b5da-00155dc58698", "00000170-0a70-9e6f-b5da-00155dc58698" ], "00000170-0a70-9e47-b5da-00155dc58698": [ "00000170-0a70-9e5b-b5da-00155dc58698" ], "00000170-0a70-9e58-b5da-00155dc58698": [ "00000170-0a70-9e70-b5da-00155dc58698" ], "00000170-0a70-9e48-b5da-00155dc58698": [ "00000170-0a70-9e5c-b5da-00155dc58698" ], "00000170-0a70-9e59-b5da-00155dc58698": [ "00000170-0a70-9e71-b5da-00155dc58698" ], "00000170-0a70-9e49-b5da-00155dc58698": [ "00000170-0a70-9e5d-b5da-00155dc58698" ], "00000170-0a70-9e4a-b5da-00155dc58698": [ "00000170-0a70-9e5e-b5da-00155dc58698" ], "00000170-0a70-9e4b-b5da-00155dc58698": [ "00000170-0a70-9e5f-b5da-00155dc58698" ], "00000170-0a70-9e4c-b5da-00155dc58698": [ "00000170-0a70-9e60-b5da-00155dc58698" ], "00000170-0a70-9e4d-b5da-00155dc58698": [ "00000170-0a70-9e61-b5da-00155dc58698" ], "00000170-0a70-9e4e-b5da-00155dc58698": [ "00000170-0a70-9e63-b5da-00155dc58698", "00000170-0a70-9e62-b5da-00155dc58698" ] }, "positions": { "00000170-0a70-9e4f-b5da-00155dc58698": { "col": 1, "row": 21, "height": 4, "width": 2 }, "00000170-0a70-9e50-b5da-00155dc58698": { "col": 1, "row": 1, "height": 2, "width": 4 }, "00000170-0a70-9e51-b5da-00155dc58698": { "col": 5, "row": 1, "height": 2, "width": 2 }, "00000170-0a70-9e52-b5da-00155dc58698": { "col": 1, "row": 7, "height": 2, "width": 4 }, "00000170-0a70-9e53-b5da-00155dc58698": { "col": 1, "row": 9, "height": 4, "width": 2 }, "00000170-0a70-9e54-b5da-00155dc58698": { "col": 5, "row": 7, "height": 2, "width": 2 }, "00000170-0a70-9e55-b5da-00155dc58698": { "col": 5, "row": 9, "height": 4, "width": 2 }, "00000170-0a70-9e56-b5da-00155dc58698": { "col": 5, "row": 15, "height": 4, "width": 2 }, "00000170-0a70-9e46-b5da-00155dc58698": { "col": 1, "row": 3, "height": 4, "width": 2 }, "00000170-0a70-9e57-b5da-00155dc58698": { "col": 5, "row": 13, "height": 2, "width": 2 }, "00000170-0a70-9e47-b5da-00155dc58698": { "col": 1, "row": 15, "height": 4, "width": 2 }, "00000170-0a70-9e58-b5da-00155dc58698": { "col": 1, "row": 13, "height": 2, "width": 4 }, "00000170-0a70-9e48-b5da-00155dc58698": { "col": 5, "row": 21, "height": 4, "width": 2 }, "00000170-0a70-9e59-b5da-00155dc58698": { "col": 1, "row": 19, "height": 2, "width": 4 }, "00000170-0a70-9e49-b5da-00155dc58698": { "col": 3, "row": 9, "height": 4, "width": 2 }, "00000170-0a70-9e4a-b5da-00155dc58698": { "col": 3, "row": 15, "height": 4, "width": 2 }, "00000170-0a70-9e4b-b5da-00155dc58698": { "col": 3, "row": 21, "height": 4, "width": 2 }, "00000170-0a70-9e4c-b5da-00155dc58698": { "col": 5, "row": 3, "height": 4, "width": 2 }, "00000170-0a70-9e4d-b5da-00155dc58698": { "col": 3, "row": 3, "height": 4, "width": 2 }, "00000170-0a70-9e4e-b5da-00155dc58698": { "col": 5, "row": 19, "height": 2, "width": 2 } }, "formatting": null, "display_mode_settings": { "positions": {} } } }, "properties": [], "owner": "cy0712", "title": { "@type": "string", "@value": "AD Group Object Summary (7d)" }, "type": "DASHBOARD", "description": { "@type": "string", "@value": "AD Group Object Summary (7d)" } }, "constraints": [ { "type": "server-version", "version": ">=4.1.5+01c9198" } ] } ] }