[
  {
    "_id": "suricata_stats-*",
    "_type": "index-pattern",
    "_source": {
      "title": "suricata_stats-*",
      "timeFieldName": "@timestamp",
      "fields": "[{\"name\":\"@timestamp\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"@version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_index\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_source\",\"type\":\"_source\",\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"event.host\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.subtype\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"node.hostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"node.ipaddr\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.app_layer.expectations\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.app_layer.flow.dcerpc_tcp\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.app_layer.flow.dcerpc_udp\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.app_layer.flow.dhcp\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.app_layer.flow.dnp3\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.app_layer.flow.dns_tcp\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.app_layer.flow.dns_udp\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.app_layer.flow.failed_tcp\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.app_layer.flow.failed_udp\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.app_layer.flow.ftp\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.app_layer.flow.ftp-data\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.app_layer.flow.http\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.app_layer.flow.ikev2\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.app_layer.flow.imap\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.app_layer.flow.krb5_tcp\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.app_layer.flow.krb5_udp\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.app_layer.flow.modbus\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.app_layer.flow.msn\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.app_layer.flow.nfs_tcp\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.app_layer.flow.nfs_udp\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.app_layer.flow.ntp\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.app_layer.flow.smb\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.app_layer.flow.smtp\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.app_layer.flow.ssh\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.app_layer.flow.tftp\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.app_layer.flow.tls\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.app_layer.tx.dcerpc_tcp\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.app_layer.tx.dcerpc_udp\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.app_layer.tx.dhcp\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.app_layer.tx.dnp3\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.app_layer.tx.dns_tcp\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.app_layer.tx.dns_udp\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.app_layer.tx.ftp\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.app_layer.tx.ftp-data\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.app_layer.tx.http\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.app_layer.tx.ikev2\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.app_layer.tx.krb5_tcp\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.app_layer.tx.krb5_udp\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.app_layer.tx.modbus\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.app_layer.tx.nfs_tcp\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.app_layer.tx.nfs_udp\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.app_layer.tx.ntp\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.app_layer.tx.smb\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.app_layer.tx.smtp\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.app_layer.tx.ssh\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.app_layer.tx.tftp\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.app_layer.tx.tls\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.capture.errors\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.capture.kernel_drops\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.capture.kernel_packets\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.avg_pkt_size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.dce.pkt_too_small\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.erspan\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.ethernet\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.erspan.header_too_small\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.erspan.too_many_vlan_layers\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.erspan.unsupported_version\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.ethernet.pkt_too_small\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.gre.pkt_too_small\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.gre.version0_flags\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.gre.version0_hdr_too_big\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.gre.version0_malformed_sre_hdr\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.gre.version0_recur\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.gre.version1_chksum\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.gre.version1_flags\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.gre.version1_hdr_too_big\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.gre.version1_malformed_sre_hdr\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.gre.version1_no_key\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.gre.version1_recur\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.gre.version1_route\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.gre.version1_ssr\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.gre.version1_wrong_protocol\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.gre.wrong_version\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.icmpv4.ipv4_trunc_pkt\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.icmpv4.ipv4_unknown_ver\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.icmpv4.pkt_too_small\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.icmpv4.unknown_code\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.icmpv4.unknown_type\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.icmpv6.experimentation_type\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.icmpv6.ipv6_trunc_pkt\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.icmpv6.ipv6_unknown_version\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.icmpv6.mld_message_with_invalid_hl\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.icmpv6.pkt_too_small\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.icmpv6.unassigned_type\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.icmpv6.unknown_code\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.icmpv6.unknown_type\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.ieee8021ah.header_too_small\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.ipraw.invalid_ip_version\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.ipv4.frag_ignored\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.ipv4.frag_overlap\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.ipv4.frag_pkt_too_large\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.ipv4.hlen_too_small\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.ipv4.icmpv6\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.ipv4.iplen_smaller_than_hlen\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.ipv4.opt_duplicate\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.ipv4.opt_eol_required\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.ipv4.opt_invalid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.ipv4.opt_invalid_len\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.ipv4.opt_malformed\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.ipv4.opt_pad_required\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.ipv4.opt_unknown\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.ipv4.pkt_too_small\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.ipv4.trunc_pkt\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.ipv4.wrong_ip_version\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.ipv6.data_after_none_header\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.ipv6.dstopts_only_padding\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.ipv6.dstopts_unknown_opt\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.ipv6.exthdr_ah_res_not_null\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.ipv6.exthdr_dupl_ah\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.ipv6.exthdr_dupl_dh\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.ipv6.exthdr_dupl_eh\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.ipv6.exthdr_dupl_fh\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.ipv6.exthdr_dupl_hh\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.ipv6.exthdr_dupl_rh\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.ipv6.exthdr_invalid_optlen\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.ipv6.exthdr_useless_fh\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.ipv6.fh_non_zero_reserved_field\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.ipv6.frag_ignored\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.ipv6.frag_overlap\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.ipv6.frag_pkt_too_large\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.ipv6.hopopts_only_padding\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.ipv6.hopopts_unknown_opt\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.ipv6.icmpv4\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.ipv6.ipv4_in_ipv6_too_small\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.ipv6.ipv4_in_ipv6_wrong_version\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.ipv6.ipv6_in_ipv6_too_small\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.ipv6.ipv6_in_ipv6_wrong_version\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.ipv6.pkt_too_small\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.ipv6.rh_type_0\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.ipv6.trunc_exthdr\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.ipv6.trunc_pkt\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.ipv6.unknown_next_header\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.ipv6.wrong_ip_version\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.ipv6.zero_len_padn\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.ltnull.pkt_too_small\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.ltnull.unsupported_type\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.mpls.bad_label_implicit_null\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.mpls.bad_label_reserved\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.mpls.bad_label_router_alert\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.mpls.header_too_small\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.mpls.unknown_payload_type\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.ppp.ip4_pkt_too_small\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.ppp.ip6_pkt_too_small\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.ppp.pkt_too_small\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.ppp.unsup_proto\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.ppp.vju_pkt_too_small\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.ppp.wrong_type\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.pppoe.malformed_tags\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.pppoe.pkt_too_small\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.pppoe.wrong_code\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.sctp.pkt_too_small\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.sll.pkt_too_small\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.tcp.hlen_too_small\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.tcp.invalid_optlen\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.tcp.opt_duplicate\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.tcp.opt_invalid_len\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.tcp.pkt_too_small\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.udp.hlen_invalid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.udp.hlen_too_small\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.udp.pkt_too_small\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.vlan.header_too_small\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.vlan.too_many_layers\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.event.vlan.unknown_type\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.gre\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.icmpv4\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.icmpv6\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.ieee8021ah\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.invalid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.ipraw.invalid_ip_version\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.ipv4\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.ipv4_in_ipv6\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.ipv6\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.ipv6_in_ipv6\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.ltnull.pkt_too_small\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.ltnull.unsupported_type\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.max_pkt_size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.mpls\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.null\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.pkts\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.ppp\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.pppoe\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.raw\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.sctp\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.sll\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.tcp\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.teredo\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.udp\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.vlan\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.decoder.vlan_qinq\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.defrag.ipv4.fragments\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.defrag.ipv4.reassembled\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.defrag.ipv4.timeouts\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.defrag.ipv6.fragments\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.defrag.ipv6.reassembled\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.defrag.ipv6.timeouts\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.defrag.max_frag_hits\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.detect.alert\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.detect.engines.id\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.detect.engines.last_reload\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.detect.engines.rules_failed\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.detect.engines.rules_loaded\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.dns.memcap_global\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.dns.memcap_state\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.dns.memuse\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.file_store.open_files\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.flow.emerg_mode_entered\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.flow.emerg_mode_over\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.flow.icmpv4\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.flow.icmpv6\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.flow.memcap\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.flow.memuse\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.flow.spare\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.flow.tcp\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.flow.tcp_reuse\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.flow.udp\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.flow_mgr.bypassed_pruned\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.flow_mgr.closed_pruned\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.flow_mgr.est_pruned\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.flow_mgr.flows_checked\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.flow_mgr.flows_notimeout\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.flow_mgr.flows_removed\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.flow_mgr.flows_timeout\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.flow_mgr.flows_timeout_inuse\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.flow_mgr.new_pruned\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.flow_mgr.rows_busy\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.flow_mgr.rows_checked\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.flow_mgr.rows_empty\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.flow_mgr.rows_maxlen\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.flow_mgr.rows_skipped\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.ftp.memcap\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.ftp.memuse\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.http.memcap\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.http.memuse\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.tcp.insert_data_normal_fail\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.tcp.insert_data_overlap_fail\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.tcp.insert_list_fail\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.tcp.invalid_checksum\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.tcp.memuse\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.tcp.midstream_pickups\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.tcp.no_flow\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.tcp.overlap\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.tcp.overlap_diff_data\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.tcp.pkt_on_wrong_thread\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.tcp.pseudo\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.tcp.pseudo_failed\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.tcp.reassembly_gap\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.tcp.reassembly_memuse\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.tcp.rst\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.tcp.segment_memcap_drop\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.tcp.sessions\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.tcp.ssn_memcap_drop\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.tcp.stream_depth_reached\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.tcp.syn\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.tcp.synack\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"stats.uptime\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tags\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"uptime\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true}]"
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "index-pattern": "6.5.0"
    },
    "_references": []
  },
  {
    "_id": "suricata-*",
    "_type": "index-pattern",
    "_source": {
      "title": "suricata-*",
      "timeFieldName": "@timestamp",
      "fields": "[{\"name\":\"@timestamp\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"@version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_index\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"_score\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_source\",\"type\":\"_source\",\"count\":0,\"scripted\":false,\"searchable\":false,\"aggregatable\":false,\"readFromDocValues\":false},{\"name\":\"_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":false},{\"name\":\"alert.action\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"alert.category\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"alert.cve\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"alert.gid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"alert.metadata.affected_product\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"alert.metadata.attack_target\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"alert.metadata.created_at\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"alert.metadata.deployment\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"alert.metadata.former_category\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"alert.metadata.signature_severity\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"alert.metadata.tag\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"alert.metadata.updated_at\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"alert.rev\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"alert.severity\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"alert.signature\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"alert.signature_id\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"alert.source.ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"alert.source.port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"alert.target.ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"alert.target.port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"app_proto\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"autonomous_system\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"city\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_asn\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_autonomous_system\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_city\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_country\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_geo_location\",\"type\":\"geo_point\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_hostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"client_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"community_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"country\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dest_asn\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dest_autonomous_system\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dest_city\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dest_country\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dest_geo_location\",\"type\":\"geo_point\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dest_hostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dest_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dest_port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dest_port_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dest_rep_tags\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dhcp.assigned_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dhcp.client_id\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dhcp.client_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dhcp.client_mac\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dhcp.dhcp_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dhcp.dns_servers\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dhcp.hostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dhcp.id\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dhcp.lease_time\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dhcp.next_server_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dhcp.params\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dhcp.relay_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dhcp.requested_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dhcp.routers\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dhcp.subnet_mask\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dhcp.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.aa\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.answers.rdata\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.answers.rrname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.answers.rrtype\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.answers.ttl\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.authorities.rrname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.authorities.rrtype\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.authorities.ttl\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.flags\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.grouped.A\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.grouped.AAAA\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.grouped.CNAME\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.grouped.PTR\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.grouped.SRV\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.grouped.TXT\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.id\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.qr\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.ra\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.rcode\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.rd\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.rdata\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.rrname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.rrtype\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.tc\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.ttl\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.tx_id\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"dns.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.host\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.subtype\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"event.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"fileinfo.filename\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"fileinfo.gaps\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"fileinfo.md5\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"fileinfo.size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"fileinfo.state\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"fileinfo.stored\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"fileinfo.tx_id\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.age\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.alerted\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.bytes_toclient\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.bytes_toserver\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.end\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.pkts\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.pkts_toclient\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.pkts_toserver\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.reason\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.start\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow.state\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"flow_id\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.accept\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.accept_charset\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.accept_datetime\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.accept_encoding\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.accept_language\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.accept_range\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.age\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.allow\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.authorization\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.cache_control\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.connection\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.content_encoding\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.content_language\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.content_length\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.content_location\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.content_md5\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.content_range\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.content_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.cookie\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.date\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.dnt\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.etag\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.expires\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.from\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.hostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.http_content_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.http_method\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.http_port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.http_refer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.http_user_agent\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.last_modified\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.length\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.link\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.location\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.max_forwards\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.org_src_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.origin\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.pragma\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.protocol\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.proxy_authenticate\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.proxy_authorization\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.range\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.redirect\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.referrer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.refresh\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.retry_after\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.server\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.set_cookie\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.status\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.te\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.trailer\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.transfer_encoding\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.true_client_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.upgrade\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.url\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.useragent_app\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.useragent_app_ver\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.useragent_device\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.useragent_os\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.useragent_os_ver\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.vary\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.via\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.warning\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.www_authenticate\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.x_authenticated_user\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.x_bluecoat_via\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.x_flash_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.x_forwarded_proto\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.x_requested_with\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"http.xff\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"icmp_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"icmp_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"in_iface\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ip_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"log.message\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"log.severity\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"log.tags\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"netflow.age\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"netflow.bytes\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"netflow.end\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"netflow.max_ttl\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"netflow.min_ttl\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"netflow.pkts\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"netflow.start\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nfs.file_tx\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nfs.filename\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nfs.hhash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nfs.id\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nfs.procedure\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nfs.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nfs.type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"nfs.version\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"node.hostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"node.ipaddr\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"proto\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rep_tags\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"response_icmp_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"response_icmp_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rpc.auth_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rpc.creds.gid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rpc.creds.machine_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rpc.creds.uid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rpc.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"rpc.xid\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_asn\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_autonomous_system\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_city\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_country\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_geo_location\",\"type\":\"geo_point\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_hostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"server_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"service_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"service_port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"smb.access\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"smb.accessed\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"smb.changed\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"smb.client_dialects\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"smb.client_guid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"smb.command\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"smb.created\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"smb.dcerpc.call_id\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"smb.dcerpc.frag_cnt\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"smb.dcerpc.interfaces.ack_reason\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"smb.dcerpc.interfaces.ack_result\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"smb.dcerpc.interfaces.uuid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"smb.dcerpc.interfaces.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"smb.dcerpc.opnum\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"smb.dcerpc.req\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"smb.dcerpc.res\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"smb.dcerpc.stub_data_size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"smb.dialect\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"smb.disposition\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"smb.filename\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"smb.fuid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"smb.function\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"smb.id\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"smb.kerberos.realm\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"smb.kerberos.snames\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"smb.modified\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"smb.ntlmssp.domain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"smb.ntlmssp.host\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"smb.ntlmssp.user\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"smb.request.native_lm\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"smb.request.native_os\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"smb.response.native_lm\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"smb.response.native_os\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"smb.server_guid\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"smb.session_id\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"smb.share\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"smb.share_type\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"smb.size\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"smb.status\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"smb.status_code\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"smb.tree_id\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"src_asn\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"src_autonomous_system\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"src_city\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"src_country\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"src_geo_location\",\"type\":\"geo_point\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"src_hostname\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"src_ip\",\"type\":\"ip\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"src_port\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"src_port_name\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"src_rep_tags\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ssh.client.proto_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ssh.client.software_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ssh.server.proto_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"ssh.server.software_version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tags\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tcp.ecn\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tcp.state\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tcp.tcp_flags\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tcp.tcp_flags_tc\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tcp.tcp_flags_ts\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tcp_flags\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tftp.file\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tftp.mode\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tftp.packet\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tls.certificate\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tls.chain\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tls.fingerprint\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tls.issuerdn\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tls.ja3.hash\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tls.ja3.string\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tls.notafter\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tls.notbefore\",\"type\":\"date\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tls.serial\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tls.session_resumed\",\"type\":\"boolean\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tls.sni\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tls.subject\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tls.version\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"traffic_locality\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"tx_id\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"vars.flowints.applayer.anomaly.count\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"vars.flowints.http.anomaly.count\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"vars.flowints.smtp.anomaly.count\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"vars.flowints.tcp.retransmission.count\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"vars.flowints.tls.anomaly.count\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"vlan\",\"type\":\"number\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true},{\"name\":\"xff\",\"type\":\"string\",\"count\":0,\"scripted\":false,\"searchable\":true,\"aggregatable\":true,\"readFromDocValues\":true}]",
      "fieldFormatMap": "{\"log.severity\":{\"id\":\"color\",\"params\":{\"fieldType\":\"string\",\"colors\":[{\"range\":\"-Infinity:Infinity\",\"regex\":\"emergency\",\"text\":\"#880000\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"alert\",\"text\":\"#ff0000\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"critical\",\"text\":\"#ff8800\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"error\",\"text\":\"#eecc00\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"warning\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"notice\",\"text\":\"#8800ff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"informational\",\"text\":\"#2200aa\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"debug\",\"text\":\"#888888\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"undetermined\",\"text\":\"#000000\",\"background\":\"\"}]}},\"flow.bytes\":{\"id\":\"bytes\",\"params\":{\"pattern\":\"0,0.[00]b\"}},\"flow.bytes_toclient\":{\"id\":\"bytes\",\"params\":{\"pattern\":\"0,0.[00]b\"}},\"flow.bytes_toserver\":{\"id\":\"bytes\",\"params\":{\"pattern\":\"0,0.[00]b\"}},\"flow_id\":{\"id\":\"number\",\"params\":{\"pattern\":\"0\"}},\"alert.signature_id\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"http://doc.emergingthreats.net/bin/view/Main/{{value}}\",\"labelTemplate\":\"{{value}}\"}},\"dest_port\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"http://www.adminsub.net/tcp-udp-port-finder/{{value}}\",\"labelTemplate\":\"{{value}}\"}},\"service_port\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"http://www.adminsub.net/tcp-udp-port-finder/{{value}}\",\"labelTemplate\":\"{{value}}\"}},\"src_port\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"http://www.adminsub.net/tcp-udp-port-finder/{{value}}\",\"labelTemplate\":\"{{value}}\"}},\"client_ip\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"https://www.talosintelligence.com/reputation_center/lookup?search={{value}}\",\"labelTemplate\":\"{{value}}\"}},\"server_ip\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"https://www.talosintelligence.com/reputation_center/lookup?search={{value}}\",\"labelTemplate\":\"{{value}}\"}},\"src_ip\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"https://www.talosintelligence.com/reputation_center/lookup?search={{value}}\",\"labelTemplate\":\"{{value}}\"}},\"client_asn\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"http://viewdns.info/asnlookup/?asn={{value}}\",\"labelTemplate\":\"{{value}}\"}},\"dest_asn\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"http://viewdns.info/asnlookup/?asn={{value}}\",\"labelTemplate\":\"{{value}}\"}},\"server_asn\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"http://viewdns.info/asnlookup/?asn={{value}}\",\"labelTemplate\":\"{{value}}\"}},\"src_asn\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"http://viewdns.info/asnlookup/?asn={{value}}\",\"labelTemplate\":\"{{value}}\"}},\"dest_ip\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"https://www.talosintelligence.com/reputation_center/lookup?search={{value}}\",\"labelTemplate\":\"{{value}}\"}},\"flow.alerted\":{\"id\":\"boolean\"},\"alert.cve\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"https://nvd.nist.gov/vuln/detail/{{value}}\",\"labelTemplate\":\"{{value}}\"}},\"dns.rcode\":{\"id\":\"color\",\"params\":{\"fieldType\":\"string\",\"colors\":[{\"range\":\"-Infinity:Infinity\",\"regex\":\"NOERROR\",\"text\":\"#009900\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"FORMERR\",\"text\":\"#eecc00\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"SERVFAIL\",\"text\":\"#ff0000\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"NXDOMAIN\",\"text\":\"#ff8800\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"NOTIMP\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"REFUSED\",\"text\":\"#ff8800\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"YXDOMAIN\",\"text\":\"#eecc00\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"YXRRSET\",\"text\":\"#eecc00\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"NXRRSET\",\"text\":\"#eecc00\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"NOTAUTH\",\"text\":\"#ff0000\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"NOTZONE\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"BADVERS\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"BADKEY\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"BADTIME\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"BADMODE\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"BADNAME\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"BADALG\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"BADTRUNC\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"BADCOOKIE\",\"text\":\"#44aaff\",\"background\":\"\"}]}},\"nfs.status\":{\"id\":\"color\",\"params\":{\"fieldType\":\"string\",\"colors\":[{\"range\":\"-Infinity:Infinity\",\"regex\":\"OK\",\"text\":\"#009900\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"ERR_PERM\",\"text\":\"#ff8800\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"ERR_NOENT\",\"text\":\"#eecc00\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"ERR_IO\",\"text\":\"#ff0000\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"ERR_NXIO\",\"text\":\"#ff8800\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"ERR_ACCES\",\"text\":\"#ff0000\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"ERR_EXIST\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"ERR_XDEV\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"ERR_NODEV\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"ERR_NOTDIR\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"ERR_ISDIR\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"ERR_INVAL\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"ERR_FBIG\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"ERR_NOSPC\",\"text\":\"#ff8800\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"ERR_ROFS\",\"text\":\"#eecc00\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"ERR_MLINK\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"ERR_NAMETOOLONG\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"ERR_NOTEMPTY\",\"text\":\"#eecc00\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"ERR_DQUOT\",\"text\":\"#ff8800\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"ERR_STALE\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"ERR_REMOTE\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"ERR_BADHANDLE\",\"text\":\"#eecc00\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"ERR_NOT_SYNC\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"ERR_BAD_COOKIE\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"ERR_NOTSUPP\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"ERR_TOOSMALL\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"ERR_SERVERFAULT\",\"text\":\"#ff0000\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"ERR_BADTYPE\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"ERR_JUKEBOX\",\"text\":\"#eecc00\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"ERR_DELAY\",\"text\":\"#eecc00\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"ERR_SAME\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"ERR_DENIED\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"ERR_EXPIRED\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"ERR_LOCKED\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"ERR_GRACE\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"ERR_FHEXPIRED\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"ERR_SHARE_DENIED\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"ERR_WRONGSEC\",\"text\":\"#eecc00\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"ERR_CLID_INUSE\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"ERR_RESOURCE\",\"text\":\"#eecc00\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"ERR_MOVED\",\"text\":\"#eecc00\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"ERR_NOFILEHANDLE\",\"text\":\"#eecc00\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"ERR_MINOR_VERS_MISMATCH\",\"text\":\"#eecc00\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"ERR_STALE_CLIENTID\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"ERR_STALE_STATEID\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"ERR_OLD_STATEID\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"ERR_BAD_STATEID\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"ERR_BAD_SEQID\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"ERR_NOT_SAME\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"ERR_LOCK_RANGE\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"ERR_SYMLINK\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"ERR_READDIR_NOSPC\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"ERR_LEASE_MOVED\",\"text\":\"#44aaff\",\"background\":\"\"}]}},\"smb.status\":{\"id\":\"color\",\"params\":{\"fieldType\":\"string\",\"colors\":[{\"range\":\"-Infinity:Infinity\",\"regex\":\"SUCCESS\",\"text\":\"#009900\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"INVALID_SMB\",\"text\":\"#eecc00\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"SMB_BAD_TID\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"SMB_BAD_COMMAND\",\"text\":\"#eecc00\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"SMB_BAD_UID\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"SMB_USE_STANDARD\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"BUFFER_OVERFLOW\",\"text\":\"#eecc00\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"NO_MORE_FILES\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"STOPPED_ON_SYMLINK\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"NOT_IMPLEMENTED\",\"text\":\"#eecc00\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"INVALID_PARAMETER\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"NO_SUCH_DEVICE\",\"text\":\"#eecc00\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"INVALID_DEVICE_REQUEST\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"MORE_PROCESSING_REQUIRED\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"ACCESS_DENIED\",\"text\":\"#ff8800\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"BUFFER_TOO_SMALL\",\"text\":\"#eecc00\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"OBJECT_NAME_NOT_FOUND\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"OBJECT_NAME_COLLISION\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"OBJECT_PATH_NOT_FOUND\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"BAD_IMPERSONATION_LEVEL\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"IO_TIMEOUT\",\"text\":\"#eecc00\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"FILE_IS_A_DIRECTORY\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"NOT_SUPPORTED\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"NETWORK_NAME_DELETED\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"USER_SESSION_DELETED\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"NETWORK_SESSION_EXPIRED\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"SMB_TOO_MANY_UIDS\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"DISK_FULL\",\"text\":\"#ff8800\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"ILLEGAL_FUNCTION\",\"text\":\"#eecc00\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"NO_SUCH_FILE\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"OBJECT_PATH_INVALID\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"OBJECT_PATH_SYNTAX_BAD\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"DFS_EXIT_PATH_FOUND\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"REDIRECTOR_NOT_STARTED\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"TOO_MANY_OPENED_FILES\",\"text\":\"#eecc00\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"INVALID_LOCK_SEQUENCE\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"INVALID_VIEW_SIZE\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"ALREADY_COMMITTED\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"PORT_CONNECTION_REFUSED\",\"text\":\"#eecc00\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"THREAD_IS_TERMINATING\",\"text\":\"#eecc00\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"DELETE_PENDING\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"PRIVILEGE_NOT_HELD\",\"text\":\"#ff8800\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"LOGON_FAILURE\",\"text\":\"#ff8800\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"FILE_RENAMED\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"PROCESS_IS_TERMINATING\",\"text\":\"#eecc00\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"CANNOT_DELETE\",\"text\":\"#eecc00\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"FILE_DELETED\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"SMB_BAD_FID\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"INVALID_HANDLE\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"OBJECT_TYPE_MISMATCH\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"PORT_DISCONNECTED\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"INVALID_PORT_HANDLE\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"FILE_CLOSED\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"HANDLE_NOT_CLOSABLE\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"SECTION_TOO_BIG\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"TOO_MANY_PAGING_FILES\",\"text\":\"#eecc00\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"INSUFF_SERVER_RESOURCES\",\"text\":\"#ff8800\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"OS2_INVALID_ACCESS\",\"text\":\"#ff8800\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"DATA_ERROR\",\"text\":\"#eecc00\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"DIRECTORY_NOT_EMPTY\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"NOT_SAME_DEVICE\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"UNSUCCESSFUL\",\"text\":\"#eecc00\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"SHARING_VIOLATION\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"LOCK_NOT_GRANTED\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"END_OF_FILE\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"OS2_INVALID_LEVEL\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"OS2_NEGATIVE_SEEK\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"RANGE_NOT_LOCKED\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"OS2_NO_MORE_SIDS\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"OS2_CANCEL_VIOLATION\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"OS2_ATOMIC_LOCKS_NOT_SUPPORTED\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"INVALID_INFO_CLASS\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"INVALID_PIPE_STATE\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"INVALID_READ_MODE\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"OS2_CANNOT_COPY\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"INSTANCE_NOT_AVAILABLE\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"PIPE_NOT_AVAILABLE\",\"text\":\"#eecc00\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"PIPE_BUSY\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"PIPE_CLOSING\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"PIPE_EMPTY\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"PIPE_DISCONNECTED\",\"text\":\"#eecc00\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"EA_TOO_LARGE\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"OS2_EAS_DIDNT_FIT\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"EAS_NOT_SUPPORTED\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"OS2_EA_ACCESS_DENIED\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"NOTIFY_ENUM_DIR\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"WRONG_PASSWORD\",\"text\":\"#ff8800\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"PATH_NOT_COVERED\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"NETWORK_ACCESS_DENIED\",\"text\":\"#ff8800\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"BAD_NETWORK_NAME\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"BAD_DEVICE_TYPE\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"PRINT_QUEUE_FULL\",\"text\":\"#eecc00\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"NO_SPOOL_SPACE\",\"text\":\"#eecc00\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"PRINT_CANCELLED\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"UNEXPECTED_NETWORK_ERROR\",\"text\":\"#eecc00\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"REQUEST_NOT_ACCEPTED\",\"text\":\"#eecc00\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"TOO_MANY_SESSIONS\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"SMB_USE_MPX\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"SMB_CONTINUE_MPX\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"ACCOUNT_DISABLED\",\"text\":\"#eecc00\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"ACCOUNT_EXPIRED\",\"text\":\"#eecc00\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"INVALID_WORKSTATION\",\"text\":\"#eecc00\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"INVALID_LOGON_HOURS\",\"text\":\"#eecc00\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"PASSWORD_EXPIRED\",\"text\":\"#eecc00\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"PASSWORD_MUST_CHANGE\",\"text\":\"#eecc00\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"SMB_NO_SUPPORT\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"MEDIA_WRITE_PROTECTED\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"NO_MEDIA_IN_DEVICE\",\"text\":\"#eecc00\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"INVALID_DEVICE_STATE\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"CRC_ERROR\",\"text\":\"#eecc00\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"DISK_CORRUPT_ERROR\",\"text\":\"#ff0000\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"NONEXISTENT_SECTOR\",\"text\":\"#ff8800\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"DEVICE_PAPER_EMPTY\",\"text\":\"#eecc00\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"FILE_LOCK_CONFLICT\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"-Infinity:Infinity\",\"regex\":\"WRONG_VOLUME\",\"text\":\"#eecc00\",\"background\":\"\"}]}},\"http.status\":{\"id\":\"color\",\"params\":{\"fieldType\":\"number\",\"colors\":[{\"range\":\"100-199\",\"regex\":\"<insert regex>\",\"text\":\"#2200aa\",\"background\":\"\"},{\"range\":\"200-299\",\"regex\":\"<insert regex>\",\"text\":\"#009900\",\"background\":\"\"},{\"range\":\"300-399\",\"regex\":\"<insert regex>\",\"text\":\"#44aaff\",\"background\":\"\"},{\"range\":\"400-499\",\"regex\":\"<insert regex>\",\"text\":\"#ff8800\",\"background\":\"\"},{\"range\":\"500-599\",\"regex\":\"<insert regex>\",\"text\":\"#ff0000\",\"background\":\"\"}]}},\"dns.tx_id\":{\"id\":\"number\",\"params\":{\"pattern\":\"0\"}},\"smb.dcerpc.call_id\":{\"id\":\"number\",\"params\":{\"pattern\":\"0\"}},\"smb.session_id\":{\"id\":\"number\",\"params\":{\"pattern\":\"0\"}},\"smb.tree_id\":{\"id\":\"number\",\"params\":{\"pattern\":\"0\"}},\"fileinfo.tx_id\":{\"id\":\"number\",\"params\":{\"pattern\":\"0\"}},\"tx_id\":{\"id\":\"number\",\"params\":{\"pattern\":\"0\"}},\"alert.source.port\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"http://www.adminsub.net/tcp-udp-port-finder/{{value}}\",\"labelTemplate\":\"{{value}}\"}},\"alert.target.port\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"http://www.adminsub.net/tcp-udp-port-finder/{{value}}\",\"labelTemplate\":\"{{value}}\"}},\"http.http_port\":{\"id\":\"url\",\"params\":{\"urlTemplate\":\"http://www.adminsub.net/tcp-udp-port-finder/{{value}}\",\"labelTemplate\":\"{{value}}\"}}}"
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "index-pattern": "6.5.0"
    },
    "_references": []
  },
  {
    "_id": "61eb53a0-6696-11e8-a67b-cd4cf123b2a5",
    "_type": "dashboard",
    "_source": {
      "title": "Suricata: Statistics",
      "hits": 0,
      "description": "",
      "panelsJSON": "[{\"gridData\":{\"x\":42,\"y\":0,\"w\":6,\"h\":4,\"i\":\"2\"},\"panelIndex\":\"2\",\"title\":\"\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_0\"},{\"gridData\":{\"x\":33,\"y\":0,\"w\":9,\"h\":5,\"i\":\"4\"},\"panelIndex\":\"4\",\"title\":\"\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_1\"},{\"gridData\":{\"x\":0,\"y\":5,\"w\":24,\"h\":9,\"i\":\"5\"},\"panelIndex\":\"5\",\"title\":\"Decoder Traffic Volume\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_2\"},{\"gridData\":{\"x\":24,\"y\":5,\"w\":24,\"h\":9,\"i\":\"6\"},\"panelIndex\":\"6\",\"title\":\"Memory Use\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_3\"},{\"gridData\":{\"x\":24,\"y\":14,\"w\":24,\"h\":9,\"i\":\"7\"},\"panelIndex\":\"7\",\"title\":\"Invalid Packets\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_4\"},{\"gridData\":{\"x\":24,\"y\":23,\"w\":24,\"h\":9,\"i\":\"8\"},\"panelIndex\":\"8\",\"title\":\"TCP Sessions\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_5\"},{\"gridData\":{\"x\":0,\"y\":23,\"w\":24,\"h\":9,\"i\":\"9\"},\"panelIndex\":\"9\",\"title\":\"Alerts Detected\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_6\"},{\"gridData\":{\"x\":0,\"y\":14,\"w\":24,\"h\":9,\"i\":\"10\"},\"panelIndex\":\"10\",\"title\":\"Kernel Drops\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_7\"},{\"gridData\":{\"x\":0,\"y\":32,\"w\":24,\"h\":9,\"i\":\"11\"},\"panelIndex\":\"11\",\"title\":\"IP Versions\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_8\"},{\"gridData\":{\"x\":24,\"y\":32,\"w\":24,\"h\":9,\"i\":\"12\"},\"panelIndex\":\"12\",\"title\":\"IP Protocols\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_9\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":0,\"w\":33,\"h\":4,\"i\":\"13\"},\"panelIndex\":\"13\",\"title\":\"\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_10\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":4,\"w\":33,\"h\":1,\"i\":\"14\"},\"panelIndex\":\"14\",\"title\":\"\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_11\"}]",
      "optionsJSON": "{\"darkTheme\":false,\"hidePanelTitles\":false,\"useMargins\":false}",
      "version": 1,
      "timeRestore": false,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[],\"highlightAll\":true,\"version\":true}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "dashboard": "7.0.0"
    },
    "_references": [
      {
        "name": "panel_0",
        "type": "visualization",
        "id": "f3890650-648d-11e8-9e8d-39632dc6b766"
      },
      {
        "name": "panel_1",
        "type": "visualization",
        "id": "f05c2b10-6b09-11e8-82af-6743288b8baf"
      },
      {
        "name": "panel_2",
        "type": "visualization",
        "id": "340bf770-6b08-11e8-82af-6743288b8baf"
      },
      {
        "name": "panel_3",
        "type": "visualization",
        "id": "dc43a050-6b08-11e8-82af-6743288b8baf"
      },
      {
        "name": "panel_4",
        "type": "visualization",
        "id": "f3137eb0-6b10-11e8-82af-6743288b8baf"
      },
      {
        "name": "panel_5",
        "type": "visualization",
        "id": "30ceccd0-6b13-11e8-82af-6743288b8baf"
      },
      {
        "name": "panel_6",
        "type": "visualization",
        "id": "3bfa7db0-6b14-11e8-82af-6743288b8baf"
      },
      {
        "name": "panel_7",
        "type": "visualization",
        "id": "cefaeff0-6b14-11e8-82af-6743288b8baf"
      },
      {
        "name": "panel_8",
        "type": "visualization",
        "id": "a7797730-6b19-11e8-82af-6743288b8baf"
      },
      {
        "name": "panel_9",
        "type": "visualization",
        "id": "eac57150-6b1a-11e8-82af-6743288b8baf"
      },
      {
        "name": "panel_10",
        "type": "visualization",
        "id": "df81d600-7c65-11e9-ab58-c1e5cf60a7ac"
      },
      {
        "name": "panel_11",
        "type": "visualization",
        "id": "3e1c1990-648f-11e8-9e8d-39632dc6b766"
      }
    ]
  },
  {
    "_id": "cfa96750-6651-11e8-a67b-cd4cf123b2a5",
    "_type": "dashboard",
    "_source": {
      "title": "Suricata: Threats (Public Threats)",
      "hits": 0,
      "description": "",
      "panelsJSON": "[{\"panelIndex\":\"2\",\"gridData\":{\"x\":42,\"y\":0,\"w\":6,\"h\":4,\"i\":\"2\"},\"title\":\"\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_0\"},{\"panelIndex\":\"25\",\"gridData\":{\"x\":0,\"y\":4,\"w\":9,\"h\":45,\"i\":\"25\"},\"title\":\"\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_1\"},{\"panelIndex\":\"29\",\"gridData\":{\"x\":9,\"y\":14,\"w\":12,\"h\":35,\"i\":\"29\"},\"embeddableConfig\":{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}},\"title\":\"Public Attackers\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_2\"},{\"panelIndex\":\"32\",\"gridData\":{\"x\":21,\"y\":14,\"w\":12,\"h\":35,\"i\":\"32\"},\"title\":\"Signatures\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_3\"},{\"panelIndex\":\"33\",\"gridData\":{\"x\":41,\"y\":14,\"w\":7,\"h\":37,\"i\":\"33\"},\"title\":\"IP Reputations\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_4\"},{\"panelIndex\":\"34\",\"gridData\":{\"x\":33,\"y\":14,\"w\":8,\"h\":35,\"i\":\"34\"},\"title\":\"Vulnerabilities\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_5\"},{\"panelIndex\":\"37\",\"gridData\":{\"x\":9,\"y\":4,\"w\":8,\"h\":7,\"i\":\"37\"},\"title\":\"\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_6\"},{\"panelIndex\":\"38\",\"gridData\":{\"x\":17,\"y\":4,\"w\":31,\"h\":10,\"i\":\"38\"},\"title\":\"\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_7\"},{\"gridData\":{\"x\":24,\"y\":0,\"w\":18,\"h\":4,\"i\":\"40\"},\"version\":\"7.0.1\",\"panelIndex\":\"40\",\"embeddableConfig\":{},\"title\":\"\",\"panelRefName\":\"panel_8\"},{\"gridData\":{\"x\":0,\"y\":0,\"w\":24,\"h\":4,\"i\":\"41\"},\"version\":\"7.0.1\",\"panelIndex\":\"41\",\"embeddableConfig\":{},\"title\":\"\",\"panelRefName\":\"panel_9\"}]",
      "optionsJSON": "{\"darkTheme\":false,\"hidePanelTitles\":false,\"useMargins\":false}",
      "version": 1,
      "timeRestore": false,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[],\"highlightAll\":true,\"version\":true}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "dashboard": "7.0.0"
    },
    "_references": [
      {
        "name": "panel_0",
        "type": "visualization",
        "id": "f3890650-648d-11e8-9e8d-39632dc6b766"
      },
      {
        "name": "panel_1",
        "type": "visualization",
        "id": "ae0b4b40-6651-11e8-a67b-cd4cf123b2a5"
      },
      {
        "name": "panel_2",
        "type": "visualization",
        "id": "4cd37760-663f-11e8-a67b-cd4cf123b2a5"
      },
      {
        "name": "panel_3",
        "type": "visualization",
        "id": "21b948b0-665e-11e8-a67b-cd4cf123b2a5"
      },
      {
        "name": "panel_4",
        "type": "visualization",
        "id": "40c39a80-665e-11e8-a67b-cd4cf123b2a5"
      },
      {
        "name": "panel_5",
        "type": "visualization",
        "id": "34aaa370-665d-11e8-a67b-cd4cf123b2a5"
      },
      {
        "name": "panel_6",
        "type": "visualization",
        "id": "ab96faa0-6677-11e8-a67b-cd4cf123b2a5"
      },
      {
        "name": "panel_7",
        "type": "visualization",
        "id": "403194e0-6678-11e8-a67b-cd4cf123b2a5"
      },
      {
        "name": "panel_8",
        "type": "visualization",
        "id": "a8f699c0-7c67-11e9-ab58-c1e5cf60a7ac"
      },
      {
        "name": "panel_9",
        "type": "visualization",
        "id": "0ab3ba50-7c66-11e9-ab58-c1e5cf60a7ac"
      }
    ]
  },
  {
    "_id": "076caa20-64aa-11e8-9e8d-39632dc6b766",
    "_type": "dashboard",
    "_source": {
      "title": "Suricata: Alerts (Overview)",
      "hits": 0,
      "description": "",
      "panelsJSON": "[{\"gridData\":{\"x\":42,\"y\":0,\"w\":6,\"h\":4,\"i\":\"2\"},\"panelIndex\":\"2\",\"title\":\"\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_0\"},{\"gridData\":{\"x\":9,\"y\":31,\"w\":13,\"h\":11,\"i\":\"5\"},\"panelIndex\":\"5\",\"title\":\"Clients (records)\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_1\"},{\"gridData\":{\"x\":22,\"y\":31,\"w\":13,\"h\":11,\"i\":\"6\"},\"panelIndex\":\"6\",\"title\":\"Servers (records)\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_2\"},{\"gridData\":{\"x\":35,\"y\":31,\"w\":13,\"h\":11,\"i\":\"10\"},\"panelIndex\":\"10\",\"title\":\"Services (records)\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_3\"},{\"gridData\":{\"x\":35,\"y\":20,\"w\":13,\"h\":11,\"i\":\"15\"},\"panelIndex\":\"15\",\"title\":\"Alert Actions (records)\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_4\"},{\"gridData\":{\"x\":9,\"y\":20,\"w\":13,\"h\":11,\"i\":\"16\"},\"panelIndex\":\"16\",\"title\":\"Alert Categories (records)\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_5\"},{\"gridData\":{\"x\":22,\"y\":20,\"w\":13,\"h\":11,\"i\":\"17\"},\"panelIndex\":\"17\",\"title\":\"Alert Signatures (records)\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_6\"},{\"gridData\":{\"x\":9,\"y\":4,\"w\":7,\"h\":6,\"i\":\"18\"},\"panelIndex\":\"18\",\"title\":\"\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_7\"},{\"gridData\":{\"x\":16,\"y\":4,\"w\":7,\"h\":6,\"i\":\"19\"},\"panelIndex\":\"19\",\"title\":\"\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_8\"},{\"gridData\":{\"x\":30,\"y\":4,\"w\":7,\"h\":6,\"i\":\"20\"},\"panelIndex\":\"20\",\"title\":\"\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_9\"},{\"gridData\":{\"x\":23,\"y\":4,\"w\":7,\"h\":6,\"i\":\"21\"},\"panelIndex\":\"21\",\"title\":\"\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_10\"},{\"gridData\":{\"x\":37,\"y\":4,\"w\":7,\"h\":6,\"i\":\"22\"},\"panelIndex\":\"22\",\"title\":\"\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_11\"},{\"gridData\":{\"x\":0,\"y\":4,\"w\":9,\"h\":41,\"i\":\"23\"},\"panelIndex\":\"23\",\"title\":\"\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_12\"},{\"gridData\":{\"x\":9,\"y\":10,\"w\":39,\"h\":10,\"i\":\"24\"},\"panelIndex\":\"24\",\"title\":\"\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_13\"},{\"gridData\":{\"x\":24,\"y\":0,\"w\":18,\"h\":4,\"i\":\"27\"},\"version\":\"7.0.1\",\"panelIndex\":\"27\",\"embeddableConfig\":{},\"title\":\"\",\"panelRefName\":\"panel_14\"},{\"gridData\":{\"x\":0,\"y\":0,\"w\":24,\"h\":4,\"i\":\"28\"},\"version\":\"7.0.1\",\"panelIndex\":\"28\",\"embeddableConfig\":{},\"title\":\"\",\"panelRefName\":\"panel_15\"}]",
      "optionsJSON": "{\"darkTheme\":false,\"hidePanelTitles\":false,\"useMargins\":false}",
      "version": 1,
      "timeRestore": false,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[],\"highlightAll\":true,\"version\":true}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "dashboard": "7.0.0"
    },
    "_references": [
      {
        "name": "panel_0",
        "type": "visualization",
        "id": "f3890650-648d-11e8-9e8d-39632dc6b766"
      },
      {
        "name": "panel_1",
        "type": "visualization",
        "id": "682e0b60-6441-11e8-9e8d-39632dc6b766"
      },
      {
        "name": "panel_2",
        "type": "visualization",
        "id": "e46ea0a0-6440-11e8-9e8d-39632dc6b766"
      },
      {
        "name": "panel_3",
        "type": "visualization",
        "id": "90fe9860-6447-11e8-9e8d-39632dc6b766"
      },
      {
        "name": "panel_4",
        "type": "visualization",
        "id": "9abcb3b0-6441-11e8-9e8d-39632dc6b766"
      },
      {
        "name": "panel_5",
        "type": "visualization",
        "id": "6b89eb20-6442-11e8-9e8d-39632dc6b766"
      },
      {
        "name": "panel_6",
        "type": "visualization",
        "id": "92815a10-6442-11e8-9e8d-39632dc6b766"
      },
      {
        "name": "panel_7",
        "type": "visualization",
        "id": "484e91d0-649a-11e8-9e8d-39632dc6b766"
      },
      {
        "name": "panel_8",
        "type": "visualization",
        "id": "c8438d70-64a2-11e8-9e8d-39632dc6b766"
      },
      {
        "name": "panel_9",
        "type": "visualization",
        "id": "fb7c0a50-64a2-11e8-9e8d-39632dc6b766"
      },
      {
        "name": "panel_10",
        "type": "visualization",
        "id": "e1ca2100-64a2-11e8-9e8d-39632dc6b766"
      },
      {
        "name": "panel_11",
        "type": "visualization",
        "id": "51dae990-64a6-11e8-9e8d-39632dc6b766"
      },
      {
        "name": "panel_12",
        "type": "visualization",
        "id": "4f5f1750-64aa-11e8-9e8d-39632dc6b766"
      },
      {
        "name": "panel_13",
        "type": "visualization",
        "id": "10544520-64b0-11e8-9e8d-39632dc6b766"
      },
      {
        "name": "panel_14",
        "type": "visualization",
        "id": "426aba70-7c66-11e9-ab58-c1e5cf60a7ac"
      },
      {
        "name": "panel_15",
        "type": "visualization",
        "id": "0f4dc9f0-7c68-11e9-ab58-c1e5cf60a7ac"
      }
    ]
  },
  {
    "_id": "3f15a1f0-6696-11e8-a67b-cd4cf123b2a5",
    "_type": "dashboard",
    "_source": {
      "title": "Suricata: Raw Logs",
      "hits": 0,
      "description": "",
      "panelsJSON": "[{\"panelIndex\":\"2\",\"gridData\":{\"x\":42,\"y\":0,\"w\":6,\"h\":4,\"i\":\"2\"},\"title\":\"\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_0\"},{\"panelIndex\":\"4\",\"gridData\":{\"x\":0,\"y\":4,\"w\":9,\"h\":41,\"i\":\"4\"},\"title\":\"\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_1\"},{\"panelIndex\":\"5\",\"gridData\":{\"x\":9,\"y\":4,\"w\":8,\"h\":7,\"i\":\"5\"},\"title\":\"\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_2\"},{\"panelIndex\":\"6\",\"gridData\":{\"x\":17,\"y\":4,\"w\":31,\"h\":9,\"i\":\"6\"},\"title\":\"\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_3\"},{\"title\":\"\",\"panelIndex\":\"7\",\"gridData\":{\"x\":9,\"y\":13,\"w\":39,\"h\":28,\"i\":\"7\"},\"version\":\"7.0.1\",\"panelRefName\":\"panel_4\"},{\"gridData\":{\"x\":0,\"y\":0,\"w\":42,\"h\":4,\"i\":\"8\"},\"version\":\"7.0.1\",\"panelIndex\":\"8\",\"embeddableConfig\":{},\"title\":\"\",\"panelRefName\":\"panel_5\"}]",
      "optionsJSON": "{\"darkTheme\":false,\"hidePanelTitles\":false,\"useMargins\":false}",
      "version": 1,
      "timeRestore": false,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[],\"highlightAll\":true,\"version\":true}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "dashboard": "7.0.0"
    },
    "_references": [
      {
        "name": "panel_0",
        "type": "visualization",
        "id": "f3890650-648d-11e8-9e8d-39632dc6b766"
      },
      {
        "name": "panel_1",
        "type": "visualization",
        "id": "45775610-6a65-11e8-82af-6743288b8baf"
      },
      {
        "name": "panel_2",
        "type": "visualization",
        "id": "d7e3e230-6a64-11e8-82af-6743288b8baf"
      },
      {
        "name": "panel_3",
        "type": "visualization",
        "id": "299c4b30-6a65-11e8-82af-6743288b8baf"
      },
      {
        "name": "panel_4",
        "type": "search",
        "id": "8679ce00-6a69-11e8-82af-6743288b8baf"
      },
      {
        "name": "panel_5",
        "type": "visualization",
        "id": "acad4b10-7c65-11e9-ab58-c1e5cf60a7ac"
      }
    ]
  },
  {
    "_id": "d9a23fb0-6661-11e8-a67b-cd4cf123b2a5",
    "_type": "dashboard",
    "_source": {
      "title": "Suricata: Threats (High-Risk Clients)",
      "hits": 0,
      "description": "",
      "panelsJSON": "[{\"panelIndex\":\"2\",\"gridData\":{\"x\":42,\"y\":0,\"w\":6,\"h\":4,\"i\":\"2\"},\"title\":\"\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_0\"},{\"panelIndex\":\"25\",\"gridData\":{\"x\":0,\"y\":4,\"w\":9,\"h\":45,\"i\":\"25\"},\"title\":\"\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_1\"},{\"panelIndex\":\"30\",\"gridData\":{\"x\":9,\"y\":14,\"w\":12,\"h\":35,\"i\":\"30\"},\"embeddableConfig\":{\"spy\":null,\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}},\"title\":\"High-Risk Clients\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_2\"},{\"panelIndex\":\"37\",\"gridData\":{\"x\":33,\"y\":14,\"w\":8,\"h\":35,\"i\":\"37\"},\"title\":\"Vulnerabilities\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_3\"},{\"panelIndex\":\"38\",\"gridData\":{\"x\":9,\"y\":4,\"w\":8,\"h\":7,\"i\":\"38\"},\"title\":\"\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_4\"},{\"panelIndex\":\"39\",\"gridData\":{\"x\":41,\"y\":14,\"w\":7,\"h\":35,\"i\":\"39\"},\"title\":\"IP Reputations\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_5\"},{\"panelIndex\":\"40\",\"gridData\":{\"x\":21,\"y\":14,\"w\":12,\"h\":35,\"i\":\"40\"},\"title\":\"Signatures\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_6\"},{\"panelIndex\":\"41\",\"gridData\":{\"x\":17,\"y\":4,\"w\":31,\"h\":10,\"i\":\"41\"},\"title\":\"\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_7\"},{\"gridData\":{\"x\":0,\"y\":0,\"w\":24,\"h\":4,\"i\":\"44\"},\"version\":\"7.0.1\",\"panelIndex\":\"44\",\"embeddableConfig\":{},\"title\":\"\",\"panelRefName\":\"panel_8\"},{\"gridData\":{\"x\":24,\"y\":0,\"w\":18,\"h\":4,\"i\":\"45\"},\"version\":\"7.0.1\",\"panelIndex\":\"45\",\"embeddableConfig\":{},\"title\":\"\",\"panelRefName\":\"panel_9\"}]",
      "optionsJSON": "{\"darkTheme\":false,\"hidePanelTitles\":false,\"useMargins\":false}",
      "version": 1,
      "timeRestore": false,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[],\"highlightAll\":true,\"version\":true}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "dashboard": "7.0.0"
    },
    "_references": [
      {
        "name": "panel_0",
        "type": "visualization",
        "id": "f3890650-648d-11e8-9e8d-39632dc6b766"
      },
      {
        "name": "panel_1",
        "type": "visualization",
        "id": "ae0b4b40-6651-11e8-a67b-cd4cf123b2a5"
      },
      {
        "name": "panel_2",
        "type": "visualization",
        "id": "913e46a0-664e-11e8-a67b-cd4cf123b2a5"
      },
      {
        "name": "panel_3",
        "type": "visualization",
        "id": "9ff9d990-6692-11e8-a67b-cd4cf123b2a5"
      },
      {
        "name": "panel_4",
        "type": "visualization",
        "id": "009e4c40-6693-11e8-a67b-cd4cf123b2a5"
      },
      {
        "name": "panel_5",
        "type": "visualization",
        "id": "a6c07810-6692-11e8-a67b-cd4cf123b2a5"
      },
      {
        "name": "panel_6",
        "type": "visualization",
        "id": "d0e55930-6692-11e8-a67b-cd4cf123b2a5"
      },
      {
        "name": "panel_7",
        "type": "visualization",
        "id": "0905a270-6693-11e8-a67b-cd4cf123b2a5"
      },
      {
        "name": "panel_8",
        "type": "visualization",
        "id": "0ab3ba50-7c66-11e9-ab58-c1e5cf60a7ac"
      },
      {
        "name": "panel_9",
        "type": "visualization",
        "id": "72967710-7c67-11e9-ab58-c1e5cf60a7ac"
      }
    ]
  },
  {
    "_id": "73c81560-64b9-11e8-9e8d-39632dc6b766",
    "_type": "dashboard",
    "_source": {
      "title": "Suricata: Flows (Overview)",
      "hits": 0,
      "description": "",
      "panelsJSON": "[{\"gridData\":{\"x\":42,\"y\":0,\"w\":6,\"h\":4,\"i\":\"2\"},\"panelIndex\":\"2\",\"title\":\"\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_0\"},{\"gridData\":{\"x\":0,\"y\":4,\"w\":9,\"h\":41,\"i\":\"3\"},\"panelIndex\":\"3\",\"title\":\"\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_1\"},{\"gridData\":{\"x\":9,\"y\":4,\"w\":39,\"h\":15,\"i\":\"4\"},\"panelIndex\":\"4\",\"title\":\"Flows by Service\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_2\"},{\"gridData\":{\"x\":22,\"y\":19,\"w\":13,\"h\":11,\"i\":\"13\"},\"panelIndex\":\"13\",\"title\":\"Servers (bytes)\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_3\"},{\"gridData\":{\"x\":35,\"y\":19,\"w\":13,\"h\":11,\"i\":\"14\"},\"panelIndex\":\"14\",\"title\":\"Services (bytes)\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_4\"},{\"gridData\":{\"x\":9,\"y\":30,\"w\":13,\"h\":11,\"i\":\"18\"},\"panelIndex\":\"18\",\"title\":\"VLANs (bytes)\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_5\"},{\"gridData\":{\"x\":9,\"y\":19,\"w\":13,\"h\":11,\"i\":\"19\"},\"panelIndex\":\"19\",\"title\":\"Clients (bytes)\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":0,\"w\":24,\"h\":4,\"i\":\"22\"},\"panelIndex\":\"22\",\"title\":\"\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":24,\"y\":0,\"w\":18,\"h\":4,\"i\":\"23\"},\"panelIndex\":\"23\",\"title\":\"\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_8\"},{\"gridData\":{\"x\":35,\"y\":30,\"w\":13,\"h\":11,\"i\":\"24\"},\"version\":\"7.0.1\",\"panelIndex\":\"24\",\"embeddableConfig\":{},\"title\":\"Flow States and TCP Flags (bytes)\",\"panelRefName\":\"panel_9\"},{\"gridData\":{\"x\":22,\"y\":30,\"w\":13,\"h\":11,\"i\":\"25\"},\"version\":\"7.0.1\",\"panelIndex\":\"25\",\"embeddableConfig\":{},\"title\":\"IP Versions and Protocols (bytes)\",\"panelRefName\":\"panel_10\"}]",
      "optionsJSON": "{\"darkTheme\":false,\"hidePanelTitles\":false,\"useMargins\":false}",
      "version": 1,
      "timeRestore": false,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[],\"highlightAll\":true,\"version\":true}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "dashboard": "7.0.0"
    },
    "_references": [
      {
        "name": "panel_0",
        "type": "visualization",
        "id": "f3890650-648d-11e8-9e8d-39632dc6b766"
      },
      {
        "name": "panel_1",
        "type": "visualization",
        "id": "ed2b5ed0-64b9-11e8-9e8d-39632dc6b766"
      },
      {
        "name": "panel_2",
        "type": "visualization",
        "id": "dab25cd0-64c4-11e8-9e8d-39632dc6b766"
      },
      {
        "name": "panel_3",
        "type": "visualization",
        "id": "20fa0c30-6441-11e8-9e8d-39632dc6b766"
      },
      {
        "name": "panel_4",
        "type": "visualization",
        "id": "3147c7c0-644c-11e8-9e8d-39632dc6b766"
      },
      {
        "name": "panel_5",
        "type": "visualization",
        "id": "0feaddf0-644d-11e8-9e8d-39632dc6b766"
      },
      {
        "name": "panel_6",
        "type": "visualization",
        "id": "5b77cd70-6441-11e8-9e8d-39632dc6b766"
      },
      {
        "name": "panel_7",
        "type": "visualization",
        "id": "85e74c60-7c65-11e9-ab58-c1e5cf60a7ac"
      },
      {
        "name": "panel_8",
        "type": "visualization",
        "id": "cf1a3360-7c66-11e9-ab58-c1e5cf60a7ac"
      },
      {
        "name": "panel_9",
        "type": "visualization",
        "id": "780ac400-7cbf-11e9-ab58-c1e5cf60a7ac"
      },
      {
        "name": "panel_10",
        "type": "visualization",
        "id": "34c16c80-7cbf-11e9-ab58-c1e5cf60a7ac"
      }
    ]
  },
  {
    "_id": "a6bc4a90-64eb-11e8-9e8d-39632dc6b766",
    "_type": "search",
    "_source": {
      "title": "Suricata: Logs (flows)",
      "description": "",
      "hits": 0,
      "columns": [
        "flow_id",
        "client_hostname",
        "server_hostname",
        "service_name",
        "flow.bytes",
        "flow.pkts"
      ],
      "sort": [
        "@timestamp",
        "desc"
      ],
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":\"Flow\",\"disabled\":false,\"key\":\"event.subtype\",\"negate\":false,\"params\":{\"query\":\"flow\",\"type\":\"phrase\"},\"type\":\"phrase\",\"value\":\"flow\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match\":{\"event.subtype\":{\"query\":\"flow\",\"type\":\"phrase\"}}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "search": "7.0.0"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "b1382980-6496-11e8-9e8d-39632dc6b766",
    "_type": "search",
    "_source": {
      "title": "Suricata: Logs (alerts)",
      "description": "",
      "hits": 0,
      "columns": [
        "log.severity",
        "alert.category",
        "alert.signature",
        "alert.signature_id",
        "alert.action",
        "client_hostname",
        "server_hostname",
        "service_name"
      ],
      "sort": [
        "@timestamp",
        "desc"
      ],
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":\"Alert\",\"disabled\":false,\"key\":\"event.subtype\",\"negate\":false,\"params\":{\"query\":\"alert\",\"type\":\"phrase\"},\"type\":\"phrase\",\"value\":\"alert\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match\":{\"event.subtype\":{\"query\":\"alert\",\"type\":\"phrase\"}}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "search": "7.0.0"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "275fa0a0-6a70-11e8-82af-6743288b8baf",
    "_type": "search",
    "_source": {
      "title": "Suricata: Logs (dns)",
      "description": "",
      "hits": 0,
      "columns": [
        "client_hostname",
        "server_hostname",
        "dns.type",
        "dns.rrname",
        "dns.rcode",
        "dns.rrtype",
        "dns.rdata"
      ],
      "sort": [
        "@timestamp",
        "desc"
      ],
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[{\"meta\":{\"negate\":false,\"disabled\":false,\"alias\":\"DNS\",\"type\":\"phrase\",\"key\":\"event.subtype\",\"value\":\"dns\",\"params\":{\"query\":\"dns\",\"type\":\"phrase\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match\":{\"event.subtype\":{\"query\":\"dns\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "search": "7.0.0"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "e914b550-6a70-11e8-82af-6743288b8baf",
    "_type": "search",
    "_source": {
      "title": "Suricata: Logs (http)",
      "description": "",
      "hits": 0,
      "columns": [
        "client_hostname",
        "http.http_method",
        "http.hostname",
        "http.url",
        "http.status"
      ],
      "sort": [
        "@timestamp",
        "desc"
      ],
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":\"HTTP\",\"disabled\":false,\"key\":\"event.subtype\",\"negate\":false,\"params\":{\"query\":\"http\",\"type\":\"phrase\"},\"type\":\"phrase\",\"value\":\"http\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match\":{\"event.subtype\":{\"query\":\"http\",\"type\":\"phrase\"}}}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "search": "7.0.0"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "6dbd0910-823a-11e9-8c3c-4925ccb1fc48",
    "_type": "search",
    "_source": {
      "title": "Suricata: Logs (tls)",
      "description": "",
      "hits": 0,
      "columns": [
        "tls.sni",
        "service_name",
        "tls.version",
        "tls.subject"
      ],
      "sort": [
        "@timestamp",
        "desc"
      ],
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[{\"meta\":{\"alias\":\"TLS\",\"negate\":false,\"type\":\"phrase\",\"key\":\"event.subtype\",\"value\":\"tls\",\"params\":{\"query\":\"tls\"},\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match\":{\"event.subtype\":{\"query\":\"tls\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "search": "7.0.0"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "5a4457a0-82c4-11e9-8c3c-4925ccb1fc48",
    "_type": "search",
    "_source": {
      "title": "Suricata: Logs (smb)",
      "description": "",
      "hits": 0,
      "columns": [
        "client_hostname",
        "server_hostname",
        "smb.access",
        "smb.command",
        "smb.disposition",
        "smb.filename",
        "smb.function",
        "smb.status"
      ],
      "sort": [
        "@timestamp",
        "desc"
      ],
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[{\"meta\":{\"alias\":null,\"negate\":false,\"type\":\"phrase\",\"key\":\"event.subtype\",\"value\":\"smb\",\"params\":{\"query\":\"smb\"},\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match\":{\"event.subtype\":{\"query\":\"smb\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"globalState\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "search": "7.0.0"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "4d759660-82c9-11e9-8c3c-4925ccb1fc48",
    "_type": "search",
    "_source": {
      "title": "Suricata: Logs (nfs)",
      "description": "",
      "hits": 0,
      "columns": [
        "client_hostname",
        "server_hostname",
        "nfs.type",
        "nfs.procedure",
        "nfs.filename",
        "nfs.status"
      ],
      "sort": [
        "@timestamp",
        "desc"
      ],
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[{\"meta\":{\"alias\":\"NFS\",\"negate\":false,\"type\":\"phrase\",\"key\":\"event.subtype\",\"value\":\"nfs\",\"params\":{\"query\":\"nfs\"},\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match\":{\"event.subtype\":{\"query\":\"nfs\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "search": "7.0.0"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "749aa930-82c2-11e9-8c3c-4925ccb1fc48",
    "_type": "search",
    "_source": {
      "title": "Suricata: Logs (ssh)",
      "description": "",
      "hits": 0,
      "columns": [
        "client_hostname",
        "ssh.client.software_version",
        "ssh.client.proto_version",
        "server_hostname",
        "ssh.server.software_version",
        "ssh.server.proto_version"
      ],
      "sort": [
        "@timestamp",
        "desc"
      ],
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[{\"meta\":{\"alias\":\"SSH\",\"negate\":false,\"type\":\"phrase\",\"key\":\"event.subtype\",\"value\":\"ssh\",\"params\":{\"query\":\"ssh\"},\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match\":{\"event.subtype\":{\"query\":\"ssh\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "search": "7.0.0"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "8679ce00-6a69-11e8-82af-6743288b8baf",
    "_type": "search",
    "_source": {
      "title": "Suricata: Logs (all)",
      "description": "",
      "hits": 0,
      "columns": [
        "node.hostname",
        "log.severity",
        "event.subtype",
        "client_hostname",
        "server_hostname",
        "service_name",
        "flow.bytes",
        "flow.pkts"
      ],
      "sort": [
        "@timestamp",
        "desc"
      ],
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"highlightAll\":true,\"version\":true,\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "search": "7.0.0"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "0dd5d540-8221-11e9-8c3c-4925ccb1fc48",
    "_type": "dashboard",
    "_source": {
      "title": "Suricata: SSH (Overview)",
      "hits": 0,
      "description": "",
      "panelsJSON": "[{\"gridData\":{\"x\":42,\"y\":0,\"w\":6,\"h\":4,\"i\":\"2\"},\"panelIndex\":\"2\",\"title\":\"\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":24,\"y\":0,\"w\":18,\"h\":4,\"i\":\"29\"},\"panelIndex\":\"29\",\"title\":\"\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":0,\"w\":24,\"h\":4,\"i\":\"30\"},\"panelIndex\":\"30\",\"title\":\"\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":4,\"w\":9,\"h\":47,\"i\":\"31\"},\"panelIndex\":\"31\",\"title\":\"\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_3\"},{\"gridData\":{\"x\":35,\"y\":4,\"w\":13,\"h\":11,\"i\":\"32\"},\"version\":\"7.0.1\",\"panelIndex\":\"32\",\"embeddableConfig\":{},\"title\":\"Client Protocol Versions (records)\",\"panelRefName\":\"panel_4\"},{\"gridData\":{\"x\":35,\"y\":15,\"w\":13,\"h\":11,\"i\":\"33\"},\"version\":\"7.0.1\",\"panelIndex\":\"33\",\"embeddableConfig\":{},\"title\":\"Server Protocol Versions (records)\",\"panelRefName\":\"panel_5\"},{\"gridData\":{\"x\":22,\"y\":4,\"w\":13,\"h\":11,\"i\":\"34\"},\"version\":\"7.0.1\",\"panelIndex\":\"34\",\"embeddableConfig\":{},\"title\":\"Client Software (records)\",\"panelRefName\":\"panel_6\"},{\"gridData\":{\"x\":22,\"y\":15,\"w\":13,\"h\":11,\"i\":\"35\"},\"version\":\"7.0.1\",\"panelIndex\":\"35\",\"embeddableConfig\":{},\"title\":\"Server Software (records)\",\"panelRefName\":\"panel_7\"},{\"gridData\":{\"x\":9,\"y\":4,\"w\":13,\"h\":11,\"i\":\"36\"},\"version\":\"7.0.1\",\"panelIndex\":\"36\",\"embeddableConfig\":{},\"title\":\"Clients (records)\",\"panelRefName\":\"panel_8\"},{\"gridData\":{\"x\":9,\"y\":15,\"w\":13,\"h\":11,\"i\":\"37\"},\"version\":\"7.0.1\",\"panelIndex\":\"37\",\"embeddableConfig\":{},\"title\":\"Servers (records)\",\"panelRefName\":\"panel_9\"},{\"gridData\":{\"x\":18,\"y\":26,\"w\":10,\"h\":25,\"i\":\"38\"},\"version\":\"7.0.1\",\"panelIndex\":\"38\",\"embeddableConfig\":{},\"title\":\"\",\"panelRefName\":\"panel_10\"},{\"gridData\":{\"x\":9,\"y\":26,\"w\":9,\"h\":25,\"i\":\"39\"},\"version\":\"7.0.1\",\"panelIndex\":\"39\",\"embeddableConfig\":{},\"title\":\"\",\"panelRefName\":\"panel_11\"},{\"gridData\":{\"x\":28,\"y\":26,\"w\":9,\"h\":25,\"i\":\"40\"},\"version\":\"7.0.1\",\"panelIndex\":\"40\",\"embeddableConfig\":{},\"title\":\"\",\"panelRefName\":\"panel_12\"},{\"gridData\":{\"x\":37,\"y\":26,\"w\":10,\"h\":24,\"i\":\"41\"},\"version\":\"7.0.1\",\"panelIndex\":\"41\",\"embeddableConfig\":{},\"title\":\"\",\"panelRefName\":\"panel_13\"}]",
      "optionsJSON": "{\"darkTheme\":false,\"hidePanelTitles\":false,\"useMargins\":false}",
      "version": 1,
      "timeRestore": false,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[],\"highlightAll\":true,\"version\":true}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "dashboard": "7.0.0"
    },
    "_references": [
      {
        "name": "panel_0",
        "type": "visualization",
        "id": "f3890650-648d-11e8-9e8d-39632dc6b766"
      },
      {
        "name": "panel_1",
        "type": "visualization",
        "id": "5eecdda0-82af-11e9-8c3c-4925ccb1fc48"
      },
      {
        "name": "panel_2",
        "type": "visualization",
        "id": "7ff11b30-8221-11e9-8c3c-4925ccb1fc48"
      },
      {
        "name": "panel_3",
        "type": "visualization",
        "id": "40dd9a60-82bf-11e9-8c3c-4925ccb1fc48"
      },
      {
        "name": "panel_4",
        "type": "visualization",
        "id": "3ffcccc0-82be-11e9-8c3c-4925ccb1fc48"
      },
      {
        "name": "panel_5",
        "type": "visualization",
        "id": "5aa2b300-82be-11e9-8c3c-4925ccb1fc48"
      },
      {
        "name": "panel_6",
        "type": "visualization",
        "id": "9908d200-82be-11e9-8c3c-4925ccb1fc48"
      },
      {
        "name": "panel_7",
        "type": "visualization",
        "id": "af9ed550-82be-11e9-8c3c-4925ccb1fc48"
      },
      {
        "name": "panel_8",
        "type": "visualization",
        "id": "d3864520-82be-11e9-8c3c-4925ccb1fc48"
      },
      {
        "name": "panel_9",
        "type": "visualization",
        "id": "e407e2f0-82be-11e9-8c3c-4925ccb1fc48"
      },
      {
        "name": "panel_10",
        "type": "visualization",
        "id": "defd8880-82c0-11e9-8c3c-4925ccb1fc48"
      },
      {
        "name": "panel_11",
        "type": "visualization",
        "id": "99a04520-82c0-11e9-8c3c-4925ccb1fc48"
      },
      {
        "name": "panel_12",
        "type": "visualization",
        "id": "aff65940-82c0-11e9-8c3c-4925ccb1fc48"
      },
      {
        "name": "panel_13",
        "type": "visualization",
        "id": "d1d88330-82c0-11e9-8c3c-4925ccb1fc48"
      }
    ]
  },
  {
    "_id": "d41023f0-8221-11e9-8c3c-4925ccb1fc48",
    "_type": "dashboard",
    "_source": {
      "title": "Suricata: SMB (Overview)",
      "hits": 0,
      "description": "",
      "panelsJSON": "[{\"gridData\":{\"x\":42,\"y\":0,\"w\":6,\"h\":4,\"i\":\"2\"},\"panelIndex\":\"2\",\"title\":\"\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_0\"},{\"gridData\":{\"x\":0,\"y\":0,\"w\":24,\"h\":4,\"i\":\"29\"},\"version\":\"7.0.1\",\"panelIndex\":\"29\",\"embeddableConfig\":{},\"title\":\"\",\"panelRefName\":\"panel_1\"},{\"gridData\":{\"x\":24,\"y\":0,\"w\":18,\"h\":4,\"i\":\"30\"},\"version\":\"7.0.1\",\"panelIndex\":\"30\",\"embeddableConfig\":{},\"title\":\"\",\"panelRefName\":\"panel_2\"},{\"gridData\":{\"x\":0,\"y\":4,\"w\":9,\"h\":44,\"i\":\"31\"},\"version\":\"7.0.1\",\"panelIndex\":\"31\",\"embeddableConfig\":{},\"title\":\"\",\"panelRefName\":\"panel_3\"},{\"gridData\":{\"x\":9,\"y\":4,\"w\":13,\"h\":11,\"i\":\"32\"},\"version\":\"7.0.1\",\"panelIndex\":\"32\",\"embeddableConfig\":{},\"title\":\"Clients (records)\",\"panelRefName\":\"panel_4\"},{\"gridData\":{\"x\":9,\"y\":15,\"w\":13,\"h\":11,\"i\":\"33\"},\"version\":\"7.0.1\",\"panelIndex\":\"33\",\"embeddableConfig\":{},\"title\":\"Commands (records)\",\"panelRefName\":\"panel_5\"},{\"gridData\":{\"x\":22,\"y\":4,\"w\":13,\"h\":11,\"i\":\"34\"},\"version\":\"7.0.1\",\"panelIndex\":\"34\",\"embeddableConfig\":{},\"title\":\"Servers (records)\",\"panelRefName\":\"panel_6\"},{\"gridData\":{\"x\":9,\"y\":26,\"w\":13,\"h\":11,\"i\":\"35\"},\"version\":\"7.0.1\",\"panelIndex\":\"35\",\"embeddableConfig\":{},\"title\":\"Access (records)\",\"panelRefName\":\"panel_7\"},{\"gridData\":{\"x\":22,\"y\":15,\"w\":13,\"h\":11,\"i\":\"36\"},\"version\":\"7.0.1\",\"panelIndex\":\"36\",\"embeddableConfig\":{},\"title\":\"Dispositions (records)\",\"panelRefName\":\"panel_8\"},{\"gridData\":{\"x\":35,\"y\":4,\"w\":13,\"h\":11,\"i\":\"37\"},\"version\":\"7.0.1\",\"panelIndex\":\"37\",\"embeddableConfig\":{},\"title\":\"Filenames (records)\",\"panelRefName\":\"panel_9\"},{\"gridData\":{\"x\":35,\"y\":26,\"w\":13,\"h\":11,\"i\":\"38\"},\"version\":\"7.0.1\",\"panelIndex\":\"38\",\"embeddableConfig\":{},\"title\":\"Functions (records)\",\"panelRefName\":\"panel_10\"},{\"gridData\":{\"x\":35,\"y\":15,\"w\":13,\"h\":11,\"i\":\"39\"},\"version\":\"7.0.1\",\"panelIndex\":\"39\",\"embeddableConfig\":{},\"title\":\"Status (records)\",\"panelRefName\":\"panel_11\"},{\"gridData\":{\"x\":22,\"y\":26,\"w\":13,\"h\":11,\"i\":\"40\"},\"version\":\"7.0.1\",\"panelIndex\":\"40\",\"embeddableConfig\":{},\"title\":\"Dialects (records)\",\"panelRefName\":\"panel_12\"}]",
      "optionsJSON": "{\"darkTheme\":false,\"hidePanelTitles\":false,\"useMargins\":false}",
      "version": 1,
      "timeRestore": false,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[],\"highlightAll\":true,\"version\":true}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "dashboard": "7.0.0"
    },
    "_references": [
      {
        "name": "panel_0",
        "type": "visualization",
        "id": "f3890650-648d-11e8-9e8d-39632dc6b766"
      },
      {
        "name": "panel_1",
        "type": "visualization",
        "id": "d2a5a200-8222-11e9-8c3c-4925ccb1fc48"
      },
      {
        "name": "panel_2",
        "type": "visualization",
        "id": "08201a00-82af-11e9-8c3c-4925ccb1fc48"
      },
      {
        "name": "panel_3",
        "type": "visualization",
        "id": "419d6e50-82c7-11e9-8c3c-4925ccb1fc48"
      },
      {
        "name": "panel_4",
        "type": "visualization",
        "id": "2fb52680-82c5-11e9-8c3c-4925ccb1fc48"
      },
      {
        "name": "panel_5",
        "type": "visualization",
        "id": "b4867670-82c5-11e9-8c3c-4925ccb1fc48"
      },
      {
        "name": "panel_6",
        "type": "visualization",
        "id": "610449f0-82c5-11e9-8c3c-4925ccb1fc48"
      },
      {
        "name": "panel_7",
        "type": "visualization",
        "id": "b94d90e0-82c4-11e9-8c3c-4925ccb1fc48"
      },
      {
        "name": "panel_8",
        "type": "visualization",
        "id": "dbe38500-82c5-11e9-8c3c-4925ccb1fc48"
      },
      {
        "name": "panel_9",
        "type": "visualization",
        "id": "f71c3560-82c5-11e9-8c3c-4925ccb1fc48"
      },
      {
        "name": "panel_10",
        "type": "visualization",
        "id": "164c1090-82c6-11e9-8c3c-4925ccb1fc48"
      },
      {
        "name": "panel_11",
        "type": "visualization",
        "id": "2c89bab0-82c6-11e9-8c3c-4925ccb1fc48"
      },
      {
        "name": "panel_12",
        "type": "visualization",
        "id": "4e75f6c0-82c6-11e9-8c3c-4925ccb1fc48"
      }
    ]
  },
  {
    "_id": "443834e0-82b0-11e9-8c3c-4925ccb1fc48",
    "_type": "dashboard",
    "_source": {
      "title": "Suricata: SMB (Messages)",
      "hits": 0,
      "description": "",
      "panelsJSON": "[{\"panelIndex\":\"2\",\"gridData\":{\"x\":42,\"y\":0,\"w\":6,\"h\":4,\"i\":\"2\"},\"title\":\"\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_0\"},{\"gridData\":{\"x\":0,\"y\":0,\"w\":24,\"h\":4,\"i\":\"10\"},\"version\":\"7.0.1\",\"panelIndex\":\"10\",\"embeddableConfig\":{},\"title\":\"\",\"panelRefName\":\"panel_1\"},{\"gridData\":{\"x\":24,\"y\":0,\"w\":18,\"h\":4,\"i\":\"11\"},\"version\":\"7.0.1\",\"panelIndex\":\"11\",\"embeddableConfig\":{},\"title\":\"\",\"panelRefName\":\"panel_2\"},{\"gridData\":{\"x\":9,\"y\":4,\"w\":8,\"h\":7,\"i\":\"12\"},\"version\":\"7.0.1\",\"panelIndex\":\"12\",\"embeddableConfig\":{},\"title\":\"\",\"panelRefName\":\"panel_3\"},{\"gridData\":{\"x\":17,\"y\":4,\"w\":31,\"h\":9,\"i\":\"13\"},\"version\":\"7.0.1\",\"panelIndex\":\"13\",\"embeddableConfig\":{},\"title\":\"\",\"panelRefName\":\"panel_4\"},{\"gridData\":{\"x\":9,\"y\":13,\"w\":39,\"h\":28,\"i\":\"14\"},\"version\":\"7.0.1\",\"panelIndex\":\"14\",\"embeddableConfig\":{},\"title\":\"\",\"panelRefName\":\"panel_5\"},{\"gridData\":{\"x\":0,\"y\":4,\"w\":9,\"h\":45,\"i\":\"15\"},\"version\":\"7.0.1\",\"panelIndex\":\"15\",\"embeddableConfig\":{},\"title\":\"\",\"panelRefName\":\"panel_6\"}]",
      "optionsJSON": "{\"darkTheme\":false,\"hidePanelTitles\":false,\"useMargins\":false}",
      "version": 1,
      "timeRestore": false,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[],\"highlightAll\":true,\"version\":true}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "dashboard": "7.0.0"
    },
    "_references": [
      {
        "name": "panel_0",
        "type": "visualization",
        "id": "f3890650-648d-11e8-9e8d-39632dc6b766"
      },
      {
        "name": "panel_1",
        "type": "visualization",
        "id": "d2a5a200-8222-11e9-8c3c-4925ccb1fc48"
      },
      {
        "name": "panel_2",
        "type": "visualization",
        "id": "1ecdeb10-82af-11e9-8c3c-4925ccb1fc48"
      },
      {
        "name": "panel_3",
        "type": "visualization",
        "id": "f9ac73a0-82b9-11e9-8c3c-4925ccb1fc48"
      },
      {
        "name": "panel_4",
        "type": "visualization",
        "id": "c0826610-82ba-11e9-8c3c-4925ccb1fc48"
      },
      {
        "name": "panel_5",
        "type": "search",
        "id": "5a4457a0-82c4-11e9-8c3c-4925ccb1fc48"
      },
      {
        "name": "panel_6",
        "type": "visualization",
        "id": "419d6e50-82c7-11e9-8c3c-4925ccb1fc48"
      }
    ]
  },
  {
    "_id": "f2dc1af0-8226-11e9-8c3c-4925ccb1fc48",
    "_type": "dashboard",
    "_source": {
      "title": "Suricata: NFS (Overview)",
      "hits": 0,
      "description": "",
      "panelsJSON": "[{\"gridData\":{\"x\":42,\"y\":0,\"w\":6,\"h\":4,\"i\":\"2\"},\"panelIndex\":\"2\",\"title\":\"\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_0\"},{\"gridData\":{\"x\":24,\"y\":0,\"w\":18,\"h\":4,\"i\":\"29\"},\"version\":\"7.0.1\",\"panelIndex\":\"29\",\"embeddableConfig\":{},\"title\":\"\",\"panelRefName\":\"panel_1\"},{\"gridData\":{\"x\":0,\"y\":0,\"w\":24,\"h\":4,\"i\":\"30\"},\"version\":\"7.0.1\",\"panelIndex\":\"30\",\"embeddableConfig\":{},\"title\":\"\",\"panelRefName\":\"panel_2\"},{\"gridData\":{\"x\":0,\"y\":4,\"w\":9,\"h\":53,\"i\":\"31\"},\"version\":\"7.0.1\",\"panelIndex\":\"31\",\"embeddableConfig\":{},\"title\":\"\",\"panelRefName\":\"panel_3\"},{\"gridData\":{\"x\":22,\"y\":15,\"w\":13,\"h\":11,\"i\":\"32\"},\"version\":\"7.0.1\",\"panelIndex\":\"32\",\"embeddableConfig\":{},\"title\":\"Procedures (records)\",\"panelRefName\":\"panel_4\"},{\"gridData\":{\"x\":9,\"y\":4,\"w\":13,\"h\":11,\"i\":\"33\"},\"version\":\"7.0.1\",\"panelIndex\":\"33\",\"embeddableConfig\":{},\"title\":\"Clients (records)\",\"panelRefName\":\"panel_5\"},{\"gridData\":{\"x\":22,\"y\":4,\"w\":13,\"h\":11,\"i\":\"34\"},\"version\":\"7.0.1\",\"panelIndex\":\"34\",\"embeddableConfig\":{},\"title\":\"Servers (records)\",\"panelRefName\":\"panel_6\"},{\"gridData\":{\"x\":35,\"y\":4,\"w\":13,\"h\":11,\"i\":\"35\"},\"version\":\"7.0.1\",\"panelIndex\":\"35\",\"embeddableConfig\":{},\"title\":\"Files (records)\",\"panelRefName\":\"panel_7\"},{\"gridData\":{\"x\":22,\"y\":26,\"w\":13,\"h\":11,\"i\":\"36\"},\"version\":\"7.0.1\",\"panelIndex\":\"36\",\"embeddableConfig\":{},\"title\":\"Versions (records)\",\"panelRefName\":\"panel_8\"},{\"gridData\":{\"x\":35,\"y\":15,\"w\":13,\"h\":11,\"i\":\"37\"},\"version\":\"7.0.1\",\"panelIndex\":\"37\",\"embeddableConfig\":{},\"title\":\"Status (records)\",\"panelRefName\":\"panel_9\"},{\"gridData\":{\"x\":9,\"y\":15,\"w\":13,\"h\":11,\"i\":\"38\"},\"version\":\"7.0.1\",\"panelIndex\":\"38\",\"embeddableConfig\":{},\"title\":\"Types (records)\",\"panelRefName\":\"panel_10\"},{\"gridData\":{\"x\":9,\"y\":26,\"w\":13,\"h\":11,\"i\":\"39\"},\"version\":\"7.0.1\",\"panelIndex\":\"39\",\"embeddableConfig\":{},\"title\":\"File Transaction? (records)\",\"panelRefName\":\"panel_11\"}]",
      "optionsJSON": "{\"darkTheme\":false,\"hidePanelTitles\":false,\"useMargins\":false}",
      "version": 1,
      "timeRestore": false,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[],\"highlightAll\":true,\"version\":true}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "dashboard": "7.0.0"
    },
    "_references": [
      {
        "name": "panel_0",
        "type": "visualization",
        "id": "f3890650-648d-11e8-9e8d-39632dc6b766"
      },
      {
        "name": "panel_1",
        "type": "visualization",
        "id": "26181170-82af-11e9-8c3c-4925ccb1fc48"
      },
      {
        "name": "panel_2",
        "type": "visualization",
        "id": "dc53fc10-82af-11e9-8c3c-4925ccb1fc48"
      },
      {
        "name": "panel_3",
        "type": "visualization",
        "id": "54e4ad10-82cd-11e9-8c3c-4925ccb1fc48"
      },
      {
        "name": "panel_4",
        "type": "visualization",
        "id": "7c6b2780-82cb-11e9-8c3c-4925ccb1fc48"
      },
      {
        "name": "panel_5",
        "type": "visualization",
        "id": "0e1bb6a0-82cb-11e9-8c3c-4925ccb1fc48"
      },
      {
        "name": "panel_6",
        "type": "visualization",
        "id": "27865dc0-82cb-11e9-8c3c-4925ccb1fc48"
      },
      {
        "name": "panel_7",
        "type": "visualization",
        "id": "9f31be00-82cb-11e9-8c3c-4925ccb1fc48"
      },
      {
        "name": "panel_8",
        "type": "visualization",
        "id": "dda857c0-82cb-11e9-8c3c-4925ccb1fc48"
      },
      {
        "name": "panel_9",
        "type": "visualization",
        "id": "c5fee8a0-82cb-11e9-8c3c-4925ccb1fc48"
      },
      {
        "name": "panel_10",
        "type": "visualization",
        "id": "56a66c30-82cb-11e9-8c3c-4925ccb1fc48"
      },
      {
        "name": "panel_11",
        "type": "visualization",
        "id": "eacc2f20-82cc-11e9-8c3c-4925ccb1fc48"
      }
    ]
  },
  {
    "_id": "c4e2cc10-64eb-11e8-9e8d-39632dc6b766",
    "_type": "dashboard",
    "_source": {
      "title": "Suricata: Flows (Messages)",
      "hits": 0,
      "description": "",
      "panelsJSON": "[{\"gridData\":{\"x\":42,\"y\":0,\"w\":6,\"h\":4,\"i\":\"2\"},\"panelIndex\":\"2\",\"title\":\"\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_0\"},{\"gridData\":{\"x\":0,\"y\":4,\"w\":9,\"h\":54,\"i\":\"3\"},\"panelIndex\":\"3\",\"title\":\"\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_1\"},{\"gridData\":{\"x\":17,\"y\":4,\"w\":31,\"h\":9,\"i\":\"4\"},\"panelIndex\":\"4\",\"title\":\"\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_2\"},{\"gridData\":{\"x\":9,\"y\":13,\"w\":39,\"h\":28,\"i\":\"21\"},\"panelIndex\":\"21\",\"title\":\"\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_3\"},{\"gridData\":{\"x\":0,\"y\":0,\"w\":24,\"h\":4,\"i\":\"24\"},\"version\":\"7.0.1\",\"panelIndex\":\"24\",\"embeddableConfig\":{},\"title\":\"\",\"panelRefName\":\"panel_4\"},{\"gridData\":{\"x\":24,\"y\":0,\"w\":18,\"h\":4,\"i\":\"25\"},\"version\":\"7.0.1\",\"panelIndex\":\"25\",\"embeddableConfig\":{},\"title\":\"\",\"panelRefName\":\"panel_5\"},{\"gridData\":{\"x\":9,\"y\":4,\"w\":8,\"h\":7,\"i\":\"26\"},\"version\":\"7.0.1\",\"panelIndex\":\"26\",\"embeddableConfig\":{},\"title\":\"\",\"panelRefName\":\"panel_6\"}]",
      "optionsJSON": "{\"darkTheme\":false,\"hidePanelTitles\":false,\"useMargins\":false}",
      "version": 1,
      "timeRestore": false,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[],\"highlightAll\":true,\"version\":true}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "dashboard": "7.0.0"
    },
    "_references": [
      {
        "name": "panel_0",
        "type": "visualization",
        "id": "f3890650-648d-11e8-9e8d-39632dc6b766"
      },
      {
        "name": "panel_1",
        "type": "visualization",
        "id": "ed2b5ed0-64b9-11e8-9e8d-39632dc6b766"
      },
      {
        "name": "panel_2",
        "type": "visualization",
        "id": "dab25cd0-64c4-11e8-9e8d-39632dc6b766"
      },
      {
        "name": "panel_3",
        "type": "search",
        "id": "a6bc4a90-64eb-11e8-9e8d-39632dc6b766"
      },
      {
        "name": "panel_4",
        "type": "visualization",
        "id": "85e74c60-7c65-11e9-ab58-c1e5cf60a7ac"
      },
      {
        "name": "panel_5",
        "type": "visualization",
        "id": "bdb11bc0-7c66-11e9-ab58-c1e5cf60a7ac"
      },
      {
        "name": "panel_6",
        "type": "visualization",
        "id": "3d570f50-64a4-11e8-9e8d-39632dc6b766"
      }
    ]
  },
  {
    "_id": "b0662710-6a76-11e8-82af-6743288b8baf",
    "_type": "dashboard",
    "_source": {
      "title": "Suricata: HTTP (Messages)",
      "hits": 0,
      "description": "",
      "panelsJSON": "[{\"panelIndex\":\"2\",\"gridData\":{\"x\":42,\"y\":0,\"w\":6,\"h\":4,\"i\":\"2\"},\"title\":\"\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_0\"},{\"panelIndex\":\"5\",\"gridData\":{\"x\":0,\"y\":4,\"w\":9,\"h\":41,\"i\":\"5\"},\"title\":\"\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_1\"},{\"panelIndex\":\"6\",\"gridData\":{\"x\":9,\"y\":4,\"w\":8,\"h\":7,\"i\":\"6\"},\"title\":\"\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_2\"},{\"panelIndex\":\"7\",\"gridData\":{\"x\":17,\"y\":4,\"w\":31,\"h\":9,\"i\":\"7\"},\"title\":\"\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_3\"},{\"title\":\"\",\"panelIndex\":\"8\",\"gridData\":{\"x\":9,\"y\":13,\"w\":39,\"h\":28,\"i\":\"8\"},\"version\":\"7.0.1\",\"panelRefName\":\"panel_4\"},{\"gridData\":{\"x\":0,\"y\":0,\"w\":24,\"h\":4,\"i\":\"9\"},\"version\":\"7.0.1\",\"panelIndex\":\"9\",\"embeddableConfig\":{},\"title\":\"\",\"panelRefName\":\"panel_5\"},{\"gridData\":{\"x\":24,\"y\":0,\"w\":18,\"h\":4,\"i\":\"10\"},\"version\":\"7.0.1\",\"panelIndex\":\"10\",\"embeddableConfig\":{},\"title\":\"\",\"panelRefName\":\"panel_6\"}]",
      "optionsJSON": "{\"darkTheme\":false,\"hidePanelTitles\":false,\"useMargins\":false}",
      "version": 1,
      "timeRestore": false,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[],\"highlightAll\":true,\"version\":true}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "dashboard": "7.0.0"
    },
    "_references": [
      {
        "name": "panel_0",
        "type": "visualization",
        "id": "f3890650-648d-11e8-9e8d-39632dc6b766"
      },
      {
        "name": "panel_1",
        "type": "visualization",
        "id": "18b9c380-6a77-11e8-82af-6743288b8baf"
      },
      {
        "name": "panel_2",
        "type": "visualization",
        "id": "516a73a0-6a7c-11e8-82af-6743288b8baf"
      },
      {
        "name": "panel_3",
        "type": "visualization",
        "id": "1bfd1560-6a7c-11e8-82af-6743288b8baf"
      },
      {
        "name": "panel_4",
        "type": "search",
        "id": "e914b550-6a70-11e8-82af-6743288b8baf"
      },
      {
        "name": "panel_5",
        "type": "visualization",
        "id": "9bcc2820-7c65-11e9-ab58-c1e5cf60a7ac"
      },
      {
        "name": "panel_6",
        "type": "visualization",
        "id": "1d8d3560-7c67-11e9-ab58-c1e5cf60a7ac"
      }
    ]
  },
  {
    "_id": "11934d10-820e-11e9-8c3c-4925ccb1fc48",
    "_type": "dashboard",
    "_source": {
      "title": "Suricata: TLS (Overview)",
      "hits": 0,
      "description": "",
      "panelsJSON": "[{\"gridData\":{\"x\":42,\"y\":0,\"w\":6,\"h\":4,\"i\":\"2\"},\"panelIndex\":\"2\",\"title\":\"\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_0\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":21,\"y\":4,\"w\":12,\"h\":11,\"i\":\"20\"},\"panelIndex\":\"20\",\"title\":\"Services over TLS (records)\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_1\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":9,\"y\":4,\"w\":12,\"h\":11,\"i\":\"23\"},\"panelIndex\":\"23\",\"title\":\"SNIs (records)\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_2\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":33,\"y\":4,\"w\":12,\"h\":11,\"i\":\"24\"},\"panelIndex\":\"24\",\"title\":\"Subjects (records)\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_3\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":9,\"y\":15,\"w\":39,\"h\":34,\"i\":\"26\"},\"panelIndex\":\"26\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_4\"},{\"gridData\":{\"x\":0,\"y\":4,\"w\":9,\"h\":45,\"i\":\"27\"},\"version\":\"7.0.1\",\"panelIndex\":\"27\",\"embeddableConfig\":{},\"title\":\"\",\"panelRefName\":\"panel_5\"},{\"gridData\":{\"x\":0,\"y\":0,\"w\":24,\"h\":4,\"i\":\"28\"},\"version\":\"7.0.1\",\"panelIndex\":\"28\",\"embeddableConfig\":{},\"title\":\"\",\"panelRefName\":\"panel_6\"},{\"gridData\":{\"x\":24,\"y\":0,\"w\":18,\"h\":4,\"i\":\"29\"},\"version\":\"7.0.1\",\"panelIndex\":\"29\",\"embeddableConfig\":{},\"title\":\"\",\"panelRefName\":\"panel_7\"}]",
      "optionsJSON": "{\"darkTheme\":false,\"hidePanelTitles\":false,\"useMargins\":false}",
      "version": 1,
      "timeRestore": false,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[],\"highlightAll\":true,\"version\":true}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "dashboard": "7.0.0"
    },
    "_references": [
      {
        "name": "panel_0",
        "type": "visualization",
        "id": "f3890650-648d-11e8-9e8d-39632dc6b766"
      },
      {
        "name": "panel_1",
        "type": "visualization",
        "id": "49b038c0-81ff-11e9-8c3c-4925ccb1fc48"
      },
      {
        "name": "panel_2",
        "type": "visualization",
        "id": "7a660790-6448-11e8-9e8d-39632dc6b766"
      },
      {
        "name": "panel_3",
        "type": "visualization",
        "id": "55b888a0-6448-11e8-9e8d-39632dc6b766"
      },
      {
        "name": "panel_4",
        "type": "visualization",
        "id": "424af1d0-8216-11e9-8c3c-4925ccb1fc48"
      },
      {
        "name": "panel_5",
        "type": "visualization",
        "id": "8a33c210-8216-11e9-8c3c-4925ccb1fc48"
      },
      {
        "name": "panel_6",
        "type": "visualization",
        "id": "fdca6e50-821f-11e9-8c3c-4925ccb1fc48"
      },
      {
        "name": "panel_7",
        "type": "visualization",
        "id": "ba6bd420-82ae-11e9-8c3c-4925ccb1fc48"
      }
    ]
  },
  {
    "_id": "33703f40-82b0-11e9-8c3c-4925ccb1fc48",
    "_type": "dashboard",
    "_source": {
      "title": "Suricata: TLS (Messages)",
      "hits": 0,
      "description": "",
      "panelsJSON": "[{\"panelIndex\":\"2\",\"gridData\":{\"x\":42,\"y\":0,\"w\":6,\"h\":4,\"i\":\"2\"},\"title\":\"\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_0\"},{\"gridData\":{\"x\":0,\"y\":0,\"w\":24,\"h\":4,\"i\":\"10\"},\"version\":\"7.0.1\",\"panelIndex\":\"10\",\"embeddableConfig\":{},\"title\":\"\",\"panelRefName\":\"panel_1\"},{\"gridData\":{\"x\":24,\"y\":0,\"w\":18,\"h\":4,\"i\":\"11\"},\"version\":\"7.0.1\",\"panelIndex\":\"11\",\"embeddableConfig\":{},\"title\":\"\",\"panelRefName\":\"panel_2\"},{\"gridData\":{\"x\":0,\"y\":4,\"w\":9,\"h\":43,\"i\":\"12\"},\"version\":\"7.0.1\",\"panelIndex\":\"12\",\"embeddableConfig\":{},\"title\":\"\",\"panelRefName\":\"panel_3\"},{\"gridData\":{\"x\":9,\"y\":4,\"w\":8,\"h\":7,\"i\":\"13\"},\"version\":\"7.0.1\",\"panelIndex\":\"13\",\"embeddableConfig\":{},\"title\":\"\",\"panelRefName\":\"panel_4\"},{\"gridData\":{\"x\":17,\"y\":4,\"w\":31,\"h\":9,\"i\":\"14\"},\"version\":\"7.0.1\",\"panelIndex\":\"14\",\"embeddableConfig\":{},\"title\":\"\",\"panelRefName\":\"panel_5\"},{\"gridData\":{\"x\":9,\"y\":13,\"w\":39,\"h\":28,\"i\":\"15\"},\"version\":\"7.0.1\",\"panelIndex\":\"15\",\"embeddableConfig\":{},\"panelRefName\":\"panel_6\"}]",
      "optionsJSON": "{\"darkTheme\":false,\"hidePanelTitles\":false,\"useMargins\":false}",
      "version": 1,
      "timeRestore": false,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[],\"highlightAll\":true,\"version\":true}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "dashboard": "7.0.0"
    },
    "_references": [
      {
        "name": "panel_0",
        "type": "visualization",
        "id": "f3890650-648d-11e8-9e8d-39632dc6b766"
      },
      {
        "name": "panel_1",
        "type": "visualization",
        "id": "fdca6e50-821f-11e9-8c3c-4925ccb1fc48"
      },
      {
        "name": "panel_2",
        "type": "visualization",
        "id": "9f0e5db0-82ae-11e9-8c3c-4925ccb1fc48"
      },
      {
        "name": "panel_3",
        "type": "visualization",
        "id": "8a33c210-8216-11e9-8c3c-4925ccb1fc48"
      },
      {
        "name": "panel_4",
        "type": "visualization",
        "id": "e4823550-82b9-11e9-8c3c-4925ccb1fc48"
      },
      {
        "name": "panel_5",
        "type": "visualization",
        "id": "63539220-82ba-11e9-8c3c-4925ccb1fc48"
      },
      {
        "name": "panel_6",
        "type": "search",
        "id": "6dbd0910-823a-11e9-8c3c-4925ccb1fc48"
      }
    ]
  },
  {
    "_id": "e43a5af0-6695-11e8-a67b-cd4cf123b2a5",
    "_type": "dashboard",
    "_source": {
      "title": "Suricata: HTTP (Overview)",
      "hits": 0,
      "description": "",
      "panelsJSON": "[{\"gridData\":{\"x\":42,\"y\":0,\"w\":6,\"h\":4,\"i\":\"2\"},\"panelIndex\":\"2\",\"title\":\"\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_0\"},{\"gridData\":{\"x\":0,\"y\":4,\"w\":9,\"h\":41,\"i\":\"5\"},\"panelIndex\":\"5\",\"title\":\"\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_1\"},{\"gridData\":{\"x\":35,\"y\":10,\"w\":13,\"h\":11,\"i\":\"7\"},\"panelIndex\":\"7\",\"title\":\"Referrers (records)\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_2\"},{\"gridData\":{\"x\":35,\"y\":32,\"w\":12,\"h\":11,\"i\":\"8\"},\"panelIndex\":\"8\",\"title\":\"Content Types (records)\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_3\"},{\"gridData\":{\"x\":22,\"y\":32,\"w\":13,\"h\":11,\"i\":\"9\"},\"panelIndex\":\"9\",\"title\":\"Methods (records)\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_4\"},{\"gridData\":{\"x\":22,\"y\":10,\"w\":13,\"h\":11,\"i\":\"10\"},\"panelIndex\":\"10\",\"title\":\"HTTP Servers (records)\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_5\"},{\"gridData\":{\"x\":22,\"y\":21,\"w\":13,\"h\":11,\"i\":\"13\"},\"panelIndex\":\"13\",\"title\":\"User Applications (records)\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_6\"},{\"gridData\":{\"x\":9,\"y\":21,\"w\":13,\"h\":11,\"i\":\"14\"},\"panelIndex\":\"14\",\"title\":\"User Devices (records)\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_7\"},{\"gridData\":{\"x\":35,\"y\":21,\"w\":13,\"h\":11,\"i\":\"15\"},\"panelIndex\":\"15\",\"title\":\"User Operating Systems (records)\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_8\"},{\"gridData\":{\"x\":9,\"y\":10,\"w\":13,\"h\":11,\"i\":\"18\"},\"panelIndex\":\"18\",\"title\":\"HTTP Clients (records)\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_9\"},{\"gridData\":{\"x\":9,\"y\":32,\"w\":13,\"h\":11,\"i\":\"19\"},\"panelIndex\":\"19\",\"title\":\"HTTP Versions (records)\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_10\"},{\"gridData\":{\"x\":9,\"y\":4,\"w\":7,\"h\":6,\"i\":\"20\"},\"panelIndex\":\"20\",\"title\":\"\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_11\"},{\"gridData\":{\"x\":16,\"y\":4,\"w\":7,\"h\":6,\"i\":\"21\"},\"panelIndex\":\"21\",\"title\":\"\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_12\"},{\"gridData\":{\"x\":30,\"y\":4,\"w\":7,\"h\":6,\"i\":\"22\"},\"panelIndex\":\"22\",\"title\":\"\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_13\"},{\"gridData\":{\"x\":23,\"y\":4,\"w\":7,\"h\":6,\"i\":\"23\"},\"panelIndex\":\"23\",\"title\":\"\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_14\"},{\"gridData\":{\"x\":37,\"y\":4,\"w\":7,\"h\":6,\"i\":\"24\"},\"panelIndex\":\"24\",\"title\":\"\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_15\"},{\"gridData\":{\"x\":0,\"y\":0,\"w\":24,\"h\":4,\"i\":\"25\"},\"version\":\"7.0.1\",\"panelIndex\":\"25\",\"embeddableConfig\":{},\"title\":\"\",\"panelRefName\":\"panel_16\"},{\"gridData\":{\"x\":24,\"y\":0,\"w\":18,\"h\":4,\"i\":\"26\"},\"version\":\"7.0.1\",\"panelIndex\":\"26\",\"embeddableConfig\":{},\"title\":\"\",\"panelRefName\":\"panel_17\"}]",
      "optionsJSON": "{\"darkTheme\":false,\"hidePanelTitles\":false,\"useMargins\":false}",
      "version": 1,
      "timeRestore": false,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[],\"highlightAll\":true,\"version\":true}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "dashboard": "7.0.0"
    },
    "_references": [
      {
        "name": "panel_0",
        "type": "visualization",
        "id": "f3890650-648d-11e8-9e8d-39632dc6b766"
      },
      {
        "name": "panel_1",
        "type": "visualization",
        "id": "18b9c380-6a77-11e8-82af-6743288b8baf"
      },
      {
        "name": "panel_2",
        "type": "visualization",
        "id": "053f5dc0-6445-11e8-9e8d-39632dc6b766"
      },
      {
        "name": "panel_3",
        "type": "visualization",
        "id": "d28d4ef0-6444-11e8-9e8d-39632dc6b766"
      },
      {
        "name": "panel_4",
        "type": "visualization",
        "id": "ed12dbf0-6444-11e8-9e8d-39632dc6b766"
      },
      {
        "name": "panel_5",
        "type": "visualization",
        "id": "a6582b70-6444-11e8-9e8d-39632dc6b766"
      },
      {
        "name": "panel_6",
        "type": "visualization",
        "id": "01656eb0-6a76-11e8-82af-6743288b8baf"
      },
      {
        "name": "panel_7",
        "type": "visualization",
        "id": "f0410130-6a75-11e8-82af-6743288b8baf"
      },
      {
        "name": "panel_8",
        "type": "visualization",
        "id": "16ff10a0-6a76-11e8-82af-6743288b8baf"
      },
      {
        "name": "panel_9",
        "type": "visualization",
        "id": "840dd940-6a78-11e8-82af-6743288b8baf"
      },
      {
        "name": "panel_10",
        "type": "visualization",
        "id": "7315a700-6445-11e8-9e8d-39632dc6b766"
      },
      {
        "name": "panel_11",
        "type": "visualization",
        "id": "bb519670-6a7e-11e8-82af-6743288b8baf"
      },
      {
        "name": "panel_12",
        "type": "visualization",
        "id": "9fc6f580-6a7e-11e8-82af-6743288b8baf"
      },
      {
        "name": "panel_13",
        "type": "visualization",
        "id": "187df960-6a7f-11e8-82af-6743288b8baf"
      },
      {
        "name": "panel_14",
        "type": "visualization",
        "id": "ac9f6170-6a7e-11e8-82af-6743288b8baf"
      },
      {
        "name": "panel_15",
        "type": "visualization",
        "id": "de04cc00-6a7e-11e8-82af-6743288b8baf"
      },
      {
        "name": "panel_16",
        "type": "visualization",
        "id": "9bcc2820-7c65-11e9-ab58-c1e5cf60a7ac"
      },
      {
        "name": "panel_17",
        "type": "visualization",
        "id": "2a532ac0-7c67-11e9-ab58-c1e5cf60a7ac"
      }
    ]
  },
  {
    "_id": "8b61bf60-6661-11e8-a67b-cd4cf123b2a5",
    "_type": "dashboard",
    "_source": {
      "title": "Suricata: Threats (At-Risk Servers)",
      "hits": 0,
      "description": "",
      "panelsJSON": "[{\"panelIndex\":\"2\",\"gridData\":{\"x\":42,\"y\":0,\"w\":6,\"h\":4,\"i\":\"2\"},\"title\":\"\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_0\"},{\"panelIndex\":\"25\",\"gridData\":{\"x\":0,\"y\":4,\"w\":9,\"h\":45,\"i\":\"25\"},\"title\":\"\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_1\"},{\"panelIndex\":\"28\",\"gridData\":{\"x\":9,\"y\":14,\"w\":12,\"h\":35,\"i\":\"28\"},\"title\":\"At-Risk Servers\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_2\"},{\"panelIndex\":\"37\",\"gridData\":{\"x\":33,\"y\":14,\"w\":8,\"h\":35,\"i\":\"37\"},\"title\":\"Vulnerabilities\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_3\"},{\"panelIndex\":\"38\",\"gridData\":{\"x\":9,\"y\":4,\"w\":8,\"h\":7,\"i\":\"38\"},\"title\":\"\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_4\"},{\"panelIndex\":\"39\",\"gridData\":{\"x\":41,\"y\":14,\"w\":7,\"h\":35,\"i\":\"39\"},\"title\":\"IP Reputations\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_5\"},{\"panelIndex\":\"40\",\"gridData\":{\"x\":21,\"y\":14,\"w\":12,\"h\":35,\"i\":\"40\"},\"title\":\"Signatures\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_6\"},{\"panelIndex\":\"41\",\"gridData\":{\"x\":17,\"y\":4,\"w\":31,\"h\":10,\"i\":\"41\"},\"title\":\"\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_7\"},{\"gridData\":{\"x\":0,\"y\":0,\"w\":24,\"h\":4,\"i\":\"44\"},\"version\":\"7.0.1\",\"panelIndex\":\"44\",\"embeddableConfig\":{},\"title\":\"\",\"panelRefName\":\"panel_8\"},{\"gridData\":{\"x\":24,\"y\":0,\"w\":18,\"h\":4,\"i\":\"45\"},\"version\":\"7.0.1\",\"panelIndex\":\"45\",\"embeddableConfig\":{},\"title\":\"\",\"panelRefName\":\"panel_9\"}]",
      "optionsJSON": "{\"darkTheme\":false,\"hidePanelTitles\":false,\"useMargins\":false}",
      "version": 1,
      "timeRestore": false,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[],\"highlightAll\":true,\"version\":true}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "dashboard": "7.0.0"
    },
    "_references": [
      {
        "name": "panel_0",
        "type": "visualization",
        "id": "f3890650-648d-11e8-9e8d-39632dc6b766"
      },
      {
        "name": "panel_1",
        "type": "visualization",
        "id": "ae0b4b40-6651-11e8-a67b-cd4cf123b2a5"
      },
      {
        "name": "panel_2",
        "type": "visualization",
        "id": "24e5d8e0-6650-11e8-a67b-cd4cf123b2a5"
      },
      {
        "name": "panel_3",
        "type": "visualization",
        "id": "b4953ad0-6691-11e8-a67b-cd4cf123b2a5"
      },
      {
        "name": "panel_4",
        "type": "visualization",
        "id": "a78dcfa0-6691-11e8-a67b-cd4cf123b2a5"
      },
      {
        "name": "panel_5",
        "type": "visualization",
        "id": "bfeea7e0-6691-11e8-a67b-cd4cf123b2a5"
      },
      {
        "name": "panel_6",
        "type": "visualization",
        "id": "d3696170-6691-11e8-a67b-cd4cf123b2a5"
      },
      {
        "name": "panel_7",
        "type": "visualization",
        "id": "de726490-6691-11e8-a67b-cd4cf123b2a5"
      },
      {
        "name": "panel_8",
        "type": "visualization",
        "id": "0ab3ba50-7c66-11e9-ab58-c1e5cf60a7ac"
      },
      {
        "name": "panel_9",
        "type": "visualization",
        "id": "3fc21330-7c67-11e9-ab58-c1e5cf60a7ac"
      }
    ]
  },
  {
    "_id": "eec67e20-64ee-11e8-9e8d-39632dc6b766",
    "_type": "dashboard",
    "_source": {
      "title": "Suricata: Flows (Sankey)",
      "hits": 0,
      "description": "",
      "panelsJSON": "[{\"gridData\":{\"x\":42,\"y\":0,\"w\":6,\"h\":4,\"i\":\"2\"},\"panelIndex\":\"2\",\"title\":\"\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_0\"},{\"gridData\":{\"x\":0,\"y\":4,\"w\":9,\"h\":40,\"i\":\"3\"},\"panelIndex\":\"3\",\"title\":\"\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_1\"},{\"gridData\":{\"x\":9,\"y\":4,\"w\":12,\"h\":11,\"i\":\"5\"},\"panelIndex\":\"5\",\"title\":\"Clients (records)\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_2\"},{\"gridData\":{\"x\":9,\"y\":15,\"w\":12,\"h\":11,\"i\":\"6\"},\"panelIndex\":\"6\",\"title\":\"Servers (records)\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_3\"},{\"gridData\":{\"x\":9,\"y\":26,\"w\":12,\"h\":11,\"i\":\"7\"},\"panelIndex\":\"7\",\"title\":\"Services (records)\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_4\"},{\"gridData\":{\"x\":21,\"y\":4,\"w\":27,\"h\":38,\"i\":\"9\"},\"panelIndex\":\"9\",\"title\":\"\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_5\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":0,\"w\":24,\"h\":4,\"i\":\"11\"},\"panelIndex\":\"11\",\"title\":\"\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":24,\"y\":0,\"w\":18,\"h\":4,\"i\":\"12\"},\"panelIndex\":\"12\",\"title\":\"\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_7\"}]",
      "optionsJSON": "{\"darkTheme\":false,\"hidePanelTitles\":false,\"useMargins\":false}",
      "version": 1,
      "timeRestore": false,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[],\"highlightAll\":true,\"version\":true}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "dashboard": "7.0.0"
    },
    "_references": [
      {
        "name": "panel_0",
        "type": "visualization",
        "id": "f3890650-648d-11e8-9e8d-39632dc6b766"
      },
      {
        "name": "panel_1",
        "type": "visualization",
        "id": "ed2b5ed0-64b9-11e8-9e8d-39632dc6b766"
      },
      {
        "name": "panel_2",
        "type": "visualization",
        "id": "331efab0-64fa-11e8-9e8d-39632dc6b766"
      },
      {
        "name": "panel_3",
        "type": "visualization",
        "id": "3f20b5b0-64fa-11e8-9e8d-39632dc6b766"
      },
      {
        "name": "panel_4",
        "type": "visualization",
        "id": "533a6e60-64fa-11e8-9e8d-39632dc6b766"
      },
      {
        "name": "panel_5",
        "type": "visualization",
        "id": "e6e6a670-64f9-11e8-9e8d-39632dc6b766"
      },
      {
        "name": "panel_6",
        "type": "visualization",
        "id": "85e74c60-7c65-11e9-ab58-c1e5cf60a7ac"
      },
      {
        "name": "panel_7",
        "type": "visualization",
        "id": "f48201a0-7c66-11e9-ab58-c1e5cf60a7ac"
      }
    ]
  },
  {
    "_id": "4280b6f0-64b5-11e8-9e8d-39632dc6b766",
    "_type": "dashboard",
    "_source": {
      "title": "Suricata: Alerts (Messages)",
      "hits": 0,
      "description": "",
      "panelsJSON": "[{\"gridData\":{\"x\":42,\"y\":0,\"w\":6,\"h\":4,\"i\":\"2\"},\"panelIndex\":\"2\",\"title\":\"\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_0\"},{\"gridData\":{\"x\":0,\"y\":4,\"w\":9,\"h\":42,\"i\":\"23\"},\"panelIndex\":\"23\",\"title\":\"\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_1\"},{\"gridData\":{\"x\":17,\"y\":4,\"w\":31,\"h\":9,\"i\":\"24\"},\"panelIndex\":\"24\",\"title\":\"\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_2\"},{\"gridData\":{\"x\":9,\"y\":13,\"w\":39,\"h\":28,\"i\":\"26\"},\"panelIndex\":\"26\",\"title\":\"\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_3\"},{\"gridData\":{\"x\":9,\"y\":4,\"w\":8,\"h\":7,\"i\":\"27\"},\"panelIndex\":\"27\",\"title\":\"\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_4\"},{\"gridData\":{\"x\":24,\"y\":0,\"w\":18,\"h\":4,\"i\":\"28\"},\"version\":\"7.0.1\",\"panelIndex\":\"28\",\"embeddableConfig\":{},\"title\":\"\",\"panelRefName\":\"panel_5\"},{\"gridData\":{\"x\":0,\"y\":0,\"w\":24,\"h\":4,\"i\":\"29\"},\"version\":\"7.0.1\",\"panelIndex\":\"29\",\"embeddableConfig\":{},\"title\":\"\",\"panelRefName\":\"panel_6\"}]",
      "optionsJSON": "{\"darkTheme\":false,\"hidePanelTitles\":false,\"useMargins\":false}",
      "version": 1,
      "timeRestore": false,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[],\"highlightAll\":true,\"version\":true}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "dashboard": "7.0.0"
    },
    "_references": [
      {
        "name": "panel_0",
        "type": "visualization",
        "id": "f3890650-648d-11e8-9e8d-39632dc6b766"
      },
      {
        "name": "panel_1",
        "type": "visualization",
        "id": "4f5f1750-64aa-11e8-9e8d-39632dc6b766"
      },
      {
        "name": "panel_2",
        "type": "visualization",
        "id": "10544520-64b0-11e8-9e8d-39632dc6b766"
      },
      {
        "name": "panel_3",
        "type": "search",
        "id": "b1382980-6496-11e8-9e8d-39632dc6b766"
      },
      {
        "name": "panel_4",
        "type": "visualization",
        "id": "99ec9610-663c-11e8-a67b-cd4cf123b2a5"
      },
      {
        "name": "panel_5",
        "type": "visualization",
        "id": "2953ffb0-7c66-11e9-ab58-c1e5cf60a7ac"
      },
      {
        "name": "panel_6",
        "type": "visualization",
        "id": "0f4dc9f0-7c68-11e9-ab58-c1e5cf60a7ac"
      }
    ]
  },
  {
    "_id": "a7f80970-64ec-11e8-9e8d-39632dc6b766",
    "_type": "dashboard",
    "_source": {
      "title": "Suricata: Flows (Geo IP)",
      "hits": 0,
      "description": "",
      "panelsJSON": "[{\"panelIndex\":\"2\",\"gridData\":{\"x\":42,\"y\":0,\"w\":6,\"h\":4,\"i\":\"2\"},\"title\":\"\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_0\"},{\"panelIndex\":\"5\",\"gridData\":{\"x\":22,\"y\":4,\"w\":13,\"h\":11,\"i\":\"5\"},\"title\":\"Cities (records)\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_1\"},{\"panelIndex\":\"6\",\"gridData\":{\"x\":9,\"y\":4,\"w\":13,\"h\":11,\"i\":\"6\"},\"title\":\"Countries (records)\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_2\"},{\"panelIndex\":\"7\",\"gridData\":{\"x\":35,\"y\":4,\"w\":13,\"h\":11,\"i\":\"7\"},\"title\":\"Autonomous Systems (records)\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_3\"},{\"panelIndex\":\"8\",\"gridData\":{\"x\":9,\"y\":15,\"w\":19,\"h\":26,\"i\":\"8\"},\"embeddableConfig\":{\"mapZoom\":2,\"mapCenter\":[27.68352808378776,0.8789062500000001]},\"title\":\"Client Geo Locations (records)\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_4\"},{\"panelIndex\":\"9\",\"gridData\":{\"x\":28,\"y\":15,\"w\":19,\"h\":26,\"i\":\"9\"},\"embeddableConfig\":{\"mapZoom\":2,\"mapCenter\":[27.371767300523047,0.5273437500000001]},\"title\":\"Server Geo Locations (records)\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_5\"},{\"panelIndex\":\"10\",\"gridData\":{\"x\":0,\"y\":4,\"w\":9,\"h\":40,\"i\":\"10\"},\"title\":\"\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_6\"},{\"gridData\":{\"x\":0,\"y\":0,\"w\":24,\"h\":4,\"i\":\"12\"},\"version\":\"7.0.1\",\"panelIndex\":\"12\",\"embeddableConfig\":{},\"title\":\"\",\"panelRefName\":\"panel_7\"},{\"gridData\":{\"x\":24,\"y\":0,\"w\":18,\"h\":4,\"i\":\"13\"},\"version\":\"7.0.1\",\"panelIndex\":\"13\",\"embeddableConfig\":{},\"title\":\"\",\"panelRefName\":\"panel_8\"}]",
      "optionsJSON": "{\"darkTheme\":false,\"hidePanelTitles\":false,\"useMargins\":false}",
      "version": 1,
      "timeRestore": false,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[],\"highlightAll\":true,\"version\":true}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "dashboard": "7.0.0"
    },
    "_references": [
      {
        "name": "panel_0",
        "type": "visualization",
        "id": "f3890650-648d-11e8-9e8d-39632dc6b766"
      },
      {
        "name": "panel_1",
        "type": "visualization",
        "id": "efe56ed0-6442-11e8-9e8d-39632dc6b766"
      },
      {
        "name": "panel_2",
        "type": "visualization",
        "id": "02c39a40-6443-11e8-9e8d-39632dc6b766"
      },
      {
        "name": "panel_3",
        "type": "visualization",
        "id": "ddb73270-6442-11e8-9e8d-39632dc6b766"
      },
      {
        "name": "panel_4",
        "type": "visualization",
        "id": "2754fc10-64fb-11e8-9e8d-39632dc6b766"
      },
      {
        "name": "panel_5",
        "type": "visualization",
        "id": "36543fa0-64fb-11e8-9e8d-39632dc6b766"
      },
      {
        "name": "panel_6",
        "type": "visualization",
        "id": "bdce24e0-64fc-11e8-9e8d-39632dc6b766"
      },
      {
        "name": "panel_7",
        "type": "visualization",
        "id": "85e74c60-7c65-11e9-ab58-c1e5cf60a7ac"
      },
      {
        "name": "panel_8",
        "type": "visualization",
        "id": "aec05720-7c66-11e9-ab58-c1e5cf60a7ac"
      }
    ]
  },
  {
    "_id": "b333afd0-6661-11e8-a67b-cd4cf123b2a5",
    "_type": "dashboard",
    "_source": {
      "title": "Suricata: Threats (At-Risk Services)",
      "hits": 0,
      "description": "",
      "panelsJSON": "[{\"panelIndex\":\"2\",\"gridData\":{\"x\":42,\"y\":0,\"w\":6,\"h\":4,\"i\":\"2\"},\"title\":\"\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_0\"},{\"panelIndex\":\"25\",\"gridData\":{\"x\":0,\"y\":4,\"w\":9,\"h\":45,\"i\":\"25\"},\"title\":\"\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_1\"},{\"panelIndex\":\"27\",\"gridData\":{\"x\":9,\"y\":14,\"w\":12,\"h\":35,\"i\":\"27\"},\"title\":\"At-Risk Services\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_2\"},{\"panelIndex\":\"37\",\"gridData\":{\"x\":33,\"y\":14,\"w\":8,\"h\":35,\"i\":\"37\"},\"title\":\"Vulnerabilities\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_3\"},{\"panelIndex\":\"38\",\"gridData\":{\"x\":9,\"y\":4,\"w\":8,\"h\":7,\"i\":\"38\"},\"title\":\"\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_4\"},{\"panelIndex\":\"39\",\"gridData\":{\"x\":41,\"y\":14,\"w\":7,\"h\":36,\"i\":\"39\"},\"title\":\"IP Reputations\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_5\"},{\"panelIndex\":\"40\",\"gridData\":{\"x\":21,\"y\":14,\"w\":12,\"h\":35,\"i\":\"40\"},\"title\":\"Signatures\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_6\"},{\"panelIndex\":\"41\",\"gridData\":{\"x\":17,\"y\":4,\"w\":31,\"h\":10,\"i\":\"41\"},\"title\":\"\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_7\"},{\"gridData\":{\"x\":0,\"y\":0,\"w\":24,\"h\":4,\"i\":\"44\"},\"version\":\"7.0.1\",\"panelIndex\":\"44\",\"embeddableConfig\":{},\"title\":\"\",\"panelRefName\":\"panel_8\"},{\"gridData\":{\"x\":24,\"y\":0,\"w\":18,\"h\":4,\"i\":\"45\"},\"version\":\"7.0.1\",\"panelIndex\":\"45\",\"embeddableConfig\":{},\"title\":\"\",\"panelRefName\":\"panel_9\"}]",
      "optionsJSON": "{\"darkTheme\":false,\"hidePanelTitles\":false,\"useMargins\":false}",
      "version": 1,
      "timeRestore": false,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[],\"highlightAll\":true,\"version\":true}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "dashboard": "7.0.0"
    },
    "_references": [
      {
        "name": "panel_0",
        "type": "visualization",
        "id": "f3890650-648d-11e8-9e8d-39632dc6b766"
      },
      {
        "name": "panel_1",
        "type": "visualization",
        "id": "ae0b4b40-6651-11e8-a67b-cd4cf123b2a5"
      },
      {
        "name": "panel_2",
        "type": "visualization",
        "id": "77871b40-6650-11e8-a67b-cd4cf123b2a5"
      },
      {
        "name": "panel_3",
        "type": "visualization",
        "id": "b4953ad0-6691-11e8-a67b-cd4cf123b2a5"
      },
      {
        "name": "panel_4",
        "type": "visualization",
        "id": "a78dcfa0-6691-11e8-a67b-cd4cf123b2a5"
      },
      {
        "name": "panel_5",
        "type": "visualization",
        "id": "bfeea7e0-6691-11e8-a67b-cd4cf123b2a5"
      },
      {
        "name": "panel_6",
        "type": "visualization",
        "id": "d3696170-6691-11e8-a67b-cd4cf123b2a5"
      },
      {
        "name": "panel_7",
        "type": "visualization",
        "id": "de726490-6691-11e8-a67b-cd4cf123b2a5"
      },
      {
        "name": "panel_8",
        "type": "visualization",
        "id": "0ab3ba50-7c66-11e9-ab58-c1e5cf60a7ac"
      },
      {
        "name": "panel_9",
        "type": "visualization",
        "id": "5bac8760-7c67-11e9-ab58-c1e5cf60a7ac"
      }
    ]
  },
  {
    "_id": "d05a4110-64ee-11e8-9e8d-39632dc6b766",
    "_type": "dashboard",
    "_source": {
      "title": "Suricata: Flows (Top Services)",
      "hits": 0,
      "description": "",
      "panelsJSON": "[{\"panelIndex\":\"2\",\"gridData\":{\"x\":42,\"y\":0,\"w\":6,\"h\":4,\"i\":\"2\"},\"title\":\"\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_0\"},{\"panelIndex\":\"3\",\"gridData\":{\"x\":0,\"y\":4,\"w\":9,\"h\":45,\"i\":\"3\"},\"title\":\"\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_1\"},{\"panelIndex\":\"5\",\"gridData\":{\"x\":9,\"y\":4,\"w\":39,\"h\":15,\"i\":\"5\"},\"title\":\"Traffic by Service (bytes)\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_2\"},{\"panelIndex\":\"6\",\"gridData\":{\"x\":9,\"y\":19,\"w\":19,\"h\":30,\"i\":\"6\"},\"title\":\"Top Services\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_3\"},{\"panelIndex\":\"7\",\"gridData\":{\"x\":28,\"y\":19,\"w\":19,\"h\":30,\"i\":\"7\"},\"title\":\"Top Application Protocols\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_4\"},{\"gridData\":{\"x\":0,\"y\":0,\"w\":24,\"h\":4,\"i\":\"9\"},\"version\":\"7.0.1\",\"panelIndex\":\"9\",\"embeddableConfig\":{},\"title\":\"\",\"panelRefName\":\"panel_5\"},{\"gridData\":{\"x\":24,\"y\":0,\"w\":18,\"h\":4,\"i\":\"10\"},\"version\":\"7.0.1\",\"panelIndex\":\"10\",\"embeddableConfig\":{},\"title\":\"\",\"panelRefName\":\"panel_6\"}]",
      "optionsJSON": "{\"darkTheme\":false,\"hidePanelTitles\":false,\"useMargins\":false}",
      "version": 1,
      "timeRestore": false,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[],\"highlightAll\":true,\"version\":true}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "dashboard": "7.0.0"
    },
    "_references": [
      {
        "name": "panel_0",
        "type": "visualization",
        "id": "f3890650-648d-11e8-9e8d-39632dc6b766"
      },
      {
        "name": "panel_1",
        "type": "visualization",
        "id": "ed2b5ed0-64b9-11e8-9e8d-39632dc6b766"
      },
      {
        "name": "panel_2",
        "type": "visualization",
        "id": "c4a0bf60-64fe-11e8-9e8d-39632dc6b766"
      },
      {
        "name": "panel_3",
        "type": "visualization",
        "id": "b4f1e570-64ff-11e8-9e8d-39632dc6b766"
      },
      {
        "name": "panel_4",
        "type": "visualization",
        "id": "4e0c6280-6500-11e8-9e8d-39632dc6b766"
      },
      {
        "name": "panel_5",
        "type": "visualization",
        "id": "85e74c60-7c65-11e9-ab58-c1e5cf60a7ac"
      },
      {
        "name": "panel_6",
        "type": "visualization",
        "id": "014f7110-7c67-11e9-ab58-c1e5cf60a7ac"
      }
    ]
  },
  {
    "_id": "61f52550-64ee-11e8-9e8d-39632dc6b766",
    "_type": "dashboard",
    "_source": {
      "title": "Suricata: Flows (Top Talkers)",
      "hits": 0,
      "description": "",
      "panelsJSON": "[{\"panelIndex\":\"2\",\"gridData\":{\"x\":42,\"y\":0,\"w\":6,\"h\":4,\"i\":\"2\"},\"title\":\"\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_0\"},{\"panelIndex\":\"3\",\"gridData\":{\"x\":0,\"y\":4,\"w\":9,\"h\":45,\"i\":\"3\"},\"title\":\"\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_1\"},{\"panelIndex\":\"21\",\"gridData\":{\"x\":9,\"y\":19,\"w\":19,\"h\":30,\"i\":\"21\"},\"title\":\"Top Clients\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_2\"},{\"panelIndex\":\"22\",\"gridData\":{\"x\":28,\"y\":19,\"w\":19,\"h\":30,\"i\":\"22\"},\"title\":\"Top Servers\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_3\"},{\"panelIndex\":\"24\",\"gridData\":{\"x\":9,\"y\":4,\"w\":39,\"h\":15,\"i\":\"24\"},\"title\":\"Traffic by Service (bytes)\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_4\"},{\"gridData\":{\"x\":0,\"y\":0,\"w\":24,\"h\":4,\"i\":\"26\"},\"version\":\"7.0.1\",\"panelIndex\":\"26\",\"embeddableConfig\":{},\"title\":\"\",\"panelRefName\":\"panel_5\"},{\"gridData\":{\"x\":24,\"y\":0,\"w\":18,\"h\":4,\"i\":\"27\"},\"version\":\"7.0.1\",\"panelIndex\":\"27\",\"embeddableConfig\":{},\"title\":\"\",\"panelRefName\":\"panel_6\"}]",
      "optionsJSON": "{\"darkTheme\":false,\"hidePanelTitles\":false,\"useMargins\":false}",
      "version": 1,
      "timeRestore": false,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[],\"highlightAll\":true,\"version\":true}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "dashboard": "7.0.0"
    },
    "_references": [
      {
        "name": "panel_0",
        "type": "visualization",
        "id": "f3890650-648d-11e8-9e8d-39632dc6b766"
      },
      {
        "name": "panel_1",
        "type": "visualization",
        "id": "ed2b5ed0-64b9-11e8-9e8d-39632dc6b766"
      },
      {
        "name": "panel_2",
        "type": "visualization",
        "id": "e5cc0520-64ed-11e8-9e8d-39632dc6b766"
      },
      {
        "name": "panel_3",
        "type": "visualization",
        "id": "32ae06e0-64ee-11e8-9e8d-39632dc6b766"
      },
      {
        "name": "panel_4",
        "type": "visualization",
        "id": "c4a0bf60-64fe-11e8-9e8d-39632dc6b766"
      },
      {
        "name": "panel_5",
        "type": "visualization",
        "id": "85e74c60-7c65-11e9-ab58-c1e5cf60a7ac"
      },
      {
        "name": "panel_6",
        "type": "visualization",
        "id": "0eab16c0-7c67-11e9-ab58-c1e5cf60a7ac"
      }
    ]
  },
  {
    "_id": "ed2b5ed0-64b9-11e8-9e8d-39632dc6b766",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: Flows - input list",
      "visState": "{\"title\":\"Suricata: Flows - input list\",\"type\":\"input_control_vis\",\"params\":{\"controls\":[{\"id\":\"1527742767549\",\"fieldName\":\"node.hostname\",\"label\":\"Suricata Instance\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":200,\"order\":\"desc\"},\"indexPatternRefName\":\"control_0_index_pattern\"},{\"id\":\"1527742882773\",\"fieldName\":\"client_hostname\",\"label\":\"Client\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":2500,\"order\":\"desc\"},\"indexPatternRefName\":\"control_1_index_pattern\"},{\"id\":\"1527742906725\",\"fieldName\":\"server_hostname\",\"label\":\"Server\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":2500,\"order\":\"desc\"},\"indexPatternRefName\":\"control_2_index_pattern\"},{\"id\":\"1527742928304\",\"fieldName\":\"service_name\",\"label\":\"Service\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":1000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_3_index_pattern\"},{\"id\":\"1527761054405\",\"fieldName\":\"traffic_locality\",\"label\":\"Traffic Locality\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":5,\"order\":\"desc\"},\"indexPatternRefName\":\"control_4_index_pattern\"},{\"id\":\"1527752383061\",\"fieldName\":\"rep_tags\",\"label\":\"IP Reputation\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":500,\"order\":\"desc\"},\"indexPatternRefName\":\"control_5_index_pattern\"}],\"updateFiltersOnChange\":true,\"useTimeFilter\":true},\"aggs\":[]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "control_0_index_pattern",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "control_1_index_pattern",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "control_2_index_pattern",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "control_3_index_pattern",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "control_4_index_pattern",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "control_5_index_pattern",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "bdce24e0-64fc-11e8-9e8d-39632dc6b766",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: Flows - Geo IP - input list",
      "visState": "{\"title\":\"Suricata: Flows - Geo IP - input list\",\"type\":\"input_control_vis\",\"params\":{\"controls\":[{\"id\":\"1527742767549\",\"fieldName\":\"node.hostname\",\"label\":\"Suricata Instance\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":200,\"order\":\"desc\"},\"indexPatternRefName\":\"control_0_index_pattern\"},{\"id\":\"1527789562972\",\"fieldName\":\"country\",\"label\":\"Country\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":250,\"order\":\"desc\"},\"indexPatternRefName\":\"control_1_index_pattern\"},{\"id\":\"1527789662577\",\"fieldName\":\"city\",\"label\":\"City\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":1000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_2_index_pattern\"},{\"id\":\"1527742882773\",\"fieldName\":\"client_hostname\",\"label\":\"Client\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":2500,\"order\":\"desc\"},\"indexPatternRefName\":\"control_3_index_pattern\"},{\"id\":\"1527742906725\",\"fieldName\":\"server_hostname\",\"label\":\"Server\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":2500,\"order\":\"desc\"},\"indexPatternRefName\":\"control_4_index_pattern\"},{\"id\":\"1527742928304\",\"fieldName\":\"service_name\",\"label\":\"Service\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":1000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_5_index_pattern\"},{\"id\":\"1527752383061\",\"fieldName\":\"rep_tags\",\"label\":\"IP Reputation\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":500,\"order\":\"desc\"},\"indexPatternRefName\":\"control_6_index_pattern\"}],\"updateFiltersOnChange\":true,\"useTimeFilter\":true},\"aggs\":[]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "control_0_index_pattern",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "control_1_index_pattern",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "control_2_index_pattern",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "control_3_index_pattern",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "control_4_index_pattern",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "control_5_index_pattern",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "control_6_index_pattern",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "009e4c40-6693-11e8-a67b-cd4cf123b2a5",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: Threat (High-Risk Clients) - Count - TSVB (metric)",
      "visState": "{\"title\":\"Suricata: Threat (High-Risk Clients) - Count - TSVB (metric)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"},{\"id\":\"69310560-64a2-11e8-99f1-8985c7aed077\",\"type\":\"cumulative_sum\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"bar\",\"line_width\":1,\"point_size\":1,\"fill\":\"0.6\",\"stacked\":\"none\",\"terms_field\":\"event.subtype\",\"terms_size\":\"25\",\"label\":\"Threats\",\"filter\":\"\",\"series_drop_last_bucket\":0}],\"time_field\":\"@timestamp\",\"index_pattern\":\"suricata-*\",\"interval\":\"auto\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"annotations\":[{\"fields\":\"alert.category\",\"template\":\"{{alert.category}}\",\"index_pattern\":\"suricata-*\",\"query_string\":\"event.subtype: alert AND log.severity:alert\",\"id\":\"3d25aed0-6493-11e8-99f1-8985c7aed077\",\"color\":\"#F00\",\"time_field\":\"@timestamp\",\"icon\":\"fa-exclamation-triangle\",\"ignore_global_filters\":0,\"ignore_panel_filters\":1},{\"fields\":\"alert.category\",\"template\":\"{{alert.category}}\",\"index_pattern\":\"suricata-*\",\"query_string\":\"event.subtype: alert AND log.severity:critical\",\"id\":\"78f5d950-6496-11e8-99f1-8985c7aed077\",\"color\":\"rgba(251,158,0,1)\",\"time_field\":\"@timestamp\",\"icon\":\"fa-exclamation-triangle\",\"ignore_global_filters\":0,\"ignore_panel_filters\":1},{\"fields\":\"alert.category\",\"template\":\"{{alert.category}}\",\"index_pattern\":\"suricata-*\",\"query_string\":\"event.subtype: alert AND log.severity:warning\",\"id\":\"e83c7b70-6496-11e8-99f1-8985c7aed077\",\"color\":\"rgba(0,156,224,1)\",\"time_field\":\"@timestamp\",\"icon\":\"fa-exclamation-triangle\",\"ignore_global_filters\":0,\"ignore_panel_filters\":1},{\"fields\":\"alert.category\",\"template\":\"{{alert.category}}\",\"index_pattern\":\"suricata-*\",\"query_string\":\"event.subtype: alert AND log.severity:notice\",\"id\":\"f7dda450-6496-11e8-99f1-8985c7aed077\",\"color\":\"rgba(171,20,158,1)\",\"time_field\":\"@timestamp\",\"icon\":\"fa-tag\",\"ignore_global_filters\":0,\"ignore_panel_filters\":1}],\"background_color_rules\":[{\"id\":\"b815afa0-663c-11e8-b6ec-5d5d71f405df\"}],\"filter\":\"( _exists_: alert.severity OR _exists_: rep_tags ) AND client_autonomous_system: private AND NOT server_autonomous_system: private\"},\"aggs\":[]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": []
  },
  {
    "_id": "01eff230-6696-11e8-a67b-cd4cf123b2a5",
    "_type": "dashboard",
    "_source": {
      "title": "Suricata: DNS (Overview)",
      "hits": 0,
      "description": "",
      "panelsJSON": "[{\"gridData\":{\"x\":42,\"y\":0,\"w\":6,\"h\":4,\"i\":\"2\"},\"panelIndex\":\"2\",\"title\":\"\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_0\"},{\"gridData\":{\"x\":0,\"y\":4,\"w\":9,\"h\":41,\"i\":\"4\"},\"panelIndex\":\"4\",\"title\":\"\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_1\"},{\"gridData\":{\"x\":9,\"y\":15,\"w\":13,\"h\":11,\"i\":\"6\"},\"panelIndex\":\"6\",\"title\":\"DNS Message Type (records)\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_2\"},{\"gridData\":{\"x\":22,\"y\":15,\"w\":13,\"h\":11,\"i\":\"7\"},\"panelIndex\":\"7\",\"title\":\"DNS Record Type (records)\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_3\"},{\"gridData\":{\"x\":35,\"y\":15,\"w\":13,\"h\":11,\"i\":\"8\"},\"panelIndex\":\"8\",\"title\":\"DNS Response Codes (records)\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_4\"},{\"gridData\":{\"x\":22,\"y\":4,\"w\":13,\"h\":11,\"i\":\"10\"},\"panelIndex\":\"10\",\"title\":\"DNS Servers (records)\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_5\"},{\"gridData\":{\"x\":9,\"y\":26,\"w\":19,\"h\":15,\"i\":\"11\"},\"panelIndex\":\"11\",\"title\":\"Top Queries\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_6\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":0,\"y\":0,\"w\":24,\"h\":4,\"i\":\"18\"},\"panelIndex\":\"18\",\"title\":\"\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_7\"},{\"embeddableConfig\":{},\"gridData\":{\"x\":24,\"y\":0,\"w\":18,\"h\":4,\"i\":\"19\"},\"panelIndex\":\"19\",\"title\":\"\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_8\"},{\"gridData\":{\"x\":9,\"y\":4,\"w\":13,\"h\":11,\"i\":\"20\"},\"version\":\"7.0.1\",\"panelIndex\":\"20\",\"embeddableConfig\":{},\"title\":\"Clients (records)\",\"panelRefName\":\"panel_9\"},{\"gridData\":{\"x\":29,\"y\":26,\"w\":19,\"h\":15,\"i\":\"21\"},\"version\":\"7.0.1\",\"panelIndex\":\"21\",\"embeddableConfig\":{},\"title\":\"Top Answers\",\"panelRefName\":\"panel_10\"},{\"gridData\":{\"x\":35,\"y\":4,\"w\":13,\"h\":11,\"i\":\"22\"},\"version\":\"7.0.1\",\"panelIndex\":\"22\",\"embeddableConfig\":{},\"title\":\"\",\"panelRefName\":\"panel_11\"}]",
      "optionsJSON": "{\"darkTheme\":false,\"hidePanelTitles\":false,\"useMargins\":false}",
      "version": 1,
      "timeRestore": false,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[],\"highlightAll\":true,\"version\":true}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "dashboard": "7.0.0"
    },
    "_references": [
      {
        "name": "panel_0",
        "type": "visualization",
        "id": "f3890650-648d-11e8-9e8d-39632dc6b766"
      },
      {
        "name": "panel_1",
        "type": "visualization",
        "id": "9ee75900-6a80-11e8-82af-6743288b8baf"
      },
      {
        "name": "panel_2",
        "type": "visualization",
        "id": "f35dd740-6443-11e8-9e8d-39632dc6b766"
      },
      {
        "name": "panel_3",
        "type": "visualization",
        "id": "b3efe530-6443-11e8-9e8d-39632dc6b766"
      },
      {
        "name": "panel_4",
        "type": "visualization",
        "id": "3cf97d10-6443-11e8-9e8d-39632dc6b766"
      },
      {
        "name": "panel_5",
        "type": "visualization",
        "id": "a2388d90-6a85-11e8-82af-6743288b8baf"
      },
      {
        "name": "panel_6",
        "type": "visualization",
        "id": "f7317b90-6a85-11e8-82af-6743288b8baf"
      },
      {
        "name": "panel_7",
        "type": "visualization",
        "id": "1b641e60-7c68-11e9-ab58-c1e5cf60a7ac"
      },
      {
        "name": "panel_8",
        "type": "visualization",
        "id": "6561afc0-7c66-11e9-ab58-c1e5cf60a7ac"
      },
      {
        "name": "panel_9",
        "type": "visualization",
        "id": "2b4bbb70-82d1-11e9-8c3c-4925ccb1fc48"
      },
      {
        "name": "panel_10",
        "type": "visualization",
        "id": "4105e840-82d2-11e9-8c3c-4925ccb1fc48"
      },
      {
        "name": "panel_11",
        "type": "visualization",
        "id": "3e1c1990-648f-11e8-9e8d-39632dc6b766"
      }
    ]
  },
  {
    "_id": "ab96faa0-6677-11e8-a67b-cd4cf123b2a5",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: Threat (Public Attackers) - Count - TSVB (metric)",
      "visState": "{\"title\":\"Suricata: Threat (Public Attackers) - Count - TSVB (metric)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"},{\"id\":\"69310560-64a2-11e8-99f1-8985c7aed077\",\"type\":\"cumulative_sum\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"bar\",\"line_width\":1,\"point_size\":1,\"fill\":\"0.6\",\"stacked\":\"none\",\"terms_field\":\"event.subtype\",\"terms_size\":\"25\",\"label\":\"Threats\",\"filter\":\"\",\"series_drop_last_bucket\":0}],\"time_field\":\"@timestamp\",\"index_pattern\":\"suricata-*\",\"interval\":\"auto\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"annotations\":[{\"fields\":\"alert.category\",\"template\":\"{{alert.category}}\",\"index_pattern\":\"suricata-*\",\"query_string\":\"event.subtype: alert AND log.severity:alert\",\"id\":\"3d25aed0-6493-11e8-99f1-8985c7aed077\",\"color\":\"#F00\",\"time_field\":\"@timestamp\",\"icon\":\"fa-exclamation-triangle\",\"ignore_global_filters\":0,\"ignore_panel_filters\":1},{\"fields\":\"alert.category\",\"template\":\"{{alert.category}}\",\"index_pattern\":\"suricata-*\",\"query_string\":\"event.subtype: alert AND log.severity:critical\",\"id\":\"78f5d950-6496-11e8-99f1-8985c7aed077\",\"color\":\"rgba(251,158,0,1)\",\"time_field\":\"@timestamp\",\"icon\":\"fa-exclamation-triangle\",\"ignore_global_filters\":0,\"ignore_panel_filters\":1},{\"fields\":\"alert.category\",\"template\":\"{{alert.category}}\",\"index_pattern\":\"suricata-*\",\"query_string\":\"event.subtype: alert AND log.severity:warning\",\"id\":\"e83c7b70-6496-11e8-99f1-8985c7aed077\",\"color\":\"rgba(0,156,224,1)\",\"time_field\":\"@timestamp\",\"icon\":\"fa-exclamation-triangle\",\"ignore_global_filters\":0,\"ignore_panel_filters\":1},{\"fields\":\"alert.category\",\"template\":\"{{alert.category}}\",\"index_pattern\":\"suricata-*\",\"query_string\":\"event.subtype: alert AND log.severity:notice\",\"id\":\"f7dda450-6496-11e8-99f1-8985c7aed077\",\"color\":\"rgba(171,20,158,1)\",\"time_field\":\"@timestamp\",\"icon\":\"fa-tag\",\"ignore_global_filters\":0,\"ignore_panel_filters\":1}],\"background_color_rules\":[{\"id\":\"b815afa0-663c-11e8-b6ec-5d5d71f405df\"}],\"filter\":\"( _exists_: alert.severity OR _exists_: rep_tags ) AND NOT client_autonomous_system: private\"},\"aggs\":[]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": []
  },
  {
    "_id": "a78dcfa0-6691-11e8-a67b-cd4cf123b2a5",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: Threat (At-Risk Servers) - Count - TSVB (metric)",
      "visState": "{\"title\":\"Suricata: Threat (At-Risk Servers) - Count - TSVB (metric)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"},{\"id\":\"69310560-64a2-11e8-99f1-8985c7aed077\",\"type\":\"cumulative_sum\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"bar\",\"line_width\":1,\"point_size\":1,\"fill\":\"0.6\",\"stacked\":\"none\",\"terms_field\":\"event.subtype\",\"terms_size\":\"25\",\"label\":\"Threats\",\"filter\":\"\",\"series_drop_last_bucket\":0}],\"time_field\":\"@timestamp\",\"index_pattern\":\"suricata-*\",\"interval\":\"auto\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"annotations\":[{\"fields\":\"alert.category\",\"template\":\"{{alert.category}}\",\"index_pattern\":\"suricata-*\",\"query_string\":\"event.subtype: alert AND log.severity:alert\",\"id\":\"3d25aed0-6493-11e8-99f1-8985c7aed077\",\"color\":\"#F00\",\"time_field\":\"@timestamp\",\"icon\":\"fa-exclamation-triangle\",\"ignore_global_filters\":0,\"ignore_panel_filters\":1},{\"fields\":\"alert.category\",\"template\":\"{{alert.category}}\",\"index_pattern\":\"suricata-*\",\"query_string\":\"event.subtype: alert AND log.severity:critical\",\"id\":\"78f5d950-6496-11e8-99f1-8985c7aed077\",\"color\":\"rgba(251,158,0,1)\",\"time_field\":\"@timestamp\",\"icon\":\"fa-exclamation-triangle\",\"ignore_global_filters\":0,\"ignore_panel_filters\":1},{\"fields\":\"alert.category\",\"template\":\"{{alert.category}}\",\"index_pattern\":\"suricata-*\",\"query_string\":\"event.subtype: alert AND log.severity:warning\",\"id\":\"e83c7b70-6496-11e8-99f1-8985c7aed077\",\"color\":\"rgba(0,156,224,1)\",\"time_field\":\"@timestamp\",\"icon\":\"fa-exclamation-triangle\",\"ignore_global_filters\":0,\"ignore_panel_filters\":1},{\"fields\":\"alert.category\",\"template\":\"{{alert.category}}\",\"index_pattern\":\"suricata-*\",\"query_string\":\"event.subtype: alert AND log.severity:notice\",\"id\":\"f7dda450-6496-11e8-99f1-8985c7aed077\",\"color\":\"rgba(171,20,158,1)\",\"time_field\":\"@timestamp\",\"icon\":\"fa-tag\",\"ignore_global_filters\":0,\"ignore_panel_filters\":1}],\"background_color_rules\":[{\"id\":\"b815afa0-663c-11e8-b6ec-5d5d71f405df\"}],\"filter\":\"( _exists_: alert.severity OR _exists_: rep_tags ) AND server_autonomous_system: private\"},\"aggs\":[]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": []
  },
  {
    "_id": "34f22930-665c-11e8-a67b-cd4cf123b2a5",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: Logs by Alert Severity & IP Reputation - TSVB (stacked bar)",
      "visState": "{\"title\":\"Suricata: Logs by Alert Severity & IP Reputation - TSVB (stacked bar)\",\"type\":\"metrics\",\"params\":{\"annotations\":[],\"axis_formatter\":\"number\",\"axis_min\":\"0\",\"axis_position\":\"left\",\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"suricata-*\",\"interval\":\">=1m\",\"series\":[{\"id\":\"645fe9d0-6659-11e8-9465-c9d44be09ca7\",\"color\":\"rgba(0,98,177,1)\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"646010e0-6659-11e8-9465-c9d44be09ca7\",\"type\":\"count\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"3\",\"point_size\":\"0\",\"fill\":\"0\",\"stacked\":\"none\",\"filter\":\"_exists_: rep_tags\",\"axis_min\":\"\",\"label\":\"Bad Reputation\"},{\"axis_position\":\"right\",\"chart_type\":\"bar\",\"color\":\"rgba(244,78,59,1)\",\"fill\":\"1\",\"filter\":\"alert.severity: 1\",\"formatter\":\"number\",\"id\":\"e1d24840-64ab-11e8-ad8a-29349eba0f86\",\"label\":\"Alert\",\"line_width\":\"0\",\"metrics\":[{\"id\":\"e1d24841-64ab-11e8-ad8a-29349eba0f86\",\"type\":\"count\"}],\"point_size\":\"6\",\"seperate_axis\":0,\"split_mode\":\"everything\",\"stacked\":\"stacked\",\"terms_field\":\"event.subtype\",\"terms_size\":\"25\"},{\"axis_position\":\"right\",\"chart_type\":\"bar\",\"color\":\"rgba(254,146,0,1)\",\"fill\":\"1\",\"filter\":\"alert.severity: 2\",\"formatter\":\"number\",\"id\":\"fc678cb0-64ab-11e8-ad8a-29349eba0f86\",\"label\":\"Critical\",\"line_width\":\"0\",\"metrics\":[{\"id\":\"fc678cb1-64ab-11e8-ad8a-29349eba0f86\",\"type\":\"count\"}],\"point_size\":\"6\",\"seperate_axis\":0,\"split_mode\":\"everything\",\"stacked\":\"stacked\",\"terms_field\":\"event.subtype\",\"terms_size\":\"25\"},{\"axis_position\":\"right\",\"chart_type\":\"bar\",\"color\":\"rgba(0,156,224,1)\",\"fill\":\"1\",\"filter\":\"alert.severity: 3\",\"formatter\":\"number\",\"id\":\"1b391b40-64ac-11e8-ad8a-29349eba0f86\",\"label\":\"Warning\",\"line_width\":\"0\",\"metrics\":[{\"id\":\"1b391b41-64ac-11e8-ad8a-29349eba0f86\",\"type\":\"count\"}],\"point_size\":\"6\",\"seperate_axis\":0,\"split_mode\":\"everything\",\"stacked\":\"stacked\",\"terms_field\":\"event.subtype\",\"terms_size\":\"25\"},{\"axis_position\":\"right\",\"chart_type\":\"bar\",\"color\":\"rgba(171,20,158,1)\",\"fill\":\"1\",\"filter\":\"alert.severity: 4\",\"formatter\":\"number\",\"id\":\"33888e60-64ac-11e8-ad8a-29349eba0f86\",\"label\":\"Notice\",\"line_width\":\"0\",\"metrics\":[{\"id\":\"33888e61-64ac-11e8-ad8a-29349eba0f86\",\"type\":\"count\"}],\"point_size\":\"6\",\"seperate_axis\":0,\"split_mode\":\"everything\",\"stacked\":\"stacked\",\"terms_field\":\"event.subtype\",\"terms_size\":\"25\"},{\"axis_position\":\"right\",\"chart_type\":\"bar\",\"color\":\"rgba(123,100,255,1)\",\"fill\":\"1\",\"filter\":\"alert.severity: [5 to *]\",\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"Other\",\"line_width\":\"0\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"point_size\":1,\"seperate_axis\":0,\"split_mode\":\"everything\",\"stacked\":\"stacked\",\"terms_field\":\"event.subtype\",\"terms_size\":\"25\",\"value_template\":\"{{value}}\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"timeseries\",\"filter\":\"_exists_: alert.severity OR _exists_: rep_tags\"},\"aggs\":[]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": []
  },
  {
    "_id": "5167d760-6a83-11e8-82af-6743288b8baf",
    "_type": "dashboard",
    "_source": {
      "title": "Suricata: DNS (Messages)",
      "hits": 0,
      "description": "",
      "panelsJSON": "[{\"panelIndex\":\"2\",\"gridData\":{\"x\":42,\"y\":0,\"w\":6,\"h\":4,\"i\":\"2\"},\"title\":\"\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_0\"},{\"panelIndex\":\"4\",\"gridData\":{\"x\":0,\"y\":4,\"w\":9,\"h\":41,\"i\":\"4\"},\"title\":\"\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_1\"},{\"panelIndex\":\"6\",\"gridData\":{\"x\":9,\"y\":4,\"w\":8,\"h\":7,\"i\":\"6\"},\"title\":\"\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_2\"},{\"panelIndex\":\"7\",\"gridData\":{\"x\":17,\"y\":4,\"w\":31,\"h\":9,\"i\":\"7\"},\"title\":\"\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_3\"},{\"title\":\"\",\"panelIndex\":\"8\",\"gridData\":{\"x\":9,\"y\":13,\"w\":39,\"h\":29,\"i\":\"8\"},\"version\":\"7.0.1\",\"panelRefName\":\"panel_4\"},{\"gridData\":{\"x\":0,\"y\":0,\"w\":24,\"h\":4,\"i\":\"9\"},\"version\":\"7.0.1\",\"panelIndex\":\"9\",\"embeddableConfig\":{},\"title\":\"\",\"panelRefName\":\"panel_5\"},{\"gridData\":{\"x\":24,\"y\":0,\"w\":18,\"h\":4,\"i\":\"10\"},\"version\":\"7.0.1\",\"panelIndex\":\"10\",\"embeddableConfig\":{},\"title\":\"\",\"panelRefName\":\"panel_6\"}]",
      "optionsJSON": "{\"darkTheme\":false,\"hidePanelTitles\":false,\"useMargins\":false}",
      "version": 1,
      "timeRestore": false,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[],\"highlightAll\":true,\"version\":true}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "dashboard": "7.0.0"
    },
    "_references": [
      {
        "name": "panel_0",
        "type": "visualization",
        "id": "f3890650-648d-11e8-9e8d-39632dc6b766"
      },
      {
        "name": "panel_1",
        "type": "visualization",
        "id": "9ee75900-6a80-11e8-82af-6743288b8baf"
      },
      {
        "name": "panel_2",
        "type": "visualization",
        "id": "d75ca340-6a84-11e8-82af-6743288b8baf"
      },
      {
        "name": "panel_3",
        "type": "visualization",
        "id": "bfdf9b50-6a84-11e8-82af-6743288b8baf"
      },
      {
        "name": "panel_4",
        "type": "search",
        "id": "275fa0a0-6a70-11e8-82af-6743288b8baf"
      },
      {
        "name": "panel_5",
        "type": "visualization",
        "id": "1b641e60-7c68-11e9-ab58-c1e5cf60a7ac"
      },
      {
        "name": "panel_6",
        "type": "visualization",
        "id": "54ccff20-7c66-11e9-ab58-c1e5cf60a7ac"
      }
    ]
  },
  {
    "_id": "26528cf0-82b0-11e9-8c3c-4925ccb1fc48",
    "_type": "dashboard",
    "_source": {
      "title": "Suricata: SSH (Messages)",
      "hits": 0,
      "description": "",
      "panelsJSON": "[{\"panelIndex\":\"2\",\"gridData\":{\"x\":42,\"y\":0,\"w\":6,\"h\":4,\"i\":\"2\"},\"title\":\"\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_0\"},{\"gridData\":{\"x\":0,\"y\":0,\"w\":24,\"h\":4,\"i\":\"10\"},\"version\":\"7.0.1\",\"panelIndex\":\"10\",\"embeddableConfig\":{},\"title\":\"\",\"panelRefName\":\"panel_1\"},{\"gridData\":{\"x\":24,\"y\":0,\"w\":18,\"h\":4,\"i\":\"11\"},\"version\":\"7.0.1\",\"panelIndex\":\"11\",\"embeddableConfig\":{},\"title\":\"\",\"panelRefName\":\"panel_2\"},{\"gridData\":{\"x\":0,\"y\":4,\"w\":9,\"h\":50,\"i\":\"12\"},\"version\":\"7.0.1\",\"panelIndex\":\"12\",\"embeddableConfig\":{},\"title\":\"\",\"panelRefName\":\"panel_3\"},{\"gridData\":{\"x\":9,\"y\":4,\"w\":8,\"h\":7,\"i\":\"13\"},\"version\":\"7.0.1\",\"panelIndex\":\"13\",\"embeddableConfig\":{},\"title\":\"\",\"panelRefName\":\"panel_4\"},{\"gridData\":{\"x\":17,\"y\":4,\"w\":31,\"h\":9,\"i\":\"14\"},\"version\":\"7.0.1\",\"panelIndex\":\"14\",\"embeddableConfig\":{},\"title\":\"\",\"panelRefName\":\"panel_5\"},{\"gridData\":{\"x\":9,\"y\":13,\"w\":39,\"h\":28,\"i\":\"15\"},\"version\":\"7.0.1\",\"panelIndex\":\"15\",\"embeddableConfig\":{},\"title\":\"\",\"panelRefName\":\"panel_6\"}]",
      "optionsJSON": "{\"darkTheme\":false,\"hidePanelTitles\":false,\"useMargins\":false}",
      "version": 1,
      "timeRestore": false,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[],\"highlightAll\":true,\"version\":true}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "dashboard": "7.0.0"
    },
    "_references": [
      {
        "name": "panel_0",
        "type": "visualization",
        "id": "f3890650-648d-11e8-9e8d-39632dc6b766"
      },
      {
        "name": "panel_1",
        "type": "visualization",
        "id": "7ff11b30-8221-11e9-8c3c-4925ccb1fc48"
      },
      {
        "name": "panel_2",
        "type": "visualization",
        "id": "0ce73f00-82af-11e9-8c3c-4925ccb1fc48"
      },
      {
        "name": "panel_3",
        "type": "visualization",
        "id": "40dd9a60-82bf-11e9-8c3c-4925ccb1fc48"
      },
      {
        "name": "panel_4",
        "type": "visualization",
        "id": "eceebba0-82b9-11e9-8c3c-4925ccb1fc48"
      },
      {
        "name": "panel_5",
        "type": "visualization",
        "id": "44131520-82ba-11e9-8c3c-4925ccb1fc48"
      },
      {
        "name": "panel_6",
        "type": "search",
        "id": "749aa930-82c2-11e9-8c3c-4925ccb1fc48"
      }
    ]
  },
  {
    "_id": "5d7bf310-82b0-11e9-8c3c-4925ccb1fc48",
    "_type": "dashboard",
    "_source": {
      "title": "Suricata: NFS (Messages)",
      "hits": 0,
      "description": "",
      "panelsJSON": "[{\"panelIndex\":\"2\",\"gridData\":{\"x\":42,\"y\":0,\"w\":6,\"h\":4,\"i\":\"2\"},\"title\":\"\",\"version\":\"7.0.1\",\"panelRefName\":\"panel_0\"},{\"gridData\":{\"x\":0,\"y\":0,\"w\":24,\"h\":4,\"i\":\"10\"},\"version\":\"7.0.1\",\"panelIndex\":\"10\",\"embeddableConfig\":{},\"title\":\"\",\"panelRefName\":\"panel_1\"},{\"gridData\":{\"x\":24,\"y\":0,\"w\":18,\"h\":4,\"i\":\"11\"},\"version\":\"7.0.1\",\"panelIndex\":\"11\",\"embeddableConfig\":{},\"title\":\"\",\"panelRefName\":\"panel_2\"},{\"gridData\":{\"x\":0,\"y\":4,\"w\":9,\"h\":51,\"i\":\"12\"},\"version\":\"7.0.1\",\"panelIndex\":\"12\",\"embeddableConfig\":{},\"title\":\"\",\"panelRefName\":\"panel_3\"},{\"gridData\":{\"x\":9,\"y\":4,\"w\":8,\"h\":7,\"i\":\"13\"},\"version\":\"7.0.1\",\"panelIndex\":\"13\",\"embeddableConfig\":{},\"title\":\"\",\"panelRefName\":\"panel_4\"},{\"gridData\":{\"x\":17,\"y\":4,\"w\":31,\"h\":9,\"i\":\"14\"},\"version\":\"7.0.1\",\"panelIndex\":\"14\",\"embeddableConfig\":{},\"title\":\"\",\"panelRefName\":\"panel_5\"},{\"gridData\":{\"x\":9,\"y\":13,\"w\":39,\"h\":28,\"i\":\"15\"},\"version\":\"7.0.1\",\"panelIndex\":\"15\",\"embeddableConfig\":{},\"title\":\"\",\"panelRefName\":\"panel_6\"}]",
      "optionsJSON": "{\"darkTheme\":false,\"hidePanelTitles\":false,\"useMargins\":false}",
      "version": 1,
      "timeRestore": false,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"filter\":[],\"highlightAll\":true,\"version\":true}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "dashboard": "7.0.0"
    },
    "_references": [
      {
        "name": "panel_0",
        "type": "visualization",
        "id": "f3890650-648d-11e8-9e8d-39632dc6b766"
      },
      {
        "name": "panel_1",
        "type": "visualization",
        "id": "dc53fc10-82af-11e9-8c3c-4925ccb1fc48"
      },
      {
        "name": "panel_2",
        "type": "visualization",
        "id": "2b70c810-82af-11e9-8c3c-4925ccb1fc48"
      },
      {
        "name": "panel_3",
        "type": "visualization",
        "id": "54e4ad10-82cd-11e9-8c3c-4925ccb1fc48"
      },
      {
        "name": "panel_4",
        "type": "visualization",
        "id": "ff342980-82b9-11e9-8c3c-4925ccb1fc48"
      },
      {
        "name": "panel_5",
        "type": "visualization",
        "id": "ab633430-82ce-11e9-8c3c-4925ccb1fc48"
      },
      {
        "name": "panel_6",
        "type": "search",
        "id": "4d759660-82c9-11e9-8c3c-4925ccb1fc48"
      }
    ]
  },
  {
    "_id": "ae0b4b40-6651-11e8-a67b-cd4cf123b2a5",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: Threats - input list",
      "visState": "{\"title\":\"Suricata: Threats - input list\",\"type\":\"input_control_vis\",\"params\":{\"controls\":[{\"id\":\"1527742767549\",\"fieldName\":\"node.hostname\",\"label\":\"Suricata Instance\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":200,\"order\":\"desc\"},\"indexPatternRefName\":\"control_0_index_pattern\"},{\"id\":\"1527752158563\",\"fieldName\":\"alert.category\",\"label\":\"Alert Category\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":500,\"order\":\"desc\"},\"indexPatternRefName\":\"control_1_index_pattern\"},{\"id\":\"1527752214385\",\"fieldName\":\"alert.signature\",\"label\":\"Alert Signature\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":2500,\"order\":\"desc\"},\"indexPatternRefName\":\"control_2_index_pattern\"},{\"id\":\"1527751977828\",\"fieldName\":\"log.severity\",\"label\":\"Severity\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":50,\"order\":\"desc\"},\"indexPatternRefName\":\"control_3_index_pattern\"},{\"id\":\"1527742882773\",\"fieldName\":\"client_hostname\",\"label\":\"Client\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":2500,\"order\":\"desc\"},\"indexPatternRefName\":\"control_4_index_pattern\"},{\"id\":\"1527742906725\",\"fieldName\":\"server_hostname\",\"label\":\"Server\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":2500,\"order\":\"desc\"},\"indexPatternRefName\":\"control_5_index_pattern\"},{\"id\":\"1527742928304\",\"fieldName\":\"service_name\",\"label\":\"Service\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":1000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_6_index_pattern\"},{\"id\":\"1527752383061\",\"fieldName\":\"rep_tags\",\"label\":\"IP Reputation\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":500,\"order\":\"desc\"},\"indexPatternRefName\":\"control_7_index_pattern\"}],\"updateFiltersOnChange\":true,\"useTimeFilter\":true},\"aggs\":[]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "control_0_index_pattern",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "control_1_index_pattern",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "control_2_index_pattern",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "control_3_index_pattern",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "control_4_index_pattern",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "control_5_index_pattern",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "control_6_index_pattern",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "control_7_index_pattern",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "99ec9610-663c-11e8-a67b-cd4cf123b2a5",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: Alert Count (all) - TSVB (metric)",
      "visState": "{\"title\":\"Suricata: Alert Count (all) - TSVB (metric)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"},{\"id\":\"69310560-64a2-11e8-99f1-8985c7aed077\",\"type\":\"cumulative_sum\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"bar\",\"line_width\":1,\"point_size\":1,\"fill\":\"0.6\",\"stacked\":\"none\",\"terms_field\":\"event.subtype\",\"terms_size\":\"25\",\"label\":\"Alerts\",\"filter\":\"\",\"series_drop_last_bucket\":0}],\"time_field\":\"@timestamp\",\"index_pattern\":\"suricata-*\",\"interval\":\"auto\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"annotations\":[{\"fields\":\"alert.category\",\"template\":\"{{alert.category}}\",\"index_pattern\":\"suricata-*\",\"query_string\":\"event.subtype: alert AND log.severity:alert\",\"id\":\"3d25aed0-6493-11e8-99f1-8985c7aed077\",\"color\":\"#F00\",\"time_field\":\"@timestamp\",\"icon\":\"fa-exclamation-triangle\",\"ignore_global_filters\":0,\"ignore_panel_filters\":1},{\"fields\":\"alert.category\",\"template\":\"{{alert.category}}\",\"index_pattern\":\"suricata-*\",\"query_string\":\"event.subtype: alert AND log.severity:critical\",\"id\":\"78f5d950-6496-11e8-99f1-8985c7aed077\",\"color\":\"rgba(251,158,0,1)\",\"time_field\":\"@timestamp\",\"icon\":\"fa-exclamation-triangle\",\"ignore_global_filters\":0,\"ignore_panel_filters\":1},{\"fields\":\"alert.category\",\"template\":\"{{alert.category}}\",\"index_pattern\":\"suricata-*\",\"query_string\":\"event.subtype: alert AND log.severity:warning\",\"id\":\"e83c7b70-6496-11e8-99f1-8985c7aed077\",\"color\":\"rgba(0,156,224,1)\",\"time_field\":\"@timestamp\",\"icon\":\"fa-exclamation-triangle\",\"ignore_global_filters\":0,\"ignore_panel_filters\":1},{\"fields\":\"alert.category\",\"template\":\"{{alert.category}}\",\"index_pattern\":\"suricata-*\",\"query_string\":\"event.subtype: alert AND log.severity:notice\",\"id\":\"f7dda450-6496-11e8-99f1-8985c7aed077\",\"color\":\"rgba(171,20,158,1)\",\"time_field\":\"@timestamp\",\"icon\":\"fa-tag\",\"ignore_global_filters\":0,\"ignore_panel_filters\":1}],\"background_color_rules\":[{\"id\":\"b815afa0-663c-11e8-b6ec-5d5d71f405df\"}],\"filter\":\"_exists_: alert.severity\"},\"aggs\":[]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": []
  },
  {
    "_id": "c4a0bf60-64fe-11e8-9e8d-39632dc6b766",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: Flow - Traffic by Service (bytes) - TSVB (stacked line)",
      "visState": "{\"title\":\"Suricata: Flow - Traffic by Service (bytes) - TSVB (stacked line)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(0,98,177,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"sum\",\"field\":\"flow.bytes\"},{\"script\":\"(params.bytes * 8) / (params._interval / 1000)\",\"id\":\"c7ab1930-64fe-11e8-9461-a5ace2c02e40\",\"type\":\"calculation\",\"variables\":[{\"id\":\"ccf43f70-64fe-11e8-9461-a5ace2c02e40\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"bytes\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"bytes\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.6\",\"stacked\":\"stacked\",\"terms_field\":\"service_name\",\"terms_size\":\"50\",\"split_color_mode\":\"rainbow\",\"label\":\"Traffic\",\"value_template\":\"{{value}}its/s\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"suricata-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"filter\":\"event.subtype: flow\",\"axis_min\":\"0\"},\"aggs\":[]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": []
  },
  {
    "_id": "6f0f0280-64ab-11e8-9e8d-39632dc6b766",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: Flows & Alerts - TSVB (combo)",
      "visState": "{\"title\":\"Suricata: Flows & Alerts - TSVB (combo)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"e1d24840-64ab-11e8-ad8a-29349eba0f86\",\"color\":\"rgba(244,78,59,1)\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"e1d24841-64ab-11e8-ad8a-29349eba0f86\",\"type\":\"count\"},{\"script\":\"params.count > 0 ? params.count : null\",\"id\":\"46b13ae0-64ad-11e8-ad8a-29349eba0f86\",\"type\":\"calculation\",\"variables\":[{\"id\":\"4a0065e0-64ad-11e8-ad8a-29349eba0f86\",\"field\":\"e1d24841-64ab-11e8-ad8a-29349eba0f86\",\"name\":\"count\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"0\",\"point_size\":\"6\",\"fill\":\"0\",\"stacked\":\"none\",\"terms_field\":\"event.subtype\",\"terms_size\":\"25\",\"label\":\"Alert\",\"filter\":\"alert.severity: 1\"},{\"id\":\"fc678cb0-64ab-11e8-ad8a-29349eba0f86\",\"color\":\"rgba(254,146,0,1)\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"fc678cb1-64ab-11e8-ad8a-29349eba0f86\",\"type\":\"count\"},{\"script\":\"params.count > 0 ? params.count : null\",\"id\":\"75810670-64ad-11e8-ad8a-29349eba0f86\",\"type\":\"calculation\",\"variables\":[{\"id\":\"78a3ca40-64ad-11e8-ad8a-29349eba0f86\",\"field\":\"fc678cb1-64ab-11e8-ad8a-29349eba0f86\",\"name\":\"count\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"0\",\"point_size\":\"6\",\"fill\":\"0\",\"stacked\":\"none\",\"terms_field\":\"event.subtype\",\"terms_size\":\"25\",\"label\":\"Critical\",\"filter\":\"alert.severity: 2\"},{\"id\":\"1b391b40-64ac-11e8-ad8a-29349eba0f86\",\"color\":\"rgba(0,156,224,1)\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"1b391b41-64ac-11e8-ad8a-29349eba0f86\",\"type\":\"count\"},{\"script\":\"params.count > 0 ? params.count : null\",\"id\":\"87087b80-64ad-11e8-ad8a-29349eba0f86\",\"type\":\"calculation\",\"variables\":[{\"id\":\"891d9fe0-64ad-11e8-ad8a-29349eba0f86\",\"field\":\"1b391b41-64ac-11e8-ad8a-29349eba0f86\",\"name\":\"count\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"0\",\"point_size\":\"6\",\"fill\":\"0\",\"stacked\":\"none\",\"terms_field\":\"event.subtype\",\"terms_size\":\"25\",\"label\":\"Warning\",\"filter\":\"alert.severity: 3\"},{\"id\":\"33888e60-64ac-11e8-ad8a-29349eba0f86\",\"color\":\"rgba(171,20,158,1)\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"33888e61-64ac-11e8-ad8a-29349eba0f86\",\"type\":\"count\"},{\"script\":\"params.count > 0 ? params.count : null\",\"id\":\"a0793d20-64ad-11e8-ad8a-29349eba0f86\",\"type\":\"calculation\",\"variables\":[{\"id\":\"a3bea420-64ad-11e8-ad8a-29349eba0f86\",\"field\":\"33888e61-64ac-11e8-ad8a-29349eba0f86\",\"name\":\"count\"}]}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"0\",\"point_size\":\"6\",\"fill\":\"0\",\"stacked\":\"none\",\"terms_field\":\"event.subtype\",\"terms_size\":\"25\",\"label\":\"Notice\",\"filter\":\"alert.severity: 4\"},{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"},{\"script\":\"params.count / (params._interval / 1000)\",\"id\":\"06476730-64ae-11e8-ad8a-29349eba0f86\",\"type\":\"calculation\",\"variables\":[{\"id\":\"0ad9c090-64ae-11e8-ad8a-29349eba0f86\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"name\":\"count\"}]}],\"seperate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"bar\",\"line_width\":1,\"point_size\":1,\"fill\":\"0.7\",\"stacked\":\"none\",\"terms_field\":\"event.subtype\",\"terms_size\":\"25\",\"label\":\"Flows\",\"value_template\":\"{{value}}/sec\",\"filter\":\"\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"suricata-*\",\"interval\":\"auto\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"annotations\":[],\"axis_min\":\"0\"},\"aggs\":[]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": []
  },
  {
    "_id": "45775610-6a65-11e8-82af-6743288b8baf",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: Logs - input list",
      "visState": "{\"title\":\"Suricata: Logs - input list\",\"type\":\"input_control_vis\",\"params\":{\"controls\":[{\"id\":\"1527742767549\",\"fieldName\":\"node.hostname\",\"label\":\"Suricata Instance\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":200,\"order\":\"desc\"},\"indexPatternRefName\":\"control_0_index_pattern\"},{\"id\":\"1527751977828\",\"fieldName\":\"event.subtype\",\"label\":\"Log Type\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":50,\"order\":\"desc\"},\"indexPatternRefName\":\"control_1_index_pattern\"},{\"id\":\"1527742882773\",\"fieldName\":\"client_hostname\",\"label\":\"Client\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":2500,\"order\":\"desc\"},\"indexPatternRefName\":\"control_2_index_pattern\"},{\"id\":\"1527742906725\",\"fieldName\":\"server_hostname\",\"label\":\"Server\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":2500,\"order\":\"desc\"},\"indexPatternRefName\":\"control_3_index_pattern\"},{\"id\":\"1527742928304\",\"fieldName\":\"service_name\",\"label\":\"Service\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":1000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_4_index_pattern\"},{\"id\":\"1527752158563\",\"fieldName\":\"alert.category\",\"label\":\"Alert Category\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":500,\"order\":\"desc\"},\"indexPatternRefName\":\"control_5_index_pattern\"},{\"id\":\"1527752214385\",\"fieldName\":\"alert.signature\",\"label\":\"Alert Signature\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":2500,\"order\":\"desc\"},\"indexPatternRefName\":\"control_6_index_pattern\"},{\"id\":\"1527752383061\",\"fieldName\":\"rep_tags\",\"label\":\"IP Reputation\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":500,\"order\":\"desc\"},\"indexPatternRefName\":\"control_7_index_pattern\"}],\"updateFiltersOnChange\":true,\"useTimeFilter\":true},\"aggs\":[]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "control_0_index_pattern",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "control_1_index_pattern",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "control_2_index_pattern",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "control_3_index_pattern",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "control_4_index_pattern",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "control_5_index_pattern",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "control_6_index_pattern",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "control_7_index_pattern",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "d7e3e230-6a64-11e8-82af-6743288b8baf",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: Log Count - TSVB (metric)",
      "visState": "{\"title\":\"Suricata: Log Count - TSVB (metric)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"},{\"id\":\"69310560-64a2-11e8-99f1-8985c7aed077\",\"type\":\"cumulative_sum\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"bar\",\"line_width\":1,\"point_size\":1,\"fill\":\"0.6\",\"stacked\":\"none\",\"terms_field\":\"event.subtype\",\"terms_size\":\"25\",\"label\":\"Logs\",\"filter\":\"\",\"series_drop_last_bucket\":0}],\"time_field\":\"@timestamp\",\"index_pattern\":\"suricata-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"annotations\":[{\"fields\":\"alert.category\",\"template\":\"{{alert.category}}\",\"index_pattern\":\"suricata-*\",\"query_string\":\"event.subtype: alert AND log.severity:alert\",\"id\":\"3d25aed0-6493-11e8-99f1-8985c7aed077\",\"color\":\"#F00\",\"time_field\":\"@timestamp\",\"icon\":\"fa-exclamation-triangle\",\"ignore_global_filters\":0,\"ignore_panel_filters\":1},{\"fields\":\"alert.category\",\"template\":\"{{alert.category}}\",\"index_pattern\":\"suricata-*\",\"query_string\":\"event.subtype: alert AND log.severity:critical\",\"id\":\"78f5d950-6496-11e8-99f1-8985c7aed077\",\"color\":\"rgba(251,158,0,1)\",\"time_field\":\"@timestamp\",\"icon\":\"fa-exclamation-triangle\",\"ignore_global_filters\":0,\"ignore_panel_filters\":1},{\"fields\":\"alert.category\",\"template\":\"{{alert.category}}\",\"index_pattern\":\"suricata-*\",\"query_string\":\"event.subtype: alert AND log.severity:warning\",\"id\":\"e83c7b70-6496-11e8-99f1-8985c7aed077\",\"color\":\"rgba(0,156,224,1)\",\"time_field\":\"@timestamp\",\"icon\":\"fa-exclamation-triangle\",\"ignore_global_filters\":0,\"ignore_panel_filters\":1},{\"fields\":\"alert.category\",\"template\":\"{{alert.category}}\",\"index_pattern\":\"suricata-*\",\"query_string\":\"event.subtype: alert AND log.severity:notice\",\"id\":\"f7dda450-6496-11e8-99f1-8985c7aed077\",\"color\":\"rgba(171,20,158,1)\",\"time_field\":\"@timestamp\",\"icon\":\"fa-tag\",\"ignore_global_filters\":0,\"ignore_panel_filters\":1}],\"background_color_rules\":[{\"value\":0,\"id\":\"e7fcabf0-6499-11e8-99f1-8985c7aed077\",\"background_color\":null,\"opperator\":\"gte\"}],\"filter\":\"\"},\"aggs\":[]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": []
  },
  {
    "_id": "de726490-6691-11e8-a67b-cd4cf123b2a5",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: Threat (At-Risk Servers) by Alert Severity & IP Reputation - TSVB (stacked bar)",
      "visState": "{\"title\":\"Suricata: Threat (At-Risk Servers) by Alert Severity & IP Reputation - TSVB (stacked bar)\",\"type\":\"metrics\",\"params\":{\"annotations\":[],\"axis_formatter\":\"number\",\"axis_min\":\"0\",\"axis_position\":\"left\",\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"suricata-*\",\"interval\":\">=1m\",\"series\":[{\"id\":\"645fe9d0-6659-11e8-9465-c9d44be09ca7\",\"color\":\"rgba(0,98,177,1)\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"646010e0-6659-11e8-9465-c9d44be09ca7\",\"type\":\"count\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"3\",\"point_size\":\"0\",\"fill\":\"0\",\"stacked\":\"none\",\"filter\":\"_exists_: rep_tags\",\"axis_min\":\"\",\"label\":\"Bad Reputation\"},{\"axis_position\":\"right\",\"chart_type\":\"bar\",\"color\":\"rgba(244,78,59,1)\",\"fill\":\"1\",\"filter\":\"alert.severity: 1\",\"formatter\":\"number\",\"id\":\"e1d24840-64ab-11e8-ad8a-29349eba0f86\",\"label\":\"Alert\",\"line_width\":\"0\",\"metrics\":[{\"id\":\"e1d24841-64ab-11e8-ad8a-29349eba0f86\",\"type\":\"count\"}],\"point_size\":\"6\",\"seperate_axis\":0,\"split_mode\":\"everything\",\"stacked\":\"stacked\",\"terms_field\":\"event.subtype\",\"terms_size\":\"25\"},{\"axis_position\":\"right\",\"chart_type\":\"bar\",\"color\":\"rgba(254,146,0,1)\",\"fill\":\"1\",\"filter\":\"alert.severity: 2\",\"formatter\":\"number\",\"id\":\"fc678cb0-64ab-11e8-ad8a-29349eba0f86\",\"label\":\"Critical\",\"line_width\":\"0\",\"metrics\":[{\"id\":\"fc678cb1-64ab-11e8-ad8a-29349eba0f86\",\"type\":\"count\"}],\"point_size\":\"6\",\"seperate_axis\":0,\"split_mode\":\"everything\",\"stacked\":\"stacked\",\"terms_field\":\"event.subtype\",\"terms_size\":\"25\"},{\"axis_position\":\"right\",\"chart_type\":\"bar\",\"color\":\"rgba(0,156,224,1)\",\"fill\":\"1\",\"filter\":\"alert.severity: 3\",\"formatter\":\"number\",\"id\":\"1b391b40-64ac-11e8-ad8a-29349eba0f86\",\"label\":\"Warning\",\"line_width\":\"0\",\"metrics\":[{\"id\":\"1b391b41-64ac-11e8-ad8a-29349eba0f86\",\"type\":\"count\"}],\"point_size\":\"6\",\"seperate_axis\":0,\"split_mode\":\"everything\",\"stacked\":\"stacked\",\"terms_field\":\"event.subtype\",\"terms_size\":\"25\"},{\"axis_position\":\"right\",\"chart_type\":\"bar\",\"color\":\"rgba(171,20,158,1)\",\"fill\":\"1\",\"filter\":\"alert.severity: 4\",\"formatter\":\"number\",\"id\":\"33888e60-64ac-11e8-ad8a-29349eba0f86\",\"label\":\"Notice\",\"line_width\":\"0\",\"metrics\":[{\"id\":\"33888e61-64ac-11e8-ad8a-29349eba0f86\",\"type\":\"count\"}],\"point_size\":\"6\",\"seperate_axis\":0,\"split_mode\":\"everything\",\"stacked\":\"stacked\",\"terms_field\":\"event.subtype\",\"terms_size\":\"25\"},{\"axis_position\":\"right\",\"chart_type\":\"bar\",\"color\":\"rgba(123,100,255,1)\",\"fill\":\"1\",\"filter\":\"alert.severity: [5 TO *]\",\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"Other\",\"line_width\":\"0\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"point_size\":1,\"seperate_axis\":0,\"split_mode\":\"everything\",\"stacked\":\"stacked\",\"terms_field\":\"event.subtype\",\"terms_size\":\"25\",\"value_template\":\"{{value}}\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"timeseries\",\"filter\":\"( _exists_: alert.severity OR _exists_: rep_tags ) AND server_autonomous_system: private\"},\"aggs\":[]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": []
  },
  {
    "_id": "4f5f1750-64aa-11e8-9e8d-39632dc6b766",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: Alerts - input list",
      "visState": "{\"title\":\"Suricata: Alerts - input list\",\"type\":\"input_control_vis\",\"params\":{\"controls\":[{\"id\":\"1527742767549\",\"fieldName\":\"node.hostname\",\"label\":\"Suricata Instance\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":200,\"order\":\"desc\"},\"indexPatternRefName\":\"control_0_index_pattern\"},{\"id\":\"1527752158563\",\"fieldName\":\"alert.category\",\"label\":\"Alert Category\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":500,\"order\":\"desc\"},\"indexPatternRefName\":\"control_1_index_pattern\"},{\"id\":\"1527752214385\",\"fieldName\":\"alert.signature\",\"label\":\"Alert Signature\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":2500,\"order\":\"desc\"},\"indexPatternRefName\":\"control_2_index_pattern\"},{\"id\":\"1527751977828\",\"fieldName\":\"log.severity\",\"label\":\"Severity\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":50,\"order\":\"desc\"},\"indexPatternRefName\":\"control_3_index_pattern\"},{\"id\":\"1527742882773\",\"fieldName\":\"client_hostname\",\"label\":\"Client\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":2500,\"order\":\"desc\"},\"indexPatternRefName\":\"control_4_index_pattern\"},{\"id\":\"1527742906725\",\"fieldName\":\"server_hostname\",\"label\":\"Server\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":2500,\"order\":\"desc\"},\"indexPatternRefName\":\"control_5_index_pattern\"},{\"id\":\"1527742928304\",\"fieldName\":\"service_name\",\"label\":\"Service\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":1000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_6_index_pattern\"},{\"id\":\"1527752383061\",\"fieldName\":\"rep_tags\",\"label\":\"IP Reputation\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":500,\"order\":\"desc\"},\"indexPatternRefName\":\"control_7_index_pattern\"}],\"updateFiltersOnChange\":true,\"useTimeFilter\":true},\"aggs\":[]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "control_0_index_pattern",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "control_1_index_pattern",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "control_2_index_pattern",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "control_3_index_pattern",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "control_4_index_pattern",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "control_5_index_pattern",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "control_6_index_pattern",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "control_7_index_pattern",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "a5ecf170-648f-11e8-9e8d-39632dc6b766",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: Overview - input list",
      "visState": "{\"title\":\"Suricata: Overview - input list\",\"type\":\"input_control_vis\",\"params\":{\"controls\":[{\"id\":\"1527742767549\",\"fieldName\":\"node.hostname\",\"label\":\"Suricata Instance\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":200,\"order\":\"desc\"},\"indexPatternRefName\":\"control_0_index_pattern\"},{\"id\":\"1527751977828\",\"fieldName\":\"event.subtype\",\"label\":\"Log Type\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":50,\"order\":\"desc\"},\"indexPatternRefName\":\"control_1_index_pattern\"},{\"id\":\"1527742882773\",\"fieldName\":\"client_hostname\",\"label\":\"Client\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":2500,\"order\":\"desc\"},\"indexPatternRefName\":\"control_2_index_pattern\"},{\"id\":\"1527742906725\",\"fieldName\":\"server_hostname\",\"label\":\"Server\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":2500,\"order\":\"desc\"},\"indexPatternRefName\":\"control_3_index_pattern\"},{\"id\":\"1527742928304\",\"fieldName\":\"service_name\",\"label\":\"Service\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":1000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_4_index_pattern\"},{\"id\":\"1527752158563\",\"fieldName\":\"alert.category\",\"label\":\"Alert Category\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":500,\"order\":\"desc\"},\"indexPatternRefName\":\"control_5_index_pattern\"},{\"id\":\"1527752214385\",\"fieldName\":\"alert.signature\",\"label\":\"Alert Signature\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":2500,\"order\":\"desc\"},\"indexPatternRefName\":\"control_6_index_pattern\"},{\"id\":\"1527752383061\",\"fieldName\":\"rep_tags\",\"label\":\"IP Reputation\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":500,\"order\":\"desc\"},\"indexPatternRefName\":\"control_7_index_pattern\"}],\"updateFiltersOnChange\":true,\"useTimeFilter\":true},\"aggs\":[]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "control_0_index_pattern",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "control_1_index_pattern",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "control_2_index_pattern",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "control_3_index_pattern",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "control_4_index_pattern",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "control_5_index_pattern",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "control_6_index_pattern",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "control_7_index_pattern",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "403194e0-6678-11e8-a67b-cd4cf123b2a5",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: Threat (Public Attackers) by Alert Severity & IP Reputation - TSVB (stacked bar)",
      "visState": "{\"title\":\"Suricata: Threat (Public Attackers) by Alert Severity & IP Reputation - TSVB (stacked bar)\",\"type\":\"metrics\",\"params\":{\"annotations\":[],\"axis_formatter\":\"number\",\"axis_min\":\"0\",\"axis_position\":\"left\",\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"suricata-*\",\"interval\":\">=1m\",\"series\":[{\"id\":\"645fe9d0-6659-11e8-9465-c9d44be09ca7\",\"color\":\"rgba(0,98,177,1)\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"646010e0-6659-11e8-9465-c9d44be09ca7\",\"type\":\"count\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"3\",\"point_size\":\"0\",\"fill\":\"0\",\"stacked\":\"none\",\"filter\":\"_exists_: rep_tags\",\"axis_min\":\"\",\"label\":\"Bad Reputation\"},{\"axis_position\":\"right\",\"chart_type\":\"bar\",\"color\":\"rgba(244,78,59,1)\",\"fill\":\"1\",\"filter\":\"alert.severity: 1\",\"formatter\":\"number\",\"id\":\"e1d24840-64ab-11e8-ad8a-29349eba0f86\",\"label\":\"Alert\",\"line_width\":\"0\",\"metrics\":[{\"id\":\"e1d24841-64ab-11e8-ad8a-29349eba0f86\",\"type\":\"count\"}],\"point_size\":\"6\",\"seperate_axis\":0,\"split_mode\":\"everything\",\"stacked\":\"stacked\",\"terms_field\":\"event.subtype\",\"terms_size\":\"25\"},{\"axis_position\":\"right\",\"chart_type\":\"bar\",\"color\":\"rgba(254,146,0,1)\",\"fill\":\"1\",\"filter\":\"alert.severity: 2\",\"formatter\":\"number\",\"id\":\"fc678cb0-64ab-11e8-ad8a-29349eba0f86\",\"label\":\"Critical\",\"line_width\":\"0\",\"metrics\":[{\"id\":\"fc678cb1-64ab-11e8-ad8a-29349eba0f86\",\"type\":\"count\"}],\"point_size\":\"6\",\"seperate_axis\":0,\"split_mode\":\"everything\",\"stacked\":\"stacked\",\"terms_field\":\"event.subtype\",\"terms_size\":\"25\"},{\"axis_position\":\"right\",\"chart_type\":\"bar\",\"color\":\"rgba(0,156,224,1)\",\"fill\":\"1\",\"filter\":\"alert.severity: 3\",\"formatter\":\"number\",\"id\":\"1b391b40-64ac-11e8-ad8a-29349eba0f86\",\"label\":\"Warning\",\"line_width\":\"0\",\"metrics\":[{\"id\":\"1b391b41-64ac-11e8-ad8a-29349eba0f86\",\"type\":\"count\"}],\"point_size\":\"6\",\"seperate_axis\":0,\"split_mode\":\"everything\",\"stacked\":\"stacked\",\"terms_field\":\"event.subtype\",\"terms_size\":\"25\"},{\"axis_position\":\"right\",\"chart_type\":\"bar\",\"color\":\"rgba(171,20,158,1)\",\"fill\":\"1\",\"filter\":\"alert.severity: 4\",\"formatter\":\"number\",\"id\":\"33888e60-64ac-11e8-ad8a-29349eba0f86\",\"label\":\"Notice\",\"line_width\":\"0\",\"metrics\":[{\"id\":\"33888e61-64ac-11e8-ad8a-29349eba0f86\",\"type\":\"count\"}],\"point_size\":\"6\",\"seperate_axis\":0,\"split_mode\":\"everything\",\"stacked\":\"stacked\",\"terms_field\":\"event.subtype\",\"terms_size\":\"25\"},{\"axis_position\":\"right\",\"chart_type\":\"bar\",\"color\":\"rgba(123,100,255,1)\",\"fill\":\"1\",\"filter\":\"alert.severity: [5 TO *]\",\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"Other\",\"line_width\":\"0\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"point_size\":1,\"seperate_axis\":0,\"split_mode\":\"everything\",\"stacked\":\"stacked\",\"terms_field\":\"event.subtype\",\"terms_size\":\"25\",\"value_template\":\"{{value}}\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"timeseries\",\"filter\":\"( _exists_: alert.severity OR _exists_: rep_tags ) AND NOT client_autonomous_system: private\"},\"aggs\":[]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": []
  },
  {
    "_id": "dab25cd0-64c4-11e8-9e8d-39632dc6b766",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: Flows by Service - TSVB (stacked bar)",
      "visState": "{\"title\":\"Suricata: Flows by Service - TSVB (stacked bar)\",\"type\":\"metrics\",\"params\":{\"annotations\":[{\"fields\":\"alert.category\",\"template\":\"{{alert.category}}\",\"index_pattern\":\"suricata-*\",\"query_string\":\"alert.severity: 1\",\"color\":\"rgba(244,78,59,1)\",\"icon\":\"fa-exclamation-triangle\",\"id\":\"f7dda450-6496-11e8-99f1-8985c7aed077\",\"ignore_global_filters\":0,\"ignore_panel_filters\":1,\"time_field\":\"@timestamp\"}],\"axis_formatter\":\"number\",\"axis_position\":\"left\",\"filter\":\"event.subtype: flow\",\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"suricata-*\",\"interval\":\">=1m\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"bar\",\"color\":\"rgba(0,98,177,1)\",\"fill\":\"0.5\",\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"Flows\",\"line_width\":\"0\",\"metrics\":[{\"field\":\"flow.bytes\",\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"point_size\":1,\"seperate_axis\":0,\"split_mode\":\"terms\",\"stacked\":\"none\",\"terms_field\":\"service_name\",\"terms_size\":\"50\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"timeseries\"},\"aggs\":[]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": []
  },
  {
    "_id": "18b9c380-6a77-11e8-82af-6743288b8baf",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: HTTP - input list",
      "visState": "{\"title\":\"Suricata: HTTP - input list\",\"type\":\"input_control_vis\",\"params\":{\"controls\":[{\"id\":\"1527742767549\",\"fieldName\":\"node.hostname\",\"label\":\"Suricata Instance\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":200,\"order\":\"desc\"},\"indexPatternRefName\":\"control_0_index_pattern\"},{\"id\":\"1527742882773\",\"fieldName\":\"client_hostname\",\"label\":\"Client\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":2500,\"order\":\"desc\"},\"indexPatternRefName\":\"control_1_index_pattern\"},{\"id\":\"1527742906725\",\"fieldName\":\"http.hostname\",\"label\":\"HTTP Server\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":2500,\"order\":\"desc\"},\"indexPatternRefName\":\"control_2_index_pattern\"},{\"id\":\"1527742928304\",\"fieldName\":\"http.http_refer\",\"label\":\"Referrer\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":1000,\"order\":\"desc\"},\"indexPatternRefName\":\"control_3_index_pattern\"},{\"id\":\"1527752158563\",\"fieldName\":\"alert.category\",\"label\":\"Alert Category\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":500,\"order\":\"desc\"},\"indexPatternRefName\":\"control_4_index_pattern\"},{\"id\":\"1527752214385\",\"fieldName\":\"alert.signature\",\"label\":\"Alert Signature\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":2500,\"order\":\"desc\"},\"indexPatternRefName\":\"control_5_index_pattern\"},{\"id\":\"1527752383061\",\"fieldName\":\"rep_tags\",\"label\":\"IP Reputation\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":500,\"order\":\"desc\"},\"indexPatternRefName\":\"control_6_index_pattern\"}],\"updateFiltersOnChange\":true,\"useTimeFilter\":true},\"aggs\":[]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "control_0_index_pattern",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "control_1_index_pattern",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "control_2_index_pattern",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "control_3_index_pattern",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "control_4_index_pattern",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "control_5_index_pattern",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "control_6_index_pattern",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "3d570f50-64a4-11e8-9e8d-39632dc6b766",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: Flow Count - TSVB (metric)",
      "visState": "{\"title\":\"Suricata: Flow Count - TSVB (metric)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"},{\"id\":\"69310560-64a2-11e8-99f1-8985c7aed077\",\"type\":\"cumulative_sum\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"bar\",\"line_width\":1,\"point_size\":1,\"fill\":\"0.6\",\"stacked\":\"none\",\"terms_field\":\"event.subtype\",\"terms_size\":\"25\",\"label\":\"Flows\",\"filter\":\"\",\"series_drop_last_bucket\":0}],\"time_field\":\"@timestamp\",\"index_pattern\":\"suricata-*\",\"interval\":\"auto\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"annotations\":[{\"fields\":\"alert.category\",\"template\":\"{{alert.category}}\",\"index_pattern\":\"suricata-*\",\"query_string\":\"event.subtype: alert AND log.severity:alert\",\"id\":\"3d25aed0-6493-11e8-99f1-8985c7aed077\",\"color\":\"#F00\",\"time_field\":\"@timestamp\",\"icon\":\"fa-exclamation-triangle\",\"ignore_global_filters\":0,\"ignore_panel_filters\":1},{\"fields\":\"alert.category\",\"template\":\"{{alert.category}}\",\"index_pattern\":\"suricata-*\",\"query_string\":\"event.subtype: alert AND log.severity:critical\",\"id\":\"78f5d950-6496-11e8-99f1-8985c7aed077\",\"color\":\"rgba(251,158,0,1)\",\"time_field\":\"@timestamp\",\"icon\":\"fa-exclamation-triangle\",\"ignore_global_filters\":0,\"ignore_panel_filters\":1},{\"fields\":\"alert.category\",\"template\":\"{{alert.category}}\",\"index_pattern\":\"suricata-*\",\"query_string\":\"event.subtype: alert AND log.severity:warning\",\"id\":\"e83c7b70-6496-11e8-99f1-8985c7aed077\",\"color\":\"rgba(0,156,224,1)\",\"time_field\":\"@timestamp\",\"icon\":\"fa-exclamation-triangle\",\"ignore_global_filters\":0,\"ignore_panel_filters\":1},{\"fields\":\"alert.category\",\"template\":\"{{alert.category}}\",\"index_pattern\":\"suricata-*\",\"query_string\":\"event.subtype: alert AND log.severity:notice\",\"id\":\"f7dda450-6496-11e8-99f1-8985c7aed077\",\"color\":\"rgba(171,20,158,1)\",\"time_field\":\"@timestamp\",\"icon\":\"fa-tag\",\"ignore_global_filters\":0,\"ignore_panel_filters\":1}],\"background_color_rules\":[{\"value\":0,\"id\":\"e7fcabf0-6499-11e8-99f1-8985c7aed077\",\"background_color\":\"rgba(204,204,204,1)\",\"opperator\":\"gte\"}],\"filter\":\"event.subtype: flow\"},\"aggs\":[]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": []
  },
  {
    "_id": "30ceccd0-6b13-11e8-82af-6743288b8baf",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: Stats - TCP Sessions - TSVB (bar)",
      "visState": "{\"title\":\"Suricata: Stats - TCP Sessions - TSVB (bar)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"8fcb2b40-6b07-11e8-a574-99ddd28603da\",\"color\":\"rgba(0,98,177,1)\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"8fcb2b41-6b07-11e8-a574-99ddd28603da\",\"type\":\"avg\",\"field\":\"stats.tcp.sessions\"},{\"unit\":\"1s\",\"id\":\"bf8037a0-6b10-11e8-a574-99ddd28603da\",\"type\":\"derivative\",\"field\":\"8fcb2b41-6b07-11e8-a574-99ddd28603da\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"none\",\"value_template\":\"{{value}}/s\",\"label\":\"Invalid Packets\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"suricata_stats-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\"},\"aggs\":[]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": []
  },
  {
    "_id": "0905a270-6693-11e8-a67b-cd4cf123b2a5",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: Threat (High-Risk Clients) by Alert Severity & IP Reputation - TSVB (stacked bar)",
      "visState": "{\"title\":\"Suricata: Threat (High-Risk Clients) by Alert Severity & IP Reputation - TSVB (stacked bar)\",\"type\":\"metrics\",\"params\":{\"annotations\":[],\"axis_formatter\":\"number\",\"axis_min\":\"0\",\"axis_position\":\"left\",\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"suricata-*\",\"interval\":\">=1m\",\"series\":[{\"id\":\"645fe9d0-6659-11e8-9465-c9d44be09ca7\",\"color\":\"rgba(0,98,177,1)\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"646010e0-6659-11e8-9465-c9d44be09ca7\",\"type\":\"count\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"3\",\"point_size\":\"0\",\"fill\":\"0\",\"stacked\":\"none\",\"filter\":\"_exists_: rep_tags\",\"axis_min\":\"\",\"label\":\"Bad Reputation\"},{\"axis_position\":\"right\",\"chart_type\":\"bar\",\"color\":\"rgba(244,78,59,1)\",\"fill\":\"1\",\"filter\":\"alert.severity: 1\",\"formatter\":\"number\",\"id\":\"e1d24840-64ab-11e8-ad8a-29349eba0f86\",\"label\":\"Alert\",\"line_width\":\"0\",\"metrics\":[{\"id\":\"e1d24841-64ab-11e8-ad8a-29349eba0f86\",\"type\":\"count\"}],\"point_size\":\"6\",\"seperate_axis\":0,\"split_mode\":\"everything\",\"stacked\":\"stacked\",\"terms_field\":\"event.subtype\",\"terms_size\":\"25\"},{\"axis_position\":\"right\",\"chart_type\":\"bar\",\"color\":\"rgba(254,146,0,1)\",\"fill\":\"1\",\"filter\":\"alert.severity: 2\",\"formatter\":\"number\",\"id\":\"fc678cb0-64ab-11e8-ad8a-29349eba0f86\",\"label\":\"Critical\",\"line_width\":\"0\",\"metrics\":[{\"id\":\"fc678cb1-64ab-11e8-ad8a-29349eba0f86\",\"type\":\"count\"}],\"point_size\":\"6\",\"seperate_axis\":0,\"split_mode\":\"everything\",\"stacked\":\"stacked\",\"terms_field\":\"event.subtype\",\"terms_size\":\"25\"},{\"axis_position\":\"right\",\"chart_type\":\"bar\",\"color\":\"rgba(0,156,224,1)\",\"fill\":\"1\",\"filter\":\"alert.severity: 3\",\"formatter\":\"number\",\"id\":\"1b391b40-64ac-11e8-ad8a-29349eba0f86\",\"label\":\"Warning\",\"line_width\":\"0\",\"metrics\":[{\"id\":\"1b391b41-64ac-11e8-ad8a-29349eba0f86\",\"type\":\"count\"}],\"point_size\":\"6\",\"seperate_axis\":0,\"split_mode\":\"everything\",\"stacked\":\"stacked\",\"terms_field\":\"event.subtype\",\"terms_size\":\"25\"},{\"axis_position\":\"right\",\"chart_type\":\"bar\",\"color\":\"rgba(171,20,158,1)\",\"fill\":\"1\",\"filter\":\"alert.severity: 4\",\"formatter\":\"number\",\"id\":\"33888e60-64ac-11e8-ad8a-29349eba0f86\",\"label\":\"Notice\",\"line_width\":\"0\",\"metrics\":[{\"id\":\"33888e61-64ac-11e8-ad8a-29349eba0f86\",\"type\":\"count\"}],\"point_size\":\"6\",\"seperate_axis\":0,\"split_mode\":\"everything\",\"stacked\":\"stacked\",\"terms_field\":\"event.subtype\",\"terms_size\":\"25\"},{\"axis_position\":\"right\",\"chart_type\":\"bar\",\"color\":\"rgba(123,100,255,1)\",\"fill\":\"1\",\"filter\":\"alert.severity: [5 TO *]\",\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"Other\",\"line_width\":\"0\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"point_size\":1,\"seperate_axis\":0,\"split_mode\":\"everything\",\"stacked\":\"stacked\",\"terms_field\":\"event.subtype\",\"terms_size\":\"25\",\"value_template\":\"{{value}}\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"timeseries\",\"filter\":\"( _exists_: alert.severity OR _exists_: rep_tags ) AND client_autonomous_system: private AND NOT server_autonomous_system: private\"},\"aggs\":[]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": []
  },
  {
    "_id": "10544520-64b0-11e8-9e8d-39632dc6b766",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: Alerts by Severity - TSVB (stacked bar)",
      "visState": "{\"title\":\"Suricata: Alerts by Severity - TSVB (stacked bar)\",\"type\":\"metrics\",\"params\":{\"annotations\":[],\"axis_formatter\":\"number\",\"axis_min\":\"0\",\"axis_position\":\"left\",\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"suricata-*\",\"interval\":\">=1m\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"bar\",\"color\":\"rgba(244,78,59,1)\",\"fill\":\"1\",\"filter\":\"alert.severity: 1\",\"formatter\":\"number\",\"id\":\"e1d24840-64ab-11e8-ad8a-29349eba0f86\",\"label\":\"Alert\",\"line_width\":\"0\",\"metrics\":[{\"id\":\"e1d24841-64ab-11e8-ad8a-29349eba0f86\",\"type\":\"count\"}],\"point_size\":\"6\",\"seperate_axis\":0,\"split_mode\":\"everything\",\"stacked\":\"stacked\",\"terms_field\":\"event.subtype\",\"terms_size\":\"25\"},{\"axis_position\":\"right\",\"chart_type\":\"bar\",\"color\":\"rgba(254,146,0,1)\",\"fill\":\"1\",\"filter\":\"alert.severity: 2\",\"formatter\":\"number\",\"id\":\"fc678cb0-64ab-11e8-ad8a-29349eba0f86\",\"label\":\"Critical\",\"line_width\":\"0\",\"metrics\":[{\"id\":\"fc678cb1-64ab-11e8-ad8a-29349eba0f86\",\"type\":\"count\"}],\"point_size\":\"6\",\"seperate_axis\":0,\"split_mode\":\"everything\",\"stacked\":\"stacked\",\"terms_field\":\"event.subtype\",\"terms_size\":\"25\"},{\"axis_position\":\"right\",\"chart_type\":\"bar\",\"color\":\"rgba(0,156,224,1)\",\"fill\":\"1\",\"filter\":\"alert.severity: 3\",\"formatter\":\"number\",\"id\":\"1b391b40-64ac-11e8-ad8a-29349eba0f86\",\"label\":\"Warning\",\"line_width\":\"0\",\"metrics\":[{\"id\":\"1b391b41-64ac-11e8-ad8a-29349eba0f86\",\"type\":\"count\"}],\"point_size\":\"6\",\"seperate_axis\":0,\"split_mode\":\"everything\",\"stacked\":\"stacked\",\"terms_field\":\"event.subtype\",\"terms_size\":\"25\"},{\"axis_position\":\"right\",\"chart_type\":\"bar\",\"color\":\"rgba(171,20,158,1)\",\"fill\":\"1\",\"filter\":\"alert.severity: 4\",\"formatter\":\"number\",\"id\":\"33888e60-64ac-11e8-ad8a-29349eba0f86\",\"label\":\"Notice\",\"line_width\":\"0\",\"metrics\":[{\"id\":\"33888e61-64ac-11e8-ad8a-29349eba0f86\",\"type\":\"count\"}],\"point_size\":\"6\",\"seperate_axis\":0,\"split_mode\":\"everything\",\"stacked\":\"stacked\",\"terms_field\":\"event.subtype\",\"terms_size\":\"25\"},{\"axis_position\":\"right\",\"chart_type\":\"bar\",\"color\":\"rgba(123,100,255,1)\",\"fill\":\"1\",\"filter\":\"alert.severity: [5 TO *]\",\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"Other\",\"line_width\":\"0\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"point_size\":1,\"seperate_axis\":0,\"split_mode\":\"everything\",\"stacked\":\"stacked\",\"terms_field\":\"event.subtype\",\"terms_size\":\"25\",\"value_template\":\"{{value}}\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"timeseries\"},\"aggs\":[]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": []
  },
  {
    "_id": "38352fe0-6493-11e8-9e8d-39632dc6b766",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: Events by Log Types - TSVB (stacked bar)",
      "visState": "{\"title\":\"Suricata: Events by Log Types - TSVB (stacked bar)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(0,98,177,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"bar\",\"line_width\":1,\"point_size\":1,\"fill\":\"0.5\",\"stacked\":\"none\",\"terms_field\":\"event.subtype\",\"terms_size\":\"25\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"suricata-*\",\"interval\":\"auto\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"annotations\":[{\"fields\":\"alert.category\",\"template\":\"{{alert.category}}\",\"index_pattern\":\"suricata-*\",\"query_string\":\"event.subtype: alert AND log.severity: alert\",\"id\":\"3d25aed0-6493-11e8-99f1-8985c7aed077\",\"color\":\"#F00\",\"time_field\":\"@timestamp\",\"icon\":\"fa-exclamation-triangle\",\"ignore_global_filters\":0,\"ignore_panel_filters\":1},{\"fields\":\"alert.category\",\"template\":\"{{alert.category}}\",\"index_pattern\":\"suricata-*\",\"query_string\":\"event.subtype: alert AND log.severity: critical\",\"id\":\"78f5d950-6496-11e8-99f1-8985c7aed077\",\"color\":\"rgba(254,146,0,1)\",\"time_field\":\"@timestamp\",\"icon\":\"fa-exclamation-triangle\",\"ignore_global_filters\":0,\"ignore_panel_filters\":1},{\"fields\":\"alert.category\",\"template\":\"{{alert.category}}\",\"index_pattern\":\"suricata-*\",\"query_string\":\"event.subtype: alert AND log.severity: warning\",\"id\":\"e83c7b70-6496-11e8-99f1-8985c7aed077\",\"color\":\"rgba(0,156,224,1)\",\"time_field\":\"@timestamp\",\"icon\":\"fa-exclamation-triangle\",\"ignore_global_filters\":0,\"ignore_panel_filters\":1},{\"fields\":\"alert.category\",\"template\":\"{{alert.category}}\",\"index_pattern\":\"suricata-*\",\"query_string\":\"event.subtype: alert AND log.severity: notice\",\"id\":\"f7dda450-6496-11e8-99f1-8985c7aed077\",\"color\":\"rgba(171,20,158,1)\",\"time_field\":\"@timestamp\",\"icon\":\"fa-tag\",\"ignore_global_filters\":0,\"ignore_panel_filters\":1}]},\"aggs\":[]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": []
  },
  {
    "_id": "dc43a050-6b08-11e8-82af-6743288b8baf",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: Stats - Memory Use - TSVB (stacked line)",
      "visState": "{\"title\":\"Suricata: Stats - Memory Use - TSVB (stacked line)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"8fcb2b40-6b07-11e8-a574-99ddd28603da\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"8fcb2b41-6b07-11e8-a574-99ddd28603da\",\"type\":\"avg\",\"field\":\"stats.flow.memuse\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"bytes\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.7\",\"stacked\":\"stacked\",\"value_template\":\"{{value}}\",\"label\":\"Flow\",\"axis_min\":\"0\"},{\"id\":\"14177740-6b09-11e8-a574-99ddd28603da\",\"color\":\"rgba(104,188,0,1)\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"14177741-6b09-11e8-a574-99ddd28603da\",\"type\":\"avg\",\"field\":\"stats.tcp.memuse\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"bytes\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.7\",\"stacked\":\"stacked\",\"value_template\":\"{{value}}\",\"label\":\"TCP\",\"axis_min\":\"0\"},{\"id\":\"3f949560-6b09-11e8-a574-99ddd28603da\",\"color\":\"rgba(25,77,51,1)\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"3f949561-6b09-11e8-a574-99ddd28603da\",\"type\":\"avg\",\"field\":\"stats.tcp.reassembly_memuse\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"bytes\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.7\",\"stacked\":\"stacked\",\"value_template\":\"{{value}}\",\"label\":\"TCP Reassembly\",\"axis_min\":\"0\"},{\"id\":\"5a61b2b0-6b09-11e8-a574-99ddd28603da\",\"color\":\"rgba(250,40,255,1)\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"5a61b2b1-6b09-11e8-a574-99ddd28603da\",\"type\":\"avg\",\"field\":\"stats.http.memuse\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"bytes\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.7\",\"stacked\":\"stacked\",\"value_template\":\"{{value}}\",\"label\":\"HTTP\",\"axis_min\":\"0\"},{\"id\":\"69461b40-6b09-11e8-a574-99ddd28603da\",\"color\":\"rgba(123,100,255,1)\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"69461b41-6b09-11e8-a574-99ddd28603da\",\"type\":\"avg\",\"field\":\"stats.dns.memuse\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"bytes\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.7\",\"stacked\":\"stacked\",\"value_template\":\"{{value}}\",\"label\":\"DNS\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"suricata_stats-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\"},\"aggs\":[]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": []
  },
  {
    "_id": "eac57150-6b1a-11e8-82af-6743288b8baf",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: Stats - IP Protocols - TSVB (stacked line)",
      "visState": "{\"title\":\"Suricata: Stats - IP Protocols - TSVB (stacked line)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"8fcb2b40-6b07-11e8-a574-99ddd28603da\",\"color\":\"rgba(0,156,224,1)\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"8fcb2b41-6b07-11e8-a574-99ddd28603da\",\"type\":\"max\",\"field\":\"stats.decoder.tcp\"},{\"unit\":\"1s\",\"id\":\"cc31e810-6b18-11e8-a574-99ddd28603da\",\"type\":\"derivative\",\"field\":\"8fcb2b41-6b07-11e8-a574-99ddd28603da\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"value_template\":\"{{value}} pkts/s\",\"label\":\"TCP\",\"axis_min\":\"0\"},{\"id\":\"14177740-6b09-11e8-a574-99ddd28603da\",\"color\":\"rgba(0,98,177,1)\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"14177741-6b09-11e8-a574-99ddd28603da\",\"type\":\"max\",\"field\":\"stats.decoder.udp\"},{\"unit\":\"1s\",\"id\":\"0c19c510-6b19-11e8-a574-99ddd28603da\",\"type\":\"derivative\",\"field\":\"14177741-6b09-11e8-a574-99ddd28603da\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"value_template\":\"{{value}} pkts/s\",\"label\":\"UDP\",\"axis_min\":\"0\"},{\"id\":\"3f949560-6b09-11e8-a574-99ddd28603da\",\"color\":\"rgba(104,188,0,1)\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"3f949561-6b09-11e8-a574-99ddd28603da\",\"type\":\"max\",\"field\":\"stats.decoder.icmpv4\"},{\"unit\":\"1s\",\"id\":\"4213abe0-6b19-11e8-a574-99ddd28603da\",\"type\":\"max\",\"field\":\"stats.decoder.icmpv6\"},{\"script\":\"params.icmpv4 + params.icmpv6\",\"id\":\"86ce0310-6b1a-11e8-a574-99ddd28603da\",\"type\":\"calculation\",\"variables\":[{\"id\":\"989c1e10-6b1a-11e8-a574-99ddd28603da\",\"name\":\"icmpv4\",\"field\":\"3f949561-6b09-11e8-a574-99ddd28603da\"},{\"id\":\"9da26ef0-6b1a-11e8-a574-99ddd28603da\",\"field\":\"4213abe0-6b19-11e8-a574-99ddd28603da\",\"name\":\"icmpv6\"}]},{\"unit\":\"1s\",\"id\":\"94938e20-6b1a-11e8-a574-99ddd28603da\",\"type\":\"derivative\",\"field\":\"86ce0310-6b1a-11e8-a574-99ddd28603da\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"value_template\":\"{{value}} pkts/s\",\"label\":\"ICMP\",\"axis_min\":\"0\"},{\"id\":\"5a61b2b0-6b09-11e8-a574-99ddd28603da\",\"color\":\"rgba(123,100,255,1)\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"5a61b2b1-6b09-11e8-a574-99ddd28603da\",\"type\":\"max\",\"field\":\"stats.decoder.gre\"},{\"unit\":\"1s\",\"id\":\"6ef19280-6b19-11e8-a574-99ddd28603da\",\"type\":\"derivative\",\"field\":\"5a61b2b1-6b09-11e8-a574-99ddd28603da\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"value_template\":\"{{value}} pkts/s\",\"label\":\"GRE\",\"axis_min\":\"0\"},{\"id\":\"69461b40-6b09-11e8-a574-99ddd28603da\",\"color\":\"rgba(101,50,148,1)\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"69461b41-6b09-11e8-a574-99ddd28603da\",\"type\":\"max\",\"field\":\"stats.decoder.sctp\"},{\"unit\":\"1s\",\"id\":\"7f2ead40-6b19-11e8-a574-99ddd28603da\",\"type\":\"derivative\",\"field\":\"69461b41-6b09-11e8-a574-99ddd28603da\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"value_template\":\"{{value}} pkts/s\",\"label\":\"SCTP\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"suricata_stats-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\"},\"aggs\":[]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": []
  },
  {
    "_id": "340bf770-6b08-11e8-82af-6743288b8baf",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: Stats - Decoder Traffic Volume - TSVB (line)",
      "visState": "{\"title\":\"Suricata: Stats - Decoder Traffic Volume - TSVB (line)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(4,70,108,1)\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"max\",\"field\":\"stats.decoder.pkts\"},{\"unit\":\"1s\",\"id\":\"46962bf0-6b07-11e8-a574-99ddd28603da\",\"type\":\"derivative\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"seperate_axis\":1,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":\"2\",\"point_size\":\"0\",\"fill\":\"0\",\"stacked\":\"none\",\"value_template\":\"{{value}}/s\",\"label\":\"Packets\",\"axis_min\":\"0\"},{\"id\":\"8fcb2b40-6b07-11e8-a574-99ddd28603da\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"8fcb2b41-6b07-11e8-a574-99ddd28603da\",\"type\":\"max\",\"field\":\"stats.decoder.bytes\"},{\"script\":\"params.bytes * 8\",\"id\":\"8fcb2b43-6b07-11e8-a574-99ddd28603da\",\"type\":\"calculation\",\"variables\":[{\"id\":\"8fcb2b42-6b07-11e8-a574-99ddd28603da\",\"field\":\"8fcb2b41-6b07-11e8-a574-99ddd28603da\",\"name\":\"bytes\"}]},{\"unit\":\"1s\",\"id\":\"8fcb2b44-6b07-11e8-a574-99ddd28603da\",\"type\":\"derivative\",\"field\":\"8fcb2b41-6b07-11e8-a574-99ddd28603da\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"bytes\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":\"0\",\"fill\":\"0.7\",\"stacked\":\"none\",\"value_template\":\"{{value}}/s\",\"label\":\"Bytes\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"suricata_stats-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\"},\"aggs\":[]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": []
  },
  {
    "_id": "51dae990-64a6-11e8-9e8d-39632dc6b766",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: Alert Count (other) - TSVB (metric)",
      "visState": "{\"title\":\"Suricata: Alert Count (other) - TSVB (metric)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"},{\"id\":\"69310560-64a2-11e8-99f1-8985c7aed077\",\"type\":\"cumulative_sum\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"bar\",\"line_width\":1,\"point_size\":1,\"fill\":\"0.6\",\"stacked\":\"none\",\"terms_field\":\"event.subtype\",\"terms_size\":\"25\",\"label\":\"Other\",\"filter\":\"\",\"series_drop_last_bucket\":0}],\"time_field\":\"@timestamp\",\"index_pattern\":\"suricata-*\",\"interval\":\"auto\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"annotations\":[{\"fields\":\"alert.category\",\"template\":\"{{alert.category}}\",\"index_pattern\":\"suricata-*\",\"query_string\":\"event.subtype: alert AND log.severity:alert\",\"id\":\"3d25aed0-6493-11e8-99f1-8985c7aed077\",\"color\":\"#F00\",\"time_field\":\"@timestamp\",\"icon\":\"fa-exclamation-triangle\",\"ignore_global_filters\":0,\"ignore_panel_filters\":1},{\"fields\":\"alert.category\",\"template\":\"{{alert.category}}\",\"index_pattern\":\"suricata-*\",\"query_string\":\"event.subtype: alert AND log.severity:critical\",\"id\":\"78f5d950-6496-11e8-99f1-8985c7aed077\",\"color\":\"rgba(251,158,0,1)\",\"time_field\":\"@timestamp\",\"icon\":\"fa-exclamation-triangle\",\"ignore_global_filters\":0,\"ignore_panel_filters\":1},{\"fields\":\"alert.category\",\"template\":\"{{alert.category}}\",\"index_pattern\":\"suricata-*\",\"query_string\":\"event.subtype: alert AND log.severity:warning\",\"id\":\"e83c7b70-6496-11e8-99f1-8985c7aed077\",\"color\":\"rgba(0,156,224,1)\",\"time_field\":\"@timestamp\",\"icon\":\"fa-exclamation-triangle\",\"ignore_global_filters\":0,\"ignore_panel_filters\":1},{\"fields\":\"alert.category\",\"template\":\"{{alert.category}}\",\"index_pattern\":\"suricata-*\",\"query_string\":\"event.subtype: alert AND log.severity:notice\",\"id\":\"f7dda450-6496-11e8-99f1-8985c7aed077\",\"color\":\"rgba(171,20,158,1)\",\"time_field\":\"@timestamp\",\"icon\":\"fa-tag\",\"ignore_global_filters\":0,\"ignore_panel_filters\":1}],\"background_color_rules\":[{\"value\":0,\"id\":\"e7fcabf0-6499-11e8-99f1-8985c7aed077\",\"background_color\":\"rgba(153,153,153,1)\",\"opperator\":\"lte\",\"operator\":\"lte\"},{\"value\":1,\"id\":\"25c72730-649a-11e8-99f1-8985c7aed077\",\"background_color\":\"rgba(123,100,255,1)\",\"opperator\":\"gte\",\"operator\":\"gte\"}],\"filter\":\"alert.severity: [5 TO *]\",\"axis_scale\":\"normal\",\"default_index_pattern\":\"syslog-*\"},\"aggs\":[]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": []
  },
  {
    "_id": "a7797730-6b19-11e8-82af-6743288b8baf",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: Stats - IP Versions - TSVB (stacked line)",
      "visState": "{\"title\":\"Suricata: Stats - IP Versions - TSVB (stacked line)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"8fcb2b40-6b07-11e8-a574-99ddd28603da\",\"color\":\"rgba(0,156,224,1)\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"8fcb2b41-6b07-11e8-a574-99ddd28603da\",\"type\":\"max\",\"field\":\"stats.decoder.ipv4\"},{\"unit\":\"1s\",\"id\":\"cc31e810-6b18-11e8-a574-99ddd28603da\",\"type\":\"derivative\",\"field\":\"8fcb2b41-6b07-11e8-a574-99ddd28603da\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"value_template\":\"{{value}}/s\",\"label\":\"IPv4\",\"axis_min\":\"0\"},{\"id\":\"14177740-6b09-11e8-a574-99ddd28603da\",\"color\":\"rgba(0,98,177,1)\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"14177741-6b09-11e8-a574-99ddd28603da\",\"type\":\"max\",\"field\":\"stats.decoder.ipv4_in_ipv6\"},{\"unit\":\"1s\",\"id\":\"0c19c510-6b19-11e8-a574-99ddd28603da\",\"type\":\"derivative\",\"field\":\"14177741-6b09-11e8-a574-99ddd28603da\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"value_template\":\"{{value}}/s\",\"label\":\"IPv4-in-IPv6\",\"axis_min\":\"0\"},{\"id\":\"3f949560-6b09-11e8-a574-99ddd28603da\",\"color\":\"rgba(174,161,255,1)\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"3f949561-6b09-11e8-a574-99ddd28603da\",\"type\":\"max\",\"field\":\"stats.decoder.ipv6\"},{\"unit\":\"1s\",\"id\":\"4213abe0-6b19-11e8-a574-99ddd28603da\",\"type\":\"derivative\",\"field\":\"3f949561-6b09-11e8-a574-99ddd28603da\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"value_template\":\"{{value}}/s\",\"label\":\"IPv6\",\"axis_min\":\"0\"},{\"id\":\"5a61b2b0-6b09-11e8-a574-99ddd28603da\",\"color\":\"rgba(123,100,255,1)\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"5a61b2b1-6b09-11e8-a574-99ddd28603da\",\"type\":\"max\",\"field\":\"stats.decoder.ipv6_in_ipv6\"},{\"unit\":\"1s\",\"id\":\"6ef19280-6b19-11e8-a574-99ddd28603da\",\"type\":\"derivative\",\"field\":\"5a61b2b1-6b09-11e8-a574-99ddd28603da\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"value_template\":\"{{value}}/s\",\"label\":\"IPv6-in-IPv6\",\"axis_min\":\"0\"},{\"id\":\"69461b40-6b09-11e8-a574-99ddd28603da\",\"color\":\"rgba(101,50,148,1)\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"69461b41-6b09-11e8-a574-99ddd28603da\",\"type\":\"max\",\"field\":\"stats.decoder.teredo\"},{\"unit\":\"1s\",\"id\":\"7f2ead40-6b19-11e8-a574-99ddd28603da\",\"type\":\"derivative\",\"field\":\"69461b41-6b09-11e8-a574-99ddd28603da\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"value_template\":\"{{value}}/s\",\"label\":\"Teredo\",\"axis_min\":\"0\"},{\"id\":\"64ecf1f0-6b17-11e8-a574-99ddd28603da\",\"color\":\"rgba(254,146,0,1)\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"64ecf1f1-6b17-11e8-a574-99ddd28603da\",\"type\":\"max\",\"field\":\"stats.decoder.ipraw.invalid_ip_version\"},{\"unit\":\"1s\",\"id\":\"9332bb10-6b19-11e8-a574-99ddd28603da\",\"type\":\"derivative\",\"field\":\"64ecf1f1-6b17-11e8-a574-99ddd28603da\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"stacked\",\"value_template\":\"{{value}}/s\",\"label\":\"Invalid IP ver.\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"suricata_stats-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\"},\"aggs\":[]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": []
  },
  {
    "_id": "f05c2b10-6b09-11e8-82af-6743288b8baf",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: Statistics - input list",
      "visState": "{\"title\":\"Suricata: Statistics - input list\",\"type\":\"input_control_vis\",\"params\":{\"controls\":[{\"id\":\"1527742767549\",\"fieldName\":\"node.hostname\",\"label\":\"Suricata Instance\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":250,\"order\":\"desc\"},\"indexPatternRefName\":\"control_0_index_pattern\"}],\"updateFiltersOnChange\":true,\"useTimeFilter\":true},\"aggs\":[]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "control_0_index_pattern",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "e1ca2100-64a2-11e8-9e8d-39632dc6b766",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: Alert Count (warning) - TSVB (metric)",
      "visState": "{\"title\":\"Suricata: Alert Count (warning) - TSVB (metric)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"},{\"id\":\"69310560-64a2-11e8-99f1-8985c7aed077\",\"type\":\"cumulative_sum\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"bar\",\"line_width\":1,\"point_size\":1,\"fill\":\"0.6\",\"stacked\":\"none\",\"terms_field\":\"event.subtype\",\"terms_size\":\"25\",\"label\":\"Warning\",\"filter\":\"\",\"series_drop_last_bucket\":0}],\"time_field\":\"@timestamp\",\"index_pattern\":\"suricata-*\",\"interval\":\"auto\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"annotations\":[{\"fields\":\"alert.category\",\"template\":\"{{alert.category}}\",\"index_pattern\":\"suricata-*\",\"query_string\":\"event.subtype: alert AND log.severity:alert\",\"id\":\"3d25aed0-6493-11e8-99f1-8985c7aed077\",\"color\":\"#F00\",\"time_field\":\"@timestamp\",\"icon\":\"fa-exclamation-triangle\",\"ignore_global_filters\":0,\"ignore_panel_filters\":1},{\"fields\":\"alert.category\",\"template\":\"{{alert.category}}\",\"index_pattern\":\"suricata-*\",\"query_string\":\"event.subtype: alert AND log.severity:critical\",\"id\":\"78f5d950-6496-11e8-99f1-8985c7aed077\",\"color\":\"rgba(251,158,0,1)\",\"time_field\":\"@timestamp\",\"icon\":\"fa-exclamation-triangle\",\"ignore_global_filters\":0,\"ignore_panel_filters\":1},{\"fields\":\"alert.category\",\"template\":\"{{alert.category}}\",\"index_pattern\":\"suricata-*\",\"query_string\":\"event.subtype: alert AND log.severity:warning\",\"id\":\"e83c7b70-6496-11e8-99f1-8985c7aed077\",\"color\":\"rgba(0,156,224,1)\",\"time_field\":\"@timestamp\",\"icon\":\"fa-exclamation-triangle\",\"ignore_global_filters\":0,\"ignore_panel_filters\":1},{\"fields\":\"alert.category\",\"template\":\"{{alert.category}}\",\"index_pattern\":\"suricata-*\",\"query_string\":\"event.subtype: alert AND log.severity:notice\",\"id\":\"f7dda450-6496-11e8-99f1-8985c7aed077\",\"color\":\"rgba(171,20,158,1)\",\"time_field\":\"@timestamp\",\"icon\":\"fa-tag\",\"ignore_global_filters\":0,\"ignore_panel_filters\":1}],\"background_color_rules\":[{\"value\":0,\"id\":\"e7fcabf0-6499-11e8-99f1-8985c7aed077\",\"background_color\":\"rgba(153,153,153,1)\",\"opperator\":\"lte\",\"operator\":\"lte\"},{\"value\":1,\"id\":\"25c72730-649a-11e8-99f1-8985c7aed077\",\"background_color\":\"rgba(0,156,224,1)\",\"opperator\":\"gte\",\"operator\":\"gte\"}],\"filter\":\"alert.severity: 3\",\"axis_scale\":\"normal\",\"default_index_pattern\":\"syslog-*\"},\"aggs\":[]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": []
  },
  {
    "_id": "426aba70-7c66-11e9-ab58-c1e5cf60a7ac",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: NAV: Alerts (overview) - TSVB (markdown)",
      "visState": "{\"title\":\"Suricata: NAV: Alerts (overview) - TSVB (markdown)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"\",\"interval\":\"auto\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"default_index_pattern\":\"syslog-*\",\"markdown_less\":\"p {\\n    color: #cccccc;\\n    margin-top: 0px;\\n    margin-bottom: 16px;\\n}\\np a {\\n    color: #00bfb3;\\n\\tfont-size: 14px;\\n\\tfont-weight: bold;\\n\\ttext-decoration: none;\\n}\\np a strong {\\n    color: #f04e98;\\n\\tfont-weight: bold;\\n}\\nhr {\\n    background-color: #cccccc;\\n    margin: 0px;\\n    height: 1px;\\n}\",\"markdown_css\":\"#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p{color:#cccccc;margin-top:0;margin-bottom:16px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a{color:#00bfb3;font-size:14px;font-weight:bold;text-decoration:none}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a strong{color:#f04e98;font-weight:bold}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 hr{background-color:#cccccc;margin:0;height:1px}\",\"markdown\":\"[**Overview**](#/dashboard/076caa20-64aa-11e8-9e8d-39632dc6b766) | [Messages](#/dashboard/4280b6f0-64b5-11e8-9e8d-39632dc6b766)\\n![](http://www.koiossian.com/public/suricata.gif)\\n***\"},\"aggs\":[]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": []
  },
  {
    "_id": "fb7c0a50-64a2-11e8-9e8d-39632dc6b766",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: Alert Count (notice) - TSVB (metric)",
      "visState": "{\"title\":\"Suricata: Alert Count (notice) - TSVB (metric)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"},{\"id\":\"69310560-64a2-11e8-99f1-8985c7aed077\",\"type\":\"cumulative_sum\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"bar\",\"line_width\":1,\"point_size\":1,\"fill\":\"0.6\",\"stacked\":\"none\",\"terms_field\":\"event.subtype\",\"terms_size\":\"25\",\"label\":\"Notice\",\"filter\":\"\",\"series_drop_last_bucket\":0}],\"time_field\":\"@timestamp\",\"index_pattern\":\"suricata-*\",\"interval\":\"auto\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"annotations\":[{\"fields\":\"alert.category\",\"template\":\"{{alert.category}}\",\"index_pattern\":\"suricata-*\",\"query_string\":\"event.subtype: alert AND log.severity:alert\",\"id\":\"3d25aed0-6493-11e8-99f1-8985c7aed077\",\"color\":\"#F00\",\"time_field\":\"@timestamp\",\"icon\":\"fa-exclamation-triangle\",\"ignore_global_filters\":0,\"ignore_panel_filters\":1},{\"fields\":\"alert.category\",\"template\":\"{{alert.category}}\",\"index_pattern\":\"suricata-*\",\"query_string\":\"event.subtype: alert AND log.severity:critical\",\"id\":\"78f5d950-6496-11e8-99f1-8985c7aed077\",\"color\":\"rgba(251,158,0,1)\",\"time_field\":\"@timestamp\",\"icon\":\"fa-exclamation-triangle\",\"ignore_global_filters\":0,\"ignore_panel_filters\":1},{\"fields\":\"alert.category\",\"template\":\"{{alert.category}}\",\"index_pattern\":\"suricata-*\",\"query_string\":\"event.subtype: alert AND log.severity:warning\",\"id\":\"e83c7b70-6496-11e8-99f1-8985c7aed077\",\"color\":\"rgba(0,156,224,1)\",\"time_field\":\"@timestamp\",\"icon\":\"fa-exclamation-triangle\",\"ignore_global_filters\":0,\"ignore_panel_filters\":1},{\"fields\":\"alert.category\",\"template\":\"{{alert.category}}\",\"index_pattern\":\"suricata-*\",\"query_string\":\"event.subtype: alert AND log.severity:notice\",\"id\":\"f7dda450-6496-11e8-99f1-8985c7aed077\",\"color\":\"rgba(171,20,158,1)\",\"time_field\":\"@timestamp\",\"icon\":\"fa-tag\",\"ignore_global_filters\":0,\"ignore_panel_filters\":1}],\"background_color_rules\":[{\"value\":0,\"id\":\"e7fcabf0-6499-11e8-99f1-8985c7aed077\",\"background_color\":\"rgba(153,153,153,1)\",\"opperator\":\"lte\",\"operator\":\"lte\"},{\"value\":1,\"id\":\"25c72730-649a-11e8-99f1-8985c7aed077\",\"background_color\":\"rgba(171,20,158,1)\",\"opperator\":\"gte\",\"operator\":\"gte\"}],\"filter\":\"alert.severity: 4\",\"axis_scale\":\"normal\",\"default_index_pattern\":\"syslog-*\"},\"aggs\":[]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": []
  },
  {
    "_id": "f3890650-648d-11e8-9e8d-39632dc6b766",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: Logo",
      "visState": "{\"title\":\"Suricata: Logo\",\"type\":\"markdown\",\"params\":{\"fontSize\":12,\"markdown\":\"[![sýnesis™ Lite for Suricata](http://www.koiossian.com/public/synesis_logo.svg)](http://www.koiossian.com)\",\"openLinksInNewTab\":false},\"aggs\":[]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": []
  },
  {
    "_id": "c8438d70-64a2-11e8-9e8d-39632dc6b766",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: Alert Count (critical) - TSVB (metric)",
      "visState": "{\"title\":\"Suricata: Alert Count (critical) - TSVB (metric)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"},{\"id\":\"69310560-64a2-11e8-99f1-8985c7aed077\",\"type\":\"cumulative_sum\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"bar\",\"line_width\":1,\"point_size\":1,\"fill\":\"0.6\",\"stacked\":\"none\",\"terms_field\":\"event.subtype\",\"terms_size\":\"25\",\"label\":\"Critical\",\"filter\":\"\",\"series_drop_last_bucket\":0}],\"time_field\":\"@timestamp\",\"index_pattern\":\"suricata-*\",\"interval\":\"auto\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"annotations\":[{\"fields\":\"alert.category\",\"template\":\"{{alert.category}}\",\"index_pattern\":\"suricata-*\",\"query_string\":\"event.subtype: alert AND log.severity:alert\",\"id\":\"3d25aed0-6493-11e8-99f1-8985c7aed077\",\"color\":\"#F00\",\"time_field\":\"@timestamp\",\"icon\":\"fa-exclamation-triangle\",\"ignore_global_filters\":0,\"ignore_panel_filters\":1},{\"fields\":\"alert.category\",\"template\":\"{{alert.category}}\",\"index_pattern\":\"suricata-*\",\"query_string\":\"event.subtype: alert AND log.severity:critical\",\"id\":\"78f5d950-6496-11e8-99f1-8985c7aed077\",\"color\":\"rgba(251,158,0,1)\",\"time_field\":\"@timestamp\",\"icon\":\"fa-exclamation-triangle\",\"ignore_global_filters\":0,\"ignore_panel_filters\":1},{\"fields\":\"alert.category\",\"template\":\"{{alert.category}}\",\"index_pattern\":\"suricata-*\",\"query_string\":\"event.subtype: alert AND log.severity:warning\",\"id\":\"e83c7b70-6496-11e8-99f1-8985c7aed077\",\"color\":\"rgba(0,156,224,1)\",\"time_field\":\"@timestamp\",\"icon\":\"fa-exclamation-triangle\",\"ignore_global_filters\":0,\"ignore_panel_filters\":1},{\"fields\":\"alert.category\",\"template\":\"{{alert.category}}\",\"index_pattern\":\"suricata-*\",\"query_string\":\"event.subtype: alert AND log.severity:notice\",\"id\":\"f7dda450-6496-11e8-99f1-8985c7aed077\",\"color\":\"rgba(171,20,158,1)\",\"time_field\":\"@timestamp\",\"icon\":\"fa-tag\",\"ignore_global_filters\":0,\"ignore_panel_filters\":1}],\"background_color_rules\":[{\"value\":0,\"id\":\"e7fcabf0-6499-11e8-99f1-8985c7aed077\",\"background_color\":\"rgba(153,153,153,1)\",\"opperator\":\"lte\",\"operator\":\"lte\"},{\"value\":1,\"id\":\"25c72730-649a-11e8-99f1-8985c7aed077\",\"background_color\":\"rgba(254,146,0,1)\",\"opperator\":\"gte\",\"operator\":\"gte\"}],\"filter\":\"alert.severity: 2\",\"axis_scale\":\"normal\",\"default_index_pattern\":\"syslog-*\"},\"aggs\":[]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": []
  },
  {
    "_id": "484e91d0-649a-11e8-9e8d-39632dc6b766",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: Alert Count (alert) - TSVB (metric)",
      "visState": "{\"title\":\"Suricata: Alert Count (alert) - TSVB (metric)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"},{\"id\":\"69310560-64a2-11e8-99f1-8985c7aed077\",\"type\":\"cumulative_sum\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"bar\",\"line_width\":1,\"point_size\":1,\"fill\":\"0.6\",\"stacked\":\"none\",\"terms_field\":\"event.subtype\",\"terms_size\":\"25\",\"label\":\"Alert\",\"filter\":\"\",\"series_drop_last_bucket\":0}],\"time_field\":\"@timestamp\",\"index_pattern\":\"suricata-*\",\"interval\":\"auto\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"annotations\":[{\"fields\":\"alert.category\",\"template\":\"{{alert.category}}\",\"index_pattern\":\"suricata-*\",\"query_string\":\"event.subtype: alert AND log.severity:alert\",\"id\":\"3d25aed0-6493-11e8-99f1-8985c7aed077\",\"color\":\"#F00\",\"time_field\":\"@timestamp\",\"icon\":\"fa-exclamation-triangle\",\"ignore_global_filters\":0,\"ignore_panel_filters\":1},{\"fields\":\"alert.category\",\"template\":\"{{alert.category}}\",\"index_pattern\":\"suricata-*\",\"query_string\":\"event.subtype: alert AND log.severity:critical\",\"id\":\"78f5d950-6496-11e8-99f1-8985c7aed077\",\"color\":\"rgba(251,158,0,1)\",\"time_field\":\"@timestamp\",\"icon\":\"fa-exclamation-triangle\",\"ignore_global_filters\":0,\"ignore_panel_filters\":1},{\"fields\":\"alert.category\",\"template\":\"{{alert.category}}\",\"index_pattern\":\"suricata-*\",\"query_string\":\"event.subtype: alert AND log.severity:warning\",\"id\":\"e83c7b70-6496-11e8-99f1-8985c7aed077\",\"color\":\"rgba(0,156,224,1)\",\"time_field\":\"@timestamp\",\"icon\":\"fa-exclamation-triangle\",\"ignore_global_filters\":0,\"ignore_panel_filters\":1},{\"fields\":\"alert.category\",\"template\":\"{{alert.category}}\",\"index_pattern\":\"suricata-*\",\"query_string\":\"event.subtype: alert AND log.severity:notice\",\"id\":\"f7dda450-6496-11e8-99f1-8985c7aed077\",\"color\":\"rgba(171,20,158,1)\",\"time_field\":\"@timestamp\",\"icon\":\"fa-tag\",\"ignore_global_filters\":0,\"ignore_panel_filters\":1}],\"background_color_rules\":[{\"value\":0,\"id\":\"e7fcabf0-6499-11e8-99f1-8985c7aed077\",\"background_color\":\"rgba(153,153,153,1)\",\"opperator\":\"lte\",\"operator\":\"lte\"},{\"value\":1,\"id\":\"25c72730-649a-11e8-99f1-8985c7aed077\",\"background_color\":\"rgba(244,78,59,1)\",\"opperator\":\"gte\",\"operator\":\"gte\"}],\"filter\":\"alert.severity: 1\",\"axis_scale\":\"normal\",\"default_index_pattern\":\"syslog-*\"},\"aggs\":[]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": []
  },
  {
    "_id": "cefaeff0-6b14-11e8-82af-6743288b8baf",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: Stats - Kernel Drops - TSVB (bar)",
      "visState": "{\"title\":\"Suricata: Stats - Kernel Drops - TSVB (bar)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"8fcb2b40-6b07-11e8-a574-99ddd28603da\",\"color\":\"rgba(159,5,0,1)\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"8fcb2b41-6b07-11e8-a574-99ddd28603da\",\"type\":\"avg\",\"field\":\"stats.capture.kernel_drops\"},{\"unit\":\"1s\",\"id\":\"bf8037a0-6b10-11e8-a574-99ddd28603da\",\"type\":\"derivative\",\"field\":\"8fcb2b41-6b07-11e8-a574-99ddd28603da\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"none\",\"value_template\":\"{{value}}/s\",\"label\":\"Kernel Drops\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"suricata_stats-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\"},\"aggs\":[]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": []
  },
  {
    "_id": "3bfa7db0-6b14-11e8-82af-6743288b8baf",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: Stats - Alerts Detected - TSVB (bar)",
      "visState": "{\"title\":\"Suricata: Stats - Alerts Detected - TSVB (bar)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"8fcb2b40-6b07-11e8-a574-99ddd28603da\",\"color\":\"rgba(244,78,59,1)\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"8fcb2b41-6b07-11e8-a574-99ddd28603da\",\"type\":\"avg\",\"field\":\"stats.detect.alert\"},{\"unit\":\"1s\",\"id\":\"bf8037a0-6b10-11e8-a574-99ddd28603da\",\"type\":\"derivative\",\"field\":\"8fcb2b41-6b07-11e8-a574-99ddd28603da\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"none\",\"value_template\":\"{{value}}/s\",\"label\":\"Alerts\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"suricata_stats-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\"},\"aggs\":[]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": []
  },
  {
    "_id": "f3137eb0-6b10-11e8-82af-6743288b8baf",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: Stats - Invalid Packets - TSVB (bar)",
      "visState": "{\"title\":\"Suricata: Stats - Invalid Packets - TSVB (bar)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"timeseries\",\"series\":[{\"id\":\"8fcb2b40-6b07-11e8-a574-99ddd28603da\",\"color\":\"rgba(254,146,0,1)\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"8fcb2b41-6b07-11e8-a574-99ddd28603da\",\"type\":\"avg\",\"field\":\"stats.decoder.invalid\"},{\"unit\":\"1s\",\"id\":\"bf8037a0-6b10-11e8-a574-99ddd28603da\",\"type\":\"derivative\",\"field\":\"8fcb2b41-6b07-11e8-a574-99ddd28603da\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":\"0\",\"fill\":\"0.8\",\"stacked\":\"none\",\"value_template\":\"{{value}}/s\",\"label\":\"Invalid Packets\",\"axis_min\":\"0\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"suricata_stats-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"axis_min\":\"0\"},\"aggs\":[]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": []
  },
  {
    "_id": "55f2c990-6658-11e8-a67b-cd4cf123b2a5",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: Logs by IP Reputation - TSVB (stacked bar)",
      "visState": "{\"title\":\"Suricata: Logs by IP Reputation - TSVB (stacked bar)\",\"type\":\"metrics\",\"params\":{\"annotations\":[],\"axis_formatter\":\"number\",\"axis_min\":\"0\",\"axis_position\":\"left\",\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"suricata-*\",\"interval\":\">=1m\",\"series\":[{\"axis_position\":\"right\",\"chart_type\":\"bar\",\"color\":\"rgba(144,201,227,1)\",\"fill\":\"1\",\"filter\":\"\",\"formatter\":\"number\",\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"label\":\"IP Reputation\",\"line_width\":\"0\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"point_size\":1,\"seperate_axis\":0,\"split_mode\":\"terms\",\"stacked\":\"stacked\",\"terms_field\":\"rep_tags\",\"terms_size\":\"50\",\"value_template\":\"{{value}}\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"timeseries\",\"filter\":\"_exists_: rep_tags\"},\"aggs\":[]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": []
  },
  {
    "_id": "AWFhGnANugC1WJLdzaom",
    "_type": "visualization",
    "_source": {
      "title": "Synesis: Logo",
      "visState": "{\"title\":\"Synesis: Logo\",\"type\":\"markdown\",\"params\":{\"fontSize\":8,\"markdown\":\"[![sýnesis™ Lite for Syslog](http://www.koiossian.com/public/synesis_logo.svg)](http://www.koiossian.com)\",\"openLinksInNewTab\":false,\"type\":\"markdown\"},\"aggs\":[]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"query\":{\"language\":\"lucene\",\"query\":{\"match_all\":{}}},\"filter\":[]}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": []
  },
  {
    "_id": "2953ffb0-7c66-11e9-ab58-c1e5cf60a7ac",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: NAV: Alerts (messages) - TSVB (markdown)",
      "visState": "{\"title\":\"Suricata: NAV: Alerts (messages) - TSVB (markdown)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"\",\"interval\":\"auto\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"default_index_pattern\":\"syslog-*\",\"markdown_less\":\"p {\\n    color: #cccccc;\\n    margin-top: 0px;\\n    margin-bottom: 16px;\\n}\\np a {\\n    color: #00bfb3;\\n\\tfont-size: 14px;\\n\\tfont-weight: bold;\\n\\ttext-decoration: none;\\n}\\np a strong {\\n    color: #f04e98;\\n\\tfont-weight: bold;\\n}\\nhr {\\n    background-color: #cccccc;\\n    margin: 0px;\\n    height: 1px;\\n}\",\"markdown_css\":\"#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p{color:#cccccc;margin-top:0;margin-bottom:16px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a{color:#00bfb3;font-size:14px;font-weight:bold;text-decoration:none}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a strong{color:#f04e98;font-weight:bold}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 hr{background-color:#cccccc;margin:0;height:1px}\",\"markdown\":\"[Overview](#/dashboard/076caa20-64aa-11e8-9e8d-39632dc6b766) | [**Messages**](#/dashboard/4280b6f0-64b5-11e8-9e8d-39632dc6b766)\\n![](http://www.koiossian.com/public/suricata.gif)\\n***\"},\"aggs\":[]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": []
  },
  {
    "_id": "72967710-7c67-11e9-ab58-c1e5cf60a7ac",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: NAV: Threats (High-Risk Clients) - TSVB (markdown)",
      "visState": "{\"title\":\"Suricata: NAV: Threats (High-Risk Clients) - TSVB (markdown)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"\",\"interval\":\"auto\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"default_index_pattern\":\"syslog-*\",\"markdown_less\":\"p {\\n    color: #cccccc;\\n    margin-top: 0px;\\n    margin-bottom: 16px;\\n}\\np a {\\n    color: #00bfb3;\\n\\tfont-size: 14px;\\n\\tfont-weight: bold;\\n\\ttext-decoration: none;\\n}\\np a strong {\\n    color: #f04e98;\\n\\tfont-weight: bold;\\n}\\nhr {\\n    background-color: #cccccc;\\n    margin: 0px;\\n    height: 1px;\\n}\",\"markdown_css\":\"#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p{color:#cccccc;margin-top:0;margin-bottom:16px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a{color:#00bfb3;font-size:14px;font-weight:bold;text-decoration:none}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a strong{color:#f04e98;font-weight:bold}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 hr{background-color:#cccccc;margin:0;height:1px}\",\"markdown\":\"[Public Threats](#/dashboard/cfa96750-6651-11e8-a67b-cd4cf123b2a5) | [At-Risk Servers](#/dashboard/8b61bf60-6661-11e8-a67b-cd4cf123b2a5) | [At-Risk Services](#/dashboard/b333afd0-6661-11e8-a67b-cd4cf123b2a5) | [**High-Risk Clients**](#/dashboard/d9a23fb0-6661-11e8-a67b-cd4cf123b2a5)\\n![](http://www.koiossian.com/public/suricata.gif)\\n***\"},\"aggs\":[]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": []
  },
  {
    "_id": "3fc21330-7c67-11e9-ab58-c1e5cf60a7ac",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: NAV: Threats (At-Risk Servers) - TSVB (markdown)",
      "visState": "{\"title\":\"Suricata: NAV: Threats (At-Risk Servers) - TSVB (markdown)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"\",\"interval\":\"auto\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"default_index_pattern\":\"syslog-*\",\"markdown_less\":\"p {\\n    color: #cccccc;\\n    margin-top: 0px;\\n    margin-bottom: 16px;\\n}\\np a {\\n    color: #00bfb3;\\n\\tfont-size: 14px;\\n\\tfont-weight: bold;\\n\\ttext-decoration: none;\\n}\\np a strong {\\n    color: #f04e98;\\n\\tfont-weight: bold;\\n}\\nhr {\\n    background-color: #cccccc;\\n    margin: 0px;\\n    height: 1px;\\n}\",\"markdown_css\":\"#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p{color:#cccccc;margin-top:0;margin-bottom:16px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a{color:#00bfb3;font-size:14px;font-weight:bold;text-decoration:none}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a strong{color:#f04e98;font-weight:bold}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 hr{background-color:#cccccc;margin:0;height:1px}\",\"markdown\":\"[Public Threats](#/dashboard/cfa96750-6651-11e8-a67b-cd4cf123b2a5) | [**At-Risk Servers**](#/dashboard/8b61bf60-6661-11e8-a67b-cd4cf123b2a5) | [At-Risk Services](#/dashboard/b333afd0-6661-11e8-a67b-cd4cf123b2a5) | [High-Risk Clients](#/dashboard/d9a23fb0-6661-11e8-a67b-cd4cf123b2a5)\\n![](http://www.koiossian.com/public/suricata.gif)\\n***\"},\"aggs\":[]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": []
  },
  {
    "_id": "a8f699c0-7c67-11e9-ab58-c1e5cf60a7ac",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: NAV: Threats (Public Threats) - TSVB (markdown)",
      "visState": "{\"title\":\"Suricata: NAV: Threats (Public Threats) - TSVB (markdown)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"\",\"interval\":\"auto\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"default_index_pattern\":\"syslog-*\",\"markdown_less\":\"p {\\n    color: #cccccc;\\n    margin-top: 0px;\\n    margin-bottom: 16px;\\n}\\np a {\\n    color: #00bfb3;\\n\\tfont-size: 14px;\\n\\tfont-weight: bold;\\n\\ttext-decoration: none;\\n}\\np a strong {\\n    color: #f04e98;\\n\\tfont-weight: bold;\\n}\\nhr {\\n    background-color: #cccccc;\\n    margin: 0px;\\n    height: 1px;\\n}\",\"markdown_css\":\"#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p{color:#cccccc;margin-top:0;margin-bottom:16px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a{color:#00bfb3;font-size:14px;font-weight:bold;text-decoration:none}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a strong{color:#f04e98;font-weight:bold}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 hr{background-color:#cccccc;margin:0;height:1px}\",\"markdown\":\"[**Public Threats**](#/dashboard/cfa96750-6651-11e8-a67b-cd4cf123b2a5) | [At-Risk Servers](#/dashboard/8b61bf60-6661-11e8-a67b-cd4cf123b2a5) | [At-Risk Services](#/dashboard/b333afd0-6661-11e8-a67b-cd4cf123b2a5) | [High-Risk Clients](#/dashboard/d9a23fb0-6661-11e8-a67b-cd4cf123b2a5)\\n![](http://www.koiossian.com/public/suricata.gif)\\n***\"},\"aggs\":[]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": []
  },
  {
    "_id": "1d8d3560-7c67-11e9-ab58-c1e5cf60a7ac",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: NAV: HTTP (messages) - TSVB (markdown)",
      "visState": "{\"title\":\"Suricata: NAV: HTTP (messages) - TSVB (markdown)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"\",\"interval\":\"auto\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"default_index_pattern\":\"syslog-*\",\"markdown_less\":\"p {\\n    color: #cccccc;\\n    margin-top: 0px;\\n    margin-bottom: 16px;\\n}\\np a {\\n    color: #00bfb3;\\n\\tfont-size: 14px;\\n\\tfont-weight: bold;\\n\\ttext-decoration: none;\\n}\\np a strong {\\n    color: #f04e98;\\n\\tfont-weight: bold;\\n}\\nhr {\\n    background-color: #cccccc;\\n    margin: 0px;\\n    height: 1px;\\n}\",\"markdown_css\":\"#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p{color:#cccccc;margin-top:0;margin-bottom:16px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a{color:#00bfb3;font-size:14px;font-weight:bold;text-decoration:none}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a strong{color:#f04e98;font-weight:bold}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 hr{background-color:#cccccc;margin:0;height:1px}\",\"markdown\":\"[Overview](#/dashboard/e43a5af0-6695-11e8-a67b-cd4cf123b2a5) | [**Messages**](#/dashboard/b0662710-6a76-11e8-82af-6743288b8baf)\\n![](http://www.koiossian.com/public/suricata.gif)\\n***\"},\"aggs\":[]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": []
  },
  {
    "_id": "3e1c1990-648f-11e8-9e8d-39632dc6b766",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: Blank",
      "visState": "{\"title\":\"Suricata: Blank\",\"type\":\"markdown\",\"params\":{\"fontSize\":8,\"markdown\":\"\",\"openLinksInNewTab\":false},\"aggs\":[]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": []
  },
  {
    "_id": "aec05720-7c66-11e9-ab58-c1e5cf60a7ac",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: NAV: Flows (geoip) - TSVB (markdown)",
      "visState": "{\"title\":\"Suricata: NAV: Flows (geoip) - TSVB (markdown)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"\",\"interval\":\"auto\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"default_index_pattern\":\"syslog-*\",\"markdown_less\":\"p {\\n    color: #cccccc;\\n    margin-top: 0px;\\n    margin-bottom: 16px;\\n}\\np a {\\n    color: #00bfb3;\\n\\tfont-size: 14px;\\n\\tfont-weight: bold;\\n\\ttext-decoration: none;\\n}\\np a strong {\\n    color: #f04e98;\\n\\tfont-weight: bold;\\n}\\nhr {\\n    background-color: #cccccc;\\n    margin: 0px;\\n    height: 1px;\\n}\",\"markdown_css\":\"#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p{color:#cccccc;margin-top:0;margin-bottom:16px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a{color:#00bfb3;font-size:14px;font-weight:bold;text-decoration:none}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a strong{color:#f04e98;font-weight:bold}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 hr{background-color:#cccccc;margin:0;height:1px}\",\"markdown\":\"[Overview](#/dashboard/73c81560-64b9-11e8-9e8d-39632dc6b766) | [Talkers](#/dashboard/61f52550-64ee-11e8-9e8d-39632dc6b766) | [Services](#/dashboard/d05a4110-64ee-11e8-9e8d-39632dc6b766) | [Sankey](#/dashboard/eec67e20-64ee-11e8-9e8d-39632dc6b766) | [**Geo IP**](#/dashboard/a7f80970-64ec-11e8-9e8d-39632dc6b766) | [Messages](#/dashboard/c4e2cc10-64eb-11e8-9e8d-39632dc6b766)\\n![](http://www.koiossian.com/public/suricata.gif)\\n***\"},\"aggs\":[]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": []
  },
  {
    "_id": "cf1a3360-7c66-11e9-ab58-c1e5cf60a7ac",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: NAV: Flows (overview) - TSVB (markdown)",
      "visState": "{\"title\":\"Suricata: NAV: Flows (overview) - TSVB (markdown)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"\",\"interval\":\"auto\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"default_index_pattern\":\"syslog-*\",\"markdown_less\":\"p {\\n    color: #cccccc;\\n    margin-top: 0px;\\n    margin-bottom: 16px;\\n}\\np a {\\n    color: #00bfb3;\\n\\tfont-size: 14px;\\n\\tfont-weight: bold;\\n\\ttext-decoration: none;\\n}\\np a strong {\\n    color: #f04e98;\\n\\tfont-weight: bold;\\n}\\nhr {\\n    background-color: #cccccc;\\n    margin: 0px;\\n    height: 1px;\\n}\",\"markdown_css\":\"#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p{color:#cccccc;margin-top:0;margin-bottom:16px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a{color:#00bfb3;font-size:14px;font-weight:bold;text-decoration:none}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a strong{color:#f04e98;font-weight:bold}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 hr{background-color:#cccccc;margin:0;height:1px}\",\"markdown\":\"[**Overview**](#/dashboard/73c81560-64b9-11e8-9e8d-39632dc6b766) | [Talkers](#/dashboard/61f52550-64ee-11e8-9e8d-39632dc6b766) | [Services](#/dashboard/d05a4110-64ee-11e8-9e8d-39632dc6b766) | [Sankey](#/dashboard/eec67e20-64ee-11e8-9e8d-39632dc6b766) | [Geo IP](#/dashboard/a7f80970-64ec-11e8-9e8d-39632dc6b766) | [Messages](#/dashboard/c4e2cc10-64eb-11e8-9e8d-39632dc6b766)\\n![](http://www.koiossian.com/public/suricata.gif)\\n***\"},\"aggs\":[]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": []
  },
  {
    "_id": "bdb11bc0-7c66-11e9-ab58-c1e5cf60a7ac",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: NAV: Flows (messages) - TSVB (markdown)",
      "visState": "{\"title\":\"Suricata: NAV: Flows (messages) - TSVB (markdown)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"\",\"interval\":\"auto\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"default_index_pattern\":\"syslog-*\",\"markdown_less\":\"p {\\n    color: #cccccc;\\n    margin-top: 0px;\\n    margin-bottom: 16px;\\n}\\np a {\\n    color: #00bfb3;\\n\\tfont-size: 14px;\\n\\tfont-weight: bold;\\n\\ttext-decoration: none;\\n}\\np a strong {\\n    color: #f04e98;\\n\\tfont-weight: bold;\\n}\\nhr {\\n    background-color: #cccccc;\\n    margin: 0px;\\n    height: 1px;\\n}\",\"markdown_css\":\"#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p{color:#cccccc;margin-top:0;margin-bottom:16px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a{color:#00bfb3;font-size:14px;font-weight:bold;text-decoration:none}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a strong{color:#f04e98;font-weight:bold}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 hr{background-color:#cccccc;margin:0;height:1px}\",\"markdown\":\"[Overview](#/dashboard/73c81560-64b9-11e8-9e8d-39632dc6b766) | [Talkers](#/dashboard/61f52550-64ee-11e8-9e8d-39632dc6b766) | [Services](#/dashboard/d05a4110-64ee-11e8-9e8d-39632dc6b766) | [Sankey](#/dashboard/eec67e20-64ee-11e8-9e8d-39632dc6b766) | [Geo IP](#/dashboard/a7f80970-64ec-11e8-9e8d-39632dc6b766) | [**Messages**](#/dashboard/c4e2cc10-64eb-11e8-9e8d-39632dc6b766)\\n![](http://www.koiossian.com/public/suricata.gif)\\n***\"},\"aggs\":[]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": []
  },
  {
    "_id": "0eab16c0-7c67-11e9-ab58-c1e5cf60a7ac",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: NAV: Flows (talkers) - TSVB (markdown)",
      "visState": "{\"title\":\"Suricata: NAV: Flows (talkers) - TSVB (markdown)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"\",\"interval\":\"auto\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"default_index_pattern\":\"syslog-*\",\"markdown_less\":\"p {\\n    color: #cccccc;\\n    margin-top: 0px;\\n    margin-bottom: 16px;\\n}\\np a {\\n    color: #00bfb3;\\n\\tfont-size: 14px;\\n\\tfont-weight: bold;\\n\\ttext-decoration: none;\\n}\\np a strong {\\n    color: #f04e98;\\n\\tfont-weight: bold;\\n}\\nhr {\\n    background-color: #cccccc;\\n    margin: 0px;\\n    height: 1px;\\n}\",\"markdown_css\":\"#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p{color:#cccccc;margin-top:0;margin-bottom:16px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a{color:#00bfb3;font-size:14px;font-weight:bold;text-decoration:none}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a strong{color:#f04e98;font-weight:bold}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 hr{background-color:#cccccc;margin:0;height:1px}\",\"markdown\":\"[Overview](#/dashboard/73c81560-64b9-11e8-9e8d-39632dc6b766) | [**Talkers**](#/dashboard/61f52550-64ee-11e8-9e8d-39632dc6b766) | [Services](#/dashboard/d05a4110-64ee-11e8-9e8d-39632dc6b766) | [Sankey](#/dashboard/eec67e20-64ee-11e8-9e8d-39632dc6b766) | [Geo IP](#/dashboard/a7f80970-64ec-11e8-9e8d-39632dc6b766) | [Messages](#/dashboard/c4e2cc10-64eb-11e8-9e8d-39632dc6b766)\\n![](http://www.koiossian.com/public/suricata.gif)\\n***\"},\"aggs\":[]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": []
  },
  {
    "_id": "014f7110-7c67-11e9-ab58-c1e5cf60a7ac",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: NAV: Flows (services) - TSVB (markdown)",
      "visState": "{\"title\":\"Suricata: NAV: Flows (services) - TSVB (markdown)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"\",\"interval\":\"auto\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"default_index_pattern\":\"syslog-*\",\"markdown_less\":\"p {\\n    color: #cccccc;\\n    margin-top: 0px;\\n    margin-bottom: 16px;\\n}\\np a {\\n    color: #00bfb3;\\n\\tfont-size: 14px;\\n\\tfont-weight: bold;\\n\\ttext-decoration: none;\\n}\\np a strong {\\n    color: #f04e98;\\n\\tfont-weight: bold;\\n}\\nhr {\\n    background-color: #cccccc;\\n    margin: 0px;\\n    height: 1px;\\n}\",\"markdown_css\":\"#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p{color:#cccccc;margin-top:0;margin-bottom:16px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a{color:#00bfb3;font-size:14px;font-weight:bold;text-decoration:none}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a strong{color:#f04e98;font-weight:bold}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 hr{background-color:#cccccc;margin:0;height:1px}\",\"markdown\":\"[Overview](#/dashboard/73c81560-64b9-11e8-9e8d-39632dc6b766) | [Talkers](#/dashboard/61f52550-64ee-11e8-9e8d-39632dc6b766) | [**Services**](#/dashboard/d05a4110-64ee-11e8-9e8d-39632dc6b766) | [Sankey](#/dashboard/eec67e20-64ee-11e8-9e8d-39632dc6b766) | [Geo IP](#/dashboard/a7f80970-64ec-11e8-9e8d-39632dc6b766) | [Messages](#/dashboard/c4e2cc10-64eb-11e8-9e8d-39632dc6b766)\\n![](http://www.koiossian.com/public/suricata.gif)\\n***\"},\"aggs\":[]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": []
  },
  {
    "_id": "f48201a0-7c66-11e9-ab58-c1e5cf60a7ac",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: NAV: Flows (sankey) - TSVB (markdown)",
      "visState": "{\"title\":\"Suricata: NAV: Flows (sankey) - TSVB (markdown)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"\",\"interval\":\"auto\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"default_index_pattern\":\"syslog-*\",\"markdown_less\":\"p {\\n    color: #cccccc;\\n    margin-top: 0px;\\n    margin-bottom: 16px;\\n}\\np a {\\n    color: #00bfb3;\\n\\tfont-size: 14px;\\n\\tfont-weight: bold;\\n\\ttext-decoration: none;\\n}\\np a strong {\\n    color: #f04e98;\\n\\tfont-weight: bold;\\n}\\nhr {\\n    background-color: #cccccc;\\n    margin: 0px;\\n    height: 1px;\\n}\",\"markdown_css\":\"#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p{color:#cccccc;margin-top:0;margin-bottom:16px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a{color:#00bfb3;font-size:14px;font-weight:bold;text-decoration:none}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a strong{color:#f04e98;font-weight:bold}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 hr{background-color:#cccccc;margin:0;height:1px}\",\"markdown\":\"[Overview](#/dashboard/73c81560-64b9-11e8-9e8d-39632dc6b766) | [Talkers](#/dashboard/61f52550-64ee-11e8-9e8d-39632dc6b766) | [Services](#/dashboard/d05a4110-64ee-11e8-9e8d-39632dc6b766) | [**Sankey**](#/dashboard/eec67e20-64ee-11e8-9e8d-39632dc6b766) | [Geo IP](#/dashboard/a7f80970-64ec-11e8-9e8d-39632dc6b766) | [Messages](#/dashboard/c4e2cc10-64eb-11e8-9e8d-39632dc6b766)\\n![](http://www.koiossian.com/public/suricata.gif)\\n***\"},\"aggs\":[]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": []
  },
  {
    "_id": "5bac8760-7c67-11e9-ab58-c1e5cf60a7ac",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: NAV: Threats (At-Risk Services) - TSVB (markdown)",
      "visState": "{\"title\":\"Suricata: NAV: Threats (At-Risk Services) - TSVB (markdown)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"\",\"interval\":\"auto\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"default_index_pattern\":\"syslog-*\",\"markdown_less\":\"p {\\n    color: #cccccc;\\n    margin-top: 0px;\\n    margin-bottom: 16px;\\n}\\np a {\\n    color: #00bfb3;\\n\\tfont-size: 14px;\\n\\tfont-weight: bold;\\n\\ttext-decoration: none;\\n}\\np a strong {\\n    color: #f04e98;\\n\\tfont-weight: bold;\\n}\\nhr {\\n    background-color: #cccccc;\\n    margin: 0px;\\n    height: 1px;\\n}\",\"markdown_css\":\"#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p{color:#cccccc;margin-top:0;margin-bottom:16px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a{color:#00bfb3;font-size:14px;font-weight:bold;text-decoration:none}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a strong{color:#f04e98;font-weight:bold}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 hr{background-color:#cccccc;margin:0;height:1px}\",\"markdown\":\"[Public Threats](#/dashboard/cfa96750-6651-11e8-a67b-cd4cf123b2a5) | [At-Risk Servers](#/dashboard/8b61bf60-6661-11e8-a67b-cd4cf123b2a5) | [**At-Risk Services**](#/dashboard/b333afd0-6661-11e8-a67b-cd4cf123b2a5) | [High-Risk Clients](#/dashboard/d9a23fb0-6661-11e8-a67b-cd4cf123b2a5)\\n![](http://www.koiossian.com/public/suricata.gif)\\n***\"},\"aggs\":[]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": []
  },
  {
    "_id": "54ccff20-7c66-11e9-ab58-c1e5cf60a7ac",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: NAV: DNS (messages) - TSVB (markdown)",
      "visState": "{\"title\":\"Suricata: NAV: DNS (messages) - TSVB (markdown)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"\",\"interval\":\"auto\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"default_index_pattern\":\"syslog-*\",\"markdown_less\":\"p {\\n    color: #cccccc;\\n    margin-top: 0px;\\n    margin-bottom: 16px;\\n}\\np a {\\n    color: #00bfb3;\\n\\tfont-size: 14px;\\n\\tfont-weight: bold;\\n\\ttext-decoration: none;\\n}\\np a strong {\\n    color: #f04e98;\\n\\tfont-weight: bold;\\n}\\nhr {\\n    background-color: #cccccc;\\n    margin: 0px;\\n    height: 1px;\\n}\",\"markdown_css\":\"#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p{color:#cccccc;margin-top:0;margin-bottom:16px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a{color:#00bfb3;font-size:14px;font-weight:bold;text-decoration:none}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a strong{color:#f04e98;font-weight:bold}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 hr{background-color:#cccccc;margin:0;height:1px}\",\"markdown\":\"[Overview](#/dashboard/01eff230-6696-11e8-a67b-cd4cf123b2a5) | [**Messages**](#/dashboard/5167d760-6a83-11e8-82af-6743288b8baf)\\n![](http://www.koiossian.com/public/suricata.gif)\\n***\"},\"aggs\":[]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": []
  },
  {
    "_id": "6561afc0-7c66-11e9-ab58-c1e5cf60a7ac",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: NAV: DNS (overview) - TSVB (markdown)",
      "visState": "{\"title\":\"Suricata: NAV: DNS (overview) - TSVB (markdown)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"\",\"interval\":\"auto\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"default_index_pattern\":\"syslog-*\",\"markdown_less\":\"p {\\n    color: #cccccc;\\n    margin-top: 0px;\\n    margin-bottom: 16px;\\n}\\np a {\\n    color: #00bfb3;\\n\\tfont-size: 14px;\\n\\tfont-weight: bold;\\n\\ttext-decoration: none;\\n}\\np a strong {\\n    color: #f04e98;\\n\\tfont-weight: bold;\\n}\\nhr {\\n    background-color: #cccccc;\\n    margin: 0px;\\n    height: 1px;\\n}\",\"markdown_css\":\"#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p{color:#cccccc;margin-top:0;margin-bottom:16px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a{color:#00bfb3;font-size:14px;font-weight:bold;text-decoration:none}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a strong{color:#f04e98;font-weight:bold}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 hr{background-color:#cccccc;margin:0;height:1px}\",\"markdown\":\"[**Overview**](#/dashboard/01eff230-6696-11e8-a67b-cd4cf123b2a5) | [Messages](#/dashboard/5167d760-6a83-11e8-82af-6743288b8baf)\\n![](http://www.koiossian.com/public/suricata.gif)\\n***\"},\"aggs\":[]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": []
  },
  {
    "_id": "2a532ac0-7c67-11e9-ab58-c1e5cf60a7ac",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: NAV: HTTP (overview) - TSVB (markdown)",
      "visState": "{\"title\":\"Suricata: NAV: HTTP (overview) - TSVB (markdown)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"\",\"interval\":\"auto\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"default_index_pattern\":\"syslog-*\",\"markdown_less\":\"p {\\n    color: #cccccc;\\n    margin-top: 0px;\\n    margin-bottom: 16px;\\n}\\np a {\\n    color: #00bfb3;\\n\\tfont-size: 14px;\\n\\tfont-weight: bold;\\n\\ttext-decoration: none;\\n}\\np a strong {\\n    color: #f04e98;\\n\\tfont-weight: bold;\\n}\\nhr {\\n    background-color: #cccccc;\\n    margin: 0px;\\n    height: 1px;\\n}\",\"markdown_css\":\"#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p{color:#cccccc;margin-top:0;margin-bottom:16px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a{color:#00bfb3;font-size:14px;font-weight:bold;text-decoration:none}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a strong{color:#f04e98;font-weight:bold}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 hr{background-color:#cccccc;margin:0;height:1px}\",\"markdown\":\"[**Overview**](#/dashboard/e43a5af0-6695-11e8-a67b-cd4cf123b2a5) | [Messages](#/dashboard/b0662710-6a76-11e8-82af-6743288b8baf)\\n![](http://www.koiossian.com/public/suricata.gif)\\n***\"},\"aggs\":[]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": []
  },
  {
    "_id": "e6e6a670-64f9-11e8-9e8d-39632dc6b766",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: Flow - Sankey (client/server) - Vega",
      "visState": "{\"title\":\"Suricata: Flow - Sankey (client/server) - Vega\",\"type\":\"vega\",\"params\":{\"spec\":\"{\\n  \\\"$schema\\\": \\\"https://vega.github.io/schema/vega/v3.0.json\\\",\\n  \\\"data\\\": [\\n    {\\n      \\\"name\\\": \\\"rawData\\\",\\n      \\\"url\\\": {\\n        \\\"%context%\\\": true,\\n        \\\"%timefield%\\\": \\\"@timestamp\\\",\\n        \\\"index\\\": \\\"suricata-*\\\",\\n        \\\"body\\\": {\\n          \\\"size\\\": 0,\\n          \\\"aggs\\\": {\\n            \\\"table\\\": {\\n              \\\"composite\\\": {\\n                \\\"size\\\": 1000,\\n                \\\"sources\\\": [\\n                  {\\n                    \\\"stk1\\\": {\\n                      \\\"terms\\\": {\\n                        \\\"field\\\": \\\"client_hostname\\\"\\n                      }\\n                    }\\n                  },\\n                  {\\n                    \\\"stk2\\\": {\\n                      \\\"terms\\\": {\\n                        \\\"field\\\": \\\"server_hostname\\\"\\n                      }\\n                    }\\n                  }\\n                ]\\n              }\\n            }\\n          }\\n        }\\n      },\\n      \\\"format\\\": {\\n        \\\"property\\\": \\\"aggregations.table.buckets\\\"\\n      },\\n      \\\"transform\\\": [\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.key.stk1\\\",\\n          \\\"as\\\": \\\"stk1\\\"\\n        },\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.key.stk2\\\",\\n          \\\"as\\\": \\\"stk2\\\"\\n        },\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.doc_count\\\",\\n          \\\"as\\\": \\\"size\\\"\\n        }\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"nodes\\\",\\n      \\\"source\\\": \\\"rawData\\\",\\n      \\\"transform\\\": [\\n        {\\n          \\\"type\\\": \\\"filter\\\",\\n          \\\"expr\\\": \\\"!groupSelector || groupSelector.stk1 == datum.stk1 || groupSelector.stk2 == datum.stk2\\\"\\n        },\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.stk1+datum.stk2\\\",\\n          \\\"as\\\": \\\"key\\\"\\n        },\\n        {\\n          \\\"type\\\": \\\"fold\\\",\\n          \\\"fields\\\": [\\\"stk1\\\", \\\"stk2\\\"],\\n          \\\"as\\\": [\\\"stack\\\", \\\"grpId\\\"]\\n        },\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.stack == 'stk1' ? datum.stk1+datum.stk2 : datum.stk2+datum.stk1\\\",\\n          \\\"as\\\": \\\"sortField\\\"\\n        },\\n        {\\n          \\\"type\\\": \\\"stack\\\",\\n          \\\"groupby\\\": [\\\"stack\\\"],\\n          \\\"sort\\\": {\\n            \\\"field\\\": \\\"sortField\\\",\\n            \\\"order\\\": \\\"descending\\\"\\n          },\\n          \\\"field\\\": \\\"size\\\"\\n        },\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"(datum.y0+datum.y1)/2\\\",\\n          \\\"as\\\": \\\"yc\\\"\\n        }\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"groups\\\",\\n      \\\"source\\\": \\\"nodes\\\",\\n      \\\"transform\\\": [\\n        {\\n          \\\"type\\\": \\\"aggregate\\\",\\n          \\\"groupby\\\": [\\\"stack\\\", \\\"grpId\\\"],\\n          \\\"fields\\\": [\\\"size\\\"],\\n          \\\"ops\\\": [\\\"sum\\\"],\\n          \\\"as\\\": [\\\"total\\\"]\\n        },\\n        {\\n          \\\"type\\\": \\\"stack\\\",\\n          \\\"groupby\\\": [\\\"stack\\\"],\\n          \\\"sort\\\": {\\n            \\\"field\\\": \\\"grpId\\\",\\n            \\\"order\\\": \\\"descending\\\"\\n          },\\n          \\\"field\\\": \\\"total\\\"\\n        },\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"scale('y', datum.y0)\\\",\\n          \\\"as\\\": \\\"scaledY0\\\"\\n        },\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"scale('y', datum.y1)\\\",\\n          \\\"as\\\": \\\"scaledY1\\\"\\n        },\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.stack == 'stk1'\\\",\\n          \\\"as\\\": \\\"rightLabel\\\"\\n        },\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.total/domain('y')[1]\\\",\\n          \\\"as\\\": \\\"percentage\\\"\\n        }\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"destinationNodes\\\",\\n      \\\"source\\\": \\\"nodes\\\",\\n      \\\"transform\\\": [\\n        {\\n          \\\"type\\\": \\\"filter\\\",\\n          \\\"expr\\\": \\\"datum.stack == 'stk2'\\\"\\n        }\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"edges\\\",\\n      \\\"source\\\": \\\"nodes\\\",\\n      \\\"transform\\\": [\\n        {\\n          \\\"type\\\": \\\"filter\\\",\\n          \\\"expr\\\": \\\"datum.stack == 'stk1'\\\"\\n        },\\n        {\\n          \\\"type\\\": \\\"lookup\\\",\\n          \\\"from\\\": \\\"destinationNodes\\\",\\n          \\\"key\\\": \\\"key\\\",\\n          \\\"fields\\\": [\\\"key\\\"],\\n          \\\"as\\\": [\\\"target\\\"]\\n        },\\n        {\\n          \\\"type\\\": \\\"linkpath\\\",\\n          \\\"orient\\\": \\\"horizontal\\\",\\n          \\\"shape\\\": \\\"diagonal\\\",\\n          \\\"sourceY\\\": {\\n            \\\"expr\\\": \\\"scale('y', datum.yc)\\\"\\n          },\\n          \\\"sourceX\\\": {\\n            \\\"expr\\\": \\\"scale('x', 'stk1') + bandwidth('x')\\\"\\n          },\\n          \\\"targetY\\\": {\\n            \\\"expr\\\": \\\"scale('y', datum.target.yc)\\\"\\n          },\\n          \\\"targetX\\\": {\\n            \\\"expr\\\": \\\"scale('x', 'stk2')\\\"\\n          }\\n        },\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"range('y')[0]-scale('y', datum.size)\\\",\\n          \\\"as\\\": \\\"strokeWidth\\\"\\n        },\\n        {\\n          \\\"type\\\": \\\"formula\\\",\\n          \\\"expr\\\": \\\"datum.size/domain('y')[1]\\\",\\n          \\\"as\\\": \\\"percentage\\\"\\n        }\\n      ]\\n    }\\n  ],\\n  \\\"scales\\\": [\\n    {\\n      \\\"name\\\": \\\"x\\\",\\n      \\\"type\\\": \\\"band\\\",\\n      \\\"range\\\": \\\"width\\\",\\n      \\\"domain\\\": [\\\"stk1\\\", \\\"stk2\\\"],\\n      \\\"paddingOuter\\\": 0.01,\\n      \\\"paddingInner\\\": 0.98\\n    },\\n    {\\n      \\\"name\\\": \\\"y\\\",\\n      \\\"type\\\": \\\"linear\\\",\\n      \\\"range\\\": \\\"height\\\",\\n      \\\"domain\\\": {\\n        \\\"data\\\": \\\"nodes\\\",\\n        \\\"field\\\": \\\"y1\\\"\\n      }\\n    },\\n    {\\n      \\\"name\\\": \\\"color\\\",\\n      \\\"type\\\": \\\"ordinal\\\",\\n      \\\"range\\\": \\\"category\\\",\\n      \\\"domain\\\": {\\n        \\\"data\\\": \\\"rawData\\\",\\n        \\\"fields\\\": [\\\"stk1\\\", \\\"stk2\\\"]\\n      }\\n    },\\n    {\\n      \\\"name\\\": \\\"stackNames\\\",\\n      \\\"type\\\": \\\"ordinal\\\",\\n      \\\"range\\\": [\\\"Client\\\", \\\"Server\\\"],\\n      \\\"domain\\\": [\\\"stk1\\\", \\\"stk2\\\"]\\n    }\\n  ],\\n  \\\"axes\\\": [\\n    {\\n      \\\"orient\\\": \\\"bottom\\\",\\n      \\\"scale\\\": \\\"x\\\",\\n      \\\"encode\\\": {\\n        \\\"labels\\\": {\\n          \\\"update\\\": {\\n            \\\"text\\\": {\\n              \\\"scale\\\": \\\"stackNames\\\",\\n              \\\"field\\\": \\\"value\\\"\\n            },\\n            \\\"fontSize\\\": {\\n              \\\"value\\\": 14\\n            }\\n          }\\n        }\\n      }\\n    },\\n    {\\n      \\\"orient\\\": \\\"left\\\",\\n      \\\"scale\\\": \\\"y\\\",\\n      \\\"encode\\\": {\\n        \\\"labels\\\": {\\n          \\\"update\\\": {\\n            \\\"fontSize\\\": {\\n              \\\"value\\\": 12\\n            }\\n          }\\n        }\\n      }\\n    }\\n  ],\\n  \\\"marks\\\": [\\n    {\\n      \\\"type\\\": \\\"path\\\",\\n      \\\"name\\\": \\\"edgeMark\\\",\\n      \\\"from\\\": {\\n        \\\"data\\\": \\\"edges\\\"\\n      },\\n      \\\"clip\\\": true,\\n      \\\"encode\\\": {\\n        \\\"update\\\": {\\n          \\\"stroke\\\": [\\n            {\\n              \\\"test\\\": \\\"groupSelector && groupSelector.stack=='stk1'\\\",\\n              \\\"scale\\\": \\\"color\\\",\\n              \\\"field\\\": \\\"stk2\\\"\\n            },\\n            {\\n              \\\"scale\\\": \\\"color\\\",\\n              \\\"field\\\": \\\"stk1\\\"\\n            }\\n          ],\\n          \\\"strokeWidth\\\": {\\n            \\\"field\\\": \\\"strokeWidth\\\"\\n          },\\n          \\\"path\\\": {\\n            \\\"field\\\": \\\"path\\\"\\n          },\\n          \\\"strokeOpacity\\\": {\\n            \\\"signal\\\": \\\"!groupSelector && (groupHover.stk1 == datum.stk1 || groupHover.stk2 == datum.stk2) ? 0.75 : 0.3\\\"\\n          },\\n          \\\"zindex\\\": {\\n            \\\"signal\\\": \\\"!groupSelector && (groupHover.stk1 == datum.stk1 || groupHover.stk2 == datum.stk2) ? 1 : 0\\\"\\n          },\\n          \\\"tooltip\\\": {\\n            \\\"signal\\\": \\\"datum.stk1 + ' → ' + datum.stk2 + '    ' + format(datum.size, ',.0f') + '   (' + format(datum.percentage, '.1%') + ')'\\\"\\n          }\\n        },\\n        \\\"hover\\\": {\\n          \\\"strokeOpacity\\\": {\\n            \\\"value\\\": 0.75\\n          }\\n        }\\n      }\\n    },\\n    {\\n      \\\"type\\\": \\\"rect\\\",\\n      \\\"name\\\": \\\"groupMark\\\",\\n      \\\"from\\\": {\\n        \\\"data\\\": \\\"groups\\\"\\n      },\\n      \\\"encode\\\": {\\n        \\\"enter\\\": {\\n          \\\"fill\\\": {\\n            \\\"scale\\\": \\\"color\\\",\\n            \\\"field\\\": \\\"grpId\\\"\\n          },\\n          \\\"width\\\": {\\n            \\\"scale\\\": \\\"x\\\",\\n            \\\"band\\\": 1\\n          }\\n        },\\n        \\\"update\\\": {\\n          \\\"x\\\": {\\n            \\\"scale\\\": \\\"x\\\",\\n            \\\"field\\\": \\\"stack\\\"\\n          },\\n          \\\"y\\\": {\\n            \\\"field\\\": \\\"scaledY0\\\"\\n          },\\n          \\\"y2\\\": {\\n            \\\"field\\\": \\\"scaledY1\\\"\\n          },\\n          \\\"fillOpacity\\\": {\\n            \\\"value\\\": 0.7\\n          },\\n          \\\"tooltip\\\": {\\n            \\\"signal\\\": \\\"datum.grpId + '   ' + format(datum.total, ',.0f') + '   (' + format(datum.percentage, '.1%') + ')'\\\"\\n          }\\n        },\\n        \\\"hover\\\": {\\n          \\\"fillOpacity\\\": {\\n            \\\"value\\\": 1\\n          }\\n        }\\n      }\\n    },\\n    {\\n      \\\"type\\\": \\\"text\\\",\\n      \\\"from\\\": {\\n        \\\"data\\\": \\\"groups\\\"\\n      },\\n      \\\"interactive\\\": false,\\n      \\\"encode\\\": {\\n        \\\"update\\\": {\\n          \\\"x\\\": {\\n            \\\"signal\\\": \\\"scale('x', datum.stack) + (datum.rightLabel ? bandwidth('x') + 8 : -8)\\\"\\n          },\\n          \\\"yc\\\": {\\n            \\\"signal\\\": \\\"(datum.scaledY0 + datum.scaledY1)/2\\\"\\n          },\\n          \\\"align\\\": {\\n            \\\"signal\\\": \\\"datum.rightLabel ? 'left' : 'right'\\\"\\n          },\\n          \\\"baseline\\\": {\\n            \\\"value\\\": \\\"middle\\\"\\n          },\\n          \\\"fontWeight\\\": {\\n            \\\"value\\\": \\\"bold\\\"\\n          },\\n          \\\"fontSize\\\": {\\n            \\\"value\\\": 12\\n          },\\n          \\\"text\\\": {\\n            \\\"signal\\\": \\\"abs(datum.scaledY0-datum.scaledY1) > 11 ? datum.grpId : ''\\\"\\n          }\\n        }\\n      }\\n    },\\n    {\\n      \\\"type\\\": \\\"group\\\",\\n      \\\"data\\\": [\\n        {\\n          \\\"name\\\": \\\"dataForShowAll\\\",\\n          \\\"values\\\": [{}],\\n          \\\"transform\\\": [\\n            {\\n              \\\"type\\\": \\\"filter\\\",\\n              \\\"expr\\\": \\\"groupSelector\\\"\\n            }\\n          ]\\n        }\\n      ],\\n      \\\"encode\\\": {\\n        \\\"enter\\\": {\\n          \\\"xc\\\": {\\n            \\\"signal\\\": \\\"width/2\\\"\\n          },\\n          \\\"y\\\": {\\n            \\\"value\\\": 30\\n          },\\n          \\\"width\\\": {\\n            \\\"value\\\": 100\\n          },\\n          \\\"height\\\": {\\n            \\\"value\\\": 36\\n          }\\n        }\\n      },\\n      \\\"marks\\\": [\\n        {\\n          \\\"type\\\": \\\"group\\\",\\n          \\\"name\\\": \\\"groupReset\\\",\\n          \\\"from\\\": {\\n            \\\"data\\\": \\\"dataForShowAll\\\"\\n          },\\n          \\\"encode\\\": {\\n            \\\"enter\\\": {\\n              \\\"cornerRadius\\\": {\\n                \\\"value\\\": 3.5\\n              },\\n              \\\"fill\\\": {\\n                \\\"value\\\": \\\"#666666\\\"\\n              },\\n              \\\"height\\\": {\\n                \\\"field\\\": {\\n                  \\\"group\\\": \\\"height\\\"\\n                }\\n              },\\n              \\\"width\\\": {\\n                \\\"field\\\": {\\n                  \\\"group\\\": \\\"width\\\"\\n                }\\n              }\\n            },\\n            \\\"update\\\": {\\n              \\\"opacity\\\": {\\n                \\\"value\\\": 1\\n              }\\n            },\\n            \\\"hover\\\": {\\n              \\\"fill\\\": {\\n                \\\"value\\\": \\\"#444444\\\"\\n              }\\n            }\\n          },\\n          \\\"marks\\\": [\\n            {\\n              \\\"type\\\": \\\"text\\\",\\n              \\\"interactive\\\": false,\\n              \\\"encode\\\": {\\n                \\\"enter\\\": {\\n                  \\\"xc\\\": {\\n                    \\\"field\\\": {\\n                      \\\"group\\\": \\\"width\\\"\\n                    },\\n                    \\\"mult\\\": 0.5\\n                  },\\n                  \\\"yc\\\": {\\n                    \\\"field\\\": {\\n                      \\\"group\\\": \\\"height\\\"\\n                    },\\n                    \\\"mult\\\": 0.5,\\n                    \\\"offset\\\": 1\\n                  },\\n                  \\\"align\\\": {\\n                    \\\"value\\\": \\\"center\\\"\\n                  },\\n                  \\\"baseline\\\": {\\n                    \\\"value\\\": \\\"middle\\\"\\n                  },\\n                  \\\"text\\\": {\\n                    \\\"value\\\": \\\"Show All\\\"\\n                  },\\n                  \\\"fontSize\\\": {\\n                    \\\"value\\\": 14\\n                  },\\n                  \\\"stroke\\\": {\\n                    \\\"value\\\": \\\"#ecf0f1\\\"\\n                  }\\n                }\\n              }\\n            }\\n          ]\\n        }\\n      ]\\n    }\\n  ],\\n  \\\"signals\\\": [\\n    {\\n      \\\"name\\\": \\\"groupHover\\\",\\n      \\\"value\\\": {},\\n      \\\"on\\\": [\\n        {\\n          \\\"events\\\": \\\"@groupMark:mouseover\\\",\\n          \\\"update\\\": \\\"{stk1:datum.stack=='stk1' && datum.grpId, stk2:datum.stack=='stk2' && datum.grpId}\\\"\\n        },\\n        {\\n          \\\"events\\\": \\\"mouseout\\\",\\n          \\\"update\\\": \\\"{}\\\"\\n        }\\n      ]\\n    },\\n    {\\n      \\\"name\\\": \\\"groupSelector\\\",\\n      \\\"value\\\": false,\\n      \\\"on\\\": [\\n        {\\n          \\\"events\\\": \\\"@groupMark:click!\\\",\\n          \\\"update\\\": \\\"{stack:datum.stack, stk1:datum.stack=='stk1' && datum.grpId, stk2:datum.stack=='stk2' && datum.grpId}\\\"\\n        },\\n        {\\n          \\\"events\\\": [\\n            {\\n              \\\"type\\\": \\\"click\\\",\\n              \\\"markname\\\": \\\"groupReset\\\"\\n            }, {\\n              \\\"type\\\": \\\"dblclick\\\"\\n            }\\n          ],\\n          \\\"update\\\": \\\"false\\\"\\n        }\\n      ]\\n    }\\n  ]\\n}\\n\"},\"aggs\":[]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": []
  },
  {
    "_id": "0223fe90-6a88-11e8-82af-6743288b8baf",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: DNS - Reputation Count - TSVB (metric)",
      "visState": "{\"title\":\"Suricata: DNS - Reputation Count - TSVB (metric)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"},{\"id\":\"69310560-64a2-11e8-99f1-8985c7aed077\",\"type\":\"cumulative_sum\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"bar\",\"line_width\":1,\"point_size\":1,\"fill\":\"0.6\",\"stacked\":\"none\",\"terms_field\":\"event.subtype\",\"terms_size\":\"25\",\"label\":\"Bad IP Rep\",\"filter\":\"\",\"series_drop_last_bucket\":0}],\"time_field\":\"@timestamp\",\"index_pattern\":\"suricata-*\",\"interval\":\"auto\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"annotations\":[{\"fields\":\"alert.category\",\"template\":\"{{alert.category}}\",\"index_pattern\":\"suricata-*\",\"query_string\":\"event.subtype: alert AND log.severity:alert\",\"id\":\"3d25aed0-6493-11e8-99f1-8985c7aed077\",\"color\":\"#F00\",\"time_field\":\"@timestamp\",\"icon\":\"fa-exclamation-triangle\",\"ignore_global_filters\":0,\"ignore_panel_filters\":1},{\"fields\":\"alert.category\",\"template\":\"{{alert.category}}\",\"index_pattern\":\"suricata-*\",\"query_string\":\"event.subtype: alert AND log.severity:critical\",\"id\":\"78f5d950-6496-11e8-99f1-8985c7aed077\",\"color\":\"rgba(251,158,0,1)\",\"time_field\":\"@timestamp\",\"icon\":\"fa-exclamation-triangle\",\"ignore_global_filters\":0,\"ignore_panel_filters\":1},{\"fields\":\"alert.category\",\"template\":\"{{alert.category}}\",\"index_pattern\":\"suricata-*\",\"query_string\":\"event.subtype: alert AND log.severity:warning\",\"id\":\"e83c7b70-6496-11e8-99f1-8985c7aed077\",\"color\":\"rgba(0,156,224,1)\",\"time_field\":\"@timestamp\",\"icon\":\"fa-exclamation-triangle\",\"ignore_global_filters\":0,\"ignore_panel_filters\":1},{\"fields\":\"alert.category\",\"template\":\"{{alert.category}}\",\"index_pattern\":\"suricata-*\",\"query_string\":\"event.subtype: alert AND log.severity:notice\",\"id\":\"f7dda450-6496-11e8-99f1-8985c7aed077\",\"color\":\"rgba(171,20,158,1)\",\"time_field\":\"@timestamp\",\"icon\":\"fa-tag\",\"ignore_global_filters\":0,\"ignore_panel_filters\":1}],\"background_color_rules\":[{\"value\":0,\"id\":\"e7fcabf0-6499-11e8-99f1-8985c7aed077\",\"background_color\":\"rgba(153,153,153,1)\",\"opperator\":\"lte\",\"operator\":\"lte\"},{\"value\":1,\"id\":\"25c72730-649a-11e8-99f1-8985c7aed077\",\"background_color\":\"rgba(0,98,177,1)\",\"opperator\":\"gte\",\"operator\":\"gte\"}],\"filter\":\"_exists_: rep_tags AND app_proto: dns\",\"axis_scale\":\"normal\",\"default_index_pattern\":\"syslog-*\"},\"aggs\":[]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": []
  },
  {
    "_id": "187df960-6a7f-11e8-82af-6743288b8baf",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: HTTP - Alert Count (other) - TSVB (metric)",
      "visState": "{\"title\":\"Suricata: HTTP - Alert Count (other) - TSVB (metric)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"},{\"id\":\"69310560-64a2-11e8-99f1-8985c7aed077\",\"type\":\"cumulative_sum\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"bar\",\"line_width\":1,\"point_size\":1,\"fill\":\"0.6\",\"stacked\":\"none\",\"terms_field\":\"event.subtype\",\"terms_size\":\"25\",\"label\":\"Other\",\"filter\":\"\",\"series_drop_last_bucket\":0}],\"time_field\":\"@timestamp\",\"index_pattern\":\"suricata-*\",\"interval\":\"auto\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"annotations\":[{\"fields\":\"alert.category\",\"template\":\"{{alert.category}}\",\"index_pattern\":\"suricata-*\",\"query_string\":\"event.subtype: alert AND log.severity:alert\",\"id\":\"3d25aed0-6493-11e8-99f1-8985c7aed077\",\"color\":\"#F00\",\"time_field\":\"@timestamp\",\"icon\":\"fa-exclamation-triangle\",\"ignore_global_filters\":0,\"ignore_panel_filters\":1},{\"fields\":\"alert.category\",\"template\":\"{{alert.category}}\",\"index_pattern\":\"suricata-*\",\"query_string\":\"event.subtype: alert AND log.severity:critical\",\"id\":\"78f5d950-6496-11e8-99f1-8985c7aed077\",\"color\":\"rgba(251,158,0,1)\",\"time_field\":\"@timestamp\",\"icon\":\"fa-exclamation-triangle\",\"ignore_global_filters\":0,\"ignore_panel_filters\":1},{\"fields\":\"alert.category\",\"template\":\"{{alert.category}}\",\"index_pattern\":\"suricata-*\",\"query_string\":\"event.subtype: alert AND log.severity:warning\",\"id\":\"e83c7b70-6496-11e8-99f1-8985c7aed077\",\"color\":\"rgba(0,156,224,1)\",\"time_field\":\"@timestamp\",\"icon\":\"fa-exclamation-triangle\",\"ignore_global_filters\":0,\"ignore_panel_filters\":1},{\"fields\":\"alert.category\",\"template\":\"{{alert.category}}\",\"index_pattern\":\"suricata-*\",\"query_string\":\"event.subtype: alert AND log.severity:notice\",\"id\":\"f7dda450-6496-11e8-99f1-8985c7aed077\",\"color\":\"rgba(171,20,158,1)\",\"time_field\":\"@timestamp\",\"icon\":\"fa-tag\",\"ignore_global_filters\":0,\"ignore_panel_filters\":1}],\"background_color_rules\":[{\"value\":0,\"id\":\"e7fcabf0-6499-11e8-99f1-8985c7aed077\",\"background_color\":\"rgba(153,153,153,1)\",\"opperator\":\"lte\",\"operator\":\"lte\"},{\"value\":1,\"id\":\"25c72730-649a-11e8-99f1-8985c7aed077\",\"background_color\":\"rgba(123,100,255,1)\",\"opperator\":\"gte\",\"operator\":\"gte\"}],\"filter\":\"alert.severity: [4 TO *] AND _exists_: http.hostname\",\"axis_scale\":\"normal\",\"default_index_pattern\":\"syslog-*\"},\"aggs\":[]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": []
  },
  {
    "_id": "ac9f6170-6a7e-11e8-82af-6743288b8baf",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: HTTP - Alert Count (warning) - TSVB (metric)",
      "visState": "{\"title\":\"Suricata: HTTP - Alert Count (warning) - TSVB (metric)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"},{\"id\":\"69310560-64a2-11e8-99f1-8985c7aed077\",\"type\":\"cumulative_sum\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"bar\",\"line_width\":1,\"point_size\":1,\"fill\":\"0.6\",\"stacked\":\"none\",\"terms_field\":\"event.subtype\",\"terms_size\":\"25\",\"label\":\"Warning\",\"filter\":\"\",\"series_drop_last_bucket\":0}],\"time_field\":\"@timestamp\",\"index_pattern\":\"suricata-*\",\"interval\":\"auto\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"annotations\":[{\"fields\":\"alert.category\",\"template\":\"{{alert.category}}\",\"index_pattern\":\"suricata-*\",\"query_string\":\"event.subtype: alert AND log.severity:alert\",\"id\":\"3d25aed0-6493-11e8-99f1-8985c7aed077\",\"color\":\"#F00\",\"time_field\":\"@timestamp\",\"icon\":\"fa-exclamation-triangle\",\"ignore_global_filters\":0,\"ignore_panel_filters\":1},{\"fields\":\"alert.category\",\"template\":\"{{alert.category}}\",\"index_pattern\":\"suricata-*\",\"query_string\":\"event.subtype: alert AND log.severity:critical\",\"id\":\"78f5d950-6496-11e8-99f1-8985c7aed077\",\"color\":\"rgba(251,158,0,1)\",\"time_field\":\"@timestamp\",\"icon\":\"fa-exclamation-triangle\",\"ignore_global_filters\":0,\"ignore_panel_filters\":1},{\"fields\":\"alert.category\",\"template\":\"{{alert.category}}\",\"index_pattern\":\"suricata-*\",\"query_string\":\"event.subtype: alert AND log.severity:warning\",\"id\":\"e83c7b70-6496-11e8-99f1-8985c7aed077\",\"color\":\"rgba(0,156,224,1)\",\"time_field\":\"@timestamp\",\"icon\":\"fa-exclamation-triangle\",\"ignore_global_filters\":0,\"ignore_panel_filters\":1},{\"fields\":\"alert.category\",\"template\":\"{{alert.category}}\",\"index_pattern\":\"suricata-*\",\"query_string\":\"event.subtype: alert AND log.severity:notice\",\"id\":\"f7dda450-6496-11e8-99f1-8985c7aed077\",\"color\":\"rgba(171,20,158,1)\",\"time_field\":\"@timestamp\",\"icon\":\"fa-tag\",\"ignore_global_filters\":0,\"ignore_panel_filters\":1}],\"background_color_rules\":[{\"value\":0,\"id\":\"e7fcabf0-6499-11e8-99f1-8985c7aed077\",\"background_color\":\"rgba(153,153,153,1)\",\"opperator\":\"lte\",\"operator\":\"lte\"},{\"value\":1,\"id\":\"25c72730-649a-11e8-99f1-8985c7aed077\",\"background_color\":\"rgba(0,156,224,1)\",\"opperator\":\"gte\",\"operator\":\"gte\"}],\"filter\":\"alert.severity: 3 AND _exists_: http.hostname\",\"axis_scale\":\"normal\",\"default_index_pattern\":\"syslog-*\"},\"aggs\":[]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": []
  },
  {
    "_id": "f7317b90-6a85-11e8-82af-6743288b8baf",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: DNS - Top Queries - TSVB (metric)",
      "visState": "{\"title\":\"Suricata: DNS - Top Queries - TSVB (metric)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"top_n\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"},{\"id\":\"69310560-64a2-11e8-99f1-8985c7aed077\",\"type\":\"cumulative_sum\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"bar\",\"line_width\":1,\"point_size\":1,\"fill\":\"0.6\",\"stacked\":\"none\",\"terms_field\":\"dns.rrname\",\"terms_size\":\"100\",\"label\":\"Logs\",\"filter\":\"\",\"series_drop_last_bucket\":0}],\"time_field\":\"@timestamp\",\"index_pattern\":\"suricata-*\",\"interval\":\"auto\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"annotations\":[{\"fields\":\"alert.category\",\"template\":\"{{alert.category}}\",\"index_pattern\":\"suricata-*\",\"query_string\":\"event.subtype: alert AND log.severity:alert\",\"id\":\"3d25aed0-6493-11e8-99f1-8985c7aed077\",\"color\":\"#F00\",\"time_field\":\"@timestamp\",\"icon\":\"fa-exclamation-triangle\",\"ignore_global_filters\":0,\"ignore_panel_filters\":1},{\"fields\":\"alert.category\",\"template\":\"{{alert.category}}\",\"index_pattern\":\"suricata-*\",\"query_string\":\"event.subtype: alert AND log.severity:critical\",\"id\":\"78f5d950-6496-11e8-99f1-8985c7aed077\",\"color\":\"rgba(251,158,0,1)\",\"time_field\":\"@timestamp\",\"icon\":\"fa-exclamation-triangle\",\"ignore_global_filters\":0,\"ignore_panel_filters\":1},{\"fields\":\"alert.category\",\"template\":\"{{alert.category}}\",\"index_pattern\":\"suricata-*\",\"query_string\":\"event.subtype: alert AND log.severity:warning\",\"id\":\"e83c7b70-6496-11e8-99f1-8985c7aed077\",\"color\":\"rgba(0,156,224,1)\",\"time_field\":\"@timestamp\",\"icon\":\"fa-exclamation-triangle\",\"ignore_global_filters\":0,\"ignore_panel_filters\":1},{\"fields\":\"alert.category\",\"template\":\"{{alert.category}}\",\"index_pattern\":\"suricata-*\",\"query_string\":\"event.subtype: alert AND log.severity:notice\",\"id\":\"f7dda450-6496-11e8-99f1-8985c7aed077\",\"color\":\"rgba(171,20,158,1)\",\"time_field\":\"@timestamp\",\"icon\":\"fa-tag\",\"ignore_global_filters\":0,\"ignore_panel_filters\":1}],\"background_color_rules\":[{\"value\":0,\"id\":\"e7fcabf0-6499-11e8-99f1-8985c7aed077\",\"background_color\":null,\"opperator\":\"gte\"}],\"filter\":\"event.subtype: dns AND dns.type: query\",\"bar_color_rules\":[{\"id\":\"c44cc400-6a85-11e8-bc55-f77f08ab5af7\"}],\"axis_scale\":\"normal\"},\"aggs\":[]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": []
  },
  {
    "_id": "b9470a50-6a87-11e8-82af-6743288b8baf",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: DNS - Alert Count (notice) - TSVB (metric)",
      "visState": "{\"title\":\"Suricata: DNS - Alert Count (notice) - TSVB (metric)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"},{\"id\":\"69310560-64a2-11e8-99f1-8985c7aed077\",\"type\":\"cumulative_sum\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"bar\",\"line_width\":1,\"point_size\":1,\"fill\":\"0.6\",\"stacked\":\"none\",\"terms_field\":\"event.subtype\",\"terms_size\":\"25\",\"label\":\"Notice\",\"filter\":\"\",\"series_drop_last_bucket\":0}],\"time_field\":\"@timestamp\",\"index_pattern\":\"suricata-*\",\"interval\":\"auto\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"annotations\":[{\"fields\":\"alert.category\",\"template\":\"{{alert.category}}\",\"index_pattern\":\"suricata-*\",\"query_string\":\"event.subtype: alert AND log.severity:alert\",\"id\":\"3d25aed0-6493-11e8-99f1-8985c7aed077\",\"color\":\"#F00\",\"time_field\":\"@timestamp\",\"icon\":\"fa-exclamation-triangle\",\"ignore_global_filters\":0,\"ignore_panel_filters\":1},{\"fields\":\"alert.category\",\"template\":\"{{alert.category}}\",\"index_pattern\":\"suricata-*\",\"query_string\":\"event.subtype: alert AND log.severity:critical\",\"id\":\"78f5d950-6496-11e8-99f1-8985c7aed077\",\"color\":\"rgba(251,158,0,1)\",\"time_field\":\"@timestamp\",\"icon\":\"fa-exclamation-triangle\",\"ignore_global_filters\":0,\"ignore_panel_filters\":1},{\"fields\":\"alert.category\",\"template\":\"{{alert.category}}\",\"index_pattern\":\"suricata-*\",\"query_string\":\"event.subtype: alert AND log.severity:warning\",\"id\":\"e83c7b70-6496-11e8-99f1-8985c7aed077\",\"color\":\"rgba(0,156,224,1)\",\"time_field\":\"@timestamp\",\"icon\":\"fa-exclamation-triangle\",\"ignore_global_filters\":0,\"ignore_panel_filters\":1},{\"fields\":\"alert.category\",\"template\":\"{{alert.category}}\",\"index_pattern\":\"suricata-*\",\"query_string\":\"event.subtype: alert AND log.severity:notice\",\"id\":\"f7dda450-6496-11e8-99f1-8985c7aed077\",\"color\":\"rgba(171,20,158,1)\",\"time_field\":\"@timestamp\",\"icon\":\"fa-tag\",\"ignore_global_filters\":0,\"ignore_panel_filters\":1}],\"background_color_rules\":[{\"value\":0,\"id\":\"e7fcabf0-6499-11e8-99f1-8985c7aed077\",\"background_color\":\"rgba(153,153,153,1)\",\"opperator\":\"lte\",\"operator\":\"lte\"},{\"value\":1,\"id\":\"25c72730-649a-11e8-99f1-8985c7aed077\",\"background_color\":\"rgba(171,20,158,1)\",\"opperator\":\"gte\",\"operator\":\"gte\"}],\"filter\":\"alert.severity: 4 AND app_proto: dns\",\"axis_scale\":\"normal\",\"default_index_pattern\":\"suricata-*\"},\"aggs\":[]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": []
  },
  {
    "_id": "3127a0d0-6a87-11e8-82af-6743288b8baf",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: DNS - Alert Count (other) - TSVB (metric)",
      "visState": "{\"title\":\"Suricata: DNS - Alert Count (other) - TSVB (metric)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"},{\"id\":\"69310560-64a2-11e8-99f1-8985c7aed077\",\"type\":\"cumulative_sum\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"bar\",\"line_width\":1,\"point_size\":1,\"fill\":\"0.6\",\"stacked\":\"none\",\"terms_field\":\"event.subtype\",\"terms_size\":\"25\",\"label\":\"Other\",\"filter\":\"\",\"series_drop_last_bucket\":0}],\"time_field\":\"@timestamp\",\"index_pattern\":\"suricata-*\",\"interval\":\"auto\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"annotations\":[{\"fields\":\"alert.category\",\"template\":\"{{alert.category}}\",\"index_pattern\":\"suricata-*\",\"query_string\":\"event.subtype: alert AND log.severity:alert\",\"id\":\"3d25aed0-6493-11e8-99f1-8985c7aed077\",\"color\":\"#F00\",\"time_field\":\"@timestamp\",\"icon\":\"fa-exclamation-triangle\",\"ignore_global_filters\":0,\"ignore_panel_filters\":1},{\"fields\":\"alert.category\",\"template\":\"{{alert.category}}\",\"index_pattern\":\"suricata-*\",\"query_string\":\"event.subtype: alert AND log.severity:critical\",\"id\":\"78f5d950-6496-11e8-99f1-8985c7aed077\",\"color\":\"rgba(251,158,0,1)\",\"time_field\":\"@timestamp\",\"icon\":\"fa-exclamation-triangle\",\"ignore_global_filters\":0,\"ignore_panel_filters\":1},{\"fields\":\"alert.category\",\"template\":\"{{alert.category}}\",\"index_pattern\":\"suricata-*\",\"query_string\":\"event.subtype: alert AND log.severity:warning\",\"id\":\"e83c7b70-6496-11e8-99f1-8985c7aed077\",\"color\":\"rgba(0,156,224,1)\",\"time_field\":\"@timestamp\",\"icon\":\"fa-exclamation-triangle\",\"ignore_global_filters\":0,\"ignore_panel_filters\":1},{\"fields\":\"alert.category\",\"template\":\"{{alert.category}}\",\"index_pattern\":\"suricata-*\",\"query_string\":\"event.subtype: alert AND log.severity:notice\",\"id\":\"f7dda450-6496-11e8-99f1-8985c7aed077\",\"color\":\"rgba(171,20,158,1)\",\"time_field\":\"@timestamp\",\"icon\":\"fa-tag\",\"ignore_global_filters\":0,\"ignore_panel_filters\":1}],\"background_color_rules\":[{\"value\":0,\"id\":\"e7fcabf0-6499-11e8-99f1-8985c7aed077\",\"background_color\":\"rgba(153,153,153,1)\",\"opperator\":\"lte\",\"operator\":\"lte\"},{\"value\":1,\"id\":\"25c72730-649a-11e8-99f1-8985c7aed077\",\"background_color\":\"rgba(123,100,255,1)\",\"opperator\":\"gte\",\"operator\":\"gte\"}],\"filter\":\"alert.severity: [4 TO *] AND app_proto: dns\",\"axis_scale\":\"normal\",\"default_index_pattern\":\"syslog-*\"},\"aggs\":[]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": []
  },
  {
    "_id": "bb519670-6a7e-11e8-82af-6743288b8baf",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: HTTP - Alert Count (alert) - TSVB (metric)",
      "visState": "{\"title\":\"Suricata: HTTP - Alert Count (alert) - TSVB (metric)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"},{\"id\":\"69310560-64a2-11e8-99f1-8985c7aed077\",\"type\":\"cumulative_sum\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"bar\",\"line_width\":1,\"point_size\":1,\"fill\":\"0.6\",\"stacked\":\"none\",\"terms_field\":\"event.subtype\",\"terms_size\":\"25\",\"label\":\"Alert\",\"filter\":\"\",\"series_drop_last_bucket\":0}],\"time_field\":\"@timestamp\",\"index_pattern\":\"suricata-*\",\"interval\":\"auto\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"annotations\":[{\"fields\":\"alert.category\",\"template\":\"{{alert.category}}\",\"index_pattern\":\"suricata-*\",\"query_string\":\"event.subtype: alert AND log.severity:alert\",\"id\":\"3d25aed0-6493-11e8-99f1-8985c7aed077\",\"color\":\"#F00\",\"time_field\":\"@timestamp\",\"icon\":\"fa-exclamation-triangle\",\"ignore_global_filters\":0,\"ignore_panel_filters\":1},{\"fields\":\"alert.category\",\"template\":\"{{alert.category}}\",\"index_pattern\":\"suricata-*\",\"query_string\":\"event.subtype: alert AND log.severity:critical\",\"id\":\"78f5d950-6496-11e8-99f1-8985c7aed077\",\"color\":\"rgba(251,158,0,1)\",\"time_field\":\"@timestamp\",\"icon\":\"fa-exclamation-triangle\",\"ignore_global_filters\":0,\"ignore_panel_filters\":1},{\"fields\":\"alert.category\",\"template\":\"{{alert.category}}\",\"index_pattern\":\"suricata-*\",\"query_string\":\"event.subtype: alert AND log.severity:warning\",\"id\":\"e83c7b70-6496-11e8-99f1-8985c7aed077\",\"color\":\"rgba(0,156,224,1)\",\"time_field\":\"@timestamp\",\"icon\":\"fa-exclamation-triangle\",\"ignore_global_filters\":0,\"ignore_panel_filters\":1},{\"fields\":\"alert.category\",\"template\":\"{{alert.category}}\",\"index_pattern\":\"suricata-*\",\"query_string\":\"event.subtype: alert AND log.severity:notice\",\"id\":\"f7dda450-6496-11e8-99f1-8985c7aed077\",\"color\":\"rgba(171,20,158,1)\",\"time_field\":\"@timestamp\",\"icon\":\"fa-tag\",\"ignore_global_filters\":0,\"ignore_panel_filters\":1}],\"background_color_rules\":[{\"value\":0,\"id\":\"e7fcabf0-6499-11e8-99f1-8985c7aed077\",\"background_color\":\"rgba(153,153,153,1)\",\"opperator\":\"lte\",\"operator\":\"lte\"},{\"value\":1,\"id\":\"25c72730-649a-11e8-99f1-8985c7aed077\",\"background_color\":\"rgba(244,78,59,1)\",\"opperator\":\"gte\",\"operator\":\"gte\"}],\"filter\":\"alert.severity: 1 AND _exists_: http.hostname\",\"axis_scale\":\"normal\",\"default_index_pattern\":\"syslog-*\"},\"aggs\":[]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": []
  },
  {
    "_id": "16650ad0-6a87-11e8-82af-6743288b8baf",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: DNS - Alert Count (alert) - TSVB (metric)",
      "visState": "{\"title\":\"Suricata: DNS - Alert Count (alert) - TSVB (metric)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"},{\"id\":\"69310560-64a2-11e8-99f1-8985c7aed077\",\"type\":\"cumulative_sum\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"bar\",\"line_width\":1,\"point_size\":1,\"fill\":\"0.6\",\"stacked\":\"none\",\"terms_field\":\"event.subtype\",\"terms_size\":\"25\",\"label\":\"Alert\",\"filter\":\"\",\"series_drop_last_bucket\":0}],\"time_field\":\"@timestamp\",\"index_pattern\":\"suricata-*\",\"interval\":\"auto\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"annotations\":[{\"fields\":\"alert.category\",\"template\":\"{{alert.category}}\",\"index_pattern\":\"suricata-*\",\"query_string\":\"event.subtype: alert AND log.severity:alert\",\"id\":\"3d25aed0-6493-11e8-99f1-8985c7aed077\",\"color\":\"#F00\",\"time_field\":\"@timestamp\",\"icon\":\"fa-exclamation-triangle\",\"ignore_global_filters\":0,\"ignore_panel_filters\":1},{\"fields\":\"alert.category\",\"template\":\"{{alert.category}}\",\"index_pattern\":\"suricata-*\",\"query_string\":\"event.subtype: alert AND log.severity:critical\",\"id\":\"78f5d950-6496-11e8-99f1-8985c7aed077\",\"color\":\"rgba(251,158,0,1)\",\"time_field\":\"@timestamp\",\"icon\":\"fa-exclamation-triangle\",\"ignore_global_filters\":0,\"ignore_panel_filters\":1},{\"fields\":\"alert.category\",\"template\":\"{{alert.category}}\",\"index_pattern\":\"suricata-*\",\"query_string\":\"event.subtype: alert AND log.severity:warning\",\"id\":\"e83c7b70-6496-11e8-99f1-8985c7aed077\",\"color\":\"rgba(0,156,224,1)\",\"time_field\":\"@timestamp\",\"icon\":\"fa-exclamation-triangle\",\"ignore_global_filters\":0,\"ignore_panel_filters\":1},{\"fields\":\"alert.category\",\"template\":\"{{alert.category}}\",\"index_pattern\":\"suricata-*\",\"query_string\":\"event.subtype: alert AND log.severity:notice\",\"id\":\"f7dda450-6496-11e8-99f1-8985c7aed077\",\"color\":\"rgba(171,20,158,1)\",\"time_field\":\"@timestamp\",\"icon\":\"fa-tag\",\"ignore_global_filters\":0,\"ignore_panel_filters\":1}],\"background_color_rules\":[{\"value\":0,\"id\":\"e7fcabf0-6499-11e8-99f1-8985c7aed077\",\"background_color\":\"rgba(153,153,153,1)\",\"opperator\":\"lte\",\"operator\":\"lte\"},{\"value\":1,\"id\":\"25c72730-649a-11e8-99f1-8985c7aed077\",\"background_color\":\"rgba(244,78,59,1)\",\"opperator\":\"gte\",\"operator\":\"gte\"}],\"filter\":\"alert.severity: 1 AND app_proto: dns\",\"axis_scale\":\"normal\",\"default_index_pattern\":\"syslog-*\"},\"aggs\":[]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": []
  },
  {
    "_id": "9fc6f580-6a7e-11e8-82af-6743288b8baf",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: HTTP - Alert Count (critical) - TSVB (metric)",
      "visState": "{\"title\":\"Suricata: HTTP - Alert Count (critical) - TSVB (metric)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"},{\"id\":\"69310560-64a2-11e8-99f1-8985c7aed077\",\"type\":\"cumulative_sum\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"bar\",\"line_width\":1,\"point_size\":1,\"fill\":\"0.6\",\"stacked\":\"none\",\"terms_field\":\"event.subtype\",\"terms_size\":\"25\",\"label\":\"Critical\",\"filter\":\"\",\"series_drop_last_bucket\":0}],\"time_field\":\"@timestamp\",\"index_pattern\":\"suricata-*\",\"interval\":\"auto\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"annotations\":[{\"fields\":\"alert.category\",\"template\":\"{{alert.category}}\",\"index_pattern\":\"suricata-*\",\"query_string\":\"event.subtype: alert AND log.severity:alert\",\"id\":\"3d25aed0-6493-11e8-99f1-8985c7aed077\",\"color\":\"#F00\",\"time_field\":\"@timestamp\",\"icon\":\"fa-exclamation-triangle\",\"ignore_global_filters\":0,\"ignore_panel_filters\":1},{\"fields\":\"alert.category\",\"template\":\"{{alert.category}}\",\"index_pattern\":\"suricata-*\",\"query_string\":\"event.subtype: alert AND log.severity:critical\",\"id\":\"78f5d950-6496-11e8-99f1-8985c7aed077\",\"color\":\"rgba(251,158,0,1)\",\"time_field\":\"@timestamp\",\"icon\":\"fa-exclamation-triangle\",\"ignore_global_filters\":0,\"ignore_panel_filters\":1},{\"fields\":\"alert.category\",\"template\":\"{{alert.category}}\",\"index_pattern\":\"suricata-*\",\"query_string\":\"event.subtype: alert AND log.severity:warning\",\"id\":\"e83c7b70-6496-11e8-99f1-8985c7aed077\",\"color\":\"rgba(0,156,224,1)\",\"time_field\":\"@timestamp\",\"icon\":\"fa-exclamation-triangle\",\"ignore_global_filters\":0,\"ignore_panel_filters\":1},{\"fields\":\"alert.category\",\"template\":\"{{alert.category}}\",\"index_pattern\":\"suricata-*\",\"query_string\":\"event.subtype: alert AND log.severity:notice\",\"id\":\"f7dda450-6496-11e8-99f1-8985c7aed077\",\"color\":\"rgba(171,20,158,1)\",\"time_field\":\"@timestamp\",\"icon\":\"fa-tag\",\"ignore_global_filters\":0,\"ignore_panel_filters\":1}],\"background_color_rules\":[{\"value\":0,\"id\":\"e7fcabf0-6499-11e8-99f1-8985c7aed077\",\"background_color\":\"rgba(153,153,153,1)\",\"opperator\":\"lte\",\"operator\":\"lte\"},{\"value\":1,\"id\":\"25c72730-649a-11e8-99f1-8985c7aed077\",\"background_color\":\"rgba(254,146,0,1)\",\"opperator\":\"gte\",\"operator\":\"gte\"}],\"filter\":\"alert.severity: 2 AND _exists_: http.hostname\",\"axis_scale\":\"normal\",\"default_index_pattern\":\"syslog-*\"},\"aggs\":[]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": []
  },
  {
    "_id": "de04cc00-6a7e-11e8-82af-6743288b8baf",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: HTTP - Reputation Count - TSVB (metric)",
      "visState": "{\"title\":\"Suricata: HTTP - Reputation Count - TSVB (metric)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"},{\"id\":\"69310560-64a2-11e8-99f1-8985c7aed077\",\"type\":\"cumulative_sum\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"bar\",\"line_width\":1,\"point_size\":1,\"fill\":\"0.6\",\"stacked\":\"none\",\"terms_field\":\"event.subtype\",\"terms_size\":\"25\",\"label\":\"Bad IP Rep\",\"filter\":\"\",\"series_drop_last_bucket\":0}],\"time_field\":\"@timestamp\",\"index_pattern\":\"suricata-*\",\"interval\":\"auto\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"annotations\":[{\"fields\":\"alert.category\",\"template\":\"{{alert.category}}\",\"index_pattern\":\"suricata-*\",\"query_string\":\"event.subtype: alert AND log.severity:alert\",\"id\":\"3d25aed0-6493-11e8-99f1-8985c7aed077\",\"color\":\"#F00\",\"time_field\":\"@timestamp\",\"icon\":\"fa-exclamation-triangle\",\"ignore_global_filters\":0,\"ignore_panel_filters\":1},{\"fields\":\"alert.category\",\"template\":\"{{alert.category}}\",\"index_pattern\":\"suricata-*\",\"query_string\":\"event.subtype: alert AND log.severity:critical\",\"id\":\"78f5d950-6496-11e8-99f1-8985c7aed077\",\"color\":\"rgba(251,158,0,1)\",\"time_field\":\"@timestamp\",\"icon\":\"fa-exclamation-triangle\",\"ignore_global_filters\":0,\"ignore_panel_filters\":1},{\"fields\":\"alert.category\",\"template\":\"{{alert.category}}\",\"index_pattern\":\"suricata-*\",\"query_string\":\"event.subtype: alert AND log.severity:warning\",\"id\":\"e83c7b70-6496-11e8-99f1-8985c7aed077\",\"color\":\"rgba(0,156,224,1)\",\"time_field\":\"@timestamp\",\"icon\":\"fa-exclamation-triangle\",\"ignore_global_filters\":0,\"ignore_panel_filters\":1},{\"fields\":\"alert.category\",\"template\":\"{{alert.category}}\",\"index_pattern\":\"suricata-*\",\"query_string\":\"event.subtype: alert AND log.severity:notice\",\"id\":\"f7dda450-6496-11e8-99f1-8985c7aed077\",\"color\":\"rgba(171,20,158,1)\",\"time_field\":\"@timestamp\",\"icon\":\"fa-tag\",\"ignore_global_filters\":0,\"ignore_panel_filters\":1}],\"background_color_rules\":[{\"value\":0,\"id\":\"e7fcabf0-6499-11e8-99f1-8985c7aed077\",\"background_color\":\"rgba(153,153,153,1)\",\"opperator\":\"lte\",\"operator\":\"lte\"},{\"value\":1,\"id\":\"25c72730-649a-11e8-99f1-8985c7aed077\",\"background_color\":\"rgba(0,98,177,1)\",\"opperator\":\"gte\",\"operator\":\"gte\"}],\"filter\":\"_exists_: rep_tags AND _exists_: http.hostname\",\"axis_scale\":\"normal\",\"default_index_pattern\":\"syslog-*\"},\"aggs\":[]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": []
  },
  {
    "_id": "21df6d60-6a87-11e8-82af-6743288b8baf",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: DNS - Alert Count (critical) - TSVB (metric)",
      "visState": "{\"title\":\"Suricata: DNS - Alert Count (critical) - TSVB (metric)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"},{\"id\":\"69310560-64a2-11e8-99f1-8985c7aed077\",\"type\":\"cumulative_sum\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"bar\",\"line_width\":1,\"point_size\":1,\"fill\":\"0.6\",\"stacked\":\"none\",\"terms_field\":\"event.subtype\",\"terms_size\":\"25\",\"label\":\"Critical\",\"filter\":\"\",\"series_drop_last_bucket\":0}],\"time_field\":\"@timestamp\",\"index_pattern\":\"suricata-*\",\"interval\":\"auto\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"annotations\":[{\"fields\":\"alert.category\",\"template\":\"{{alert.category}}\",\"index_pattern\":\"suricata-*\",\"query_string\":\"event.subtype: alert AND log.severity:alert\",\"id\":\"3d25aed0-6493-11e8-99f1-8985c7aed077\",\"color\":\"#F00\",\"time_field\":\"@timestamp\",\"icon\":\"fa-exclamation-triangle\",\"ignore_global_filters\":0,\"ignore_panel_filters\":1},{\"fields\":\"alert.category\",\"template\":\"{{alert.category}}\",\"index_pattern\":\"suricata-*\",\"query_string\":\"event.subtype: alert AND log.severity:critical\",\"id\":\"78f5d950-6496-11e8-99f1-8985c7aed077\",\"color\":\"rgba(251,158,0,1)\",\"time_field\":\"@timestamp\",\"icon\":\"fa-exclamation-triangle\",\"ignore_global_filters\":0,\"ignore_panel_filters\":1},{\"fields\":\"alert.category\",\"template\":\"{{alert.category}}\",\"index_pattern\":\"suricata-*\",\"query_string\":\"event.subtype: alert AND log.severity:warning\",\"id\":\"e83c7b70-6496-11e8-99f1-8985c7aed077\",\"color\":\"rgba(0,156,224,1)\",\"time_field\":\"@timestamp\",\"icon\":\"fa-exclamation-triangle\",\"ignore_global_filters\":0,\"ignore_panel_filters\":1},{\"fields\":\"alert.category\",\"template\":\"{{alert.category}}\",\"index_pattern\":\"suricata-*\",\"query_string\":\"event.subtype: alert AND log.severity:notice\",\"id\":\"f7dda450-6496-11e8-99f1-8985c7aed077\",\"color\":\"rgba(171,20,158,1)\",\"time_field\":\"@timestamp\",\"icon\":\"fa-tag\",\"ignore_global_filters\":0,\"ignore_panel_filters\":1}],\"background_color_rules\":[{\"value\":0,\"id\":\"e7fcabf0-6499-11e8-99f1-8985c7aed077\",\"background_color\":\"rgba(153,153,153,1)\",\"opperator\":\"lte\",\"operator\":\"lte\"},{\"value\":1,\"id\":\"25c72730-649a-11e8-99f1-8985c7aed077\",\"background_color\":\"rgba(254,146,0,1)\",\"opperator\":\"gte\",\"operator\":\"gte\"}],\"filter\":\"alert.severity: 2 AND app_proto: dns\",\"axis_scale\":\"normal\",\"default_index_pattern\":\"syslog-*\"},\"aggs\":[]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": []
  },
  {
    "_id": "97fc1750-6a87-11e8-82af-6743288b8baf",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: HTTP - Alert Count (notice) - TSVB (metric)",
      "visState": "{\"title\":\"Suricata: HTTP - Alert Count (notice) - TSVB (metric)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"},{\"id\":\"69310560-64a2-11e8-99f1-8985c7aed077\",\"type\":\"cumulative_sum\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"bar\",\"line_width\":1,\"point_size\":1,\"fill\":\"0.6\",\"stacked\":\"none\",\"terms_field\":\"event.subtype\",\"terms_size\":\"25\",\"label\":\"Notice\",\"filter\":\"\",\"series_drop_last_bucket\":0}],\"time_field\":\"@timestamp\",\"index_pattern\":\"suricata-*\",\"interval\":\"auto\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"annotations\":[{\"fields\":\"alert.category\",\"template\":\"{{alert.category}}\",\"index_pattern\":\"suricata-*\",\"query_string\":\"event.subtype: alert AND log.severity:alert\",\"id\":\"3d25aed0-6493-11e8-99f1-8985c7aed077\",\"color\":\"#F00\",\"time_field\":\"@timestamp\",\"icon\":\"fa-exclamation-triangle\",\"ignore_global_filters\":0,\"ignore_panel_filters\":1},{\"fields\":\"alert.category\",\"template\":\"{{alert.category}}\",\"index_pattern\":\"suricata-*\",\"query_string\":\"event.subtype: alert AND log.severity:critical\",\"id\":\"78f5d950-6496-11e8-99f1-8985c7aed077\",\"color\":\"rgba(251,158,0,1)\",\"time_field\":\"@timestamp\",\"icon\":\"fa-exclamation-triangle\",\"ignore_global_filters\":0,\"ignore_panel_filters\":1},{\"fields\":\"alert.category\",\"template\":\"{{alert.category}}\",\"index_pattern\":\"suricata-*\",\"query_string\":\"event.subtype: alert AND log.severity:warning\",\"id\":\"e83c7b70-6496-11e8-99f1-8985c7aed077\",\"color\":\"rgba(0,156,224,1)\",\"time_field\":\"@timestamp\",\"icon\":\"fa-exclamation-triangle\",\"ignore_global_filters\":0,\"ignore_panel_filters\":1},{\"fields\":\"alert.category\",\"template\":\"{{alert.category}}\",\"index_pattern\":\"suricata-*\",\"query_string\":\"event.subtype: alert AND log.severity:notice\",\"id\":\"f7dda450-6496-11e8-99f1-8985c7aed077\",\"color\":\"rgba(171,20,158,1)\",\"time_field\":\"@timestamp\",\"icon\":\"fa-tag\",\"ignore_global_filters\":0,\"ignore_panel_filters\":1}],\"background_color_rules\":[{\"value\":0,\"id\":\"e7fcabf0-6499-11e8-99f1-8985c7aed077\",\"background_color\":\"rgba(153,153,153,1)\",\"opperator\":\"lte\",\"operator\":\"lte\"},{\"value\":1,\"id\":\"25c72730-649a-11e8-99f1-8985c7aed077\",\"background_color\":\"rgba(171,20,158,1)\",\"opperator\":\"gte\",\"operator\":\"gte\"}],\"filter\":\"alert.severity: 4 AND _exists_: http.hostname\",\"axis_scale\":\"normal\",\"default_index_pattern\":\"suricata-*\"},\"aggs\":[]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": []
  },
  {
    "_id": "9bcc2820-7c65-11e9-ab58-c1e5cf60a7ac",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: NAV (HTTP) - TSVB (markdown)",
      "visState": "{\"title\":\"Suricata: NAV (HTTP) - TSVB (markdown)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"\",\"interval\":\"auto\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"default_index_pattern\":\"suricata-*\",\"markdown_less\":\"p {\\n    color: #cccccc;\\n    margin-top: 0px;\\n    margin-bottom: 16px;\\n}\\np a {\\n    color: #00bfb3;\\n\\tfont-size: 14px;\\n\\tfont-weight: bold;\\n\\ttext-decoration: none;\\n}\\np a strong {\\n    color: #f04e98;\\n\\tfont-weight: bold;\\n}\\nhr {\\n    background-color: #cccccc;\\n    margin: 0px;\\n    height: 1px;\\n}\",\"markdown_css\":\"#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p{color:#cccccc;margin-top:0;margin-bottom:16px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a{color:#00bfb3;font-size:14px;font-weight:bold;text-decoration:none}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a strong{color:#f04e98;font-weight:bold}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 hr{background-color:#cccccc;margin:0;height:1px}\",\"markdown\":\"[Alerts](#/dashboard/076caa20-64aa-11e8-9e8d-39632dc6b766) | [Threats](#/dashboard/cfa96750-6651-11e8-a67b-cd4cf123b2a5) | [Flows](#/dashboard/73c81560-64b9-11e8-9e8d-39632dc6b766) | [**HTTP**](#/dashboard/e43a5af0-6695-11e8-a67b-cd4cf123b2a5) | [DNS](#/dashboard/01eff230-6696-11e8-a67b-cd4cf123b2a5) | [SSH](#/dashboard/0dd5d540-8221-11e9-8c3c-4925ccb1fc48) | [TLS](#/dashboard/11934d10-820e-11e9-8c3c-4925ccb1fc48) | [SMB](#/dashboard/d41023f0-8221-11e9-8c3c-4925ccb1fc48) | [NFS](#/dashboard/f2dc1af0-8226-11e9-8c3c-4925ccb1fc48) | [Raw Logs](#/dashboard/3f15a1f0-6696-11e8-a67b-cd4cf123b2a5) | [Statistics](#/dashboard/61eb53a0-6696-11e8-a67b-cd4cf123b2a5)\\n![](http://www.koiossian.com/public/suricata.gif)\\n***\"},\"aggs\":[]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": []
  },
  {
    "_id": "fdca6e50-821f-11e9-8c3c-4925ccb1fc48",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: NAV (TLS) - TSVB (markdown)",
      "visState": "{\"title\":\"Suricata: NAV (TLS) - TSVB (markdown)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"\",\"interval\":\"auto\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"default_index_pattern\":\"suricata-*\",\"markdown_less\":\"p {\\n    color: #cccccc;\\n    margin-top: 0px;\\n    margin-bottom: 16px;\\n}\\np a {\\n    color: #00bfb3;\\n\\tfont-size: 14px;\\n\\tfont-weight: bold;\\n\\ttext-decoration: none;\\n}\\np a strong {\\n    color: #f04e98;\\n\\tfont-weight: bold;\\n}\\nhr {\\n    background-color: #cccccc;\\n    margin: 0px;\\n    height: 1px;\\n}\",\"markdown_css\":\"#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p{color:#cccccc;margin-top:0;margin-bottom:16px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a{color:#00bfb3;font-size:14px;font-weight:bold;text-decoration:none}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a strong{color:#f04e98;font-weight:bold}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 hr{background-color:#cccccc;margin:0;height:1px}\",\"markdown\":\"[Alerts](#/dashboard/076caa20-64aa-11e8-9e8d-39632dc6b766) | [Threats](#/dashboard/cfa96750-6651-11e8-a67b-cd4cf123b2a5) | [Flows](#/dashboard/73c81560-64b9-11e8-9e8d-39632dc6b766) | [HTTP](#/dashboard/e43a5af0-6695-11e8-a67b-cd4cf123b2a5) | [DNS](#/dashboard/01eff230-6696-11e8-a67b-cd4cf123b2a5) | [SSH](#/dashboard/0dd5d540-8221-11e9-8c3c-4925ccb1fc48) | [**TLS**](#/dashboard/11934d10-820e-11e9-8c3c-4925ccb1fc48) | [SMB](#/dashboard/d41023f0-8221-11e9-8c3c-4925ccb1fc48) | [NFS](#/dashboard/f2dc1af0-8226-11e9-8c3c-4925ccb1fc48) | [Raw Logs](#/dashboard/3f15a1f0-6696-11e8-a67b-cd4cf123b2a5) | [Statistics](#/dashboard/61eb53a0-6696-11e8-a67b-cd4cf123b2a5)\\n![](http://www.koiossian.com/public/suricata.gif)\\n***\"},\"aggs\":[]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": []
  },
  {
    "_id": "dc53fc10-82af-11e9-8c3c-4925ccb1fc48",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: NAV (NFS) - TSVB (markdown)",
      "visState": "{\"title\":\"Suricata: NAV (NFS) - TSVB (markdown)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"\",\"interval\":\"auto\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"default_index_pattern\":\"suricata-*\",\"markdown_less\":\"p {\\n    color: #cccccc;\\n    margin-top: 0px;\\n    margin-bottom: 16px;\\n}\\np a {\\n    color: #00bfb3;\\n\\tfont-size: 14px;\\n\\tfont-weight: bold;\\n\\ttext-decoration: none;\\n}\\np a strong {\\n    color: #f04e98;\\n\\tfont-weight: bold;\\n}\\nhr {\\n    background-color: #cccccc;\\n    margin: 0px;\\n    height: 1px;\\n}\",\"markdown_css\":\"#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p{color:#cccccc;margin-top:0;margin-bottom:16px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a{color:#00bfb3;font-size:14px;font-weight:bold;text-decoration:none}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a strong{color:#f04e98;font-weight:bold}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 hr{background-color:#cccccc;margin:0;height:1px}\",\"markdown\":\"[Alerts](#/dashboard/076caa20-64aa-11e8-9e8d-39632dc6b766) | [Threats](#/dashboard/cfa96750-6651-11e8-a67b-cd4cf123b2a5) | [Flows](#/dashboard/73c81560-64b9-11e8-9e8d-39632dc6b766) | [HTTP](#/dashboard/e43a5af0-6695-11e8-a67b-cd4cf123b2a5) | [DNS](#/dashboard/01eff230-6696-11e8-a67b-cd4cf123b2a5) | [SSH](#/dashboard/0dd5d540-8221-11e9-8c3c-4925ccb1fc48) | [TLS](#/dashboard/11934d10-820e-11e9-8c3c-4925ccb1fc48) | [SMB](#/dashboard/d41023f0-8221-11e9-8c3c-4925ccb1fc48) | [**NFS**](#/dashboard/f2dc1af0-8226-11e9-8c3c-4925ccb1fc48) | [Raw Logs](#/dashboard/3f15a1f0-6696-11e8-a67b-cd4cf123b2a5) | [Statistics](#/dashboard/61eb53a0-6696-11e8-a67b-cd4cf123b2a5)\\n![](http://www.koiossian.com/public/suricata.gif)\\n***\"},\"aggs\":[]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": []
  },
  {
    "_id": "5eecdda0-82af-11e9-8c3c-4925ccb1fc48",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: NAV: SSH (overview) - TSVB (markdown)",
      "visState": "{\"title\":\"Suricata: NAV: SSH (overview) - TSVB (markdown)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"\",\"interval\":\"auto\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"default_index_pattern\":\"suricata-*\",\"markdown_less\":\"p {\\n    color: #cccccc;\\n    margin-top: 0px;\\n    margin-bottom: 16px;\\n}\\np a {\\n    color: #00bfb3;\\n\\tfont-size: 14px;\\n\\tfont-weight: bold;\\n\\ttext-decoration: none;\\n}\\np a strong {\\n    color: #f04e98;\\n\\tfont-weight: bold;\\n}\\nhr {\\n    background-color: #cccccc;\\n    margin: 0px;\\n    height: 1px;\\n}\",\"markdown_css\":\"#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p{color:#cccccc;margin-top:0;margin-bottom:16px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a{color:#00bfb3;font-size:14px;font-weight:bold;text-decoration:none}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a strong{color:#f04e98;font-weight:bold}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 hr{background-color:#cccccc;margin:0;height:1px}\",\"markdown\":\"[**Overview**](#/dashboard/0dd5d540-8221-11e9-8c3c-4925ccb1fc48) | [Messages](#/dashboard/26528cf0-82b0-11e9-8c3c-4925ccb1fc48)\\n![](http://www.koiossian.com/public/suricata.gif)\\n***\"},\"aggs\":[]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": []
  },
  {
    "_id": "08201a00-82af-11e9-8c3c-4925ccb1fc48",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: NAV: SMB (overview) - TSVB (markdown)",
      "visState": "{\"title\":\"Suricata: NAV: SMB (overview) - TSVB (markdown)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"\",\"interval\":\"auto\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"default_index_pattern\":\"suricata-*\",\"markdown_less\":\"p {\\n    color: #cccccc;\\n    margin-top: 0px;\\n    margin-bottom: 16px;\\n}\\np a {\\n    color: #00bfb3;\\n\\tfont-size: 14px;\\n\\tfont-weight: bold;\\n\\ttext-decoration: none;\\n}\\np a strong {\\n    color: #f04e98;\\n\\tfont-weight: bold;\\n}\\nhr {\\n    background-color: #cccccc;\\n    margin: 0px;\\n    height: 1px;\\n}\",\"markdown_css\":\"#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p{color:#cccccc;margin-top:0;margin-bottom:16px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a{color:#00bfb3;font-size:14px;font-weight:bold;text-decoration:none}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a strong{color:#f04e98;font-weight:bold}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 hr{background-color:#cccccc;margin:0;height:1px}\",\"markdown\":\"[**Overview**](#/dashboard/d41023f0-8221-11e9-8c3c-4925ccb1fc48) | [Messages](#/dashboard/443834e0-82b0-11e9-8c3c-4925ccb1fc48)\\n![](http://www.koiossian.com/public/suricata.gif)\\n***\"},\"aggs\":[]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": []
  },
  {
    "_id": "26181170-82af-11e9-8c3c-4925ccb1fc48",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: NAV: NFS (overview) - TSVB (markdown)",
      "visState": "{\"title\":\"Suricata: NAV: NFS (overview) - TSVB (markdown)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"\",\"interval\":\"auto\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"default_index_pattern\":\"suricata-*\",\"markdown_less\":\"p {\\n    color: #cccccc;\\n    margin-top: 0px;\\n    margin-bottom: 16px;\\n}\\np a {\\n    color: #00bfb3;\\n\\tfont-size: 14px;\\n\\tfont-weight: bold;\\n\\ttext-decoration: none;\\n}\\np a strong {\\n    color: #f04e98;\\n\\tfont-weight: bold;\\n}\\nhr {\\n    background-color: #cccccc;\\n    margin: 0px;\\n    height: 1px;\\n}\",\"markdown_css\":\"#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p{color:#cccccc;margin-top:0;margin-bottom:16px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a{color:#00bfb3;font-size:14px;font-weight:bold;text-decoration:none}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a strong{color:#f04e98;font-weight:bold}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 hr{background-color:#cccccc;margin:0;height:1px}\",\"markdown\":\"[**Overview**](#/dashboard/f2dc1af0-8226-11e9-8c3c-4925ccb1fc48) | [Messages](#/dashboard/5d7bf310-82b0-11e9-8c3c-4925ccb1fc48)\\n![](http://www.koiossian.com/public/suricata.gif)\\n***\"},\"aggs\":[]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": []
  },
  {
    "_id": "9f0e5db0-82ae-11e9-8c3c-4925ccb1fc48",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: NAV: TLS (messages) - TSVB (markdown)",
      "visState": "{\"title\":\"Suricata: NAV: TLS (messages) - TSVB (markdown)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"\",\"interval\":\"auto\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"default_index_pattern\":\"suricata-*\",\"markdown_less\":\"p {\\n    color: #cccccc;\\n    margin-top: 0px;\\n    margin-bottom: 16px;\\n}\\np a {\\n    color: #00bfb3;\\n\\tfont-size: 14px;\\n\\tfont-weight: bold;\\n\\ttext-decoration: none;\\n}\\np a strong {\\n    color: #f04e98;\\n\\tfont-weight: bold;\\n}\\nhr {\\n    background-color: #cccccc;\\n    margin: 0px;\\n    height: 1px;\\n}\",\"markdown_css\":\"#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p{color:#cccccc;margin-top:0;margin-bottom:16px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a{color:#00bfb3;font-size:14px;font-weight:bold;text-decoration:none}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a strong{color:#f04e98;font-weight:bold}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 hr{background-color:#cccccc;margin:0;height:1px}\",\"markdown\":\"[Overview](#/dashboard/11934d10-820e-11e9-8c3c-4925ccb1fc48) | [**Messages**](#/dashboard/33703f40-82b0-11e9-8c3c-4925ccb1fc48)\\n![](http://www.koiossian.com/public/suricata.gif)\\n***\"},\"aggs\":[]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": []
  },
  {
    "_id": "8a33c210-8216-11e9-8c3c-4925ccb1fc48",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: TLS - input list",
      "visState": "{\"title\":\"Suricata: TLS - input list\",\"type\":\"input_control_vis\",\"params\":{\"controls\":[{\"id\":\"1527742767549\",\"fieldName\":\"node.hostname\",\"label\":\"Suricata Instance\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"size\":200,\"order\":\"desc\"},\"indexPatternRefName\":\"control_0_index_pattern\"},{\"id\":\"1527742882773\",\"fieldName\":\"tls.sni\",\"label\":\"SNI\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"size\":2500,\"order\":\"desc\"},\"indexPatternRefName\":\"control_1_index_pattern\"},{\"id\":\"1527742906725\",\"fieldName\":\"tls.subject\",\"label\":\"Subject\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"size\":2500,\"order\":\"desc\"},\"indexPatternRefName\":\"control_2_index_pattern\"},{\"id\":\"1528397010577\",\"fieldName\":\"tls.issuerdn\",\"label\":\"Issuer\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"size\":2500,\"order\":\"desc\"},\"indexPatternRefName\":\"control_3_index_pattern\"},{\"id\":\"1527752158563\",\"fieldName\":\"tls.version\",\"label\":\"Version\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"size\":2500,\"order\":\"desc\"},\"indexPatternRefName\":\"control_4_index_pattern\"}],\"updateFiltersOnChange\":true,\"useTimeFilter\":true,\"pinFilters\":false},\"aggs\":[]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "control_0_index_pattern",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "control_1_index_pattern",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "control_2_index_pattern",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "control_3_index_pattern",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "control_4_index_pattern",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "85e74c60-7c65-11e9-ab58-c1e5cf60a7ac",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: NAV (Flows) - TSVB (markdown)",
      "visState": "{\"title\":\"Suricata: NAV (Flows) - TSVB (markdown)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"\",\"interval\":\"auto\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"default_index_pattern\":\"suricata-*\",\"markdown_less\":\"p {\\n    color: #cccccc;\\n    margin-top: 0px;\\n    margin-bottom: 16px;\\n}\\np a {\\n    color: #00bfb3;\\n\\tfont-size: 14px;\\n\\tfont-weight: bold;\\n\\ttext-decoration: none;\\n}\\np a strong {\\n    color: #f04e98;\\n\\tfont-weight: bold;\\n}\\nhr {\\n    background-color: #cccccc;\\n    margin: 0px;\\n    height: 1px;\\n}\",\"markdown_css\":\"#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p{color:#cccccc;margin-top:0;margin-bottom:16px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a{color:#00bfb3;font-size:14px;font-weight:bold;text-decoration:none}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a strong{color:#f04e98;font-weight:bold}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 hr{background-color:#cccccc;margin:0;height:1px}\",\"markdown\":\"[Alerts](#/dashboard/076caa20-64aa-11e8-9e8d-39632dc6b766) | [Threats](#/dashboard/cfa96750-6651-11e8-a67b-cd4cf123b2a5) | [**Flows**](#/dashboard/73c81560-64b9-11e8-9e8d-39632dc6b766) | [HTTP](#/dashboard/e43a5af0-6695-11e8-a67b-cd4cf123b2a5) | [DNS](#/dashboard/01eff230-6696-11e8-a67b-cd4cf123b2a5) | [SSH](#/dashboard/0dd5d540-8221-11e9-8c3c-4925ccb1fc48) | [TLS](#/dashboard/11934d10-820e-11e9-8c3c-4925ccb1fc48) | [SMB](#/dashboard/d41023f0-8221-11e9-8c3c-4925ccb1fc48) | [NFS](#/dashboard/f2dc1af0-8226-11e9-8c3c-4925ccb1fc48) | [Raw Logs](#/dashboard/3f15a1f0-6696-11e8-a67b-cd4cf123b2a5) | [Statistics](#/dashboard/61eb53a0-6696-11e8-a67b-cd4cf123b2a5)\\n![](http://www.koiossian.com/public/suricata.gif)\\n***\"},\"aggs\":[]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": []
  },
  {
    "_id": "1b641e60-7c68-11e9-ab58-c1e5cf60a7ac",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: NAV (DNS) - TSVB (markdown)",
      "visState": "{\"title\":\"Suricata: NAV (DNS) - TSVB (markdown)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"\",\"interval\":\"auto\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"default_index_pattern\":\"suricata-*\",\"markdown_less\":\"p {\\n    color: #cccccc;\\n    margin-top: 0px;\\n    margin-bottom: 16px;\\n}\\np a {\\n    color: #00bfb3;\\n\\tfont-size: 14px;\\n\\tfont-weight: bold;\\n\\ttext-decoration: none;\\n}\\np a strong {\\n    color: #f04e98;\\n\\tfont-weight: bold;\\n}\\nhr {\\n    background-color: #cccccc;\\n    margin: 0px;\\n    height: 1px;\\n}\",\"markdown_css\":\"#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p{color:#cccccc;margin-top:0;margin-bottom:16px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a{color:#00bfb3;font-size:14px;font-weight:bold;text-decoration:none}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a strong{color:#f04e98;font-weight:bold}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 hr{background-color:#cccccc;margin:0;height:1px}\",\"markdown\":\"[Alerts](#/dashboard/076caa20-64aa-11e8-9e8d-39632dc6b766) | [Threats](#/dashboard/cfa96750-6651-11e8-a67b-cd4cf123b2a5) | [Flows](#/dashboard/73c81560-64b9-11e8-9e8d-39632dc6b766) | [HTTP](#/dashboard/e43a5af0-6695-11e8-a67b-cd4cf123b2a5) | [**DNS**](#/dashboard/01eff230-6696-11e8-a67b-cd4cf123b2a5) | [SSH](#/dashboard/0dd5d540-8221-11e9-8c3c-4925ccb1fc48) | [TLS](#/dashboard/11934d10-820e-11e9-8c3c-4925ccb1fc48) | [SMB](#/dashboard/d41023f0-8221-11e9-8c3c-4925ccb1fc48) | [NFS](#/dashboard/f2dc1af0-8226-11e9-8c3c-4925ccb1fc48) | [Raw Logs](#/dashboard/3f15a1f0-6696-11e8-a67b-cd4cf123b2a5) | [Statistics](#/dashboard/61eb53a0-6696-11e8-a67b-cd4cf123b2a5)\\n![](http://www.koiossian.com/public/suricata.gif)\\n***\"},\"aggs\":[]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": []
  },
  {
    "_id": "d2a5a200-8222-11e9-8c3c-4925ccb1fc48",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: NAV (SMB) - TSVB (markdown)",
      "visState": "{\"title\":\"Suricata: NAV (SMB) - TSVB (markdown)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"\",\"interval\":\"auto\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"default_index_pattern\":\"suricata-*\",\"markdown_less\":\"p {\\n    color: #cccccc;\\n    margin-top: 0px;\\n    margin-bottom: 16px;\\n}\\np a {\\n    color: #00bfb3;\\n\\tfont-size: 14px;\\n\\tfont-weight: bold;\\n\\ttext-decoration: none;\\n}\\np a strong {\\n    color: #f04e98;\\n\\tfont-weight: bold;\\n}\\nhr {\\n    background-color: #cccccc;\\n    margin: 0px;\\n    height: 1px;\\n}\",\"markdown_css\":\"#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p{color:#cccccc;margin-top:0;margin-bottom:16px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a{color:#00bfb3;font-size:14px;font-weight:bold;text-decoration:none}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a strong{color:#f04e98;font-weight:bold}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 hr{background-color:#cccccc;margin:0;height:1px}\",\"markdown\":\"[Alerts](#/dashboard/076caa20-64aa-11e8-9e8d-39632dc6b766) | [Threats](#/dashboard/cfa96750-6651-11e8-a67b-cd4cf123b2a5) | [Flows](#/dashboard/73c81560-64b9-11e8-9e8d-39632dc6b766) | [HTTP](#/dashboard/e43a5af0-6695-11e8-a67b-cd4cf123b2a5) | [DNS](#/dashboard/01eff230-6696-11e8-a67b-cd4cf123b2a5) | [SSH](#/dashboard/0dd5d540-8221-11e9-8c3c-4925ccb1fc48) | [TLS](#/dashboard/11934d10-820e-11e9-8c3c-4925ccb1fc48) | [**SMB**](#/dashboard/d41023f0-8221-11e9-8c3c-4925ccb1fc48) | [NFS](#/dashboard/f2dc1af0-8226-11e9-8c3c-4925ccb1fc48) | [Raw Logs](#/dashboard/3f15a1f0-6696-11e8-a67b-cd4cf123b2a5) | [Statistics](#/dashboard/61eb53a0-6696-11e8-a67b-cd4cf123b2a5)\\n![](http://www.koiossian.com/public/suricata.gif)\\n***\"},\"aggs\":[]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": []
  },
  {
    "_id": "7ff11b30-8221-11e9-8c3c-4925ccb1fc48",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: NAV (SSH) - TSVB (markdown)",
      "visState": "{\"title\":\"Suricata: NAV (SSH) - TSVB (markdown)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"\",\"interval\":\"auto\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"default_index_pattern\":\"suricata-*\",\"markdown_less\":\"p {\\n    color: #cccccc;\\n    margin-top: 0px;\\n    margin-bottom: 16px;\\n}\\np a {\\n    color: #00bfb3;\\n\\tfont-size: 14px;\\n\\tfont-weight: bold;\\n\\ttext-decoration: none;\\n}\\np a strong {\\n    color: #f04e98;\\n\\tfont-weight: bold;\\n}\\nhr {\\n    background-color: #cccccc;\\n    margin: 0px;\\n    height: 1px;\\n}\",\"markdown_css\":\"#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p{color:#cccccc;margin-top:0;margin-bottom:16px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a{color:#00bfb3;font-size:14px;font-weight:bold;text-decoration:none}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a strong{color:#f04e98;font-weight:bold}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 hr{background-color:#cccccc;margin:0;height:1px}\",\"markdown\":\"[Alerts](#/dashboard/076caa20-64aa-11e8-9e8d-39632dc6b766) | [Threats](#/dashboard/cfa96750-6651-11e8-a67b-cd4cf123b2a5) | [Flows](#/dashboard/73c81560-64b9-11e8-9e8d-39632dc6b766) | [HTTP](#/dashboard/e43a5af0-6695-11e8-a67b-cd4cf123b2a5) | [DNS](#/dashboard/01eff230-6696-11e8-a67b-cd4cf123b2a5) | [**SSH**](#/dashboard/0dd5d540-8221-11e9-8c3c-4925ccb1fc48) | [TLS](#/dashboard/11934d10-820e-11e9-8c3c-4925ccb1fc48) | [SMB](#/dashboard/d41023f0-8221-11e9-8c3c-4925ccb1fc48) | [NFS](#/dashboard/f2dc1af0-8226-11e9-8c3c-4925ccb1fc48) | [Raw Logs](#/dashboard/3f15a1f0-6696-11e8-a67b-cd4cf123b2a5) | [Statistics](#/dashboard/61eb53a0-6696-11e8-a67b-cd4cf123b2a5)\\n![](http://www.koiossian.com/public/suricata.gif)\\n***\"},\"aggs\":[]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": []
  },
  {
    "_id": "484fd200-6a87-11e8-82af-6743288b8baf",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: DNS - Alert Count (warning) - TSVB (metric)",
      "visState": "{\"title\":\"Suricata: DNS - Alert Count (warning) - TSVB (metric)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"},{\"id\":\"69310560-64a2-11e8-99f1-8985c7aed077\",\"type\":\"cumulative_sum\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"bar\",\"line_width\":1,\"point_size\":1,\"fill\":\"0.6\",\"stacked\":\"none\",\"terms_field\":\"event.subtype\",\"terms_size\":\"25\",\"label\":\"Warning\",\"filter\":\"\",\"series_drop_last_bucket\":0}],\"time_field\":\"@timestamp\",\"index_pattern\":\"suricata-*\",\"interval\":\"auto\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"annotations\":[{\"fields\":\"alert.category\",\"template\":\"{{alert.category}}\",\"index_pattern\":\"suricata-*\",\"query_string\":\"event.subtype: alert AND log.severity:alert\",\"id\":\"3d25aed0-6493-11e8-99f1-8985c7aed077\",\"color\":\"#F00\",\"time_field\":\"@timestamp\",\"icon\":\"fa-exclamation-triangle\",\"ignore_global_filters\":0,\"ignore_panel_filters\":1},{\"fields\":\"alert.category\",\"template\":\"{{alert.category}}\",\"index_pattern\":\"suricata-*\",\"query_string\":\"event.subtype: alert AND log.severity:critical\",\"id\":\"78f5d950-6496-11e8-99f1-8985c7aed077\",\"color\":\"rgba(251,158,0,1)\",\"time_field\":\"@timestamp\",\"icon\":\"fa-exclamation-triangle\",\"ignore_global_filters\":0,\"ignore_panel_filters\":1},{\"fields\":\"alert.category\",\"template\":\"{{alert.category}}\",\"index_pattern\":\"suricata-*\",\"query_string\":\"event.subtype: alert AND log.severity:warning\",\"id\":\"e83c7b70-6496-11e8-99f1-8985c7aed077\",\"color\":\"rgba(0,156,224,1)\",\"time_field\":\"@timestamp\",\"icon\":\"fa-exclamation-triangle\",\"ignore_global_filters\":0,\"ignore_panel_filters\":1},{\"fields\":\"alert.category\",\"template\":\"{{alert.category}}\",\"index_pattern\":\"suricata-*\",\"query_string\":\"event.subtype: alert AND log.severity:notice\",\"id\":\"f7dda450-6496-11e8-99f1-8985c7aed077\",\"color\":\"rgba(171,20,158,1)\",\"time_field\":\"@timestamp\",\"icon\":\"fa-tag\",\"ignore_global_filters\":0,\"ignore_panel_filters\":1}],\"background_color_rules\":[{\"value\":0,\"id\":\"e7fcabf0-6499-11e8-99f1-8985c7aed077\",\"background_color\":\"rgba(153,153,153,1)\",\"opperator\":\"lte\",\"operator\":\"lte\"},{\"value\":1,\"id\":\"25c72730-649a-11e8-99f1-8985c7aed077\",\"background_color\":\"rgba(0,156,224,1)\",\"opperator\":\"gte\",\"operator\":\"gte\"}],\"filter\":\"alert.severity: 3 AND app_proto: dns\",\"axis_scale\":\"normal\",\"default_index_pattern\":\"syslog-*\"},\"aggs\":[]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": []
  },
  {
    "_id": "0ce73f00-82af-11e9-8c3c-4925ccb1fc48",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: NAV: SSH (messages) - TSVB (markdown)",
      "visState": "{\"title\":\"Suricata: NAV: SSH (messages) - TSVB (markdown)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"\",\"interval\":\"auto\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"default_index_pattern\":\"suricata-*\",\"markdown_less\":\"p {\\n    color: #cccccc;\\n    margin-top: 0px;\\n    margin-bottom: 16px;\\n}\\np a {\\n    color: #00bfb3;\\n\\tfont-size: 14px;\\n\\tfont-weight: bold;\\n\\ttext-decoration: none;\\n}\\np a strong {\\n    color: #f04e98;\\n\\tfont-weight: bold;\\n}\\nhr {\\n    background-color: #cccccc;\\n    margin: 0px;\\n    height: 1px;\\n}\",\"markdown_css\":\"#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p{color:#cccccc;margin-top:0;margin-bottom:16px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a{color:#00bfb3;font-size:14px;font-weight:bold;text-decoration:none}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a strong{color:#f04e98;font-weight:bold}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 hr{background-color:#cccccc;margin:0;height:1px}\",\"markdown\":\"[Overview](#/dashboard/0dd5d540-8221-11e9-8c3c-4925ccb1fc48) | [**Messages**](#/dashboard/26528cf0-82b0-11e9-8c3c-4925ccb1fc48)\\n![](http://www.koiossian.com/public/suricata.gif)\\n***\"},\"aggs\":[]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": []
  },
  {
    "_id": "1ecdeb10-82af-11e9-8c3c-4925ccb1fc48",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: NAV: SMB (messages) - TSVB (markdown)",
      "visState": "{\"title\":\"Suricata: NAV: SMB (messages) - TSVB (markdown)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"\",\"interval\":\"auto\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"default_index_pattern\":\"suricata-*\",\"markdown_less\":\"p {\\n    color: #cccccc;\\n    margin-top: 0px;\\n    margin-bottom: 16px;\\n}\\np a {\\n    color: #00bfb3;\\n\\tfont-size: 14px;\\n\\tfont-weight: bold;\\n\\ttext-decoration: none;\\n}\\np a strong {\\n    color: #f04e98;\\n\\tfont-weight: bold;\\n}\\nhr {\\n    background-color: #cccccc;\\n    margin: 0px;\\n    height: 1px;\\n}\",\"markdown_css\":\"#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p{color:#cccccc;margin-top:0;margin-bottom:16px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a{color:#00bfb3;font-size:14px;font-weight:bold;text-decoration:none}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a strong{color:#f04e98;font-weight:bold}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 hr{background-color:#cccccc;margin:0;height:1px}\",\"markdown\":\"[Overview](#/dashboard/d41023f0-8221-11e9-8c3c-4925ccb1fc48) | [**Messages**](#/dashboard/443834e0-82b0-11e9-8c3c-4925ccb1fc48)\\n![](http://www.koiossian.com/public/suricata.gif)\\n***\"},\"aggs\":[]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": []
  },
  {
    "_id": "299c4b30-6a65-11e8-82af-6743288b8baf",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: Logs by Type - TSVB (stacked bar)",
      "visState": "{\"title\":\"Suricata: Logs by Type - TSVB (stacked bar)\",\"type\":\"metrics\",\"params\":{\"annotations\":[],\"axis_formatter\":\"number\",\"axis_min\":\"0\",\"axis_position\":\"left\",\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"suricata-*\",\"interval\":\">=1m\",\"series\":[{\"id\":\"55201580-6a64-11e8-88f6-3b2470bbb1c6\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"55201581-6a64-11e8-88f6-3b2470bbb1c6\",\"type\":\"count\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":1,\"fill\":\"0.8\",\"stacked\":\"stacked\",\"terms_field\":\"event.subtype\",\"terms_size\":\"25\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"timeseries\",\"axis_scale\":\"normal\",\"default_index_pattern\":\"suricata-*\"},\"aggs\":[]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": []
  },
  {
    "_id": "40dd9a60-82bf-11e9-8c3c-4925ccb1fc48",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: SSH - input list",
      "visState": "{\"title\":\"Suricata: SSH - input list\",\"type\":\"input_control_vis\",\"params\":{\"controls\":[{\"id\":\"1527742767549\",\"fieldName\":\"node.hostname\",\"label\":\"Suricata Instance\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"size\":200,\"order\":\"desc\"},\"indexPatternRefName\":\"control_0_index_pattern\"},{\"id\":\"1527742882773\",\"fieldName\":\"client_hostname\",\"label\":\"Client\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"size\":2500,\"order\":\"desc\"},\"indexPatternRefName\":\"control_1_index_pattern\"},{\"id\":\"1527761054405\",\"fieldName\":\"ssh.client.software_version\",\"label\":\"Client Software\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"size\":50,\"order\":\"desc\"},\"indexPatternRefName\":\"control_2_index_pattern\"},{\"id\":\"1527742906725\",\"fieldName\":\"server_hostname\",\"label\":\"Server\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"size\":2500,\"order\":\"desc\"},\"indexPatternRefName\":\"control_3_index_pattern\"},{\"id\":\"1527752383061\",\"fieldName\":\"ssh.server.software_version\",\"label\":\"Server Software\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"size\":50,\"order\":\"desc\"},\"indexPatternRefName\":\"control_4_index_pattern\"}],\"updateFiltersOnChange\":true,\"useTimeFilter\":true,\"pinFilters\":false},\"aggs\":[]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "control_0_index_pattern",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "control_1_index_pattern",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "control_2_index_pattern",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "control_3_index_pattern",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "control_4_index_pattern",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "d75ca340-6a84-11e8-82af-6743288b8baf",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: DNS - Log Count - TSVB (metric)",
      "visState": "{\"title\":\"Suricata: DNS - Log Count - TSVB (metric)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"},{\"id\":\"69310560-64a2-11e8-99f1-8985c7aed077\",\"type\":\"cumulative_sum\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"bar\",\"line_width\":1,\"point_size\":1,\"fill\":\"0.6\",\"stacked\":\"none\",\"terms_field\":\"event.subtype\",\"terms_size\":\"25\",\"label\":\"DNS Logs\",\"filter\":\"\",\"series_drop_last_bucket\":0}],\"time_field\":\"@timestamp\",\"index_pattern\":\"suricata-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"annotations\":[{\"fields\":\"alert.category\",\"template\":\"{{alert.category}}\",\"index_pattern\":\"suricata-*\",\"query_string\":\"event.subtype: alert AND log.severity:alert\",\"id\":\"3d25aed0-6493-11e8-99f1-8985c7aed077\",\"color\":\"#F00\",\"time_field\":\"@timestamp\",\"icon\":\"fa-exclamation-triangle\",\"ignore_global_filters\":0,\"ignore_panel_filters\":1},{\"fields\":\"alert.category\",\"template\":\"{{alert.category}}\",\"index_pattern\":\"suricata-*\",\"query_string\":\"event.subtype: alert AND log.severity:critical\",\"id\":\"78f5d950-6496-11e8-99f1-8985c7aed077\",\"color\":\"rgba(251,158,0,1)\",\"time_field\":\"@timestamp\",\"icon\":\"fa-exclamation-triangle\",\"ignore_global_filters\":0,\"ignore_panel_filters\":1},{\"fields\":\"alert.category\",\"template\":\"{{alert.category}}\",\"index_pattern\":\"suricata-*\",\"query_string\":\"event.subtype: alert AND log.severity:warning\",\"id\":\"e83c7b70-6496-11e8-99f1-8985c7aed077\",\"color\":\"rgba(0,156,224,1)\",\"time_field\":\"@timestamp\",\"icon\":\"fa-exclamation-triangle\",\"ignore_global_filters\":0,\"ignore_panel_filters\":1},{\"fields\":\"alert.category\",\"template\":\"{{alert.category}}\",\"index_pattern\":\"suricata-*\",\"query_string\":\"event.subtype: alert AND log.severity:notice\",\"id\":\"f7dda450-6496-11e8-99f1-8985c7aed077\",\"color\":\"rgba(171,20,158,1)\",\"time_field\":\"@timestamp\",\"icon\":\"fa-tag\",\"ignore_global_filters\":0,\"ignore_panel_filters\":1}],\"background_color_rules\":[{\"value\":0,\"id\":\"e7fcabf0-6499-11e8-99f1-8985c7aed077\",\"background_color\":null,\"opperator\":\"gte\"}],\"filter\":\"event.subtype: dns\",\"axis_scale\":\"normal\",\"default_index_pattern\":\"suricata-*\"},\"aggs\":[]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": []
  },
  {
    "_id": "419d6e50-82c7-11e9-8c3c-4925ccb1fc48",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: SMB - input list",
      "visState": "{\"title\":\"Suricata: SMB - input list\",\"type\":\"input_control_vis\",\"params\":{\"controls\":[{\"id\":\"1527742767549\",\"fieldName\":\"node.hostname\",\"label\":\"Suricata Instance\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"size\":200,\"order\":\"desc\"},\"indexPatternRefName\":\"control_0_index_pattern\"},{\"id\":\"1527742882773\",\"fieldName\":\"client_hostname\",\"label\":\"Client\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"size\":2500,\"order\":\"desc\"},\"indexPatternRefName\":\"control_1_index_pattern\"},{\"id\":\"1527742906725\",\"fieldName\":\"server_hostname\",\"label\":\"Server\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"size\":2500,\"order\":\"desc\"},\"indexPatternRefName\":\"control_2_index_pattern\"},{\"id\":\"1527761054405\",\"fieldName\":\"smb.command\",\"label\":\"Command\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"size\":50,\"order\":\"desc\"},\"indexPatternRefName\":\"control_3_index_pattern\"},{\"id\":\"1559212713309\",\"fieldName\":\"smb.disposition\",\"parent\":\"\",\"label\":\"Disposition\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":false,\"size\":50,\"order\":\"desc\"},\"indexPatternRefName\":\"control_4_index_pattern\"},{\"id\":\"1559212532570\",\"fieldName\":\"smb.filename\",\"parent\":\"\",\"label\":\"File\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":false,\"size\":2500,\"order\":\"desc\"},\"indexPatternRefName\":\"control_5_index_pattern\"},{\"id\":\"1527752383061\",\"fieldName\":\"smb.status\",\"label\":\"Status\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"size\":50,\"order\":\"desc\"},\"indexPatternRefName\":\"control_6_index_pattern\"}],\"updateFiltersOnChange\":true,\"useTimeFilter\":true,\"pinFilters\":false},\"aggs\":[]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "control_0_index_pattern",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "control_1_index_pattern",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "control_2_index_pattern",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "control_3_index_pattern",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "control_4_index_pattern",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "control_5_index_pattern",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "control_6_index_pattern",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "ab633430-82ce-11e9-8c3c-4925ccb1fc48",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: NFS Logs by Procedure - TSVB (stacked bar)",
      "visState": "{\"title\":\"Suricata: NFS Logs by Procedure - TSVB (stacked bar)\",\"type\":\"metrics\",\"params\":{\"annotations\":[],\"axis_formatter\":\"number\",\"axis_min\":\"0\",\"axis_position\":\"left\",\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"suricata-*\",\"interval\":\">=1m\",\"series\":[{\"id\":\"55201580-6a64-11e8-88f6-3b2470bbb1c6\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"55201581-6a64-11e8-88f6-3b2470bbb1c6\",\"type\":\"count\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":1,\"fill\":\"0.8\",\"stacked\":\"stacked\",\"terms_field\":\"nfs.procedure\",\"terms_size\":\"50\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"timeseries\",\"filter\":\"event.subtype: nfs\",\"axis_scale\":\"normal\",\"default_index_pattern\":\"suricata-*\"},\"aggs\":[]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": []
  },
  {
    "_id": "54e4ad10-82cd-11e9-8c3c-4925ccb1fc48",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: NFS - input list",
      "visState": "{\"title\":\"Suricata: NFS - input list\",\"type\":\"input_control_vis\",\"params\":{\"controls\":[{\"id\":\"1527742767549\",\"fieldName\":\"node.hostname\",\"label\":\"Suricata Instance\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"size\":200,\"order\":\"desc\"},\"indexPatternRefName\":\"control_0_index_pattern\"},{\"id\":\"1527742882773\",\"fieldName\":\"client_hostname\",\"label\":\"Client\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"size\":2500,\"order\":\"desc\"},\"indexPatternRefName\":\"control_1_index_pattern\"},{\"id\":\"1527742906725\",\"fieldName\":\"server_hostname\",\"label\":\"Server\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"size\":2500,\"order\":\"desc\"},\"indexPatternRefName\":\"control_2_index_pattern\"},{\"id\":\"1527761054405\",\"fieldName\":\"nfs.type\",\"label\":\"Type\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"size\":50,\"order\":\"desc\"},\"indexPatternRefName\":\"control_3_index_pattern\"},{\"id\":\"1559212713309\",\"fieldName\":\"nfs.procedure\",\"parent\":\"\",\"label\":\"Procedure\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":false,\"size\":50,\"order\":\"desc\"},\"indexPatternRefName\":\"control_4_index_pattern\"},{\"id\":\"1559212532570\",\"fieldName\":\"nfs.status\",\"parent\":\"\",\"label\":\"Status\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":false,\"size\":2500,\"order\":\"desc\"},\"indexPatternRefName\":\"control_5_index_pattern\"},{\"id\":\"1527752383061\",\"fieldName\":\"nfs.filename\",\"label\":\"File\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"size\":50,\"order\":\"desc\"},\"indexPatternRefName\":\"control_6_index_pattern\"}],\"updateFiltersOnChange\":true,\"useTimeFilter\":true,\"pinFilters\":false},\"aggs\":[]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "control_0_index_pattern",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "control_1_index_pattern",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "control_2_index_pattern",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "control_3_index_pattern",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "control_4_index_pattern",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "control_5_index_pattern",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "control_6_index_pattern",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "9ee75900-6a80-11e8-82af-6743288b8baf",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: DNS - input list",
      "visState": "{\"title\":\"Suricata: DNS - input list\",\"type\":\"input_control_vis\",\"params\":{\"controls\":[{\"id\":\"1527742767549\",\"fieldName\":\"node.hostname\",\"label\":\"Suricata Instance\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":200,\"order\":\"desc\"},\"indexPatternRefName\":\"control_0_index_pattern\"},{\"id\":\"1527742882773\",\"fieldName\":\"client_hostname\",\"label\":\"Client\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":2500,\"order\":\"desc\"},\"indexPatternRefName\":\"control_1_index_pattern\"},{\"id\":\"1527742906725\",\"fieldName\":\"server_hostname\",\"label\":\"Server\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":2500,\"order\":\"desc\"},\"indexPatternRefName\":\"control_2_index_pattern\"},{\"id\":\"1528397010577\",\"fieldName\":\"dns.type\",\"label\":\"Message Type\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":5,\"order\":\"desc\"},\"indexPatternRefName\":\"control_3_index_pattern\"},{\"id\":\"1528396812665\",\"fieldName\":\"dns.rrtype\",\"label\":\"Record Type\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":20,\"order\":\"desc\"},\"indexPatternRefName\":\"control_4_index_pattern\"},{\"id\":\"1528396965364\",\"fieldName\":\"dns.rcode\",\"label\":\"Response Code\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":20,\"order\":\"desc\"},\"indexPatternRefName\":\"control_5_index_pattern\"},{\"id\":\"1527752158563\",\"fieldName\":\"dns.rrname\",\"label\":\"Query\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":false,\"size\":2500,\"order\":\"desc\"},\"indexPatternRefName\":\"control_6_index_pattern\"},{\"id\":\"1559217824524\",\"fieldName\":\"dns.rdata\",\"parent\":\"\",\"label\":\"Answer\",\"type\":\"list\",\"options\":{\"type\":\"terms\",\"multiselect\":true,\"dynamicOptions\":false,\"size\":2500,\"order\":\"desc\"},\"indexPatternRefName\":\"control_7_index_pattern\"}],\"updateFiltersOnChange\":true,\"useTimeFilter\":true,\"pinFilters\":false},\"aggs\":[]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "control_0_index_pattern",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "control_1_index_pattern",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "control_2_index_pattern",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "control_3_index_pattern",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "control_4_index_pattern",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "control_5_index_pattern",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "control_6_index_pattern",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "control_7_index_pattern",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "4105e840-82d2-11e9-8c3c-4925ccb1fc48",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: DNS - Top Answers - TSVB (metric)",
      "visState": "{\"title\":\"Suricata: DNS - Top Answers - TSVB (metric)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"top_n\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"},{\"id\":\"69310560-64a2-11e8-99f1-8985c7aed077\",\"type\":\"cumulative_sum\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"bar\",\"line_width\":1,\"point_size\":1,\"fill\":\"0.6\",\"stacked\":\"none\",\"terms_field\":\"dns.rdata\",\"terms_size\":\"100\",\"label\":\"Logs\",\"filter\":\"\",\"series_drop_last_bucket\":0}],\"time_field\":\"@timestamp\",\"index_pattern\":\"suricata-*\",\"interval\":\"auto\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"annotations\":[{\"fields\":\"alert.category\",\"template\":\"{{alert.category}}\",\"index_pattern\":\"suricata-*\",\"query_string\":\"event.subtype: alert AND log.severity:alert\",\"id\":\"3d25aed0-6493-11e8-99f1-8985c7aed077\",\"color\":\"#F00\",\"time_field\":\"@timestamp\",\"icon\":\"fa-exclamation-triangle\",\"ignore_global_filters\":0,\"ignore_panel_filters\":1},{\"fields\":\"alert.category\",\"template\":\"{{alert.category}}\",\"index_pattern\":\"suricata-*\",\"query_string\":\"event.subtype: alert AND log.severity:critical\",\"id\":\"78f5d950-6496-11e8-99f1-8985c7aed077\",\"color\":\"rgba(251,158,0,1)\",\"time_field\":\"@timestamp\",\"icon\":\"fa-exclamation-triangle\",\"ignore_global_filters\":0,\"ignore_panel_filters\":1},{\"fields\":\"alert.category\",\"template\":\"{{alert.category}}\",\"index_pattern\":\"suricata-*\",\"query_string\":\"event.subtype: alert AND log.severity:warning\",\"id\":\"e83c7b70-6496-11e8-99f1-8985c7aed077\",\"color\":\"rgba(0,156,224,1)\",\"time_field\":\"@timestamp\",\"icon\":\"fa-exclamation-triangle\",\"ignore_global_filters\":0,\"ignore_panel_filters\":1},{\"fields\":\"alert.category\",\"template\":\"{{alert.category}}\",\"index_pattern\":\"suricata-*\",\"query_string\":\"event.subtype: alert AND log.severity:notice\",\"id\":\"f7dda450-6496-11e8-99f1-8985c7aed077\",\"color\":\"rgba(171,20,158,1)\",\"time_field\":\"@timestamp\",\"icon\":\"fa-tag\",\"ignore_global_filters\":0,\"ignore_panel_filters\":1}],\"background_color_rules\":[{\"value\":0,\"id\":\"e7fcabf0-6499-11e8-99f1-8985c7aed077\",\"background_color\":null,\"opperator\":\"gte\"}],\"filter\":\"event.subtype: dns AND dns.type: answer\",\"bar_color_rules\":[{\"id\":\"c44cc400-6a85-11e8-bc55-f77f08ab5af7\"}],\"axis_scale\":\"normal\",\"default_index_pattern\":\"suricata-*\"},\"aggs\":[]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": []
  },
  {
    "_id": "ba6bd420-82ae-11e9-8c3c-4925ccb1fc48",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: NAV: TLS (overview) - TSVB (markdown)",
      "visState": "{\"title\":\"Suricata: NAV: TLS (overview) - TSVB (markdown)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"\",\"interval\":\"auto\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"default_index_pattern\":\"suricata-*\",\"markdown_less\":\"p {\\n    color: #cccccc;\\n    margin-top: 0px;\\n    margin-bottom: 16px;\\n}\\np a {\\n    color: #00bfb3;\\n\\tfont-size: 14px;\\n\\tfont-weight: bold;\\n\\ttext-decoration: none;\\n}\\np a strong {\\n    color: #f04e98;\\n\\tfont-weight: bold;\\n}\\nhr {\\n    background-color: #cccccc;\\n    margin: 0px;\\n    height: 1px;\\n}\",\"markdown_css\":\"#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p{color:#cccccc;margin-top:0;margin-bottom:16px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a{color:#00bfb3;font-size:14px;font-weight:bold;text-decoration:none}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a strong{color:#f04e98;font-weight:bold}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 hr{background-color:#cccccc;margin:0;height:1px}\",\"markdown\":\"[**Overview**](#/dashboard/11934d10-820e-11e9-8c3c-4925ccb1fc48) | [Messages](#/dashboard/33703f40-82b0-11e9-8c3c-4925ccb1fc48)\\n![](http://www.koiossian.com/public/suricata.gif)\\n***\"},\"aggs\":[]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": []
  },
  {
    "_id": "2b70c810-82af-11e9-8c3c-4925ccb1fc48",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: NAV: NFS (messages) - TSVB (markdown)",
      "visState": "{\"title\":\"Suricata: NAV: NFS (messages) - TSVB (markdown)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"\",\"interval\":\"auto\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"default_index_pattern\":\"suricata-*\",\"markdown_less\":\"p {\\n    color: #cccccc;\\n    margin-top: 0px;\\n    margin-bottom: 16px;\\n}\\np a {\\n    color: #00bfb3;\\n\\tfont-size: 14px;\\n\\tfont-weight: bold;\\n\\ttext-decoration: none;\\n}\\np a strong {\\n    color: #f04e98;\\n\\tfont-weight: bold;\\n}\\nhr {\\n    background-color: #cccccc;\\n    margin: 0px;\\n    height: 1px;\\n}\",\"markdown_css\":\"#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p{color:#cccccc;margin-top:0;margin-bottom:16px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a{color:#00bfb3;font-size:14px;font-weight:bold;text-decoration:none}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a strong{color:#f04e98;font-weight:bold}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 hr{background-color:#cccccc;margin:0;height:1px}\",\"markdown\":\"[Overview](#/dashboard/f2dc1af0-8226-11e9-8c3c-4925ccb1fc48) | [**Messages**](#/dashboard/5d7bf310-82b0-11e9-8c3c-4925ccb1fc48)\\n![](http://www.koiossian.com/public/suricata.gif)\\n***\"},\"aggs\":[]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": []
  },
  {
    "_id": "516a73a0-6a7c-11e8-82af-6743288b8baf",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: HTTP - Log Count - TSVB (metric)",
      "visState": "{\"title\":\"Suricata: HTTP - Log Count - TSVB (metric)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"},{\"id\":\"69310560-64a2-11e8-99f1-8985c7aed077\",\"type\":\"cumulative_sum\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"bar\",\"line_width\":1,\"point_size\":1,\"fill\":\"0.6\",\"stacked\":\"none\",\"terms_field\":\"event.subtype\",\"terms_size\":\"25\",\"label\":\"HTTP Logs\",\"filter\":\"\",\"series_drop_last_bucket\":0}],\"time_field\":\"@timestamp\",\"index_pattern\":\"suricata-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"annotations\":[{\"fields\":\"alert.category\",\"template\":\"{{alert.category}}\",\"index_pattern\":\"suricata-*\",\"query_string\":\"event.subtype: alert AND log.severity:alert\",\"id\":\"3d25aed0-6493-11e8-99f1-8985c7aed077\",\"color\":\"#F00\",\"time_field\":\"@timestamp\",\"icon\":\"fa-exclamation-triangle\",\"ignore_global_filters\":0,\"ignore_panel_filters\":1},{\"fields\":\"alert.category\",\"template\":\"{{alert.category}}\",\"index_pattern\":\"suricata-*\",\"query_string\":\"event.subtype: alert AND log.severity:critical\",\"id\":\"78f5d950-6496-11e8-99f1-8985c7aed077\",\"color\":\"rgba(251,158,0,1)\",\"time_field\":\"@timestamp\",\"icon\":\"fa-exclamation-triangle\",\"ignore_global_filters\":0,\"ignore_panel_filters\":1},{\"fields\":\"alert.category\",\"template\":\"{{alert.category}}\",\"index_pattern\":\"suricata-*\",\"query_string\":\"event.subtype: alert AND log.severity:warning\",\"id\":\"e83c7b70-6496-11e8-99f1-8985c7aed077\",\"color\":\"rgba(0,156,224,1)\",\"time_field\":\"@timestamp\",\"icon\":\"fa-exclamation-triangle\",\"ignore_global_filters\":0,\"ignore_panel_filters\":1},{\"fields\":\"alert.category\",\"template\":\"{{alert.category}}\",\"index_pattern\":\"suricata-*\",\"query_string\":\"event.subtype: alert AND log.severity:notice\",\"id\":\"f7dda450-6496-11e8-99f1-8985c7aed077\",\"color\":\"rgba(171,20,158,1)\",\"time_field\":\"@timestamp\",\"icon\":\"fa-tag\",\"ignore_global_filters\":0,\"ignore_panel_filters\":1}],\"background_color_rules\":[{\"value\":0,\"id\":\"e7fcabf0-6499-11e8-99f1-8985c7aed077\",\"background_color\":null,\"opperator\":\"gte\"}],\"filter\":\"_exists_: http.hostname\",\"axis_scale\":\"normal\",\"default_index_pattern\":\"suricata-*\"},\"aggs\":[]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": []
  },
  {
    "_id": "1bfd1560-6a7c-11e8-82af-6743288b8baf",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: HTTP Logs by Service - TSVB (stacked bar)",
      "visState": "{\"title\":\"Suricata: HTTP Logs by Service - TSVB (stacked bar)\",\"type\":\"metrics\",\"params\":{\"annotations\":[],\"axis_formatter\":\"number\",\"axis_min\":\"0\",\"axis_position\":\"left\",\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"suricata-*\",\"interval\":\">=1m\",\"series\":[{\"id\":\"55201580-6a64-11e8-88f6-3b2470bbb1c6\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"55201581-6a64-11e8-88f6-3b2470bbb1c6\",\"type\":\"count\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":1,\"fill\":\"0.8\",\"stacked\":\"stacked\",\"terms_field\":\"service_name\",\"terms_size\":\"50\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"timeseries\",\"filter\":\"_exists_: http.hostname\",\"axis_scale\":\"normal\",\"default_index_pattern\":\"suricata-*\"},\"aggs\":[]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": []
  },
  {
    "_id": "e4823550-82b9-11e9-8c3c-4925ccb1fc48",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: TLS - Log Count - TSVB (metric)",
      "visState": "{\"title\":\"Suricata: TLS - Log Count - TSVB (metric)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"},{\"id\":\"69310560-64a2-11e8-99f1-8985c7aed077\",\"type\":\"cumulative_sum\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"bar\",\"line_width\":1,\"point_size\":1,\"fill\":\"0.6\",\"stacked\":\"none\",\"terms_field\":\"event.subtype\",\"terms_size\":\"25\",\"label\":\"TLS Logs\",\"filter\":\"\",\"series_drop_last_bucket\":0}],\"time_field\":\"@timestamp\",\"index_pattern\":\"suricata-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"annotations\":[{\"fields\":\"alert.category\",\"template\":\"{{alert.category}}\",\"index_pattern\":\"suricata-*\",\"query_string\":\"event.subtype: alert AND log.severity:alert\",\"id\":\"3d25aed0-6493-11e8-99f1-8985c7aed077\",\"color\":\"#F00\",\"time_field\":\"@timestamp\",\"icon\":\"fa-exclamation-triangle\",\"ignore_global_filters\":0,\"ignore_panel_filters\":1},{\"fields\":\"alert.category\",\"template\":\"{{alert.category}}\",\"index_pattern\":\"suricata-*\",\"query_string\":\"event.subtype: alert AND log.severity:critical\",\"id\":\"78f5d950-6496-11e8-99f1-8985c7aed077\",\"color\":\"rgba(251,158,0,1)\",\"time_field\":\"@timestamp\",\"icon\":\"fa-exclamation-triangle\",\"ignore_global_filters\":0,\"ignore_panel_filters\":1},{\"fields\":\"alert.category\",\"template\":\"{{alert.category}}\",\"index_pattern\":\"suricata-*\",\"query_string\":\"event.subtype: alert AND log.severity:warning\",\"id\":\"e83c7b70-6496-11e8-99f1-8985c7aed077\",\"color\":\"rgba(0,156,224,1)\",\"time_field\":\"@timestamp\",\"icon\":\"fa-exclamation-triangle\",\"ignore_global_filters\":0,\"ignore_panel_filters\":1},{\"fields\":\"alert.category\",\"template\":\"{{alert.category}}\",\"index_pattern\":\"suricata-*\",\"query_string\":\"event.subtype: alert AND log.severity:notice\",\"id\":\"f7dda450-6496-11e8-99f1-8985c7aed077\",\"color\":\"rgba(171,20,158,1)\",\"time_field\":\"@timestamp\",\"icon\":\"fa-tag\",\"ignore_global_filters\":0,\"ignore_panel_filters\":1}],\"background_color_rules\":[{\"value\":0,\"id\":\"e7fcabf0-6499-11e8-99f1-8985c7aed077\",\"background_color\":null,\"opperator\":\"gte\"}],\"filter\":\"event.subtype: tls\",\"axis_scale\":\"normal\",\"default_index_pattern\":\"suricata-*\"},\"aggs\":[]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": []
  },
  {
    "_id": "df81d600-7c65-11e9-ab58-c1e5cf60a7ac",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: NAV (Statistics) - TSVB (markdown)",
      "visState": "{\"title\":\"Suricata: NAV (Statistics) - TSVB (markdown)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"\",\"interval\":\"auto\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"default_index_pattern\":\"suricata-*\",\"markdown_less\":\"p {\\n    color: #cccccc;\\n    margin-top: 0px;\\n    margin-bottom: 16px;\\n}\\np a {\\n    color: #00bfb3;\\n\\tfont-size: 14px;\\n\\tfont-weight: bold;\\n\\ttext-decoration: none;\\n}\\np a strong {\\n    color: #f04e98;\\n\\tfont-weight: bold;\\n}\\nhr {\\n    background-color: #cccccc;\\n    margin: 0px;\\n    height: 1px;\\n}\",\"markdown_css\":\"#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p{color:#cccccc;margin-top:0;margin-bottom:16px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a{color:#00bfb3;font-size:14px;font-weight:bold;text-decoration:none}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a strong{color:#f04e98;font-weight:bold}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 hr{background-color:#cccccc;margin:0;height:1px}\",\"markdown\":\"[Alerts](#/dashboard/076caa20-64aa-11e8-9e8d-39632dc6b766) | [Threats](#/dashboard/cfa96750-6651-11e8-a67b-cd4cf123b2a5) | [Flows](#/dashboard/73c81560-64b9-11e8-9e8d-39632dc6b766) | [HTTP](#/dashboard/e43a5af0-6695-11e8-a67b-cd4cf123b2a5) | [DNS](#/dashboard/01eff230-6696-11e8-a67b-cd4cf123b2a5) | [SSH](#/dashboard/0dd5d540-8221-11e9-8c3c-4925ccb1fc48) | [TLS](#/dashboard/11934d10-820e-11e9-8c3c-4925ccb1fc48) | [SMB](#/dashboard/d41023f0-8221-11e9-8c3c-4925ccb1fc48) | [NFS](#/dashboard/f2dc1af0-8226-11e9-8c3c-4925ccb1fc48) | [Raw Logs](#/dashboard/3f15a1f0-6696-11e8-a67b-cd4cf123b2a5) | [**Statistics**](#/dashboard/61eb53a0-6696-11e8-a67b-cd4cf123b2a5)\\n![](http://www.koiossian.com/public/suricata.gif)\\n***\"},\"aggs\":[]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": []
  },
  {
    "_id": "0f4dc9f0-7c68-11e9-ab58-c1e5cf60a7ac",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: NAV (Alerts) - TSVB (markdown)",
      "visState": "{\"title\":\"Suricata: NAV (Alerts) - TSVB (markdown)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"\",\"interval\":\"auto\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"default_index_pattern\":\"suricata-*\",\"markdown_less\":\"p {\\n    color: #cccccc;\\n    margin-top: 0px;\\n    margin-bottom: 16px;\\n}\\np a {\\n    color: #00bfb3;\\n\\tfont-size: 14px;\\n\\tfont-weight: bold;\\n\\ttext-decoration: none;\\n}\\np a strong {\\n    color: #f04e98;\\n\\tfont-weight: bold;\\n}\\nhr {\\n    background-color: #cccccc;\\n    margin: 0px;\\n    height: 1px;\\n}\",\"markdown_css\":\"#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p{color:#cccccc;margin-top:0;margin-bottom:16px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a{color:#00bfb3;font-size:14px;font-weight:bold;text-decoration:none}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a strong{color:#f04e98;font-weight:bold}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 hr{background-color:#cccccc;margin:0;height:1px}\",\"markdown\":\"[**Alerts**](#/dashboard/076caa20-64aa-11e8-9e8d-39632dc6b766) | [Threats](#/dashboard/cfa96750-6651-11e8-a67b-cd4cf123b2a5) | [Flows](#/dashboard/73c81560-64b9-11e8-9e8d-39632dc6b766) | [HTTP](#/dashboard/e43a5af0-6695-11e8-a67b-cd4cf123b2a5) | [DNS](#/dashboard/01eff230-6696-11e8-a67b-cd4cf123b2a5) | [SSH](#/dashboard/0dd5d540-8221-11e9-8c3c-4925ccb1fc48) | [TLS](#/dashboard/11934d10-820e-11e9-8c3c-4925ccb1fc48) | [SMB](#/dashboard/d41023f0-8221-11e9-8c3c-4925ccb1fc48) | [NFS](#/dashboard/f2dc1af0-8226-11e9-8c3c-4925ccb1fc48) | [Raw Logs](#/dashboard/3f15a1f0-6696-11e8-a67b-cd4cf123b2a5) | [Statistics](#/dashboard/61eb53a0-6696-11e8-a67b-cd4cf123b2a5)\\n![](http://www.koiossian.com/public/suricata.gif)\\n***\"},\"aggs\":[]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": []
  },
  {
    "_id": "0ab3ba50-7c66-11e9-ab58-c1e5cf60a7ac",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: NAV (Threats) - TSVB (markdown)",
      "visState": "{\"title\":\"Suricata: NAV (Threats) - TSVB (markdown)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"\",\"interval\":\"auto\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"default_index_pattern\":\"suricata-*\",\"markdown_less\":\"p {\\n    color: #cccccc;\\n    margin-top: 0px;\\n    margin-bottom: 16px;\\n}\\np a {\\n    color: #00bfb3;\\n\\tfont-size: 14px;\\n\\tfont-weight: bold;\\n\\ttext-decoration: none;\\n}\\np a strong {\\n    color: #f04e98;\\n\\tfont-weight: bold;\\n}\\nhr {\\n    background-color: #cccccc;\\n    margin: 0px;\\n    height: 1px;\\n}\",\"markdown_css\":\"#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p{color:#cccccc;margin-top:0;margin-bottom:16px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a{color:#00bfb3;font-size:14px;font-weight:bold;text-decoration:none}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a strong{color:#f04e98;font-weight:bold}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 hr{background-color:#cccccc;margin:0;height:1px}\",\"markdown\":\"[Alerts](#/dashboard/076caa20-64aa-11e8-9e8d-39632dc6b766) | [**Threats**](#/dashboard/cfa96750-6651-11e8-a67b-cd4cf123b2a5) | [Flows](#/dashboard/73c81560-64b9-11e8-9e8d-39632dc6b766) | [HTTP](#/dashboard/e43a5af0-6695-11e8-a67b-cd4cf123b2a5) | [DNS](#/dashboard/01eff230-6696-11e8-a67b-cd4cf123b2a5) | [SSH](#/dashboard/0dd5d540-8221-11e9-8c3c-4925ccb1fc48) | [TLS](#/dashboard/11934d10-820e-11e9-8c3c-4925ccb1fc48) | [SMB](#/dashboard/d41023f0-8221-11e9-8c3c-4925ccb1fc48) | [NFS](#/dashboard/f2dc1af0-8226-11e9-8c3c-4925ccb1fc48) | [Raw Logs](#/dashboard/3f15a1f0-6696-11e8-a67b-cd4cf123b2a5) | [Statistics](#/dashboard/61eb53a0-6696-11e8-a67b-cd4cf123b2a5)\\n![](http://www.koiossian.com/public/suricata.gif)\\n***\"},\"aggs\":[]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": []
  },
  {
    "_id": "acad4b10-7c65-11e9-ab58-c1e5cf60a7ac",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: NAV (Raw Logs) - TSVB (markdown)",
      "visState": "{\"title\":\"Suricata: NAV (Raw Logs) - TSVB (markdown)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"markdown\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"#68BC00\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"}],\"separate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"line\",\"line_width\":1,\"point_size\":1,\"fill\":0.5,\"stacked\":\"none\",\"offset_time\":\"-5y\"}],\"time_field\":\"@timestamp\",\"index_pattern\":\"\",\"interval\":\"auto\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"axis_scale\":\"normal\",\"show_legend\":1,\"show_grid\":1,\"default_index_pattern\":\"suricata-*\",\"markdown_less\":\"p {\\n    color: #cccccc;\\n    margin-top: 0px;\\n    margin-bottom: 16px;\\n}\\np a {\\n    color: #00bfb3;\\n\\tfont-size: 14px;\\n\\tfont-weight: bold;\\n\\ttext-decoration: none;\\n}\\np a strong {\\n    color: #f04e98;\\n\\tfont-weight: bold;\\n}\\nhr {\\n    background-color: #cccccc;\\n    margin: 0px;\\n    height: 1px;\\n}\",\"markdown_css\":\"#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p{color:#cccccc;margin-top:0;margin-bottom:16px}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a{color:#00bfb3;font-size:14px;font-weight:bold;text-decoration:none}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 p a strong{color:#f04e98;font-weight:bold}#markdown-61ca57f0-469d-11e7-af02-69e470af7417 hr{background-color:#cccccc;margin:0;height:1px}\",\"markdown\":\"[Alerts](#/dashboard/076caa20-64aa-11e8-9e8d-39632dc6b766) | [Threats](#/dashboard/cfa96750-6651-11e8-a67b-cd4cf123b2a5) | [Flows](#/dashboard/73c81560-64b9-11e8-9e8d-39632dc6b766) | [HTTP](#/dashboard/e43a5af0-6695-11e8-a67b-cd4cf123b2a5) | [DNS](#/dashboard/01eff230-6696-11e8-a67b-cd4cf123b2a5) | [SSH](#/dashboard/0dd5d540-8221-11e9-8c3c-4925ccb1fc48) | [TLS](#/dashboard/11934d10-820e-11e9-8c3c-4925ccb1fc48) | [SMB](#/dashboard/d41023f0-8221-11e9-8c3c-4925ccb1fc48) | [NFS](#/dashboard/f2dc1af0-8226-11e9-8c3c-4925ccb1fc48) | [**Raw Logs**](#/dashboard/3f15a1f0-6696-11e8-a67b-cd4cf123b2a5) | [Statistics](#/dashboard/61eb53a0-6696-11e8-a67b-cd4cf123b2a5)\\n![](http://www.koiossian.com/public/suricata.gif)\\n***\"},\"aggs\":[]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"kuery\"},\"filter\":[]}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": []
  },
  {
    "_id": "f9ac73a0-82b9-11e9-8c3c-4925ccb1fc48",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: SMB - Log Count - TSVB (metric)",
      "visState": "{\"title\":\"Suricata: SMB - Log Count - TSVB (metric)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"},{\"id\":\"69310560-64a2-11e8-99f1-8985c7aed077\",\"type\":\"cumulative_sum\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"bar\",\"line_width\":1,\"point_size\":1,\"fill\":\"0.6\",\"stacked\":\"none\",\"terms_field\":\"event.subtype\",\"terms_size\":\"25\",\"label\":\"SMB Logs\",\"filter\":\"\",\"series_drop_last_bucket\":0}],\"time_field\":\"@timestamp\",\"index_pattern\":\"suricata-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"annotations\":[{\"fields\":\"alert.category\",\"template\":\"{{alert.category}}\",\"index_pattern\":\"suricata-*\",\"query_string\":\"event.subtype: alert AND log.severity:alert\",\"id\":\"3d25aed0-6493-11e8-99f1-8985c7aed077\",\"color\":\"#F00\",\"time_field\":\"@timestamp\",\"icon\":\"fa-exclamation-triangle\",\"ignore_global_filters\":0,\"ignore_panel_filters\":1},{\"fields\":\"alert.category\",\"template\":\"{{alert.category}}\",\"index_pattern\":\"suricata-*\",\"query_string\":\"event.subtype: alert AND log.severity:critical\",\"id\":\"78f5d950-6496-11e8-99f1-8985c7aed077\",\"color\":\"rgba(251,158,0,1)\",\"time_field\":\"@timestamp\",\"icon\":\"fa-exclamation-triangle\",\"ignore_global_filters\":0,\"ignore_panel_filters\":1},{\"fields\":\"alert.category\",\"template\":\"{{alert.category}}\",\"index_pattern\":\"suricata-*\",\"query_string\":\"event.subtype: alert AND log.severity:warning\",\"id\":\"e83c7b70-6496-11e8-99f1-8985c7aed077\",\"color\":\"rgba(0,156,224,1)\",\"time_field\":\"@timestamp\",\"icon\":\"fa-exclamation-triangle\",\"ignore_global_filters\":0,\"ignore_panel_filters\":1},{\"fields\":\"alert.category\",\"template\":\"{{alert.category}}\",\"index_pattern\":\"suricata-*\",\"query_string\":\"event.subtype: alert AND log.severity:notice\",\"id\":\"f7dda450-6496-11e8-99f1-8985c7aed077\",\"color\":\"rgba(171,20,158,1)\",\"time_field\":\"@timestamp\",\"icon\":\"fa-tag\",\"ignore_global_filters\":0,\"ignore_panel_filters\":1}],\"background_color_rules\":[{\"value\":0,\"id\":\"e7fcabf0-6499-11e8-99f1-8985c7aed077\",\"background_color\":null,\"opperator\":\"gte\"}],\"filter\":\"event.subtype: smb\",\"axis_scale\":\"normal\",\"default_index_pattern\":\"suricata-*\"},\"aggs\":[]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": []
  },
  {
    "_id": "c0826610-82ba-11e9-8c3c-4925ccb1fc48",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: SMB Logs by Function - TSVB (stacked bar)",
      "visState": "{\"title\":\"Suricata: SMB Logs by Function - TSVB (stacked bar)\",\"type\":\"metrics\",\"params\":{\"annotations\":[],\"axis_formatter\":\"number\",\"axis_min\":\"0\",\"axis_position\":\"left\",\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"suricata-*\",\"interval\":\">=1m\",\"series\":[{\"id\":\"55201580-6a64-11e8-88f6-3b2470bbb1c6\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"55201581-6a64-11e8-88f6-3b2470bbb1c6\",\"type\":\"count\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":1,\"fill\":\"0.8\",\"stacked\":\"stacked\",\"terms_field\":\"smb.command\",\"terms_size\":\"50\",\"split_color_mode\":\"gradient\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"timeseries\",\"filter\":\"event.subtype: smb\",\"axis_scale\":\"normal\",\"default_index_pattern\":\"suricata-*\"},\"aggs\":[]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": []
  },
  {
    "_id": "44131520-82ba-11e9-8c3c-4925ccb1fc48",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: SSH Logs by Server Software - TSVB (stacked bar)",
      "visState": "{\"title\":\"Suricata: SSH Logs by Server Software - TSVB (stacked bar)\",\"type\":\"metrics\",\"params\":{\"annotations\":[],\"axis_formatter\":\"number\",\"axis_min\":\"0\",\"axis_position\":\"left\",\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"suricata-*\",\"interval\":\">=1m\",\"series\":[{\"id\":\"55201580-6a64-11e8-88f6-3b2470bbb1c6\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"55201581-6a64-11e8-88f6-3b2470bbb1c6\",\"type\":\"count\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":1,\"fill\":\"0.8\",\"stacked\":\"stacked\",\"terms_field\":\"ssh.server.software_version\",\"terms_size\":\"50\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"timeseries\",\"filter\":\"event.subtype: ssh\",\"axis_scale\":\"normal\",\"default_index_pattern\":\"suricata-*\"},\"aggs\":[]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": []
  },
  {
    "_id": "63539220-82ba-11e9-8c3c-4925ccb1fc48",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: TLS Logs by Service - TSVB (stacked bar)",
      "visState": "{\"title\":\"Suricata: TLS Logs by Service - TSVB (stacked bar)\",\"type\":\"metrics\",\"params\":{\"annotations\":[],\"axis_formatter\":\"number\",\"axis_min\":\"0\",\"axis_position\":\"left\",\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"suricata-*\",\"interval\":\">=1m\",\"series\":[{\"id\":\"55201580-6a64-11e8-88f6-3b2470bbb1c6\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"55201581-6a64-11e8-88f6-3b2470bbb1c6\",\"type\":\"count\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":1,\"fill\":\"0.8\",\"stacked\":\"stacked\",\"terms_field\":\"service_name\",\"terms_size\":\"50\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"timeseries\",\"filter\":\"event.subtype: tls\",\"axis_scale\":\"normal\",\"default_index_pattern\":\"suricata-*\"},\"aggs\":[]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": []
  },
  {
    "_id": "7d3a2770-644e-11e8-9e8d-39632dc6b766",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: Top Destinations - table",
      "visState": "{\"title\":\"Suricata: Top Destinations - table\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dest_hostname\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":99,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Destination\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.pkts\",\"customLabel\":\"Packets\"}}]}",
      "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "70a5ace0-644f-11e8-9e8d-39632dc6b766",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: Top HTTP Versions - table",
      "visState": "{\"title\":\"Suricata: Top HTTP Versions - table\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"http.protocol\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":99,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Version\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.pkts\",\"customLabel\":\"Packets\"}}]}",
      "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "0b33d3a0-644f-11e8-9e8d-39632dc6b766",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: Top IP Protocols - table",
      "visState": "{\"title\":\"Suricata: Top IP Protocols - table\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"proto\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":99,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Protocol\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.pkts\",\"customLabel\":\"Packets\"}}]}",
      "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "ff342980-82b9-11e9-8c3c-4925ccb1fc48",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: NFS - Log Count - TSVB (metric)",
      "visState": "{\"title\":\"Suricata: NFS - Log Count - TSVB (metric)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"},{\"id\":\"69310560-64a2-11e8-99f1-8985c7aed077\",\"type\":\"cumulative_sum\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"bar\",\"line_width\":1,\"point_size\":1,\"fill\":\"0.6\",\"stacked\":\"none\",\"terms_field\":\"event.subtype\",\"terms_size\":\"25\",\"label\":\"NFS Logs\",\"filter\":\"\",\"series_drop_last_bucket\":0}],\"time_field\":\"@timestamp\",\"index_pattern\":\"suricata-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"annotations\":[{\"fields\":\"alert.category\",\"template\":\"{{alert.category}}\",\"index_pattern\":\"suricata-*\",\"query_string\":\"event.subtype: alert AND log.severity:alert\",\"id\":\"3d25aed0-6493-11e8-99f1-8985c7aed077\",\"color\":\"#F00\",\"time_field\":\"@timestamp\",\"icon\":\"fa-exclamation-triangle\",\"ignore_global_filters\":0,\"ignore_panel_filters\":1},{\"fields\":\"alert.category\",\"template\":\"{{alert.category}}\",\"index_pattern\":\"suricata-*\",\"query_string\":\"event.subtype: alert AND log.severity:critical\",\"id\":\"78f5d950-6496-11e8-99f1-8985c7aed077\",\"color\":\"rgba(251,158,0,1)\",\"time_field\":\"@timestamp\",\"icon\":\"fa-exclamation-triangle\",\"ignore_global_filters\":0,\"ignore_panel_filters\":1},{\"fields\":\"alert.category\",\"template\":\"{{alert.category}}\",\"index_pattern\":\"suricata-*\",\"query_string\":\"event.subtype: alert AND log.severity:warning\",\"id\":\"e83c7b70-6496-11e8-99f1-8985c7aed077\",\"color\":\"rgba(0,156,224,1)\",\"time_field\":\"@timestamp\",\"icon\":\"fa-exclamation-triangle\",\"ignore_global_filters\":0,\"ignore_panel_filters\":1},{\"fields\":\"alert.category\",\"template\":\"{{alert.category}}\",\"index_pattern\":\"suricata-*\",\"query_string\":\"event.subtype: alert AND log.severity:notice\",\"id\":\"f7dda450-6496-11e8-99f1-8985c7aed077\",\"color\":\"rgba(171,20,158,1)\",\"time_field\":\"@timestamp\",\"icon\":\"fa-tag\",\"ignore_global_filters\":0,\"ignore_panel_filters\":1}],\"background_color_rules\":[{\"value\":0,\"id\":\"e7fcabf0-6499-11e8-99f1-8985c7aed077\",\"background_color\":null,\"opperator\":\"gte\"}],\"filter\":\"event.subtype: nfs\",\"axis_scale\":\"normal\",\"default_index_pattern\":\"suricata-*\"},\"aggs\":[]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": []
  },
  {
    "_id": "eceebba0-82b9-11e9-8c3c-4925ccb1fc48",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: SSH - Log Count - TSVB (metric)",
      "visState": "{\"title\":\"Suricata: SSH - Log Count - TSVB (metric)\",\"type\":\"metrics\",\"params\":{\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"type\":\"metric\",\"series\":[{\"id\":\"61ca57f1-469d-11e7-af02-69e470af7417\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"everything\",\"metrics\":[{\"id\":\"61ca57f2-469d-11e7-af02-69e470af7417\",\"type\":\"count\"},{\"id\":\"69310560-64a2-11e8-99f1-8985c7aed077\",\"type\":\"cumulative_sum\",\"field\":\"61ca57f2-469d-11e7-af02-69e470af7417\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"bar\",\"line_width\":1,\"point_size\":1,\"fill\":\"0.6\",\"stacked\":\"none\",\"terms_field\":\"event.subtype\",\"terms_size\":\"25\",\"label\":\"SSH Logs\",\"filter\":\"\",\"series_drop_last_bucket\":0}],\"time_field\":\"@timestamp\",\"index_pattern\":\"suricata-*\",\"interval\":\">=1m\",\"axis_position\":\"left\",\"axis_formatter\":\"number\",\"show_legend\":1,\"show_grid\":1,\"annotations\":[{\"fields\":\"alert.category\",\"template\":\"{{alert.category}}\",\"index_pattern\":\"suricata-*\",\"query_string\":\"event.subtype: alert AND log.severity:alert\",\"id\":\"3d25aed0-6493-11e8-99f1-8985c7aed077\",\"color\":\"#F00\",\"time_field\":\"@timestamp\",\"icon\":\"fa-exclamation-triangle\",\"ignore_global_filters\":0,\"ignore_panel_filters\":1},{\"fields\":\"alert.category\",\"template\":\"{{alert.category}}\",\"index_pattern\":\"suricata-*\",\"query_string\":\"event.subtype: alert AND log.severity:critical\",\"id\":\"78f5d950-6496-11e8-99f1-8985c7aed077\",\"color\":\"rgba(251,158,0,1)\",\"time_field\":\"@timestamp\",\"icon\":\"fa-exclamation-triangle\",\"ignore_global_filters\":0,\"ignore_panel_filters\":1},{\"fields\":\"alert.category\",\"template\":\"{{alert.category}}\",\"index_pattern\":\"suricata-*\",\"query_string\":\"event.subtype: alert AND log.severity:warning\",\"id\":\"e83c7b70-6496-11e8-99f1-8985c7aed077\",\"color\":\"rgba(0,156,224,1)\",\"time_field\":\"@timestamp\",\"icon\":\"fa-exclamation-triangle\",\"ignore_global_filters\":0,\"ignore_panel_filters\":1},{\"fields\":\"alert.category\",\"template\":\"{{alert.category}}\",\"index_pattern\":\"suricata-*\",\"query_string\":\"event.subtype: alert AND log.severity:notice\",\"id\":\"f7dda450-6496-11e8-99f1-8985c7aed077\",\"color\":\"rgba(171,20,158,1)\",\"time_field\":\"@timestamp\",\"icon\":\"fa-tag\",\"ignore_global_filters\":0,\"ignore_panel_filters\":1}],\"background_color_rules\":[{\"value\":0,\"id\":\"e7fcabf0-6499-11e8-99f1-8985c7aed077\",\"background_color\":null,\"opperator\":\"gte\"}],\"filter\":\"event.subtype: ssh\",\"axis_scale\":\"normal\",\"default_index_pattern\":\"suricata-*\"},\"aggs\":[]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": []
  },
  {
    "_id": "9361bc10-644f-11e8-9e8d-39632dc6b766",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: Top User Agents - table",
      "visState": "{\"title\":\"Suricata: Top User Agents - table\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"http.http_user_agent\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":99,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"User Agent\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.pkts\",\"customLabel\":\"Packets\"}}]}",
      "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "8ed8e320-6450-11e8-9e8d-39632dc6b766",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: Top Cities - table",
      "visState": "{\"title\":\"Suricata: Top Cities - table\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"city\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":99,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"City\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.pkts\",\"customLabel\":\"Packets\"}}]}",
      "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "2754fc10-64fb-11e8-9e8d-39632dc6b766",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: Flow - Client Geo Locations (records) - tilemap",
      "visState": "{\"title\":\"Suricata: Flow - Client Geo Locations (records) - tilemap\",\"type\":\"tile_map\",\"params\":{\"mapType\":\"Shaded Circle Markers\",\"isDesaturated\":false,\"addTooltip\":true,\"heatClusterSize\":1.5,\"legendPosition\":\"bottomright\",\"mapZoom\":2,\"mapCenter\":[0,0],\"wms\":{\"enabled\":false,\"options\":{\"format\":\"image/png\",\"transparent\":true},\"baseLayersAreLoaded\":{},\"tmsLayers\":[{\"id\":\"road_map\",\"url\":\"https://tiles.maps.elastic.co/v2/default/{z}/{x}/{y}.png?elastic_tile_service_tos=agree&my_app_name=kibana&my_app_version=6.2.4\",\"minZoom\":0,\"maxZoom\":10,\"attribution\":\"<p>&#169; <a href=\\\"http://www.openstreetmap.org/copyright\\\">OpenStreetMap</a> contributors | <a href=\\\"https://www.elastic.co/elastic-maps-service\\\">Elastic Maps Service</a></p>&#10;\",\"subdomains\":[]}],\"selectedTmsLayer\":{\"id\":\"road_map\",\"url\":\"https://tiles.maps.elastic.co/v2/default/{z}/{x}/{y}.png?elastic_tile_service_tos=agree&my_app_name=kibana&my_app_version=6.2.4\",\"minZoom\":0,\"maxZoom\":10,\"attribution\":\"<p>&#169; <a href=\\\"http://www.openstreetmap.org/copyright\\\">OpenStreetMap</a> contributors | <a href=\\\"https://www.elastic.co/elastic-maps-service\\\">Elastic Maps Service</a></p>&#10;\",\"subdomains\":[]}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"geohash_grid\",\"schema\":\"segment\",\"params\":{\"field\":\"client_geo_location\",\"autoPrecision\":true,\"isFilteredByCollar\":true,\"useGeocentroid\":true,\"precision\":2,\"customLabel\":\"Client\"}}]}",
      "uiStateJSON": "{\"mapZoom\":2,\"mapCenter\":[26.115985925333536,1.5820312500000002]}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "a5691a10-6450-11e8-9e8d-39632dc6b766",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: Top Autonomous Systems - table",
      "visState": "{\"title\":\"Suricata: Top Autonomous Systems - table\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"autonomous_system\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":99,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Autonomous System\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.pkts\",\"customLabel\":\"Packets\"}}]}",
      "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "ec7ab9a0-644f-11e8-9e8d-39632dc6b766",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: Top HTTP Servers - table",
      "visState": "{\"title\":\"Suricata: Top HTTP Servers - table\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"http.hostname\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":99,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"HTTP Server\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.pkts\",\"customLabel\":\"Packets\"}}]}",
      "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "7fac4e00-6450-11e8-9e8d-39632dc6b766",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: Top Countries - table",
      "visState": "{\"title\":\"Suricata: Top Countries - table\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"country\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":99,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Country\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.pkts\",\"customLabel\":\"Packets\"}}]}",
      "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "ec42fd40-644e-11e8-9e8d-39632dc6b766",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: Top Services - table",
      "visState": "{\"title\":\"Suricata: Top Services - table\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"service_name\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":99,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Service\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.pkts\",\"customLabel\":\"Packets\"}}]}",
      "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "23007040-6451-11e8-9e8d-39632dc6b766",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: Top Alert Signatures - table",
      "visState": "{\"title\":\"Suricata: Top Alert Signatures - table\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"alert.signature\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":99,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Alert Signature\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.pkts\",\"customLabel\":\"Packets\"}}]}",
      "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "efe1e400-6450-11e8-9e8d-39632dc6b766",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: Top Application Protocols - table",
      "visState": "{\"title\":\"Suricata: Top Application Protocols - table\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"app_proto\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":99,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Application Protocol\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.pkts\",\"customLabel\":\"Packets\"}}]}",
      "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "63aae150-644e-11e8-9e8d-39632dc6b766",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: Top Clients - table",
      "visState": "{\"title\":\"Suricata: Top Clients - table\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"client_hostname\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":99,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Client\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.pkts\",\"customLabel\":\"Packets\"}}]}",
      "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "47fa7370-644f-11e8-9e8d-39632dc6b766",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: Top URL Paths - table",
      "visState": "{\"title\":\"Suricata: Top URL Paths - table\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"http.url\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":99,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"URL Path\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.pkts\",\"customLabel\":\"Packets\"}}]}",
      "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "46cae990-644e-11e8-9e8d-39632dc6b766",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: Top Servers - table",
      "visState": "{\"title\":\"Suricata: Top Servers - table\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"server_hostname\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":99,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Server\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.pkts\",\"customLabel\":\"Packets\"}}]}",
      "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "aa55a920-6497-11e8-9e8d-39632dc6b766",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: Top Alert Categories & Signatures - table",
      "visState": "{\"title\":\"Suricata: Top Alert Categories & Signatures - table\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"alert.category\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":99,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Alert Category\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.pkts\",\"customLabel\":\"Packets\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"alert.signature\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":50,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Signature\"}}]}",
      "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "384f4d90-6451-11e8-9e8d-39632dc6b766",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: Top Alert Categories - table",
      "visState": "{\"title\":\"Suricata: Top Alert Categories - table\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"alert.category\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":99,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Alert Category\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.pkts\",\"customLabel\":\"Packets\"}}]}",
      "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "d20a6250-644f-11e8-9e8d-39632dc6b766",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: Top Content Types - table",
      "visState": "{\"title\":\"Suricata: Top Content Types - table\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"http.http_content_type\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":99,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Content Type\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.pkts\",\"customLabel\":\"Packets\"}}]}",
      "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "b7d31c60-644f-11e8-9e8d-39632dc6b766",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: Top Referrers - table",
      "visState": "{\"title\":\"Suricata: Top Referrers - table\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"http.http_refer\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":99,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Referrer\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.pkts\",\"customLabel\":\"Packets\"}}]}",
      "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "a6e48160-644e-11e8-9e8d-39632dc6b766",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: Top Sources - table",
      "visState": "{\"title\":\"Suricata: Top Sources - table\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"src_hostname\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":99,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Source\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.pkts\",\"customLabel\":\"Packets\"}}]}",
      "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "bfdf9b50-6a84-11e8-82af-6743288b8baf",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: Logs by DNS Server - TSVB (stacked bar)",
      "visState": "{\"title\":\"Suricata: Logs by DNS Server - TSVB (stacked bar)\",\"type\":\"metrics\",\"params\":{\"annotations\":[],\"axis_formatter\":\"number\",\"axis_min\":\"0\",\"axis_position\":\"left\",\"id\":\"61ca57f0-469d-11e7-af02-69e470af7417\",\"index_pattern\":\"suricata-*\",\"interval\":\">=1m\",\"series\":[{\"id\":\"55201580-6a64-11e8-88f6-3b2470bbb1c6\",\"color\":\"rgba(144,201,227,1)\",\"split_mode\":\"terms\",\"metrics\":[{\"id\":\"55201581-6a64-11e8-88f6-3b2470bbb1c6\",\"type\":\"count\"}],\"seperate_axis\":0,\"axis_position\":\"right\",\"formatter\":\"number\",\"chart_type\":\"bar\",\"line_width\":\"0\",\"point_size\":1,\"fill\":\"0.8\",\"stacked\":\"stacked\",\"terms_field\":\"server_hostname\",\"terms_size\":\"50\"}],\"show_grid\":1,\"show_legend\":1,\"time_field\":\"@timestamp\",\"type\":\"timeseries\",\"filter\":\"event.subtype: dns\",\"axis_scale\":\"normal\",\"default_index_pattern\":\"suricata-*\"},\"aggs\":[]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[]}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": []
  },
  {
    "_id": "40c39a80-665e-11e8-a67b-cd4cf123b2a5",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: Threat (Public Attackers) - IP Reputations - table",
      "visState": "{\"title\":\"Suricata: Threat (Public Attackers) - IP Reputations - table\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Alerts\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rep_tags\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":99,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Reputation\"}}]}",
      "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"filter\":[{\"meta\":{\"negate\":false,\"disabled\":false,\"alias\":\"Alert\",\"type\":\"phrase\",\"key\":\"event.subtype\",\"value\":\"alert\",\"params\":{\"query\":\"alert\",\"type\":\"phrase\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match\":{\"event.subtype\":{\"query\":\"alert\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"disabled\":false,\"alias\":\"Private\",\"type\":\"phrase\",\"key\":\"client_autonomous_system\",\"value\":\"private\",\"params\":{\"query\":\"private\",\"type\":\"phrase\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"match\":{\"client_autonomous_system\":{\"query\":\"private\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}],\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "b4953ad0-6691-11e8-a67b-cd4cf123b2a5",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: Threat (At-Risk Servers) - CVEs - table",
      "visState": "{\"title\":\"Suricata: Threat (At-Risk Servers) - CVEs - table\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Alerts\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"alert.cve\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":99,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"CVE\"}}]}",
      "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"filter\":[{\"meta\":{\"negate\":false,\"disabled\":false,\"alias\":\"Private\",\"type\":\"phrase\",\"key\":\"server_autonomous_system\",\"value\":\"private\",\"params\":{\"query\":\"private\",\"type\":\"phrase\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match\":{\"server_autonomous_system\":{\"query\":\"private\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}},{\"query\":{\"bool\":{\"should\":[{\"exists\":{\"field\":\"rep_tags\"}},{\"match_phrase\":{\"event.subtype\":\"alert\"}}],\"minimum_should_match\":1}},\"meta\":{\"negate\":false,\"disabled\":false,\"alias\":\"Risk\",\"type\":\"custom\",\"key\":\"query\",\"value\":\"{\\\"bool\\\":{\\\"should\\\":[{\\\"exists\\\":{\\\"field\\\":\\\"rep_tags\\\"}},{\\\"match_phrase\\\":{\\\"event.subtype\\\":\\\"alert\\\"}}],\\\"minimum_should_match\\\":1}}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"$state\":{\"store\":\"appState\"}}],\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "4cd37760-663f-11e8-a67b-cd4cf123b2a5",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: Threat - Public Attackers - table",
      "visState": "{\"title\":\"Suricata: Threat - Public Attackers - table\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"client_hostname\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":99,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Client Name\"}},{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Alerts\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"client_ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Client IP\"}}]}",
      "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"filter\":[{\"meta\":{\"negate\":false,\"disabled\":false,\"alias\":\"Alert\",\"type\":\"phrase\",\"key\":\"event.subtype\",\"value\":\"alert\",\"params\":{\"query\":\"alert\",\"type\":\"phrase\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match\":{\"event.subtype\":{\"query\":\"alert\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"disabled\":false,\"alias\":\"Private\",\"type\":\"phrase\",\"key\":\"client_autonomous_system\",\"value\":\"private\",\"params\":{\"query\":\"private\",\"type\":\"phrase\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"match\":{\"client_autonomous_system\":{\"query\":\"private\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}],\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "e5cc0520-64ed-11e8-9e8d-39632dc6b766",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: Flow - Top Clients - table",
      "visState": "{\"title\":\"Suricata: Flow - Top Clients - table\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"client_hostname\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":99,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Client\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.pkts\",\"customLabel\":\"Packets\"}},{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Records\"}}]}",
      "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"filter\":[{\"meta\":{\"negate\":false,\"disabled\":false,\"alias\":\"Flow\",\"type\":\"phrase\",\"key\":\"event.subtype\",\"value\":\"flow\",\"params\":{\"query\":\"flow\",\"type\":\"phrase\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match\":{\"event.subtype\":{\"query\":\"flow\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}],\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "913e46a0-664e-11e8-a67b-cd4cf123b2a5",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: Threat - High-Risk Clients - table",
      "visState": "{\"title\":\"Suricata: Threat - High-Risk Clients - table\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"client_hostname\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":99,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Client Name\"}},{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Risks\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"client_ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Client IP\"}}]}",
      "uiStateJSON": "{\"spy\":null,\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"filter\":[{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":\"Server Private\",\"disabled\":false,\"key\":\"server_autonomous_system\",\"negate\":true,\"params\":{\"query\":\"private\",\"type\":\"phrase\"},\"type\":\"phrase\",\"value\":\"private\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match\":{\"server_autonomous_system\":{\"query\":\"private\",\"type\":\"phrase\"}}}},{\"$state\":{\"store\":\"appState\"},\"meta\":{\"alias\":\"Client Private\",\"disabled\":false,\"key\":\"client_autonomous_system\",\"negate\":false,\"params\":{\"query\":\"private\",\"type\":\"phrase\"},\"type\":\"phrase\",\"value\":\"private\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"match\":{\"client_autonomous_system\":{\"query\":\"private\",\"type\":\"phrase\"}}}},{\"query\":{\"bool\":{\"should\":[{\"exists\":{\"field\":\"rep_tags\"}},{\"match_phrase\":{\"event.subtype\":\"alert\"}}],\"minimum_should_match\":1}},\"meta\":{\"negate\":false,\"disabled\":false,\"alias\":\"Risk\",\"type\":\"custom\",\"key\":\"query\",\"value\":\"{\\\"bool\\\":{\\\"should\\\":[{\\\"exists\\\":{\\\"field\\\":\\\"rep_tags\\\"}},{\\\"match_phrase\\\":{\\\"event.subtype\\\":\\\"alert\\\"}}],\\\"minimum_should_match\\\":1}}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"$state\":{\"store\":\"appState\"}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "4e0c6280-6500-11e8-9e8d-39632dc6b766",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: Flows - Top Application Protocols - table",
      "visState": "{\"title\":\"Suricata: Flows - Top Application Protocols - table\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"app_proto\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":99,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Application Protocol\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.pkts\",\"customLabel\":\"Packets\"}},{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Records\"}}]}",
      "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"filter\":[{\"meta\":{\"negate\":false,\"disabled\":false,\"alias\":\"Flow\",\"type\":\"phrase\",\"key\":\"event.subtype\",\"value\":\"flow\",\"params\":{\"query\":\"flow\",\"type\":\"phrase\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match\":{\"event.subtype\":{\"query\":\"flow\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}],\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "24e5d8e0-6650-11e8-a67b-cd4cf123b2a5",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: Threat - At-Risk Servers - table",
      "visState": "{\"title\":\"Suricata: Threat - At-Risk Servers - table\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"server_hostname\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":99,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Server Name\"}},{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Risks\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"server_ip\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Server IP\"}}]}",
      "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"filter\":[{\"meta\":{\"negate\":false,\"disabled\":false,\"alias\":\"Private\",\"type\":\"phrase\",\"key\":\"server_autonomous_system\",\"value\":\"private\",\"params\":{\"query\":\"private\",\"type\":\"phrase\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match\":{\"server_autonomous_system\":{\"query\":\"private\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}},{\"query\":{\"bool\":{\"should\":[{\"exists\":{\"field\":\"rep_tags\"}},{\"match_phrase\":{\"event.subtype\":\"alert\"}}],\"minimum_should_match\":1}},\"meta\":{\"negate\":false,\"disabled\":false,\"alias\":\"Risk\",\"type\":\"custom\",\"key\":\"query\",\"value\":\"{\\\"bool\\\":{\\\"should\\\":[{\\\"exists\\\":{\\\"field\\\":\\\"rep_tags\\\"}},{\\\"match_phrase\\\":{\\\"event.subtype\\\":\\\"alert\\\"}}],\\\"minimum_should_match\\\":1}}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"$state\":{\"store\":\"appState\"}}],\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "77871b40-6650-11e8-a67b-cd4cf123b2a5",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: Threat - At-Risk Services - table",
      "visState": "{\"title\":\"Suricata: Threat - At-Risk Services - table\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"service_name\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":99,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Service\"}},{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Risks\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"service_port\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":20,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Port\"}}]}",
      "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"filter\":[{\"meta\":{\"negate\":false,\"disabled\":false,\"alias\":\"Private\",\"type\":\"phrase\",\"key\":\"server_autonomous_system\",\"value\":\"private\",\"params\":{\"query\":\"private\",\"type\":\"phrase\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match\":{\"server_autonomous_system\":{\"query\":\"private\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}},{\"query\":{\"bool\":{\"should\":[{\"exists\":{\"field\":\"rep_tags\"}},{\"match_phrase\":{\"event.subtype\":\"alert\"}}],\"minimum_should_match\":1}},\"meta\":{\"negate\":false,\"disabled\":false,\"alias\":\"Risk\",\"type\":\"custom\",\"key\":\"query\",\"value\":\"{\\\"bool\\\":{\\\"should\\\":[{\\\"exists\\\":{\\\"field\\\":\\\"rep_tags\\\"}},{\\\"match_phrase\\\":{\\\"event.subtype\\\":\\\"alert\\\"}}],\\\"minimum_should_match\\\":1}}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"$state\":{\"store\":\"appState\"}}],\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "b4f1e570-64ff-11e8-9e8d-39632dc6b766",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: Flows - Top Services - table",
      "visState": "{\"title\":\"Suricata: Flows - Top Services - table\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"service_name\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":99,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Service\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.pkts\",\"customLabel\":\"Packets\"}},{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Records\"}}]}",
      "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"filter\":[{\"meta\":{\"negate\":false,\"disabled\":false,\"alias\":\"Flow\",\"type\":\"phrase\",\"key\":\"event.subtype\",\"value\":\"flow\",\"params\":{\"query\":\"flow\",\"type\":\"phrase\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match\":{\"event.subtype\":{\"query\":\"flow\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}],\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "bfeea7e0-6691-11e8-a67b-cd4cf123b2a5",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: Threat (At-Risk Servers) - IP Reputations - table",
      "visState": "{\"title\":\"Suricata: Threat (At-Risk Servers) - IP Reputations - table\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Alerts\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rep_tags\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":99,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Reputation\"}}]}",
      "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"filter\":[{\"query\":{\"bool\":{\"should\":[{\"exists\":{\"field\":\"rep_tags\"}},{\"match_phrase\":{\"event.subtype\":\"alert\"}}],\"minimum_should_match\":1}},\"meta\":{\"negate\":false,\"disabled\":false,\"alias\":\"Risk\",\"type\":\"custom\",\"key\":\"query\",\"value\":\"{\\\"bool\\\":{\\\"should\\\":[{\\\"exists\\\":{\\\"field\\\":\\\"rep_tags\\\"}},{\\\"match_phrase\\\":{\\\"event.subtype\\\":\\\"alert\\\"}}],\\\"minimum_should_match\\\":1}}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":false,\"disabled\":false,\"alias\":\"Private\",\"type\":\"phrase\",\"key\":\"server_autonomous_system\",\"value\":\"private\",\"params\":{\"query\":\"private\",\"type\":\"phrase\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"match\":{\"server_autonomous_system\":{\"query\":\"private\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}],\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "36543fa0-64fb-11e8-9e8d-39632dc6b766",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: Flow - Server Geo Locations (records) - tilemap",
      "visState": "{\"title\":\"Suricata: Flow - Server Geo Locations (records) - tilemap\",\"type\":\"tile_map\",\"params\":{\"mapType\":\"Shaded Circle Markers\",\"isDesaturated\":false,\"addTooltip\":true,\"heatClusterSize\":1.5,\"legendPosition\":\"bottomright\",\"mapZoom\":2,\"mapCenter\":[0,0],\"wms\":{\"enabled\":false,\"options\":{\"format\":\"image/png\",\"transparent\":true},\"baseLayersAreLoaded\":{},\"tmsLayers\":[{\"id\":\"road_map\",\"url\":\"https://tiles.maps.elastic.co/v2/default/{z}/{x}/{y}.png?elastic_tile_service_tos=agree&my_app_name=kibana&my_app_version=6.2.4\",\"minZoom\":0,\"maxZoom\":10,\"attribution\":\"<p>&#169; <a href=\\\"http://www.openstreetmap.org/copyright\\\">OpenStreetMap</a> contributors | <a href=\\\"https://www.elastic.co/elastic-maps-service\\\">Elastic Maps Service</a></p>&#10;\",\"subdomains\":[]}],\"selectedTmsLayer\":{\"id\":\"road_map\",\"url\":\"https://tiles.maps.elastic.co/v2/default/{z}/{x}/{y}.png?elastic_tile_service_tos=agree&my_app_name=kibana&my_app_version=6.2.4\",\"minZoom\":0,\"maxZoom\":10,\"attribution\":\"<p>&#169; <a href=\\\"http://www.openstreetmap.org/copyright\\\">OpenStreetMap</a> contributors | <a href=\\\"https://www.elastic.co/elastic-maps-service\\\">Elastic Maps Service</a></p>&#10;\",\"subdomains\":[]}}},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"geohash_grid\",\"schema\":\"segment\",\"params\":{\"field\":\"server_geo_location\",\"autoPrecision\":true,\"isFilteredByCollar\":true,\"useGeocentroid\":true,\"precision\":2,\"customLabel\":\"Client\"}}]}",
      "uiStateJSON": "{\"mapZoom\":2,\"mapCenter\":[26.115985925333536,1.5820312500000002]}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "34aaa370-665d-11e8-a67b-cd4cf123b2a5",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: Threat (Public Attackers) - CVEs - table",
      "visState": "{\"title\":\"Suricata: Threat (Public Attackers) - CVEs - table\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Alerts\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"alert.cve\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":99,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"CVE\"}}]}",
      "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"filter\":[{\"meta\":{\"negate\":false,\"disabled\":false,\"alias\":\"Alert\",\"type\":\"phrase\",\"key\":\"event.subtype\",\"value\":\"alert\",\"params\":{\"query\":\"alert\",\"type\":\"phrase\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match\":{\"event.subtype\":{\"query\":\"alert\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"disabled\":false,\"alias\":\"Private\",\"type\":\"phrase\",\"key\":\"client_autonomous_system\",\"value\":\"private\",\"params\":{\"query\":\"private\",\"type\":\"phrase\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"match\":{\"client_autonomous_system\":{\"query\":\"private\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}],\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "dd25cc00-64ff-11e8-9e8d-39632dc6b766",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: Flows - Top IP Protocols - table",
      "visState": "{\"title\":\"Suricata: Flows - Top IP Protocols - table\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"proto\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":99,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Protocol\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.pkts\",\"customLabel\":\"Packets\"}},{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Records\"}}]}",
      "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"filter\":[{\"meta\":{\"negate\":false,\"disabled\":false,\"alias\":\"Flow\",\"type\":\"phrase\",\"key\":\"event.subtype\",\"value\":\"flow\",\"params\":{\"query\":\"flow\",\"type\":\"phrase\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match\":{\"event.subtype\":{\"query\":\"flow\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}],\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "9ff9d990-6692-11e8-a67b-cd4cf123b2a5",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: Threat (High-Risk Clients) - CVEs - table",
      "visState": "{\"title\":\"Suricata: Threat (High-Risk Clients) - CVEs - table\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Alerts\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"alert.cve\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":99,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"CVE\"}}]}",
      "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"filter\":[{\"query\":{\"bool\":{\"should\":[{\"exists\":{\"field\":\"rep_tags\"}},{\"match_phrase\":{\"event.subtype\":\"alert\"}}],\"minimum_should_match\":1}},\"meta\":{\"negate\":false,\"disabled\":false,\"alias\":\"Risk\",\"type\":\"custom\",\"key\":\"query\",\"value\":\"{\\\"bool\\\":{\\\"should\\\":[{\\\"exists\\\":{\\\"field\\\":\\\"rep_tags\\\"}},{\\\"match_phrase\\\":{\\\"event.subtype\\\":\\\"alert\\\"}}],\\\"minimum_should_match\\\":1}}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"disabled\":false,\"alias\":\"Server Private\",\"type\":\"phrase\",\"key\":\"server_autonomous_system\",\"value\":\"private\",\"params\":{\"query\":\"private\",\"type\":\"phrase\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"match\":{\"server_autonomous_system\":{\"query\":\"private\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":false,\"disabled\":false,\"alias\":\"Client Private\",\"type\":\"phrase\",\"key\":\"client_autonomous_system\",\"value\":\"private\",\"params\":{\"query\":\"private\",\"type\":\"phrase\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"match\":{\"client_autonomous_system\":{\"query\":\"private\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}],\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "d0e55930-6692-11e8-a67b-cd4cf123b2a5",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: Threat (High-Risk Clients) - Signatures - table",
      "visState": "{\"title\":\"Suricata: Threat (High-Risk Clients) - Signatures - table\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Alerts\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"alert.signature\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":99,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Signature\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"alert.signature_id\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Signature ID\"}}]}",
      "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"filter\":[{\"query\":{\"bool\":{\"should\":[{\"exists\":{\"field\":\"rep_tags\"}},{\"match_phrase\":{\"event.subtype\":\"alert\"}}],\"minimum_should_match\":1}},\"meta\":{\"negate\":false,\"disabled\":false,\"alias\":\"Risk\",\"type\":\"custom\",\"key\":\"query\",\"value\":\"{\\\"bool\\\":{\\\"should\\\":[{\\\"exists\\\":{\\\"field\\\":\\\"rep_tags\\\"}},{\\\"match_phrase\\\":{\\\"event.subtype\\\":\\\"alert\\\"}}],\\\"minimum_should_match\\\":1}}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"disabled\":false,\"alias\":\"Server Private\",\"type\":\"phrase\",\"key\":\"server_autonomous_system\",\"value\":\"private\",\"params\":{\"query\":\"private\",\"type\":\"phrase\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"match\":{\"server_autonomous_system\":{\"query\":\"private\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":false,\"disabled\":false,\"alias\":\"Client Private\",\"type\":\"phrase\",\"key\":\"client_autonomous_system\",\"value\":\"private\",\"params\":{\"query\":\"private\",\"type\":\"phrase\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"match\":{\"client_autonomous_system\":{\"query\":\"private\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}],\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "63e455f0-6450-11e8-9e8d-39632dc6b766",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: Top DNS Queries - table",
      "visState": "{\"title\":\"Suricata: Top DNS Queries - table\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dns.rrname\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":99,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"DNS Query\"}}]}",
      "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"filter\":[],\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "34c16c80-7cbf-11e9-ab58-c1e5cf60a7ac",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: Flow - IP Versions and Protocols (bytes) - donut",
      "visState": "{\"title\":\"Suricata: Flow - IP Versions and Protocols (bytes) - donut\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"type\":\"pie\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"ip_version\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Version\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"proto\",\"size\":15,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Protocol\"}}]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"filter\":[{\"meta\":{\"negate\":false,\"disabled\":false,\"alias\":\"Flow\",\"type\":\"phrase\",\"key\":\"event.subtype\",\"value\":\"flow\",\"params\":{\"query\":\"flow\",\"type\":\"phrase\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match\":{\"event.subtype\":{\"query\":\"flow\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "ab1800a0-6448-11e8-9e8d-39632dc6b766",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: TLS - Issuers (records) - donut",
      "visState": "{\"title\":\"Suricata: TLS - Issuers (records) - donut\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"type\":\"pie\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"tls.issuerdn\",\"size\":35,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"0\",\"customLabel\":\"Issuer\"}}]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "55b888a0-6448-11e8-9e8d-39632dc6b766",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: TLS - Subjects (records) - donut",
      "visState": "{\"title\":\"Suricata: TLS - Subjects (records) - donut\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"type\":\"pie\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"tls.subject\",\"size\":35,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"0\",\"customLabel\":\"Subject\"}}]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "7a660790-6448-11e8-9e8d-39632dc6b766",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: TLS - SNIs (records) - donut",
      "visState": "{\"title\":\"Suricata: TLS - SNIs (records) - donut\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"type\":\"pie\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"tls.sni\",\"size\":35,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"0\",\"customLabel\":\"SNI\"}}]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "424af1d0-8216-11e9-8c3c-4925ccb1fc48",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: TLS - Top Connections - table",
      "visState": "{\"title\":\"Suricata: TLS - Top Connections - table\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"tls.sni\",\"size\":99,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"OTHER\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"SNI\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"service_name\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"}},{\"id\":\"5\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"tls.version\",\"size\":5,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"\",\"customLabel\":\"Version\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"tls.subject\",\"size\":3,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":true,\"missingBucketLabel\":\"\",\"customLabel\":\"Subject\"}}]}",
      "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":4,\"direction\":\"desc\"}}}}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "90fe9860-6447-11e8-9e8d-39632dc6b766",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: Alert - Services (records) - donut",
      "visState": "{\"title\":\"Suricata: Alert - Services (records) - donut\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"type\":\"pie\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"service_name\",\"size\":35,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"}}]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"filter\":[{\"meta\":{\"negate\":false,\"disabled\":false,\"alias\":\"Alert\",\"type\":\"phrase\",\"key\":\"event.subtype\",\"value\":\"alert\",\"params\":{\"query\":\"alert\",\"type\":\"phrase\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match\":{\"event.subtype\":{\"query\":\"alert\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "a6c07810-6692-11e8-a67b-cd4cf123b2a5",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: Threat (High-Risk Clients) - IP Reputations - table",
      "visState": "{\"title\":\"Suricata: Threat (High-Risk Clients) - IP Reputations - table\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Alerts\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"rep_tags\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":99,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"IP Reputation\"}}]}",
      "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"filter\":[{\"query\":{\"bool\":{\"should\":[{\"exists\":{\"field\":\"rep_tags\"}},{\"match_phrase\":{\"event.subtype\":\"alert\"}}],\"minimum_should_match\":1}},\"meta\":{\"negate\":false,\"disabled\":false,\"alias\":\"Risk\",\"type\":\"custom\",\"key\":\"query\",\"value\":\"{\\\"bool\\\":{\\\"should\\\":[{\\\"exists\\\":{\\\"field\\\":\\\"rep_tags\\\"}},{\\\"match_phrase\\\":{\\\"event.subtype\\\":\\\"alert\\\"}}],\\\"minimum_should_match\\\":1}}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"disabled\":false,\"alias\":\"Server Private\",\"type\":\"phrase\",\"key\":\"server_autonomous_system\",\"value\":\"private\",\"params\":{\"query\":\"private\",\"type\":\"phrase\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"match\":{\"server_autonomous_system\":{\"query\":\"private\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":false,\"disabled\":false,\"alias\":\"Client Private\",\"type\":\"phrase\",\"key\":\"client_autonomous_system\",\"value\":\"private\",\"params\":{\"query\":\"private\",\"type\":\"phrase\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index\"},\"query\":{\"match\":{\"client_autonomous_system\":{\"query\":\"private\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}],\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[2].meta.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "d3696170-6691-11e8-a67b-cd4cf123b2a5",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: Threat (At-Risk Servers) - Signatures - table",
      "visState": "{\"title\":\"Suricata: Threat (At-Risk Servers) - Signatures - table\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Alerts\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"alert.signature\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":99,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Signature\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"alert.signature_id\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Signature ID\"}}]}",
      "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"filter\":[{\"query\":{\"bool\":{\"should\":[{\"exists\":{\"field\":\"rep_tags\"}},{\"match_phrase\":{\"event.subtype\":\"alert\"}}],\"minimum_should_match\":1}},\"meta\":{\"negate\":false,\"disabled\":false,\"alias\":\"Risk\",\"type\":\"custom\",\"key\":\"query\",\"value\":\"{\\\"bool\\\":{\\\"should\\\":[{\\\"exists\\\":{\\\"field\\\":\\\"rep_tags\\\"}},{\\\"match_phrase\\\":{\\\"event.subtype\\\":\\\"alert\\\"}}],\\\"minimum_should_match\\\":1}}\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":false,\"disabled\":false,\"alias\":\"Private\",\"type\":\"phrase\",\"key\":\"server_autonomous_system\",\"value\":\"private\",\"params\":{\"query\":\"private\",\"type\":\"phrase\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"match\":{\"server_autonomous_system\":{\"query\":\"private\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}],\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "21b948b0-665e-11e8-a67b-cd4cf123b2a5",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: Threat (Public Attackers) - Signatures - table",
      "visState": "{\"title\":\"Suricata: Threat (Public Attackers) - Signatures - table\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Alerts\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"alert.signature\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":99,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Signature\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"alert.signature_id\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Signature ID\"}}]}",
      "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"filter\":[{\"meta\":{\"negate\":false,\"disabled\":false,\"alias\":\"Alert\",\"type\":\"phrase\",\"key\":\"event.subtype\",\"value\":\"alert\",\"params\":{\"query\":\"alert\",\"type\":\"phrase\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match\":{\"event.subtype\":{\"query\":\"alert\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}},{\"meta\":{\"negate\":true,\"disabled\":false,\"alias\":\"Private\",\"type\":\"phrase\",\"key\":\"client_autonomous_system\",\"value\":\"private\",\"params\":{\"query\":\"private\",\"type\":\"phrase\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index\"},\"query\":{\"match\":{\"client_autonomous_system\":{\"query\":\"private\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}],\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[1].meta.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "399192c0-8210-11e9-8c3c-4925ccb1fc48",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: TLS - Versions (records) - donut",
      "visState": "{\"title\":\"Suricata: TLS - Versions (records) - donut\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"type\":\"pie\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"tls.version\",\"size\":35,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"0\",\"customLabel\":\"Version\"}}]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "e46ea0a0-6440-11e8-9e8d-39632dc6b766",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: Alert - Servers (records) - donut",
      "visState": "{\"title\":\"Suricata: Alert - Servers (records) - donut\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"type\":\"pie\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"server_hostname\",\"size\":35,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server\"}}]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"filter\":[{\"meta\":{\"negate\":false,\"disabled\":false,\"alias\":\"Alert\",\"type\":\"phrase\",\"key\":\"event.subtype\",\"value\":\"alert\",\"params\":{\"query\":\"alert\",\"type\":\"phrase\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match\":{\"event.subtype\":{\"query\":\"alert\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "32ae06e0-64ee-11e8-9e8d-39632dc6b766",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: Flow - Top Servers - table",
      "visState": "{\"title\":\"Suricata: Flow - Top Servers - table\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMeticsAtAllLevels\":false,\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"server_hostname\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"size\":99,\"order\":\"desc\",\"orderBy\":\"1\",\"customLabel\":\"Server\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"4\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.pkts\",\"customLabel\":\"Packets\"}},{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Records\"}}]}",
      "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":1,\"direction\":\"desc\"}}}}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"filter\":[{\"meta\":{\"negate\":false,\"disabled\":false,\"alias\":\"Flow\",\"type\":\"phrase\",\"key\":\"event.subtype\",\"value\":\"flow\",\"params\":{\"query\":\"flow\",\"type\":\"phrase\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match\":{\"event.subtype\":{\"query\":\"flow\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}],\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "780ac400-7cbf-11e9-ab58-c1e5cf60a7ac",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: Flow - Flow States and TCP Flags (bytes) - donut",
      "visState": "{\"title\":\"Suricata: Flow - Flow States and TCP Flags (bytes) - donut\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"type\":\"pie\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.state\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"State\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"tcp_flags\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"TCP Flag\"}}]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"filter\":[{\"meta\":{\"negate\":false,\"disabled\":false,\"alias\":\"Flow\",\"type\":\"phrase\",\"key\":\"event.subtype\",\"value\":\"flow\",\"params\":{\"query\":\"flow\",\"type\":\"phrase\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match\":{\"event.subtype\":{\"query\":\"flow\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "6b89eb20-6442-11e8-9e8d-39632dc6b766",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: Alert - Categories (records) - donut",
      "visState": "{\"title\":\"Suricata: Alert - Categories (records) - donut\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"type\":\"pie\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"alert.category\",\"size\":35,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Category\"}}]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "9abcb3b0-6441-11e8-9e8d-39632dc6b766",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: Alert - Actions (records) - donut",
      "visState": "{\"title\":\"Suricata: Alert - Actions (records) - donut\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"type\":\"pie\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"alert.action\",\"size\":35,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Action\"}}]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "747747f0-6447-11e8-9e8d-39632dc6b766",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: Destinations (records) - donut",
      "visState": "{\"title\":\"Suricata: Destinations (records) - donut\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"type\":\"pie\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"dest_hostname\",\"size\":35,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"}}]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "a912ef90-644d-11e8-9e8d-39632dc6b766",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: Flow - Autonomous Systems (bytes) - donut",
      "visState": "{\"title\":\"Suricata: Flow - Autonomous Systems (bytes) - donut\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"type\":\"pie\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"autonomous_system\",\"size\":35,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"AS\"}}]}",
      "uiStateJSON": "{\"spy\":null}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"filter\":[{\"meta\":{\"negate\":false,\"disabled\":false,\"alias\":\"Flow\",\"type\":\"phrase\",\"key\":\"event.subtype\",\"value\":\"flow\",\"params\":{\"query\":\"flow\",\"type\":\"phrase\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match\":{\"event.subtype\":{\"query\":\"flow\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "9aa9f890-644d-11e8-9e8d-39632dc6b766",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: Flow - Application Protocols (packets) - donut",
      "visState": "{\"title\":\"Suricata: Flow - Application Protocols (packets) - donut\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"type\":\"pie\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.pkts\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"app_proto\",\"size\":35,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Application Protocol\"}}]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"filter\":[{\"meta\":{\"negate\":false,\"disabled\":false,\"alias\":\"Flow\",\"type\":\"phrase\",\"key\":\"event.subtype\",\"value\":\"flow\",\"params\":{\"query\":\"flow\",\"type\":\"phrase\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match\":{\"event.subtype\":{\"query\":\"flow\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "682e0b60-6441-11e8-9e8d-39632dc6b766",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: Alert - Clients (records) - donut",
      "visState": "{\"title\":\"Suricata: Alert - Clients (records) - donut\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"type\":\"pie\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"client_hostname\",\"size\":35,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"}}]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"filter\":[{\"meta\":{\"negate\":false,\"disabled\":false,\"alias\":\"Alert\",\"type\":\"phrase\",\"key\":\"event.subtype\",\"value\":\"alert\",\"params\":{\"query\":\"alert\",\"type\":\"phrase\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match\":{\"event.subtype\":{\"query\":\"alert\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "49b038c0-81ff-11e9-8c3c-4925ccb1fc48",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: TLS - Services (records) - donut",
      "visState": "{\"title\":\"Suricata: TLS - Services (records) - donut\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"type\":\"pie\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"service_name\",\"size\":35,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"0\",\"customLabel\":\"Service\"}}]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"filter\":[{\"meta\":{\"alias\":\"TLS\",\"negate\":false,\"type\":\"phrase\",\"key\":\"event.subtype\",\"value\":\"tls\",\"params\":{\"query\":\"tls\"},\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match\":{\"event.subtype\":{\"query\":\"tls\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "81eca4d0-7d86-11e9-ab82-2f2d94eee955",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: DHCP - IP Assignments - table",
      "visState": "{\"title\":\"Suricata: DHCP - IP Assignments - table\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"showMetricsAtAllLevels\":false,\"sort\":{\"columnIndex\":null,\"direction\":null},\"showTotal\":false,\"totalFunc\":\"sum\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dhcp.client_mac\",\"size\":199,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"MAC Address\"}},{\"id\":\"3\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"dhcp.assigned_ip\",\"size\":10,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Assigned IP\"}}]}",
      "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":null,\"direction\":null}}}}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"filter\":[],\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "cfe7b1c0-6441-11e8-9e8d-39632dc6b766",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: Alerted Flows (records) - donut",
      "visState": "{\"title\":\"Suricata: Alerted Flows (records) - donut\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"type\":\"pie\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.alerted\",\"size\":35,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Alert Status\"}}]}",
      "uiStateJSON": "{\"vis\":{\"colors\":{\"true\":\"#E24D42\",\"false\":\"#629E51\"}}}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "c66b9ac0-6442-11e8-9e8d-39632dc6b766",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: Application Protocols (records) - donut",
      "visState": "{\"title\":\"Suricata: Application Protocols (records) - donut\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"type\":\"pie\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"app_proto\",\"size\":35,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Application Protocol\"}}]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "3cf97d10-6443-11e8-9e8d-39632dc6b766",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: DNS - Response Codes (records) - donut",
      "visState": "{\"title\":\"Suricata: DNS - Response Codes (records) - donut\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"type\":\"pie\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"dns.rcode\",\"size\":35,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Response Code\"}}]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "92815a10-6442-11e8-9e8d-39632dc6b766",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: Alert - Signatures (records) - donut",
      "visState": "{\"title\":\"Suricata: Alert - Signatures (records) - donut\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"type\":\"pie\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"alert.signature\",\"size\":35,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Signature\"}}]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "fda09240-6445-11e8-9e8d-39632dc6b766",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: File - States (records) - donut",
      "visState": "{\"title\":\"Suricata: File - States (records) - donut\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"type\":\"pie\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"fileinfo.state\",\"size\":35,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"State\"}}]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "5b77cd70-6441-11e8-9e8d-39632dc6b766",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: Flow - Clients (bytes) - donut",
      "visState": "{\"title\":\"Suricata: Flow - Clients (bytes) - donut\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"type\":\"pie\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"client_hostname\",\"size\":35,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"}}]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"filter\":[{\"meta\":{\"negate\":false,\"disabled\":false,\"alias\":\"Flow\",\"type\":\"phrase\",\"key\":\"event.subtype\",\"value\":\"flow\",\"params\":{\"query\":\"flow\",\"type\":\"phrase\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match\":{\"event.subtype\":{\"query\":\"flow\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "48973a90-644d-11e8-9e8d-39632dc6b766",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: Flow - Countries (bytes) - donut",
      "visState": "{\"title\":\"Suricata: Flow - Countries (bytes) - donut\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"type\":\"pie\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"country\",\"size\":35,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Country\"}}]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"filter\":[{\"meta\":{\"negate\":false,\"disabled\":false,\"alias\":\"Flow\",\"type\":\"phrase\",\"key\":\"event.subtype\",\"value\":\"flow\",\"params\":{\"query\":\"flow\",\"type\":\"phrase\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match\":{\"event.subtype\":{\"query\":\"flow\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "331efab0-64fa-11e8-9e8d-39632dc6b766",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: Flow - Clients (records) - donut",
      "visState": "{\"title\":\"Suricata: Flow - Clients (records) - donut\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"type\":\"pie\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"client_hostname\",\"size\":35,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"}}]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"filter\":[{\"meta\":{\"negate\":false,\"disabled\":false,\"alias\":\"Flow\",\"type\":\"phrase\",\"key\":\"event.subtype\",\"value\":\"flow\",\"params\":{\"query\":\"flow\",\"type\":\"phrase\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match\":{\"event.subtype\":{\"query\":\"flow\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "8f5b8800-644d-11e8-9e8d-39632dc6b766",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: Flow - Application Protocols (bytes) - donut",
      "visState": "{\"title\":\"Suricata: Flow - Application Protocols (bytes) - donut\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"type\":\"pie\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"app_proto\",\"size\":35,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Application Protocol\"}}]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"filter\":[{\"meta\":{\"negate\":false,\"disabled\":false,\"alias\":\"Flow\",\"type\":\"phrase\",\"key\":\"event.subtype\",\"value\":\"flow\",\"params\":{\"query\":\"flow\",\"type\":\"phrase\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match\":{\"event.subtype\":{\"query\":\"flow\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "bd5c43c0-644d-11e8-9e8d-39632dc6b766",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: Flow - Autonomous Systems (packets) - donut",
      "visState": "{\"title\":\"Suricata: Flow - Autonomous Systems (packets) - donut\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"type\":\"pie\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.pkts\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"autonomous_system\",\"size\":35,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"AS\"}}]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"filter\":[{\"meta\":{\"negate\":false,\"disabled\":false,\"alias\":\"Flow\",\"type\":\"phrase\",\"key\":\"event.subtype\",\"value\":\"flow\",\"params\":{\"query\":\"flow\",\"type\":\"phrase\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match\":{\"event.subtype\":{\"query\":\"flow\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "a2388d90-6a85-11e8-82af-6743288b8baf",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: DNS - Servers (records) - donut",
      "visState": "{\"title\":\"Suricata: DNS - Servers (records) - donut\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"type\":\"pie\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"server_hostname\",\"size\":35,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"DNS Server\"}}]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"filter\":[{\"meta\":{\"negate\":false,\"disabled\":false,\"alias\":\"DNS\",\"type\":\"phrase\",\"key\":\"event.subtype\",\"value\":\"dns\",\"params\":{\"query\":\"dns\",\"type\":\"phrase\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match\":{\"event.subtype\":{\"query\":\"dns\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "5b45ca80-644d-11e8-9e8d-39632dc6b766",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: Flow - Countries (packets) - donut",
      "visState": "{\"title\":\"Suricata: Flow - Countries (packets) - donut\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"type\":\"pie\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.pkts\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"country\",\"size\":35,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Country\"}}]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"filter\":[{\"meta\":{\"negate\":false,\"disabled\":false,\"alias\":\"Flow\",\"type\":\"phrase\",\"key\":\"event.subtype\",\"value\":\"flow\",\"params\":{\"query\":\"flow\",\"type\":\"phrase\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match\":{\"event.subtype\":{\"query\":\"flow\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "31f1d550-644a-11e8-9e8d-39632dc6b766",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: Flow - Flow States (bytes) - donut",
      "visState": "{\"title\":\"Suricata: Flow - Flow States (bytes) - donut\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"type\":\"pie\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.state\",\"size\":35,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"State\"}}]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"filter\":[{\"meta\":{\"negate\":false,\"disabled\":false,\"alias\":\"Flow\",\"type\":\"phrase\",\"key\":\"event.subtype\",\"value\":\"flow\",\"params\":{\"query\":\"flow\",\"type\":\"phrase\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match\":{\"event.subtype\":{\"query\":\"flow\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "580d9900-6444-11e8-9e8d-39632dc6b766",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: Flow - End Reasons (records) - donut",
      "visState": "{\"title\":\"Suricata: Flow - End Reasons (records) - donut\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"type\":\"pie\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.reason\",\"size\":35,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"End Reason\"}}]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "2dbadb00-644d-11e8-9e8d-39632dc6b766",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: Flow - Cities (bytes) - donut",
      "visState": "{\"title\":\"Suricata: Flow - Cities (bytes) - donut\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"type\":\"pie\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"city\",\"size\":35,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"City\"}}]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"filter\":[{\"meta\":{\"negate\":false,\"disabled\":false,\"alias\":\"Flow\",\"type\":\"phrase\",\"key\":\"event.subtype\",\"value\":\"flow\",\"params\":{\"query\":\"flow\",\"type\":\"phrase\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match\":{\"event.subtype\":{\"query\":\"flow\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "b3efe530-6443-11e8-9e8d-39632dc6b766",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: DNS - Record Type (records) - donut",
      "visState": "{\"title\":\"Suricata: DNS - Record Type (records) - donut\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"type\":\"pie\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"dns.rrtype\",\"size\":35,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Record Type\"}}]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "efe56ed0-6442-11e8-9e8d-39632dc6b766",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: Flow - Cities (records) - donut",
      "visState": "{\"title\":\"Suricata: Flow - Cities (records) - donut\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"type\":\"pie\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"city\",\"size\":35,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"City\"}}]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "392e38b0-644d-11e8-9e8d-39632dc6b766",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: Flow - Cities (packets) - donut",
      "visState": "{\"title\":\"Suricata: Flow - Cities (packets) - donut\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"type\":\"pie\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.pkts\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"city\",\"size\":35,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"City\"}}]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"filter\":[{\"meta\":{\"negate\":false,\"disabled\":false,\"alias\":\"Flow\",\"type\":\"phrase\",\"key\":\"event.subtype\",\"value\":\"flow\",\"params\":{\"query\":\"flow\",\"type\":\"phrase\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match\":{\"event.subtype\":{\"query\":\"flow\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "7efcb470-644d-11e8-9e8d-39632dc6b766",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: Flow - Destinations (packets) - donut",
      "visState": "{\"title\":\"Suricata: Flow - Destinations (packets) - donut\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"type\":\"pie\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.pkts\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"dest_hostname\",\"size\":35,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"}}]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"filter\":[{\"meta\":{\"negate\":false,\"disabled\":false,\"alias\":\"Flow\",\"type\":\"phrase\",\"key\":\"event.subtype\",\"value\":\"flow\",\"params\":{\"query\":\"flow\",\"type\":\"phrase\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match\":{\"event.subtype\":{\"query\":\"flow\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "adffafe0-644b-11e8-9e8d-39632dc6b766",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: Flow - IP Protocols (bytes) - donut",
      "visState": "{\"title\":\"Suricata: Flow - IP Protocols (bytes) - donut\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"type\":\"pie\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"proto\",\"size\":35,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Protocol\"}}]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"filter\":[{\"meta\":{\"negate\":false,\"disabled\":false,\"alias\":\"Flow\",\"type\":\"phrase\",\"key\":\"event.subtype\",\"value\":\"flow\",\"params\":{\"query\":\"flow\",\"type\":\"phrase\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match\":{\"event.subtype\":{\"query\":\"flow\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "74e76020-644d-11e8-9e8d-39632dc6b766",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: Flow - Destinations (bytes) - donut",
      "visState": "{\"title\":\"Suricata: Flow - Destinations (bytes) - donut\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"type\":\"pie\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"dest_hostname\",\"size\":35,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Destination\"}}]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"filter\":[{\"meta\":{\"negate\":false,\"disabled\":false,\"alias\":\"Flow\",\"type\":\"phrase\",\"key\":\"event.subtype\",\"value\":\"flow\",\"params\":{\"query\":\"flow\",\"type\":\"phrase\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match\":{\"event.subtype\":{\"query\":\"flow\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "4e49a060-6441-11e8-9e8d-39632dc6b766",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: Flow - Clients (packets) - donut",
      "visState": "{\"title\":\"Suricata: Flow - Clients (packets) - donut\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"type\":\"pie\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.pkts\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"client_hostname\",\"size\":35,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"}}]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"filter\":[{\"meta\":{\"negate\":false,\"disabled\":false,\"alias\":\"Flow\",\"type\":\"phrase\",\"key\":\"event.subtype\",\"value\":\"flow\",\"params\":{\"query\":\"flow\",\"type\":\"phrase\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match\":{\"event.subtype\":{\"query\":\"flow\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "d76b0500-644b-11e8-9e8d-39632dc6b766",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: Flow - IP Reputation Tags (bytes) - donut",
      "visState": "{\"title\":\"Suricata: Flow - IP Reputation Tags (bytes) - donut\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"type\":\"pie\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"rep_tags\",\"size\":35,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Reputation\"}}]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"filter\":[{\"meta\":{\"negate\":false,\"disabled\":false,\"alias\":\"Flow\",\"type\":\"phrase\",\"key\":\"event.subtype\",\"value\":\"flow\",\"params\":{\"query\":\"flow\",\"type\":\"phrase\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match\":{\"event.subtype\":{\"query\":\"flow\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "3c7f55f0-6441-11e8-9e8d-39632dc6b766",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: Flow - Servers (packets) - donut",
      "visState": "{\"title\":\"Suricata: Flow - Servers (packets) - donut\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"type\":\"pie\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.pkts\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"server_hostname\",\"size\":35,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server\"}}]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"filter\":[{\"meta\":{\"negate\":false,\"disabled\":false,\"alias\":\"Flow\",\"type\":\"phrase\",\"key\":\"event.subtype\",\"value\":\"flow\",\"params\":{\"query\":\"flow\",\"type\":\"phrase\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match\":{\"event.subtype\":{\"query\":\"flow\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "20fa0c30-6441-11e8-9e8d-39632dc6b766",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: Flow - Servers (bytes) - donut",
      "visState": "{\"title\":\"Suricata: Flow - Servers (bytes) - donut\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"type\":\"pie\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"server_hostname\",\"size\":35,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server\"}}]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"filter\":[{\"meta\":{\"negate\":false,\"disabled\":false,\"alias\":\"Flow\",\"type\":\"phrase\",\"key\":\"event.subtype\",\"value\":\"flow\",\"params\":{\"query\":\"flow\",\"type\":\"phrase\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match\":{\"event.subtype\":{\"query\":\"flow\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "e27f04a0-644b-11e8-9e8d-39632dc6b766",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: Flow - IP Reputation Tags (packets) - donut",
      "visState": "{\"title\":\"Suricata: Flow - IP Reputation Tags (packets) - donut\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"type\":\"pie\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.pkts\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"rep_tags\",\"size\":35,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Reputation\"}}]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"filter\":[{\"meta\":{\"negate\":false,\"disabled\":false,\"alias\":\"Flow\",\"type\":\"phrase\",\"key\":\"event.subtype\",\"value\":\"flow\",\"params\":{\"query\":\"flow\",\"type\":\"phrase\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match\":{\"event.subtype\":{\"query\":\"flow\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "bb86d260-644b-11e8-9e8d-39632dc6b766",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: Flow - IP Protocols (packets) - donut",
      "visState": "{\"title\":\"Suricata: Flow - IP Protocols (packets) - donut\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"type\":\"pie\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.pkts\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"proto\",\"size\":35,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Protocol\"}}]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"filter\":[{\"meta\":{\"negate\":false,\"disabled\":false,\"alias\":\"Flow\",\"type\":\"phrase\",\"key\":\"event.subtype\",\"value\":\"flow\",\"params\":{\"query\":\"flow\",\"type\":\"phrase\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match\":{\"event.subtype\":{\"query\":\"flow\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "f091c550-644b-11e8-9e8d-39632dc6b766",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: Flow - IP Versions (bytes) - donut",
      "visState": "{\"title\":\"Suricata: Flow - IP Versions (bytes) - donut\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"type\":\"pie\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"ip_version\",\"size\":35,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Version\"}}]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"filter\":[{\"meta\":{\"negate\":false,\"disabled\":false,\"alias\":\"Flow\",\"type\":\"phrase\",\"key\":\"event.subtype\",\"value\":\"flow\",\"params\":{\"query\":\"flow\",\"type\":\"phrase\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match\":{\"event.subtype\":{\"query\":\"flow\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "3147c7c0-644c-11e8-9e8d-39632dc6b766",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: Flow - Services (bytes) - donut",
      "visState": "{\"title\":\"Suricata: Flow - Services (bytes) - donut\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"type\":\"pie\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"service_name\",\"size\":35,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"}}]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"filter\":[{\"meta\":{\"negate\":false,\"disabled\":false,\"alias\":\"Flow\",\"type\":\"phrase\",\"key\":\"event.subtype\",\"value\":\"flow\",\"params\":{\"query\":\"flow\",\"type\":\"phrase\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match\":{\"event.subtype\":{\"query\":\"flow\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "48d29d40-644a-11e8-9e8d-39632dc6b766",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: Flow - Flow States (packets) - donut",
      "visState": "{\"title\":\"Suricata: Flow - Flow States (packets) - donut\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"type\":\"pie\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.pkts\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.state\",\"size\":35,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"State\"}}]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"filter\":[{\"meta\":{\"negate\":false,\"disabled\":false,\"alias\":\"Flow\",\"type\":\"phrase\",\"key\":\"event.subtype\",\"value\":\"flow\",\"params\":{\"query\":\"flow\",\"type\":\"phrase\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match\":{\"event.subtype\":{\"query\":\"flow\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "fe4f6120-644b-11e8-9e8d-39632dc6b766",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: Flow - IP Versions (packets) - donut",
      "visState": "{\"title\":\"Suricata: Flow - IP Versions (packets) - donut\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"type\":\"pie\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.pkts\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"ip_version\",\"size\":35,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Version\"}}]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"filter\":[{\"meta\":{\"negate\":false,\"disabled\":false,\"alias\":\"Flow\",\"type\":\"exists\",\"key\":\"flow.pkts\",\"value\":\"exists\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"exists\":{\"field\":\"flow.pkts\"},\"$state\":{\"store\":\"appState\"}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "ddb73270-6442-11e8-9e8d-39632dc6b766",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: Flow - Autonomous Systems (records) - donut",
      "visState": "{\"title\":\"Suricata: Flow - Autonomous Systems (records) - donut\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"type\":\"pie\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"autonomous_system\",\"size\":35,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"AS\"}}]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "02c39a40-6443-11e8-9e8d-39632dc6b766",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: Flow - Countries (records) - donut",
      "visState": "{\"title\":\"Suricata: Flow - Countries (records) - donut\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"type\":\"pie\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"country\",\"size\":35,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Country\"}}]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "f35dd740-6443-11e8-9e8d-39632dc6b766",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: DNS - Message Type (records) - donut",
      "visState": "{\"title\":\"Suricata: DNS - Message Type (records) - donut\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"type\":\"pie\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"dns.type\",\"size\":35,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Message Type\"}}]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "a24c94a0-644c-11e8-9e8d-39632dc6b766",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: Flow - TCP Flags (bytes) - donut",
      "visState": "{\"title\":\"Suricata: Flow - TCP Flags (bytes) - donut\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"type\":\"pie\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"tcp_flags\",\"size\":35,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"0\",\"customLabel\":\"TCP Flag\"}}]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"filter\":[{\"meta\":{\"negate\":false,\"disabled\":false,\"alias\":\"Flow\",\"type\":\"phrase\",\"key\":\"event.subtype\",\"value\":\"flow\",\"params\":{\"query\":\"flow\",\"type\":\"phrase\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match\":{\"event.subtype\":{\"query\":\"flow\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "61cee040-644c-11e8-9e8d-39632dc6b766",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: Flow - Sources (bytes) - donut",
      "visState": "{\"title\":\"Suricata: Flow - Sources (bytes) - donut\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"type\":\"pie\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"src_hostname\",\"size\":35,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source\"}}]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"filter\":[{\"meta\":{\"negate\":false,\"disabled\":false,\"alias\":\"Flow\",\"type\":\"phrase\",\"key\":\"event.subtype\",\"value\":\"flow\",\"params\":{\"query\":\"flow\",\"type\":\"phrase\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match\":{\"event.subtype\":{\"query\":\"flow\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "533a6e60-64fa-11e8-9e8d-39632dc6b766",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: Flow - Services (records) - donut",
      "visState": "{\"title\":\"Suricata: Flow - Services (records) - donut\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"type\":\"pie\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"service_name\",\"size\":35,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"}}]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"filter\":[{\"meta\":{\"negate\":false,\"disabled\":false,\"alias\":\"Flow\",\"type\":\"phrase\",\"key\":\"event.subtype\",\"value\":\"flow\",\"params\":{\"query\":\"flow\",\"type\":\"phrase\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match\":{\"event.subtype\":{\"query\":\"flow\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "3f20b5b0-64fa-11e8-9e8d-39632dc6b766",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: Flow - Servers (records) - donut",
      "visState": "{\"title\":\"Suricata: Flow - Servers (records) - donut\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"type\":\"pie\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"server_hostname\",\"size\":35,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server\"}}]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"filter\":[{\"meta\":{\"negate\":false,\"disabled\":false,\"alias\":\"Flow\",\"type\":\"phrase\",\"key\":\"event.subtype\",\"value\":\"flow\",\"params\":{\"query\":\"flow\",\"type\":\"phrase\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match\":{\"event.subtype\":{\"query\":\"flow\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "d4a1b660-644c-11e8-9e8d-39632dc6b766",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: Flow - TCP States (packets) - donut",
      "visState": "{\"title\":\"Suricata: Flow - TCP States (packets) - donut\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"type\":\"pie\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.pkts\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"tcp.state\",\"size\":35,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"0\",\"customLabel\":\"TCP State\"}}]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"filter\":[{\"meta\":{\"negate\":false,\"disabled\":false,\"alias\":\"Flow\",\"type\":\"phrase\",\"key\":\"event.subtype\",\"value\":\"flow\",\"params\":{\"query\":\"flow\",\"type\":\"phrase\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match\":{\"event.subtype\":{\"query\":\"flow\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "af2352e0-644c-11e8-9e8d-39632dc6b766",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: Flow - TCP Flags (packets) - donut",
      "visState": "{\"title\":\"Suricata: Flow - TCP Flags (packets) - donut\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"type\":\"pie\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.pkts\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"tcp_flags\",\"size\":35,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"0\",\"customLabel\":\"TCP Flag\"}}]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"filter\":[{\"meta\":{\"negate\":false,\"disabled\":false,\"alias\":\"Flow\",\"type\":\"phrase\",\"key\":\"event.subtype\",\"value\":\"flow\",\"params\":{\"query\":\"flow\",\"type\":\"phrase\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match\":{\"event.subtype\":{\"query\":\"flow\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "f32db070-644c-11e8-9e8d-39632dc6b766",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: Flow - Traffic Locality (bytes) - donut",
      "visState": "{\"title\":\"Suricata: Flow - Traffic Locality (bytes) - donut\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"type\":\"pie\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"traffic_locality\",\"size\":35,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"0\",\"customLabel\":\"Traffic Locality\"}}]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"filter\":[{\"meta\":{\"negate\":false,\"disabled\":false,\"alias\":\"Flow\",\"type\":\"phrase\",\"key\":\"event.subtype\",\"value\":\"flow\",\"params\":{\"query\":\"flow\",\"type\":\"phrase\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match\":{\"event.subtype\":{\"query\":\"flow\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "01e65cd0-6447-11e8-9e8d-39632dc6b766",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: Flows - IP Reputation Tags (records) - donut",
      "visState": "{\"title\":\"Suricata: Flows - IP Reputation Tags (records) - donut\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"type\":\"pie\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"rep_tags\",\"size\":35,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Reputation\"}}]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "d28d4ef0-6444-11e8-9e8d-39632dc6b766",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: HTTP - Content Types (records) - donut",
      "visState": "{\"title\":\"Suricata: HTTP - Content Types (records) - donut\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"type\":\"pie\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"http.http_content_type\",\"size\":35,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Content Type\"}}]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "fd5b20a0-644c-11e8-9e8d-39632dc6b766",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: Flow - Traffic Locality (packets) - donut",
      "visState": "{\"title\":\"Suricata: Flow - Traffic Locality (packets) - donut\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"type\":\"pie\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.pkts\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"traffic_locality\",\"size\":35,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"0\",\"customLabel\":\"Traffic Locality\"}}]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"filter\":[{\"meta\":{\"negate\":false,\"disabled\":false,\"alias\":\"Flow\",\"type\":\"phrase\",\"key\":\"event.subtype\",\"value\":\"flow\",\"params\":{\"query\":\"flow\",\"type\":\"phrase\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match\":{\"event.subtype\":{\"query\":\"flow\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "1b8b1800-644d-11e8-9e8d-39632dc6b766",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: Flow - VLANs (packets) - donut",
      "visState": "{\"title\":\"Suricata: Flow - VLANs (packets) - donut\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"type\":\"pie\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.pkts\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"vlan\",\"size\":35,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"0\",\"customLabel\":\"VLAN\"}}]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"filter\":[{\"meta\":{\"negate\":false,\"disabled\":false,\"alias\":\"Flow\",\"type\":\"phrase\",\"key\":\"event.subtype\",\"value\":\"flow\",\"params\":{\"query\":\"flow\",\"type\":\"phrase\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match\":{\"event.subtype\":{\"query\":\"flow\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "c3d63e50-644c-11e8-9e8d-39632dc6b766",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: Flow - TCP States (bytes) - donut",
      "visState": "{\"title\":\"Suricata: Flow - TCP States (bytes) - donut\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"type\":\"pie\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"tcp.state\",\"size\":35,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"0\",\"customLabel\":\"TCP State\"}}]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"filter\":[{\"meta\":{\"negate\":false,\"disabled\":false,\"alias\":\"Flow\",\"type\":\"phrase\",\"key\":\"event.subtype\",\"value\":\"flow\",\"params\":{\"query\":\"flow\",\"type\":\"phrase\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match\":{\"event.subtype\":{\"query\":\"flow\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "3c481850-644c-11e8-9e8d-39632dc6b766",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: Flow - Services (packets) - donut",
      "visState": "{\"title\":\"Suricata: Flow - Services (packets) - donut\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"type\":\"pie\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.pkts\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"service_name\",\"size\":35,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Service\"}}]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"filter\":[{\"meta\":{\"negate\":false,\"disabled\":false,\"alias\":\"Flow\",\"type\":\"phrase\",\"key\":\"event.subtype\",\"value\":\"flow\",\"params\":{\"query\":\"flow\",\"type\":\"phrase\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match\":{\"event.subtype\":{\"query\":\"flow\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "0feaddf0-644d-11e8-9e8d-39632dc6b766",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: Flow - VLANs (bytes) - donut",
      "visState": "{\"title\":\"Suricata: Flow - VLANs (bytes) - donut\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"type\":\"pie\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.bytes\",\"customLabel\":\"Bytes\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"vlan\",\"size\":35,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":false,\"otherBucketLabel\":\"Other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"VLAN\"}}]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "01656eb0-6a76-11e8-82af-6743288b8baf",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: HTTP - User Applications (records) - donut",
      "visState": "{\"title\":\"Suricata: HTTP - User Applications (records) - donut\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"type\":\"pie\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"http.useragent_app\",\"size\":35,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Application\"}}]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "78db4c10-644c-11e8-9e8d-39632dc6b766",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: Flow - Sources (packets) - donut",
      "visState": "{\"title\":\"Suricata: Flow - Sources (packets) - donut\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"type\":\"pie\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"sum\",\"schema\":\"metric\",\"params\":{\"field\":\"flow.pkts\",\"customLabel\":\"Packets\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"src_hostname\",\"size\":35,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source\"}}]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"filter\":[{\"meta\":{\"negate\":false,\"disabled\":false,\"alias\":\"Flow\",\"type\":\"phrase\",\"key\":\"event.subtype\",\"value\":\"flow\",\"params\":{\"query\":\"flow\",\"type\":\"phrase\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match\":{\"event.subtype\":{\"query\":\"flow\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "6f570dd0-6444-11e8-9e8d-39632dc6b766",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: Flow - States (records) - donut",
      "visState": "{\"title\":\"Suricata: Flow - States (records) - donut\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"type\":\"pie\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"flow.state\",\"size\":35,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"State\"}}]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "16ff10a0-6a76-11e8-82af-6743288b8baf",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: HTTP - User Operating Systems (records) - donut",
      "visState": "{\"title\":\"Suricata: HTTP - User Operating Systems (records) - donut\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"type\":\"pie\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"http.useragent_os\",\"size\":35,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Operating System\"}}]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "840dd940-6a78-11e8-82af-6743288b8baf",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: HTTP - Clients (records) - donut",
      "visState": "{\"title\":\"Suricata: HTTP - Clients (records) - donut\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"type\":\"pie\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"client_hostname\",\"size\":35,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"}}]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"filter\":[{\"meta\":{\"negate\":false,\"disabled\":false,\"alias\":\"HTTP\",\"type\":\"exists\",\"key\":\"http.hostname\",\"value\":\"exists\",\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"exists\":{\"field\":\"http.hostname\"},\"$state\":{\"store\":\"appState\"}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "f0410130-6a75-11e8-82af-6743288b8baf",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: HTTP - User Devices (records) - donut",
      "visState": "{\"title\":\"Suricata: HTTP - User Devices (records) - donut\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"type\":\"pie\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"http.useragent_device\",\"size\":35,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Device\"}}]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "053f5dc0-6445-11e8-9e8d-39632dc6b766",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: HTTP - Referrers (records) - donut",
      "visState": "{\"title\":\"Suricata: HTTP - Referrers (records) - donut\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"type\":\"pie\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"http.http_refer\",\"size\":35,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Referrer\"}}]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "7315a700-6445-11e8-9e8d-39632dc6b766",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: HTTP - Versions (records) - donut",
      "visState": "{\"title\":\"Suricata: HTTP - Versions (records) - donut\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"type\":\"pie\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"http.protocol\",\"size\":35,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Version\"}}]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "a4519090-6445-11e8-9e8d-39632dc6b766",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: HTTP - Redirects (records) - donut",
      "visState": "{\"title\":\"Suricata: HTTP - Redirects (records) - donut\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"type\":\"pie\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"http.redirect\",\"size\":35,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Redirect\"}}]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "ed12dbf0-6444-11e8-9e8d-39632dc6b766",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: HTTP - Methods (records) - donut",
      "visState": "{\"title\":\"Suricata: HTTP - Methods (records) - donut\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"type\":\"pie\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"http.http_method\",\"size\":35,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Method\"}}]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "214edec0-6448-11e8-9e8d-39632dc6b766",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: Traffic Locality (records) - donut",
      "visState": "{\"title\":\"Suricata: Traffic Locality (records) - donut\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"type\":\"pie\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"traffic_locality\",\"size\":35,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"0\",\"customLabel\":\"Traffic Locality\"}}]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "7d3bcec0-6446-11e8-9e8d-39632dc6b766",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: IP Protocols (records) - donut",
      "visState": "{\"title\":\"Suricata: IP Protocols (records) - donut\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"type\":\"pie\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"proto\",\"size\":35,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Protocol\"}}]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "ea353aa0-6448-11e8-9e8d-39632dc6b766",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: TCP States (records) - donut",
      "visState": "{\"title\":\"Suricata: TCP States (records) - donut\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"type\":\"pie\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"tcp.state\",\"size\":35,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"0\",\"customLabel\":\"TCP State\"}}]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "e407e2f0-82be-11e9-8c3c-4925ccb1fc48",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: SSH - Servers (records) - donut",
      "visState": "{\"title\":\"Suricata: SSH - Servers (records) - donut\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"type\":\"pie\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"server_hostname\",\"size\":35,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"SSH Server\"}}]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"filter\":[{\"meta\":{\"alias\":\"SSH\",\"negate\":false,\"type\":\"phrase\",\"key\":\"event.subtype\",\"value\":\"ssh\",\"params\":{\"query\":\"ssh\"},\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match\":{\"event.subtype\":{\"query\":\"ssh\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "99a04520-82c0-11e9-8c3c-4925ccb1fc48",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: SSH - Top Clients - table",
      "visState": "{\"title\":\"Suricata: SSH - Top Clients - table\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false},\"aggs\":[{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"client_hostname\",\"size\":99,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client\"}},{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Records\"}}]}",
      "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"filter\":[{\"meta\":{\"alias\":\"SSH\",\"negate\":false,\"type\":\"phrase\",\"key\":\"event.subtype\",\"value\":\"ssh\",\"params\":{\"query\":\"ssh\"},\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match\":{\"event.subtype\":{\"query\":\"ssh\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}],\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "1251bae0-6444-11e8-9e8d-39632dc6b766",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: Log Type (records) - donut",
      "visState": "{\"title\":\"Suricata: Log Type (records) - donut\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"type\":\"pie\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"event.subtype\",\"size\":35,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Log Type\"}}]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "9908d200-82be-11e9-8c3c-4925ccb1fc48",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: SSH - Client Software (records) - donut",
      "visState": "{\"title\":\"Suricata: SSH - Client Software (records) - donut\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"type\":\"pie\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"ssh.client.software_version\",\"size\":35,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client Software\"}}]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"filter\":[{\"meta\":{\"alias\":\"SSH\",\"negate\":false,\"type\":\"phrase\",\"key\":\"event.subtype\",\"value\":\"ssh\",\"params\":{\"query\":\"ssh\"},\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match\":{\"event.subtype\":{\"query\":\"ssh\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "af9ed550-82be-11e9-8c3c-4925ccb1fc48",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: SSH - Server Software (records) - donut",
      "visState": "{\"title\":\"Suricata: SSH - Server Software (records) - donut\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"type\":\"pie\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"ssh.server.software_version\",\"size\":35,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server Software\"}}]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"filter\":[{\"meta\":{\"alias\":\"SSH\",\"negate\":false,\"type\":\"phrase\",\"key\":\"event.subtype\",\"value\":\"ssh\",\"params\":{\"query\":\"ssh\"},\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match\":{\"event.subtype\":{\"query\":\"ssh\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "defd8880-82c0-11e9-8c3c-4925ccb1fc48",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: SSH - Top Client Software - table",
      "visState": "{\"title\":\"Suricata: SSH - Top Client Software - table\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false},\"aggs\":[{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"ssh.client.software_version\",\"size\":99,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client Software\"}},{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Records\"}}]}",
      "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"filter\":[{\"meta\":{\"alias\":\"SSH\",\"negate\":false,\"type\":\"phrase\",\"key\":\"event.subtype\",\"value\":\"ssh\",\"params\":{\"query\":\"ssh\"},\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match\":{\"event.subtype\":{\"query\":\"ssh\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}],\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "aff65940-82c0-11e9-8c3c-4925ccb1fc48",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: SSH - Top Servers - table",
      "visState": "{\"title\":\"Suricata: SSH - Top Servers - table\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false},\"aggs\":[{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"server_hostname\",\"size\":99,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server\"}},{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Records\"}}]}",
      "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"filter\":[{\"meta\":{\"alias\":\"SSH\",\"negate\":false,\"type\":\"phrase\",\"key\":\"event.subtype\",\"value\":\"ssh\",\"params\":{\"query\":\"ssh\"},\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match\":{\"event.subtype\":{\"query\":\"ssh\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}],\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "57947bf0-6445-11e8-9e8d-39632dc6b766",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: HTTP - User Agents (records) - donut",
      "visState": "{\"title\":\"Suricata: HTTP - User Agents (records) - donut\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"type\":\"pie\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"http.http_user_agent\",\"size\":35,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"User Agent\"}}]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "a6582b70-6444-11e8-9e8d-39632dc6b766",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: HTTP - Servers (records) - donut",
      "visState": "{\"title\":\"Suricata: HTTP - Servers (records) - donut\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"type\":\"pie\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"http.hostname\",\"size\":35,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"HTTP Server\"}}]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "cd755560-6445-11e8-9e8d-39632dc6b766",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: HTTP - URL Paths (records) - donut",
      "visState": "{\"title\":\"Suricata: HTTP - URL Paths (records) - donut\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"type\":\"pie\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"http.url\",\"size\":35,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"URL Path\"}}]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "571e1e00-6446-11e8-9e8d-39632dc6b766",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: IP Versions (records) - donut",
      "visState": "{\"title\":\"Suricata: IP Versions (records) - donut\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"type\":\"pie\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"ip_version\",\"size\":35,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"IP Version\"}}]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "623dc0f0-6447-11e8-9e8d-39632dc6b766",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: Sources (records) - donut",
      "visState": "{\"title\":\"Suricata: Sources (records) - donut\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"type\":\"pie\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"src_hostname\",\"size\":35,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Source\"}}]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "d3a48e80-6448-11e8-9e8d-39632dc6b766",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: TCP Flags (records) - donut",
      "visState": "{\"title\":\"Suricata: TCP Flags (records) - donut\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"type\":\"pie\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"tcp_flags\",\"size\":35,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"0\",\"customLabel\":\"TCP Flag\"}}]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "d1d88330-82c0-11e9-8c3c-4925ccb1fc48",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: SSH - Top Server Software - table",
      "visState": "{\"title\":\"Suricata: SSH - Top Server Software - table\",\"type\":\"table\",\"params\":{\"perPage\":10,\"showPartialRows\":false,\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"},\"showTotal\":false,\"totalFunc\":\"sum\",\"showMetricsAtAllLevels\":false},\"aggs\":[{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"bucket\",\"params\":{\"field\":\"ssh.server.software_version\",\"size\":99,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server Software\"}},{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Records\"}}]}",
      "uiStateJSON": "{\"vis\":{\"params\":{\"sort\":{\"columnIndex\":2,\"direction\":\"desc\"}}}}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"filter\":[{\"meta\":{\"alias\":\"SSH\",\"negate\":false,\"type\":\"phrase\",\"key\":\"event.subtype\",\"value\":\"ssh\",\"params\":{\"query\":\"ssh\"},\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match\":{\"event.subtype\":{\"query\":\"ssh\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}],\"query\":{\"query\":\"\",\"language\":\"lucene\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "3ffcccc0-82be-11e9-8c3c-4925ccb1fc48",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: SSH - Client Protocol Versions (records) - donut",
      "visState": "{\"title\":\"Suricata: SSH - Client Protocol Versions (records) - donut\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"type\":\"pie\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"ssh.client.proto_version\",\"size\":35,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Client Protocol\"}}]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"filter\":[{\"meta\":{\"alias\":\"SSH\",\"negate\":false,\"type\":\"phrase\",\"key\":\"event.subtype\",\"value\":\"ssh\",\"params\":{\"query\":\"ssh\"},\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match\":{\"event.subtype\":{\"query\":\"ssh\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "5aa2b300-82be-11e9-8c3c-4925ccb1fc48",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: SSH - Server Protocol Versions (records) - donut",
      "visState": "{\"title\":\"Suricata: SSH - Server Protocol Versions (records) - donut\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"type\":\"pie\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"ssh.server.proto_version\",\"size\":35,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Server Protocol\"}}]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"filter\":[{\"meta\":{\"alias\":\"SSH\",\"negate\":false,\"type\":\"phrase\",\"key\":\"event.subtype\",\"value\":\"ssh\",\"params\":{\"query\":\"ssh\"},\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match\":{\"event.subtype\":{\"query\":\"ssh\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "4e75f6c0-82c6-11e9-8c3c-4925ccb1fc48",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: SMB - Dialects (records) - donut",
      "visState": "{\"title\":\"Suricata: SMB - Dialects (records) - donut\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"type\":\"pie\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"smb.dialect\",\"size\":35,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Dialect\"}}]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"filter\":[{\"meta\":{\"alias\":\"SMB\",\"negate\":false,\"type\":\"phrase\",\"key\":\"event.subtype\",\"value\":\"smb\",\"params\":{\"query\":\"smb\"},\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match\":{\"event.subtype\":{\"query\":\"smb\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "0e1bb6a0-82cb-11e9-8c3c-4925ccb1fc48",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: NFS - Clients (records) - donut",
      "visState": "{\"title\":\"Suricata: NFS - Clients (records) - donut\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"type\":\"pie\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"client_hostname\",\"size\":35,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"NFS Client\"}}]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"filter\":[{\"meta\":{\"alias\":\"NFS\",\"negate\":false,\"type\":\"phrase\",\"key\":\"event.subtype\",\"value\":\"nfs\",\"params\":{\"query\":\"nfs\"},\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match\":{\"event.subtype\":{\"query\":\"nfs\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "27865dc0-82cb-11e9-8c3c-4925ccb1fc48",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: NFS - Servers (records) - donut",
      "visState": "{\"title\":\"Suricata: NFS - Servers (records) - donut\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"type\":\"pie\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"server_hostname\",\"size\":35,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"NFS Server\"}}]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"filter\":[{\"meta\":{\"alias\":\"NFS\",\"negate\":false,\"type\":\"phrase\",\"key\":\"event.subtype\",\"value\":\"nfs\",\"params\":{\"query\":\"nfs\"},\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match\":{\"event.subtype\":{\"query\":\"nfs\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "b94d90e0-82c4-11e9-8c3c-4925ccb1fc48",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: SMB - Access (records) - donut",
      "visState": "{\"title\":\"Suricata: SMB - Access (records) - donut\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"type\":\"pie\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"smb.access\",\"size\":35,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Access\"}}]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"filter\":[{\"meta\":{\"alias\":\"SMB\",\"negate\":false,\"type\":\"phrase\",\"key\":\"event.subtype\",\"value\":\"smb\",\"params\":{\"query\":\"smb\"},\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match\":{\"event.subtype\":{\"query\":\"smb\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "dbe38500-82c5-11e9-8c3c-4925ccb1fc48",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: SMB - Dispositions (records) - donut",
      "visState": "{\"title\":\"Suricata: SMB - Dispositions (records) - donut\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"type\":\"pie\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"smb.disposition\",\"size\":35,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Disposition\"}}]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"filter\":[{\"meta\":{\"alias\":\"SMB\",\"negate\":false,\"type\":\"phrase\",\"key\":\"event.subtype\",\"value\":\"smb\",\"params\":{\"query\":\"smb\"},\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match\":{\"event.subtype\":{\"query\":\"smb\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "164c1090-82c6-11e9-8c3c-4925ccb1fc48",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: SMB - Functions (records) - donut",
      "visState": "{\"title\":\"Suricata: SMB - Functions (records) - donut\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"type\":\"pie\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"smb.function\",\"size\":35,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Function\"}}]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"filter\":[{\"meta\":{\"alias\":\"SMB\",\"negate\":false,\"type\":\"phrase\",\"key\":\"event.subtype\",\"value\":\"smb\",\"params\":{\"query\":\"smb\"},\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match\":{\"event.subtype\":{\"query\":\"smb\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "7c6b2780-82cb-11e9-8c3c-4925ccb1fc48",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: NFS - Procedures (records) - donut",
      "visState": "{\"title\":\"Suricata: NFS - Procedures (records) - donut\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"type\":\"pie\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"nfs.procedure\",\"size\":35,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Procedure\"}}]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"filter\":[{\"meta\":{\"alias\":\"NFS\",\"negate\":false,\"type\":\"phrase\",\"key\":\"event.subtype\",\"value\":\"nfs\",\"params\":{\"query\":\"nfs\"},\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match\":{\"event.subtype\":{\"query\":\"nfs\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "f71c3560-82c5-11e9-8c3c-4925ccb1fc48",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: SMB - Filenames (records) - donut",
      "visState": "{\"title\":\"Suricata: SMB - Filenames (records) - donut\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"type\":\"pie\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"smb.filename\",\"size\":35,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Filename\"}}]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"filter\":[{\"meta\":{\"alias\":\"SMB\",\"negate\":false,\"type\":\"phrase\",\"key\":\"event.subtype\",\"value\":\"smb\",\"params\":{\"query\":\"smb\"},\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match\":{\"event.subtype\":{\"query\":\"smb\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "d3864520-82be-11e9-8c3c-4925ccb1fc48",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: SSH - Clients (records) - donut",
      "visState": "{\"title\":\"Suricata: SSH - Clients (records) - donut\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"type\":\"pie\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"client_hostname\",\"size\":35,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"SSH Client\"}}]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"filter\":[{\"meta\":{\"alias\":\"SSH\",\"negate\":false,\"type\":\"phrase\",\"key\":\"event.subtype\",\"value\":\"ssh\",\"params\":{\"query\":\"ssh\"},\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match\":{\"event.subtype\":{\"query\":\"ssh\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "2fb52680-82c5-11e9-8c3c-4925ccb1fc48",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: SMB - Clients (records) - donut",
      "visState": "{\"title\":\"Suricata: SMB - Clients (records) - donut\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"type\":\"pie\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"client_hostname\",\"size\":35,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"SMB Client\"}}]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"filter\":[{\"meta\":{\"alias\":\"SMB\",\"negate\":false,\"type\":\"phrase\",\"key\":\"event.subtype\",\"value\":\"smb\",\"params\":{\"query\":\"smb\"},\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match\":{\"event.subtype\":{\"query\":\"smb\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "b4867670-82c5-11e9-8c3c-4925ccb1fc48",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: SMB - Commands (records) - donut",
      "visState": "{\"title\":\"Suricata: SMB - Commands (records) - donut\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"type\":\"pie\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"smb.command\",\"size\":35,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Command\"}}]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"filter\":[{\"meta\":{\"alias\":\"SMB\",\"negate\":false,\"type\":\"phrase\",\"key\":\"event.subtype\",\"value\":\"smb\",\"params\":{\"query\":\"smb\"},\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match\":{\"event.subtype\":{\"query\":\"smb\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "610449f0-82c5-11e9-8c3c-4925ccb1fc48",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: SMB - Servers (records) - donut",
      "visState": "{\"title\":\"Suricata: SMB - Servers (records) - donut\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"type\":\"pie\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"server_hostname\",\"size\":35,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"SMB Server\"}}]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"filter\":[{\"meta\":{\"alias\":\"SMB\",\"negate\":false,\"type\":\"phrase\",\"key\":\"event.subtype\",\"value\":\"smb\",\"params\":{\"query\":\"smb\"},\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match\":{\"event.subtype\":{\"query\":\"smb\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "2c89bab0-82c6-11e9-8c3c-4925ccb1fc48",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: SMB - Status (records) - donut",
      "visState": "{\"title\":\"Suricata: SMB - Status (records) - donut\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"type\":\"pie\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"smb.status\",\"size\":35,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Status\"}}]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"filter\":[{\"meta\":{\"alias\":\"SMB\",\"negate\":false,\"type\":\"phrase\",\"key\":\"event.subtype\",\"value\":\"smb\",\"params\":{\"query\":\"smb\"},\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match\":{\"event.subtype\":{\"query\":\"smb\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "08004b20-6448-11e8-9e8d-39632dc6b766",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: VLANs (records) - donut",
      "visState": "{\"title\":\"Suricata: VLANs (records) - donut\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"type\":\"pie\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"vlan\",\"size\":35,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"0\",\"customLabel\":\"VLAN\"}}]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"filter\":[],\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "dda857c0-82cb-11e9-8c3c-4925ccb1fc48",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: NFS - Versions (records) - donut",
      "visState": "{\"title\":\"Suricata: NFS - Versions (records) - donut\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"type\":\"pie\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"nfs.version\",\"size\":35,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Version\"}}]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"filter\":[{\"meta\":{\"alias\":\"NFS\",\"negate\":false,\"type\":\"phrase\",\"key\":\"event.subtype\",\"value\":\"nfs\",\"params\":{\"query\":\"nfs\"},\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match\":{\"event.subtype\":{\"query\":\"nfs\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "eacc2f20-82cc-11e9-8c3c-4925ccb1fc48",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: NFS - File Transaction (records) - donut",
      "visState": "{\"title\":\"Suricata: NFS - File Transaction (records) - donut\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"type\":\"pie\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"nfs.file_tx\",\"size\":35,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Is Transaction?\"}}]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"filter\":[{\"meta\":{\"alias\":\"NFS\",\"negate\":false,\"type\":\"phrase\",\"key\":\"event.subtype\",\"value\":\"nfs\",\"params\":{\"query\":\"nfs\"},\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match\":{\"event.subtype\":{\"query\":\"nfs\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "2b4bbb70-82d1-11e9-8c3c-4925ccb1fc48",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: DNS - Clients (records) - donut",
      "visState": "{\"title\":\"Suricata: DNS - Clients (records) - donut\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"type\":\"pie\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"client_hostname\",\"size\":35,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"DNS Client\"}}]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"filter\":[{\"meta\":{\"negate\":false,\"disabled\":false,\"alias\":\"DNS\",\"type\":\"phrase\",\"key\":\"event.subtype\",\"value\":\"dns\",\"params\":{\"query\":\"dns\",\"type\":\"phrase\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match\":{\"event.subtype\":{\"query\":\"dns\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "56a66c30-82cb-11e9-8c3c-4925ccb1fc48",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: NFS - Types (records) - donut",
      "visState": "{\"title\":\"Suricata: NFS - Types (records) - donut\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"type\":\"pie\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"nfs.type\",\"size\":35,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Type\"}}]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"filter\":[{\"meta\":{\"alias\":\"NFS\",\"negate\":false,\"type\":\"phrase\",\"key\":\"event.subtype\",\"value\":\"nfs\",\"params\":{\"query\":\"nfs\"},\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match\":{\"event.subtype\":{\"query\":\"nfs\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "c5fee8a0-82cb-11e9-8c3c-4925ccb1fc48",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: NFS - Status (records) - donut",
      "visState": "{\"title\":\"Suricata: NFS - Status (records) - donut\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"type\":\"pie\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"nfs.status\",\"size\":35,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"Status\"}}]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"filter\":[{\"meta\":{\"alias\":\"NFS\",\"negate\":false,\"type\":\"phrase\",\"key\":\"event.subtype\",\"value\":\"nfs\",\"params\":{\"query\":\"nfs\"},\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match\":{\"event.subtype\":{\"query\":\"nfs\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  },
  {
    "_id": "9f31be00-82cb-11e9-8c3c-4925ccb1fc48",
    "_type": "visualization",
    "_source": {
      "title": "Suricata: NFS - Filenames (records) - donut",
      "visState": "{\"title\":\"Suricata: NFS - Filenames (records) - donut\",\"type\":\"pie\",\"params\":{\"addLegend\":true,\"addTooltip\":true,\"isDonut\":true,\"labels\":{\"last_level\":true,\"show\":false,\"truncate\":100,\"values\":true},\"legendPosition\":\"right\",\"type\":\"pie\"},\"aggs\":[{\"id\":\"1\",\"enabled\":true,\"type\":\"count\",\"schema\":\"metric\",\"params\":{\"customLabel\":\"Records\"}},{\"id\":\"2\",\"enabled\":true,\"type\":\"terms\",\"schema\":\"segment\",\"params\":{\"field\":\"nfs.filename\",\"size\":35,\"order\":\"desc\",\"orderBy\":\"1\",\"otherBucket\":true,\"otherBucketLabel\":\"other\",\"missingBucket\":false,\"missingBucketLabel\":\"Missing\",\"customLabel\":\"File\"}}]}",
      "uiStateJSON": "{}",
      "description": "",
      "version": 1,
      "kibanaSavedObjectMeta": {
        "searchSourceJSON": "{\"filter\":[{\"meta\":{\"alias\":\"NFS\",\"negate\":false,\"type\":\"phrase\",\"key\":\"event.subtype\",\"value\":\"nfs\",\"params\":{\"query\":\"nfs\"},\"disabled\":false,\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index\"},\"query\":{\"match\":{\"event.subtype\":{\"query\":\"nfs\",\"type\":\"phrase\"}}},\"$state\":{\"store\":\"appState\"}}],\"query\":{\"language\":\"lucene\",\"query\":\"\"},\"indexRefName\":\"kibanaSavedObjectMeta.searchSourceJSON.index\"}"
      }
    },
    "_meta": {
      "savedObjectVersion": 2
    },
    "_migrationVersion": {
      "visualization": "7.0.1"
    },
    "_references": [
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.index",
        "type": "index-pattern",
        "id": "suricata-*"
      },
      {
        "name": "kibanaSavedObjectMeta.searchSourceJSON.filter[0].meta.index",
        "type": "index-pattern",
        "id": "suricata-*"
      }
    ]
  }
]