{
"v": 1,
"id": "89d5106e-a113-473e-9d4c-e96cb1e8db0c",
"rev": 1,
"name": "Stormshield 4.X Graylog Content Pack",
"summary": "Stormshield Content Pack with INPUT, STREAM, PIPELINE and DASHBOARDS",
"description": "",
"vendor": "s0p4L1n3",
"url": "https://github.com/s0p4L1n3/Graylog_Content_Pack_Stormshield_Firewall",
"parameters": [],
"entities": [
{
"v": "1",
"type": {
"name": "pipeline",
"version": "1"
},
"id": "fd7e26fd-6601-475f-9a2e-1e67d324fa71",
"data": {
"title": {
"@type": "string",
"@value": "Stormshield Parser"
},
"description": {
"@type": "string",
"@value": ""
},
"source": {
"@type": "string",
"@value": "pipeline \"Stormshield Parser\"\nstage 0 match either\nrule \"Stormshield Parser\"\nend"
},
"connected_streams": [
{
"@type": "string",
"@value": "bb2e8459-5417-4714-b1fe-b3b30067138f"
}
]
},
"constraints": [
{
"type": "server-version",
"version": ">=5.0.0"
}
]
},
{
"v": "1",
"type": {
"name": "input",
"version": "1"
},
"id": "d3e4b21e-607d-4f58-b0cb-cfd4d3d9fad1",
"data": {
"title": {
"@type": "string",
"@value": "syslogUDP"
},
"configuration": {
"port": {
"@type": "integer",
"@value": 1514
},
"recv_buffer_size": {
"@type": "integer",
"@value": 262144
},
"force_rdns": {
"@type": "boolean",
"@value": false
},
"allow_override_date": {
"@type": "boolean",
"@value": true
},
"bind_address": {
"@type": "string",
"@value": "0.0.0.0"
},
"expand_structured_data": {
"@type": "boolean",
"@value": false
},
"store_full_message": {
"@type": "boolean",
"@value": false
},
"timezone": {
"@type": "string",
"@value": "NotSet"
},
"charset_name": {
"@type": "string",
"@value": "UTF-8"
},
"number_worker_threads": {
"@type": "integer",
"@value": 4
}
},
"static_fields": {},
"type": {
"@type": "string",
"@value": "org.graylog2.inputs.syslog.udp.SyslogUDPInput"
},
"global": {
"@type": "boolean",
"@value": true
},
"extractors": []
},
"constraints": [
{
"type": "server-version",
"version": ">=5.0.0"
}
]
},
{
"v": "1",
"type": {
"name": "search",
"version": "1"
},
"id": "531f1450-be81-485e-9edb-013a8756d653",
"data": {
"summary": {
"@type": "string",
"@value": ""
},
"search": {
"queries": [
{
"id": "b23b5632-2be6-43fa-92d9-dbf78e8834ce",
"timerange": {
"from": 300,
"type": "relative"
},
"filter": {
"type": "or",
"filters": [
{
"type": "stream",
"id": "bb2e8459-5417-4714-b1fe-b3b30067138f"
}
]
},
"filters": [],
"query": {
"type": "elasticsearch",
"query_string": ""
},
"search_types": [
{
"query": null,
"name": "chart",
"timerange": null,
"column_limit": null,
"streams": [],
"row_limit": null,
"series": [
{
"type": "count",
"id": "count()",
"field": null
}
],
"filter": null,
"rollup": true,
"row_groups": [
{
"type": "time",
"fields": [
"timestamp"
],
"interval": {
"type": "auto",
"scaling": 1
}
}
],
"type": "pivot",
"id": "d0ab1285-b941-4c60-b43b-b9942a2247b9",
"filters": [],
"column_groups": [],
"sort": []
},
{
"query": null,
"name": "chart",
"timerange": null,
"column_limit": null,
"streams": [],
"row_limit": null,
"series": [
{
"type": "count",
"id": "Message Count",
"field": null
}
],
"filter": null,
"rollup": true,
"row_groups": [],
"type": "pivot",
"id": "3a5e7b12-a804-4324-bb5f-b76cc86a8474",
"filters": [],
"column_groups": [],
"sort": []
},
{
"query": null,
"name": null,
"timerange": null,
"offset": 0,
"streams": [],
"filter": null,
"decorators": [],
"type": "messages",
"id": "0c9a4d1e-5744-4285-a7fa-d72da43e5b3e",
"limit": 150,
"filters": []
}
]
}
],
"parameters": [],
"requires": {},
"owner": "admin@lab.lan",
"created_at": "2023-06-30T13:09:29.462Z"
},
"created_at": "2023-06-29T15:00:04.391Z",
"requires": {},
"state": {
"b23b5632-2be6-43fa-92d9-dbf78e8834ce": {
"selected_fields": null,
"static_message_list_id": null,
"titles": {
"widget": {
"7b79f417-8a70-4f31-a568-b1e0e31d4544": "Message Count",
"b0a7055e-2609-433a-a540-508e7fd57510": "All Messages"
}
},
"widgets": [
{
"id": "7b79f417-8a70-4f31-a568-b1e0e31d4544",
"type": "aggregation",
"filter": null,
"filters": [],
"timerange": null,
"query": null,
"streams": [],
"config": {
"visualization": "bar",
"column_limit": null,
"event_annotation": false,
"row_limit": null,
"row_pivots": [
{
"fields": [
"timestamp"
],
"type": "time",
"config": {
"interval": {
"type": "auto",
"scaling": 1
}
}
}
],
"series": [
{
"config": {
"name": null
},
"function": "count()"
}
],
"rollup": true,
"column_pivots": [],
"visualization_config": null,
"formatting_settings": null,
"sort": []
}
},
{
"id": "b0a7055e-2609-433a-a540-508e7fd57510",
"type": "messages",
"filter": null,
"filters": [],
"timerange": null,
"query": null,
"streams": [],
"config": {
"fields": [
"timestamp",
"src",
"srcport",
"srcname",
"user",
"dst",
"dstname",
"dstportname",
"dstport",
"ipproto",
"action",
"rulename",
"logtype"
],
"show_message_row": false,
"show_summary": false,
"decorators": [],
"sort": [
{
"type": "pivot",
"field": "timestamp",
"direction": "Descending"
}
]
}
},
{
"id": "9df70ca4-16b2-4b07-942a-4bb3c6df4b7a",
"type": "aggregation",
"filter": null,
"filters": [],
"timerange": null,
"query": null,
"streams": [],
"config": {
"visualization": "numeric",
"column_limit": null,
"event_annotation": false,
"row_limit": null,
"row_pivots": [],
"series": [
{
"config": {
"name": "Message Count"
},
"function": "count()"
}
],
"rollup": false,
"column_pivots": [],
"visualization_config": null,
"formatting_settings": null,
"sort": []
}
}
],
"widget_mapping": {
"7b79f417-8a70-4f31-a568-b1e0e31d4544": [
"d0ab1285-b941-4c60-b43b-b9942a2247b9"
],
"b0a7055e-2609-433a-a540-508e7fd57510": [
"0c9a4d1e-5744-4285-a7fa-d72da43e5b3e"
],
"9df70ca4-16b2-4b07-942a-4bb3c6df4b7a": [
"3a5e7b12-a804-4324-bb5f-b76cc86a8474"
]
},
"positions": {
"7b79f417-8a70-4f31-a568-b1e0e31d4544": {
"col": 1,
"row": 1,
"height": 2,
"width": 9
},
"b0a7055e-2609-433a-a540-508e7fd57510": {
"col": 1,
"row": 3,
"height": 6,
"width": "Infinity"
},
"9df70ca4-16b2-4b07-942a-4bb3c6df4b7a": {
"col": 10,
"row": 1,
"height": 2,
"width": 3
}
},
"formatting": {
"highlighting": []
},
"display_mode_settings": {
"positions": {}
}
}
},
"properties": [],
"owner": "admin@lab.lan",
"title": {
"@type": "string",
"@value": "Filtered Firewall"
},
"type": "SEARCH",
"description": {
"@type": "string",
"@value": ""
}
},
"constraints": [
{
"type": "server-version",
"version": ">=5.0.0"
}
]
},
{
"v": "1",
"type": {
"name": "stream",
"version": "1"
},
"id": "bb2e8459-5417-4714-b1fe-b3b30067138f",
"data": {
"alarm_callbacks": [],
"outputs": [],
"remove_matches": {
"@type": "boolean",
"@value": true
},
"title": {
"@type": "string",
"@value": "Firewall"
},
"stream_rules": [
{
"type": {
"@type": "string",
"@value": "EXACT"
},
"field": {
"@type": "string",
"@value": "source"
},
"value": {
"@type": "string",
"@value": "firewall.lab.lan"
},
"inverted": {
"@type": "boolean",
"@value": false
},
"description": {
"@type": "string",
"@value": ""
}
}
],
"alert_conditions": [],
"matching_type": {
"@type": "string",
"@value": "OR"
},
"disabled": {
"@type": "boolean",
"@value": false
},
"description": {
"@type": "string",
"@value": "Contient les messages des firewalls"
},
"default_stream": {
"@type": "boolean",
"@value": false
}
},
"constraints": [
{
"type": "server-version",
"version": ">=5.0.0"
}
]
},
{
"v": "1",
"type": {
"name": "dashboard",
"version": "2"
},
"id": "8569b0f5-0e62-492f-9468-7b2613fc204c",
"data": {
"summary": {
"@type": "string",
"@value": "Statistiques firewall du jour et J-1"
},
"search": {
"queries": [
{
"id": "ac11ae01-44ed-4210-a517-678f583e9637",
"timerange": {
"from": 300,
"type": "relative"
},
"filters": [],
"query": {
"type": "elasticsearch",
"query_string": ""
},
"search_types": [
{
"query": {
"type": "elasticsearch",
"query_string": ""
},
"name": "chart",
"timerange": {
"keyword": "today",
"timezone": "Europe/Paris",
"type": "keyword"
},
"column_limit": null,
"streams": [],
"row_limit": null,
"series": [
{
"type": "count",
"id": "count(action)",
"field": "action"
}
],
"filter": null,
"rollup": true,
"row_groups": [
{
"type": "values",
"fields": [
"action"
],
"limit": 5,
"skip_empty_values": false
}
],
"type": "pivot",
"id": "5b3c4f98-df87-47f8-ba12-38853b062e01",
"filters": [],
"column_groups": [],
"sort": []
},
{
"query": {
"type": "elasticsearch",
"query_string": ""
},
"name": "chart",
"timerange": {
"keyword": "today",
"timezone": "UTC",
"type": "keyword"
},
"column_limit": null,
"streams": [],
"row_limit": null,
"series": [
{
"type": "count",
"id": "count(dstname)",
"field": "dstname"
}
],
"filter": null,
"rollup": true,
"row_groups": [
{
"type": "values",
"fields": [
"dstname",
"dst"
],
"limit": 20,
"skip_empty_values": false
}
],
"type": "pivot",
"id": "76b14e2b-57c1-4bfb-b156-018b85387602",
"filters": [],
"column_groups": [],
"sort": []
},
{
"query": {
"type": "elasticsearch",
"query_string": "source:gw\\-wan.iss.lan"
},
"name": "chart",
"timerange": {
"keyword": "today",
"timezone": "UTC",
"type": "keyword"
},
"column_limit": null,
"streams": [],
"row_limit": null,
"series": [
{
"type": "count",
"id": "count()",
"field": null
}
],
"filter": null,
"rollup": true,
"row_groups": [
{
"type": "values",
"fields": [
"logtype"
],
"limit": 15,
"skip_empty_values": false
}
],
"type": "pivot",
"id": "93613617-ecb7-449d-a42f-dcd0ca10a031",
"filters": [],
"column_groups": [],
"sort": []
},
{
"query": {
"type": "elasticsearch",
"query_string": ""
},
"name": "chart",
"timerange": {
"keyword": "today",
"timezone": "Europe/Paris",
"type": "keyword"
},
"column_limit": null,
"streams": [],
"row_limit": null,
"series": [
{
"type": "count",
"id": "count(msg)",
"field": "msg"
}
],
"filter": null,
"rollup": true,
"row_groups": [
{
"type": "values",
"fields": [
"msg"
],
"limit": 15,
"skip_empty_values": false
}
],
"type": "pivot",
"id": "e1ffedee-4ec0-4d8d-9748-362a71c71af9",
"filters": [],
"column_groups": [],
"sort": []
},
{
"query": {
"type": "elasticsearch",
"query_string": "source:gw\\-wan.iss.lan"
},
"name": "chart",
"timerange": {
"keyword": "today",
"timezone": "UTC",
"type": "keyword"
},
"column_limit": null,
"streams": [],
"row_limit": null,
"series": [
{
"type": "count",
"id": "Message Count",
"field": null
}
],
"filter": null,
"rollup": true,
"row_groups": [
{
"type": "time",
"fields": [
"timestamp"
],
"interval": {
"type": "auto",
"scaling": 1
}
}
],
"type": "pivot",
"id": "65211b6e-0aa5-4e96-939a-c49d96c4c6da",
"filters": [],
"column_groups": [],
"sort": []
}
]
},
{
"id": "8c282270-03d2-450a-bb4f-629013185d90",
"timerange": {
"from": 300,
"type": "relative"
},
"filters": [],
"query": {
"type": "elasticsearch",
"query_string": ""
},
"search_types": [
{
"query": {
"type": "elasticsearch",
"query_string": ""
},
"name": "chart",
"timerange": {
"keyword": "yesterday",
"timezone": "Europe/Paris",
"type": "keyword"
},
"column_limit": null,
"streams": [],
"row_limit": null,
"series": [
{
"type": "count",
"id": "count(firewall_action)",
"field": "firewall_action"
}
],
"filter": null,
"rollup": true,
"row_groups": [
{
"type": "values",
"fields": [
"action"
],
"limit": 5,
"skip_empty_values": false
}
],
"type": "pivot",
"id": "2dea7ebc-6305-4112-a9e4-b9cc354f4b3d",
"filters": [],
"column_groups": [],
"sort": []
},
{
"query": {
"type": "elasticsearch",
"query_string": "source:gw\\-wan.iss.lan"
},
"name": "chart",
"timerange": {
"keyword": "yesterday",
"timezone": "UTC",
"type": "keyword"
},
"column_limit": null,
"streams": [],
"row_limit": null,
"series": [
{
"type": "count",
"id": "count()",
"field": null
}
],
"filter": null,
"rollup": true,
"row_groups": [
{
"type": "values",
"fields": [
"logtype"
],
"limit": 15,
"skip_empty_values": false
}
],
"type": "pivot",
"id": "88092e8e-66d8-4c15-9036-5f0f65c2eb4d",
"filters": [],
"column_groups": [],
"sort": []
},
{
"query": {
"type": "elasticsearch",
"query_string": "source:gw\\-wan.iss.lan"
},
"name": "chart",
"timerange": {
"keyword": "yesterday",
"timezone": "UTC",
"type": "keyword"
},
"column_limit": null,
"streams": [],
"row_limit": null,
"series": [
{
"type": "count",
"id": "Message Count",
"field": null
}
],
"filter": null,
"rollup": true,
"row_groups": [
{
"type": "time",
"fields": [
"timestamp"
],
"interval": {
"type": "auto",
"scaling": 1
}
}
],
"type": "pivot",
"id": "a7fe76d2-fa8d-4118-9d1d-905a5e3c7b9a",
"filters": [],
"column_groups": [],
"sort": []
},
{
"query": {
"type": "elasticsearch",
"query_string": ""
},
"name": "chart",
"timerange": {
"keyword": "yesterday",
"timezone": "Europe/Paris",
"type": "keyword"
},
"column_limit": null,
"streams": [],
"row_limit": null,
"series": [
{
"type": "count",
"id": "count(msg)",
"field": "msg"
}
],
"filter": null,
"rollup": true,
"row_groups": [
{
"type": "values",
"fields": [
"msg"
],
"limit": 50,
"skip_empty_values": false
}
],
"type": "pivot",
"id": "817c9da4-3cc0-455f-9d11-3692652f36ca",
"filters": [],
"column_groups": [],
"sort": []
},
{
"query": {
"type": "elasticsearch",
"query_string": "source:gw\\-wan.iss.lan"
},
"name": "chart",
"timerange": {
"keyword": "yesterday",
"timezone": "UTC",
"type": "keyword"
},
"column_limit": null,
"streams": [],
"row_limit": null,
"series": [
{
"type": "count",
"id": "count(dstname)",
"field": "dstname"
}
],
"filter": null,
"rollup": true,
"row_groups": [
{
"type": "values",
"fields": [
"dstname",
"dst"
],
"limit": 15,
"skip_empty_values": false
}
],
"type": "pivot",
"id": "0f4ae16e-ceb6-4ffe-95b4-ef33ce8ec191",
"filters": [],
"column_groups": [],
"sort": []
}
]
},
{
"id": "da65c808-ef9f-4103-8655-4cc9ecbd0998",
"timerange": {
"from": 300,
"type": "relative"
},
"filters": [],
"query": {
"type": "elasticsearch",
"query_string": ""
},
"search_types": [
{
"query": {
"type": "elasticsearch",
"query_string": "source:gw\\-wan.iss.lan"
},
"name": "chart",
"timerange": {
"keyword": "last week",
"timezone": "Europe/Paris",
"type": "keyword"
},
"column_limit": null,
"streams": [],
"row_limit": null,
"series": [
{
"type": "count",
"id": "count()",
"field": null
}
],
"filter": null,
"rollup": true,
"row_groups": [
{
"type": "values",
"fields": [
"logtype"
],
"limit": 15,
"skip_empty_values": false
}
],
"type": "pivot",
"id": "0a499e47-a896-45b5-99e1-4e8f3bd0b00f",
"filters": [],
"column_groups": [],
"sort": []
},
{
"query": {
"type": "elasticsearch",
"query_string": ""
},
"name": "chart",
"timerange": {
"keyword": "last week",
"timezone": "Europe/Paris",
"type": "keyword"
},
"column_limit": null,
"streams": [],
"row_limit": null,
"series": [
{
"type": "count",
"id": "count(firewall_action)",
"field": "firewall_action"
}
],
"filter": null,
"rollup": true,
"row_groups": [
{
"type": "values",
"fields": [
"action"
],
"limit": 5,
"skip_empty_values": false
}
],
"type": "pivot",
"id": "5a901b5b-4aef-4963-ba86-30c7156ca513",
"filters": [],
"column_groups": [],
"sort": []
},
{
"query": {
"type": "elasticsearch",
"query_string": ""
},
"name": "chart",
"timerange": {
"keyword": "last week",
"timezone": "Europe/Paris",
"type": "keyword"
},
"column_limit": null,
"streams": [],
"row_limit": null,
"series": [
{
"type": "count",
"id": "count(msg)",
"field": "msg"
}
],
"filter": null,
"rollup": true,
"row_groups": [
{
"type": "values",
"fields": [
"msg"
],
"limit": 50,
"skip_empty_values": false
}
],
"type": "pivot",
"id": "2e1ca104-eeb4-4288-8c08-f841380237f7",
"filters": [],
"column_groups": [],
"sort": []
},
{
"query": {
"type": "elasticsearch",
"query_string": "source:gw\\-wan.iss.lan"
},
"name": "chart",
"timerange": {
"keyword": "last week",
"timezone": "Europe/Paris",
"type": "keyword"
},
"column_limit": null,
"streams": [],
"row_limit": null,
"series": [
{
"type": "count",
"id": "count(dstname)",
"field": "dstname"
}
],
"filter": null,
"rollup": true,
"row_groups": [
{
"type": "values",
"fields": [
"dstname",
"dst"
],
"limit": 15,
"skip_empty_values": false
}
],
"type": "pivot",
"id": "ae014cc8-9aff-48e6-872a-2cc50286f42f",
"filters": [],
"column_groups": [],
"sort": []
},
{
"query": {
"type": "elasticsearch",
"query_string": "source:gw\\-wan.iss.lan"
},
"name": "chart",
"timerange": {
"keyword": "last week",
"timezone": "Europe/Paris",
"type": "keyword"
},
"column_limit": null,
"streams": [],
"row_limit": null,
"series": [
{
"type": "count",
"id": "Message Count",
"field": null
}
],
"filter": null,
"rollup": true,
"row_groups": [
{
"type": "time",
"fields": [
"timestamp"
],
"interval": {
"type": "auto",
"scaling": 1
}
}
],
"type": "pivot",
"id": "7585cb3d-8329-4208-9bd0-2dfe0be4749f",
"filters": [],
"column_groups": [],
"sort": []
}
]
},
{
"id": "e426e126-316c-4cdd-a515-7984bd18b865",
"timerange": {
"from": 300,
"type": "relative"
},
"filters": [],
"query": {
"type": "elasticsearch",
"query_string": ""
},
"search_types": [
{
"query": {
"type": "elasticsearch",
"query_string": ""
},
"name": "chart",
"timerange": {
"from": 300,
"type": "relative"
},
"column_limit": null,
"streams": [
"bb2e8459-5417-4714-b1fe-b3b30067138f"
],
"row_limit": null,
"series": [
{
"type": "count",
"id": "Message Count",
"field": null
}
],
"filter": null,
"rollup": true,
"row_groups": [],
"type": "pivot",
"id": "81b275ca-d62f-4cd2-83ad-1b57b55b66da",
"filters": [],
"column_groups": [],
"sort": []
},
{
"query": {
"type": "elasticsearch",
"query_string": ""
},
"name": null,
"timerange": {
"from": 300,
"type": "relative"
},
"offset": 0,
"streams": [
"bb2e8459-5417-4714-b1fe-b3b30067138f"
],
"filter": null,
"decorators": [],
"type": "messages",
"id": "9d1a5b48-0688-453e-a7f4-f344b6cbd5c7",
"limit": 150,
"filters": []
},
{
"query": {
"type": "elasticsearch",
"query_string": ""
},
"name": "chart",
"timerange": {
"from": 300,
"type": "relative"
},
"column_limit": null,
"streams": [
"bb2e8459-5417-4714-b1fe-b3b30067138f"
],
"row_limit": null,
"series": [
{
"type": "count",
"id": "count()",
"field": null
}
],
"filter": null,
"rollup": true,
"row_groups": [
{
"type": "time",
"fields": [
"timestamp"
],
"interval": {
"type": "auto",
"scaling": 1
}
}
],
"type": "pivot",
"id": "42095d3d-a3d6-4de5-ab10-391b9b66ae07",
"filters": [],
"column_groups": [],
"sort": []
}
]
}
],
"parameters": [],
"requires": {},
"owner": "adm.lebrun@iss.lan",
"created_at": "2023-09-27T07:56:21.020Z"
},
"created_at": "2023-06-09T12:36:32.821Z",
"requires": {},
"state": {
"ac11ae01-44ed-4210-a517-678f583e9637": {
"selected_fields": null,
"static_message_list_id": null,
"titles": {
"widget": {
"f0836b3b-d347-4563-b3ad-aafba158394b": "Messages sur la durée",
"2973b6c3-c907-4a48-98b5-d3e17e508e26": "Types d'évenements",
"725582f1-2369-4e09-b358-e1f4a0775cb9": "Domaines consultés",
"0610f7ac-3735-4f79-b405-c9cec7bd7cb9": "Types d'évenements",
"2c81434f-eb8b-4d92-81fe-14caa007e096": "Messages",
"50572acf-7523-4b84-b0d0-479648a4ce16": "Actions"
},
"tab": {
"title": "Aujourd'hui"
}
},
"widgets": [
{
"id": "50572acf-7523-4b84-b0d0-479648a4ce16",
"type": "aggregation",
"filter": null,
"filters": [],
"timerange": {
"keyword": "today",
"timezone": "Europe/Paris",
"type": "keyword"
},
"query": {
"type": "elasticsearch",
"query_string": ""
},
"streams": [],
"config": {
"visualization": "pie",
"column_limit": null,
"event_annotation": false,
"row_limit": 5,
"row_pivots": [
{
"fields": [
"action"
],
"type": "values",
"config": {
"limit": 5
}
}
],
"series": [
{
"config": {
"name": null
},
"function": "count(action)"
}
],
"rollup": false,
"column_pivots": [],
"visualization_config": null,
"formatting_settings": {
"chart_colors": [
{
"field_name": "pass",
"chart_color": "#33691e"
},
{
"field_name": "block",
"chart_color": "#b71c1c"
}
]
},
"sort": []
}
},
{
"id": "2973b6c3-c907-4a48-98b5-d3e17e508e26",
"type": "aggregation",
"filter": null,
"filters": [],
"timerange": {
"keyword": "today",
"timezone": "UTC",
"type": "keyword"
},
"query": {
"type": "elasticsearch",
"query_string": "source:gw\\-wan.iss.lan"
},
"streams": [],
"config": {
"visualization": "pie",
"column_limit": null,
"event_annotation": false,
"row_limit": 15,
"row_pivots": [
{
"fields": [
"logtype"
],
"type": "values",
"config": {
"limit": 15
}
}
],
"series": [
{
"config": {
"name": null
},
"function": "count()"
}
],
"rollup": false,
"column_pivots": [],
"visualization_config": null,
"formatting_settings": {
"chart_colors": [
{
"field_name": "count()",
"chart_color": "#b71c1c"
}
]
},
"sort": []
}
},
{
"id": "725582f1-2369-4e09-b358-e1f4a0775cb9",
"type": "aggregation",
"filter": null,
"filters": [],
"timerange": {
"keyword": "today",
"timezone": "UTC",
"type": "keyword"
},
"query": {
"type": "elasticsearch",
"query_string": ""
},
"streams": [],
"config": {
"visualization": "bar",
"column_limit": null,
"event_annotation": false,
"row_limit": 20,
"row_pivots": [
{
"fields": [
"dstname",
"dst"
],
"type": "values",
"config": {
"limit": 20
}
}
],
"series": [
{
"config": {
"name": ""
},
"function": "count(dstname)"
}
],
"rollup": false,
"column_pivots": [],
"visualization_config": {
"barmode": "group",
"axis_type": "linear"
},
"formatting_settings": null,
"sort": []
}
},
{
"id": "f0836b3b-d347-4563-b3ad-aafba158394b",
"type": "aggregation",
"filter": null,
"filters": [],
"timerange": {
"keyword": "today",
"timezone": "UTC",
"type": "keyword"
},
"query": {
"type": "elasticsearch",
"query_string": "source:gw\\-wan.iss.lan"
},
"streams": [],
"config": {
"visualization": "line",
"column_limit": null,
"event_annotation": false,
"row_limit": null,
"row_pivots": [
{
"fields": [
"timestamp"
],
"type": "time",
"config": {
"interval": {
"type": "auto",
"scaling": 1
}
}
}
],
"series": [
{
"config": {
"name": "Message Count"
},
"function": "count()"
}
],
"rollup": false,
"column_pivots": [],
"visualization_config": {
"interpolation": "linear",
"axis_type": "linear"
},
"formatting_settings": null,
"sort": []
}
},
{
"id": "2c81434f-eb8b-4d92-81fe-14caa007e096",
"type": "aggregation",
"filter": null,
"filters": [],
"timerange": {
"keyword": "today",
"timezone": "Europe/Paris",
"type": "keyword"
},
"query": {
"type": "elasticsearch",
"query_string": ""
},
"streams": [],
"config": {
"visualization": "pie",
"column_limit": null,
"event_annotation": false,
"row_limit": 15,
"row_pivots": [
{
"fields": [
"msg"
],
"type": "values",
"config": {
"limit": 15
}
}
],
"series": [
{
"config": {
"name": null
},
"function": "count(msg)"
}
],
"rollup": false,
"column_pivots": [],
"visualization_config": null,
"formatting_settings": {
"chart_colors": [
{
"field_name": "count(firewall_msglog)",
"chart_color": "#7240a3"
}
]
},
"sort": []
}
}
],
"widget_mapping": {
"2973b6c3-c907-4a48-98b5-d3e17e508e26": [
"93613617-ecb7-449d-a42f-dcd0ca10a031"
],
"2c81434f-eb8b-4d92-81fe-14caa007e096": [
"e1ffedee-4ec0-4d8d-9748-362a71c71af9"
],
"50572acf-7523-4b84-b0d0-479648a4ce16": [
"5b3c4f98-df87-47f8-ba12-38853b062e01"
],
"f0836b3b-d347-4563-b3ad-aafba158394b": [
"65211b6e-0aa5-4e96-939a-c49d96c4c6da"
],
"725582f1-2369-4e09-b358-e1f4a0775cb9": [
"76b14e2b-57c1-4bfb-b156-018b85387602"
]
},
"positions": {
"2973b6c3-c907-4a48-98b5-d3e17e508e26": {
"col": 7,
"row": 1,
"height": 3,
"width": 4
},
"2c81434f-eb8b-4d92-81fe-14caa007e096": {
"col": 7,
"row": 4,
"height": 4,
"width": 6
},
"50572acf-7523-4b84-b0d0-479648a4ce16": {
"col": 11,
"row": 1,
"height": 3,
"width": 2
},
"725582f1-2369-4e09-b358-e1f4a0775cb9": {
"col": 1,
"row": 4,
"height": 4,
"width": 6
},
"f0836b3b-d347-4563-b3ad-aafba158394b": {
"col": 1,
"row": 1,
"height": 3,
"width": 6
}
},
"formatting": {
"highlighting": []
},
"display_mode_settings": {
"positions": {}
}
},
"8c282270-03d2-450a-bb4f-629013185d90": {
"selected_fields": null,
"static_message_list_id": null,
"titles": {
"widget": {
"2f642aeb-6016-4b6b-bc59-2e493e5dd4a8": "Messages sur la durée",
"428b996b-3c3c-4320-b699-cf77a2dff09f": "Types d'évenements",
"5fb19c54-703c-443d-ba53-20fa817caddd": "Domaines consultés",
"d7b16c7f-cdfe-421f-87e1-5d4dc147e4d4": "Types d'évenements",
"552d95d1-675c-4bb7-8c59-d4ee7b2351f1": "Messages",
"a92344cd-38c2-43f5-8db3-4ce4dd36683b": "Actions"
},
"tab": {
"title": "Hier"
}
},
"widgets": [
{
"id": "a92344cd-38c2-43f5-8db3-4ce4dd36683b",
"type": "aggregation",
"filter": null,
"filters": [],
"timerange": {
"keyword": "yesterday",
"timezone": "Europe/Paris",
"type": "keyword"
},
"query": {
"type": "elasticsearch",
"query_string": ""
},
"streams": [],
"config": {
"visualization": "pie",
"column_limit": null,
"event_annotation": false,
"row_limit": 5,
"row_pivots": [
{
"fields": [
"action"
],
"type": "values",
"config": {
"limit": 5
}
}
],
"series": [
{
"config": {
"name": null
},
"function": "count(firewall_action)"
}
],
"rollup": false,
"column_pivots": [],
"visualization_config": null,
"formatting_settings": {
"chart_colors": [
{
"field_name": "pass",
"chart_color": "#33691e"
},
{
"field_name": "block",
"chart_color": "#b71c1c"
}
]
},
"sort": []
}
},
{
"id": "428b996b-3c3c-4320-b699-cf77a2dff09f",
"type": "aggregation",
"filter": null,
"filters": [],
"timerange": {
"keyword": "yesterday",
"timezone": "UTC",
"type": "keyword"
},
"query": {
"type": "elasticsearch",
"query_string": "source:gw\\-wan.iss.lan"
},
"streams": [],
"config": {
"visualization": "pie",
"column_limit": null,
"event_annotation": false,
"row_limit": 15,
"row_pivots": [
{
"fields": [
"logtype"
],
"type": "values",
"config": {
"limit": 15
}
}
],
"series": [
{
"config": {
"name": null
},
"function": "count()"
}
],
"rollup": false,
"column_pivots": [],
"visualization_config": null,
"formatting_settings": null,
"sort": []
}
},
{
"id": "2f642aeb-6016-4b6b-bc59-2e493e5dd4a8",
"type": "aggregation",
"filter": null,
"filters": [],
"timerange": {
"keyword": "yesterday",
"timezone": "UTC",
"type": "keyword"
},
"query": {
"type": "elasticsearch",
"query_string": "source:gw\\-wan.iss.lan"
},
"streams": [],
"config": {
"visualization": "line",
"column_limit": null,
"event_annotation": false,
"row_limit": null,
"row_pivots": [
{
"fields": [
"timestamp"
],
"type": "time",
"config": {
"interval": {
"type": "auto",
"scaling": 1
}
}
}
],
"series": [
{
"config": {
"name": "Message Count"
},
"function": "count()"
}
],
"rollup": false,
"column_pivots": [],
"visualization_config": {
"interpolation": "linear",
"axis_type": "linear"
},
"formatting_settings": null,
"sort": []
}
},
{
"id": "552d95d1-675c-4bb7-8c59-d4ee7b2351f1",
"type": "aggregation",
"filter": null,
"filters": [],
"timerange": {
"keyword": "yesterday",
"timezone": "Europe/Paris",
"type": "keyword"
},
"query": {
"type": "elasticsearch",
"query_string": ""
},
"streams": [],
"config": {
"visualization": "pie",
"column_limit": null,
"event_annotation": false,
"row_limit": 50,
"row_pivots": [
{
"fields": [
"msg"
],
"type": "values",
"config": {
"limit": 50
}
}
],
"series": [
{
"config": {
"name": null
},
"function": "count(msg)"
}
],
"rollup": false,
"column_pivots": [],
"visualization_config": null,
"formatting_settings": {
"chart_colors": [
{
"field_name": "count(firewall_msglog)",
"chart_color": "#7240a3"
}
]
},
"sort": []
}
},
{
"id": "5fb19c54-703c-443d-ba53-20fa817caddd",
"type": "aggregation",
"filter": null,
"filters": [],
"timerange": {
"keyword": "yesterday",
"timezone": "UTC",
"type": "keyword"
},
"query": {
"type": "elasticsearch",
"query_string": "source:gw\\-wan.iss.lan"
},
"streams": [],
"config": {
"visualization": "bar",
"column_limit": null,
"event_annotation": false,
"row_limit": 15,
"row_pivots": [
{
"fields": [
"dstname",
"dst"
],
"type": "values",
"config": {
"limit": 15
}
}
],
"series": [
{
"config": {
"name": null
},
"function": "count(dstname)"
}
],
"rollup": false,
"column_pivots": [],
"visualization_config": {
"barmode": "group",
"axis_type": "linear"
},
"formatting_settings": null,
"sort": []
}
}
],
"widget_mapping": {
"552d95d1-675c-4bb7-8c59-d4ee7b2351f1": [
"817c9da4-3cc0-455f-9d11-3692652f36ca"
],
"428b996b-3c3c-4320-b699-cf77a2dff09f": [
"88092e8e-66d8-4c15-9036-5f0f65c2eb4d"
],
"5fb19c54-703c-443d-ba53-20fa817caddd": [
"0f4ae16e-ceb6-4ffe-95b4-ef33ce8ec191"
],
"2f642aeb-6016-4b6b-bc59-2e493e5dd4a8": [
"a7fe76d2-fa8d-4118-9d1d-905a5e3c7b9a"
],
"a92344cd-38c2-43f5-8db3-4ce4dd36683b": [
"2dea7ebc-6305-4112-a9e4-b9cc354f4b3d"
]
},
"positions": {
"2f642aeb-6016-4b6b-bc59-2e493e5dd4a8": {
"col": 1,
"row": 1,
"height": 3,
"width": 6
},
"552d95d1-675c-4bb7-8c59-d4ee7b2351f1": {
"col": 7,
"row": 4,
"height": 4,
"width": 6
},
"428b996b-3c3c-4320-b699-cf77a2dff09f": {
"col": 7,
"row": 1,
"height": 3,
"width": 4
},
"5fb19c54-703c-443d-ba53-20fa817caddd": {
"col": 1,
"row": 4,
"height": 4,
"width": 6
},
"a92344cd-38c2-43f5-8db3-4ce4dd36683b": {
"col": 11,
"row": 1,
"height": 3,
"width": 2
}
},
"formatting": {
"highlighting": []
},
"display_mode_settings": {
"positions": {}
}
},
"e426e126-316c-4cdd-a515-7984bd18b865": {
"selected_fields": null,
"static_message_list_id": null,
"titles": {
"widget": {
"832ac909-5d22-4628-8911-9e03c93f3d8b": "All Messages",
"fcf3d55a-5ba6-4cf1-b38c-3bd869ebea09": "Message Count"
},
"tab": {
"title": "Basic Info"
}
},
"widgets": [
{
"id": "da6f10c2-c1df-462b-80d3-def2f279f9d3",
"type": "aggregation",
"filter": null,
"filters": [],
"timerange": {
"from": 300,
"type": "relative"
},
"query": {
"type": "elasticsearch",
"query_string": ""
},
"streams": [
"bb2e8459-5417-4714-b1fe-b3b30067138f"
],
"config": {
"visualization": "numeric",
"column_limit": null,
"event_annotation": false,
"row_limit": null,
"row_pivots": [],
"series": [
{
"config": {
"name": "Message Count"
},
"function": "count()"
}
],
"rollup": false,
"column_pivots": [],
"visualization_config": null,
"formatting_settings": null,
"sort": []
}
},
{
"id": "832ac909-5d22-4628-8911-9e03c93f3d8b",
"type": "messages",
"filter": null,
"filters": [],
"timerange": {
"from": 300,
"type": "relative"
},
"query": {
"type": "elasticsearch",
"query_string": ""
},
"streams": [
"bb2e8459-5417-4714-b1fe-b3b30067138f"
],
"config": {
"fields": [
"timestamp",
"src",
"srcport",
"srcname",
"user",
"dst",
"dstname",
"dstportname",
"dstport",
"ipproto",
"action",
"rulename",
"logtype"
],
"show_message_row": false,
"show_summary": false,
"decorators": [],
"sort": [
{
"type": "pivot",
"field": "timestamp",
"direction": "Descending"
}
]
}
},
{
"id": "fcf3d55a-5ba6-4cf1-b38c-3bd869ebea09",
"type": "aggregation",
"filter": null,
"filters": [],
"timerange": {
"from": 300,
"type": "relative"
},
"query": {
"type": "elasticsearch",
"query_string": ""
},
"streams": [
"bb2e8459-5417-4714-b1fe-b3b30067138f"
],
"config": {
"visualization": "bar",
"column_limit": null,
"event_annotation": false,
"row_limit": null,
"row_pivots": [
{
"fields": [
"timestamp"
],
"type": "time",
"config": {
"interval": {
"type": "auto",
"scaling": 1
}
}
}
],
"series": [
{
"config": {
"name": null
},
"function": "count()"
}
],
"rollup": true,
"column_pivots": [],
"visualization_config": null,
"formatting_settings": null,
"sort": []
}
}
],
"widget_mapping": {
"fcf3d55a-5ba6-4cf1-b38c-3bd869ebea09": [
"42095d3d-a3d6-4de5-ab10-391b9b66ae07"
],
"832ac909-5d22-4628-8911-9e03c93f3d8b": [
"9d1a5b48-0688-453e-a7f4-f344b6cbd5c7"
],
"da6f10c2-c1df-462b-80d3-def2f279f9d3": [
"81b275ca-d62f-4cd2-83ad-1b57b55b66da"
]
},
"positions": {
"fcf3d55a-5ba6-4cf1-b38c-3bd869ebea09": {
"col": 1,
"row": 1,
"height": 2,
"width": 9
},
"832ac909-5d22-4628-8911-9e03c93f3d8b": {
"col": 1,
"row": 3,
"height": 6,
"width": "Infinity"
},
"da6f10c2-c1df-462b-80d3-def2f279f9d3": {
"col": 10,
"row": 1,
"height": 2,
"width": 3
}
},
"formatting": {
"highlighting": []
},
"display_mode_settings": {
"positions": {}
}
},
"da65c808-ef9f-4103-8655-4cc9ecbd0998": {
"selected_fields": null,
"static_message_list_id": null,
"titles": {
"widget": {
"3688c0e4-a75e-4b36-a41b-585180dc4fc6": "Messages sur la durée",
"61bbee94-7755-4f98-96af-7a10b66c509c": "Types d'évenements",
"53c97b41-bb58-465b-a326-6b1d748fdec5": "Domaines consultés",
"undefined": "Types d'évenements",
"c7a2fdce-1004-437f-b80f-822ad67f3742": "Messages",
"257d72ff-0f36-4daf-b749-b088d93fe7e1": "Actions"
},
"tab": {
"title": "Semaine dernière"
}
},
"widgets": [
{
"id": "61bbee94-7755-4f98-96af-7a10b66c509c",
"type": "aggregation",
"filter": null,
"filters": [],
"timerange": {
"keyword": "last week",
"timezone": "Europe/Paris",
"type": "keyword"
},
"query": {
"type": "elasticsearch",
"query_string": "source:gw\\-wan.iss.lan"
},
"streams": [],
"config": {
"visualization": "pie",
"column_limit": null,
"event_annotation": false,
"row_limit": 15,
"row_pivots": [
{
"fields": [
"logtype"
],
"type": "values",
"config": {
"limit": 15
}
}
],
"series": [
{
"config": {
"name": null
},
"function": "count()"
}
],
"rollup": false,
"column_pivots": [],
"visualization_config": null,
"formatting_settings": null,
"sort": []
}
},
{
"id": "c7a2fdce-1004-437f-b80f-822ad67f3742",
"type": "aggregation",
"filter": null,
"filters": [],
"timerange": {
"keyword": "last week",
"timezone": "Europe/Paris",
"type": "keyword"
},
"query": {
"type": "elasticsearch",
"query_string": ""
},
"streams": [],
"config": {
"visualization": "pie",
"column_limit": null,
"event_annotation": false,
"row_limit": 50,
"row_pivots": [
{
"fields": [
"msg"
],
"type": "values",
"config": {
"limit": 50
}
}
],
"series": [
{
"config": {
"name": null
},
"function": "count(msg)"
}
],
"rollup": false,
"column_pivots": [],
"visualization_config": null,
"formatting_settings": {
"chart_colors": [
{
"field_name": "count(firewall_msglog)",
"chart_color": "#7240a3"
}
]
},
"sort": []
}
},
{
"id": "53c97b41-bb58-465b-a326-6b1d748fdec5",
"type": "aggregation",
"filter": null,
"filters": [],
"timerange": {
"keyword": "last week",
"timezone": "Europe/Paris",
"type": "keyword"
},
"query": {
"type": "elasticsearch",
"query_string": "source:gw\\-wan.iss.lan"
},
"streams": [],
"config": {
"visualization": "bar",
"column_limit": null,
"event_annotation": false,
"row_limit": 15,
"row_pivots": [
{
"fields": [
"dstname",
"dst"
],
"type": "values",
"config": {
"limit": 15
}
}
],
"series": [
{
"config": {
"name": null
},
"function": "count(dstname)"
}
],
"rollup": false,
"column_pivots": [],
"visualization_config": {
"barmode": "group",
"axis_type": "linear"
},
"formatting_settings": null,
"sort": []
}
},
{
"id": "3688c0e4-a75e-4b36-a41b-585180dc4fc6",
"type": "aggregation",
"filter": null,
"filters": [],
"timerange": {
"keyword": "last week",
"timezone": "Europe/Paris",
"type": "keyword"
},
"query": {
"type": "elasticsearch",
"query_string": "source:gw\\-wan.iss.lan"
},
"streams": [],
"config": {
"visualization": "line",
"column_limit": null,
"event_annotation": false,
"row_limit": null,
"row_pivots": [
{
"fields": [
"timestamp"
],
"type": "time",
"config": {
"interval": {
"type": "auto",
"scaling": 1
}
}
}
],
"series": [
{
"config": {
"name": "Message Count"
},
"function": "count()"
}
],
"rollup": false,
"column_pivots": [],
"visualization_config": {
"interpolation": "linear",
"axis_type": "linear"
},
"formatting_settings": null,
"sort": []
}
},
{
"id": "257d72ff-0f36-4daf-b749-b088d93fe7e1",
"type": "aggregation",
"filter": null,
"filters": [],
"timerange": {
"keyword": "last week",
"timezone": "Europe/Paris",
"type": "keyword"
},
"query": {
"type": "elasticsearch",
"query_string": ""
},
"streams": [],
"config": {
"visualization": "pie",
"column_limit": null,
"event_annotation": false,
"row_limit": 5,
"row_pivots": [
{
"fields": [
"action"
],
"type": "values",
"config": {
"limit": 5
}
}
],
"series": [
{
"config": {
"name": null
},
"function": "count(firewall_action)"
}
],
"rollup": false,
"column_pivots": [],
"visualization_config": null,
"formatting_settings": {
"chart_colors": [
{
"field_name": "pass",
"chart_color": "#33691e"
},
{
"field_name": "block",
"chart_color": "#b71c1c"
}
]
},
"sort": []
}
}
],
"widget_mapping": {
"c7a2fdce-1004-437f-b80f-822ad67f3742": [
"2e1ca104-eeb4-4288-8c08-f841380237f7"
],
"61bbee94-7755-4f98-96af-7a10b66c509c": [
"0a499e47-a896-45b5-99e1-4e8f3bd0b00f"
],
"53c97b41-bb58-465b-a326-6b1d748fdec5": [
"ae014cc8-9aff-48e6-872a-2cc50286f42f"
],
"3688c0e4-a75e-4b36-a41b-585180dc4fc6": [
"7585cb3d-8329-4208-9bd0-2dfe0be4749f"
],
"257d72ff-0f36-4daf-b749-b088d93fe7e1": [
"5a901b5b-4aef-4963-ba86-30c7156ca513"
]
},
"positions": {
"c7a2fdce-1004-437f-b80f-822ad67f3742": {
"col": 7,
"row": 4,
"height": 4,
"width": 6
},
"61bbee94-7755-4f98-96af-7a10b66c509c": {
"col": 7,
"row": 1,
"height": 3,
"width": 4
},
"53c97b41-bb58-465b-a326-6b1d748fdec5": {
"col": 1,
"row": 4,
"height": 4,
"width": 6
},
"3688c0e4-a75e-4b36-a41b-585180dc4fc6": {
"col": 1,
"row": 1,
"height": 3,
"width": 6
},
"257d72ff-0f36-4daf-b749-b088d93fe7e1": {
"col": 11,
"row": 1,
"height": 3,
"width": 2
}
},
"formatting": {
"highlighting": []
},
"display_mode_settings": {
"positions": {}
}
}
},
"properties": [],
"owner": "admin",
"title": {
"@type": "string",
"@value": "Stats Firewall "
},
"type": "DASHBOARD",
"description": {
"@type": "string",
"@value": ""
}
},
"constraints": [
{
"type": "server-version",
"version": ">=5.0.0"
}
]
},
{
"v": "1",
"type": {
"name": "pipeline_rule",
"version": "1"
},
"id": "a9bdfc77-506b-4e5e-94e2-3d867a13f5ce",
"data": {
"title": {
"@type": "string",
"@value": "Stormshield Parser"
},
"description": {
"@type": "string",
"@value": "Règle pipeline qui permet d'extraire les champ/valeur."
},
"source": {
"@type": "string",
"@value": "rule \"Stormshield Parser\"\n\nwhen\nhas_field(\"message\") AND contains(to_string($message.source),\"firewall.lab.lan\")\n\nthen\nset_fields(\n\t\tfields:\n\t\t\t\tkey_value(\n\t\t\t\t\tvalue: to_string($message.message),\n\t\t\t\t\ttrim_value_chars: \"\\\"\",\n\t\t\t\t\ttrim_key_chars:\"\",\n\t\t\t\t\tdelimiters:\" \",\n\t\t\t\t\tkv_delimiters:\"=\"\n\t\t\t\t\t)\n\t\t);\nend"
}
},
"constraints": [
{
"type": "server-version",
"version": ">=5.0.0"
}
]
}
]
}